Professional Documents
Culture Documents
06 11 24 MULTOS Implementations
06 11 24 MULTOS Implementations
“ W H A T D O Y O U N E E D T O D O T O I M P L E M E N T
M U L T O S O R M U L T O S S T E P / O N E? ”
MULTOS is the high-security multi-application Operating MULTOS Applications to execute. The AAM implements a
System defined, specified, implemented and promoted simple stack-based processing engine with 31 instructions
by the members of The MULTOS Consortium. The OS (bytecodes) and 7 virtual registers to provide access to
EEPROM memory, private RAM memory and public RAM
specification is openly licensed by MAOSCO Limited, the
memory. Each Application’s memory space must be
consortium company. It has been implemented on a “firewalled” by MULTOS. This is achieved by implementing
variety of RSA-capable secure microcontroller platforms dynamic bytecode and address verification at execution
by multiple Licensees and many different products are time. Further details may be found in the MULTOS
available. Developer’s Guide (MDG) and MULTOS Developer’s
Reference Manual (MDRM) on the MULTOS website.
MULTOS Primitive functions. These provide MULTOS
Applications access to more complex functions than are
provided by the AAM instructions, for example memory
copy operations or access to cryptographic functions. There
are 44 mandatory primitives and 24 optional primitives
defined in MULTOS 4.2. Which optional primitives are
MULTOS step/one is a specification, based on implemented depends very much upon the target market’s
MULTOS, for a multi-application Operating System requirements. A full list of primitives is in the MDRM. In
designed for lower-cost, non-RSA capable secure MULTOS step/one ALL primitives are optional.
microcontrollers primarily aimed at EMV migration MULTOS Enablement and Application Load/Delete
programmes. mechanism. MULTOS devices are Enabled (initialised) and
Applications are loaded using 10 APDU commands. These
process according to the logic defined in the MULTOS High
This flyer explains what you need to do in order to
Level Design specification. These functions include
implement either MULTOS or MULTOS step/one yourself validation of data and RSA signatures, memory allocation,
rather than use an existing implementation. loading and decrypting application code and data into
memory spaces. Details of the load/delete mechanism may
1. Obtain a Licence be found in the Guide to Loading and Deleting Applications
(GLDA). MULTOS step/one has similar logic defined in the
A MULTOS license allows the licensee to implement and MULTOS step/one Card Specification.
deploy both MULTOS and MULTOS step/one. The initial Nine additional APDU commands that provide information
fee for the licence is $50,000 with a recurring annual fee about the MULTOS device and its configuration. All
supported APDUs are listed in the MDRM.
of $35,000. Additionally, there is a per-device royalty fee
ISO7816 Contact interface and ISO14443 Contactless
of $0.03 for the first 15 million MULTOS devices shipped. interface protocols and ISO7816-4 and EMV 2000
All additional MULTOS devices are royalty free. There are command dispatching and Application selection logic.
no per-device royalties payable for MULTOS step/one
devices however, there is a per-device fee payable to The exact configuration and functionality of each
StepNexus Services, the provider of key management MULTOS implementation depends upon the
services. Please contact StepNexus for further requirements of the target market and proprietary
information. functions may be added. However, the MULTOS
Specification encompasses most market requirements.
2. Select your silicon platform
All hardware platforms must meet the requirements MULTOS and MULTOS step/one implementations should
specified in the MULTOS Hardware Evaluation be developed in accordance to the most rigorous security
Requirements. In practice, this means that selected standards and procedures in order to achieve a high
devices must demonstrate resistance to the very latest, security assurance certification. MAOSCO has a flexible
state-of-the-art silicon platform attack mechanisms. As security assurance requirement to ensure that products
this is a complex and ever-changing subject, the use of achieve a high level of assurance but without mandating
devices that have achieved a high security assurance a particular level within a particular scheme. MULTOS
certification in a recognised evaluation scheme should be step/one products must typically attain customer-led
considered. (For example, Common Criteria EAL4+.) assurance requirements. MAOSCO requires “Security
assurance“ to be built into all MULTOS implementations.