OSPT Alliance debuts with open security standard to foster next-generation transit fare collection
Date: Wed, 01/19/2011 - 18:19
Founded by four leading technology companies, the Open Standard for Public Transport (OSPT) Alliance made its debut last december and introduced an open security standard to foster the next generation of more secure, cost-effective, scalable and extensible transit fare collection systems. Now open to new members, the alliance will work to establish an ecosystem of transit operators, technology suppliers, consultants and integrators, government agencies, and mobile ecosystem product and service providers, as well as other industry associations, to develop new, interoperable transit fare collection solutions based on open-standard security both for current and future fare collection systems.
The Alliance also announced that Beijing-based Watchdata Technologies Ltd., a developer of data security and smart card technology, and the Open Ticketing Institute of the Netherlands have joined the original four founding members - Giesecke & Devrient GmbH (G&D), Infineon Technologies AG, INSIDE Secure S.A. and Oberthur Technologies S.A. - and will participate in the alliance’s activities and ecosystem.
Additionally, OSPT announced it is in contact with Calypso Networks Association (CNA) in order to create a common working group.
The OSPT Alliance ecosystem will be a key component for advancing the open security standard for transit fare collection, known as Cipurse(TM). The ecosystem will offer transit operators the opportunity to choose from among a number of vendors, consultants and integrators to help them deploy or upgrade to a more secure and cost-effective transit fare collection system. Likewise, it will provide mobile device manufacturers with next-generation open standard solutions. Government agencies that need to evaluate bids for new or upgraded transit payment systems will have access to a much broader array of solution vendors and partners delivering a wider range of innovative, flexible and secure transit fare collection solutions. The OSPT Alliance ecosystem will benefit transit system consultants and integrators by bringing together a greater assortment of vendors offering more product choices and richer capabilities than available with proprietary systems. For mobile device manufacturers, the open security standard will be the next ‘must-have’ checklist item they include in all next-generation NFC implementations.
“We are always keeping abreast of the latest security standards for our fare collection system, and have adopted open standards for all of our transit applications, including the Contactless e-Purse Application 2009. Now, we are looking to future-proof our fare collection infrastructure by ensuring it is interoperable with NFC mobile devices as they start to be deployed commercially,” said Silvester Prakasam, director of the fare system at Land Transport Authority (LTA) in Singapore. “Cipurse is an important step towards establishing standardized, secure and interoperable fare collection for all public transport schemes, and we plan to adopt it for future releases of CEPAS.”
The OSPT Alliance currently is developing the initial version of the open security standard, as well as documentation and reference implementations, which will enable technology suppliers to develop and deliver innovative, more secure and interoperable transit fare collection solutions for cards, stickers, fobs, mobile phones and other consumer devices, as well as infrastructure components. Unlike systems based on proprietary technologies that limit choices, are potentially less secure and cost more to acquire, deploy and maintain, products that conform to this standard will include the most advanced security technologies, help ensure compatibility with legacy systems, and be available in a variety of form factors.
“For a system integrator, the OSPT Alliance holds the promise of providing greater product choices with richer capabilities than is currently available with proprietary systems,” said Pradip Mistry, vice president, engineering, Cubic Transportation Systems, Inc. “This will enable us to recommend and design solutions that generate higher customer satisfaction. Interoperability with NFC devices is a critical element for transit fare collection systems because it means simpler development with faster time to deployment, and the flexibility to adapt to any payment scheme or application. We are thrilled that the OSPT Alliance is offering an open standard security solution.”
“As a world leader in innovative data security and smart card technology, Watchdata can lend its extensive expertise in the research and development of data security and authentication technologies, and secure chip operating systems to help the OSPT Alliance develop the next generation of flexible fare collection solutions,” said Youjun Wang, CEO at Watchdata Technologies Ltd. “We are pleased to join the Alliance, and look forward to working with the other members to offer transport system operators a wide range of application choices with lower operating costs and greater flexibility.”
With more than 1.4 billion smart cards shipped to date, Watchdata Technologies Ltd. is a leading provider of data security and smart card technology. Founded in Beijing in 1994, its products include smart cards, USB tokens, readers, platforms, key systems and other security products that cover the telecom, transportation, finance, public and enterprise sectors.
