MULTOS Implementations
“ W H A T D O Y O U N E E D T O D O
M U L T O S O R M U L T O S S
MULTOS is the high-security multi-application Operating
System defined, specified, implemented and promoted
by the members of The MULTOS Consortium. The OS
specification is openly licensed by MAOSCO Limited, the
consortium company. It has been implemented on a
variety of RSA-capable secure microcontroller platforms
by multiple Licensees and many different products are
available.
MULTOS step/one is a specification, based on
MULTOS, for a multi-application Operating System
designed for lower-cost, non-RSA capable secure
microcontrollers primarily aimed at EMV migration
programmes.
This flyer explains what you need to do in order to
implement either MULTOS or MULTOS step/one yourself
rather than use an existing implementation.
1. Obtain a Licence
A MULTOS license allows the licensee to implement and
deploy both MULTOS and MULTOS step/one. The initial
fee for the licence is $50,000 with a recurring annual fee
of $35,000. Additionally, there is a per-device royalty fee
of $0.03 for the first 15 million MULTOS devices shipped.
All additional MULTOS devices are royalty free. There are
no per-device royalties payable for MULTOS step/one
devices however, there is a per-device fee payable to
StepNexus Services, the provider of key management
services. Please contact StepNexus for further
information.
2. Select your silicon platform
All hardware platforms must meet the requirements
specified in the MULTOS Hardware Evaluation
Requirements. In practice, this means that selected
devices must demonstrate resistance to the very latest,
state-of-the-art silicon platform attack mechanisms. As
this is a complex and ever-changing subject, the use of
devices that have achieved a high security assurance
certification in a recognised evaluation scheme should be
considered. (For example, Common Criteria EAL4+.)
3. Develop your Implementation.
What components comprise a MULTOS or MULTOS
step/one implementation?
MULTOS Virtual Machine (the “AAM”). This is the on-card
component that provides a safe, secure environment for
© 2006 MAOSCO Limited.
MULTOS is a trademark of MAOSCO Limited.
T O I M P L E M E N T
T E P / O N E? ”
MULTOS Applications to execute. The AAM implements a
simple stack-based processing engine with 31 instructions
(bytecodes) and 7 virtual registers to provide access to
EEPROM memory, private RAM memory and public RAM
memory. Each Application’s memory space must be
“firewalled” by MULTOS. This is achieved by implementing
dynamic bytecode and address verification at execution
time. Further details may be found in the MULTOS
Developer’s Guide (MDG) and MULTOS Developer’s
Reference Manual (MDRM) on the MULTOS website.
MULTOS Primitive functions. These provide MULTOS
Applications access to more complex functions than are
provided by the AAM instructions, for example memory
copy operations or access to cryptographic functions. There
are 44 mandatory primitives and 24 optional primitives
defined in MULTOS 4.2. Which optional primitives are
implemented depends very much upon the target market’s
requirements. A full list of primitives is in the MDRM. In
MULTOS step/one ALL primitives are optional.
MULTOS Enablement and Application Load/Delete
mechanism. MULTOS devices are Enabled (initialised) and
Applications are loaded using 10 APDU commands. These
process according to the logic defined in the MULTOS High
Level Design specification. These functions include
validation of data and RSA signatures, memory allocation,
loading and decrypting application code and data into
memory spaces. Details of the load/delete mechanism may
be found in the Guide to Loading and Deleting Applications
(GLDA). MULTOS step/one has similar logic defined in the
MULTOS step/one Card Specification.
Nine additional APDU commands that provide information
about the MULTOS device and its configuration. All
supported APDUs are listed in the MDRM.
ISO7816 Contact interface and ISO14443 Contactless
interface protocols and ISO7816-4 and EMV 2000
command dispatching and Application selection logic.
The exact configuration and functionality of each
MULTOS implementation depends upon the
requirements of the target market and proprietary
functions may be added. However, the MULTOS
Specification encompasses most market requirements.
MULTOS and MULTOS step/one implementations should
be developed in accordance to the most rigorous security
standards and procedures in order to achieve a high
security assurance certification. MAOSCO has a flexible
security assurance requirement to ensure that products
achieve a high level of assurance but without mandating
a particular level within a particular scheme. MULTOS
step/one products must typically attain customer-led
assurance requirements. MAOSCO requires “Security
assurance“ to be built into all MULTOS implementations.
4. Achieve MULTOS Type Approval
All MULTOS or MULTOS step/one Implementations must
pass MULTOS Type Approval. This process ensures
implementations have been developed to the high security
assurance standards required, that products are built in
 MULTOS Implementations
accordance with the specification and that they achieve may be developed to meet an implementers existing
functional interoperability with other MULTOS security systems infrastructure requirements or processes.
implementations. MULTOS implementations must also A MULTOS KMA plays no role in the security of a MULTOS
undergo a security evaluation and certification process.. step/one device, however StepNexus Services can also
This process is defined by MAOSCO. MULTOS step/one provide the required key management processes for a
implementations may use other security assurance schemes MULTOS step/one implementer.
and assurance levels. The requirements for these are
typically defined by the target market or customer. For
example the Compliance, Assurance and Security Testing 6. Mask, manufacture and distribute “Live” devices
certification awarded by MasterCard or Technology Level 3
Type Approval awarded by VISA.
For each “family” of MULTOS implementation, unique keys
MULTOS Type Approval comprises Hardware Evaluation, API
are generated by the MULTOS KMA. These keys are
Interoperability Testing and Security Evaluation and
integrated into the ROM mask of the “Live” mask devices at
Certification.
the manufacturing plant.
API Interoperability testing is performed to prove
It is usual to incorporate the MULTOS bytecode of popular
compliance with the specification. Implementations are
applications into the ROM of a “Live” mask (these are
tested before production “pre-mask testing” and using
known as Codelets), in order to reduce the EEPROM
actual test-mask devices “post-mask testing”. “Pre-mask
memory requirements for these applications. For example,
testing” is achieved using emulations of the target
M/Chip 4 or MODS may be obtained from MasterCard.
hardware platform. “Post mask testing” is achieved using
This usually requires a licence from the application
“Test” MULTOS devices containing standard (and publicly
developer.
available) cryptographic key values. These “Test” mask
An implementer or silicon manufacturer is responsible for
devices are typically used for Type Approval and for
the marketing, sales and distribution of their MULTOS or
Application Development.
MULTOS step/one implementation. However, MAOSCO
MULTOS implementations are typically provisionally Type
maintains marketing and promotion of the MULTOS brands.
Approved and deployed prior to the completion of the
MAOSCO maintains the MULTOS website that includes
certification process. MAOSCO uses external evaluation
details of all Type Approved MULTOS implementations.
agents and testing facilities that have experience with
MULTOS in order to assess a product for Type Approval.

