Crayonic Digital Identity Wallets for Critical Infrastructure

Audience: IT administrators, security professionals, developers

Introduction

Crayonic Digital ID Wallets are hardware wearables and companion software for securing critical infrastructure. The platform enables passwordless multi-factor authentication for logical and physical access, eliminates static passwords, and gives administrators full control over credentials and devices across the enterprise.

All wallets support FIDO2 passkeys and X.509 certificates via the NIST PIV protocol. Hardware wallets use a Common Criteria EAL 4+ certified secure element for key storage and cryptographic operations.

Browser support

To check that your browser supports the W3C WebAuthn standard, see https://caniuse.com/?search=webauthn.

Documentation Map

Wallets

Hardware and mobile Crayonic ID wallets.

• Crayonic Badge — smart wearable badge with biometrics, display, NFC, BLE and USB
• Crayonic KeyVault — compact USB/BLE/NFC authenticator with biometrics
• Crayonic Mobile ID Wallet — Android/iOS app, standalone or in Bridge mode
• Crayonic BioCard — credit-card format authenticator

End-point Tools

Software that runs on each user's workstation.

• Crayonic Bridge — Bluetooth-USB dongle for proximity login
• Crayonic Agent — Windows service for device, session and firmware events
• Crayonic Credential Provider — clean Windows login UI for passkey, X.509 and password credentials

Management & Integration for Enterprise

Central services for administrators.

• Crayonic Device Manager — fleet monitoring, security events, audit
• Crayonic Credential Manager — passkey and certificate provisioning, self-service and approvals
• Crayonic RTLS — indoor location, zone policies, Panic Button (in development)
• Crayonic Comms — identity-bound messaging (in development)
• Crayonic Voice Assistant — voice actions bound to a Crayonic identity (in development)

Tools

Standalone utilities for specific credential workflows.

• Crayonic PIV Manager — administrator tool for X.509 certificate provisioning
• Crayonic Firmware Manager — local firmware management (in development)
• Crayonic File Encryption — certificate-based single-file encryption (PIVCrypt)

Downloads

All firmware, installers, and reference guides live on a single Downloads page.

Validations & Certifications

Independent third-party validations of the Crayonic platform:

• FIDO Alliance — FIDO2 Level 1 certified — Crayonic KeyVault is listed in the FIDO Alliance Certified Showcase: https://fidoalliance.org/showcase/crayonic/
• Microsoft Entra ID — attested FIDO2 partner — Crayonic KeyVault K1 (USB-NFC-BLE) appears in Microsoft's published list of FIDO2 hardware eligible for Entra ID attestation, with biometric, USB, NFC and BLE capabilities all approved: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-fido2-hardware-vendor
• Common Criteria EAL5+ secure element — the STMicroelectronics STSAFE-J100-BS Java Card platform used by Crayonic wallets is certified by ANSSI to Common Criteria EAL5+ (Security Target public version): https://www.commoncriteriaportal.org/files/epfiles/1037b_pdf.pdf

Reference

• KeyVault Technical & Security Whitepaper
• Comparison with other passwordless authenticators
• Secure Element specifications