Application Software

Secure Multi-Applications Code

M-Code symbol

The Secure Multi-Applications Code (SMAC) is based on the widely-used QR Code standard. However, unlike typical QR Code that sends the Viewer to a website only, the SMAC identifies the person or entity that it is attached to. Furthermore, depending on who is inspecting the SMAC, the Viewer will be connected to various online resources and services according to permissions determined by the SMAC owner, issuer, service provider and/or other stakeholders.

Behind the SMAC is the SMAC-Platform, a web-based system that elevates SMAC’s capability to that of a Trusted Digital ID.

Primary features
Credential Verifiable Credential
SMAC gives the individual a means to verify his/her identity through a digital token that is secured by biometrics, PKI and blockchain.
 
privacyPrivacy
On its own, the SMAC does not hold any personal information. Instead, data is stored encrypted on the SMAC Platform and by the service provider (check-and-balance).
 
RestrictedRules-based Access
Information is categorised and permissions to access each category are defined individually, e.g. by requestor’s identity, date/time and location.
 
analyticsAnalytics
Times and locations of the SMAC being scanned are recorded and can be displayed in real time to analyse responses and prevent misuse.
 

Depending on the Viewer’s access rights or privileges, he/she will be redirected to specific experiences, ranging from being able to view the SMAC User profile, including biodata and photograph; browsing an insurance provider webpage that displays the User’s health insurance for hospital check-in; downloading academic qualifications as signed PDFs; and so forth.

Web systems already utilising QR Codes or other barcodes can easily be augmented with our solution to achieve greater functionality.

SMAC ID Enrolment Process

SMAC Mobile App

Private Blockchain

The distributed ledger is a private blockchain based on the Proof of Authority algorithm, custom-designed by the solution provider. Proof of Authority (PoA) is a reputation-based consensus algorithm that introduces a practical and efficient solution for blockchain networks (especially the private ones). It is more efficient than the algorithms used by cryptocurrencies because it is able to perform many more transactions per second.

e-Passport

MCS had developed versions of the e-passport on-chip application and inspection system software module before the International Civil Aviation Organisation (ICAO) standardised the e-Passport specifications in 2006.  We continued our development to this date based on ICAO requirements, and partnered with a terminal manufacturer to create an e-passport system.

ICAO Applet

The MCS ICAO Applet, an up-to-date implementation of the e-passport, was available on JavaCard and SMOS platforms.  Since 2004, our e-passport prototypes have been submitted to the LDS, BAC, EAC and now SAC interoperability test sessions organised by ICAO and other parties.  They have been validated by third-party test tools as compliant to ICAO Application Layers 6 and 7 test cases.

ICAO SOD Codec

On the host end, we developed the SOD Codec which generates and decodes the e-passport Document Security Object (SOD) - its digital signature.  It takes as input the data groups and outputs the digital signature, and in reverse, verifies the digital signature itself and the data groups against the digital signature.  This software library employed cryptographic hash, encoding/decoding, encryption/decryption and signing/verification functions, such as SHA, TDES, RSA and PKCS.  It was implemented in J2SE for Java platform and supports Microsoft platform via Java Native Interface (JNI).

Card Management System

In 2001, after the successful launches of our card operating systems, MCS undertook the development a card lifecycle management system named IdenSafe.  It was a web-based server application that was built on ASP technology meant for national identification projects.  IdenSafe managed card inventory, generated the personalisation scripts, kept track of card issuance and handled card deactivation and termination.  Hardware interfaces for card reader-terminal, biometric scanner and personalisation interfaces were implemented.  In addition, a Key Management System (KMS) was developed to handle the key generation, derivation and distribution, and digital signature generation and verification, with the support of hardware security module (HSM).

Open System

A card management system will be required to serve and safeguard an open card system like the one supporting our next-generation COS, that manages card inventory and distribution, generates the personalisation scripts, keeps track of the health and status of cards in circulation, and handles de/reactivation and termination.  User interface will take place over the internet, whereas urgent alerts and announcements may be delivered via email and phone messages.

The card management system will coordinate the actions of the stakeholders:

  • Cardholders
  • Service providers, e.g. government, bank, transport authority, retailer
  • Card issuer

Its operation shall meet industry security levels, including ISO/IEC 27001 information security management system (ISMS), Payment Card Industry Data Security Standard (PCI-DSS), privacy and data protection laws and national Trustmark.

Card application provisioning and personalisation

Expanding on the next-generation COS project, we see card owners/holders sourcing their applications from the internet and installing them on-the-fly.  The authenticity of the applications can be verified through PKI technology.  Subsequently, the installed application may be activated and personalised by the relevant application provider.  For example, the cardholder signs up for an ATM card with a bank, downloads and installs the ATM application into the card, and finally have it activated and personalised by the bank, where the entire procedure is performed over the network.  Subsequently, the card may be used at all ATMs like a regular, single-purpose ATM card.

The above card application provisioning and personalisation system should be a familiar concept - think Google Play Store for card applications.  Application providers will comprise conventional smart card vendors, retail businesses, financial institutions, governmental agencies, hobbyists and other groups who wish to serve the greater public.  Downloads may take place through the existing infrastructure, i.e. payment terminals, ATMs, NFC-enabled mobile devices, public kiosks and home PCs with smart card readers.

Mobile environment

The mobile device has become an important computing and communication tool that is gradually gaining traction in the data security space, what with the implementation of secure elements and near-field communication interface.  We envision the mobile device playing an important role in facilitating the use of our next-generation smart cards through connecting smart cards to the internet via its built-in NFC interface.  Furthermore, security standards and application specifications developed to accommodate the secure element (SE) can be applied to our new smart cards.

Brochure

 TitleSize
Secure Multi-Applications Code412.07 KB