CIPURSE™ Specifications
The CIPURSE™ open standard provides an advanced foundation for developing highly secure, interoperable, and flexible mobility services solutions.
The open standard powering the future of mobility services
The CIPURSE™ Standard is the cornerstone of OSPT Alliance. Since their creation in 2010, the CIPURSE Specifications have evolved to address changing market requirements and are defined to empower service providers, suppliers and vendors with a fully open, advanced platform to develop secure mobility service solutions easily and in effortless collaboration with partners across the industry.
Now powering a number of global member deployments, CIPURSE is already widely recognized as the open, non-proprietary standard for transport ticketing, however, it has applications far beyond including ID, access control and micro-payments. CIPURSE is now enabling the future of mobility services.
The power of open standards is fundamental to the CIPURSE core. It is built on industry-proven standards including ISO/IEC 7816-4, AES-128 and ISO/IEC 14443, that are already adding trust to the world’s most popular payments types. Fully form-factor agnostic, CIPURSE supports media including contactless cards, mobile solutions and wearables, whether utilizing a secure element or host card emulation (HCE).
Crucially, CIPURSE is independent from both hardware and the hardware provider, ensuring new technologies and applications can be integrated seamlessly and cost-effectively into new and existing mobility as a service solutions. CIPURSE promotes vendor neutrality and cross-vendor system interoperability, which results in lower technology adoption risks and improved market responsiveness, competition and innovation.
In an effort to address the differing needs of industry stakeholders, OSPT Alliance has defined a range of specifications and documentation so users can select the functionality and requirements most suited to their deployment needs.
- Core Specifications – OSPT Alliance has standardized the operations, interfaces and crypto functions of each profile ensuring interoperability and security regardless of the functionality level selected.
- Profiles – the level of functionality and complexity of CIPURSE solutions can be determined by the profile chosen. Learn more in our FAQs.
- Java Card RTE Specifications – including Java Card Server Crypto API and PxSE API for cards; Java Card Host Crypto API for terminals and readers.
- Mobile Specifications – Specifications, guidelines and optional features to support implementations in a mobile environment.
- Terminal / Reader Specifications – These include the CIPURSE SAM Specification, SAM use cases, key management guide, and registered PxSE AIDs.
OSPT Alliance Members and registered Evaluators can access these Specifications here.
See below for full details of the available OSPT Alliance Specifications:
Operation and Interface Specification | Specifies the feature set available to all specifications within the CIPURSE V2 family. It describes the data objects on the card as well as the associated command set and security mechanisms by defining the interface between cards and terminals compliant to this standard. |
Cryptographic Protocol | Specifies the cryptographic mechanisms of cards (i.e. PICCs) and terminals (i.e. PCDs) compliant to this CIPURSE V2 Specification. |
Optional features | Specifies optional features that can be implemented in a CIPURSE V2 product – in addition to the Operation and Interface Specification – to support additional use cases as, for example, those commonly found in the mobile industry. |
Java Card Server Crypto API | Defines the interface of a library providing the CIPURSE cryptography for a card side CIPURSE application. |
PxSE Applet and API | Specifies the feature set of a PxSE applet class and a Java Card interface allowing CIPURSE applications registering to a PxSE instance. |
Mobile Guidelines | Offers guidance for integrating CIPURSE V2 in an NFC environment. |
SAM Specification | Specifies the interface of a CIPURSE SAM, which provides a terminal with all of the cryptographic services required to securely communicate with CIPURSE cards. |
SAM Use Cases | Describes the most common use cases of various CIPURSE SAM types. |
Java Card Host Crypto API | Defines the interface of a library providing the CIPURSE cryptography for a terminal side CIPURSE application. |
Key Management Guide | Provides some security requirements applicable for systems based on CIPURSE products. |
Registered PxSE AIDs | Provides a list of AIDs already registered for use by industry specific PxSE applications. |
BECOME A MEMBER OR EVALUATOR
- Become an Evaluator to access the CIPURSE Specifications.
- Find out how CIPURSE can support your projects.
- Get involved in the evolution of CIPURSE.
- Join an active community of technology professionals working to advance the future of mobility services!