You are currently browsing the archives for the calypso category


Calypso the ticketing master

When we talk about transport ticketing, Calypso is the technology we must discuss first. Calypso is a transport ticketing system built by the transport operators. It was designated to match the transport ticketing requirements from functional flow to security mechanisms. The main identifier of Calypso is that it requires a micro processor card. This enables all the security required by complex transportation environment.

So, what is Calypso?

Calypso is a ticketing application developed and maintained by Calypso Association. Calypso Association, based in Brussels, Belgium, was established by RATP and technology provider Innovatron in 1993. Later on, group of European transport operators from Belgium, Germany, France, Italy and Portugal joined the association. Calypso ticketing application is currently being used by various European public transport systems.

In the Calypso world, you can define various players into a single card (now the term “portable object” is used though, rather than “the card”) and they can share the same balance. The technical design of the application supports multi-application by nature. Different contracts can be installed on to a single card which are protected by different key sets. Each Calypso chip has a set of derived keys from master keys. DES and DESX (an implementation of DES against brute force attacks) can be used for authentication. Calypso requires its own SAM card for authentication which is a pre-requisite of modifying the data in the chip.

Unlike typical mifare designs, you are restricted by the boundaries and transaction flow developed by Calypso, but it covers almost anything that can be expected in a transport ticketing environment. Calypso applet runs on micro processor chips, so authentication is quite strong (and fast)

Calypso Association plays an innovative role towards the NFC era and they seem to be ready for the NFC evolution. (I wish I could say revolution, by the way) Calypso applet runs on various card operating systems varying from Infineon to Watchdata chips, including NXP’s JCOP family. Of course this includes any secure element in the NFC world.

Based on my personal experience, I can say that Calypso is an equivalent of EMV in the banking payment world. Both of the applications are quite well designed, already running on millions of chips and getting ready for the future.

Mifare classic the legend

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!

These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.

Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.

Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.

I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.

Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!
These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.
Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.
Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.
I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.
Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

Transportation task force from GlobalPlatform

Access control applications and transportation systems were the “killer applications” that caused the boom in the contactless cards. Access control systems are generally do not require anything more than a unique id, but transportation systems are more complex.

Speaking generally, two products dominate the contactless transportation installations: NXP‘s mifare family and the Calypso family, which are famous from the ISO 14443 Type A and B, by the way. Mifare has been dominant for years, but with the security leak that was imposed by the German CCC has been quite a barrier for Mifare lately. NXP responded with Mifare Plus, which is a product designed for migrating the current systems without changing the card media. I think it’s a very good move.

In the last 3-4 years, we saw that banks are trying to penetrate into the contactless transportation systems. Unfortunately the technology that the banks have -EMV- can not respond to the transportation ticketing requirements. Both Visa and MasterCard are working on this.

On the other hand, I saw a very interesting news on Near Field Communications World.com about GlobalPlatform‘s new task force on transportation systems.

I think this will eventually lead to more standardized schemes in the transport ticketing world. Both NXP and Calypso already have compliant products with GlobalPlatform. But the effort that the GlobalPlatform itself will make more efficient affect, not just on the cards, but the readers and terminals as well. It’s also important in terms of NFC based payment scenarios in the transportation since the GSM world will be using a SIM-centric systems based on GlobalPlatform standards.