MULTOS

Smartcard - ticket machine

Considerations

For many issuers, one of the first questions encountered at the onset of a smartcard initiative is what operating system should be used. Ultimately, this is not a stand alone decision; it should reflect the consideration of many factors.

Factors which influence the selection of a smartcard operating system include:

  • strategic goals - why are smartcards being introduced?
  • degree of control desired - business rules and comfort with out-sourcing
  • target customers - namely who are the intended cardholders?
  • internal technical expertise - core competencies
  • access to existing commercial relationships - supply chain
  • price

Fortunately, none of these considerations are unique to any given issuer, no matter how big, how small or how technically suave. Countless issuers have come to the conclusion that no solution is better suited to meet all of their goals as an issuer than MULTOS.

Freedom

MULTOS is more than a product, more than just a smartcard operating system. It is a total solution, a framework of tools and protocols that result in the greatest degree of flexibility, control and security for any issuer. Furthermore, MULTOS is unique in that it allows issuers to freely decide which vendors will play a role in its supply chain.

The introduction of smartcards brings with it a host of new processes that were not relevant for the issuance of magnetic stripe cards. Solutions for data preparation, key management and personalization of the chip, in addition to the provisioning of modules/chips and applications, all need to be worked through. Due to differing strategic goals and issuing environments, each issuer derives a unique configuration of individual components comprising a complete solution. Only MULTOS offers the flexibility to excel in all of these configurations.

MULTOS means OPTIONS.

Confidence

Security is not an easy concept to communicate. For issuers who for decades have relied upon back-end processes to monitor transaction metrics and derive policies aimed at mitigating fraud, the notion of allowing an integrated circuit to function as anything more than a large magnetic stripe is daunting.

Quantitatively, we can state that MULTOS has achieved established security ratings, ITSEC (to level E6 High) and Common Criteria (to EAL4), that other multi-application smartcard operating systems have failed to attain. How do these ratings translate into palpable benefits for issuers?

First, MULTOS cards are linked to individual issuers through a process called enablement. Once a MULTOS chip is enabled, the issuer alone controls which applications are loaded to the chip, or alternatively, which applications are removed from the chip. The requirement for application load certificates (ALCs) further reinforces the issuer's domain over the chips' content.

Second, applications may be loaded to and deleted from MULTOS chips, independently of any and all other MULTOS applications that reside on the chip. Issuers need not worry about secondary applications impacting or accessing the core, high security applications.

Third, MULTOS applications operate independently, regardless of their origin or their functionality. They are impervious to any attempts to access code and data from applications that co-reside on the chip.

Fourth, secure packets, called application load units (ALUs), allow issuers to load applications in environments which, devoid of dedicated lines and security hardware, would otherwise be considerd high-risk. The key management authority (KMA), combined with the MULTOS chip's capability itself, combine to provide the cryptographic assurances that applications can be loaded in any environment.

Together, the KMA, ALUs, enablement, ALCs and on-card security, combine to define a framework that puts the issuer in full control, not just now, but througout the life of the card.

Product offering

Our current range of products reflects the broad spectrum of requirements that today's smartcard issuers demand. With EEPROM sizes spanning 4K through 80K, our MULTOS and MULTOS step/one chips are capable of delivering a wide spectrum of solutions to cardholders in any market.

Additionally, contactless as well as dual-interface capabilities are dispersed throughout our product range providing further options to issuers. Code for many of the most popular applications, such as EMV payment, PKI and loyalty, are pre-loaded into ROM, thereby saving valuable EEPROM space.

Any application may be incorporated into the MULTOS framework and, depending on the functionality, developed for our MULTOS or MULTOS step/one products. Contact us for more information concerning current products or product development.