You are currently browsing the archives for the transport ticketing category


OSPT Alliance

For long years, Mifare has been the king of public transportation as the ticketing platform. As I already mentioned few times, Mifare has been insanely successful, yet it was proved to be not secure any more. However it still works for may transit operators and NXP made its move to secure it with more products.

Competition against Mifare has been with mainly by Calypso and Felica and now yet there’s another player in the game.

To combat with Mifare, Gisecke&Devrient, Infineon, Inside Secure and Oberthur formed the Open Standart for Public Transport Alliance. (OSPT) What OPST is providing is basically a standards based, cost effective and secure chip platform called CIPURSE for contactless ticketing. Mifare is proprietary, you need to license it from NXP. OSPT suggests that being open and standards based is more secure and cost effective. Unlike Mifare’s cracked proprietary security algorithm, the security layer of the OSPT is AES 128 bit, which is the ultimate security you can get for now.

OSPT has been around for some time and now the SDK has been released. That means ticketing implementations can now officially be started for a new platform. Of course it is not an easy job to start a new platform from scratch but the companies in the alliance already have many customers and connections in the ticketing space and I am sure we will hear an announcement soon with the CIPURSE.

Calypso the ticketing master

When we talk about transport ticketing, Calypso is the technology we must discuss first. Calypso is a transport ticketing system built by the transport operators. It was designated to match the transport ticketing requirements from functional flow to security mechanisms. The main identifier of Calypso is that it requires a micro processor card. This enables all the security required by complex transportation environment.

So, what is Calypso?

Calypso is a ticketing application developed and maintained by Calypso Association. Calypso Association, based in Brussels, Belgium, was established by RATP and technology provider Innovatron in 1993. Later on, group of European transport operators from Belgium, Germany, France, Italy and Portugal joined the association. Calypso ticketing application is currently being used by various European public transport systems.

In the Calypso world, you can define various players into a single card (now the term “portable object” is used though, rather than “the card”) and they can share the same balance. The technical design of the application supports multi-application by nature. Different contracts can be installed on to a single card which are protected by different key sets. Each Calypso chip has a set of derived keys from master keys. DES and DESX (an implementation of DES against brute force attacks) can be used for authentication. Calypso requires its own SAM card for authentication which is a pre-requisite of modifying the data in the chip.

Unlike typical mifare designs, you are restricted by the boundaries and transaction flow developed by Calypso, but it covers almost anything that can be expected in a transport ticketing environment. Calypso applet runs on micro processor chips, so authentication is quite strong (and fast)

Calypso Association plays an innovative role towards the NFC era and they seem to be ready for the NFC evolution. (I wish I could say revolution, by the way) Calypso applet runs on various card operating systems varying from Infineon to Watchdata chips, including NXP’s JCOP family. Of course this includes any secure element in the NFC world.

Based on my personal experience, I can say that Calypso is an equivalent of EMV in the banking payment world. Both of the applications are quite well designed, already running on millions of chips and getting ready for the future.

First DESFire implementation on a SIM platform

Mifare emulation has been around for some years. Mifare emulation simply refers to an application running on a chip card operating system. The application emulates the native mifare chip and responds the mifare readers as if it is a mifare chip. Of course there are some considerations when implementing a mifare emulation. First of all, it is not native mifare and the terminal software needs to be updated accordingly to recognise the chip. Secondly, mifare emulation is not as fast as a native mifare chip so some parameters must be updated to transact with the mifare emulation applet.

These have been done since some time, but Gemalto has started a new era by implementing the DESFire application on a SIM/UICC. Even the owner of the technology -NXP, does not officialy have DESFire emulation yet. It’s a huge thing in terms of innovation. However there’s still some time before a DESFire enable transportation system is to accept an NFC handset device with a Gemalto SIM/UICC.

Gemalto has been aggressive on the contactless market almost since its start and this is clearly a result of it. Read the full press release here.

A new dual interface smart card from ACS : ACOS7

ACS announced its new dual interface smart card ACOS7. ACS is a Hong Kong based company working on smart cards and readers. Their product portfolio is quite strong, they almost have everything that you can imagine. I especially love the card readers of ACS.

ACOS7 seems an addition to their ACOS family optimised for transportation. It has 8 kb of application memory which is pretty suitable for a transportation applications. ACOS7 has almost every feature you’d expect from a dual interface card product positioned for transportation; from hardware based random number generator to support for ISO7816 Part 4 file structures: transparent, linear fixed, linear variable, cyclic which are essential for transportation logging mechanisms.

