Calypso REV3.1 Card Applet version 1.3.9 - Release Note

CNA CALYPSO Applet Notes

Ref: CalypsoCardApplet_ReleaseNote

Page

1 / 14

This document is the property of Calypso Networks Association - Copyright 2007-2020. Reproduction is prohibited without prior written agreement

Calypso REV3.1 Card Applet version 1.3.9 - Release Note

December 11th , 2020 Pierre TERREE [email protected]

1 Packages

The CNA Calypso Applet is available in several packages to address the different kinds of Secure Element platforms:

• NFC Secure Element (active chip interfaced with a NFC Controller, and supporting the Single Wire Protocol)

or ISO 14443 contactless cards (passive chip),

• supporting the personalization by a non-licensee using a Calypso activation module (involves RSA

cryptography), or by a Calypso licensee in factory,

• for platforms prior or after Java Card 3.1.0.

Usage Java Card version supported

Package reference

NFC Secure Elements Potentially personalized by a non-licensee and after issuance

2.2.2 to 3.0.5 #01

3.1.0 & further #04

Contactless cards

Potentially personalized by a non-licensee and after issuance 2.2.2 to 3.0.5 #02

3.1.0 & further #05

Only personalized in a secure factory by a Calypso licensee (compliant with platforms not supporting RSA cryptography)

2.2.2 to 3.0.5 #03

3.1.0 & further #06

The version 1.3.9 is currently recommended for any new deployment. If not requiring a new feature, it may not need to update instances already installed from older packages.

CNA CALYPSO Applet Notes Calypso REV3.1 Card Applet version 1.3.9 - Release Note


Page Date

2 / 14

2020/12/11


1.1 Delivery

The CNA members who have sign the applet user license could only get the packages requiring a certificate provided by an Activation Module. In addition, Calypso licensees which operate personalization in factory secure environment could request specific packages not requiring the usage of an Activation Module. These packages could also be convenient for Java platforms not supporting RSA cryptography.

1.2 identification

• package #01 – build reference 20201209-092013

.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack01-20201209-092013-NFC-JC222-GP22amdC-ActSam.cap

Size (Bytes) 39023

HMAC-SHA-1 0D132113533B9C7680F734529895D9A5005E0511

Load File Data Block Hash without Descriptor

Size (Bytes) 32576

HMAC-SHA-1 for DAP Signature

8F0393D95EF9B9BA25AE8EC40F0AA04A1F78F658

Size on SE (Bytes) 28520

Package AID F8434E412E43616C7970736F31333030


.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack02-20201209-092029-Card-JC222-GP211-ActSam.cap

Size (Bytes) 38156

HMAC-SHA-1 E22B3B3EFAADAC3E0E561F475A0F95C10B513E9B


Size (Bytes) 31822


FC758095B6A7EED713DAB6C5D9F8E066A2542F63




.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack03-20201209-092049-Card-JC222-GP211-ActFactory.cap

Size (Bytes) 36338

HMAC-SHA-1 FB24C8C2D7CA8772BD651EE2172E1154E54FD813


Size (Bytes) 30250


393F6289E841D14F455C8D172D7961D316792C4E





Page Date

3 / 14

2020/12/11



.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack04-20201209-092108-NFC-JC310-GP22amdC-ActSam.cap

Size (Bytes) 197058

HMAC-SHA-1 2F5D4FD9C8B93C685AC54674634D90720125F7F3


Size (Bytes)


01EC7C7F291A27FCA1F78F5000BD7EEDD6DA8CC7

Size on SE (Bytes)



.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack05-20201209-092114-Card-JC310-GP211-ActSam.cap

Size (Bytes) 194070

HMAC-SHA-1 4C79FEC5EEEAC2984891E21FC6C96EB61EBEEB07


Size (Bytes)


554CE47A19534BF4B7BFE95CC5C5E78B6DDF1671

Size on SE (Bytes)



.CAP File Name CNA-CalypsoRev3.1-AppletV1.3.9-RefPack06-20201209-092119-Card-JC310-GP211-ActFactory.cap

Size (Bytes) 184845

HMAC-SHA-1 293B31108F57C2B59215948D195DEA9383C34981


Size (Bytes)


08EB9887CC9F7B98AE0D93C68941BD1BBEEADF1B

Size on SE (Bytes)


1.3 Platform dependencies

The packages have different dependencies.

