The security architecture is made up of all the technical mechanisms ensuring that the transport titles (contracts, tickets) used by the clients have been correctly paid for to the transit operators. Calypso has defined risk analysis and security recommendations for a teleticketing system, based on the following principles:
At validation time, the authenticity of the transport title presented by the client must be ensured.
All the sales equipment must be under control so that the creation of an authentic transport title in a card without payment must be prevented. Means of fraud detection must be set up to correct any possible fraud
Calypso specifies precise and highly secure mechanisms between the cards and the terminals, using the best available security mechanisms (DES, DESX and Triple-DES algorithms, diversified keys, separate keys for separate functions, systematic use of secure modules, etc.).
Upon this complete and stable platform, it is possible to base secure global system architecture. This is the objective of the Calypso Security Architecture, which defines technical mechanisms (definition of keys, secure modules, etc.), organizational rules (responsibilities, handling procedures for components, etc.) and central system functions (fraud detection, SAM manufacturing, etc.).
These recommendations aim to make Calypso the most secure ticketing system in existence, while maintaining its high ease of use.
The Calypso Secure Transaction is achieved thanks to the card application and the corresponding security mechanisms allowing the card and the terminal to communicate.
The card commands and security mechanisms are the orders of secured reading and writing of data on the card realized during a transaction.
In the CALYPSO contactless transaction, the principles retained are those of the session and the ratification. The algorithms used are DES types (DESX, triple DES) and AES. If the algorithm used is standard and if the classification of security levels is standardized, there is no “de jure” standard of card commands. CALYPSO constitutes an open “de facto” standard in this domain.
The definition of card commands and associated security mechanisms therefore ensures that reader and card are capable of exchanging data, but without understanding the meaning.
The purpose of the secure transaction is to ensure that the card, the terminal and the data are authentic.
When using a Calypso smartcard, the users may wish:
- To ensure that the card data is authentic. It must not be possible for a defrauder to forge the data, or to modify it in the card.
- To ensure the integrity of the data written in the card, even if the card power supply is unexpectedly shut down during a single write operation, or during the synchronous update of related files in the card (for example, recording a new event in the card may be linked with a counter decrement).