When it is not possible to implement a secure Calypso applet into a SE (Sim card or eSE), CNA has defined an HCE-based solution for Android mobile phones. This solution is based on two documents: the Calypso HCE application specifications and the Calypso HCE Guidelines.
Many Calypso networks aim at providing to their customer a ticketing solution for Android mobile phones, while preserving as much as possible compatibility with their installed AFC system, in particular with the validators.
CNA provides a solution with an acceptable level of security compatible with the Calypso brand which ensures that the security of the existing system is not jeopardized.
Specification of a Calypso HCE application
CNA published the revision 1.3 of the specification of a Calypso HCE application using a Public Key Infrastructure (PKI) that guaranties the security of the exchanges between the mobile phone and the central system, to load initial data or to load rights (such as transportation rights).
> By delivering HCE Authorization Modules (HAM) with certificates to HCE application providers and service providers, CNA is acting as the Certification Authority in this PKI.
For security reasons, transactions using the personalization key or the load key are not possible through the NFC interface, and must be done with a secure connection to a server.
Only the Calypso debit key is stored in the HCE application for validation on entrance and control during travel, coupled with a mechanism of renewal of the Calypso Serial Number (CSN) to mitigate the risk of fraud : a part of the CSN contains date and time of validity of the debit key which shall be checked by the terminals.
Calypso HCE Guidelines
Unlike a secure element built to protect data for a long period, a mobile device can only ensure their protection for a very limited period of time depending on the security techniques adopted to delay the attacks on the software and the countermeasures implemented to detect a fraud at the level of the central system, based on a constant back-end monitoring. These techniques are the mandatory supplement to the specification and are in the scope of the Calypso HCE Guidelines, revision 1.0.
They rely on the recommendations of a security study ordered by AFIMB, The French agency for multimodal information and smart-ticketing, realized by an independent expert from the “Mines Telecom Paris Institute”. Get More details
Combined with the requirements of the specification, the main features which may imply an evolution of the terminals are the following:
· Support of a rev 3.1 Calypso application
· Support of TDES keys
· Check of a specific range of CSN dedicated to HCE application.
· Check of the debit key validity date (the Guidelines enforce a minimum frequency of the CSN renewal)
· Check of the mandatory contracts signature
Both documents define a coherent and secure way to implement HCE in a Calypso environment and are mandatory to use the Calypso brand and keys.
They are available on the Calypso technical support website.
Please note that you must be registered to access this technical documentation and that the Calypso HCE Guidelines are restricted to CNA members.