Eclipse Keyple

Basics
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Parent Project: 
Background: 

Calypso is a set of specifications describing a fast and secure off-line contactless transaction, between a portable object and a terminal. It has been created at the end of the 1990s by some european public transport operators or authority (RATP and SNCF in Paris and all France, STIB in Brussels, OTLIS in Lisbon, ACTV in Venice, Konstanz in Germany), in order to create an open , interoperable and secure standard independent from industrials to ensure a real competition.

Today Calypso represent 20% of the world market of contactless smart ticketing in 25 countries and 125 cities. It brings to his user a guarantee of security and interoperability which relies on a total compliance with existing standards  (ISO 14443, ISO 7816-4, Global Platform). The Calypso standard is managed by the Calypso Networks Association (CNA) , which is led by transports operators and public authorities in order to ensure openness and independence from industrials in confront of other proprietary schemes.

The openness for a contactless ticketing standard can be evaluated for the two mains components of ticketing systems, with the complementary concern about guarantee of security:

  • Cards and portable objects (mobile phones, Java objects, wearables, …)
  • Terminals (validators, vending equipment, …)

We can affirm that a real openness is achieved for cards and portable objects with the Calypso standard with a large choice of products and providers (card manufacturer, OS makers and chip providers) and a real competition between them.

However, for ticketing equipment the situation is more contrasted. In fact, if the Calypso specifications are open, the terminal applications operating ticketing data (contracts, pricing, user profile) which have to be implemented on top of a smartcard management layer are proprietary of a few ticketing integrator/manufacturer, and the networks who used this solutions may only manage evolutions in a “purchase by agreement” manner, with a direct impact on the price.

Furthermore, other mobility actors (Car sharing, bike sharing…) that would like to be integrated in the mobility ecosystem led by public transport operator would like to benefit of the highly secured Calypso transaction “as a service”, and consequently be ready for global integration without being ”killed” by complexity and security issues  that would oblige them to make too big investments.

In fact, from the very beginning, the scope of Calypso Networks Association is to promote the open standard  Calypso which has been originally designed  for Interoperability in transportation.  Nowadays, we are more talking about Mobility, including very different and new modes, and “traditional transport operators  are facing commercial and technical issues about providing a door to door seamless travel to their customer. Consequently, Calypso Networks Association, leaded by Public Transport operators, decided to develop and publish an Open Source SDK that could fit with any type of terminal and contactless reader architecture in order to facilitate and spread the adoption of the calypso standard. Thus new mobility actors, transport operators, Local authority will be able to focus on the travelers expectations, commercial agreements and new mobility programs development without losing time on technical issues or allowing smooth evolution of their systems. 

Scope: 

Eclipse Keyple provides generic librairies for simplifying the development of contactless applications based on the Calypso standard, and for facilitating integration with the secure elements typically involved in a secure contactless solution. Those librairies will also be compliant with the other existing standards af the market.

The operating systems and cryptographic calculations processed in both portable objects and Secure Access Modules are out of scope of Keyple as the ticketing data model and fare calculations applications  that will use the functions of Keyple to access Calypso portable objects.

 

Description: 

The goal of Eclipse Keyple is to allow developers to easily implement fast and secure off-line contactless transactions (using NFC cards, mobile phones, …) based on the Calypso standard.

More specifically, Keyple is a set of open source libraries that will initially be available in Java and C++, designed on the same mutual Object-Oriented Model compatible with any terminal architecture: mobile, embedded or server and Interoperable with any smart card reader solution: standard or proprietary, local or remote.

It manages the advanced security features of Calypso but is also able to manage non-Calypso smartcard solutions, for ticketing or payment.

Keyple defines two layers:

  • Ticketing applications relies on a high-level Calypso processing API to manage Calypso commands & security features. For a session with a Portable Object: SAM commands can be automatically generated and sent to the SAM reader or HSM.
  • Secure Element (SE) readers are integrated through plugins implementing the SE Proxy API which manages the communications with a contactless secure element through ant type of contactless reader (local, remote, standard, proprietary…)

 

Keyple propose a Local and Remote Secure Element optimization:

Cards or SAM’s commands are grouped to limit network exchanges for mobile, embedded terminal or server solution.

