2.1.0
As part of the Card Layer, the Calypso Card API provides high-level functionality for selecting and performing transactions with Calypso cards.
Interfaces
The Calypso Card API provides the means to select a target card and then perform a transaction with the selected card.
- The result of a card selection is a smartcard image whose file structure and data records can be browsed.
- A transaction with a target card may involve a control SAM in order to secure the operations.
The CalypsoCard
interfaces provide accessors in order to recover the information of the selected smart card.
To optimize the number of exchanges with a card reader, the Calypso Card API allows to group the commands.
A set of command could be first prepared, and then be processed by a selected target at the selection or
during the transaction.
A transaction with a Calypso card is fully managed through the CardTransactionManager
interface:
Selection of a Calypso card
A Calypso card selection could be defined to accept or not invalidated card.
Through the selection only basic Select File (without changing DF) or Read Records commands could joined: the goal is to recover in the selection result some file status or record data of elements present in all cards of a ticketing networks. The type of card product has not yet been identified, the commands are prepared to be supported by all types of card products: Prime, Light, or Regular.
Then, if a Calypso card has matched the selection request, a Calypso card image is returned, some file headers or file records could be filled depending on the information recovered in the responses of the Select File or Read Records processed.
Transaction with a Calypso card
Except the operations involving secure processing on “data” (data signature computation / verification, data ciphering / un-ciphering), only commands for the card need to be prepared though the Card Transaction Manager interface. Depending on the operation, if necessary the security involving the master SAM must be controlled internally by the Calypso library.
Simple operation outside a session
PIN plain verification / change outside a session
Data secure processing outside a session
Key / PIN ciphered update outside a session
Stored Value operation outside a session
Simple secure session for fast embedded performance
This example illustrates the ticketing processing of a validation: only the necessary data is read from the card.
In case of communication failure with the card, to support a recovery transaction on another terminal: the ratification status and the last event are checked at the session opening, and the session is closed as not ratified directly followed by a ratification command.
Simple secure session for an efficient distributed system
In most of the cases, it should be possible to handle a secure session with a Calypso card, using only:
- 3 exchanges with the card reader (selection processing, session opening processing, and session closing processing),
- and 3 exchanges with the SAM reader (terminal session challenge recovery, session MAC computation, and card authentication).
This example shows the loading of a contract during a sale, to speed up the identification of the card content while limiting the exchange of messages with the card reader, some data can be read out of session during the selection, then read again during the session.
In case of communication failure with the card, if the recovery transaction is supported only on the same terminal, then the checking of the ratification status is not necessary at the session opening, and the session could be closed as ratified.