CALYPSO FUNCTIONAL SPECIFICATION. CNA Calypso rev 3.1 Applet Presentation

Similar documents
Card Specification Amendment A March 2004

PayPass M/Chip 4. Card Technical Specification

EMV Contactless Specifications for Payment Systems

SMART CARDS. Miguel Monteiro FEUP / DEI

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

ETSI TS V6.0.0 ( )

EMV Contactless Specifications for Payment Systems

ETSI TS V9.1.0 ( ) Technical Specification

Technical Specification Smart Cards; UICC Application Programming Interface for Java Card for Contactless Applications (Release 10)

ETSI TS V7.1.0 ( )

APDU-Test Card Functional Requirements

3GPP TS V9.1.0 ( )

QR Code Specification for Payment Systems (EMV QRCPS)

ETSI TS V7.0.0 ( ) Technical Specification. Smart Cards; Extensible Authentication Protocol support in the UICC (Release 7)

ETSI TS V9.0.0 ( ) Technical Specification. Smart Cards; Remote APDU structure for UICC based applications (Release 9)

ETSI TS V ( )

Card Specifications & 2.1 Frequently Asked Questions December 2004

EMV 96 Integrated Circuit Card Application Specification for Payment Systems

3GPP TS V ( )

ETSI TS V7.1.0 ( )

MasterCard NFC Mobile Device Approval Guide v July 2015

ETSI TS V ( )

M/Chip Advance V1.1 Personalization Guide

ETSI TS V ( )

A Novel Scheme for On-demand Distribution of Secure Element Keys

The English version of this specification is the only normative version. Non-normative translations may also be available.

CALYPSO FUNCTIONAL SPECIFICATION. Card Application

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

ETSI TS V5.3.0 ( )

GSM Association (GSMA) Mobile Ticketing Initiative

Visa Mobile. Proximity Payment Testing & Compliance Requirements for MicroSD and Mobile Accessories

FINEID - S1 Electronic ID Application

Enabler Release Definition for Smartcard-Web-Server

ETSI TS V7.3.0 ( )

2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient

ETSI TS V ( )

AN5115 Application note

Advances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards. contactless IC cards that is being adopted

EMV Contactless Specifications for Payment Systems

Common Payment Application Contactless Extension CPACE. Functional Specification. CPACE for Dual Interface Cards

Smart card operating systems

ISO/IEC INTERNATIONAL STANDARD. Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange

ST Payment Secure Solution - Java Card platform with up to 90 Kbytes of user NVM for Visa, MasterCard, AMEX, Discover and Interac applications

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

Technical report. Signature creation and administration for eidas token Part 1: Functional Specification

3GPP TS V ( )

EMV Contactless Specifications for Payment Systems

Lightweight Machine to Machine Architecture

CIPURSE V2 Certification Program

ETSI ETR 174 TECHNICAL April 1995 REPORT

Lightweight Machine to Machine Architecture

Visa Chip Security Program Security Testing Process

3GPP TS V ( )

Technical Specification Smart Cards; Extensible Authentication Protocol support in the UICC (Release 9)

Provisioning Smartcard

ETSI TS V8.0.0 ( ) Technical Specification

Test Plan for MultiRead Devices

ACOS5-64. Functional Specifications V1.04. Subject to change without prior notice.

Functional Specification

Smart Card Operating Systems Overview and Trends

Technical report. Signature creation and administration for eidas token. Version 1.0 Release Candidate 6. Version 1.0 Release Candidate 6

MF1ICS General description. Functional specification. 1.1 Key applications. 1.2 Anticollision. Energy. MIFARE card contacts La, Lb.

The Open Application Platform for Secure Elements.

Security & Chip Card ICs SLE 55R04. Intelligent 770 Byte EEPROM with Contactless Interface complying to ISO/IEC Type A and Security Logic

Specification for TRAN Layer Services

PUBLIC USER SPECIFICATION BELPIC APPLICATION V2.0

ETSI TS V6.2.0 ( )

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

Interoperability Stepping Stones. Release 6

MDG. MULTOS Developer's Guide. MAO-DOC-TEC-005 v MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited.

