SLCOS Smart Card OS
Smart card operating system is the principle component in the security chain; it protects the personal identity and provides the required security services to the citizens. It also allows third-party vendors to build embedded applications without affecting the security.
What is a smart card operating system?
A smart card, typically a type of chip card, is a plastic card that contains an embedded computer chip that stores and transacts data, it’s similar to a smartphone or a computer, it has a processor, memory and I/O interfaces. It is called “smart” for the same reason a phone is called “smart” - its functionality is not defined at build time, but rather it can be extended by installing different applications.
The card operating system is the software which programmed to the smart card microprocessor. It is responsible for managing communication protocols, storage, security services, and applications.
About SLCOS
SLCOS, SoftLock Card Operating System, is a smart card operating system developed by Softlock. SLCOS has been designed to provide distinct security levels and data protection that cannot be deciphered easily by unauthorized people.
Softlock has been significantly praised for the flexibility of SLCOS.
Softlock believes that software continuous development is the key to provide innovative solutions. The first version of SLCOS has been released in 2018 and Softlock still eager to make new release in quarter or bi-quarter base depending on product road map.
Integration with Fingerprint Sensors
Bio PKI Smart card
In 2019, Softlock succeeded to integrate a fingerprint sensor from Nextbiometrics with SLCOS card operating system with a certified Common Criteria PKI applet to be the first company world-wide which provide a new Bio PKI smart card. Biometric Smart Cards are used to add more authentication factors to provide the most secure / multi-factor authentication smart cards. Softlock is now working on the integeration of SLCOS with other fingerprint sensor providers as Fingerprints and IDEX.
SLCOS Operating System Characteristics
-
Support Global Platform version 2.2.1 with Amendment D, E, and ID Configuration.
-
Support T0/T1 contact communication protocol based on ISO/IEC 7816
-
Support contactless communication protocol based on ISO/IEC 14443
-
Security module is CC certified with EAL 6+ high (Infineon) / EAL 5+ (NXP)
-
Security module support RSA 4096, EC 348, DES, 3DES, AES 256, SHA 1, SHA 2 up to 512, DSA, ECC up to 521.
-
Support hardware TRNG and software PRNG according to NIST 800-90A
-
Support 144KB EEPROM for applications
-
Support Multiple Applications
SLCOS Features:
Unique Features
-
Manages the smart chip hardware and perform chip initialization and configuration while start-up.
-
Manages single or multiple applications. Application management includes, secure download, loading, installation, selection, communication and deletion.
-
Optionally allows multiple vendors per card using multiple security domains.
-
Optionally allows On-card Bytecode Verification in order to defend against malicious or buggy applets not to reveal or steal sensitive data of other applets.
-
Secure application execution in multi-applications environment using firewalls.
-
Executes high level applications through internal virtual machine.
-
Provides software level implementation for cryptographic operations like RSA, ECC, DSA, DES, 3DES, AES, SHA, PRNG and DH.
-
Provides software level implementation of communication protocols like T0, T1, TCL type A.
-
Provides system level interface for different hardware modules like communication, security, storage, memory, transaction, timers and random number generator.
-
Configuration APDUs which allow application developers to configure, enable or disable many options related to the card.
Flexible Communication
The system supports:
-
The basic communication protocol, ISO 7816 T0, and alternative communication protocols, namely, ISO 7816 T1 and ISO 14443 Type A&B Contactless.
-
USB (Universal Serial Bus) interface
-
Extended APDUs.
-
Secure messaging Via Global Platform Security Protocols (SCP02 & SCP03)
Multiple Delivery Types
-
Wafer Swan
-
Contact Card
-
Contactless Card
-
Dual (contact and contactless) Card
-
USB Stick
-
Dual (USB and contactless) Card
Support for privacy protocols
-
BAC (Basic Access Control)
-
EAC (Extended Access Control)
-
BAP (Basic Access Protection)
-
EAP (Extended Access Protection)
-
PACE (Password Authenticated
-
Connection Establishment)
-
CVM (PIN & PUK) user authentication
-
Card-to-Card Authentication
Why should a country have its OWN OS
-
National Security: gaining independence of system control and optimization of database usage to provide a robust and secure services for citizens.
-
Global Competition: by having a standardized and certified National Operating System.
Objectives
Applications
|
Personal Identification
|
National ID, Driving License and Employee Cards. It holds personal information and allows other security services like authentication, digital signing and data encryption
|
|
Telecommunication
|
Required for all phone systems under the Global System for Mobile Communication (GSM) standard
|
|
Electronic Commerce
|
Digital wallet. The applications are numerous, such as transportation, parking, laundry, gaming, retail, and entertainment
|
|
Securing Digital Content
|
Secure the access to digital contents and perform data encryption or signing of very sensitive data
|
|
Healthcare Informatics
|
Identify patients, facilitate the insurance systems, and carry patient status and sensitive data
|
|
Embedded Device Control
|
Authenticate users who are responsible to operate equipment like medical systems, machines, vehicles and so on
|
|
Enterprise and Network Security
|
Deploy smart cards as a replacement for user name and passwords
|
|
Physical Access
|
Granted access to certain data, equipment, and departments according to their status. Multifunction, microprocessor-based smart cards incorporate identity with access privileges
|