The Open Standard for Public Transport (OSPT™) Alliance have announced the availability of Version 2.0 of the CIPURSE™ Specification, which defines the latest version of this open security standard for the next generation of advanced transit fare-collection systems.
Designed as a layered, modular architecture with application-specific profiles, the open and secure CIPURSE V2 standard comprises a single, consistent set of specifications for all security, personalization, administration and life-cycle management functions needed to create a broad range of interoperable transit applications – from inexpensive single-ride or daily paper tickets to rechargeable fixed-count or weekly plastic tickets to longer-term smart card- or smart phone-based commuter tickets that can also support loyalty and other applications.
“Today, transit operators wanting to offer new fare collection options, like the use of mobile phones, must choose from disparate product offerings that often don&rsuo;t work together, increase the complexity of their fare collection systems and are quite costly because of the limited competition among vendors,” said Laurent Cremer, executive director of the OSPT Alliance. “With the new modular, device-agnostic design of CIPURSE V2, it is now possible for vendors to develop families of interoperable products from low to high end based on a single specification, enabling transit operators to easily mix and match applications as their needs change over time.”
For integrators, CIPURSE V2 means lower development costs and faster time to market, because they can apply a single set of standards to all of their products, from low to high end. For transit operators, CIPURSE V2 offers the potential for greater choice among a larger ecosystem of vendors with lower costs, greater flexibility in designing and implementing fare collection systems and the benefits of open standards like Java Card and GlobalPlatform.
CIPURSE V2 makes it easy for transit operators to enhance their systems to support mobile payments with smart phones, tablets and other smart devices. Unlike other solutions that require a restricted area on a SIM card, CIPURSE V2 can be implemented in a variety of ways, including Java applets, with any existing device.
Also available are documents detailing the CIPURSE cryptographic API for Java Card applications and secure access module and key management specifications.
Three application-specific profiles – subsets of the CIPURSE V2 standard tailored for different use cases – have been defined, with which vendors are required to comply when creating products targeting these applications:
- CIPURSE T – Takes advantage of the new transaction mechanisms included in the specification to support the use of high-level, microprocessor-based transactions using smart cards, mobile phones and similar devices for more complex transit fare applications, such as monthly or annual tickets, multi-system tickets and loyalty programs.
- CIPURSE S – Supports tickets that can be recharged for a specific number of rides or weekly tickets and is essentially equivalent to and supplants the current CIPURSE 1.1 specification.
- CIPURSE L – Supports applications that use very inexpensive, disposable single-ride or daily tickets.
Products based on different profiles can be added to fare collection systems at any time and can be used in parallel to provide transit operators the greatest flexibility in offering riders a range of transit fare options. Because they are derived from the same set of specifications, all the profiles are interoperable, reflect the same design criteria and have the same appearance, enabling developers to create products according to a family concept. With its modular “onion-layered” design, the CIPURSE standard can be easily enhanced in the future with additional functionality and new profiles created to address changes in technology and business.
The CIPURSE V2 specification enables technology suppliers to develop and deliver innovative, more secure and interoperable transit fare collection solutions for cards, stickers, fobs, mobile phones and other consumer devices, as well as infrastructure components.
The CIPURSE V2 Specification and documents detailing the V2 T profile, the Cryptographic API for Java Card and the Cryptographic Security Protocol are available now. The CIPURSE S and L profile specifications and the Access Module and Key Management specifications will be available on October 30.
The CIPURSE V2 documents can be downloaded for evaluation purposes at no cost from the OSPT Alliance website – www.osptalliance.org – after first agreeing to a “click-through” evaluation license.