FAQs under 'Business'
What are the benefits of becoming a Consortium member?
The MULTOS Consortium is made up of 25 international companies from across the Smart card industry, whose aim is to promote and develop MULTOS as a Product, a Scheme and as an Open Specification. The Consortium is governed by MAOSCO; a not-for-profit body that manages the development of the MULTOS Specifications and actively promotes and markets MULTOS and the MULTOS activities on behalf of our Members.
The Consortium has 2 branches; Technical and Commercial.
The Commercial side of the Consortium promotes MULTOS at a global level, including speaking at events, hosting MULTOS workshops and exhibiting at various Trade shows worldwide. We provide to all our Members a platform to market their MULTOS offering, and actively assist them in promoting their business in this field. Often we can provide a presence for a member in a region where they traditionally may not have the resource to cover, or the contact points to initiate business.
We also hold Business Advisory Groups, usually 4 times a year, where Members can hear the latest developments within the MULTOS business world and discuss new requirements for MULTOS, both in terms of current and future business. This is also the forum where any member can propose developments or changes to the MULTOS Specifications, which are then discussed and acted upon accordingly.
We have also recently instigated a Mobile Working Group whose remit is to study and report on MULTOS opportunities and developments within the mobile and NFC markets.
www.multos.com is a well-used focal point for all entities looking for MULTOS information, member information (each member has space on the website to promote their own product and company), or obtain development tools and documentation. Finally, we provide a number of tools and newsletters to give our Members as much useful information as we can on MULTOS and the business environment in which it operates.
The Technical branch of the Consortium manages the MULTOS Specifications and reviews and implements technical changes required to the Specifications based on business requests defined by the Commercial branch. The Technical team is also responsible for Type Approval of new MULTOS products from the Implementers, ensuring adherence to the strict requirements of the MULTOS Specifications. There is also a Technical Advisory Group which meets on a similar pattern to the Business Advisory Group.
The MULTOS Consortium has 3 levels of Membership; Full Member, Partner Member and Professional Partner, of which Partner Member is our most popular. These are designed to allow companies to choose a membership which most suits their particular business needs.
Why should my company join the MULTOS Consortium?
The MULTOS Consortium is made up of 25 international companies from across the Smart card industry, whose aim is to promote and develop MULTOS as a Product, a Scheme and as an Open Specification. Becoming a Consortium member opens up a global network of knowledge, experience and resources pertaining to MULTOS implementation and deployment, from companies that are actively working with the product. The Consortium provides a forum for increasing the visibility of your business, through trade shows, speaking engagements, trade magazines and other forms of media. We regularly work with our Consortium members on joint promotional ventures, in all regions of the world.
Consortium members enjoy exclusive access to all areas of the multos.com website, which includes their own space to advertise their particular offering, as well as the opportunity to publish free of charge in our quarterly newsletter; The MULTOS Commentary.
From a Specifications perspective, our Partner and Full members have the right to sit on the Advisory boards for both the Business and Technical arms of the Consortium, allowing them to have a direct input into the direction and development of the product and the Specifications. Requirements particular to your business needs can be raised and addressed at these groups; bringing to bear the collective experience of all the industry’s major players to the challenge at hand.
For the opportunity to raise your business profile in the MULTOS world and to reap the benefits of working in a strong, established group of international front-runners, the Consortium provides a unique and compelling opportunity.
What are the main differences between Javacard and MULTOS?
These are some of the main differences between Javacard and MULTOS:-
- is built in to MULTOS, for Javacard it is provided by GlobalPlatform
- uses asymmetric keys for MULTOS vs symmetric for Javacard/GP
- uses a firewall to separate applications on card vs. off-card verification methods for Javacard
- Applications / data loaded onto cards via secure packets for MULTOS vs a secure channel for Javacard/GP
MULTOS has a mandatory type approval process – provides confidence in the security and interoperability of MULTOS implementations. Testing is performed by independent 3rd party laboratories. Commercially this means that applications can be deployed on MULTOS platforms from multiple suppliers.
Once you have a script for loading applications to MULTOS (whatever the machine or device), it does not need to be changed for each implementation or application.
Application perso is usually done off-line, in advance with MULTOS as opposed to at perso time on the perso machine.
Why is MULTOS secure?
There are many factors contributing to the overall security of MULTOS. Here are the main ones.
Firstly, the MULTOS Type Approval Policy ensures that only secure chips are used for MULTOS implementations and that all implementations are subject to a security evaluation. See the policy for details.
The operating system then implements an on-chip firewall that prevents one application from trying to access or modify the code or data of another application on the chip.
The key scheme used for loading applications and their data uses:-
- Application Load Certificates (ALCs) to ensure the integrity and authenticity of applications and gives an issuer control over what applications can be loaded. ALCs are created at the issuer’s request by a Key Management Authority (KMA) and chips verify the authenticity of ALCs on loading using the KMA’s public key.
- a unique asymmetric key pair per chip to secure data packets to be sent to the card. Certified copies (provided by the KMA) of the chip public keys are used during data preparation or personalisation to create a unique encrypted packet for each chip which only the chip with the matching private key can read.