Digital security has never been more crucial, at a time where we see an increasingly connected world, wider access to data and significantly enhanced capabilities of attackers. So it becomes important for all kinds of organisations to ensure protection of critical assets such as those used in financial transactions, personal & digital identities, government services, cryptographic processing and more.
The best way to provide protection against possible attacks is to use a combination of tamper-resistant hardware with a highly secure, flexible software environment that includes operating system and application level security. Achieving all this inside a user or end-point device is the particular domain of what is traditionally known as smartcard technology (as used in billions of financial cards, government-issued ID cards, and more), and now extends to encompass a wider area of smart secure devices.
A good system design for these secure cards, end-points, etc is one that can best address the following needs:
- High security: the level of security credentials offered
- Flexible provisioning options: how do we get applications to the devices; how practical and secure are those methods?
- Ease of supply chain management: how many complex relationships are required to get these devices into the hands of customers, and how easy is it to change those suppliers?
MULTOS was designed from the ground up as a purpose-built platform to meet these core objectives.
The MULTOS Framework
More than just an operating system and a set of APIs, MULTOS is an open, high security, multi-application platform, defining a complete issuing environment which covers the entire lifecycle of the chip. Each of the constituent elements and processes is designed and implemented to ensure the Issuer, or their designated bureau provider, is in control over the smart device lifecycle. This is entirely contained within the MULTOS specifications and thereby does not rely on external or supplemental standards. A single, stable, well-defined standard also helps to ensure interoperability between various suppliers of the components in the ecosystem.
The MULTOS Secure Device
The MULTOS implementation is developed on secure silicon chips and offers a platform for multiple applications to securely co-reside and execute. The specification includes the card operating system, application programming interfaces (APIs), and card application management for loading and deleting only those applications that are authorised by the issuer.
The MULTOS specifications allow for either a standard MULTOS card (for chips with RSA crypto-coprocessors) or a MULTOS step/one card (for lower-end and lower cost chips with no RSA cryptographic capability). Both support the same MULTOS commands and APIs, so applications can execute on either platform (except for RSA functions).
MULTOS applications are the most efficient in the industry. An application development SDK is available free of charge enabling development in ‘C’, Java, or a highly efficient low level language (MEL).
Ensuring Confidence
Designed from the ground up as a high assurance security platform, the MULTOS architecture is specifically targeted for the limited resource environment of a smartcard, and offers what no other technology can:
- Security ArchitectureMULTOS products have achieved the highest security evaluation levels of any smartcard technology platform, including ITSEC E6 and Common Criteria EAL 7. The operating system performs real time integrity checking, application and data firewalls and secure application management (loading and deleting) to ensure complete confidence in the smart device.
- Interoperability & Supply Chain Management
All MULTOS chip devices are required to undergo a type approval process (mandated by the MULTOS specifications) which is designed to ensure that each device complies with the standard. The benefit of that can be seen at the card production and personalisation stages where standard commands are used by those systems
The MULTOS Issuance Process
At the heart of the MULTOS process is the Issuer or their authorised personalisation provider that can choose the type of key management that best suits. A centralised, secure MULTOS Key Management Authority (KMA) can be used for MULTOS products, allowing multiple supply options and multiple parties, including application providers, to deliver a product without the need to share keys. Alternatively, an in-bureau key management process can be deployed by using our latest C3 utility covering our entire MULTOS step/one range and now also the new MULTOS products that support Real-Time Enablement. The C3 utility can be implemented as a standalone system, or integrated fully into the perso bureau operations to get the full benefit of crypto locking and app loading devices in a single step.
Key Management – Enablement: Creates the MULTOS cryptographic components that link the issuer to each unique MULTOS card. This includes the enablement data and the application digital certificates used by the card to control loading/deleting permissions.
Personalisation: MULTOS supports a unique off-card data preparation model, allowing applications to be personalised before the physical card is presented to the personalisation equipment. The application is packaged into an ALU (Application Load Unit) and along with the ALC (Application Load Certificate) is then loaded onto the MULTOS card.
Real-Time Enablement
MULTOS and MULTOS step/one products are now able to offer a new capability that was recently added to enhance the card production and personalisation operations – Real-Time Enablement (RTE). The RTE feature is the first time that a chip product can be cryptographically tied to the issuer (through the enablement process) and loaded with the desired applications (through app loading) in a single step, live and in real time while the chip/device is under the personalisation head.