As well as supporting traditional bureau personalisation, the MULTOS security architecture allows for applications and data to be securely loaded to a MULTOS device in an insecure environment - ideal for instant issuance, mobile payments and post issuance updates. An overview of how this is achieved is as follows:-
- Each MULTOS device contains a unique RSA key pair, generated and certified by the Key Management Authority. This key pair is securely loaded to the device when it is enabled.
- The public part of the key is used by data preparation software, in a secure environment such as a perso bureau, to encipher a packet of data called an Application Load Unit (ALU).
- The ALU contains the application code and personalised data.
- Only the target MULTOS device can decipher the ALU.
- The load process does not require any external cryptographic device and a secure channel is not required as all the cryptographic processing is internal to the MULTOS device itself.