In order to ensure more and more the openness of the Calypso Standard,  CNA has just published a new specification about Security Architecture and Key Ceremony.


This document defines the rules ensuring interoperability and interchangeability of key management systems designed by providers of Calypso secret keys:

- The owner of the keys (e.g. public transport authority) has full control over its keys, always being able to entrust them to any third party of its choice by itself, for any evolution of its system;

- The owner of the keys may freely and securely have secure application modules (SAM) manufactured with its keys by the provider of its choice.

In addition to these rules, those specifications also contains recommendations for the design of a Calypso Key Ceremony with suitable balance among security and constraints. This new specification will allows transport networks to freely choose different providers of its personalized SAMs and Key Ceremony at any time.


Published the 5th March 2018


Since 2014, CNA has been delivering 18 certificates to Calypso portable objects for their compliance with the Calypso Rev 3.1 specifications.


These certificates guarantee that these Portable Objects will have a same functional behavior with a terminal which integrates a Calypso application. In 2017, CNA launched the Calypso Light Application for Portable Objects (CLAP), a middle end product with streamlined features, and rolled out a dedicated certification process.


For Portable Objects, by combining  a Calypso certification at the functional level and a CEN/TS 16794 certification for the contactless interface, operators benefit from an end-to-end certification which enables to set-up mind free operational schemes of interoperability.


Published the 27th February 2018


Calypso REV3.1 Applet Version 1.3 has been released on October 2017.

Since then,  latest reference packages 1.3.3 have been issue in February 2018 to  improve platform interoperability.

The functional compliance with Calypso REV3.1 has already been evaluated for several Java Card platforms (different eSE from Gemalto, Idemia & NXP

This new version has been validated by the AFSCM security evaluation in February 2018.


Published the 27th February 2018