( 473 KB )
You do not have the required access level. To download this file, see below for more information.
This document specifies the Calypso Security Architecture and Key Ceremony.
It defines the rules ensuring interoperability and interchangeability of key management systems designed by providers of secret keys:
- the owner of the keys (e.g. public transport authority) has full control over its keys, always being able to entrust them to any third party of its choice by itself, for any evolution of its system;
- the owner of the keys may freely and securely have secure application modules (SAM) manufactured with its keys by the provider of its choice.
In addition to these rules, the present document also contains recommendations for the design of a Calypso Key Ceremony with suitable balance among security and constraints.
Benefits & Services:
Public documents : There is no constraint on the document diffusion. Reproduction is authorised and diffusion by e-mail is possible. It is not necessary to login to download public documentation.
Restricted documents : Diffusion is restricted to the designated persons. The information contained in these documents is not public and must be kept confidential. The original recipient is fully responsible for its re-transmission, which may only concern people involved in the project, on a need-to-know basis. You must login to download restricted classified documents (e.g. Card Specifications). Access can be requested by completing the application form for registration.
Confidential documents : Diffusion of the document is strictly restricted to the individually authorised persons. The original recipient is fully responsible for its re-transmission, which may only concern people involved in the project, on a need-to-know basis. These persons must not reproduce or transmit the document again without prior authorisation from the original recipient. It must be stored in a secure place, or encrypted (for electronic documents whose access is not secure). It can only be exchanged in a sealed envelope, or in encrypted form (if electronic version). Therefore, it is stored encrypted on the Calypso File Repository. Access can be requested by completing the application form for registration and completing the subsequent NDA.