1 / 9

APTA Chip Card Security Group

The APTA Chip Card Security Group aims to develop industry guidance for an open architecture payment environment in public transportation, promoting greater access, convenience, and integration. This initiative addresses the need for enhanced security standards to replace outdated technologies and promote cost savings and better products for transit agencies and customers.

retheridge
Download Presentation

APTA Chip Card Security Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APTA Chip Card Security Group Harold Brown Security Committee Chair May 18th, 2017

  2. How It All Started • Universal Transit Fare Card Standards initiative started in 2003 (UTFS) • The Purpose and the Mission To develop a series of documents that provides industry guidance for the creation of an open architecture payment environment that promotes greater access and convenience to the public transportation network and enables integration of independent systems

  3. What Was Left Undone • We adopted ISO/IEC 14443 and ISO/IEC 7816 as the building blocks of the UTFS • Part IV System Security was not developed for UTFS • We only provided best practices and guidelines for Chip Card Security

  4. The ISO/IEC Contactless Standards Relationship 7816-4 APDU Value Command Name '0E' ERASE BINARY '20' VERIFY '70' MANAGE CHANNEL '82' EXTERNAL AUTHENTICATE '84' GET CHALLENGE '88' INTERNAL AUTHENTICATE 'A4' SELECT FILE 'B0' READ BINARY 'B2' READ RECORD(S) 'C0' GET RESPONSE 'C2' ENVELOPE 'CA' GET DATA 'D0' WRITE BINARY 'D2' WRITE RECORD 'D6' UPDATE BINARY 'DA' PUT DATA 'DC' UPDATE DATA 'E2' APPEND RECORD Security Layer 14443-4 T=CL A complete contactless protocol stack for Data Exchange between Reader and Card Application Protocol Layer “Transit Application”

  5. Key Drivers For Security Standard In Transit • Some long-lasting, established schemes operating for 10, 15 years+...are using OUTDATED technologies • Many of them using MIFARE Classic – a hacked technology….are ready to MIGRATE • Transport agencies are locked into one supplier ….and are NOT WILLING to accept this for the next generation

  6. APTA Card Security Committee The APTA Security Committee was started early 2015. We have over 15 Committee members representing Transit Agencies, System Integrators, Chip\ Card Manufactures and Consultants Our first meeting San Francisco Oct 2015 . Second meeting San Diego CA. April 2016

  7. What has the Security Committee Completed • Developed Purpose and Mission • Sub working Committee developed White Paper on WW search of Open Security standards. What Will Be Accomplished • A Standard or Best Practice guideline will be Issued by APTA for Chip Card\ Mobile Security

  8. What will be the Benefits to an Agency? • Promote a better economy of scale for agencies, enabling more competitive procurements….., Cost Savings • Promote competition in all respects of the fare collection process including payment….., Cost Savings • Promote a platform to support agency independence and vendor neutrality….,Cost Savings and Better Product for the Customer • Strive for an open architecture environment …, Cost Savings • Hardware and Software utilizing commercially off the shelf-available products.., Support Holistic Ticketing Solutions.., Eliminate High Cost from System Integrators, when moving from one Ticket Product to a New Ticket • Foster the development of a multi-modal/multi-application regional fare structure and social events media revenue environment

  9. Key Take-aways and Next Steps • The market is moving towards enhanced, non-proprietary secure contactless technologies • Open security standard is focused on • transit system requirements • Solutions for dedicated contactless transit cards and Limited Use tickets using advanced security • Upgradability to EMV contactless and use of NFC-enabled mobile phones • This Standard will address transit applications • Micropayment in combination with Transit services • Authentication scheme • Account Based • Mobile Ticketing

More Related