RFID Contactless Compliance
Technology for electronic payment
RFID (Radio Frequency Identification) Contactless technology is becoming available worldwide as the common standard for various means of electronic payment; it applies to any type of electronic financial transaction, can be integrated into any equipment designed for payment purposes, however small the sum, in various sectors:
- automatic payment terminals,
- machines for the supply of goods or services,
- CNS (National Services Card) – as cards for health services, for e-government and for mobility.
Fundamental conditions for applications based on RFID technology – as, for instance, electronic ticket issue and micropayments – are the interoperability of systems and the independence from the supplier of the hardware. In this technological scenario, the guarantee of reliability and interoperability of equipment used comes as standard with the certification of the parameters for radiofrequency defined by the relevant ISO standards.
CUBIT, in partnership with ClickUtility and Rina, carries out a service of certification of compliance of the basic components of the RFID system (smart card – validator – sales terminal). This process of certification carried out by an external third party, guarantees an objective validation of the functional characteristics of the system and the resolution of technical problems and those regarding interoperability. The ISO 14443 certification allows Cubit to check the functional quality of RFID equipment, the correct process of production as well as the compatibility and integration of complex systems developed by diverse System Integrators.
What can be certified: from ISO 14443 standard to the parameters set by the Calypso standard
An RFID Contactless system should conform to the standards at 7 different levels:
|1||Contactless Comm. Interface and Comm. Interface||ISO / IEC 14443 – ISO / IEC 7816-3|
|2||Card OS and Files Structure & Commands||ISO / IEC 7816-4|
|3||Card Data Structure||CEN EN 1545|
|4||Card and SAM Security Mechanisms||Calypso Card Application|
|5||Data Model||Calypso Data Model|
|6||Terminal Applicative Software||Clypso API|
|7||Security management and Architecture||Calypso Security Architecture|
In order to guarantee the interoperability between diverse suppliers it is essential that all devices implement these levels in the same way. The Calypso standard requires:
Application of the requirements of ISO 14443, ISO 7816-4, EN 1545
The use of Calypso secure transaction (card commands)
The use of the same data initialization through use of the same conformation pattern of the generic data model for all system components
The use of the same data model
A uniform common security architecture.
The ISO 14443 standard defines in the regulation ISO 10373-6 the requirements of compliance of contactless devices (smart card and reader) operating at the frequency of 13,56 MHz used in contactless RFID systems.
Thanks to our partnership with major measuring instrument production companies, Cubit is in a position to test compliance to standards at all seven levels of the transaction by checking:
Correct functioning of the device
Compliance to ISO 14443 standard
The correct implementation of the Calypso standard, aimed at the guarantee of privacy and security.
The ISO14443 standard specifies two types of card (Type A and Type B) according to the modulation pattern used for data transmission.
The test list defined by CUBIT with regard to the certification of cards provides for tests for the purpose of assessing the transmission and reception of the signal and maintenance capacity of the physical characteristics including under conditions of functional stress. Besides, the measurement of their fundamental parameters of construction is carried out, namely frequency of resonance and Q factor. Such parameters give detailed indications concerning the quality standard of the card and potential functional improvements that could be made to the product. Besides this, as regards the readers, tests permit to assess that the shaping and intensity of query signal are effectively within the limits provided for by specific rules and standards