August 2016
Secure ticketing and more
Introducing OSPT Alliance and CIPURSE™
Agenda
Introducing OSPT Alliance
Open Standards
CIPURSE™
A transport operator use case
OSPT Alliance Membership
2 Copyright © 2016 OSPT Alliance. All rights reserved.
Introducing OSPT Alliance – for secure ticketing and more
3
Secure ticketing and more
Copyright © 2016 OSPT Alliance. All rights reserved.
OSPT Alliance 2016
4
71
members
worldwide
Number of
certified
products
21
CIPURSE
community
1100
112
Software
Development
Kits shipped
Global spread of
members
22
114
Copyright © 2016 OSPT Alliance. All rights reserved.
What are we trying to achieve?
Develop and promote CIPURSE as an industry-wide, vendor-neutral open standard for secure ticketing and more
Bridge the security gap with highly secure, interoperable and flexible solutions
Advance open standards through CIPURSE, an open basis for developing next-generation, hardware independent, multi-application fare collection solutions
Reflect and support transit operators’ long-term commercial and technical requirements through scalable, adaptable and neutral products
5 Copyright © 2016 OSPT Alliance. All rights reserved.
The key pillars to OSPT Alliance
6
Specifications Certification Members Resources
Copyright © 2016 OSPT Alliance. All rights reserved.
Open Standards
Open standards bridge solution provider optimization
and user flexibility
Copyright © 2016 OSPT Alliance. All rights reserved.8
Why are open standards needed today?
Closed loop applications and
smart cards
Using legacy technology
Create a strong need for more secure fare-collection systems
To bridge different
geographic standards/
technologies
To develop public/private partnerships
Provide hardware
independence
And business model
independence
Through open loop systems
Only open standards can
make this happen
9 Copyright © 2016 OSPT Alliance. All rights reserved.
What are the major benefits of open standards?
10
Interoperable
Secure
Flexible
Easier to deployEvolvable
Scalable
Easy to
integrate
Innovative
Copyright © 2016 OSPT Alliance. All rights reserved.
The Paradigm Shift: from a technology centric approach…
Copyright © 2016 OSPT Alliance. All rights reserved.11
...to a ‘user centric’ approach
12 Copyright © 2016 OSPT Alliance. All rights reserved.
CIPURSE
CIPURSE enables mobility services
Copyright © 2016 OSPT Alliance. All rights reserved.14
Core features & benefits
Industry compliant
CIPURSE is ISO-compliant, aligning
to the latest industry standards:
ISO/IEC 7816
AES-128
ISO/IEC 14443-4
ETSI TS 102 622
Secure, open solution
Promotes interoperability
across the ecosystem
Multiple applications
Multi-purpose, multi-form factor
and multi-user
15 Copyright © 2016 OSPT Alliance. All rights reserved.
Features & benefits – security and interoperability
16
State of the art cryptographic protocols
Secure and efficient data exchange
Certification
You don’t have to compromise on security with CIPURSE:
Copyright © 2016 OSPT Alliance. All rights reserved.
CIPURSE profiles have a consistent design Product levels have different memory
structures
CIPURSE profiles are scalable Solutions are NOT scalable
All specification levels use same memory
structure/command set/algorithm/protocol
Different communication standards are used
[e.g. ISO 14443-3 and ISO 14443-4]
CIPURSE guarantees coexistence of different
ticket types in the same system
Security algorithms and command sets are
different throughout the product levels
CIPURSE allows switching between ticket
types and form factors
Can‘t use different products in the same
transportation ecosystem without
(expensive) software &/or hardware changes
CIPURSE™ - How does it compare?
CIPURSE
V2 Model
Current
Market
Solution
Copyright © 2016 OSPT Alliance. All rights reserved.17
CIPURSE MOBILE
CIPURSE T
CIPURSE S
CIPURSE L
CIPURSE provides the foundations for a multi-application
universe
Loyalty Programs
TransportMobile Payments
Security access Event Ticketing
Copyright © 2016 OSPT Alliance. All rights reserved.18
Open and closed loop
payments
The risks of not using open standards
19
Lack of
flexibility
Security
risksExpensive
Not always
fit for
purpose
Unable to
protect
your
investment
Copyright © 2016 OSPT Alliance. All rights reserved.
This is an evolution not a revolution
20
Existing
ticketing
systems
User
requirements a
Future
ticketing
systems
User
requirements b
User
requirements n
Copyright © 2016 OSPT Alliance. All rights reserved.
The CIPURSE bottom up approach versus the proprietary
top down approach
21
Existing ticketing systems
are top down
They are supplier
dictated
They lack flexibility Future ticketing systems are
bottom up
Based on user
requirements
CIPURSE
Copyright © 2016 OSPT Alliance. All rights reserved.
