Calypso for terminals supports security and interoperability
Calypso for terminals supports the security and interoperability of contactless ticketing systems.
Any terminal using Calypso for the secure exchange of data with a smart card (or any other portable object such as a smartphone or wearable NFC) must align to Calypso’s open standards to ensure they receive the full benefit of Calypso’s security, interoperability and the long term flexibility of using an open standard framework.
The Calypso software used for terminals is in compliance with all standards applicable to ticketing transactions (ISO/IEC 14443 and CEN/TS 16794 radio frequency standards, ISO/IEC 7816 1 to 4 card structure and file management, EN 1545 for data description in the transport field).
The Calypso software layer supports the data exchange mechanisms between the terminal and the smart card, and ensures their security (including mutual authentication and data integrity) by linking the customer smart card to a tamper-proof secure component located in the terminal, known as the SAM. The SAM can also be remote on a server.
The terminal’s application software layer is interfaced with the Calypso layer and manages the ticketing transaction in real time by analysing the data received, processing it (e.g. checking the validity of a ticket) and modifying it. It then deduces the actions to be taken (e.g. giving an opening order to an entrance gate), and ensures the exchange of information with the central systems.
How to implement Calypso in a ticketing terminal?
To implement Calypso in a ticketing terminal, users may refer to the Calypso specifications on the calypsostandard.net website. This information contains the interface specifications for the SAM, which can be accessed subject to the signing of a non-disclosure agreement (NDA), alongside guidance on the complete development of the different software layers.
In order to facilitate development, CNA provides developers with three documents that define the requirements to ensure optimum operational performance, interoperability, modularity and conformance:
- The Reader Layer Requirements which help to manage all types of cards and SAMs by a smartcard reader, at the lower level of the transaction
- The Calypso Layer Requirements which help to specifically manage Calypso cards and SAMs in strict compliance with Calypso specifications
- The Ticketing Layer Requirements, which outline requirements on the use of the Calypso high-level API and best practices to follow in a Calypso ticketing system.
Users can also implement Calypso in a ticketing terminal by using the Eclipse KeypleTM SDK, developed in open-source mode by CNA, and available to any ticketing application developer. The use of Keyple guarantees compliance with the Calypso specifications and the various requirements, without having to develop, or even master, the Calypso mechanisms for secure data exchange between card and terminal, and SAM management.
Keyple SDK is free, easy-to-use and flexible, enabling the community to build to the Calypso ticketing standard with no vendor lock-in.
Therefore, through Keyple SDK, developers can create applications that seamlessly connect with Calypso cards. By using the Ticketing Layer Requirements document, developers can ensure they conform strictly to all Calypso features and optimise their ticketing application.
What is Eclipse Keyple technically?
Eclipse Keyple is a set of open source software components:
- Plugins for interfacing with an infinite number of smartcard readers
- Keyple Core, for universal management of cards and SAM, even if they are not Calypso
- Keyple Calypso, which performs high-level Calypso processing of the Calypso card and SAM
To know more, visit Keyple.org
How can you access Keyple?
Keyple is hosted by the Eclipse Foundation, a global developer community of individuals and organisations with a mature, scalable environment for open source software collaboration and innovation.
Visit Keyple.org to learn more, review the latest updates, read the documentation and download the Keyple components.
- The vendor:
- Requests the documents from CNA
- Reads the detailed description of the process (210603-GU-CalypsoLayerEval-Process)
- Completes the registration form (210607-FT-CalypsoLayerEval-Registration)
- E-mails it with the order for the administrative fee (the amount and e-mail address are indicated in the process description 210603-GU-CalypsoLayerEval-Process)
- CNA sends an Information Conformance Statement (ICS) form to the vendor (ICS example:210601-FT-CalypsoLayerEval-ICS)
- The vendor fills the ICS form and sends it back to CNA
- CNA’s Evaluation Committee:
- Analyses the vendor’s ICS
- Proposes to CNA the registration of the terminal.
This ensures that the vendor is aware of the requirements and that he commits himself to taking them into account.
Note: Calypso terminals should also apply the Reader Layer requirements and the Ticketing Layer requirements.
To find out more about the SAM
The Calypso Secure Application Module (SAM) is present in every Calypso terminal or system. The SAM is a smartcard which ensures the secure authentication of data between a transport/mobility authorities’ ticketing reader and a traveller’s media, which could be a plastic card, phone or watch.
If you want to access the Calypso SAM specifications, a NDA is needed. Please get in touch with the CNA team for details.