What is the difference between MULTOS, the MULTOS Scheme, the MULTOS Consortium and MAOSCO?
These four terms are often used interchangeably, but they do each have a distinct role to play; MULTOS is the highly secure, multi-application operating system designed specifically for Smart cards (the only commercially available O/S to have been so). It is loaded onto cards during the silicon manufacture, and is protected throughout the whole process by digital keys, ensuring that at no time can the security of the card be compromised.
The MULTOS Scheme is the name given to the infrastructure surrounding manufacture, personalisation and management of MULTOS cards. At the core of the MULTOS Scheme is the Key Management Authority; the trusted third party that controls the card Issuer keys and digital certificates. The scheme is often referred to as “Issuer-centric”, the Card Issuer has sole control of what gets loaded and deleted into their card.
The MULTOS Consortium is a group of globally based, industry-wide companies, whose remit is to develop, manage and promote MULTOS and the MULTOS product specifications. The members may be business competitors, but all share the common goal of propagating MULTOS, and so work together to this end.
The MULTOS Consortium is managed by MAOSCO Ltd.; a Secretariat, charged with managing the MULTOS Specification development, Type Approval of new MULTOS products, and promoting MULTOS and the Consortium members worldwide. MAOSCO will organise speaking events, trade show attendance and Consortium forums for members to make use of to push their own area of MULTOS expertise.
What is the difference between MULTOS and Step/one?
MULTOS and MULTOS Step/one are essentially the same product; both are built based on the same MULTOS Specifications. However, there are some fundamental differences.
- Step/one was developed specifically for financial issuers who are migrating to EMV with Static Data Authentication (SDA), and is lower-cost, non-RSA capable version of “Full” MULTOS.
- Instead of using a central KMA, the cryptographic services for step/one are handled by an issuer-controlled software called Control Centre and are based around symmetric cryptography (Triple DES) rather than asymmetric (RSA).
- step/one applications are fully compatible with “Full” MULTOS, and the loading/deleting of these applications is handled in exactly the same way in both versions.
Aside from RSA cryptographic support, the same security principles are followed for MULTOS step/one as for “Full” MULTOS.
Where can I get a MULTOS card?
MULTOS and MAOSCO do not issue cards. Many card issuing organisations worldwide use the MULTOS Operating System on their cards as the high security platform on which to offer their particular services. Examples of these may be Credit or Debit in the case of a Financial institution, an ID programme in the case of a government, or Driver’s license in the case of a Department of Transport.
What are the benefits of becoming a Consortium member?
The MULTOS Consortium is made up of 25 international companies from across the Smart card industry, whose aim is to promote and develop MULTOS as a Product, a Scheme and as an Open Specification. The Consortium is governed by MAOSCO; a not-for-profit body that manages the development of the MULTOS Specifications and actively promotes and markets MULTOS and the MULTOS activities on behalf of our Members.
The Consortium has 2 branches; Technical and Commercial.
The Commercial side of the Consortium promotes MULTOS at a global level, including speaking at events, hosting MULTOS workshops and exhibiting at various Trade shows worldwide. We provide to all our Members a platform to market their MULTOS offering, and actively assist them in promoting their business in this field. Often we can provide a presence for a member in a region where they traditionally may not have the resource to cover, or the contact points to initiate business.
We also hold Business Advisory Groups, usually 4 times a year, where Members can hear the latest developments within the MULTOS business world and discuss new requirements for MULTOS, both in terms of current and future business. This is also the forum where any member can propose developments or changes to the MULTOS Specifications, which are then discussed and acted upon accordingly.
We have also recently instigated a Mobile Working Group whose remit is to study and report on MULTOS opportunities and developments within the mobile and NFC markets.
www.multos.com is a well-used focal point for all entities looking for MULTOS information, member information (each member has space on the website to promote their own product and company), or obtain development tools and documentation. Finally, we provide a number of tools and newsletters to give our Members as much useful information as we can on MULTOS and the business environment in which it operates.
The Technical branch of the Consortium manages the MULTOS Specifications and reviews and implements technical changes required to the Specifications based on business requests defined by the Commercial branch. The Technical team is also responsible for Type Approval of new MULTOS products from the Implementers, ensuring adherence to the strict requirements of the MULTOS Specifications. There is also a Technical Advisory Group which meets on a similar pattern to the Business Advisory Group.
The MULTOS Consortium has 3 levels of Membership; Full Member, Partner Member and Professional Partner, of which Partner Member is our most popular. These are designed to allow companies to choose a membership which most suits their particular business needs.
Why should my company join the MULTOS Consortium?
