• Like
Masabi - Transport Ticketing 2010 Workshop
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Masabi - Transport Ticketing 2010 Workshop


Ben Whitaker's slides from Masabi's Transport Tickeitng 2010 show Workshop session.

Ben Whitaker's slides from Masabi's Transport Tickeitng 2010 show Workshop session.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • 75% (roughly) UK airline tickets purchased online,Yet only 2% of heathrow express tickets bought on-lineBecause people only think and act on their public transport needs as they approach the station.Mobile can give every user their own ticket machine, that never has a queue.
  • We’re using on-screen barcodes to show the ticket values for reading by automatic gates, or checking by the train guards who carry hand-held scanners.The ticket code can be transferred to the NFC element on compatible phones (like this nokia 6131) but this handset is the only mainstream GSM handset with NFC and we’ve not heard of others in the pipeline.Even when NFC services become mainstream, you will still need a secure interface to purchase entitlements, before they get transferred to the NFC element.
  • [The screenshots above are animated, to show useful UI widgets helping the user to select from large lists, or input Credit Card numbers correctly]WAP and WEB services are Thin Clients ; good when you have a reliable, low latency connection. Mobile is not like that. – inside buildings, moving vehicles and in remote locations: connections are often dropped or unavailable.Mobile Java allows us to build FAT clients, and not just glorified mini-browsers!Applications should provide most of the interaction while OFF-LINE and then only require an occasional connection at the end to make transactions, or get updates.e.g. you should be able to review your bank account and create new payment instructions while on the metro, not only when stood still in good Here are screenshots showing how you can quickly select one station from a list hundreds long, and also how to perform local validation of credit card numbers before sending to reduce the number of unecessary network connectionsSMS Failover:Many users (more than half, we reckon) cannot make network connections from Java using WAP, because they need to switch to the correct INTERNET settings. To provide these users with an out-of-the-box instant purchase, the application can automatically detect the lack of functioning GPRS and switch to encrypted SMS instead.
  • This is circa end 2008 – since then, there are many more on left and one more on right. None on right have operator subsidies.Nokia are the most pro-active NFC handset manufacturer.
  • Credit Card details entered just once into the application.Users have said “easier to use the mobile purchase than web purchase” because of quick, optimised workflow.
  • Simple – simply put in your car, your credit card, and how long you want to park.Brand new user can sign up and pay in just one secure SMS (or 0.02pence worth of data)Extend your parking without returning to the vehicle.
  • Come see me after for live demos, or to chat about building secure mobile applications form-commerce,Banking,Ticketing,Messaging,Read our blog for more details on security.blog.masabi.com


  • 1. Barcode Ticketing
    Self-print and Mobile
  • 2. Barcode Ticketing
    Goals of eTicketing in general
    Barcode User Workflow
    Self-print and Mobile ticket display
    Selling tickets on the mobile
    Ticket Inspection Workflow
    Soft Rollout and then adding Scanners
    UK Barcode Ticket Standard
    Open security
    Barcode and Smartcard comparison
  • 3. Who are Masabi?
    • Masabi build mobile applications
    • 4. Award winning and certified security
    • 5. Ticket sales and delivery from mobile
    • 6. Projects with:
    Consultancy to set the standardsfor self-print and mobile barcodes
    mobile tickets for
  • 7. Why introduce eTicking?
    TOC Incentives:
    Reduce cost of sales
    Capex and Opex on people and machines
    Reduce queues
    Gather more customer Data
    Encourage modal shift through down-sell
    Enable new product types
    Increase revenue through up-sell and cross-sell
    Customer Incentives:
    Avoid the pain of queues
    Cheaper Tickets, such as Advanced
  • 8. Technology Warning!
    Just because you cando something with new technology –
    Does not mean customers will adopt
    Does not mean that companies will make money from it
  • 9. User Adoption of “new”?
    Normal people only try a new technology to do something…
    …if the old way of doing it is painful enough to make them try.
    At that moment: offer them a better way.
