Both FrostCard and Tangem use EAL6+ certified chips. But the composite security rating tells a different story. This page explains what the numbers actually mean, how the two architectures differ, and which is harder to compromise.
EAL stands for Evaluation Assurance Level. It's a grade from the Common Criteria — an international standard for evaluating IT security products. Independent labs test and certify products against a defined threat model. The scale runs EAL1 (lowest) to EAL7 (highest).
| Level | Verification method | Used by |
|---|---|---|
| EAL1 | Functionally tested | Basic consumer products |
| EAL2 | Structurally tested | Low-risk software |
| EAL3 | Methodically tested and checked | Business applications |
| EAL4+ | Methodically designed, tested, reviewed | Operating systems, firewalls, bank cards |
| EAL5+ | Semi-formally designed and tested | JavaCard platforms, passports, government ID |
| EAL6+ | Semi-formally verified design | Secure element hardware (chips) |
| EAL7 | Formally verified design and tested | Extremely rare, classified systems |
The "+" suffix means additional security augmentations were tested beyond the base level.
A secure element is not one thing. It's hardware running software. Each layer is evaluated independently.
The physical chip. Transistors, crypto accelerators, shield mesh, true random number generator, tamper detection circuits, voltage monitors, light sensors. This layer resists physical attacks — probing, laser fault injection, power analysis, electromagnetic emanation, focused ion beam. Hardware certification evaluates resistance to all of these.
The code running on the chip. Manages memory allocation, isolates applications from each other, handles cryptographic operations, enforces access controls, validates applet installations. Software certification evaluates whether the OS correctly implements its security properties and whether implementation bugs could compromise the system.
The composite rating is the security grade of the complete product — hardware and software together. It is capped by the lower of the two evaluations, because a system is only as secure as its weakest certified layer.
FrostCard uses an NXP J3R200 chip running the JavaCard 3.0.5 platform. The FrostCard applet runs inside the JavaCard virtual machine.
Hardware (SmartMX3): Certified EAL6+. Resists side-channel attacks, fault injection, physical probing, and laser attacks. Same grade as Tangem's chip.
Operating system (JavaCard 3.0.5): Certified EAL5+. A standardized platform maintained by Oracle, deployed in billions of bank cards, passports, SIM cards, and government IDs for over 25 years. Provides a virtual machine that sandboxes each applet — one applet physically cannot access another's memory.
Applet (FrostCard): Open-source JavaCard program. Key generation, Schnorr signing, ECDH secure channel, backup linking, backup locking. Runs inside the JavaCard VM sandbox. Anyone can read the source, compile it, and flash it onto a blank card.
Composite rating: EAL5+ — the hardware is EAL6+, but the complete product is rated at the level of its software layer certification.
Tangem uses a Samsung S3D350A chip running proprietary firmware. There is no standardized OS layer.
Hardware (S3D350A): Certified EAL6+. Same grade of physical tamper resistance as FrostCard's chip.
Firmware: Tangem wrote their own operating system. It is not JavaCard. It is not based on any publicly standardized platform. The firmware has been audited by independent security firms (Kudelski Security, Riscure), but it has not been through a Common Criteria evaluation as a software product — audits and CC certification are different levels of formal verification. The firmware runs directly on the chip — bare metal — with no sandbox layer between it and the hardware.
Marketed rating: "EAL6+" — this is the chip's hardware certification. There is no publicly documented software-layer certification for Tangem's firmware.
Certifying software to EAL6+ requires semi-formal verification of the implementation — mathematical proofs that the actual code matches its security specification. For a platform as complex as JavaCard (virtual machine, memory management, applet isolation, cryptographic services, GlobalPlatform secure loading), this would require millions of dollars and years of formal verification work.
No JavaCard platform on earth has achieved a composite EAL6+ rating. EAL5+ is the ceiling for any programmable smart card platform that supports custom applet loading. This applies to every smart card used in banking, government identification, and telecommunications worldwide.
Tangem avoids this constraint by not using a standardized, certifiable OS layer. Their firmware has not been submitted for independent software certification. This allows them to market the chip's hardware rating without a software certification capping it.
Third parties can write and load custom applets. The certified OS sandbox isolates each applet's memory. Applet code can be open source and audited by anyone. The cost is a lower composite rating because the OS layer is too complex for EAL6+ formal verification.
