MULTOS is a multi-application smart card operating system, that enables a smart card to carry a variety of applications, from chip and pin application for payment to Match-on-Card (MoC) biometric matching for secure ID and ePassport. MULTOS is an open standard whose development is overseen by the MULTOS Consortium – a body composed of companies which have an interest in the development of the OS and includes smart card and silicon manufacturers, payment card schemes, chip data preparation, card management and personalization system providers, and smart card solution providers. There are more than 30 leading companies involved in the consortium.
One of the key differences of MULTOS with respect to other types of smart card OS, is that it implements a patented public key cryptography-based mechanism by which the manufacture, issuance and dynamic updates of MULTOS smartcards in the field is entirely under an issuer’s control using digital certificates rather than symmetric key sharing. This control is enabled through the use of a Key Management Authority (KMA), a special kind of certification authority. The KMA provides card issuers with cryptographic information required to bind the card to the issuer, initialize the smart card for use, and generate permission certificates for the loading and deleting of applications under the control of the issuer.
Application providers can retrieve and verify the public key certificate of an individual issuer’s card, and encrypt their proprietary application code and confidential personalization data using that card’s unique public key. This payload is digitally signed using the private key of the application provider. The KMA, on request from the card issuer, signs the application provider’s public key and application code has and creates a digital certificate (the Application Load Certificate) that authorizes the application to be loaded to an issuer’s card or group of cards. Applications are therefore protected for integrity and confidentiality and loaded to a card without any party sharing symmetric keys and therefore needing to trust any other party sharing the card platform – including the card issuer. Both the Application Provider and Card Issuer know that only specific, authorized applications from authorized parties can be loaded to any specific card.
Hundreds of millions of MULTOS smart cards have been issued by banks and governments all around the world, for projects ranging from contactless payment, Internet authentication and loyalty, to national identity with digital signature, ePassport with biometrics, health care and military base and network logical access control.