Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Thursday, May 15
Track B Payments & Applications
Session: Transportation Payments
Time: 10:15 AM – 12:00 PM
Room: W203 A&B
Moderator:
Paul Korczak Assistant Chief Officer
MTA NYC Transit
Speakers: Jay Walder
Partner McKinskey & Co.
Martin Schroeder
Sr. Manager--Rail Programs American Public Transportation Association
Michael Nash
VP ACS
Gilles de Chanterac
President Calypso Networks Association
1
CALYPSO open specifications
for secure & interoperable transactions
Gilles de ChantéracPresident of Calypso Networks Association
Who we are
CALYPSO NETWORKS ASSOCIATIONis not a supplier
Established in Brussels as a non profit association by the stakeholders of a European research program,
Founded by public transport business,open to other businesses and to suppliers
Objective is to maintain a set of specifications addressing transit business needs in the context of developing contactless systems.
2
•off-line transactions for fast transactions
• active data inside the card
• high real-time decentralised security can be backed by back office verifications
• possible coupling with payment or other services
contactless media specificationsbasically designed from public transport needs
can adress other businesses
Highlines• Secure transaction for off line transactions
– High Security Level for revenue protection – Trust in multi-application contexts
• Open and flexible solution– multiple vendors– compatible with international standards – adaptable to technological progresses :
new chips,new form factors (not only cards)new transmissions (NFC)new application management (Global Platform)
• Compatible with existing organisation– of PTA, transit agencies or operators & associated commercial operators– other businesses (banks, telephone, etc.)
3
8% of public transit cards85% of microprocessor cards in transport schemes
(outside SONY FELICA)
mainly in Europe• France, Belgium, Portugal, Italy, Greece, Switzerland …• Compliant to the British ITSO national scheme
Chosen for the national scheme in IsraelChosen by some transport agencies in America
Current implementation
4
Technical highlights
Customer media interface for user oriented interoperability.
5
• High Security Level for the media– Microprocessor media for off line security – Standard cryptography (up to 3DES)– Keys per functions (personalisation, load, unload) for each
application domain– Diversified keys per media for authentication– Stakeholders decide if they share the keys
• Set of commands
• Transactions are controlled to be complete
Open to multiapplication contextsMASTER FILE
CUSTOMER IDNUMBER
==
Mobility Brussels scheme
Car parks
Interoperability with other PTAs
Transport stored value
BruxelsPTA
TRANSP.
StoryFile(10)
TranspProducts
(10)
StoredValue
TRIANGLE
OperatorID
TranspProducts
MULTI-APP
Contracts (8)
StoryFile(10)
PARKING
Interparkingapplication
RESERVE
FUTUREapplications
SERVICE
Operator’sstaff
domesticapplications
Operations other domains
6
from the concept of card to the concept of application
• the same specs can be adapted to global platform contexts• interoperable process to load and use ticketing products in the
application (under definition)
OTA
Remote customerservice
Applicationmanagement
CardEmulation
NFCCalypso
Application
Userinterface
ISO 14443 reader
About payment and transport
• Transit industry to move people
• Financial payment industry to move money
7
Fare collection is not only paymentContactless AFC makes Transit Agencies think commercial organisation all new & customer oriented
PAYMENTFACILITIES
PRICING of ACCESS RIGHTS
RETAILCHANNELS
Transit policy& Marketing
Operation & finance
INVOICINGCLEARING
CHARGING
ACCESS CONTROL& INSPECTION
Managing products and policies is their strategic issue.
For transit industry, products are access rights and related fares
• In the ISO business framework, (ISO24014-1)transit products are access rights & associated fares (what you sell)vehicles, services, etc are the production (how you produce)
• Payment means are not products. They move the money from travellers to transit agencies
• Stored value is a transit product.Loading a stored value is paying a product
whatever payment means is chosen by the customerDebiting a stored value is using a product.
no money moves, no payment
• Electronic purse is a payment means
8
Scenarios for integrationScenarios for integration(ISO meeting (ISO meeting –– Munich Munich –– April 2008)April 2008)
•Payment medium used for ID
•Payment transaction accepted as a ticket
• PT products stored in payment application
• PT and Payment applications on one chip
Policies will be different for long
• ≠ institutions & business organisation• ≠ political choices to fund PT• ≠ geographical scales
Separate applications the most realistic generic scenario
9
Products < Application < mediumProducts < Application < medium
Product Retailer
Product Retailer
Service OperatorService Operator
Application Retailer
Application Retailer
Product Owner
Product Owner
Application Owner
Application Owner
Medium Retailer
Medium Retailer
Medium owner
Medium owner
e.g.financial institution
Or telephone industry
e.g.bus operator
e.g.regional PTA
e.g.PTA
ISO 24014-1
• Need for a common technical base• Need for an organisation framework
Open specsfor technical and business acceptance
• STANDARD SECURITY ALGORITHMSThe larger the interoperability,
the more secure the medium must be.