CIPURSE V2 – the family concept
Market support:
• Diverse market requirements
• Yet, desire to avoid complexity and keep costs low
Core specification defines:
• Operations and interface specification
• Cryptographic protocol
Defining media specific sub-sets:
22
Multi-application profile
In-field card management
CIPURSE T
Multi-application profile
Pre-defined applications
CIPURSE S
Single-application profile
with reduced file system
CIPURSE L
CIPURSE Mobile
Both a single & multi-
profile app
Copyright © 2016 OSPT Alliance. All rights reserved.
CIPURSE benefits
Use of existing contactless
reader infrastructure
Secure transactions &
storage of credentials
Secure online & offline
transactions
One technical solution for all NFC phones / form factors
Supports HCE
Readiness for future system
requirements / multi-app services
Connecting contactless cards
to the mobile world
Resource efficient as functionality loaded once but used for multiple
purposes
Supports transport, loyalty, micro-
payment, access control, VAS and many others…
Copyright © 2016 OSPT Alliance. All rights reserved.23
CIPURSETM Mobile: enabler for NFC solutions
User Centric
24
SecureService
Convergence Interoperable
Convenient
Wallet &
App
Suitable
OS &
Handset
Independent
CIPURSE
L, S & T
Copyright © 2016 OSPT Alliance. All rights reserved.
Key benefits to using CIPURSE with HCE
Future proof way to implement
Brings added security benefits
Mitigate obvious weaknesses of
HCE
Multiple options for
implementation, to fit operator
needs
But best approach may combine elements of
several
Supports different types of
implementation
Flexible and fits into existing ecosystem
Opens up possibilities for interoperability
Open standards mean no more vendor lock-in
CIPURSE standard free to download
Throughput and availability concerns alleviated
Network coverage no longer an issue with tokenization
Copyright © 2016 OSPT Alliance. All rights reserved.25
What makes a CIPURSE Certified product?
26
A CIPURSE product must conform to a CIPURSE specification
A Conformance Test Report is provided to the Certification Authority (OSPT Alliance) by the Test Laboratory, based on the test plan for the CIPURSE™ specification(s) this product is conforming to
A CIPURSE™ Certificate is provided to the vendor by the OSPT Alliance
Only validated CIPURSE Certified products are shown on the OSPT Alliance website
Copyright © 2016 OSPT Alliance. All rights reserved.
The value of independent testing
27
Confidence that a product
has been rigorously tested to
the highest standards
Objective
review and
management
of the
qualification
process
Third party
validation of a
product / solution
No commercial bias
in the product /
solution /
specification
Assurances that the product will
perform as advertised when live
in the market
This provides the industry with:
Copyright © 2016 OSPT Alliance. All rights reserved.
A transport operator use case
Transport Operator Use Case – ATM Barcelona
29
Plans Announced
To use contactless
cards, NFC phones &
devices to access the
city’s transportation
network
Beyond public transport
System will also support
renting a bicycle at the
train station or paying
motorway tolls
TodayT-Mobilitat smart card
provides all-in-one access to
the city’s transport network,
with CIPURSE only
announced certified
platform¹
Tomorrow
Scalable to support
any form factor and
to work across
Catalan region
Copyright © 2016 OSPT Alliance. All rights reserved.
¹https://contactlessintelligence.com/2016/05/05/barcelonas-t-mobilitat-premiers-the-cipurse-standard-in-europe/
OSPT Alliance Membership
Full Members
Chip Providers/Manufacturers
Card/Inlay Manufacturers
System Integrators & Solution providers
Software Developers
31 Copyright © 2016 OSPT Alliance. All rights reserved.Copyright © 2016 OSPT Alliance. All rights reserved.
Associate Members
32 Copyright © 2016 OSPT Alliance. All rights reserved.
Why become a member?
33
Help shape and
influence the role
of the CIPURSE
open standard
Network and
collaborate with
other individuals
within your sector
Bridge with
industry
associations
Address the
challenge of
convergence
between mobile and
smart cards
Copyright © 2016 OSPT Alliance. All rights reserved.
OSPT Alliance’s model and how it is funded
34 Copyright © 2016 OSPT Alliance. All rights reserved.
• License fee paid to the IP Pool entity
• Certification cost: 6000€
• License fee: the lower of 0.01US/ implementation or 2%
• Full membership – 5000€ p/a
Open to allNot for profit
Articles of association
Anti-trust
OSPT - Antitrust statement
Confidential
35
Antitrust statement
As members of this alliance every party and participant will adhere to antitrust regulations at all times. There shall be no discussions, agreements or concerted actions between competitors that may restrain competition. This prohibition, inter alia, includes the exchange of information concerning prices, quotes, customers, costs, sales policies and territories, roadmaps, investment and R&D activities, market practices or any other competitive aspect of an individual company’s operation. Each member is obligated to speak up immediately for the purpose of preventing any discussion falling outside these boundaries.
For more information
Thank You
To find out more about joining OSPT Alliance, please email:
Visit our website:www.osptalliance.org
Join in the conversation on LinkedIn: https://www.linkedin.com/grps/OSPT-Alliance-4392323/about
36 Copyright © 2016 OSPT Alliance. All rights reserved.