🛡️

EAL5+ vsEAL6+

Both FrostCard and Tangem use EAL6+ certified chips. But the composite security rating tells a different story. Here's what the numbers actually mean — and why they're different.

See what the numbers mean
Lesson 1
What is EAL?

EAL stands for Evaluation Assurance Level. It's a grade from the Common Criteria — an international standard for evaluating the security of IT products. The scale runs from EAL1 (lowest) to EAL7 (highest). Each level requires increasingly rigorous testing and formal verification by independent labs.

Common Criteria, in plain wordsIt's a shared rulebook that countries agreed on so a security claim can be checked the same way everywhere. An independent lab puts the product through a fixed battery of tests, and the EAL number is simply how deep that testing went — not how "good" the product is in the abstract, but how thoroughly it was examined.
EAL1Functionally testedBasic consumer products
EAL2Structurally testedLow-risk software
EAL3Methodically tested and checkedBusiness applications
EAL4Methodically designed, tested, and reviewedOperating systems, firewalls
EAL5Semi-formally designed and testedSmart card OS, military comms
EAL5+EAL5 with additional augmentationsJavaCard platforms, passports
EAL6+Semi-formally verified designSecure element hardware
EAL7Formally verified design and testedExtremely rare, military/government
What "evaluation assurance" meansA higher EAL doesn't make a chip physically stronger. It means more was proven about it — more documentation, more independent review, and at the top levels, mathematical proof that the design behaves exactly as specified. The "+" marks extra checks beyond the base level.
Lesson 2
A chip has two certifiable layers

A secure element isn't one thing — it's hardware with software on top. Each layer gets its own security evaluation.

🔩
Layer 1 — The silicon (hardware)
The physical chip — transistors, crypto engines, shield mesh, true random number generator, tamper detection. This is what resists physical attacks like probing, laser injection, and power analysis. Hardware certification evaluates the chip's resistance to these attacks.
💾
Layer 2 — The operating system (software)
The code that runs on the chip — manages memory, isolates applets, handles cryptographic operations, enforces access controls. Software certification evaluates whether the OS correctly implements its security claims and whether bugs could compromise the system.

The composite rating is the security grade of the complete product — hardware and software together. It's capped by the lower of the two evaluations, because a system is only as strong as its weakest layer.

Hardware vs composite certificationTwo different measurements. Hardware certification grades only the bare silicon. Composite certification grades the whole product — silicon plus the operating system running on it — and can never be higher than its weakest part. Marketing the hardware number alone tells you only half the story.
Lesson 3
FrostCard's architecture
FrostCard Applet — open source, auditable
runs on ↓
JavaCard 3.0.5 OS — NXP, certified EAL5+
runs on ↓
SmartMX3 Silicon — NXP, certified EAL6+
Hardware (SmartMX3): Certified EAL6+ by independent labs. The physical chip resists side-channel attacks, fault injection, physical probing, and laser attacks. Operating system (JavaCard 3.0.5): Certified EAL5+. This is a standardized platform maintained by Oracle. It provides a virtual machine that sandboxes applets — one applet cannot access another applet's memory. It manages cryptographic services, memory isolation, and secure applet loading via GlobalPlatform. Applet (FrostCard): Open-source JavaCard program. Handles key generation, signing, secure channel, backup linking. Runs inside the JavaCard VM sandbox. Composite rating: EAL5+ — because the JavaCard OS layer caps it. The hardware is EAL6+, but the complete product is rated at the level of its software certification.
In plain wordsFrostCard's chip is EAL6+ hardware. The whole product — chip plus its certified operating system — is EAL5+ composite. That lower number isn't a downgrade; it's the honest grade of the entire stack instead of just the silicon underneath.
Lesson 4
Tangem's architecture
Tangem Firmware — closed source, proprietary
runs on ↓
Samsung S3D350A Silicon — Samsung, certified EAL6+
Hardware (S3D350A): Certified EAL6+ by independent labs. Same grade of physical tamper resistance as FrostCard's chip. Firmware: Tangem wrote their own proprietary operating system. It is not JavaCard. It has not been through an independent Common Criteria evaluation as a software product. The firmware runs directly on the chip with no standardized sandbox layer. Marketed rating: "EAL6+" — this is the hardware certification only. There is no publicly documented software-layer certification for Tangem's firmware.
What this meansTangem markets the EAL6+ number from its silicon. But there's no independently certified software layer to cap it — so the "EAL6+" you see describes only the chip, not the complete product running on it.
Lesson 5
Why JavaCard caps at EAL5+

Certifying software to EAL6+ requires semi-formal verification of the implementation — mathematical proofs that the actual code matches its security specification. For a platform as complex as JavaCard (VM, memory management, applet isolation, crypto services, GlobalPlatform), this would cost millions of dollars and take years of formal verification work.

No JavaCard platform on earth has achieved a composite EAL6+ rating. EAL5+ is the ceiling for any programmable smart card platform that allows custom applet loading. This applies to every card used in banking, government ID, and transit systems worldwide.

