ospt-cipurse briefing€¦ · 2014-02-05 · transportation ecosystem! other solutions are not...

Walt Bonneau WCB Enterprises

Associate Member

February 7, 2014

OSPT-CIPURSE™ Briefing Open Standard for Public Transportation

OSPT Alliance

§  Eco-system broad Alliance founded late 2010 by leading global technology vendors to promote an open and secure standard for public transportation

§  Vendor-neutral

§  Open to all members of the public transport ecosystem

Ø  Presently there are over 40 members and associate members

Ø  A forum for education, networking, technical workgroups, shaping and evolving industry standards

Ø  To make public transportation faster, more secure and more convenient

§  The Alliance’s missions:

Ø To develop and maintain CIPURSE™

Ø To provide an alternative choice to the Public Transport Operators

Ø  Reduce cost, time to market and complexity for operators

§  An umbrella for convergence of current standards, e.g. a foundation for global interoperability.

Copyright Protected © 2014 OSPT Alliance 2

Open Standards

§  OSPT- CIPURSE™ leverages a multitude of existing standards to provide for an open environment.

Copyright Protected © 2014 OSPT Alliance

ISO 18092 NFC

ANSI 410 Limited Use

ISO 7816-4 Security & Commands

for Interchange ISO/IEC 14443 Proximity Cards

ISO/IEC 10373-6 Test Methods

AES 128 bit Encryption SP800-38A

ISO 7810 Identification

Cards

3

ISO 24014 Interoperable Fare

Management

What CIPURSE™ Brings to the Transit Ecosystem


Integrators

§  Single set of specifications for broad range of products, reducing development costs and accelerating time to market

Vendors

§ Modular, device-agnostic design enables developing families of interoperable products with wide range of functionality based on a single specification

§ Encourages innovative, more secure, interoperable transit fare collection solutions for cards, stickers, fobs, mobile phones, consumer devices, and infrastructure components

Transit Operators

§ Fosters greater choice among large ecosystem of vendors § Drives lower costs, greater flexibility in designing and implementing

fare collection systems § Gain benefits of open standards, like Java Card and GlobalPlatform §  Simplifies enhancements supporting mobile payments with smart

phones, tablets and other smart devices §  Interoperates with any existing SIM card, including Java applets

4

What is the CIPURSE™ Open Standard?

§  An advanced standard for contactless cards and mobile-based fare collection systems, enabling new features and capabilities:

Ø  Vendor-independent Ø  Developed to meet the needs of the transit industry Ø  Technology providers free to add functionality outside the common

core Ø  Incorporates advanced security Ø  Supports future-proofing through:

v Design flexibility: Presents transit operators with better options for system growth and efficiency

v Fare media independence: Designed for use with all contactless smart fare media, including NFC-based mobile phones

v Reader independence: Any ISO contactless compliant reader can be used


CIPURSE™ Family Profile

§  An open security specification designed specifically for transit fare revenue collection.

§  Significant Upgrade, CIPURSE V2 released in October 2013

§  Based on V1 with major concept introduction: Family Profiles

Ø  CIPURSE T: For microprocessor-based transactions using smart cards, mobile phones and similar devices used in complex transit fare applications, such as monthly or annual tickets, multi-system tickets and loyalty programs

Ø  CIPURSE S: For rechargeable ticket applications supporting a specific number or time period of rides or value, Stored Value

Ø  CIPURSE L: For inexpensive, Limited Use ticket applications

§  Others Ø  Java Accelerator APIs (card & terminal) Ø  SAM and Key management specifications (under IPR review) Ø  CIPURSE Mobile Guideline s


CIPURSE™ V2 v.s. Other Solutions

§  CIPURSE products are scalable

§  All specification levels use same memory structure, command set, crypto algorithm and protocol

§  Only CIPURSE guarantees coexistence of different specification levels (ticket types) running in one transportation ecosystem without changes at the System level

§  CIPURSE allows switching between specification levels (ticket types) and form factors in the transportation ecosystem

§  Other Solutions are NOT scalable

§  Product levels have different memory structures, command sets and security algorithm

§  Different communication standards are used (e.g ISO 14443-3 and ISO 14443-4)

§  It is not possible to use different product levels in the same transportation ecosystem without Software and/or Hardware changes. Expensive system changes are needed


CIPURSE™ Supports All Contactless Form Factors

CIPURSE is applicable to all forms of contactless products within the same AFC System including cards, key fobs, NFC-based products, and Limited-Use tickets.


