With over 25 years of experience in the smartcard application field, the experts of Spirtech provide counseling and technical support for smartcard based systems (embedded systems, network, security architecture management, risk management). Spirtech also develops products using these technologies.
Smartcard software development requires highly specific skills due to the strong constraints mandated by the security and reliability of these products, and by the low computation power and low memory size of the components. These constraints are even heightened in contactless smartcards and portable objects. Spirtech designs software (masks) optimized for these products, which may be optimized for the simplest components, while ensuring the level of security corresponding to the applications targeted.
Spirtech engineers have been involved from the early stages in various applications implementing smartcards. They actively participated in the normalization of contactless technologies such as ISO 14443 and their applications to public transport teleticketing (Calypso, EN 1545, IOPTA).
As the main technical resource of the Calypso users group, Calypso Networks Association, Spirtech designs and updates the specifications of the Calypso standard, in coordination with users (transport networks) and suppliers (manufacturers). Spirtech supplies training sessions and also manages the Calypso Technical Support website: www.calypsotechnology.net
Spirtech is also the supplier of the Calypso secure application modules (SAM-S1, SAM-S20, HSM) and organizes key creation ceremonies for transit networks. Spirtech is therefore the best independent resource on contactless ticketing security.
Spirtech provides counseling assistance to public transport operators and authorities wishing to move their ticketing system to teleticketing, allowing them to better manage this project and their suppliers.
This assistance may include:
- The test plans, validation design for ticketing equipment.
- The analysis of cards and terminals.
- The design of the data model (coding of the data present in the cards).
- The definition of the security architecture (secret keys, secure modules, etc.).
- The global security analysis.
- The specification of systems that combine teleticketing with other technologies such as the electronic purse.
- Training to the Calypso standard and to the contactless technology.
- The tools for simulation and expertise.
- The central system applications that remotely manage the SAM and security.
- The tools to manage centrally the security of ticketing operations (HSM, SAM).
Industrial products rely increasingly upon embedded software, which requires specific hardware and software skills, as well as a strong project management allowing an overall assessment of the product within its environment.
When the cost of the end product is a determining factor, embedded software design imposes constraints very similar to smartcard software design, and quite different from the usual design of PC software:
- Continuous runtime.
- Low internal resources: the microcontrollers used have limited resources (CPU power, communication and memory size), low electric power consumption, no real operating system, and user interface limited to a few lights or, at most, to a few lines display.
- Low speed processor: the processors are often significantly slower than desktop processors, making it necessary to optimize the processing times.
- No external maintenance is possible during long periods and, sometimes, for the entire product life.
- Software updates may be difficult or impossible, requiring a very high quality and reliability of the application.
Spirtech teams are well accustomed to the design of small size products (mobile platforms, or embedded into other products), with a low power consumption (for instance powered by batteries) and optimized for cost and performances.
In 1980, RATP and Innovatron launched an R&D partnership that led to the ISO/IEC 14443B and to the Calypso standard.
The R&D was done at Innovatron. The engineers involved in these projects then founded Spirtech and have continued their works and consulting in smartcards and contactless technology.
Spirtech know-how covers all the aspects of these technologies:
- Mastering of the physical principles, implementations and test methods.
- Implementation inside electronic components (hardware and software).
- Usage constraints (transaction interruptions, unstable power supply, optimization, etc.).
- Security issues. Spirtech was one of the main contributors to the European reference document SINCE.
Spirtech manages validation tests for the contactless products of its customers, in order to prepare the conformity tests to the ISO 14443 standard, to its test standard (ISO 10373-6) and to other communication protocol such as B' (Innovatron).
Cryptography and computing security
Modern cryptography arose 25 years ago with the concepts of public key ciphering and electronic signature. It has now become commonplace, thanks to the e veryday use of RSA and DES algorithms in most secured electronic transactions.
The smart card, born at the same time, is the perfect tool for cryptography: first to protect the secret keys of the ciphering algorithms, and then, when the computation power of the components allowed it, to run the cryptographic algorithms in the smart card microprocessor itself. Attacks against these security mechanisms however improved with time, with a combination of algorithmic and hardware analysis.
To help its customers, Spirtech experts put into practice an experience of over 20 years on smartcard security, initiated within Roland Moreno Technology, and completed by the contactless technology know-how. For example, Spirtech develops optimized cryptographic libraries (DES, RSA, PKI, electronic signatures) resistant to Differential Power Analysis attacks. We have also developed cryptographic algorithms adapted to specific constraints, corresponding to specific uses.
Spirtech engineers also act as security experts in European projects and provide counseling assistance on security attack analysis.
Spirtech has designed standard cryptographic libraries, and may adapt them to new microcontrollers, taking into account their specific characteristics in order to optimize their computation times. Relying upon skills in embedded systems and in applied cryptography, Spirtech designs or help its clients to design the cryptographic algorithms for integration in their products.