This document is a preview generated by EVS

CD-ROM COMPATIBLE TAPE FORMAT FOR INSTALLABLE FILE SYSTEM

The SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008

PMBus Power System Management Protocol Specification Part I General Requirements, Transport And Electrical Interface

NFC Controller Interface (NCI) Specification. Technical Specification NFC Forum TM NCI 1.0 NFCForum-TS-NCI

GemClub-Memo. Technical Specifications. Version 1.0

Open Mobile API test specification for Transport API V0.9

Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet

Presentation of the Interoperability specification for ICCs and Personal Computer Systems, Revision 2.0

ECMA-385. NFC-SEC: NFCIP-1 Security Services and Protocol. 4 th Edition / June Reference number ECMA-123:2009

OMA Device Management Bootstrap

UM PR533 - PCSC Tool. User manual COMPANY PUBLIC. Rev November Document information

Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems

JMY600 Series IC Card Module

Smart Cards. Outline. José Costa Application Domains: Smart Cards. Software for Embedded Systems

EMV ContactlessSpecifications for Payment Systems

Expert 3.2

The Open Protocol for Access Control Identification and Ticketing with PrivacY

August, Actividentity CTO Office

EHAG 125 khz Multitag Reader Module ME-H10101xx

ST Payment Secure Solution Java Card platform with up to 100 Kbytes of user NVM for AMEX payment applications

ETSI TS V6.1.0 ( )

Expert 3.2

Java Card Approach to Emulate The Indonesian National Electronic ID Smart Cards

Relay Attacks on Secure Elementenabled

Electronic fee collection Information exchange between service provision and toll charging

Open Mobile API specification

Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems

Ch 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated

Transcription:

1 / 13 CALYPSO FUNCTIONAL SPECIFICATION VERSION The information contained in this document is public. (This document may be accessed at http://www.calypsonet-asso.org/) 2014. All rights reserved. The authors of this Specification make no other representation or warranty regarding whether any particular physical implementation of any part of this Specification does or does not violate, infringe, or otherwise use other patents, copyrights, trademarks, trade secrets, know-how, and/or other intellectual property of third parties, and thus any person who implements any part of this Specification should consult an intellectual property attorney before any such implementation. Any party seeking to implement this Specification is solely responsible for determining whether their activities require another license to any technology. shall not be liable for infringements of any third party s intellectual property right.

2 / 13 AUTHOR EDITOR REVISION LIST Author Modifications 141218 Ixxi First release, the version number is related to the corresponding CNA Applet version and User Guide

TABLE OF CONTENTS 3 / 13 INTRODUCTION...4 Scope...4 1.2 Notations...4 2 REV3.1 FUNCTIONALITIES AND OPTIONS...5 2.1 Supported Specifications...5 2.2 Compatibility...6 2.3 Options...6 3 CNA APPLET IMPLEMENTATION SPECIFICITIES...9 3.1 Applet versions, platform dependencies, & targeted secure elements...9 3.2 Applet Memory Use...10 4 ANNEX...11 4.1 References...11 4.2 Acronyms...12 4.3 Links and Contacts...13

INTRODUCTION CALYPSO FUNCTIONAL SPECIFICATION 4 / 13 Scope This document describes the functionalities of the CNA Calypso REV3.1 applet running in Portable Objects that embed a Secure Element compliant with the Java Card and the GlobalPlatform specifications. It presents the features and options supported by the CNA implementation of the Calypso Revision 3.1 specifications as a Java Card applet. This document is an extract of the version of the Calypso Specification CNA Calypso REV3.1 Applet User Guide which defines in detail the technical settings of the applet, complementarily to the Calypso Revision 3.1 Portable Object Application and the Calypso Application Downloading specifications. 1.2 Notations In the following, - the term application used alone refers to the product provided by the Calypso Networks Association: the CNA Calypso Revision 3.1 Java Card applet ; - the term Calypso REV3 application indicate a Calypso ticketing instance installed from the applet. All hexadecimal values are quoted or suffixed with the letter h. For instance, '10' or 10h (hexadecimal) represents 16 (decimal). Within this document, the keywords shall, should and may are to be interpreted as follows, when used in the italic form: The word shall is used to indicate mandatory requirements strictly to be followed in order to avoid common error situations and to avoid situations where the security or the operation of an application may be compromised. No deviation to such indications should be permitted (shall equals is required to). The word should is used to indicate that among several possibilities, one is recommended as particularly suitable, without mentioning or excluding others; or that a certain course of action is preferred but not necessarily required; or that (in the negative form) a certain course of action is not recommended but not strictly prohibited (should equals is recommended that). The word may is used to indicate a course of action permissible within the limits of the platform (may equals is permitted to).

