24 November 2009

HSM Calypso PCI-S3

The Calypso HSM secures card internet vending transactions for transport ticketing. It is the effective solution to the new security challenges raised by the selling of public transport contracts through the Internet or remotely to NFC phones.

Paris, 24 November 2009 - Spirtech, an independent engineering and design company, expert in the field of smart cards, teleticketing and cryptography, announces today a solution to the central management of the Calypso transactions.

The Calypso HSM meets the needs of modern public transports. Because they serve an larger number of passengers, transit operators have to face an increased number remote transactions, classic (between an internet server and vending machine or internet customers) and also due to new nomad objects such as NFC phones. These new trends lead to new security challenges.

When a traveler wishes to load a new season ticket or a simple transport ticket in a contactless portable object – cards, phones, etc., this authorization to modify the data in a Calypso portable object is protected by a Secure Application Module (SAM) which is normally present in every terminal issuing transport contracts. This SAM contains the cryptographic keys of the transit network necessary for the vending operations to prevent any frauds. A SAM can only manage one operation at a time, whereas a server needs to manage many simultaneous transactions (for example at peak periods such as beginning and ending of season ticket periods). The central management of numerous remote transactions would suppose as many SAM as there are simultaneous transactions.

Spirtech designed the solution to this problem and proposes the Calypso HSM PCI-S3 and SAM-S20. Compatible with the Calypso SAM-S1 from Spirtech, the Calypso HSM can manage up to 10.000 simultaneous transactions (sales, personalization or key loading for cards and tickets). It may be installed in a PCI slot of the Internet server PC processing the remote transactions. This technology eases the physical installation and can manage several independent applications (for example different transport networks).

Francois GRIEU, CTO of Spirtech, explained that "the importance of the technical and security issues required developing a powerful, easy to use and standard system able to store and use the cryptographic keys in a central server".

Several international transport operators have already acquired and deployed the Calypso HSM developed by Spirtech. Users of the Calypso technology wish to improve the services to their customers and allow them, for example, to securely load their season tickets from home.

Spirtech has chosen the Calypso technology to develop its first version of the Calypso HSM. Calypso is the teleticketing standard created by the transport operators and promoted by industrialists. The Calypso HSM includes the Calypso license and can therefore be used with any terminal, even if not licensed by Calypso. The integration of a Calypso HSM in a teleticketing system is therefore very easy.

Frederic LEVY, CEO of Spirtech, said: "Complementing the SAM-S1, the Calypso HSM is an important innovation to secure and manage numerous simultaneous transactions. We are glad to contribute once more to simplifying the daily life of the passengers of public transport networks".

About the Calypso HSM PCI-S3

The software library of the HSM Calypso PCI-S3 offers the following functions:

  • Opening of a channel (equivalent to reserving a SAM-S1).
  • Exchanging commands (using the SAM-S1 APDU format).
  • Closing the channel (freeing the reserved SAM-S1).
  • Management of independent key groups.
  • Key management (transfer, deletion, invalidation).
  • Startup secured with a smartcard.

HSM Calypso PCI-S3 Configuration:

  • PCI-S3: HSM card in PCI format (or PCI Express), evaluated FIPS 140-2 Level 3, to be installed in a PC compatible.
  • Lib-S3: Software offering the access functions to the PCI-S3 (available under Linux and Windows).
  • A PCI-S3 replaces from 100 to 10,000 SAM-S1, according to the configuration chosen.

Publication: Press / HSM Calypso PCI-S3 ↗