Security Model

The Cryptnox Basic Wallet Card is built on a Common Criteria EAL6+ certified Secure Element,  providing resistance to both physical and logical attacks. All sensitive data exchanges are protected by a Secure Channel protocol, based on principles similar to GlobalPlatform SCP03, which ensures mutual authentication, confidentiality, and integrity through AES-256 encryption and CMAC-based message authentication codes.

Access to card functions is enforced through PIN and PUK-based control, with retry limits and delay mechanisms to prevent brute-force attacks. In addition to local authentication, users can optionally employ an external key, such as a TPM, Secure Enclave, or FIDO2 device, to authorize sensitive operations.

The design also supports a dual-card backup generation mode, allowing two cards to share identical seeds securely. This redundancy mechanism guarantees recoverability without ever exporting or revealing the private seed material outside the Secure Element.