5 / 13 2 REV3.1 FUNCTIONALITIES AND OPTIONS The purpose of this chapter is to present the features and options supported by the CNA implementation of the Calypso Revision 3.1 specifications as a Java Card applet. 2.1 Supported Specifications The application supports the following specifications: CALYPSO SPECIFICATION REV.3 Portable Object Application 3.1 (dated 10 March 2009) Ref: 060708-CalypsoAppli CALYPSO SPECIFICATION REV.3 Calypso Generic Example File Structures 1.4 (dated 9 May 2013) Ref: 060709-CalypsoFiles CALYPSO SPECIFICATION Application Downloading (dated 26 May 2011) Ref: 090128-ApplicationDownload CALYPSO SPECIFICATION Calypso Activation SAM User Manual (dated 6 August 2008) Ref: 080118-UM-ActivationSAM CALYPSO SPECIFICATION Portable Object Application Activation Cryptographic Algorithms Revision 3 1.3 (dated 29 November 2010) Ref: 080610-SSAActivation CALYPSO TECHNICAL NOTE #001 Calypso Startup Information: Specification and Management dated 20 May 2013 Ref: CalypsoTN001 CALYPSO SPECIFICATION Portable Application - Stored Value Algorithms 2.1 Ref: 080520-NT-R3SVAlg

6 / 13 2.2 Compatibility Starting from the revision 3.1, the Calypso Portable Object specification is designed to support Java Card environment, indeed all non-optional features of the revision 3.1 are fully compliant with Java Card. Except the extended version of binary EF, the application supports all features of the revision 3.1 which are compliant with Java Card. The application is an implementation of the revision 3.1, but it could also emulate a revision 2.4 product restricted to features compliant with Java Card (no Select Application with class byte 94h, no ratification on deselect signal,...). 2.3 Options This section details the implementation decisions that were made during the implementation of the application regarding the options defined in the Calypso Revision 3.1 specification. All of those decisions are within the boundaries defined in this specification. Details: R3: After entering Phase 2, an instance of the application complies with the requirements of Calypso Revision 3.1. It has no data field, command or parameter other than those explicitly authorized in Calypso Revision 3.1. R4: The AID is defined during Phase 1. R7: Fetching the EF-DIR data with a Get Data command prior to the selection of an instance of the application is not supported. R8: When multiple instances of the application from the same package are installed in a Java Card, the Calypso Serial Number is shared between instances of the application. R9: The possible value for the number of Session Modifications is between 6 and 9 (both inclusive). R13-R17: The value of the Platform, Application Type, Application Subtype, Software Issuer and Software and Revision bytes of the Startup Information is defined by the entity in charge of the GlobalPlatform personalisation of an instance of the application using DGI 2100 as defined in CALYPSO SPECIFICATION, Application Downloading. R18: The Calypso PIN mechanism is supported by Calypso Instances. Stored Value instances do not support PIN mechanism. R23: Each instance of the application has its own Calypso PIN. R24: The Calypso Stored Value application is available: a dedicated Calypso Stored Value instance could be installed, or the support of the Stored Value feature could be added to a Calypso REV3 instance during its personalization. R27: The Java Card API does not trigger an applicative event when the underlying card receives a Disconnect frame, so the entity in charge of the personalisation of an instance of the application shall indicate "No ratification on disconnect in the Application Type assigned to the instance. R28: The application does not support a MF. R29: The Shared EF mechanism is supported. R29: o The application supports up to 255 records per file. o The application supports up to 250 bytes per record. R41: DES, DESX and TDES are supported. R60: The ratification state is local for each instance of the application. R65: The session state is set to ratified when an instance of the application receives any applicative command (including Select Application). R68: The Default initial value of the Transaction Counter is 200.000. This value can be personalised using the DGI 2200.

CALYPSO FUNCTIONAL SPECIFICATION 7 / 13 R70: The Transaction Counter is only decremented by the commands listed in R69. It is not decremented if an error is detected in the format of the command or if the command is incompatible with the current state of the instance of the application. R74: The Transaction Counter is global to the package. R81: The PO challenge is also reset when the instance of the application is deselected or when the PO is powered off. R8: o The application accepts CLA=94h for all commands except select application command if the hosting platform allows it. o The application supports CLA=FAh for the SV commands. R82: o 6E00h is returned when the Class is incorrect. o 6D00h is returned when the Instruction is incorrect. R84: The maximum size of the Data Field is limited by the capabilities of the Java Card hosting the application. All JC2.2 products and later versions allow the applet to support 250 bytes as maximum size of the Data field. R88: The application supports the transmission protocol managed by the hosting platform, T=0 if the contact mode is available. R93: The application supports the modes of operation of Select Application supported by the Java Card hosting the application. R94: o Only CLA=00h is supported for the Select Application command (Java Card platforms do not supports Select Application with CLA=94h). o P2=0Ch and P2=0Eh are supported. o For the GP2.2.1 version dedicated for NFC mobile, if the applet is selected on the contact interface with T=0 or T=1 and P2=00h or P2=02h: the applet doesn t return SW=6283h if the application is invalided (this hack allows a better support with mobile environment); the applet returns SW=6200h in case of exception during the self-activation process (see Erreur! Source du renvoi introuvable.). R98.1: The application supports the parameters combinations described in 98.1. R99: o The selected file or DF shall be in the current selected DF. o The application supports the selection mode with P1= 08h and P2 = 00h Action P1 P2 Lc Data In Remarks Select a given file 08 00 02 File LID Current DF or Local EF R102: CLA=94h is supported. R105: CLA=94h is supported. R107: CLA=94h is supported. R108: The application supports the Get Data command with the following optional tags: o 0062h current FCP o 006Fh current FCI o 0185h : Traceability Information (defined in chapter Erreur! Source du renvoi introuvable.) R111/R112: Put Data is not supported. R116: CLA=94h is supported. R118: CLA=94h is supported. R120: CLA=94h is supported. R122: CLA=94h is supported. R124: CLA=94h is supported. R125: The extended version of Read Binary is not supported. R135: The extended version of Update Binary is not supported. R140: The extended version of Write Binary is not supported.