7. Enable “Live” production of Enablement Data

5. Integrate a MULTOS Key Management Authority
Once Type Approval is awarded, the MULTOS
or MULTOS step/one security process with your
Implementation may be activated on a MULTOS KMA and
silicon production process. “Live” Enablement Data may be created by the KMA on
behalf of Issuers. MULTOS KMA operators typically charge
For MULTOS, the security of each and every MULTOS device fees on a per device Enabled basis.offer Enablement services
is controlled by a MULTOS Key Management Authority
(KMA). A MULTOS KMA (for example, StepNexus Services
for MULTOS) creates the keys that are integrated into the
ROM mask of a MULTOS device and the unique transport The MULTOS Consortium would like to explore with you
keys that are injected into the EEPROM of the MULTOS the benefits of licensing the specification and developing
device during post-manufacturing quality assurance and a MULTOS or MULTOS step/one implementation. You
testing. may review and evaluate the MULTOS specifications
The MULTOS Security processes require the creation and under non-disclosure conditions. We will also be happy
secure transport of key materials from the KMA to the to further discuss the procedure for development, type
manufacturing plant. A (need to define acronym on first approval and integration of your future product..
usage) MISA smart card, created by the KMA, is responsible
for generating the unique identity and transport key for
each MULTOS device and must be integrated into the
systems at the manufacturing plant. Thus, every MULTOS For further details about MULTOS, MULTOS step/one or
device that leaves the manufacturing plant is a secured The MULTOS Consortium please visit:
device that can only be enabled by the KMA.
There are multiple KMAs deployed and operational for www.multos.com
different markets or different environments where key or email:
sovereignty and control is important. An implementer must
deploy the MULTOS security processes and MISAs of each
KMA for which they produce devices. info@multos.com
For MULTOS step/one, a different security process exists
where the implementer or the silicon manufacturer is
responsible for creation of the transport keys that secure Note 1: Licensing and royalty information is correct at time of
each MULTOS step/one device. These processes are defined publication (November 2006) but may be subject to future changes.
in the MULTOS step/one Card Specification, but the method
and implementation (including the security and evaluation
of implementation) is left for the implementer to define,
deploy and distribute to end-user Issuers. These processes

© 2006 MAOSCO Limited.

MULTOS is a trademark of MAOSCO Limited.