I got the impression that ACOS7 is especially targeting the Chinese market, but I think they could do quite well in Europe, too.

my-d move from Infineon against NXP’s Mifare Ultralight

Contactless chips for limited use have been popular in public transportation for some years. NXP, just like in mifare case, has been leading this market with mifare ultralight. Ultralight chips have limited memory and no crypto support, but have OTP (one time programmable) memory area which is perfect for enabling the restriction the limited use of the ticket. Later on NXP developed a next generation of Ultralight, which is called Ultralight C. Ultralight C supports 3DES in addition to its elder brother Ultralight. Good.

Of course, Ultralight is not the only product in the market. Infineon, as one of the strongest players in the semi-conductor manufacturers have a great product as a competitor to NXP’s Ultralight family called my-d move. my-d move is a member of my-d family of Infineon and has 128 bytes of memory for application and supports 32 bit password for authentication. It also supports password re-try counter feature against brute force attacks. Unlike Ultralight C, my-d move does not have any keys stored in the chip, but has a secure code which is written at the time of issuing the chip. Secure code is authenticated at the time of using the chip along with the password.

One great future of my-d move is, just like Mifare Ultralight, the support for NFC Type 2 Tag Operations. This practically means that my-d move can interact with NFC devices like handsets or other contactless readers. This opens a whole new world for these products. Infineon positions the product as a limited use media like single trip ticket for transportation or event ticketing. Imagine tickets for a rock music event being formatted by a cell phone on an over-the-air service. my-d move and Ultralight opens a gate for enabling projects like this. You can create the ticket with a mobile phone and then send the ticket data to central host over GPRS/3G connection of the mobile handset. You can also validate/invalidate tickets via NFC handsets. Great opportunity. One great addition to this would be the usage of the ticket for buying a drink inside the event. Or think of voting for polls displayed on kiosks with contactless readers and people voting and identifying themselves with the contactless ticket.

Basicly, my point is that these chips are great for any type of ticketing, not limited to limited use for transportation.

Mifare classic the legend

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!

These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.

Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.

Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.

I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.

Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!
These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.
Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.
Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.
I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.
Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

Contactless reader device for home use?

According to the post at NFC News, ASK released a contactless reader device for home use. Reader is connected via USB port and is compatible with all popular contactless card types.

Contactless readers attached to PC over USB port has been available in the market for a long time. Aiming the end users who has a contactless card for transportation, it’s a very nice feature for both the user and the operator to top up the card at home. The user is free to top up any time and the operator gets rid of distribution channels cost for top up. Everyone is happy.

On the other side there are very obstacles for this dream to come true: It’s quite hard to distribute the readers and the software to the end users. Who will be in charge of the cost of the reader and the software? How secure is to give the card holder the ability to trace the transaction at his/her own PC? For the power users things may be easy but for the average people it will be hard to install the driver of the reader, software and the connect to a financial service for top up.

We will see how successful will the reader become…

Transportation task force from GlobalPlatform

Access control applications and transportation systems were the “killer applications” that caused the boom in the contactless cards. Access control systems are generally do not require anything more than a unique id, but transportation systems are more complex.

Speaking generally, two products dominate the contactless transportation installations: NXP‘s mifare family and the Calypso family, which are famous from the ISO 14443 Type A and B, by the way. Mifare has been dominant for years, but with the security leak that was imposed by the German CCC has been quite a barrier for Mifare lately. NXP responded with Mifare Plus, which is a product designed for migrating the current systems without changing the card media. I think it’s a very good move.

In the last 3-4 years, we saw that banks are trying to penetrate into the contactless transportation systems. Unfortunately the technology that the banks have -EMV- can not respond to the transportation ticketing requirements. Both Visa and MasterCard are working on this.

On the other hand, I saw a very interesting news on Near Field Communications World.com about GlobalPlatform‘s new task force on transportation systems.

I think this will eventually lead to more standardized schemes in the transport ticketing world. Both NXP and Calypso already have compliant products with GlobalPlatform. But the effort that the GlobalPlatform itself will make more efficient affect, not just on the cards, but the readers and terminals as well. It’s also important in terms of NFC based payment scenarios in the transportation since the GSM world will be using a SIM-centric systems based on GlobalPlatform standards.