We’re using on-screen barcodes to show the ticket values for reading by automatic gates, or checking by the train guards who carry hand-held scanners.The ticket code can be transferred to the NFC element on compatible phones (like this nokia 6131) but this handset is the only mainstream GSM handset with NFC and we’ve not heard of others in the pipeline.Even when NFC services become mainstream, you will still need a secure interface to purchase entitlements, before they get transferred to the NFC element.
[The screenshots above are animated, to show useful UI widgets helping the user to select from large lists, or input Credit Card numbers correctly]WAP and WEB services are Thin Clients ; good when you have a reliable, low latency connection. Mobile is not like that. – inside buildings, moving vehicles and in remote locations: connections are often dropped or unavailable.Mobile Java allows us to build FAT clients, and not just glorified mini-browsers!Applications should provide most of the interaction while OFF-LINE and then only require an occasional connection at the end to make transactions, or get updates.e.g. you should be able to review your bank account and create new payment instructions while on the metro, not only when stood still in good Here are screenshots showing how you can quickly select one station from a list hundreds long, and also how to perform local validation of credit card numbers before sending to reduce the number of unecessary network connectionsSMS Failover:Many users (more than half, we reckon) cannot make network connections from Java using WAP, because they need to switch to the correct INTERNET settings. To provide these users with an out-of-the-box instant purchase, the application can automatically detect the lack of functioning GPRS and switch to encrypted SMS instead.
This is circa end 2008 – since then, there are many more on left and one more on right. None on right have operator subsidies.Nokia are the most pro-active NFC handset manufacturer.
Credit Card details entered just once into the application.Users have said “easier to use the mobile purchase than web purchase” because of quick, optimised workflow.
Simple – simply put in your car, your credit card, and how long you want to park.Brand new user can sign up and pay in just one secure SMS (or 0.02pence worth of data)Extend your parking without returning to the vehicle.
Come see me after for live demos, or to chat about building secure mobile applications form-commerce,Banking,Ticketing,Messaging,Read our blog for more details on security.blog.masabi.com
Masabi - Transport Ticketing 2010
Barcode Ticketing<br />Self-print and Mobile<br />
Technology Warning!<br />Just because you cando something with new technology –<br />Does not mean customers will adopt<br />Does not mean that companies will make money from it<br />
User Adoption of “new”?<br />Normal people only try a new technology to do something…<br />…if the old way of doing it is painful enough to make them try.<br />At that moment: offer them a better way.<br />
Who are Masabi?<br /><ul><li>Masabi build mobile applications
Projects with:</li></ul>Consultancy to set the standardsfor self-print and mobile barcodes <br />mobile tickets for <br />
Why introduce eTicking?<br />TOC Incentives:<br />Reduce cost of sales <br />Capex and Opex on people and machines<br />Reduce queues<br />Gather more customer Data <br />Encourage modal shift through down-sell<br />Enable new product types<br />Increase revenue through up-sell and cross-sell<br />Customer Incentives:<br />Avoid the pain of queues<br />Cheaper Tickets, such as Advanced<br />
Barcode Tickets<br />Self-print and <br />Mobile<br />
Web Purchase Workflow<br />Self-print<br />Or Mobile Delivery<br />
Mobile Purchase Workflow<br />Human readable <br />and scannable tickets<br />(ToD pickup option for routes not accepting Barcode yet)<br />
Mobile Barcode Tickets<br />WAP/MMS/Images<br />Any phone with MMS always has WAP<br />SMS-pictures not big enough for RSP<br />Compromise between text and barcode<br />Re-sizing can be an issue<br />DRM not everywhere<br />Smart Application<br />Full-screen, no re-sizing issues<br />Text and barcode separate<br />Application organises tickets<br />
Usability – Mobile Apps<br /><ul><li>Still useful without a reliable data connection (unlike WAP)
UK Rail Barcode Ticket Standard<br />RSPS3001 Approved in December 2008as the UK standard for self print and mobile barcode rail ticketing<br />
Shared Barcode Standard<br />Public and open security<br />Based on standard SSL certificates<br />Each TOC generates and sign tickets with their own private key<br />Scanners only contain list of TOC public keys to scan and validate<br />Decentralised system<br />robust and can operate off-line<br />cheap to implement and use<br />Share self-print and mobile barcodes between Operators and 3rd party retailers<br />Integrate with standard EPOS<br />
Do tickets need security?<br />Early e-ticketing systems just used numbers as tickets<br />This limited barcode tickets to either:<br />Advanced Tickets, with manifest synchronised to the guard’s devices <br />Or guards perform live check via WiFi/GPRS<br />Problem: real systems cannot guarantee live connections or synchronisations<br />
Open PKI Security Model<br />Traceability, and no security risk from theft of scanning devices<br />If private keys are leaked, only the vendor that loses the keys is affected<br />3rd parties and other EPOS vendors can take part, even taxis and coffee shops can scan and validate cross-sale tickets or entitlements<br />
PKI vs ITSO/Oyster<br />ITSO and Oyster are Symmetric<br />=Same Keys<br />PKI is Asymmetric<br />=Different Keys<br />Private key to create ticket<br />(safe on TIS server)<br />Private key to create ticket<br />Private key to check ticket<br />(risk from key theft, therefore need ISAM)<br />PublicKeyto check ticket<br />(no risk from key theft)<br />
Easy to Scan and Validate<br />Offline validation from software<br />Add to existing EPOS or gate systems<br />No mobile databases required<br />No synchronisation of valid tickets from one Train or Bus Co. to another (too much data, too unreliable)<br />Enables Walk-up tickets<br />
Forgeries and Copies<br />Isn’t it easy to photocopy a self-print paper ticket?<br />What if a bunch of clever people figure out how to copy mobile tickets?<br />What if one user copies a ticket, gets onto an off-line train, and his friend gets onto a second off-line train?<br />
Anti-Copying Policy<br />Scanners only accept first seen barcode<br />On-line scanners can check for previous scans at other locations<br />Off-line scanners submit scan records back to ticket issuer for post-processing<br />Post processing identifies dual use, and blocks future purchases from the same credit card until fine paid, limiting fraud<br />
How to Rollout Barcode?<br />Ask your Web ticket sales system provider to enable barcode ticketing, controlled by route and ticket type<br />Brief revenue enforcement staff on how to perform visual inspection of e-Tickets<br />Advertise it (in stations next to queues best)<br />Gradually add scanners and gate scanners as each route experiences more adoption of eTickets<br />
Barcode Suppliers<br />Working with established Systems Integrators and suppliers to ensure that innovative barcode services are delivered with industrial scalability and reliability<br />
Benefits of Barcode: <br />Customer<br />Sign-up in the queue (no usernames or passwords)<br />No queues ever again<br />Quicker re-purchase<br />Tickets same price<br />Operator<br />Lower cost per sale<br />No need to expand stations<br />Staged capital expense on scanners<br />
Barcode Vs Smartcard<br />SmartCard<br /><ul><li>Great for bigcities
Ticket distribution must be on-line</li></ul>Barcode<br />Great for long distance<br />Visual, readable<br />Soft rollout of scanners-> low capex<br />Free Security<br />No media to issue<br />Can cope with offline stations<br />
All user data entry and validation performed off-line by application
Secure SMS for users without data settings or with poor reception
New user can sign-up and pay in just one SMS</li></li></ul><li>Business Case & User Case<br />People will only try to use new technology to do a regular daily activity…<br />…if the old way of doing it is painful enough to make them try something new.<br />At that moment: offer them a better way.<br />