Thales HSMs Secure Snapper’s Mobile Reload Transit Solution

How an innovative Company Added Convenience for Commuters While Delivering Iron-clad Security

The Challenge: Maximize Security For Mobile Transit Purchases Without Slowing Performance

Snapper, an enterprising New Zealand company, set out to improve public transportation for riders in Dublin, Ireland. The National Transport Authority of Ireland wanted to make paying for transit much more convenient for their riders, even letting them load their cards while a bus approaches within sight. Snapper needed to give NTA’s customers a way to check their balance and instantaneously re-load their LEAP transit cards using their smart phones. Their solution needed to serve up to 500 people topping up at the same time—and to do so with the utmost security.

The Solution: Smart Phone Payments Secured By Thales HSMs

Snapper designed a solution that lets customers load their transit accounts by tapping their smart cards to their phones and making payments through Snapper’s app. The phones recognize the contactless chips embedded in the cards, triggering Snapper’s app to open. The app authenticates and reads the cards and guides customers through PCI-compliant credit card transactions. Customers then use the transit cards to travel by bus, tram, and rail in Dublin.

To help secure their solution, Snapper turned to Thales nShield HSMs (hardware security modules). Snapper’s app encrypts customer transaction data, and uses nShield HSMs to manage the encryption keys critical to safeguarding the data. For high assurance security, all encrypted data is stored in the contactless chips in the smart cards.

CodeSafe Helps To Secure Transactions

The security of Snapper’s solution relies on managing encrypted data, keys, and, to ensure integrity, the mutual authentication between the smart cards and HSMs—all driven by Snapper’s custom routines. These sensitive routines and the data they handle would be vulnerable to threats if exposed outside the closed system. Thales CodeSafe provided the protection Snapper needed by securing the crypto code within the boundaries of their nShield HSMs.

nShield Lets Customers Control Their Keys

The NTA’s master keys are their most valuable secrets and the NTA’s IT managers follow very strict processes to protect them. Thales nShield HSMs and the associated Security World architecture fully supported these key handling processes and made it easy for the NTA to manage all production key related functions securely and without involvement from Snapper.

Thales’s Architecture Supports Strict Policy Adherence

Security World greatly reduces the risks of non-authorized personnel gaining control of encryption keys by enforcing roles- based controls, thus helping to ensure comprehensive security.

About The Solution

Thales HSMs

Thales nShield HSMs provide a tamper-resistant environment for secure cryptographic processing and key management. nShield HSMs are certified and meet established and emerging security standards for cryptographic systems while staying highly efficient.

nShield HSMs isolate and protect cryptographic operations and keys for organizations’ most critical applications. nShield HSMs perform encryption, digital signing, and key management for an extensive range of applications including public key infrastructures (PKIs), SSL/TLS, and code signing. nShield HSMs are high-assurance alternatives to software-based cryptography – supporting all leading algorithms and featuring world-class ECC performance.

With Thales HSMs and their unique architecture, you buy only the capacity you need and easily scale your solution as your needs evolve.

Thales CodeSafe

CodeSafe hosts and runs sensitive custom applications within nShield HSMs. CodeSafe lets applications decrypt, process, and encrypt data inside the secure environment. As a result, applications, such as Snapper’s code used to authenticate smart cards, are well protected from outside threats.

Advanced Solutions Group (ASG)

The Thales ASG team of security consultants delivers customized services to meet specific business needs. Experienced with a variety of applications, the ASG team helps organizations plan integrations, mitigate risks and execute projects through deployment and field testing – quickly and securely.

Key Thales Solution Benefits

  • Protect cryptographic keys and operations within tamper- resistant hardware to significantly enhance security over software-only solutions.
  • Run sensitive custom applications within HSM boundaries using CodeSafe.
  • Maintain control over your keys and build HSM estates that scale with evolving needs with Thales’ unique Security World architecture.
  • Develop your solution efficiently and confidently with Thales ASG’s expert guidance.