153:
provider. The KMA, on request from the card issuer, signs the application provider's public key and application code has and creates a digital certificate (the
Application Load Certificate) that authorises the application to be loaded to an issuer's card or group of cards. Applications are therefore protected for integrity and confidentiality and loaded to a card without any party sharing symmetric keys and therefore needing to trust any other party sharing the card platform – including the card issuer. Both the Application Provider and Card Issuer know that only specific, authorised applications from authorised parties can be loaded to any specific card.
25:
152:
Application providers can retrieve and verify the public key certificate of an individual issuer's card, and encrypt their proprietary application code and confidential personalisation data using that card's unique public key. This payload is digitally signed using the private key of the application
231:
Each application resides with a rigorously enforced application memory space, which consists of the application code and data segments. This means that an application has full access rights to its own code and data, but can not directly access that of another application. If an application attempts
203:
The run-time environment operates within the application space. This consists of code space and data space. The code, developed in the C language and compiled into MULTOS bytecodes is interpreted every time it is executed. The virtual machine performs code validity and memory access checks during
140:
One of the key differences of MULTOS compared to other types of smart card OS, is that it implements a patented public key cryptography-based mechanism by which the manufacture, issuance and dynamic updates of MULTOS smartcards in the field is entirely under an issuer's control using digital
132:
matching for secure ID and ePassport. MULTOS is an open standard whose development is overseen by the MULTOS Consortium – a body composed of companies which have an interest in the development of the OS and includes smart card and
137:, payment card schemes, chip data preparation, card management and personalization system providers, and smart card solution providers. There are more than 30 companies involved in the consortium.
149:
information required to bind the card to the issuer, initialize the card for use, and generate permission certificates for the loading and deleting of applications under the control of the issuer.
204:
execution of the code. The data space is divided into static and dynamic portions. Static memory is persistent and transaction protection ensures the integrity of application's stored data.
261:
240:
A MULTOS card permits the loading and deleting of applications at any point in the card's active life cycle. A load can take place once the application and its corresponding
244:
are transmitted to the chip. A delete is permitted if a certificate that corresponds to a loaded application is transmitted to the chip.
265:
156:
Hundreds of millions of MULTOS smart cards have been issued by banks and governments all around the world, for projects ranging from
128:
operating system, that enables a smart card to carry a variety of applications, from chip and pin application for payment to on-card
108:
46:
89:
61:
35:
68:
42:
241:
75:
219:, which makes use of this dynamic memory to pass parameters and perform calculations. In addition, the
311:
157:
57:
208:
161:
141:
certificates rather than symmetric key sharing. This control is enabled through the use of a
212:
185:
177:
215:(LIFO) stack as this makes using the various functions much easier. A MULTOS chip is a
305:
279:
262:"Multos International - Announcements - MULTOS celebrates 500 million issued devices"
216:
145:(KMA), a special kind of certification authority. The KMA provides card issuers with
134:
82:
220:
146:
24:
232:
to access an area outside its space, it results in an abnormal end to process
165:
129:
125:
176:
A MULTOS implementation provides an operating system upon which resides a
160:, Internet authentication and loyalty, to national identity with
18:
168:, health care and military base and network access control.
296:
280:"Smart Cards: State-of-the-Art to Future Directions"
49:. Unsourced material may be challenged and removed.
223:buffer resides in another dynamic memory segment.
16:Multi-application smart card operating system
8:
109:Learn how and when to remove this message
253:
7:
47:adding citations to reliable sources
14:
264:. 26 January 2014. Archived from
194:Application loading and deleting.
236:Application loading and deleting
180:. The virtual machine provides:
23:
34:needs additional citations for
1:
328:
297:Further MULTOS Information
143:Key Management Authority
124:is a multi-application
207:The key component of
135:silicon manufacturers
199:Run-time environment
186:run-time environment
43:improve this article
158:contactless payment
213:last in, first out
191:Memory management.
172:Technical overview
227:Memory management
164:, ePassport with
162:digital signature
119:
118:
111:
93:
319:
284:
283:
276:
270:
269:
258:
114:
107:
103:
100:
94:
92:
51:
27:
19:
327:
326:
322:
321:
320:
318:
317:
316:
302:
301:
293:
288:
287:
278:
277:
273:
260:
259:
255:
250:
238:
229:
201:
178:virtual machine
174:
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
325:
323:
315:
314:
304:
303:
300:
299:
292:
291:External links
289:
286:
285:
271:
268:on 2014-01-26.
252:
251:
249:
246:
237:
234:
228:
225:
209:dynamic memory
200:
197:
196:
195:
192:
189:
173:
170:
117:
116:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
324:
313:
310:
309:
307:
298:
295:
294:
290:
281:
275:
272:
267:
263:
257:
254:
247:
245:
243:
235:
233:
226:
224:
222:
218:
217:stack machine
214:
210:
205:
198:
193:
190:
187:
183:
182:
181:
179:
171:
169:
167:
163:
159:
154:
150:
148:
147:cryptographic
144:
138:
136:
131:
127:
123:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
274:
266:the original
256:
239:
230:
221:Input/output
206:
202:
184:Application
175:
155:
151:
142:
139:
121:
120:
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
312:Smart cards
242:certificate
248:References
166:biometrics
126:smart card
69:newspapers
130:biometric
99:July 2023
306:Category
58:"MULTOS"
211:is the
83:scholar
122:MULTOS
85:
78:
71:
64:
56:
90:JSTOR
76:books
62:news
45:by
308::
282:.
188:.
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.