• FLEXIBLE PROCUREMENTThe larger the interoperability,
the more open and flexible procurement
• NEUTRAL TO BUSINESS ORGANISATIONSThe larger the interoperability,
the more neutral towards fare policies
• NEUTRAL TO SYSTEM ARCHITECTUREThe larger the interoperability,
The more different systems you meet
10
Similitude / differencebetween Calypso and contactless EMV
to be examined
• Internal work package recently decided by CNA
• Common work to be an opportunity for progress for both transit and financial payment industries
Thank you for your attention
Let’s work together
Calypso Networks [email protected]://www.calypsonet-asso.org/
1
ContactlessContactless Fare Media System Standard:Fare Media System Standard:Why Standards MatterWhy Standards Matter
Martin P. Schroeder, M.S.M.E., P.E.Martin P. Schroeder, M.S.M.E., P.E.Sr. Program ManagerSr. Program Manager
Rail Programs & UTFSRail Programs & UTFSChairChair
ISO/TC204 WAG8 CommitteeISO/TC204 WAG8 Committee
Smart Card Alliance Annual MeetingSmart Card Alliance Annual MeetingOrlando, Fl 2008Orlando, Fl 2008
Annual Meeting
2Smart Card Alliance Annual MeetingOrlando, FL 2008
Benefits of StandardsBenefits of Standards
SafetySafetyOperating / MaintenanceOperating / MaintenanceTransit CommunicationTransit CommunicationStreamline ProcurementStreamline ProcurementTrainingTrainingTransit System/Supplier RelationshipsTransit System/Supplier RelationshipsReliability and EfficiencyReliability and EfficiencyLower CostLower Cost
3Smart Card Alliance Annual MeetingOrlando, FL 2008
Where APTA is Writing StandardsWhere APTA is Writing Standards
Passenger Rail Passenger Rail Equipment SafetyEquipment SafetyRail TransitRail TransitFare SystemsFare SystemsITS (TCIP)ITS (TCIP)AccessibilityAccessibilityProcurementProcurementSecuritySecurity
4Smart Card Alliance Annual ConferenceOrlando, FL 2008
Founding Principals of CFMSFounding Principals of CFMS
Motivation to Improve Motivation to Improve Competitiveness Competitiveness -- InteroperabilityInteroperability
Provide Agencies Greater Control & Provide Agencies Greater Control & Flexibility Over their Fare Collection Flexibility Over their Fare Collection SystemsSystems
Open Architecture Environment Open Architecture Environment ––non proprietarynon proprietary
MultiMulti--modal and Multimodal and Multi--applicationapplication
Regional PartnershipsRegional Partnerships
Integration with ITSIntegration with ITS
5Smart Card Alliance Annual MeetingOrlando, FL 2008
Distinguishing Characteristics
What is in a Name?Open and Closed Terms Misleading –Fare Systems Perform Three Main Functions
AccessFare processingPayment / Reconciliation
New DefinitionsRegional Device-Based Fare System (RED)Central Account-Based Fare System (CEA)
6Smart Card Alliance Annual MeetingOrlando, FL 2008
Comparisons
RED SystemsSmart Cards (media)Ease of UseFast Processing at GateAgency Control
CEA SystemsSmart Cards – Read Only (media)Ease of UseCentral Processing by Banks
Both approaches can play a role in fare system design and can co-exist. Other design approaches such as mobile payments also have a role to play.
7Smart Card Alliance Annual ConferenceOrlando, FL 2008
CContactlessontactless Fare Media System (CFMS)Fare Media System (CFMS)
PART III – Regional Central System Interface
Standard
PART IV – System Security Planning and
Implementation Guidelines
PART II – ContactlessFare Media Data Format and Interface Standard
PART V – Compliance Certification and Testing
Standard
PART I – Introduction and Overview
8Smart Card Alliance Annual MeetingOrlando, FL 2008
General DescriptionGeneral Description
Architecture is built on a set ofArchitecture is built on a set of objects made up objects made up ofof a defined set of elements.a defined set of elements.
Each core object is 16 bytes in length.Each core object is 16 bytes in length.
Standard makes provisions for additional data Standard makes provisions for additional data through extensions to core objects.through extensions to core objects.
9Smart Card Alliance Annual MeetingOrlando, FL 2008
How Does it Work?How Does it Work?
The foundation of the Standard is a set of objects The foundation of the Standard is a set of objects made up of a defined set of elements.made up of a defined set of elements.
