We, the Digital Locksmiths, pride ourselves on offering practical, pragmatic hands-on help with projects. Our ability to take on development work, or assist clients with their own development, is born out of an unrivalled catalogue of practical experience.
e-Passport
The world’s first electronic passport was deployed in Malaysia in 1998. This was the culmination of four years of effort to design, prototype and develop the cards, software and terminals. Whilst the credit for the hardware used in the ground breaking invention lies with the engineers at Iris Corporation in Malaysia, the software and the security architecture was the responsibility of the Digital Locksmiths’ engineers. Working both in the UK and locally in Kuala Lumpur it was possible to develop the devices and integrate the production with the government agencies in an unprecedented short timescale.
Since the ground breaking roll-out of e-Passports in Malaysia the rest of the world has woken up to the potential for this technology to improve travel document security. So much so, that the International Civil Aviation Organisation (ICAO) has incorporated this technology into the standards that define Machine Readable Travel Documents (MRTD, better known as e-Passports!). ICAO Doc 9303 shares remarkable similarities with our original designs.
In the ten years since the successful launch of the e-Passport technology the boffins at Digital Locksmiths have been involved in development of software for new chips designed to improve on the features of the original technology. This has includes migration to the ‘new’ standards for contactless smartcard communications (ISO 14443), and the implementation of the ICAO specification for the passport itself and the terminals that read the documents at immigration checkpoints.
It's safe to say that where e-Passports are concerned we’ve “been there, done that!”
National ID
Following on from the success of the e-Passport deployment, Malaysia set about developing an intelligent smartcard based replacement for their national identity card. This was all part of their farsighted 20-20 vision to develop Malaysia’s economy and bring living standards up to those of their industrialised neighbours in Korea, Hong Kong and Singapore.
Once again the technology underpinning this card was designed and developed by the team that now forms Digital Locksmiths. Initially working with the government agencies to define the requirements and independently surveying the latest technological offerings a solution was defined that became SMOS; a secure card operating system offering the run-time security only available via MULTOS and the code re-use and data sharing only offered by JavaCard. The resulting hybrid enabled Malaysia not only to deploy the first electronic ID but also maintain independence of application between ministries. (This security by segmentation rather than stratification is a principle seemingly lost in the UK government’s thinking on the ID card issue).
This National ID card branded “MyKad” contains five independent applications for Health, Driver’s licence, ID, frequent traveller, and E-cash; and its security has been tested to the highest standards to enable it to run a national e-cash application safely. The guys at Digital Locksmiths are proud to be associated with this government project that took just three years from drawing board to deployment.
This project demonstrates Digital Locksmiths’ way of working at its best.
Intimate involvement with the customer to understand the requirements.
Design and implementation of a technically advanced system.
Demonstrable security combined with relative ease of use.
Fully documented and handed to the client who can independently manage the system with no strings attached. Support is available, seldom required and certainly not an on going expense for the client.
Identity cards have always been something of a controversial topic. In much of the world they are taken for granted and in some countries they exist under other names (just try buying ‘liquor’ in the ‘States without being able to produce your Driver’s Licence!). Here in the UK we are happy to claim they are not needed whist simultaneously trying to prove our identities with faded birth certificates, passports and utility bills salvaged from a waste paper bin.
It remains our belief that smart card technology with suitably defined applications has the potential to help people prove their identity when it is necessary whilst maintaining privacy. When combined with biometrics, card applications can confirm entitlement without disclosing identity.
From experience, the Digital Locksmiths know that well designed intelligent applications can be valuable to everybody, whilst poorly planned alternatives will be dangerous.
MULTOS
MULTOS V3.4 was the first civilian application, worldwide, to archive ITSEC E6 certification. This ultra secure smart card operating system was designed and implemented by a small hand picked team at NatWest bank. It has since gone on to be one of the two major ‘open’ standard operating systems in the world.
Both of Digital Locksmiths’ founders were part of the original development team. Martin Strauch was responsible for MULTOS’s security architecture and a large portion of the documentation required for certification. Sean Kelly designed and implemented the memory management and security features of the card’s cryptographic libraries.
This intimate knowledge of MULTOS enables Digital Locksmiths to offer expert advice on the development of MULTOS card applications and card management.
JavaCard
JavaCard is familiar territory for the Digital Locksmiths, being well versed in all aspects of JavaCard development.
OS development: Over the last five years we have implemented the whole Java Virtual Machine, Run time Environment and Global Platform card manager for various clients and on a wide variety of Silicon Platforms. The experience of implementing
Applet development: Once again our intimate knowledge of card operating systems and silicon chip characteristics means we can offer the highest quality advice regarding applet design, implementation and security management throughout the card’s life cycle. We have implemented EMV payment applications, electronic purses, PKI/digital signature application and the ICAO application. We have also developed a host of bespoke applications ranging from ‘simple’ SAM modules for key management to reconfigurable multi function e-ticket applets for transport schemes.
