ITSO Operating Licence
Any ITSO member who chooses to provide specific functions within the ITSO environment has to sign the ITSO Operating Licence. Only ITSO Members may have an Operating Licence and such licences are only valid whilst their ITSO Membership remains in place.
There are a number of functional roles that a member may choose to perform within the ITSO environment. These are:
• Application Issuing (Shell Owner)
• Product Ownership (Product Owner)
• Service Operating (Service Operator)
• Collection and Forwarding (Message Routing)
• Retailing (Shell and/or Product Retailing)
To preserve the integrity of the ITSO environment, all Licensed Members are protected in that anyone who chooses to provide these specific functions (or any combination of these) must abide by the general terms of the operating regulations and specific functional regulations that comprise the Operating Licence. Below are examples of general rules and regulations that must be adhered to by all Licensed Members:
1. Equipment that can be operated within the ITSO environment.
2. The use of the ITSO Security Management Service (ISMS).
3. Handling of data, including data protection and transactions with other Licensed Members.
4. Handling of security keys and associated security.
5. Audit Provisions.
6. Payments for Registrations and Services.
For further information, please refer to Become an ITSO Licensed Member section
ISMS: ITSO Security Management Service
ITSO has developed a Security Sub System for use by Licensed Members that ensures security can be managed consistently to the satisfaction of all Licensed Members regardless of their role.
ITSO security is an end-to-end architecture which embraces all elements of the ITSO environment including the Customer Media, Point of Service Terminals (POSTs) and Host Operator Processing System (HOPS). The heart of the Security Sub System are the secret cryptographic keys that are created and are required by all elements of the ITSO environment to provide security and trust for all users. These cryptographic keys are generated within the ISMS and are made securely available to all users requiring them. Each user requires an Asset Management Service (AMS) function of a HOPS to communicate to the ISMS and all POSTs and HOPS will contain an ITSO Secure Application Module (ISAM) that securely holds the cryptographic keys.
ITSO operates and runs the ISMS. This system provides key management facilities in a secure data centre, managing the lifecycle of the ITSO Keys ensuring the ISAMs are configured securely with these keys and managing the lifecycle of the ISAM from ordering to placing in service and out of service.
The charges for the ISMS are fixed initial charges for the AMS set-up, ISAM connections and Frame Downloads plus annual charges for the AMS renewal and ISAM connections. For details please refer to Schedule Three and Cost Calculator on the Pricing page .
ITSO Secure Application Module Supply
The ITSO Secure Application Module (ISAM) is constructed from a programmable smart card chip with extended memory and is supplied as a card of the same size as a conventional bank card but with a removable section having the same form factor as SIM for a mobile phone. The ISAM implements the secure part of the ITSO application, is fundamental to the operation of the ITSO environment and is mandated for every Point Of Service Terminal and Host Operator Processing System (back office) within the ITSO environment.
The ISAM provides a number of key elements:
- Operation of all levels of key management / usage thereby allowing different operators to have their products work with the ISAM and provide interoperability;
- Certification and validation of card data and transaction data in turn ensuring correct information is relayed to service operators for subsequent settlement;
- End to end loss less transactions;
- 4 Mega Bytes of secure data storage (primarily transaction data) providing ample scope for collecting transactions even in the busiest locations.
The ISAM has achieved certification to the security assurance Common Criteria Evaluation standard EAL4+. Read more about ITSO SAM Common Criteria certification.
The charges for ISAMs are based upon the quantity ordered, more details of the pricing is available from the Schedule Four on Pricing page. To order ISAMs, Form 5B available from the Members Procedures page must be completed.
For further enquiries regarding the supply of ISAMS please e-mail administrator@itso.org.uk .
ISAM Lead Times
Required quantities of ISAMs can be purchased directly from ITSO by ITSO Members, ITSO Licensed Members or Registered Suppliers. ITSO endeavours to always keep stock of ISAMs, however the manufacturing lead time for these can be very long (9 -12 months), therefore it is advisable that you notify ITSO as soon as you can of your likely requirements so that we can make provision to have stock to fulfil your needs.
