Introducing OSPT Alliance and CIPURSE™ · Security algorithms and command sets are ... This...

August 2016

Secure ticketing and more

Introducing OSPT Alliance and CIPURSE™

Agenda

Introducing OSPT Alliance

Open Standards

CIPURSE™

A transport operator use case

OSPT Alliance Membership

2 Copyright © 2016 OSPT Alliance. All rights reserved.

Introducing OSPT Alliance – for secure ticketing and more

3

Secure ticketing and more

Copyright © 2016 OSPT Alliance. All rights reserved.

OSPT Alliance 2016

4

71

members

worldwide

Number of

certified

products

21

CIPURSE

community

1100

112

Software

Development

Kits shipped

Global spread of

members

22

114


What are we trying to achieve?

Develop and promote CIPURSE as an industry-wide, vendor-neutral open standard for secure ticketing and more

Bridge the security gap with highly secure, interoperable and flexible solutions

Advance open standards through CIPURSE, an open basis for developing next-generation, hardware independent, multi-application fare collection solutions

Reflect and support transit operators’ long-term commercial and technical requirements through scalable, adaptable and neutral products


The key pillars to OSPT Alliance

6

Specifications Certification Members Resources


Open Standards

Open standards bridge solution provider optimization

and user flexibility

Copyright © 2016 OSPT Alliance. All rights reserved.8

Why are open standards needed today?

Closed loop applications and

smart cards

Using legacy technology

Create a strong need for more secure fare-collection systems

To bridge different

geographic standards/

technologies

To develop public/private partnerships

Provide hardware

independence

And business model

independence

Through open loop systems

Only open standards can

make this happen


What are the major benefits of open standards?

10

Interoperable

Secure

Flexible

Easier to deployEvolvable

Scalable

Easy to

integrate

Innovative


The Paradigm Shift: from a technology centric approach…


...to a ‘user centric’ approach


CIPURSE

CIPURSE enables mobility services


Core features & benefits

Industry compliant

CIPURSE is ISO-compliant, aligning

to the latest industry standards:

ISO/IEC 7816

AES-128

ISO/IEC 14443-4

ETSI TS 102 622

Secure, open solution

Promotes interoperability

across the ecosystem

Multiple applications

Multi-purpose, multi-form factor

and multi-user


Features & benefits – security and interoperability

16

State of the art cryptographic protocols

Secure and efficient data exchange

Certification

You don’t have to compromise on security with CIPURSE:


CIPURSE profiles have a consistent design Product levels have different memory

structures

CIPURSE profiles are scalable Solutions are NOT scalable

All specification levels use same memory

structure/command set/algorithm/protocol

Different communication standards are used

[e.g. ISO 14443-3 and ISO 14443-4]

CIPURSE guarantees coexistence of different

ticket types in the same system

Security algorithms and command sets are

different throughout the product levels

CIPURSE allows switching between ticket

types and form factors

Can‘t use different products in the same

transportation ecosystem without

(expensive) software &/or hardware changes

CIPURSE™ - How does it compare?

CIPURSE

V2 Model

Current

Market

Solution


CIPURSE MOBILE

CIPURSE T

CIPURSE S

CIPURSE L

CIPURSE provides the foundations for a multi-application

universe

Loyalty Programs

TransportMobile Payments

Security access Event Ticketing


Open and closed loop

payments

The risks of not using open standards

19

Lack of

flexibility

Security

risksExpensive

Not always

fit for

purpose

Unable to

protect

your

investment


This is an evolution not a revolution

20

Existing

ticketing

systems

User

requirements a

Future

ticketing

systems

User

requirements b

User

requirements n


The CIPURSE bottom up approach versus the proprietary

top down approach

21

Existing ticketing systems

are top down

They are supplier

dictated

They lack flexibility Future ticketing systems are

bottom up

Based on user

requirements

CIPURSE


CIPURSE V2 – the family concept

Market support:

• Diverse market requirements

• Yet, desire to avoid complexity and keep costs low

Core specification defines:

• Operations and interface specification

• Cryptographic protocol

Defining media specific sub-sets:

