The Tangem card is a self-custodial hardware wallet. The main functions of Tangem cards are to securely create and store a private key and sign data.
The cards carry an EAL6+ certified secure smart-card chip based on ARM SC000 core architecture and having ISO14443 Type A contactless interface. Tangem’s card firmware is a native Сard OS (COS) providing a proprietary communication protocol on top of ISO14443 to interact with a contactless terminal. Once loaded into a particular card, COS binary code cannot be updated or managed.
Tangem does not develop or provide any server back-end for validation of the wallet balance. The system fully relies on the existing decentralized infrastructure of blockchain nodes with open external API. Tangem cards are self-sufficient, and the circulation of cards is uncontrolled. The only role of Tangem in the ecosystem is to sustain the card attestation chain ensuring the authenticity of the cards and integrity of COS.
Tangem card guarantees that it is the only place in the world that holds the private key. Therefore, it is not possible to export, import, restore or in some other way gain access to the wallet private key. Loss or physical destruction of the card is equivalent to loss of the wallet’s funds.
Tangem Card's chip has EAL6+ certification by Applus+. Firmware of the card is audited by the top rated Swiss independent auditor — Kudelski security.
The Tangem card carries only one single secure chip providing direct end-to-end attestation of the entire device. This unique feature guarantees that you hold a genuine Tangem card, regardless of how and from where it was delivered to you.
There are several mechanisms of attestation for the holder to ensure they operate a genuine Tangem card:
Card attestation. During the manufacturing process, special service keys are generated within the card (not to be confused with wallet keys) and the public key of the card is uploaded to the Tangem attestation service back-end. At the time of attestation, the card confirms the ownership of the corresponding private key, and the public key is compared with the one uploaded to the server.
Attestation of wallets. If wallets have already been created on the card, during the attestation process, a special challenge will be sent to the card to verify the possession of the corresponding private keys.
Firmware attestation. The card can access any random segment of its flash memory containing firmware and return its hash. Thus, the holder can make sure that the firmware installed on the card was produced by Tangem as well as that this is exactly the firmware that was checked by the auditor.
When a card is scanned for the first time it has to pass the attestation process. This process is built in the scanning procedure
The cards’ microprocessor employs many anti-tampering mechanisms that can recognize various types of invasive and non-invasive attacks. Tangem COS will react to attempts of such attacks according to its severity.
Tangem cards pass rigorous testing and can withstand environmental extremes, occasional mechanical deformation, electromagnetic pulse (EMP), electrostatic discharge (ESD) and X-rays within limits defined in ISO7810 standard.
The card can work in a hostile environment from -25℃ up to 85℃, has IP68 certification and can work even underwater.
Cards will also withstand unpredicted power outages that may occur when the NFC field or the host device is removed from the card. On-card data integrity is protected by a proprietary anti-tearing mechanism and triple storage redundancy. Embedded non-volatile memory (NVM) is certified and tested for more than 25 years of the data retention period.
It is recommended to avoid intentional bending with force and exposure to temperatures above 80℃, powerful X-rays and magnetic fields (e.g. MRI).