ITSO

Log in

Membership Services

The following services are available to ITSO Members:

ITSO Operating License

Any ITSO member who chooses to provide specific functions within the ITSO environment has to sign the ITSO Operating License. Members who have signed an Operating Licence are known as ITSO Licenced Operators. Only ITSO Members may have an Operating Licence and such licences are only valid whilst their ITSO Membership remains in place.

There are a number of functional roles that a member may chose to perform within the ITSO environment. These are:

• Application Issuing (Shell Owner)
• Product Ownership (Product Owner)
• Service Operating (Service Operator)
• Collection and Forwarding (Message Routing)
• Retailing (Shell and/or Product Retailing)

To preserve the integrity of the ITSO environment, all Licensed Operators are protected in that anyone who chooses to provide these specific functions (or any combination of these) must abide by the general terms of the operating regulations and specific functional regulations that comprise the Operating Licence. Below are examples of general rules and regulations that must be adhered to by all Licenced Operators:

1. Equipment that can only be operate within the ITSO environment
2. The use of the ITSO Security Management Service (ISMS).
3. Handling of data, including data protection and transactions with other Licensed Operators.
4. Handling of keys and associated security.
5. Audit Provisions
6. Payments for Registrations and Services

For further information, please refer to the Operating Licence agreement .

The charges for an Operating Licence are a fixed initial and annual renewal charge based upon the role(s) undertaken and a variable annual charge based upon usage, more details are included in Schedule Two and Cost Calculator could be found on the Pricing page .
 

Back to the top

ISMS: ITSO Security Management Service

ITSO has developed a Security Sub System for use by Licenced Operators that ensures security can be managed consistently to the satisfaction of all Licenced Operators regardless of role.

ITSO security is an end-to-end architecture which embraces all elements of the ITSO environment including the Customer Media, Point of Service Terminals (POSTs) and Host Operator Processing System (HOPS). The heart of the Security Sub System are the secret cryptographic keys that are created and are required by all elements of the ITSO environment to provide security and trust for all users. These cryptographic keys are generated within the ISMS and are made securely available to all users requiring them. Each user requires an Asset Management Service (AMS) function of a HOPS to communicate to the ISMS and all POSTs and HOPS will contain an ITSO Secure Application Module (ISAM) that securely hold the cryptographic keys.

ITSO operates and runs the ISMS. This system provides key management facilities in a secure data centre, managing the lifecycle of the ITSO Keys ensuring the ISAMs are configured securely with these keys and managing the lifecycle of the ISAM from ordering to placing in service and out of service.

The charges for the ISMS are fixed initial charges for the AMS set-up, ISAM connections and Frame Downloads plus annual charges for the AMS renewal and ISAM connections. For details please refer to Shedule Three and Cost Calculator on the Pricing page .

Back to the top

ITSO Secure Application Module Supply

ITSO Secure Application ModuleThe ITSO Secure Application Module (ISAM) is constructed from a programmable smart card chip with extended memory and is supplied as a card of the same size as a conventional bank card but with a removable section having the same form factor as SIM for a mobile phone. The ISAM implements the secure part of the ITSO application, is fundamental to the operation of the ITSO environment and is mandated for every Point Of Service Terminal and Host Operator Processing System (back office) within the ITSO environment.

The ISAM provides a number of key elements:

  • Operation of all levels of key management / usage thereby allowing different operators to have their products work with the ISAM and provide interoperability;
  • Certification and validation of card data and transaction data in turn ensuring correct information is relayed to service operators for subsequent settlement;
  • End to end loss less transactions;
  • 4 Mega Bytes of secure data storage (primarily transaction data) providing ample scope for collecting transactions even in the busiest locations.

The ISAM has achieved certification to the security assurance Common Criteria Evaluation standard EAL4+. Read more about  ITSO SAM Common Criteria certification.

Required quantities of ISAMs can be purchased directly from ITSO by ITSO Licensed Operators, ITSO Members or Registered Suppliers. ITSO endeavours to always keep stock of ISAMs, however the manufacturing lead time for these can be very long (9 -12 months), therefore it is advisable that you notify ITSO as soon as you can of your likely requirements so that we can make provision to have stock to fulfil your needs.

The charges for ISAMs are based upon the quantity ordered, more details of the pricing is available from the Schedule Four on Pricing page.

To order ISAM, Form 5B must be completed. This is available from the Members Procedures page within the Members Section of the website.

Back to the top

subscribe to our newsletter

© ITSO 2010. Registered in England and Wales No. 4115311 | Sitemap | Recent site updates | Contact Us | ITSO Intranet

Site Build by Wizzy Design | Based on a design by GreyMatter | Powered by Apex CMS | subscribe to our feed