MULTOS Smart Card Operating System - 20 years of high security OS
MULTOS is a multi-application operating system for smart cards that is ideal for the highest security needs. MULTOS is the first, open, high security, multi-application operating system for smart cards (hence ‘MULT-OS’). The beauty of this system is that diverse parties can develop applications to run on the same card so that the applications can co-reside both independently and securely. This way applications from various vendors can be combined, all securely independent of each other.
Early smart cards were costly and inflexible. Until the emergence of multi-application smart cards, each software application representing a product or service on a card was written for a specific operating system, which in turn was particular to a hardware (chip) or silicon platform supplier. Before MULTOS, a card issuer had to commit to a specific application developer, operating system, and chip for each service the issuer wished to provide to its customer base. The issuer had almost no flexibility to change any of these components without having to invest funds into a new software and/or hardware implementation. Consumers had to carry a different card for each service or function they wished to benefit from. If the product or service changed in any way, the cardholder would need a replacement card.
As the leading high security, multi-application operating system, MULTOS has changed the smart card proposition for both issuers and cardholders. MULTOS provides increased convenience and flexibility for users while delivering savings and a wealth of opportunities for issuers across all business sectors. The open nature of the MULTOS platform allows anyone to issue cards, write applications, implement the operating system on a specific chip, manufacture smart cards, or provide value added products which support MULTOS.
Secure Multi-Application Smart Card Operating System
Silicon providers undergo rigorous testing to prove security, tamper resistance, and inter-operability. We believe that MULTOS as a smart card platform provides the highest level of security. Applications are isolated from each other; a system of firewalls makes sure that data cannot be accessed without proper authorization. Application providers do not need to trust each other nor even have any relationship with each other.
MULTOS Application Loading and Unloading
MULTOS allows applications to be loaded on-the-fly. This means that a smart card with a MULTOS operating system can change features during its lifetime. This is beneficial for both the cardholder and the card issuer and eliminates time consuming paperwork.
EXAMPLE: A student who has been issued a smart card a MULTOS OS, can load applications over the Internet, thereby changing the set of available applications over the smart card’s lifetime. One day the smart card could contain an electronic purse and a metro travel application. The next day (with proper authorization ) the student could add an electronic key to access the university network. This is extremely efficient and beneficial for both the cardholder and the card issuer and can be done securely over insecure networks.
MULTOS applications are typically written in the C programming language. Recently a Java compiler became available as well. Regardless of the programming language used, the sources are compiled into the MULTOS Executable Language (MEL). MEL is a Reduced Instruction Set Computer (RISC) language specific to MULTOS. development, and testing time can be reduced to a minimum due to simulators and debuggers from various manufacturers.
MULTOS is designed and independently evaluated to a high level of security to ensure that issuers, application developers, and other MULTOS service providers can build their business proposition without having to undertake expensive and lengthy evaluations of the underlying technology. The security of MULTOS is ensured by a requirement in the MULTOS implementation licence which obligates all MULTOS silicon providers to undergo a rigorous testing and evaluation process to prove security, tamper resistance and interoperability. No other smart card platform available today can claim a similar level of security.
Software Development for MULTOS Chip Card
To do application development, you need a MULTOS application developers card. This special card provides a standardized and simplified way to create, load, and delete certificates. What’s great about MULTOS is its backward compatibility. MOASCO makes certain that new versions are backward compatible. MULTOS supports contactless cards, Elliptic Curve Cryptography (ECC), and GSM.
MULTOS API. There is a standard Application Programming Interface (API) between applications and the operating system. This feature allows applications from different vendors and industries, which may be written using different standards such as EMV and B0′ in financial services, to co-exist on a single operating system and co-reside on the same smart card.
Virtual Machine and Firewall
MULTOS Applications Run on a Virtual Machine. MULTOS provides a platform-independent way to develop applications. Commonly used chips are manufactured by Hitachi and Infineon. The virtual machine guarantees that a an application developed on an Hitachi card can be deployed on an Infineon card.
The MULTOS smart card checks the validity of the application it has been sent, allocates the program a protected and (through the use of special “firewalls”) isolated area in its memory, and locks the new application into place. Each new service or application is kept rigorously separate by the firewalls from any other program already on the card, so that the operation of one application (or even the malfunctioning of one application or a ‘hostile application’) cannot interfere with the operation of the others. A MULTOS card issuer can therefore feel safe knowing that an application requiring a high degree of security and type approval (e.g. a financial services application) can co-reside with applications for which security is not of paramount importance and which therefore have not been subjected to rigorous testing (e.g. an address book application). Furthermore, MULTOS application providers do not need to trust each other’s products, nor even have any relationship with each other.
MULTOS is compliant with the key industry standards including ISO 7816 and EMV.
MULTOS on the Web: Please refer to www.multos.com for more detailed information about MAOSCO and the MULTOS multi-application smart card operating system.