The Key Management document and the description of the most common SAM use cases have also been finalized and are available for download by Alliance members and evaluators.
The release of the specification marks an important milestone in enabling the development of CIPURSE-based security modules and CIPURSE-compliant contactless reader terminals. The OSPT SAM Working Group is chaired by a representative from Ecebs and also includes representatives from Oberthur Technologies and Infineon Technologies.
Secure access modules, known as SAMs, are secure microcontrollers that store cryptographic functions and keys commonly used in electronic transactions. In transit markets, SAMs are embedded in card readers, enabling passengers to use smart tokens or NFC smart devices to access transit instead of buying paper tickets. SAMs must be able to accept cryptographic key updates periodically to maintain high levels of security. The CIPURSE SAM Specification specifies the operational interface between CIPURSE SAMs and CIPURSE-compliant terminals, defining the CIPURSE SAM data objects and file system to ensure interoperability during personalization and field usage.
Designed as a layered, modular architecture with application-specific profiles, the open and secure CIPURSE V2 standard comprises a single, consistent set of specifications for all security, personalization, administration and life-cycle management functions needed to create a broad range of interoperable transit applications—from inexpensive single-ride or daily paper tickets to rechargeable fixed-count or weekly plastic tickets to longer-term smart card or smart phone-based commuter tickets that can also support loyalty and other applications.
CIPURSE V2, the latest version of the standard, and the SAM specification are available for download from the OSPT Alliance web site at www.osptalliance.org
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.