Package org.eclipse.keypop.calypso.card.transaction

Interface SymmetricCryptoSecuritySetting

public interface SymmetricCryptoSecuritySetting
Security setting for a Calypso card transaction secured by "symmetric" key cryptographic algorithms (e.g. SAM).

An instance of this interface can be obtained via the method CalypsoCardApiFactory.createSymmetricCryptoSecuritySetting(SymmetricCryptoCardTransactionManagerFactory).

Since:
2.0.0

  • Method Details

    • enableMultipleSession

      SymmetricCryptoSecuritySetting enableMultipleSession()
      Enables multiple session mode to allow more changes to the card than the session buffer can handle.
      Returns:
      The current instance.
      Since:
      1.0.0

    • enableRatificationMechanism

      SymmetricCryptoSecuritySetting enableRatificationMechanism()
      Enables the ratification mechanism to handle the early removal of the card preventing the terminal from receiving the acknowledgement of the session closing.
      Returns:
      The current instance.
      Since:
      1.0.0

    • enablePinPlainTransmission

      SymmetricCryptoSecuritySetting enablePinPlainTransmission()
      Enables the PIN transmission in plain text.
      Returns:
      The current instance.
      Since:
      1.0.0

    • enableSvLoadAndDebitLog

      SymmetricCryptoSecuritySetting enableSvLoadAndDebitLog()
      Enables the retrieval of both loading and debit log records.

      The default value is false.

      Returns:
      The current instance.
      Since:
      1.0.0

    • authorizeSvNegativeBalance

      SymmetricCryptoSecuritySetting authorizeSvNegativeBalance()
      Allows the SV balance to become negative.

      The default value is false.

      Returns:
      The current instance.
      Since:
      1.0.0

    • disableReadOnSessionOpening

      SymmetricCryptoSecuritySetting disableReadOnSessionOpening()
      Disables the automatic merging of the "Open Secure Session" command with a possible "Read Record" command.

      By default, this optimization is performed when the command that follows the session opening is a "Read Record" command.

      This mechanism may in some cases be incompatible with the security requirements.

      Returns:
      The current instance.
      Since:
      1.6.0

    • assignKif

      SymmetricCryptoSecuritySetting assignKif(WriteAccessLevel writeAccessLevel, byte kvc, byte kif)
      Defines for a given write access level the KIF value to use for cards that only provide KVC.
      Parameters:
      writeAccessLevel - The write access level.
      kvc - The card's KVC value.
      kif - The KIF value to use.
      Returns:
      The current instance.
      Throws:
      IllegalArgumentException - If the provided writeAccessLevel is null.
      Since:
      1.0.0

    • assignDefaultKif

      SymmetricCryptoSecuritySetting assignDefaultKif(WriteAccessLevel writeAccessLevel, byte kif)
      Defines for a given write access level the default KIF value to use when it could not be determined by any other means.
      Parameters:
      writeAccessLevel - The write access level.
      kif - The KIF value to use.
      Returns:
      The current instance.
      Throws:
      IllegalArgumentException - If the provided writeAccessLevel is null.
      Since:
      1.0.0

    • assignDefaultKvc

      SymmetricCryptoSecuritySetting assignDefaultKvc(WriteAccessLevel writeAccessLevel, byte kvc)
      Defines for a given write access level the KVC value to use for cards that do not provide KVC.
      Parameters:
      writeAccessLevel - The session level.
      kvc - The KVC to use.
      Returns:
      The current instance.
      Throws:
      IllegalArgumentException - If the provided writeAccessLevel is null.
      Since:
      1.0.0

    • addAuthorizedSessionKey

      SymmetricCryptoSecuritySetting addAuthorizedSessionKey(byte kif, byte kvc)
      Adds an authorized session key defined by its KIF and KVC values.

      By default, all keys are accepted.
      If at least one key is added using this method, then only authorized keys will be accepted.

      Parameters:
      kif - The KIF value.
      kvc - The KVC value.
      Returns:
      The current instance.
      Since:
      1.0.0

    • addAuthorizedSvKey

      SymmetricCryptoSecuritySetting addAuthorizedSvKey(byte kif, byte kvc)
      Adds an authorized Stored Value key defined by its KIF and KVC values.

      By default, all keys are accepted.
      If at least one key is added using this method, then only authorized keys will be accepted.

      Parameters:
      kif - The KIF value.
      kvc - The KVC value.
      Returns:
      The current instance.
      Since:
      1.0.0

    • setPinVerificationCipheringKey

      SymmetricCryptoSecuritySetting setPinVerificationCipheringKey(byte kif, byte kvc)
      Sets the KIF/KVC pair of the PIN verification ciphering key.

      The default value for both KIF and KVC is 0.

      Parameters:
      kif - The KIF value.
      kvc - The KVC value.
      Returns:
      The current instance.
      Since:
      1.0.0

    • setPinModificationCipheringKey

      SymmetricCryptoSecuritySetting setPinModificationCipheringKey(byte kif, byte kvc)
      Sets the KIF/KVC pair of the PIN modification ciphering key.

      The default value for both KIF and KVC is 0.

      Parameters:
      kif - The KIF value.
      kvc - The KVC value.
      Returns:
      The current instance.
      Since:
      1.0.0

    • initCryptoContextForNextTransaction

      void initCryptoContextForNextTransaction()
      Prepares the cryptographic module for the next transaction by anticipating all security context configuration operations.

      This feature is only useful if the currently allocated cryptographic module will be used for the next transaction. It is particularly relevant to optimize the transaction time in a ticketing context of user card validation.

      For this optimization to be effective, it is necessary to call this method at the very end of the current transaction, i.e. after having notified the user of the access right (e.g. after opening the gate).

      Throws:
      CryptoException - If an error occurred when computing a crypto operation.
      CryptoIOException - If a communication error with the crypto module (e.g. timeout with the reader or the computing unit, network error, etc.).
      Since:
      2.0.0