The apparent simplicity of JavaCard applet development is a double-edged sword. On the one hand it provides rapid development and prototyping; enabling users to test ideas and schemes without the expense and delay of developing masked ROM code for the cards; and a well-designed applet can be a secure applet. On the other hand the deceptive ease of the development cycle enables inexperienced users to develop functional applets that are full of potential security holes. We develop JavaCard applets with security in mind - it is fundamental to everything that we do. By being aware of the potential problems, and having the expertise to build security in from the start, we can develop secure applications without incurring the problems and expense of having to "bolt on" security measures as an afterthought.
At Digital Locksmiths, we are also happy to provide design and review consultancy to developers and warn them of the potential security pitfalls before they releasing security code into the hands of potential hackers. No matter how small the application, if it’s worth the expense of putting it onto smartcards then it is worth the extra effort to make sure it lives up to your expectations.
Card production: An important task in a card’s early life cycle, either on the production line or during personalisation, is to load applets and data into the cards. Typically on a production line this means as quickly as possible, whereas after delivery this means as securely as possible. Digital Locksmiths’ experience in implementing and using the Global Platform specification with its associated cryptographic protocols is available to clients. We can simplify the learning curve for new entrants to the field, review procedures against best practice and implement utilities to simplify management procedures.
If your project uses JavaCard then Digital Locksmiths has experience and skills that will simplify your task and give you confidence that you understand the risks in the system.
EMV
The Digital Locksmiths have wide experience of the development and certification of a variety of EMV solutions, both for JavaCard and MULTOS platforms and for bespoke operating systems. These products correspond to the latest specifications and include the world’s first dual mask implementation (MasterCard and Visa) that is fully compliant with the EMV Card Personalization Specifications.
We have developed all "flavours" of EMV application, from basic entry-level implementaitons through to full implementations incorporating dynamic data authentication. Our bespoke products support data sharing, defined at applicaiton installation, and can be configured to be either MasterCard or Visa variants.
From entry level payment applications to multi-application DDA solutions, the Digital Locksmiths can meet your EMV requirements.
ITSO
The Digital Locksmiths have been at the forefront of the UK’s ITSO contactless ticketing initiative, playing an active role since 2002, in particular participating in the ITSO Technical Committee (ITC) and the ITSO Security Group (ISG). Smart Card Solutions has also been an active member of the ITSO integration forum (I2F) since its first meeting and has participated in several technology demonstration events. Our experience and advice is frequently sought by other I2F members.
We have extensive knowledge of the implementation and certification aspects of ITSO's technical specifications having developed several products (cards, POST, and POST/HOPS combination) for ITSO certification. The Digital Locksmiths continue to develop ITSO certified components - BabyBlue is our latest offering, a fully compliant ITSO POST sub-assembly, providing support for the full range of ITSO Customer Media and Product Entities.
The Digital Locksmiths have unrivalled experience working at all levels of smartcard initiatives: from government schemes to small scale local authority pilots. We can provide assistance with all aspects of setting up and running a smartcard transport scheme - from highly technical implementation details to giving independent, pragmatic approaches to the problems and opportunities inherent in large scale smartcard programmes. In particular, we can provide a unique capability combining our expert smartcard experience together with our in-depth, practical knowledge of ITSO gained from actually implementing the specification.
We provide technical support and consultancy for all aspects of scheme implementation. An example of this is our involvement with the consortium that won the Yorcard ITSO pilot scheme - we provided support throught the bid phase, developed specifications for the project's ITSO POST, were instrumental in the definition of the scheme products and continue to provide expert technical support as required.
We're working to take the hassle out of ITSO.
e-Purse
The Digital Locksmiths were responsible for the development of a CEPS compatible e-Purse for the JavaCard JCOP30 platform, with bespoke extensions to support payments to be made via a pocket held in the MiFareTM space on the card. This application provides the basis for a secure, globally interoperable electronic purse programme.
We have also been responsible for the design and development of a variety of bespoke payment applications, ranging from JavaCard based e-purses to the specification of MiFare sectors to be used as storage for value. These applications provide cost-effective, entry-level solutions to a variety of payment requirements – most often for Local Authorities wanting to migrate existing services to smart card based schemes. These bespoke applications can provide a flexible approach to meeting e-purse requirements and often provide better value for money than complex e-purse implementations (which often offer unwanted, sophisticated functionality), without compromising on security.
We understand the security architectures that are fundamental to purse schemes - the implementation of the purse itself is just the tip of the iceberg.
Terminal Software and Support Systems
The Digital Locksmiths have extensive experience of developing terminal software, personalization systems and support tools.
Terminals - payment, ticketing and passport terminals, together with the development of terminal Security Access Modules (SAMs) required to secure transactions.
Personalization systems - support for a variety of security architectures for the initialization and personalization of smartcards, together with application-specific tools (for example for the creation of ITSO ticketing applications n contactless media).
- Application Support Tools - we have provided a range of development tools including assemblers, debuggers, emulators, scripting engines and application loaders.
We apply the same level of quality and commitment to security to these applications as we do to our smartcard products.