Keyple can be used with Standard or Proprietary SE reader driver:

It will be packaged with plugins to manage standard Secure Element interfaces: Android NFC Reader, Android SmartCard interface, Windows/Linux PC/SC, Java SmartCard IO PC/SC interface.

Keyple can also be extended with plugins implementation to manage proprietary drivers that could be proposed by smartcard reader manufacturers.

Thanks to its modular architecture, Keyple can be used also to communicate with non Calypso contactless portable objects, using the SE Proxy API.

More informations can be found on our website : https://keyple.org/

Why Here?: 

Eclipse Keyple will open and spread contactless ticketing technology to everyone (today it is in the hand of few big players…)

It will enlarge the scope of the Eclipse IOT WorkGroup to the Contactless (NFC) technology, and it could enrich the Eclipse SENSINACT project as Public Transport is a key subject for smart city ecosystems.

Project Scheduling: 

The Java implementation will be formally released in July as part of the initial contribution.

The C++ part and the SE remote will be released later in Q3 2018.

 

Future Work: 

We plan to offer before the end of the year a more complete Calypso processing module that will implement all additional and optional features of the last Calypso version.

We will also provide a C version of Keyple for very low memory terminals.

People
Committers: 
Jean-Pierre Fortune
Florent Clairambault
Olivier Delcroix
Interested Parties: 

The Following Companies are interested by Eclipse Keyple (and some of them have already access to the first phase as Bëta testers):

  • Bixi: Company that operates BikeSharing system in Montreal using the OPUS Transport card (which is Calypso-based) in cooperation with STM, the tranport operator of Montreal.
  • Ubi Transporrt: Company that propose light ticketing systems based on Account Based architecture to small public transport networks in France. (As Transpor Ticketing in France is 100% Calypso based they have to be Calypso Compliant)
  • Famoco: Company that provide Android Based ticketing devices for inspection and Validation. They want to use Keyple to adress Calypso Based Markets
  • Ixxi: ITS Subsidiary of RATP, that want to use Keyple as the Core of a Calypso Based NFC Ticketing Mobile app 
  • 5T: Transport Operator of Piemonte Region in italy that wants to use Keyple to use their Calypso Card for new mobility services (Bike Sharing, Car Sharing, Parking...
Source Code
Initial Contribution: 

The different components of the Java implementation of the Keyple project

  • the 'keyple-core' module: it’s the main library which allows to manage in a generic way any kind of smartcard reader
  • the 'keyple-calypso' module: it’s an extension library which provides the support de define commands and secure transaction specific to the Calypso ticketing solution
  • the 'keyple-plugin-android-nfc' module: an extension dedicated to the android environment which allows to connect the NFC reader of an Android device to the Keyple SE API.
  • the 'keyple-plugin-android-omapi' module: an extension dedicated to the android environment which allows to connect contacts smartcard readers of an Android device (SIM / embedded Secure Element) to the Keyple SE API.
  • the 'keyple-plugin-pcsc' module: an extension dedicated to PC running a standard JRE with the SmardCardIO API, which allows to connect any PC/SC readers to the Keyple SE API.
  • the 'keyple-plugin-stub' module: an extension used to define a fake configuration, to allow to connect to the Keyple SE API different emulations of specific smart cards.
  • the 'keyple-example' module: some demo applications involving all the other components of the Keyple Java to illustrate the usage of the API.

All the components are based on the API of the Java Runtime Environment Standard Edition version 6: the OpenJDK is based on the ‘GNU General Public License’ in version 2.

The two Android components use in addition some API specific Android environment: the Android Open Source Project (AOSP) is based on the ‘Apache Software License’ in Version 2.0.

The OMAPI plugin imports also API of the SEEK for Android project (https://github.com/seek-for-android/ ) based on the ‘Apache Software License’ in Version 2.0.

Unit tests & logging involve

The project uses also the Apache Commons API based on the ‘Apache Software License’ in Version 2.0.

Source Repository Type: