( 741 KB )
You do not have the required access level. To download this file, see below for more information.
M CNA Member
If you are not currently a member, click here for information on fees and to Apply to join.
This document aims at positioning the Calypso HCE application in a more general environment, the Calypso HCE Ecosystem, and at giving best practices for an efficient and secure implementation.
In a first section, the present document describes a Calypso HCE Ecosystem, specifies its perimeters and sub-systems. The specification deals with roles when these guidelines define actors who may play several roles.
For each sub-system and its interfaces, the objective is to find the appropriate level of Calypso specifications or recommendations, when they are necessary or useful.
The cryptographic exchanges of each main functions provide an illustration of the security mechanisms specified in the Calypso HCE specifications.
A dedicated section lists the minimum-security requirements for the implementation of a Calypso HCE application and presents the security certification of a Calypso HCE application recommended by CNA
Public documents : There is no constraint on the document diffusion. Reproduction is authorised and diffusion by e-mail is possible. It is not necessary to login to download public documentation.
Restricted documents : Diffusion is restricted to the designated persons. The information contained in these documents is not public and must be kept confidential. The original recipient is fully responsible for its re-transmission, which may only concern people involved in the project, on a need-to-know basis. You must login to download restricted classified documents (e.g. Card Specifications). Access can be requested by completing the application form for registration.
Confidential documents : Diffusion of the document is strictly restricted to the individually authorised persons. The original recipient is fully responsible for its re-transmission, which may only concern people involved in the project, on a need-to-know basis. These persons must not reproduce or transmit the document again without prior authorisation from the original recipient. It must be stored in a secure place, or encrypted (for electronic documents whose access is not secure). It can only be exchanged in a sealed envelope, or in encrypted form (if electronic version). Therefore, it is stored encrypted on the Calypso File Repository. Access can be requested by completing the application form for registration and completing the subsequent NDA.