Package reference

RSA cryptography required

Off-Card Verifier validation

Versions API version required

Java Card GlobalPlatform ETSI UICC HCI

#01 yes

JC3.0.5u2 2.2.2

2.2 with amendment C 1.0

#02 2.1.1 -

#03 -

#04 yes

JC3.1 3.1.0

2.2 with amendment C 1.0

#05 2.1.1 -

#06 -



Page Date

4 / 14

2020/12/11


1.3.1 Java Card

The packages #01, #02 & #03 are based on the JC2.2.2 API, the packages pass the Off-Card Verifier of JC3.0.5u2, those can be deployed on Java Card platform from version 2.2.2 to 3.0.5. The packages #04, #05 & #06 are implemented on the JC3.1 API, those pass the Off-Card Verifier of JC3.1 and can be deployed on Java Card platforms starting from the version 3.1.0.

Imported Java Card packages API version per packages

#01, #02, #03 #04, #05, #06

A0000000620001 javacard.lang 1.0 x

A0000000620101 javacard.framework 1.3 x

A0000000620102 javacard.security 1.3 x

A0000000620201 javacardx.crypto 1.3 x

• The application isn’t multi-selectable: it doesn’t implement the "javacard.framework.MultiSelectable" Interface.

• Versions 1.3 no more implement the "javacard.framework.Shareable" Interface.

Package Off-Card Verifier version validated

#01 JC3.0.5u2

#02

#03

#04 JC3.1

#05

#06

Integer The support of 32-bit integer is not required. Cryptography The required cryptographic keys are:

• 64-bit DES,

• 128-bit DES3,

• 1536-bit RSA public → is required only for the packages (#01, #02, #04, #05) working with an activation by module

The required cryptographic engines are:

• Engine for DES-based cipher in CBC with no padding,

• Engine for RSA cipher with no padding, → is required only for the packages (#01, #02, #04, #05) working with an activation by module

• Engine for DES MAC8 signature with no padding,

• Engine for DES MAC8 signature with padding method 2,

1.3.2 GLobalPlatform

The packages dedicated for NFC SE require a GlobalPlatform environment minimum in version 2.2.0 with the support of the amendment ‘C’ version 1.0 (to manage the self-activation privilege). The other packages are compliant with GlobalPlatform in version 2.1.1.

Imported Java Card packages API version per packages

#01, #04 #02, #03, #05, #06

A00000015100 org.globalplatform 1.2 1.0

A00000015102 org.globalplatform.contactless 1.0 -



Page Date

5 / 14

2020/12/11


• The application does not implement the ‘org.globalplatform.Application’ Interface.

• The personalization process through a Security Domain (using an ‘Install for Personalization’ command), the

application implements the extended processData(...) method is no more supported from the

version 1.3.9. So the ‘org.globalplatform.Personalization’ interface isn’t implemented.

• To manage the self-activation privilege, the application uses the

‘org.globalplatform.contactless.GPCLSystem’ Interface

Privilege For packages dedicated to NFC SE only, the Contactless Self Activation privilege is required.

• To manage the self-activation privilege, the application uses the ‘org.globalplatform.contactless.GPCLSystem’ Interface (amendment C 1.0.0 of

GlobalPlatform 2.2.1)

1.3.3 UICC HCI

For packages dedicated to NFC SE only, in order to notify a mobile application for a contactless data modification, the applet use the Java Card UICC API for contactless Applications (ETSI TS 102 705) to issue a TRANSACTION_EVENT.