CIPURSE™ V2 Facilitates a Multi-Application Universe

CIPURSE Compliant Card

Health Insurance App

AFC & Ticketing

Open Payments App

Loyalty Program

Door Access System

Customer ID App


Creates Possibility of Co-Branding with Banking and/or National ID applications

Add’l functions, e.g. card administration and personalization; not specified by CIPURSE™

Operating System

Chip Hardware Platform Layer

Other Schemes

Payment, ID…

Appl

icat

ion

Oth

er N

Appl

icat

ion

Oth

er N

CIPU

RSE™

Ap

plic

atio

n 1

CIPU

RSE™

Ap

plic

atio

n N

CIPURSE™ Functions •  Authentication •  Secure messaging •  File types & command set •  Keys & access conditions

CIPU

RSE™

Ap

plic

atio

n 2

CIPU

RSE™

Ap

plic

atio

n 3


CIPURSETM Mobile at a Glance

§  Java Card 2.1 or higher and GP 2.2-based Applet

§  Over-the-Air & Over-the-Internet Support Ø  Application download

Ø  In field application activation and de-activation

Ø  Lifecycle management

§  Designed for multi-application support Ø  CIPURSE, payment, access, couponing, loyalty and others on one

secure element

§  Added-value services support to be part of CIPURSE Mobile Ø  CIPURSE Mobile for Couponing

Ø  CIPURSE Mobile for Access Control

Ø  CIPURSE Mobile for Loyalty


Evaluators: across the Value Chain


Chip maker 22%

Gov. agencies 5%

Hardware mfg. 6% SW House

30%

SI 22%

Transit agencies 4% Transit consultants

11%

Total 0%

# 400 evaluators

12

Working Groups and Certification Program

§  Two global Working Groups

Ø  1 Marketing WG

Ø  1Technical WG

§  The key for a Standard:

Ø  An independent lab: public tender/ 6 labs responded

§  Selected Certification Laboratory: Keolabs

Ø  Responsible for the tests validation

Ø  OSPT delivers the Certification Stamp and publishes on website

Ø  No exclusivity

§  V1 Certified Card products:

§  Inside Secure - Oct 2012 §  Infineon – Oct 2012

§  CIPURSE V2 Certification program on going Ø http://www.osptalliance.org/certification


CIPURSE™ Market Traction

§  3 pilot projects underway in 2013 Ø  50 to 100,000 cards in initial deployments

§  CIPURSE™ V1 Ø  INFINEON SLE77 SOLID FLASH™, CC EAL5+, certified Ø  INSIDE JavaCard 2.1 CIPURSE Applet, certified Ø  OBERTHUR JavaCard 2.1 CIPURSE Applet with crypto API

§  CIPURSE™ V2 Mid-range profile Ø  Infineon SLS32TLC100 contactless chip (2013)

v Mifare compatible

§  Infineon EasySAM (Early 2014) Ø  Mifare compatible, DES AES128

§  ECEBS with CIPURSE™ (2013) Ø  ITSO & CIPURSE multi-application card

§  CIPURSE™ Mobile (Early 2014) Ø  Java Card 2.1 and GP 2.2 CIPURSE™ Optimized Applet Ø  Over-the-Air & Over-the-Internet Support Ø  Designed for multi-application support


Thank You

www.osptalliance.org LinkedIn Group: OSPT Alliance


ospt-cipurse briefing€¦ · 2014-02-05 · transportation ecosystem! other solutions are not...

Documents