An engineering organisation, four decades deep.
AmbiSecure is the embedded security and trust capability of the Ambimat Group. SIM-Auth — this site's flagship platform — is the team's telecom-focused authentication product: SIM/eSIM-resident authentication for banks, fintechs, government services, and enterprise identity, engineered for India-scale telecom integration. The same engineering depth that built it spans eSIM/eUICC architecture, Secure Element applets, embedded PKI, and IoT identity.
Where this platform sits
A structured view of the engineering organisation behind this site — Ambimat Group as parent, AmbiSecure as its embedded security and trust capability, and the SIM-Auth platform as the telecom-focused product surface.
Ambimat Group ↗
Parent engineering ecosystem. An established Indian engineering organisation with over four decades of work in hardware/software co-design, embedded systems, IoT, manufacturing, and certified product engineering for PSUs, enterprises, and connected-product companies.
Visit ambimat.com →AmbiSecure ↗
Embedded security & trust initiative of the Ambimat Group. FIDO authenticators, secure-element applets, hardware-backed authentication, and IoT identity systems for enterprise and connected platforms.
Visit ambisecure.ambimat.com →SIM-Auth Platform — this site
Telecom-focused capability platform inside AmbiSecure. eSIM/eUICC architecture, RSP and SM-DP+ engineering, embedded PKI for telecom-grade fleets, and operator sandbox collaboration. Standards-aware, non-production, validation-oriented.
Who we are
The SIM-Auth Platform is operated by the embedded engineering team at the Ambimat Group, under AmbiSecure — the Group's embedded security and trust initiative. Ambimat is an India-based engineering organisation with four-plus decades in embedded systems, hardware/software co-design, IoT, manufacturing, and certified product engineering for PSUs, enterprises, and connected-product companies.
The work documented on this site is focused on the substrate that connected devices rely on for identity: Secure Elements, eUICC silicon, applet engineering, embedded PKI, and the trust chains that connect them to operator networks and enterprise back-ends.
What we design for
Most failures in connected systems are not exploits — they are quiet identity failures. A device that ships with a shared credential, a back-end that cannot tell two devices apart, a provisioning step that delegates trust to an environment that doesn't deserve it. The architecture on this site is built to remove those quiet failures, not to add features on top of them.
Credibility in this space is earned by being reviewable, so we document architecture, applet states, key inventory, and assumptions — and we welcome the kind of evaluation a serious counterparty applies to a new vendor in this space.
How we engage
Engagement is narrow, sandbox-oriented, and inspectable.
- Documentation first. Architecture, applet states, key inventory, and threat model shared early — read before any code is exchanged.
- Bounded scope. Engagements proposed with defined inputs, outputs, and exit criteria.
- Operator-controlled environment. Validation runs inside infrastructure the operator controls, with operator-set boundaries and observability.
Engineering-to-product execution
Architecture is necessary but not sufficient. The same engineering substrate behind this initiative has designed, built, branded, and licensed a commercial product in an adjacent identity domain — Keyra, positioned publicly as "the identity trust layer of the internet." Adjacent domain, same engineering muscle. See the full Keyra case study for the framing and what it signals about product-lifecycle execution at the Ambimat Group.
Where we operate
The SIM-Auth Platform is operated by the Ambimat Group, headquartered in Ahmedabad, India. Scope is global where eSIM, eUICC, and embedded identity are relevant — with particular interest in collaboration with Indian telecom operators and ecosystem participants on India-localised infrastructure, sandbox access, and interoperability work. For the broader security capability this initiative is part of, see AmbiSecure.
Talk with the engineering team.
Operator, OEM, or enterprise team working on connected-device identity, embedded PKI, or eSIM/eUICC architecture — we'd be glad to walk our work and discuss scope.