  • 10. Mobile ticket opportunity
    Only 12% of 2008’s UK rail tickets sold on the internet – most bought at station
    But most mobile service users do not complete any registration on the web
    So: Sign up the users when they need it
    in a queue
    in a hurry
    next to a broken ticket machine
  • 11. Barcode Tickets
    Self-print and
  • 12. Web Purchase Workflow
    Or Mobile Delivery
  • 13. Mobile Purchase Workflow
    Human readable
    and scannable tickets
    (ToD pickup option for routes not accepting Barcode yet)
  • 14. Mobile Barcode Tickets
    Any phone with MMS always has WAP
    SMS-pictures not big enough for RSP
    Compromise between text and barcode
    Re-sizing can be an issue
    DRM not everywhere
    Smart Application
    Full-screen, no re-sizing issues
    Text and barcode separate
    Application organises tickets
  • 15. Example HEX Tickets
    Adaptive layout, size, rotation, DRM
  • 16. WAP Ticket Features
    Flexible Branding and Layout
    generated from xHTML/CSS
    Auto-adapts according to handset
    Size, Rotation, DRM, Image Format
    Supports gif, png, jpg, dm, drm, dcf
    WAP Push and SMS Link – autodetect
    Users don’t need to register
    Friendly file names - 12JuntoDoncaster.dm
  • 17. Usability – Mobile Apps
    • Still useful without a reliable data connection (unlike WAP)
    • 18. Optimised data entry
    • 19. Faster responses
    • 20. Catch mistakes quicker
    • 21. SMS failover from GPRS
    • 22. Avoid settings, reception & roaming problems
    • 23. Cheaper + faster for the user
    • 24. Send only the data
    • 25. Flat rate data is still not common
  • Walk-up First Purchase
  • 26. Repeat Purchase
  • 27. Key Usability Points:
    No sign-up process!
    no usernames
    no passwords
    Mostly off-line interface, SMS backup
    Fast repeated regular purchases
    Full screen barcodes for fast scanning
  • 28. UK Rail Barcode Ticket Standard
    RSPS3001 Approved in December 2008as the UK standard for self print and mobile barcode rail ticketing
  • 29. Shared Barcode Standard
    Public and open security
    Based on standard SSL certificates
    Each TOC generates and sign tickets with their own private key
    Scanners only contain list of TOC public keys to scan and validate
    Decentralised system
    robust and can operate off-line
    cheap to implement and use
    Share self-print and mobile barcodes between Operators and 3rd party retailers
    Integrate with standard EPOS
  • 30. Do tickets need security?
    Early e-ticketing systems just used numbers as tickets
    Limited barcode tickets to either:
    Advanced Tickets, with manifest synchronised to the guard’s devices
    Or guards perform live check via WiFi/GPRS
    Problem: real systems cannot guarantee live connections or synchronisations
  • 31. PKI vs ITSO/Oyster
    ITSO and Oyster are Symmetric
    =Same Keys
    PKI is Asymmetric
    =Different Keys
    Private key to create ticket
    (safe on TIS server)
    Private key to create ticket
    Private key to check ticket
    (some risk from key theft)
    PublicKeyto check ticket
    (no risk from key theft)
  • 32. Open PKI Security Model
    Traceability, and no security risk from theft of scanning devices
    If private keys are leaked, only the vendor that loses the keys is affected
    3rd parties and other EPOS vendors can take part, even taxis and coffee shops can scan and validate cross-sale tickets or entitlements
  • 33. Easy to Scan and Validate
    Offline validation from software
    Add to existing EPOS or gate systems
    No mobile databases required
    No synchronisation of valid tickets from one Train or Bus Co. to another (too much data, too unreliable)
    Enables Walk-up tickets
  • 34. Forgeries and Copies
    Isn’t it easy to photocopy a self-print paper ticket?
    What if a bunch of clever people figure out how to copy mobile tickets?
    What if one user copies a ticket, gets onto an off-line train, and his friend gets onto a second off-line train?