R144: CLA=94h is supported. R145: CLA=94h is supported. R145: CLA=94h is supported. R147: CLA=94h is supported. R149: CLA=94h is supported. R151: CLA=94h is supported. R152: Change PIN is supported. R153: CLA=94h is supported. R154: Verify PIN is supported. R155: CLA=94h is supported. R157: The Stored Value application is supported. R158: DF LID defined at 1000h (cf. Erreur! Source du renvoi introuvable.). R159: Load Log LID defined at 1014h. R160: Purchase Log defined at 1015h. R164: CLA=94h & FAh are supported. R170: CLA=94h & FAh are supported. R176: CLA=94h & FAh are supported. R182: CLA=94h & FAh are supported. 8 / 13

9 / 13 3 CNA APPLET IMPLEMENTATION SPECIFICITIES 3.1 Applet versions, platform dependencies, & targeted secure elements CNA provides the application in three main versions: - GlobalPlatform 2. for Java Card 2.1.x, - GlobalPlatform 2. for Java Card 2.2.x, - GlobalPlatform 2.2.1 for Java Card 2.2.x. The GP2. application could address most of contactless Java Card Secure Element; versions optimized for JC2.1.x & JC2.2.x are available. These versions support only the personalization process with a selection of the application. The GP2.2.1 application is dedicated for NFC mobile: - This version manages in addition the personalization process through the associated Security Domain (required OTA channel usage). - The Select Application command in contact mode could return only response status at 9000h or 61XYh in order to assure a good interoperability with mobile environments. - In contact mode, in case the contactless interface is disabled, the application calls the selfactivation privilege on the processing of the Select Application command. The usage of the self-activation privilege has to be firstly declared at the installation of the instance. The GP2.2 application is dependent upon the Java Card 2.2.1 API. CNA proposes also: - an experimental version GlobalPlatform with OTA push, this application extends the GP2.2 regular version with the support of the Calypso APDU commands through an OTA channel (see Erreur! Source du renvoi introuvable.). - Reserved for Calypso licensees, a special version VOP2.0.1/GP2. for Factory Personalization is available too. This version shall be used for indoor personalization only; it allows the support of Java Card platforms not managing RSA in 1536 bits (see [CSFP]). API & dependencies: - For all versions: o The application is not multi-selectable. In other words, it does not implement the "javacard.framework.multiselectable" Interface. o The application does not rely on proprietary extensions of the underlying Portable Object. o The application does not implement the "org.globalplatform.application" Interface. o The application implements the "javacard.framework.shareable" Interface.

10 / 13 - For the NFC mobile version: o The application does not use the SIM Toolkit API. o For the OTA personalization, the application implements the extended processdata(...) method of the "org.globalplatform.personalization" Interface (amendment A 1.0 of GlobalPlatform 2.2, cf. [CCCM]). o To manage the self-activation privilege, the application uses the "org.globalplatform.contactless.gpclsystem" Interface (amendment C 1.0.0 of GlobalPlatform 2.2.1, [CCS]). By default, the CNA provides the applet in versions only dependent on the Java Card & GlobalPlatform API. The applet could also be packaged to support a cryptographic patch API in order to increase the performance (cf. [CCAPG]). 3.2 Applet Memory Use The following table gives an estimation of the memory allocated by the applet in persistent memory (EEPROM) and in RAM (Transient memory allocated in Clear on Reset for the GP2.2 with OTA push applet, in Clear on Deselect for the other versions). GP2. (Bytes) GP2.2.1 (Bytes) GP2.2 with OTA push (Bytes) EEPROM RAM EEPROM RAM EEPROM RAM Package 23 kb 26,5 kb 28 kb Setup instance 778 800 780 800 780 800 Rev3 instance 2604 210 2656 210 2660 210 Total for 1 instance 26,3 kb 1010 29,8 kb 1010 30,9 kb 1010 Total for 2 instances 28.8 kb 1010 32,4 kb 1010 33,5 kb 1220 In this example, the static RAM allocation (shared by all Rev3 instances) is defined for a modification session buffer of 215 bytes and a signature accumulation buffer of 512 bytes. The configuration is based on the reference file structure 01h. (For GP2.2 version with OTA push, the RAM memory is not released when the application is not used; the RAM amounts add up if several packages are loaded.)

