We, the Digital Locksmiths, pride ourselves on offering practical, pragmatic hands-on help with projects. Our ability to take on development work or assist clients with their own development is born out of an unrivalled catalogue of practical experience.
e-Passport
The world’s first electronic passport was deployed in Malaysia in 1998. This was the culmination of four years of effort to design, prototype and develop the cards, software and terminals. Whilst the credit for the hardware used in the ground breaking invention lies with the engineers at Iris Corporation in Malaysia, the software and the security architecture was the responsibility of the Digital Locksmiths’ engineers. Working both in the UK and locally in Kuala Lumpur it was possible to develop the devices and integrate the production with the government agencies in an unprecedented short timescale.
Since the ground breaking roll-out of e-Passports in Malaysia the rest of the world has woken up to the potential for this technology to improve travel document security. So much so, that the International Civil Aviation Organisation (ICAO) has incorporated this technology into the standards that define Machine Readable Travel Documents (MRTD, better known as e-Passports!). ICAO Doc 9303 shares remarkable similarities with our original designs.
In the ten years since the successful launch of the e-Passport technology the boffins at Digital Locksmiths have been involved in development of software for new chips designed to improve on the features of the original technology. This has includes migration to the ‘new’ standards for contactless smartcard communications (ISO 14443), Implementation of the ICAO flavours of the passport chip’s operating system and terminal code for reading the documents at immigration checkpoints.
Its safe to say where e-Passports are concerned we’ve “been there, done that!”
National ID
Following on from the success of the e-Passport deployment Malaysia set about developing an intelligent smartcard based replacement for their national identity card. This was all part of their farsighted 20-20 vision to develop Malaysia’s economy and bring living standards up to those of their industrialised neighbours in Korea, Hong Kong and Singapore.
Once again the technology underpinning this card was designed and developed by the team that now forms Digital Locksmiths. Initially working with the government agencies to define the requirements and independently surveying the latest technological offerings a solution was defined that became SMOS; a secure card operating system offering the run-time security only available via MULTOS and the code re-use and data sharing only offered by JavaCard. The resulting Hybrid enabled Malaysia not only to deploy the first electronic ID but also maintain independence of application between ministries. (This security by segmentation rather than stratification is a principle seemingly lost in the UK government’s thinking on the ID card issue).
This National ID card branded “MyKad” contains five independent applications for Health, Driver’s licence, ID, frequent traveller, and E-cash; and its security has been tested to the highest standards to enable it to run a national e-cash application safely. The guys at Digital Locksmiths are proud to be associated with this government project that took just three years from drawing board to deployment.
This project demonstrates Digital Locksmiths’ way of working at its best.
Intimate involvement with the customer to understand the requirements.
• Design and implementation of a technically advanced system
• Demonstrable security combined with relative ease of use.
• Fully documented and handed to the client who can independently manage the system with no strings attached. Support is available, seldom required and certainly not an on going expense for the client.
Identity cards have always been something of a controversial topic. In much of the world they are taken for granted and in some countries they exist under other names (just try buying ‘liquor’ in the ‘States without being able to produce your Driver’s Licence!). Here in the UK we are happy to claim they are not needed whist simultaneously trying to prove our identities with faded birth certificates, passports and utility bills salvaged from a waste paper bin.
It remains our belief that smart card technology with suitably defined applications has the potential to help people prove their identity when it is necessary whilst maintaining privacy. When combined with biometrics, card applications can confirm entitlement without disclosing identity.
This is exciting technology: well designed intelligent applications can be valuable to everybody, whilst poorly planned alternatives will be dangerous.
MULTOS
MULTOS V3.4 was the first civilian application, worldwide, to archive ITSEC E6 certification. This ultra secure smart card operating system was designed and implemented by a small hand picked team at NatWest bank. It has since gone on to be one of the two major ‘open’ standard operating systems in the world.
Both of Digital Locksmiths’ founders were part of the original development team. Martin Strauch was responsible for MULTOS’s security architecture and a large portion of the documentation required for certification. Sean Kelly designed and implemented the memory management and security features of the card’s cryptographic libraries.
This intimate knowledge of MULTOS enables Digital Locksmiths to offer expert advice on development of card applications and card management.
JavaCard
JavaCard is familiar territory for the Digital Locksmiths, being well versed in all aspects of JavaCard development.