Imported UICC HCI packages

A0000000090005FFFFFFFF8916010000 uicc.hci.framework version 1.0

A0000000090005FFFFFFFF8916020200 uicc.hci.services.connectivity version 1.0

(usage of uicc.hci.framework.{HCIDevice&HCIException} and

uicc.hci.services.connectivity.ConnectivityService)



Page Date

6 / 14

2020/12/11


1.4 Compilation options The applet is implemented on standard APIs and doesn’t require any native patch. All debug options are disabled,

Compilation Option Value Comment

GP_VERSION 'gp2.2-amdC' for #01 & #04 'gp2.1.1' for #02, #03, #05 & #06

Dependency GP2.2.X I

OPTION_PROCESS_4_SIZE 'true'

OPTION_NEW_ACTIVATION 'true'

OPTION_INTERFACE_COMM_MOBILE 'false'

OPTION_SELF_ACTIVATION 'true' for #01 & #04 'false' for #02, #03, #05 & #06

Dependency GP2.2 amendment C 1.0 Self-Activation privilege

PROFILE ‘PROFILE_ CALYPSO_R3_SV’

PRODUCT_SPEC_REF '0103'

OPTION_USE_JC22X 'true' Dependency with JC2.2.1 API

OPTION_USE_VOP 'false'

OPTION_CCCM_SUPPORT 'false' Dependency GP2.2 amendment A

• The personalization through a Security Domain is supported.

• For wired communications, the Select Application command doesn’t reply the invalidated status.

OPTION_DEFAULT_SELECTED 'false'

OPTION_DES 'true'

OPTION_DESX 'true'

OPTION_GET_DATA_HISTORICAL_BYTES 'false'

OPTION_TRACEABILITY 'true'

OPTION_PIN 'true'

OPTION_STORED_VALUE 'true'

OPTION_SHARED_EF 'true'

OPTION_SETUP 'true'

OPTION_CPS 'true'

OPTION_ACTIVATION_MODE 'SAM' for #01, #02, #04 & #05 'SIMPLE' for #03 & #06

Activation requires an Activation Module: The first Calypso instance to be personalized requires the DGI ‘3800h’

OPTION_NOTIFICATION 'true' for #01 & #04 'false' for #02, #03, #05 & #06

When true,

• the Calypso R3 & Stored Value modules support an install applicative parameter to define an instance with the support of NFC notification for contactless update.

• The package has a dependency with UICC HCI API.

DEBUG 'false'

DEBUG_SCP_LEVEL 'C_MAC_C_ENC' During the personalization, all Store Data commands require to be ciphered & signed.



Page Date

7 / 14

2020/12/11


Compilation Option Value Comment

DEBUG_CLS_SETUP_OPTIONAL DEBUG_PERSO_CLEAR_SECRETS DEBUG_NULL_CHALLENGES DEBUG_CHECKPARAMS DEBUG_ASSERT DEBUG_PARSE_EXCEPTION DEBUG_STOREDATA DEBUG_CLOSESECURESESSION DEBUG_LOG_SIGNATURE DEBUG_TESTVECTORS DEBUG_RATIFICATION DEBUG_LOG_CHANGE_KEY DEBUG_LOG_CIPHER DEBUG_PREVENT_BLOCK_ON_FAILED_PERSO DEBUG_GET_STATE DEBUG_GET_CACHE DEBUG_LOG_ACTIVATION DEBUG_STORED_VALUE_COMMAND DEBUG_DISABLE_DGI_ORDER_CHECK

'false' All debug options are disabled for a reference package.

PATCH_DESKEY PATCH_MESSAGEDIGEST_INNOVATRON PATCH_CIPHER_CHANGEKEY PATCH_CIPHER_CHANGEPIN PATCH_SIGNATURE_VERIFYPIN PATCH_SIGNATURE_SECURESESSION

'JAVA' Currently the applet is no more proposed as packaged to support a cryptographic patch API (native implementation to increase the performance).

OPTIM 'true'

OPTIM_PRIME_DES3 'true' When true, the Calypso R3 & Stored Value modules support an install applicative parameter to define instances with the TDES in optimization mode (when activated the support of the Change Key command is limited).

OPTIM_SIGNATURE_ACCUMULATE 'true'

OPTIM_FAST_READ_RECORD 'true'

OPTIM_NO_WIPES 'true'



Page Date

8 / 14

2020/12/11


2 Features and Calypso compatibility

2.1 Current version

Version Date Modifications

1.3.9

2020/12/09

• New features:

o For all SE:

▪ PIN feature improvements: the PIN is now supported by Stored Value instances

▪ Activation process: in addition to the previous activation process, the serial setting and the package selection could now be operated with the CalypsoSetup instance (using the same DGI). If the package isn’t activated on CalypsoSetup, then it has to be activated during the personalization of the first applicative instance.