  • 35. Anti-Copying Policy
    Scanners only accept first seen barcode
    On-line scanners can check for previous scans at other locations
    Off-line scanners submit scan records back to ticket issuer for post-processing
    Post processing identifies dual use, and blocks future purchases from the same credit card until fine paid, limiting fraud
  • 36. Large Data Capacity
    Sealed by: East Coast Railways
    Issued by: East Coast Railways
    Ticket Number: EC0005342103
    Issued at Kings Cross
    1st Class, Adult, Single, Outbound
    From Oban Station
    to London Bridge Station
    Valid from: 2008/08/28
    valid on train departing: 18:08
    ID Check: Credit Card ending 1241
    Name: P. PEARSON
    With Network Railcard
    £16.34 (Price was discounted)
    Validity Code: ES
    Purchase Ref: REF41414A5
    Valid 1 day with one extra adult
    one (1) journey leg: 2008/08/27 18:08Retail Service ID = TS0001; Reserved: Coach C, Seat 24 B
    Optional ITSO header not included.
    Extra Entitlement:
    WITH ANY DRINK; REF #572931
  • 37. Flexible Ticket Data
    More free space for single TOC products and extra entitlements“Includes free cup of Costa Coffee and 2 Adults entry to Disneyland”
    Cross sale opportunities can finally make the ticket sales channel work harder, and release more revenue from the whole journey
  • 38. How to Rollout Barcode?
    Ask your Web ticket sales system provider to enable barcode ticketing, controlled by route and ticket type
    Brief revenue enforcement staff on how to perform visual inspection of e-Tickets
    Advertise it (in stations next to queues best)
    Gradually add scanners and gate scanners as each route experiences more adoption of eTickets
  • 39. Soft Rollout of Scanners
  • 40. Scanner Options
    Any barcode scanner, online or off-line, must support: 2D Aztec with CCD imager
    Small basic scanners for door staff
    Advanced PDA based scanners for service staff
    Bluetooth scanner upgrade for Avantix Mobile 2
    Cash Register/EPOS Scanners
    Connect via USB or as “keyboard wedge” in between keyboard and EPOS like a normal scanner
    Fixed Scanners for gates or check-outs
    Retro-fit to existing gates or built in at manufacture by gate supplier
    User places phone face-down to scan
    EPOS Scanner
    Fixed gate scanner
    (as fast as Oyster)
  • 41. Scan as fast as Smartcard
    • New gate scanners from Access IS (who make the airport scanners) as fast as Smartcard readers, even from legacy mobile
    • 42. 240ms to scan, decode, decrypt and validate
    • 43. Now mobile barcode is ready for Mass-Transit and rush-hour travel
    • 44. So why wait for NFC ?
  • Barcode Suppliers
    Working with established Systems Integrators and suppliers to ensure that innovative barcode services are delivered with industrial scalability and reliability
  • 45. Benefits of Barcode:
    Sign-up in the queue (no usernames or passwords)
    No queues ever again
    Quicker re-purchase
    Tickets same price
    Lower cost per sale
    No need to expand stations
    Staged capital expense on scanners
  • 46. Barcode Vs Smartcard
    • Great for bigcities
    • 47. No Screen
    • 48. Full rollout of scanners-> highcapex
    • 49. ITSO security
    • 50. Smartcard media
    • 51. Ticket distribution must be on-line
    Great for long distance
    Visual, readable
    Soft rollout of scanners-> low capex
    Free Security
    No media to issue
    Can cope with offline stations
  • 52. Capital Expenditure Items
  • 53. NFC – Not Today
  • 54. Case Study - Ticketing
    Chiltern Railwawith YourRail
    User feedback: “Better than the web!”
    • Buy anywhere
    • 55. No paper, no queues - barcode tickets
    • 56. Tunnels don’t break the system
    • 57. Auto-detects SMS or GPRS
    • 58. 1-2 SMS per ticket
    • 59. Doubles the consumer uptake by removing Data issues
    • 60. Quick repeat tickets
    • 61. Customer loyalty and lock-in
  • Case Study - Parking
    95% of surveyed users said:“better than the IVR system we used until now”
    • Payments straight from phone
    • 62. No need for explicit sign-up or passwords
    • 63. Just type CVV again for future purchases
    • 64. All user data entry and validation performed off-line by application
    • 65. Secure SMS for users without data settings or with poor reception
    • 66. New user can sign-up and pay in just one SMS
  • Business Case & User Case
    People will only try to use new technology to do a regular daily activity…
    …if the old way of doing it is painful enough to make them try something new.
    At that moment: offer them a better way.
  • 67. ben@masabi.com+44 7788 895 894www.masabi.com