“The Open Ticketing Institute fully supports the efforts of the OSPT Alliance to address the issues faced by public transit authorities as they set out to create their next-generation fare collection systems,” said Roel Testroote, director, Open Ticketing Institute. “We believe our experience developing technologies for the OV-chipkaart will be a valuable addition to the Alliance and its ecosystem, and are excited to be joining in its efforts to create an open security standard.”
The Open Ticketing Institute is the outgrowth of an initiative by Trans Link Systems (TLS) and several partners to make available the knowledge and experience of the Dutch e-ticketing system in public transport (the OV-chipkaart) to other e-ticketing schemes and interested parties. As a separate not-for-profit foundation with its own management and supervisory board, the institute works together with several other science institutes, e-ticketing schemes and suppliers on research and development activities and on the bi-annual meetings of e-ticketing scheme providers, primarily European, who exchange their experiences in project implementation, technology and security.
“We are pleased to have Watchdata Technologies and the Open Ticketing Institute join the OSPT Alliance in its efforts to meet public transit authorities’ demand for security and simplification by creating an open framework for new, standards-based fare collection solutions,” said Charles Walton, COO of INSIDE Secure and a member of the OSPT steering committee. “The industry-wide efforts needed to deliver tomorrow’s secure transit systems are enhanced by their involvement in the OSPT Alliance.”
The new open security standard, known as Cipurse(TM), is designed to address the need by local and regional transit authorities for future-proof fare collection systems with advanced security. The Cipurse standard defines an authentication scheme, a secure messaging protocol, four minimum mandatory file types and a minimum mandatory command set to access these files types. It also specifies encryption keys and access conditions. Its advanced security mechanisms include a unique cryptographic protocol that encourages fast and efficient implementations with robust, inherent protection against differential power analysis (DPA) and differential fault analysis (DFA) without requiring dedicated hardware measures, eliminating the need for a massive overhead of software and hardware countermeasures against these attacks. This unique advantage makes it possible to cost-efficiently guard against counterfeiting, cloning, eavesdropping, man-in-the-middle attacks and other security risks that threaten the integrity of transit fare collection systems.
An Open Security Standard
The Cipurse open security standard promises to bring higher performance and advanced system security for public transport applications, as well as increase the availability of multiple sources for chip products. Through independent testing, the open standard will also provide optimized interoperability to enable simple and fast integration into public transport schemes.
This open security standard defines an authentication scheme, a secure messaging protocol, four minimum mandatory file types and a minimum mandatory command set to access these file types. It also specifies encryption keys and access conditions. Its advanced security mechanisms include a unique cryptographic protocol that encourages fast and efficient implementation with robust, inherent protection against differential power analysis (DPA) and differential fault analysis (DFA) without requiring dedicated hardware measures, eliminating the need for a massive overhead of software and hardware countermeasures against these attacks. This unique advantage makes it possible to cost-efficiently guard against counterfeiting, cloning, eavesdropping, man-in-the-middle attacks and other security risks that threaten the integrity of transit fare collection systems.
To enable such security capabilities, the standard builds upon existing, proven, open standards - the ISO 7816 smart card standard, as well as the 128-bit advanced encryption standard (AES-128) and the ISO/IEC 14443-4 protocol layer - to provide a platform for securing both new and legacy transit fare collection applications, and has the potential to be used within existing application frameworks around the world. At the same time, because it is an open standard, it promotes vendor neutrality, cross-vendor system interoperability, lower technology adoption risks, higher quality and improved market responsiveness, all of which result in lower operating costs and greater flexibility for transport system operators.
The open security standard is designed to address the need by local and regional transit authorities for future-proof fare collection systems with more advanced security than currently in use. These systems will be capable of enabling the public to use a single payment device - from simple, standalone tickets to multi-application cards, microSD cards and NFC mobile phones - seamlessly across several modes of transport in different locations, even across different regions and systems.
About the OSPT Alliance
The OSPT Alliance is an international association chartered to define a new open standard for secure transit fare collection solutions. It provides industry education, creates workgroup opportunities and catalyzes the development and adoption of innovative fare collection technologies, applications and services. Founded by leading technology companies Giesecke & Devrient, Infineon Technologies, INSIDE Secure and Oberthur Technologies, OSPT Alliance membership is open to transit operators, solution vendors, government agencies and other stakeholders in the transit ecosystem. For additional information, please visit http://www.osptalliance.org.