▪ Binary files pre-personalization: EF data personalization through ‘ssnn’ DGI: is now supported for binary files.

▪ Select Fille command: additional modes for the Select File command allow to better emulate a NFC Forum Tag Type 4 with a Calypso ticketing instance.

▪ FCI Data: new possibility to hide the latest bytes in the AID, or to replace them with null bytes

▪ Java Card support: additional packages are available to support Java Card platforms based on JC 3.1.0

o For NFC SE only:

▪ The ‘Over-The-Air’ personalization mode is by default disabled: the default package does not more allow the personalization through the selected Security Domain (SD Selection + install for personalization on the applet instance).

• Fixes:

o For all SE:

▪ PIN support enhancement; the usage of resetAndUnblock() API provides a better compatibility with JC platforms for the reset of the PIN

1.3.8 2019/09/01

• Fixes:

o For all SE:

▪ ReadRecords command fix, in case of multiple counters read in a counter record for an offset different than 00h.

o For NFC SE only:

▪ Compatibility improvement of the NFC notification feature with NFC SE (fix the support of all tested SIM & eSE).

1.3.7 2018/10/24

• New features:

o For all SE:

▪ Java Card support: compatibility improvement with JC 3.0.4 & JC 3.0.5: no more dependency with the javacard.security.Signature abstract class (previous version were extending Signature without implementing the abstract method added in JC3.0.4 & JC3.0.5).

• Fixes:

o For all SE:

▪ ReadRecords command fix: in case of multiple records read for a number of bytes lower than 250 returns the data (6CXYh status issue),



Page Date

9 / 14

2020/12/11



▪ OpenSession command fix: in case of invalidated DF and Open Session without record read returns the successful status (6283h status issue).

1.3.6 2018/07/27

(test version not released)

• New features:

o For all SE:

▪ Java Card support: transient memory optimization to improve the support of contactless cards with limited capacity.

• Fixes:

o For all SE:

▪ Personalization process: for a personalization process through the selected application, in case of usage of a non-predictive SCP challenge, and in case the GP SCP channel is cut after the 9484h DGI: fixed the sequence number P2 parameter of the first Store Data command to new SCP channel to be reset at 00h.

▪ fix of the PIN status returned by the Select DF command.

1.3.5 2018/05/04


• New features:

o For all SE:

▪ Java Card support:

❖ optimization of transient memory consumption (static allocation of Cipher/Signature objects use for the Change Key/PIN feature; managed in Clear on Reset by some platforms),

❖ Support limited to JC 2.2.2 & further to support the Off-Card Verifier JC 3.0.5u2 (compatibility with JC 2.2.1 is abandoned)

1.3.4 2018/03/01


o For all SE:


❖ transient optimization: decrease of transient memory consumption (all bytes’ allocations in Clear on Deselect; personalization transient allocated & released during the personalization process)

❖ additional packages (reference #04 & #05) based on the JC 2.2.2 dependency, in order to pass the Off-Card Verifier JC 3.0.5u2

1.3.3 2018/01/09

• Fixes:

o For NFC SE only:

▪ increase the platform compatibility the NFC notification feature

1.3.2 2017/11/14

(deprecated)

• New features:

o For all SE:

▪ GlobalPlatform personalization process: allows SCP cut for direct personalization

1.3.1 2017/11/06

(deprecated)

• Fixes:

o For NFC SE only:

▪ NFC SIM & eSE support improvement (contactless/contacts mode detection).

1.3.0

2017/10/10 first v1.3 release



Page Date

10 / 14

2020/12/11



• New features:

o For all versions,

▪ Precomputed personalization on a single flow (based on the GP SCP02/03 i55 explicit authentication with a well-known pseudo-random);

❖ a personalization backoffice could precompute the provisioning of the applet (package load, instances installation, instances activation & personalization) and push the applet configuration to a remote SE through a single network message.