OS development: Over the last five years we have implemented the whole Java Virtual Machine, Run time Environment and Global Platform card manager for various clients and on a wide variety of Silicon Platforms. Normally JavaCard OS projects carry a high cost of entry due to the Sun licence fees. We can offer this service through a manufacturing partner in Hong-Kong who is appropriately licensed and capable of managing the manufacturing stages from wafer through to printed plastic cards.
Applet development: Once again our intimate knowledge of card operating systems and silicon chip characteristics means we can offer the highest quality advice regarding applet design, implementation and security management throughout the card’s life cycle. For clients of previous employers we have implemented EMV Credit card applications, CEPS electronic purses, as well as a whole host of bespoke applications ranging from ‘simple’ SAM modules for key management to reconfigurable multi function e-ticket applets for transport schemes.
The apparent simplicity of JavaCard applet development is a double-edged sword. On the one hand it provides rapid development and prototyping; enabling users to test ideas and schemes without the expense and delay of developing masked ROM code for the cards; and, a well-designed applet can be a secure applet. On the other hand the deceptive ease of the development cycle enables inexperienced users develop functional applets that are full of potential security holes. At Digital Locksmiths we are happy to provide design and review consultancy to developers and warn them of the potential security pitfalls before they releasing security code into the hands of potential hackers. No matter how small the application, if it’s worth the expense of putting it onto smartcards then it is worth the extra effort to make sure it lives up to your expectations.
Card production: An important task in a card’s early life cycle, either on the production line or during personalisation, is to load applets and data into the cards. Typically on a production line this means as quickly as possible, whereas after delivery this means as securely as possible. Digital Locksmiths’ experience in implementing and using Global Platform card manager and its associated cryptographic protocols is available to clients. We can simplify the learning curve for new entrants to the field, review procedures against best practice and even implement utilities to simplify management procedures.
If your project uses JavaCard then Digital Locksmiths has experience and skills that will simplify your task and give you confidence that you understand the risks in the system.
EMV
The Digital Locksmiths have wide experience of the development and certification of a variety of EMV solutions, both for the JavaCard platform and for bespoke operating systems. These products correspond to the latest specifications and include the world’s first dual mask implementation (MasterCard and Visa) that is fully compliant with the EMV Card Personalization Specification.
e-Purse
The Digital Locksmiths were responsible for the development of a CEPS compatible e-Purse for the JavaCard JCOP30 platform, with bespoke extensions to support payments to be made via a pocket held in the MiFareTM space on the card. This application provides the basis for a secure, globally interoperable electronic purse programme.
We have also been responsible for the design and development of a variety of bespoke payment applications, ranging from JavaCard based e-purses to the specification of MiFare sectors to be used as storage for value. These applications provide cost-effective, entry-level solutions to a variety of payment requirements – most often for Local Authorities wanting to migrate existing services to smart card based schemes. Our payment solutions have been used for a variety of purposes, from car parks to school dinners.
These bespoke applications can provide a flexible approach to meeting e-purse requirements and often provide better value for money than complex e-purse implementations (which often offer unwanted, sophisticated functionality), without compromising on security.
ITSO
The Digital Locksmiths have been at the forefront of the UK’s ITSO contactless ticketing initiative, playing an active role since 2002, in particular participating in the ITSO Technical Committee (ITC) and the ITSO Security Group (ISG). Smart Card Solutions has also been an active member of the ITSO integration forum (I2F) since its first meeting and has participated in several technology demonstration events. Our experience and advice is frequently sought by other I2F members.
We have extensive knowledge of the implementation and certification aspects of ITSO's technical specifications having developed several products (cards, POST, and POST/HOPS combination) for ITSO certification:
• Customer Media 2 (generic micro-processor card) – FVC2 for the JCOP30 platform (the first product to achieve an ITSO certificate, C-00001) and FVC2 for the JCOP31 platform (C-00034);
• The certified personalisation POST (C-00005 / Burall Infosmart);
• Customer Media 3 (CMD3 – MiFare Standard 4K) - certificate C-00015 / Burall Infosmart;
• Universal FVC2 Applet. This applet was commissioned by ITSO as the reference implementation of FVC2. The applet is to be used as the standard implementation of FVC2 to ensure the interoperability of all POSTs with FVC2 media and the correct behaviour of POSTs when encountering any variety of FVC2 application. The Universal FVC2 applet comes with a configuration tool that allows it to be set up in any of the FVC2 configurations allowed by the ITSO Specification.
The Digital Locksmiths continue to develop ITSO certified components. We also provide technical support and consultancy for all aspects of scheme implementation, a role that we are currently playing for the consortium that won the Yorcard ITSO pilot scheme.
