Multi-application Operating System

Description

MULTOS (Multi-application Operating System) is a high-security smart card operating system referenced in 3GPP specifications for use in telecommunications, particularly in SIM cards and secure elements. It is designed as a multi-application platform, allowing multiple independent applications to coexist on a single smart card chip while maintaining strong security boundaries. The architecture of MULTOS is based on a layered model, including a hardware abstraction layer, kernel, and application layer. The kernel provides core services such as memory management, cryptographic functions, and application lifecycle management. Each application runs in its own isolated environment, preventing unauthorized access or interference between applications, which is critical for protecting sensitive data like authentication keys and user credentials.

How MULTOS works involves a rigorous certification and loading process. Applications must be digitally signed by a trusted certificate authority before they can be installed on the card. The operating system verifies these signatures during installation, ensuring only authorized code runs. MULTOS supports dynamic application management, meaning applications can be added, updated, or deleted post-issuance without compromising the security of other applications or the OS itself. Key components include the MULTOS Execution Environment (MEXE), which handles application execution, and the Security Domain Manager, which enforces access control policies. Cryptographic capabilities are built-in, supporting algorithms like AES, RSA, and ECC for encryption, decryption, and digital signatures.

In the context of 3GPP networks, MULTOS is specified for UICC (Universal Integrated Circuit Card) and eSIM (embedded SIM) implementations. It plays a vital role in securing subscriber identity, enabling features like over-the-air (OTA) provisioning and multi-operator support. The operating system's tamper-resistant design protects against physical and logical attacks, making it suitable for IoT devices, mobile payments, and identity management. By providing a standardized, secure platform, MULTOS ensures interoperability across different card manufacturers and network operators, fostering trust in mobile and IoT ecosystems.

Purpose & Motivation

MULTOS was introduced in 3GPP Release 12 to address the need for a secure, multi-application smart card OS in evolving telecommunications environments. Prior to its adoption, smart card operating systems were often proprietary or limited to single applications, which hindered flexibility and security for new services like mobile banking, IoT authentication, and multi-operator SIMs. The growth of connected devices and digital services demanded a platform that could securely host multiple applications on a single chip, reducing costs and complexity while enhancing security.

The creation of MULTOS was motivated by the limitations of previous smart card OSs, which lacked robust application isolation and dynamic management capabilities. Historical approaches risked security breaches if applications interfered with each other or if unauthorized code was loaded. MULTOS solves these problems by providing a certified, standardized environment with strong cryptographic foundations and tamper resistance. It enables network operators and service providers to deploy new applications over-the-air, supporting innovation in mobile services and IoT without physical card replacement. This addresses the need for scalable, future-proof security in an increasingly connected world.

Key Features

• Multi-application support with strong isolation between applications
• Dynamic application management (post-issuance loading, updating, deletion)
• Tamper-resistant hardware and software design
• Built-in cryptographic functions (e.g., AES, RSA, ECC)
• Certification and digital signature verification for application security
• Standardized in 3GPP for UICC and eSIM implementations

Evolution Across Releases

Defining Specifications