No third parties can load code. The firmware is written by one company and cannot be inspected or independently verified. The vendor can market the chip's hardware rating directly because there is no independently certified software layer to cap it.
The JavaCard virtual machine is not just an execution environment. It is a certified security boundary — independently evaluated to EAL5+. It enforces:
Memory isolation: Applet A physically cannot read Applet B's memory. This is enforced by the VM at the bytecode level, not by convention. The isolation was formally tested as part of the EAL5+ evaluation.
Type safety: The VM prevents type confusion attacks — a common class of vulnerability in native code. Every memory access is type-checked before execution.
Controlled installation: GlobalPlatform Secure Channel Protocol requires cryptographic authorization to install or update applets. Unauthorized code cannot be loaded onto the card.
Resource management: The VM manages EEPROM allocation, preventing one applet from exhausting storage or corrupting another's data. Memory bounds are enforced in hardware-assisted bytecode verification.
Tangem's firmware runs without this layer. There is no certified sandbox between the firmware and the hardware. If the firmware contains a memory safety bug, buffer overflow, or type confusion vulnerability, there is no independent security boundary to contain it.
To extract a private key from FrostCard, an attacker must break through three independently secured layers:
To extract a private key from Tangem, an attacker must break through two layers:
The JavaCard VM contains it. The applet cannot escape its sandbox to access key storage directly. Memory boundaries are enforced at the bytecode level by the certified VM. The bug can be found and fixed by anyone because the code is open source.
There is no sandbox underneath. The firmware runs bare metal on the chip. A firmware vulnerability gives the attacker direct access to key storage with no containment layer. The bug cannot be found by external researchers because the code is closed source.
The JavaCard platform has been in production since 1996. It is deployed in:
Bank cards: Visa, Mastercard, and American Express payment cards worldwide use JavaCard applets on certified secure elements.
Passports: Biometric passports (ePassports) in over 120 countries store identity data on JavaCard-based chips.
Government ID: National identity cards across Europe, Asia, and South America run JavaCard applets for digital signatures and authentication.
SIM cards: Billions of mobile SIM cards run JavaCard applets for subscriber authentication and secure messaging.
Military and defense: NATO Common Access Cards and defense department smart cards use JavaCard-based secure elements.
A new vulnerability in the JavaCard VM would affect the security infrastructure of every major bank, every passport-issuing nation, and every mobile carrier on earth. It would be a globally significant security event. The platform has been under continuous attack and continuous evaluation for nearly 30 years.
| FrostCard | Tangem | |
|---|---|---|
| Chip | NXP J3R200 (SmartMX3) | Samsung S3D350A |
| Hardware certification | EAL6+ | EAL6+ |
| Software platform | JavaCard 3.0.5 (open standard) | Proprietary OS (closed) |
| Software certification | EAL5+ (Common Criteria certified) | Audited (Kudelski, Riscure) — not CC certified |
| Composite rating | EAL5+ (full stack) | Not applicable (no certified OS layer) |
| Marketed rating | EAL5+ | "EAL6+" (hardware only) |
| Applet sandbox | JavaCard VM — certified memory isolation | No sandbox — firmware runs bare metal |
| Firmware visibility | Open source | Closed source |
| Custom applets | Anyone can load verified code | Locked to Tangem firmware |
| Independent code audit | Anyone can audit | Only Tangem employees |
| Security layers | 3 (applet + certified VM + certified chip) | 2 (firmware + certified chip) |
| Bug containment | VM sandbox contains applet bugs | No containment — bare metal |
| Platform track record | 30 years, billions of deployments | Tangem-specific, ~5 years |
Both chips resist physical attacks to the same degree. EAL6+ hardware is EAL6+ hardware regardless of what software runs on it. No one has ever extracted a private key from either chip class using any known technique.
The difference is in the software layer. FrostCard runs open-source code inside a certified EAL5+ sandbox that has been battle-tested for 30 years in billions of devices. Tangem runs closed-source code on bare metal with no independently certified software layer and no external code review.
More independently secured layers, each certified or publicly auditable, means a harder target. The number on a marketing page measures one layer. The actual security of a product is the full stack.