11 / 13 4 ANNEX 4.1 References [CLS3] [SAMAC] [CSAD] [CSAL] [CSFP] [CPOPD] [CCAPG] [GP221] [CCCM] [CCS] [CPS] CALYPSO SPECIFICATION REV.3 Portable Object Application 3.1 10 March 2010) Ref: 060708-CalypsoAppli (www.calypsostandard.net) Calypso Activation Module User manual 1.3 29 November 2010) Ref: 080118-UM-ActivationModule (www.calypsostandard.net) Calypso Specification Application Downloading 26 May 2011 (www.calypsostandard.net) Calypso Specification CNA Calypso Applet Licence 1.2 11 February 2013 121024-CnaCalypsoApplet_UserLicence (ask applet@calypsonet-asso.org) Calypso Specification CNA Calypso Applet Factory Personalization 1.0 28 August 2013 Ref: 130728-CnaCalypsoApplet_FactoryPersonalization (reserved for licensees / ask applet@calypsonet-asso.org) Calypso Specification Portable Object Profile Declaration 0.96 March 14, 2014 Ref: 130920-CalypsoPOProfileDeclaration_V0.96 (www.calypsostandard.net) CNA Calypso Applet Specification Java Card Applet Patch Guide 1.0.2 April 30, 2009 (ask applet@calypsonet-asso.org) GlobalPlatform Card specification 2.2.1 January 2011 GlobalPlatform (www.globalplatform.org ) GlobalPlatform Card Confidential Card Content Management Card Specification v 2.2 - Amendment A 1.0.1 January 2011 GlobalPlatform (www.globalplatform.org ) GlobalPlatform Card Contactless Services Card Specification v 2.2 - Amendment C April 2013 GlobalPlatform (www.globalplatform.org ) EMV Card Personalization Specification July 2007 EMVCo (www.emvco.com ) [24014] ISO 24014-1 Public transport Interoperable fare management system Final Draft ISO (www.iso.org ) [102225] ETSI TS 102 225 Smart Cards: Secured packet structure for UICC based applications (Release 7) ETSI (www.etsi.org ) [102226] ETSI TS 102 226 Smart Cards: Remote APDU structure for UICC based applications (Release 7) ETSI (www.etsi.org ) [IN-REQ] Requirements for loading a Calypso application 1.3 21 September 2007 Innovatron (www.innovatron.fr )

12 / 13 4.2 Acronyms APDU Application Protocol Data Unit APSD Application Provider Security Domain C-MAC Command MAC CA Controlling Authority CMS Card Management System DF Dedicated File DGI Data Grouping Identifier EF Elementary File EMV Eurocard MasterCard Visa FCI File Control Information GP GlobalPlatform GP-CMS GlobalPlatform Card Management System ICV Initial Chaining Vector ISD Issuer Security Domain ISO/IEC International Organization for Standardization / International Electrotechnical Commission LSB Least Significant Byte M/O Mandatory/Optional MAC Message Authentication Code MIDP Mobile Information Device Profile MSB Most Significant Byte MNO Mobile Network Operator OTA Over-the-Air OTI Over-the-Internet RAM Remote Application Management RFU Reserved for Future Use R-MAC Response MAC ROM Read-Only Memory SAM Secure Application Module SCP Secure Channel Protocol SD Security Domain SE Secure Element SFI Short File Identifier SIM Subscriber Identity Module SSD Supplementary Security Domain SW Status Word SWP Single-Wire Protocol TLV Tag Length Value TTP Trusted Third-Party

13 / 13 4.3 Links and Contacts Calypso related Internet sites: Calypso Documentation Innovatron http://www.calypsostandard.net http://www.calypsonet-asso.org http://www.innovatron.com Calypso related email contacts: CNA Calypso Applet Support Innovatron applet@calypsonet-asso.org contact@calypsonet-asso.org calypso@innovatron.fr

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback