Brings the CIPURSE open security standard to NFC phones and more
The Open Standard for Public Transport (OSPT) Alliance has announced the availability of the CIPURSE V2 Mobile Guidelines, a comprehensive set of requirements and use cases for developing and deploying CIPURSE-secured transit fare mobile apps for near field communication (NFC)-enabled smartphones, tablets and other smart devices.
Providing everything developers need to implement and use the CIPURSEV2 open security standard when embedded in an NFC mobile device, the new guidelines take the CIPURSE standard to the next level by enabling transit operators to enhance their systems to support mobile ticketing with these new form factors.
'Transit tickets are already one of the most frequently used contactless card applications in the world, and now as people are looking to their NFC phones to replace their physical payment cards, it is only natural that transit fare systems should go mobile, too,'said Laurent Cremer, executive director for the OSPT Alliance.
'With the release of these new mobile guidelines, the OSPT Alliance continues to fulfill the promise of the CIPURSE standard to provide a single, consistent set of specifications for all the security, personalisation, HeatherMcLeanistration and lifecycle management functions needed to create a broad range of interoperable transit applications, from low to high end and across all form factors.'
Just as with other mobile applications, the CIPURSE application is personalised and installed over the air (OTA) by a trusted service manager (TSM) into a mobile device's secure element (SE). Transit operators are free to deploy their own branded mobile app – essentially the user interface component – for Android, iOS, Windows, BlackBerry or any other platform, which interacts with the CIPURSE application to conduct transit transactions.
The guidelines define what the transport organisation needs to do, define the role of the TSM, provide details on handling lost or stolen phones, detail how to purchase tickets online for the mobile phone and how to purchase tickets directly using the phone, present battery-off and battery-low considerations and much more.
The guidelines clearly lay out the requirements for certification, and are completely form factor and operating system independent, providing implementation guidelines for hosting the CIPURSE application in embedded secure elements (eSE), as well as in SIM-UICC and microSD card-based secure elements.
Especially developed for the NFC mobile industry, the guidelines provide numerous use cases that detail the interactions between end users, transport organizations, secure element owners, TSMs and other ecosystem partners in the day-to-day environment to provide a clear understanding of how the CIPURSE standard should be implemented for mobile applications. The guidelines also detail what kinds of application programming interfaces (APIs) need to be developed and which other specifications are required, such as GlobalPlatform 2.2.1.
'Unlike proprietary solutions on the market today, using the CIPURSE standard on mobile devices does not require a new platform for the management of secure elements,'said Cremer.'It uses the existing traditional TSM environment and the over-the-air implementation possibilities of the mobile network operators.'
The open and secure CIPURSE V2 standard is designed as a layered, modular architecture with application-specific profiles to support a broad range of interoperable transit applications – from inexpensive single ride or daily paper tickets, to rechargeable fixed-count or weekly plastic tickets, to longer-term smart card or smart phone-based commuter tickets that may also support loyalty or other applications.