The Alliance also announced today that Beijing-based Watchdata Technologies Ltd., a developer of data security and smart card technology, and the Open Ticketing Institute of the Netherlands have joined the original four founding members - Giesecke & Devrient GmbH (G&D), Infineon Technologies AG, INSIDE Secure S.A. and Oberthur Technologies S.A.? and will participate in the alliance's activities and ecosystem.
Additionally, OSPT announced it is in contact with Calypso Networks Association (CNA) in order to create a common working group.
The OSPT Alliance ecosystem will be a key component for advancing the open security standard for transit fare collection, known as Cipurse. The ecosystem will offer transit operators the opportunity to choose from among a number of vendors, consultants and integrators to help them deploy or upgrade to a more secure and cost-effective transit fare collection system. Likewise, it will provide mobile device manufacturers with next-generation open standard solutions. Government agencies that need to evaluate bids for new or upgraded transit payment systems will have access to a much broader array of solution vendors and partners delivering a wider range of flexible and secure transit fare collection solutions. The OSPT Alliance ecosystem will benefit transit system consultants and integrators by bringing together a greater assortment of vendors offering more product choices and richer capabilities than available with proprietary systems. For mobile device manufacturers, the open security standard will be the next 'must-have' checklist item they include in all next-generation NFC implementations.
"We are always keeping abreast of the latest security standards for our fare collection system, and have adopted open standards for all of our transit applications, including the Contactless e-Purse Application 2009. Now, we are looking to future-proof our fare collection infrastructure by ensuring it is interoperable with NFC mobile devices as they start to be deployed commercially," said Silvester Prakasam, director of the fare system at Land Transport Authority (LTA) in Singapore. "Cipurse is an important step towards establishing standardized, secure and interoperable fare collection for all public transport schemes, and we plan to adopt it for future releases of CEPAS."
The OSPT Alliance currently is developing the initial version of the open security standard, as well as documentation and reference implementations, which will enable technology suppliers to develop and deliver more secure and interoperable transit fare collection solutions for cards, stickers, fobs, mobile phones and other consumer devices, as well as infrastructure components. Unlike systems based on proprietary technologies that limit choices, are potentially less secure and cost more to acquire, deploy and maintain, products that conform to this standard will include the most advanced security technologies, help ensure compatibility with legacy systems, and be available in a variety of form factors.
"For a system integrator, the OSPT Alliance holds the promise of providing greater product choices with richer capabilities than is currently available with proprietary systems," said Pradip Mistry, vice president, engineering, Cubic Transportation Systems, Inc. "This will enable us to recommend and design solutions that generate higher customer satisfaction. Interoperability with NFC devices is a critical element for transit fare collection systems because it means simpler development with faster time to deployment, and the flexibility to adapt to any payment scheme or application. We are thrilled that the OSPT Alliance is offering an open standard security solution."
The Cipurse open security standard promises to bring higher performance and advanced system security for public transport applications, as well as increase the availability of multiple sources for chip products. Through independent testing, the open standard will also provide optimized interoperability to enable simple and fast integration into public transport schemes.
This open security standard defines an authentication scheme, a secure messaging protocol, four minimum mandatory file types and a minimum mandatory command set to access these file types. It also specifies encryption keys and access conditions. Its security mechanisms include a unique cryptographic protocol that encourages fast and efficient implementation with inherent protection against differential power analysis (DPA) and differential fault analysis (DFA) without requiring dedicated hardware measures, eliminating the need for a massive overhead of software and hardware countermeasures against these attacks. This advantage makes it possible to cost-efficiently guard against counterfeiting, cloning, eavesdropping, man-in-the-middle attacks and other security risks that threaten the integrity of transit fare collection systems.
To enable such security capabilities, the standard builds upon existing, proven, open standards?the ISO 7816 smart card standard, as well as the 128-bit advanced encryption standard (AES-128) and the ISO/IEC 14443-4 protocol layer?to provide a platform for securing both new and legacy transit fare collection applications, and has the potential to be used within existing application frameworks around the world. At the same time, because it is an open standard, it promotes vendor neutrality, cross-vendor system interoperability, lower technology adoption risks, higher quality and improved market responsiveness, all of which result in lower operating costs and greater flexibility for transport system operators.
The open security standard is designed to address the need by local and regional transit authorities for future-proof fare collection systems with more advanced security than currently in use. These systems will be capable of enabling the public to use a single payment device?from simple, standalone tickets to multi-application cards, microSD cards and NFC mobile phones?seamlessly across several modes of transport in different locations, even across different regions and systems.