❖ This feature works only for a personalization through the selected Calypso application (for NFC SE, requires an OTI communication, not possible for OTA channel based on Security Domain with an ‘Install for Personalization’)

▪ Global PIN: update of the PIN feature which becomes shared between all Calypso instances from a package.

▪ Installation traceability:

❖ Package diagnostic: new diagnostic command on the Calypso Setup instance, in order to determine the status of the installed instances. For the NFC SE version: the command will also be supported through a DGI: it will allow TSM to diagnose the package status both by OTA or OTI.

❖ Linked instances: addition of the ‘00D0h’ mode for the Get Data command.

o For the NFC SE version only,

▪ MMI notifications: new notification feature to automatically inform a registered mobile application about data modifications operated through the contactless interface (based on ETSI NFC HCI / TRANSACTION_EVENT).

❖ Works on NFC devices with an applicative environment able to catch TRANSACTION_EVENT pushed by the CLF (defined by ETSI NFC HCI).

❖ This feature could be activated per instances during activation (notifications on free write, on SV Transaction, and for modifications during a secure session at the ratification or at the close.

• Code refactoring & improvements,

o For all versions,

▪ New possibility to delete the technical ‘Calypso Setup’ instance in standalone without removing the package (implementation of the uninstall method defined in JC2.2: which allows the deletion of static references).

▪ TDES optimization: addition of an installation option, in order to activate a TDES optimization (removing the cryptographic algorithm change) to improve the speed and reduce the transaction duration by 30 milliseconds.

▪ For Calypso keyset personalization, additional support of some CSAM proprietary keyset ALG references (e.g. 80h).

▪ AFSCM & smartcard manufacturers’ development guide compliance:

❖ Shareable interface usage removal: simplification of the Shared EF & Stored value’s implementations by removing the usage of shareable interface (fit AFSCM recommendations).

❖ Removal of dead code & switch statements fixes.

▪ Code reduction to optimize the package size.

• Interoperability & dependency

o For all versions, packaged for the personalization with an Activation Module,

▪ Java Card support: dependency with JC2.2.2 API (whatever the presence or not of a garbage collector), assurance of compatibility improved & able to pass the Off-Card Verifier of JC 3.0.5u2.

▪ The Java Card platform should support 1536 bits RSA cryptography.



Page Date

11 / 14

2020/12/11




▪ For the personalization through a Security Domain, additional hacks to support not compliant GlobalPlatform implementations (currently 4 variations supported).

▪ GlobalPlatform support: dependency with GP 2.2.0 API (including the support of amendments A & C)

▪ UICC HCI support: new dependencies with the API uicc.hci.framework.*

(HCIDevice & HCIException) & uicc.hci.services.connectivity.*

(ConnectivityService)

o For contactless cards only,


❖ Abandoned compatibility of JC 2.2.1 and JC 2.1.x platforms

▪ GloabalPlatform support:

❖ dependency with GP 2.1.1 API, & compatibility with higher versions.

❖ Abandoned compatibility with Visa OpenPlatform 2.0.x.

▪ These packages are also available in versions of Calypso licensees which support the factory personalization process (not involving an Activation Module).

• Corrections:

o For all versions,

▪ Calypso challenges processing as in REV3.2 → as taken into account by the REV3.1 certification process.

▪ Correction of the Stored Value usage limitation.

▪ Support of Increase/Decrease Multiple commands with more than 32 updated bytes.

▪ Support of Increase/Decrease commands for counter index higher than 9.

▪ Support of binary read in case of invalidated DF.

▪ Fixes of error status priorities.

▪ Support of ‘ssnn’ DGI to personalize Binary EF.

Default package AID: F8 43 4E 41 2E 43 61 6C 79 70 73 6F 31 33 30 30h



Page Date

12 / 14

2020/12/11


2.2 Next coming version


2.0 mid-2021

• New Calypso features

o For all SE

▪ Support of Calypso Revision 3.2: first version based on REV3.2, including the support of AES cryptography and confidential secure session.

▪ Support of Calypso Revision 3.3: first version based on REV3.3, including the support of PO asymmetric authentication.

