By Luiz Guimaraes, Latin American Sub-Working Group Chair at OSPT Alliance.
Governments and associated bodies are required to make a whole host of ID solutions. Driver’s licences, transport cards, employee access control, health services, library cards – the list goes on. Not to mention the increasing desire for multi-application solutions, combining two or more of these functions onto one card.
For the agencies trusted to define these solutions, finding the right partners is both strategically and technically challenging. Utilizing open standards can offer them a whole range of benefits, as well as relieve some of the common pain-points experienced.
CIPURSETM, the open, non-proprietary standard developed and maintained by OSPT Alliance, is one such standard perfect for ID applications. Administered by a not-for-profit industry association with an independent certification scheme, governments can feel confident that solutions defined on CIPURSE will remain agnostic, fair, and safe from vendor lock-in. Moreover, they can feel reassured that specifications respect privacymanagement regulations and are patent protected by OSPT Alliance’s patent pool.
As these agencies have so many players to consider at each stage, this level of independence is invaluable – especially looking longer term. With budgets often tight and heavily scrutinized, this also gives these agencies the power to select from a range of vendors to best meet their budget and strategic requirements. It also means that managing, upgrading and scaling solutions is dramatically simplified, with full interoperability across thewhole ‘transaction’ network.
Quality, functionality and security, of course, remain imperative beyond the commercial benefits of moving to open source. Thankfully, CIPURSE is well equipped to deliver on these fronts too. It uses AES 128 cryptography –part of the encryption utilized by most passports – as well as proven smartcard, standards including ISO 7816 and ISO/IEC 14443-4 that are widely used in major payments infrastructure.
What can be achieved with CIPURSE is really determined by the agency. CIPURSE is a truly flexible standard set that can support citizen cards, regional cards, state and city implementations; it can be used for applications covering anything from public transport and health cards, micro-payments and loyalty, and access control – even unique citizen access could be added, should an individual desire! All fully interoperable and supporting NFC, meaning NFC-supporting mobile device, terminal, or reader could be utilized to verify pictures, read biographic data etc.
CIPURSE has a unique key management system that’s of real value to governments. Multiple applications can easily be added onto one solution, but each have unique keys. This enables a simple and secure way for different authorities and agencies to intercommunicate while managing their designated application. Say, for example, a toll payment card and driver’s licence stored on one card. With CIPURSE, it is simple to separate access rights such as ‘read’ and ‘write’ for each data within an application, respectively. All-in-one, highly secure and interoperable.
CIPURSE has already been chosen for a number of ID projects and has been selected by Brazil to form the basis of its driving licence card, securing the data of 66 million drivers. The technology that will feature on the new card has many benefits, including allowing law enforcement officers to read the data on the card via an NFC smartphone app, in any location, and quickly coordinate with other agencies across related systems. Additionally, banks are looking at utilising fingerprint authentication to grant access to services, while additional local public transportation and access solutions are already in discussion to be implemented on the card.
Visit http://www.osptalliance.org for further information.