Products & Solutions : Calypso SAM

Calypso SAM

Overall Presentation

1. Why?

The portable objects used for contactless teleticketing applications are secured : their authentication and the modification of their content require the use of secret keys.

These keys allow the terminals (sales, validation, control) to authenticate the data of a portable object presented (identifiers, season tickets, book of tickets, etc.) to protect the system against the use of unauthorized objects. Only the equipments possessing the keys may modify the content of the portable object (adding a contract, modifying the user data, etc.).

To remain secret, these keys are securely stored into the smartcards and the secure application modules (SAM ). These SAM are the equivalent of safe boxes for the data and keys, controlling the access and usage of the key that they contain.

2. Solutions

SAM-S1: a multi-platform ticketing secure application module

Spirtech has designed and markets the Calypso secure module SAM S1, that can manage any Calypso compliant portable object (Rev 3 or 2, CD21, CDS3, CD97BX, CD Light, Tango FC, TimeCOS, GTML...) and tickets (CTS, CTM, SRT512, SRIX, etc.). It secures the transactions made between the contactless portable object and the system by verifying the authenticity of the data exchanged.

Present in all the ticketing system to ensure its security

The central system keeps track of the transactions, provides statistics and checks the system security and integrity. It may use a SAM to assess the authenticity of the transaction certificates.
The vending equipment loads contracts (one-way tickets, season tickets, etc.) into the cards. It uses a SAM to secure this transaction, sign the data exchanged and certificate the information sent to the central system.
The validator allows entrance in the transit network (and optionally the exit). It uses a SAM to secure the transactions between the validators and the cards, to sign the data sent to the cards and tickets and the information transferred to the central system.
Other types of terminals, such as hand-held control terminals, personalization machines, card manufacturing equipment, etc., may also use a SAM, configured in accordance to the operations that the terminal is authorized for.

Implemented in most Calypso ticketing systems

The SAM S1 secure modules are used in all the terminals (turnstiles, vending machines, etc.) of public transport operators using Calypso all over the world, for example the Paris area and many French regions and cities, Algiers, Brussels and all Belgium transport operators, Bologna, Milan, Capri, Jerusalem, Porto, Madeira, Pereira, Montreal, Mexico, Rabat, Riga, Tel-Aviv, Torino, Venice, etc.

3. Advantages

Improvement of the teleticketing transactions security with the Triple-DES and DESX cryptography.

Performance and security for faster teleticketing transactions.

Compliant with all Calypso cards and portable objects.

Technical Specifications

Physical Characteristics

Security

Compatibility

Additional Features

Credit card size (ID-1)
Removable mini-SIM format (ID-0)
Extended voltage range: 1.62 to 5.5 volts.
Temperatures: Storage -65°C to +60°C; Working -25°C to +60°C

Triple-DES
DESX (and DES)
Variable signature size
Up to 126 word keys

Standards :

Calypso
ISO 7816-3
ISO 7816-4
ISO 9797 MAC

Communication :

ISO/IEC 7816 T=0 & PPS
HSP Protocol
Protocol selection automatic or fixed

27 event counters, and associated ceilings.
Any work key may be disabled.
DESFire compatibility (option)
Possibility to verify on a central system the transaction reported by terminals.
Secure SAM blacklist management.

Calypso SAM S1