ObjectIdentifier
Message
Object Data Elements
Object 1 Object 2 Object 3 Object n
10Smart Card Alliance Annual MeetingOrlando, FL 2008
Directory Index Object (DIO)Directory Index Object (DIO)
Contains pointers that identify the location (file) in Contains pointers that identify the location (file) in which most other data objects are storedwhich most other data objects are storedFor each file, provides:For each file, provides:
ID of the fileID of the fileSize of the fileSize of the fileType of fileType of fileOwnership (if applicable) of the fileOwnership (if applicable) of the file
Enables AFC system to quickly locate other data Enables AFC system to quickly locate other data objects, while enabling the contents of data files objects, while enabling the contents of data files to be flexible and dynamicto be flexible and dynamic
11Smart Card Alliance Annual MeetingOrlando, FL 2008
Major ComponentsMajor Components(Interface to Multiple Applications)(Interface to Multiple Applications)
Parking Application
College and Universities
Tolling Corporate
Directory Index Object
Product Index Object
Transit Application
Profile ObjectPICC Holder Profile Object
Add & Deduct
Value History Object
Transaction History Object
Fare Products
12Smart Card Alliance Annual MeetingOrlando, FL 2008
Account Linked Product Object (ALPO)Account Linked Product Object (ALPO)
Define a fare product that is tied (Define a fare product that is tied (““linkedlinked””) to a ) to a hosthost--based account, such as a credit or debit cardbased account, such as a credit or debit card
Acts like a TActs like a T--Purse product, except does not require Purse product, except does not require prepre--fundingfunding
Sample elements:Sample elements: Accumulated value used in a Accumulated value used in a particular day, definition of time period for which a particular day, definition of time period for which a transaction limit applies, time period start, number transaction limit applies, time period start, number of transactions performed during time limit.of transactions performed during time limit.
13Smart Card Alliance Annual MeetingOrlando, FL 2008
TCIP / Fare System Mechanisms
Load Software / Configuration to Fare boxesLoad Fare PoliciesRemotely Disable/Enable Fare EquipmentReport Fare Box HealthReport Fares for a Planned Itinerary
14Smart Card Alliance Annual MeetingOrlando, FL 2008
TCIP / Fare System Interface
15Smart Card Alliance Annual MeetingOrlando, FL 2008
Benefits of CFMS Work
Help Agencies Design their Fare SystemProvides a Consistent Mechanism to Process FaresProvides a Lexicon for Variables Needed for Computing Fares and Processing Payment – Open Source
16Smart Card Alliance Annual MeetingOrlando, FL 2008
Security TechniquesSecurity Techniques
Mutual authenticationMutual authenticationCard to readerCard to readerReader to cardReader to card
Key rollingKey rollingMessage authentication / integrity validationMessage authentication / integrity validationFirewallsFirewallsEncryption of sensitive dataEncryption of sensitive dataMonitoring and detectionMonitoring and detectionContingency planningContingency planning
17Smart Card Alliance Annual MeetingOrlando, FL 2008
Compliance Certification & TestingCompliance Certification & Testing
Intent is to provide a standardized approach for Intent is to provide a standardized approach for determining whether products are compliant with determining whether products are compliant with the applicable standard.the applicable standard.
Under development Under development –– Final Draft (June)Final Draft (June)Message set communicationMessage set communicationFunctional performanceFunctional performanceError checkingError checking
18Smart Card Alliance Annual ConferenceOrlando, FL 2008
CFMS Embraces Diversity of ApplicationCFMS Embraces Diversity of Application
ApplicationsApplicationsTransitTransitIdentificationIdentificationStudentsStudentsSecuritySecurityCorporateCorporate
ApproachesApproachesCoCo--brandingbrandingMultiMulti--applicationapplicationNFC / Mobile PhoneNFC / Mobile Phone
19Smart Card Alliance Annual ConferenceOrlando, FL 2008
Activities of the APTA UTFS Task ForceActivities of the APTA UTFS Task Force
Make CMFS an ANSI Released StandardMake CMFS an ANSI Released StandardTest Method Specification DevelopmentTest Method Specification DevelopmentIntegration with Parking, Tolling & IDIntegration with Parking, Tolling & IDNFC / Mobile Phone ApplicationNFC / Mobile Phone ApplicationRegional Training Regional Training –– Customer Focused Customer Focused (Three Parts)(Three Parts)
Fare System DesignFare System DesignOverview of standards and application Overview of standards and application considerationsconsiderationsTradeoff Discovery Between Transaction Tradeoff Discovery Between Transaction Processing MethodsProcessing Methods
Research Research –– IFMS, APEC, US Agencies, IFMS, APEC, US Agencies, Technology, Future TrendsTechnology, Future Trends
20Smart Card Alliance Annual MeetingOrlando, FL 2008
Further InformationFurther Information……
Martin P. Schroeder, M.S.M.E., P.E.Martin P. Schroeder, M.S.M.E., P.E.Sr. Manager Sr. Manager –– Rail Programs, UTFSRail Programs, UTFS
Chair, ISO TCChair, ISO TC--204 WAG8204 WAG8
Phone: 202 Phone: 202 –– 496 496 –– 48854885EE--mail: mail: [email protected]@apta.com
www.aptastandards.comwww.aptastandards.com
American Public Transportation AssociationAmerican Public Transportation AssociationWashington, DCWashington, DC
NOTES