• Possibility to update the package of Calypso applet on a SE, and to restore the instances data

o For all SE

▪ Calypso process to reallocate a serial to a previously disabled instance.

o For SE supporting GlobalPlatform amendment ‘H’

▪ Data instances’ package backup: support of the migration process defined by GP amendment ‘H’ (still in review at the date of publication of this roadmap). Thanks to the GP security of the SE, it is possible to back-up the data of the applicative instances in the SE, then to update the package and re-install the instances, and finally to redeploy the secured data. In this case, the instances of the new package keep the same serial number of the original package; the key sets and ticketing data are restored as it is in the new instances.

2.3 Old versions


1.2 2015/07/07

Released in order to pass the new Calypso REV3.1 PO functional evaluation process, first version considered for NFC UICC package preloading.

• New features,

o For all versions,

▪ Increase of the modification buffer maximum size to 4096 bytes. (previously limited to 362 bytes)

▪ Functional fixes.


o For all versions, packaged for the personalization with an Activation Module,

▪ The Java Card platform should support 1536 bits RSA cryptography.


▪ Java Card support: dependency with JC2.2.2 API, assurance of compatibility for higher versions limited to JC 3.0.4.

▪ GlobalPlatform support: dependency with GP 2.2.0 API (including the support of amendments A & C)

o For contactless cards only, three configurations to address old & newer platforms

▪ Dependency to Java Card 2.2.2 API (compatibility with higher versions) requiring the support of a garbage collector, associated with dependency to GlobalPlatform 2.1.0 API, (compatibility with higher versions). This package is also available in a licensee version which support the factory personalization process (not involving an Activation Module).

▪ Dependency to JC 2.1.x API (compatibility with higher versions) not involving a garbage collector, associated with dependency to GP 2.1.x API, (compatibility with higher versions). This package is also available in a licensee version.



Page Date

13 / 14

2020/12/11



▪ Dependency to JC 2.1.x API not involving a garbage collector, associated with dependency to Visa OpenPlatform 2.0.x API. This package is only available for a licensee version.

• Certifications:


▪ Passed the AFSCM security evaluation for several package AID.

▪ Calypso REV3.1 functional evaluations operated on several UICC & eSE platforms.


1.1 2014/01/29

Released to solve a TSM issue with some UICC by adding the support of the self-activation privilege.

• New features,

o For all versions,

▪ New package AID format to include the package version, to allow the load of several versions of packages on a same SE.

▪ Minor functional fixes.

o The NFC SE version is based on GP2.2 with support of amendments A & C:

▪ The Calypso instance installation supports the self-activation privilege.

▪ The Calypso instance installation can include system parameters to set the contactless setting of the NFC SE.

▪ Abandonment of the push mode (OTA secure session), this feature is by default disabled for the NFC package.


o Same as package version 1.2

• Certifications:


▪ Passed the AFSCM security evaluation for several package AID.




Page Date

14 / 14

2020/12/11



1.0 2012/10/31

First published release, based on REV3.1, available in different packages & versions:

• NFC SE – based on GP2.2 with support of amendment A, fit for NFC UICC or NFC eSE,

o Only version to include in addition the OTA personalization process (through the Security Domain). OTA push secure session is activated by default.

o Deployed only in activation module version, for post issuance personalization.

o Always proposed with all Calypso options.

• Contactless SE – based on GP2.1 & JC2.2 (with garbage collector support), fit for most of contactless ISO 14443 PICC,

o Supports only the personalization through the application.

o Also available in factory activation version for factory personalization by Calypso licensees.



▪ Java Card support: dependency with JC2.2.2 API, assurance of compatibility for higher versions limited to JC 3.0.4.

▪ GlobalPlatform support: dependency with GP 2.2.0 API (including the support of amendments A)

o For contactless cards only, three configurations to address old & newer platforms

▪ Same as package version 1.2

• Certifications:


▪ Passed the AFSCM security evaluation for a single package AID.

Default package AID: F8 52 41 54 50 2E 43 41 4C 59 50 53 4Fh

.

Calypso REV3.1 Card Applet version 1.3.9 - Release Note

Documents

Transcript of Calypso REV3.1 Card Applet version 1.3.9 - Release Note