⚖️
The tradeoff
Programmable platform (JavaCard, EAL5+ composite): Third parties can load custom applets. The OS sandbox isolates them. The applet code can be open source and audited by anyone. The cost is a lower composite rating because the OS layer is complex enough that formal verification to EAL6+ has never been done. Locked platform (Tangem, no composite rating): No third parties can load code. The firmware is written by one company and cannot be inspected. The vendor can market the chip's hardware rating directly because there is no independently certified software layer to cap it.
The honest versionEAL5+ isn't FrostCard falling short of EAL6+. It's the highest grade any open, programmable, auditable smart card can earn — the same ceiling the world's banks and passports live under. The "missing" point buys you something: code anyone can read.
Lesson 6
Side by side
FrostCard
ChipNXP J3R200 (SmartMX3)
Hardware certificationEAL6+
Software platformJavaCard 3.0.5 (open standard)
Software certificationEAL5+ (independently certified)
Composite ratingEAL5+
Marketed ratingEAL5+ (full stack)
Applet sandboxJavaCard VM — certified memory isolation
Firmware visibilityOpen source
Custom appletsAnyone can load verified code
Independent auditAnyone can audit the applet
Tangem
ChipSamsung S3D350A
Hardware certificationEAL6+
Software platformProprietary OS (closed)
Software certificationNot independently certified
Composite ratingNot applicable (no certified OS layer)
Marketed rating"EAL6+" (hardware only)
Applet sandboxNo sandbox — firmware runs bare metal
Firmware visibilityClosed source
Custom appletsLocked to Tangem firmware
Independent auditOnly Tangem employees see the code
Lesson 7
What the JavaCard sandbox provides

The JavaCard VM is not just an execution environment — it's a security boundary that is itself EAL5+ certified. It provides:

Memory isolation
Applet A physically cannot read Applet B's memory. This is enforced by the VM at the bytecode level, not by convention. The isolation has been formally tested as part of the EAL5+ evaluation.
Type safety
The VM prevents type confusion attacks — a common class of vulnerability in native code. Tangem's bare-metal firmware does not have this protection.
Controlled installation
GlobalPlatform Secure Channel Protocol requires cryptographic authorization to install or update applets. Unauthorized code cannot be loaded onto the card.
Resource management
The VM manages EEPROM allocation, preventing one applet from exhausting storage and affecting another. Memory bounds are enforced in hardware-assisted bytecode verification.
Tamper resistance, layered"Tamper resistance" is a chip's ability to survive someone physically attacking it. Tangem's firmware runs without the sandbox layer. If their firmware has a memory safety bug, buffer overflow, or type confusion vulnerability, there is no certified sandbox underneath to contain it. And because the firmware is closed source, no external researcher can look for these bugs.
Lesson 8
What the numbers mean in practice
📊
Same silicon, different software
Both chips resist physical attacks to the same degree — EAL6+ hardware is EAL6+ hardware regardless of what software runs on it. No one has ever extracted a private key from either chip class using any known technique. The difference is in the software layer. FrostCard runs open-source code inside a certified EAL5+ sandbox. Tangem runs closed-source code on bare metal with no independent software certification. A higher number on a marketing page does not mean a more secure product. It means a different part of the system was measured.
Lesson 9
Which is harder to hack?

An attacker trying to extract a private key from FrostCard has to break through three independently secured layers:

Layer 3 — FrostCard Applet (open source, community-audited)
contained by ↓
Layer 2 — JavaCard VM (EAL5+ certified, 25 years in production)
runs on ↓
Layer 1 — SmartMX3 Silicon (EAL6+ certified, tamper-resistant)

An attacker trying to extract a private key from Tangem has to break through two layers:

Layer 2 — Tangem Firmware (closed source, internal review only)
runs on ↓
Layer 1 — Samsung Silicon (EAL6+ certified, tamper-resistant)
If a bug exists in the FrostCard applet
The JavaCard VM contains it. The applet cannot escape its sandbox to access key storage directly. Memory boundaries are enforced at the bytecode level by the certified VM. The bug can be found and fixed because the code is open source.
If a bug exists in Tangem's firmware
There is no sandbox underneath. The firmware runs bare metal on the chip. A firmware vulnerability gives the attacker direct access to key storage. The bug cannot be found by external researchers because the code is closed.
🏦
25 years, billions of cards
The JavaCard VM has been deployed in billions of bank cards, passports, government IDs, and SIM cards for over 25 years. It is one of the most battle-tested security platforms in existence. Every major bank, every passport-issuing government, and every mobile carrier relies on it. Finding a new exploit in the JavaCard VM would be a globally significant security event. More independently secured layers, each certified or auditable, means a harder target. The EAL number on a marketing page measures one layer. The actual attack surface is the full stack.
Don't Trust — Verify
Read the certifications yourself

Every claim on this page is checkable. The hardware certifications are public Common Criteria records; the applet that runs on top is open source, line by line.

The open-source applet
FrostCard's JavaCard applet is the only code that touches your key — and it runs sandboxed inside the EAL5+ certified VM. You can read every line.
The bottom line
Same EAL6+ silicon. Different software story. FrostCard publishes the honest composite grade of the whole stack — EAL5+, the ceiling for any open, programmable, auditable card. A higher marketing number describes one layer, not the product. Don't trust the number; verify the stack.
FrostCard — the first fully open-source NFC cold wallet for Kaspa
X · frostcard.io