10
A Secure and Open Solution for Seamless Transit Systems
A Secure and Open Solution for Seamless Transit Systems
Copyright © 2010 OSPT Alliance - Confidential 3
Today’s Proprietary Fare Collection Systems
Transit operators must combat growing security threats while identifying new revenue sources and enhancing fare collection. Legacy proprietary systems limit their options.
Legacy security measures no longer enough Widely used legacy security chip hacked New schemes demand advance security
Single-vendor technologies limit operator flexibility Lack of competition reduces vendor motivation to innovate Slows time-to-market for new applications that would increase revenue
and usage Proprietary technology results in high cost of ownership
Costly and time-consuming to upgrade, expand, enhance Difficult to integrate with other systems to streamline operations,
reduce cost of ownership
Copyright © 2010 OSPT Alliance - Confidential
Evolving to Next-Generation Transit Fare Collection Today
Paper tickets, or transit-only smart cards Legacy proprietary security schemes inadequate to meet demands of
tomorrow’s fare collection paradigm
Tomorrow Paper tickets, open standard transit smart cards, transit with open bank
card payments, transit payments via NFC devices An advanced open standard security scheme is required to enable
systems that deliver customer convenience, future end-point support (NFC) and operational efficiency for operators
Creating a new advanced, complex security scheme is costly and high-risk for a single vendor
The OSPT Alliance, an industry-wide effort, has been launched to deliver this vision of tomorrow’s seamless transit systems
3
Copyright © 2010 OSPT Alliance - Confidential
Open Standard for Public Transport (OSPT) Alliance
Focus: Mobilize an industry-wide, vendor-neutral open standard movement for public transportation
Founded by four major technology vendors: Giesecke & Devrient, INSIDE Contactless, Infineon Technologies, Oberthur Technologies
Security Focus: Goal is to bridge the security gap for next-generation smart card- or mobile device-based AFC
Open: Open to all members of the global transport ecosystem
Forum for education, networking, technical workgroups, shaping and evolving industry standards
Creators of Cipurse™, an advanced open security standard for public transportation
4
Copyright © 2010 OSPT Alliance - Confidential
Introducing Cipurse
A foundation for multiple services — Security scheme the basis for a variety of products and components across the entire fare collection system
Secure — Utilizes the 128-bit Advanced Encryption Standard (AES), adopted by both the US and German governments
Compatible with legacy systems — Based on the ISO 7816 smart card standard and the ISO/IEC 14443-4 protocol
Flexible — Common command set and architecture supports new schemes for transit fare collection, as well as common legacy applications
Form-factor independent — Works with variety of smart cards, as well as NFC-enabled phones and secure NFC microSD cards
Scalable — From transit-only to multi-application smart cards and NFC devices
Interoperable — To be certified by independent third-party (2011)
5
Copyright © 2010 OSPT Alliance - Confidential
Designed for Flexibility and Functionality
Authentication Secure messaging File types & command set Keys & access conditions Life-cycle management
Operating System
RF Communication Layer
Other Schemes
Payment, ID…
App
licat
ion
Oth
er 1
App
licat
ion
Oth
er M
App
licat
ion
Ope
nSt
anda
rd 1
App
licat
ion
Ope
nSt
anda
rd 2
App
licat
ion
Ope
nSt
anda
rd 3
App
licat
ion
Ope
nSt
anda
rd N
6
Core functions specified by the Open Standard: Security concept Secure key management Interoperability Fare media cross-system
interoperability Fare media migration
Copyright © 2010 OSPT Alliance - Confidential
And Ease of Migration
Most of today’s transport systems support processor-based cards The open standard supports commercial of-the-shelf components
and products ISO 14443-4 and AES128 are commonly used and available
Existingsolution basedon proprietary
products
Issue new card withsupport of the open
standard
Upgrade system to beable to issue ISO/IEC14443-4 commandsand AES128 support
(if needed)
Add command setbased on ISO/IEC 7816and secure messaging
to the application
Proprietary Solution Open Standard
7
Copyright © 2010 OSPT Alliance - Confidential
Open vs. Proprietary Fare Product Platform
8
Open Proprietary
Application Management/Data Access
Memory for Applications
Multi-application Capability
Transaction Speed (Check-In/Check-Out)
Security Implementation
Security Architecture
Evaluations & Certifications
Cost
Production Performance
Governance of Functionality(Transit Industry Control) (Silicon Vendor Control)
Cross Industry Support
Multiple Card Vendor Sourcing
Multiple Hardware Sourcing
Copyright © 2010 OSPT Alliance - Confidential
Open Standard—The Right Decision for Transit Operators Cost-effective
Lowers operating costs Future-proof fare collection systems Migrate once and not have to migrate again
Flexible Vendor independence increases procurement options Enables quicker response to new market requirements Improved scalability
Highly secure Advanced security capabilities Security without compromising performance
Convenient for customers Supports multiple form-factors, including NFC devices Increased ridership increases revenue
9
Copyright © 2010 OSPT Alliance - Confidential
Summary
Public transport fare collection is one of the fastest-growing smart card markets worldwide
Proprietary and less-secure legacy systems are barriers to adoption of new, advanced fare collection models
OSPT Alliance launched in December 2010 by four leading technology companies to drive adoption of a new open security standard for public transportation
OSPT introduces the Cipurse open security standard at CARTES in December 2010 to enable more flexible, cost-effective and secure fare collection schemes
OSPT to evolve to an independent organization in early 2011, with independent certification of compliance later in 2011
10
