Calypso Portable Object (PO) Certification Process

The Calypso Networks Association (CNA) has implemented a certification process for Calypso POs. Early 2020, this process evolved by involving a third party Certification Body, Paycert, which guarantees the equity of the process.

It results in the issuance of certificates of conformity for the following products:

  • Calypso Prime products (native and Java Card):
    • Regular products, supporting only the minimum set of Calypso Prime features (previously known as Revision 3.1), with TDES and DESX cryptographic algorithms.
    • Extended products, supporting also the Extended mode (previously known as Revision 3.2 mode), which allow to enhance the security using longer signatures and optionally AES keys, with optional encryption of the data and optional authentications during the Calypso Secure Session. The Extended mode is an option available in addition to the Regular mode​.
    • PKI products, supporting also the PKI mode (previously known as Revision 3.3 PKI mode), allowing to authenticate a Calypso application, and possibly its data, using only a public key (no SAM necessary for this authentication). The PKI mode includes the Extended mode.
      The certification process for Calypso Prime PKI products will be ready soon.
  • Calypso Light products (previously called "CLAP").

 

For Calypso Light rev1

 

CNA is the editor of the PO specifications and publishes the guidelines of the Certification process.
CNA defines the comprehensive list of functional and security requirements that a product must satisfy.

PayCert is the Certification Body that validates and controls the certification program for Calypso Portable Objects.

The Vendor provides to the Laboratory the PO which is candidate for certification. The Laboratory is habilitated by PayCert.

CNA and PayCert manage all the communications relating to the PO Certification.

 

Step 1
The Vendor downloads the certification documents on the Paycert website.
The Vendor requests a certification by completing the Certification Request Form and the Implementation Conformance Statement and sending them to Paycert.
Paycert validates the ICS and returns the signed ICS to the Vendor and a copy to the Test Laboratory.

Step 2
The Vendor contracts with the Laboratory and provides PO samples.
The Laboratory evaluates the samples provided by the Vendor.

Step 3
The Laboratory sends the result of the evaluation, the Laboratory Functional Test report, to the Paycert, following validation from the Vendor.
Paycert produces a Certification Report and delivers a decision based on this report.

Step 4
When the decision is favorable, Paycert delivers a Certification Letter to the Vendor.

Step 5
If granted, Paycert and CNA update the certified PO lists for Calypso Prime native products, Calypso Prime applet products or for Calypso Light products.