From HSM to RL HSM, Spirtech enhances the experience of users of public transport and their operators, fully secured!
Written by Spirtech on 16/03/2021
•
Contact
When Spirtech designed the Calypso HSM, the goal was to secure the remote distribution of tickets to simplify sales equipment (no SAM to manage in equipments), and allow new sales channels (resellers, mobile phones).
An HSM advantageously replaces up to 5,000 SAM. Indeed, a SAM processes only one request at a time, but at the end of season passes there are many simultaneous purchases. The HSM increases the transaction speed and improves security management.
However at Spirtech, we have the ambition to always improve our solutions. That's why we designed the HSM 360 Server (WS HSM), which, as the name suggests, is very complete. Indeed, the web service offered by the HSM 360 allows to:
- verify that the HSM 360 is available for queries,
- reserve a virtual SAM for a ticketing session,
- send SAM Calypso commands (APDU) to this virtual SAM,
- free the virtual SAM.
The HSM 360 Server manages Calypso ticketing cryptographic operations and their security:
- Calypso sessions, signatures, etc., especially for personalization, sales and validation operations.
- Management of ticketing terminal SAMs (monitoring ceilings, key export, key invalidation, unlocking).
It includes Calypso HSM containing keys of transit networks that can be hot-managed during the life of the project: adding keys and key groups, invalidating keys, etc. The database contains:
- the complete history of operations performed,
- the list of equipment authorized to connect and their level of authorization,
- the operation statistics,
- the list of alerts and problems detected,
- the operational parameters.
An administration web portal allows to set up the operation of the server, to manage and analyze the ticketing operations secured by the HSM server.
With the HSM 360, transactions are secured from start to end and sales terminals are simplified. Thus, only one server update and management is needed for many terminals.
The HSM 360 server is a basic component of a ticketing distribution system. It manages the security of transactions in order to remotely modify the contents of contactless ticketing cards used in transit networks.
The Trusted Clients exchange queries with the HSM 360. They may be trusted servers (e.g. remote sales server), trusted gateways, relaying queries from terminals, or even trusted terminals in direct contact with the HSM 360.
The Terminals initiating web service queries. Terminals communicate with cards (sales machines, recipe post, remote sales server, etc.). Some terminals send queries directly to the HSM 360, in which case they are also Trusted Clients.
And to go always further, Spirtech has developed its RL HSM Server solution managing the complete purchase and distribution of transport tickets from remote sales terminals:
- mobile phones,
- personal computers,
- resellers,
- simplified sales machines.
The RL HSM integrates an HSM 360 and manages the keys of the various networks of an interoperable basin. This solution facilitates the purchase of tickets and reduces investment in sales infrastructure.
These various security blocks are also used in SurPass HCE, our MaaS solution able to be integrated with existing ticketing systems without disrupting them, and adding some very nice features. It allows users to:
- Buy or top up a ticket from their phone,
- view the contents and validity of a transport card with their phone and reload it,
- present their phone directly to validation equipment,
- create alerts in case a contract is nearly over,
- access the various services in the city and pay for the services offered by the city.
Leslie and Alex, our two favorite users, are delighted that such features exist! (Loading transport ticket and Citizen Multiservice Application)
But SurPass also has features for transit and ticketing operators. For example, it allows you to control or validate tickets from an Android phone or device.
The solution is adaptable on a case-by-case basis, so you can choose to set up only the features you need.