The MULTOS Consortium is made up of 25 international companies from across the Smart card industry, whose aim is to promote and develop MULTOS as a Product, a Scheme and as an Open Specification. Becoming a Consortium member opens up a global network of knowledge, experience and resources pertaining to MULTOS implementation and deployment, from companies that are actively working with the product. The Consortium provides a forum for increasing the visibility of your business, through trade shows, speaking engagements, trade magazines and other forms of media. We regularly work with our Consortium members on joint promotional ventures, in all regions of the world.
Consortium members enjoy exclusive access to all areas of the multos.com website, which includes their own space to advertise their particular offering, as well as the opportunity to publish free of charge in our quarterly newsletter; The MULTOS Commentary.
From a Specifications perspective, our Partner and Full members have the right to sit on the Advisory boards for both the Business and Technical arms of the Consortium, allowing them to have a direct input into the direction and development of the product and the Specifications. Requirements particular to your business needs can be raised and addressed at these groups; bringing to bear the collective experience of all the industry’s major players to the challenge at hand.
For the opportunity to raise your business profile in the MULTOS world and to reap the benefits of working in a strong, established group of international front-runners, the Consortium provides a unique and compelling opportunity.
What are the main differences between Javacard and MULTOS?
These are some of the main differences between Javacard and MULTOS:-
- is built in to MULTOS, for Javacard it is provided by GlobalPlatform
- uses asymmetric keys for MULTOS vs symmetric for Javacard/GP
- uses a firewall to separate applications on card vs. off-card verification methods for Javacard
- Applications / data loaded onto cards via secure packets for MULTOS vs a secure channel for Javacard/GP
MULTOS has a mandatory type approval process – provides confidence in the security and interoperability of MULTOS implementations. Testing is performed by independent 3rd party laboratories. Commercially this means that applications can be deployed on MULTOS platforms from multiple suppliers.
Once you have a script for loading applications to MULTOS (whatever the machine or device), it does not need to be changed for each implementation or application.
Application perso is usually done off-line, in advance with MULTOS as opposed to at perso time on the perso machine.
Can I write applications in Java?
Yes, but is is more usual to write applications in ‘C’ as there is more support and resulting applications tend to be smaller and faster. The Java environment is used mostly for porting applications originally written for Javacard to MULTOS.
Is MULTOS Global Platform compliant?
MULTOS forms part of the GP specifications and implementations of this GP specification for MULTOS have been done. As for compliance, testing a MULTOS implementation of GP should be similar to testing a Javacard implementation of GP.
What languages can I write MULTOS applications in?
There are three options for writing MULTOS applications:-
- A native assembly language called MEL
- C (the most commonly used)
Why is MULTOS secure?
There are many factors contributing to the overall security of MULTOS. Here are the main ones.
Firstly, the MULTOS Type Approval Policy ensures that only secure chips are used for MULTOS implementations and that all implementations are subject to a security evaluation. See the policy for details.
The operating system then implements an on-chip firewall that prevents one application from trying to access or modify the code or data of another application on the chip.
The key scheme used for loading applications and their data uses:-
- Application Load Certificates (ALCs) to ensure the integrity and authenticity of applications and gives an issuer control over what applications can be loaded. ALCs are created at the issuer’s request by a Key Management Authority (KMA) and chips verify the authenticity of ALCs on loading using the KMA’s public key.
- a unique asymmetric key pair per chip to secure data packets to be sent to the card. Certified copies (provided by the KMA) of the chip public keys are used during data preparation or personalisation to create a unique encrypted packet for each chip which only the chip with the matching private key can read.
What are the differences between Codelets and Romlets?
Codelets are a way to place commonly-used code into ROM or EEPROM so a single copy of the code can be shared by many applications. Because ROM uses much less die area than EEPROM, it’s a good way of squeezing bigger programs into the small space of a smart card. It also means that personalised ALU size can be greatly reduced (speeding up application loading) as the majority of the code portion is already in ROM.
Romlets are selectable applications (with an AID) contained completely in ROM. They have full access to Public and the stack but only read-only access to Static data (used for fixed application and personalised data). In practice Romlets are rarely used.
Is MULTOS FIPS140-2 compliant?
All FIPS 140-2 certifications are for complete products; hardware + firmware (O/S) + software + particular configurations thereof.
Ref [FIPS 140-2] 4.1 “A cryptographic module shall be a set of hardware, software, firmware, or some combination thereof that implements cryptographic functions or processes, including cryptographic algorithms and, optionally, key generation, and is contained within a defined cryptographic boundary.”
MULTOS implementations can provide the hardware and O/S parts of such products and as relevant variants are already Common Criteria certified, it is a good choice for products wishing to achieve FIPS140-2 certification.