22

Multi-application profile

In-field card management

CIPURSE T

Multi-application profile

Pre-defined applications

CIPURSE S

Single-application profile

with reduced file system

CIPURSE L

CIPURSE Mobile

Both a single & multi-

profile app


CIPURSE benefits

Use of existing contactless

reader infrastructure

Secure transactions &

storage of credentials

Secure online & offline

transactions

One technical solution for all NFC phones / form factors

Supports HCE

Readiness for future system

requirements / multi-app services

Connecting contactless cards

to the mobile world

Resource efficient as functionality loaded once but used for multiple

purposes

Supports transport, loyalty, micro-

payment, access control, VAS and many others…


CIPURSETM Mobile: enabler for NFC solutions

User Centric

24

SecureService

Convergence Interoperable

Convenient

Wallet &

App

Suitable

OS &

Handset

Independent

CIPURSE

L, S & T


Key benefits to using CIPURSE with HCE

Future proof way to implement

Brings added security benefits

Mitigate obvious weaknesses of

HCE

Multiple options for

implementation, to fit operator

needs

But best approach may combine elements of

several

Supports different types of

implementation

Flexible and fits into existing ecosystem

Opens up possibilities for interoperability

Open standards mean no more vendor lock-in

CIPURSE standard free to download

Throughput and availability concerns alleviated

Network coverage no longer an issue with tokenization


What makes a CIPURSE Certified product?

26

A CIPURSE product must conform to a CIPURSE specification

A Conformance Test Report is provided to the Certification Authority (OSPT Alliance) by the Test Laboratory, based on the test plan for the CIPURSE™ specification(s) this product is conforming to

A CIPURSE™ Certificate is provided to the vendor by the OSPT Alliance

Only validated CIPURSE Certified products are shown on the OSPT Alliance website


The value of independent testing

27

Confidence that a product

has been rigorously tested to

the highest standards

Objective

review and

management

of the

qualification

process

Third party

validation of a

product / solution

No commercial bias

in the product /

solution /

specification

Assurances that the product will

perform as advertised when live

in the market

This provides the industry with:


A transport operator use case

Transport Operator Use Case – ATM Barcelona

29

Plans Announced

To use contactless

cards, NFC phones &

devices to access the

city’s transportation

network

Beyond public transport

System will also support

renting a bicycle at the

train station or paying

motorway tolls

TodayT-Mobilitat smart card

provides all-in-one access to

the city’s transport network,

with CIPURSE only

announced certified

platform¹

Tomorrow

Scalable to support

any form factor and

to work across

Catalan region


¹https://contactlessintelligence.com/2016/05/05/barcelonas-t-mobilitat-premiers-the-cipurse-standard-in-europe/

OSPT Alliance Membership

Full Members

Chip Providers/Manufacturers

Card/Inlay Manufacturers

System Integrators & Solution providers

Software Developers

31 Copyright © 2016 OSPT Alliance. All rights reserved.Copyright © 2016 OSPT Alliance. All rights reserved.

Associate Members


http://www.openticketing.nl/

Why become a member?

33

Help shape and

influence the role

of the CIPURSE

open standard

Network and

collaborate with

other individuals

within your sector

Bridge with

industry

associations

Address the

challenge of

convergence

between mobile and

smart cards


OSPT Alliance’s model and how it is funded


• License fee paid to the IP Pool entity

• Certification cost: 6000€

• License fee: the lower of 0.01US/ implementation or 2%

• Full membership – 5000€ p/a

Open to allNot for profit

Articles of association

Anti-trust

OSPT - Antitrust statement

Confidential

35

Antitrust statement

As members of this alliance every party and participant will adhere to antitrust regulations at all times. There shall be no discussions, agreements or concerted actions between competitors that may restrain competition. This prohibition, inter alia, includes the exchange of information concerning prices, quotes, customers, costs, sales policies and territories, roadmaps, investment and R&D activities, market practices or any other competitive aspect of an individual company’s operation. Each member is obligated to speak up immediately for the purpose of preventing any discussion falling outside these boundaries.

For more information

Thank You

To find out more about joining OSPT Alliance, please email:

[email protected]

Visit our website:www.osptalliance.org

Join in the conversation on LinkedIn: https://www.linkedin.com/grps/OSPT-Alliance-4392323/about


mailto:[email protected]

http://www.osptalliance.org/

https://www.linkedin.com/grps/OSPT-Alliance-4392323/about

Date post:	26-Apr-2018
Category:	Documents
Upload:	tranxuyen
View:	212 times
Download:	0 times

Introducing OSPT Alliance and CIPURSE™ · Security algorithms and command sets are ... This...

Documents