What is the most popular Smart Card OS / development stack?

No specific Bitcoin Bounty has been announced by author. Still, anyone could send Bitcoin Tips to those who provide a good answer.

What is the most popular Smart Card OS / development stack?

We are looking into selecting a Smart Card platform for our custom application security project development. Just to be clear, we are looking into more advanced cards, i.e. Dynamic Application Card OS'es, and not Fixed File Structure Cards. It looks like 2 of the most popular Dynamic Application Card OS'es are:

  • JavaCard

Which one of these is more popular? Has better development tools? Supports majority of Card Readers? Has contact-less cards implementations on the market? Has better support from the Open Source community? Please advice! Thanks!

1 Answer

Internet users could send Bitcoin Tips to you if they like your answer!

JavaCard is by far more popular, mostly because GSM SIM cards are based on JavaCard. At the same time, you need to pick Smart Card that better fits your specific project requirements, not by OS popularity. Here are some differences between MULTOS and JavaCard:

Quick Summary

  • MULTOS is considered "more secure", and some government projects like ePassport have choosen MULTOS cards
  • JavaCard is many times more popular in terms of numbers of cards in existence (billions), largely because GSM SIM cards are JavaCards
  • JavaCards are usually much cheaper to acquire, and there are larger variety of vendors
  • JavaCards allow using free open source tools to develop and load applications on card. Usually the only thing you need to pay for is Card Reader unit and Cards themselves
  • Different Banks / EMV implementations use both MULTOS cards and JavaCards

Security Architecture

  • native in MULTOS, for Javacard it is provided by GlobalPlatform
  • uses asymmetric keys for MULTOS vs symmetric for Javacard / GlobalPlatform (??? is this true ???)
  • uses a firewall to separate applications on card vs. off-card verification methods for Javacard
  • applications / data loaded onto cards via secure packets for MULTOS vs a secure channel for Javacard / GlobalPlatform

Programming Languages

  • Javacard - Java
  • MULTOS - native assembly (MEL), C (most popular choice), and Java (mostly for porting code from JavaCard)

Interoperability Testing

  • MULTOS has a mandatory approval process – provides confidence in the security and interoperability of MULTOS implementations.
  • Testing is performed by independent 3rd party labs. This means that applications can be deployed on MULTOS platforms from multiple suppliers.

Generic Loading of Applications

  • Once you have a script for loading applications to MULTOS, it does not need to be changed for each implementation or application.

Application Personalisation

  • In MULTOS, Application personalization is usually done off-line in advance. In JavaCard, it is done at perso time on the perso machine.

Additional Background Information

  • JavaCard was a natural progression from the growing use of the Java programming language in the 1990s while MULTOS was developed as an operating system for an electronic purse system and so the emphasis was always focused on high security to ensure fraudulent financial transactions could not occur. Also, JavaCard had received backing from Visa while MULTOS was endorsed by MasterCard.




Too many commands? Learning new syntax?

FavScripts.com is a free tool to save your favorite scripts and commands, then quickly find and copy-paste your commands with just few clicks.

Boost your productivity with FavScripts.com!

Post Answer