Masabi Rail Ticketing ITS
-
Upload
masabi -
Category
Technology
-
view
2.975 -
download
4
description
Transcript of Masabi Rail Ticketing ITS
Masabi build mobile applications
Award winning and certified security
Ticket sales and delivery from mobile
Projects:
Rail Settlement Plan
Consultancy supporting the standards
work on self-print and mobile barcodes
mobile tickets for
Business Rail ticket sales
ticket sales from
mobile (’07 – ‘08)
Contactless RF
Smart-Card ITSO, Oyster, Mi-Fare
NFC Phones
Barcodes
Self-print
Mobile
Dependant on scanning hardware
Soft rollout option with visual inspection
Avoid up-front cap-ex on full barcode scanner rollout
Visually inspect at launch
Staff report barcode ticket usage levels each week
Occasional SMS or scan checks
Staged scanner rollout for routes with significant adoption
(Can add
an animated
watermark to aid
visual inspection)
Oyster for London
Price incentives drive public uptake
Single Fare: Paper £4; Oyster £1.60
Massive capital expenditure before launch
Resistance from overland rail to accept same fees
National Smartcard Questions:▪ Will tickets be as heavily discounted?
▪ Will it be as widely adopted by public?
▪ How long will it take to recoup Cap-Ex?
RSPS3001 Approved in December 2008 as the UK standard
for self print and mobile barcode rail ticketing
Share self-print and mobile barcodes between TOCs, TIS and 3rd party retailers
Public and open security
Based on PKI, standard SSL certificates
Optional ITSO seal, but not required
Decentralised system - robust
Cheap to implement and use
ITSO and Oyster are Symmetric=Same Keys
PKI is Asymmetric=Different Keys
Private key
to create
ticket
Private key to
check ticket
(some risk from
key theft)
Private key to create
ticket
(safe on TIS server)
Public Key to
check ticket
(no risk from
key theft)
Traceability, and no security risk from theft of scanning devices
If private keys are leaked, only the vendor that loses the keys is affected
3rd parties and other EPOS vendors can take part, even taxis and coffee shops can scan and validate cross-sale tickets or entitlements
More free space for single TOC products and extra entitlements
“Includes free cup of Costa Coffee and 2 Adults entry to Alton Towers”
ITSO Seals included, but optional
Allows non-ITSO and ITSO enabled TOC’s to inter-operate
Any barcode scanner, online or off-line, must support: 2D Aztec with CCD imager
Handheld
Small basic scanners for door staff
Advanced PDA based scanners for service staff
Bluetooth scanner upgrade for Avantix Mobile 2
Cash Register/EPOS Scanners
Connect via USB or as “keyboard wedge” in between keyboard and EPOS like a normal scanner
Fixed Scanners for gates or check-outs
Retro-fit to existing gates, user places phone on rubber face to scan
Or built in at manufacture by gate supplier
Retro-fit Fixed / gate scanner
EPOS Scanner
Basic Advanced
Bluetooth
Offline validation from software
Add to existing EPOS or gate systems
No mobile databases required
No synchronisation of valid tickets from one TOC to another (too much data, too unreliable)
Walk-up tickets
Isn’t it easy to photocopy a self-print paper ticket?
What if a bunch of clever people figure out how to copy mobile tickets?
What if one user copies a ticket, gets onto an off-line train, and his friend gets onto a second off-line train?
Scanners only accept first seen barcode
On-line scanners can check for previous scans at other locations
Off-line scanners submit scan records back to ticket issuer for post-processing
Post processing identifies dual use, and blocks future purchases from the same credit card until fine paid, limiting fraud
Only 12% of rail tickets sold on the internet – most bought at station
Over 2/3 of mobile users never complete their sign-up if it’s on the web
So: Sign up the users when they need it
in a queue
in a hurry
next to a broken ticket machine
WAP / xHTML
Browser based, like on the web
No javascript or Ajax on ~90% of mobiles
Application
Installed on the phone
Dedicated, customised
Still useful without a continuous data connection
Optimised data entry Faster responses
Catch mistakes quicker
SMS failover from GPRS Avoid settings, reception &
roaming problems
Cheaper + faster for the user Send only the data
Flat rate data is still not common
Early WAP:
WTLS – not true security
New WAP2
Vodafone breaks HTTPS, breaks PCI
Merchant’s policy decision on acceptable level of security
Most agree that credit card sign-up should not happen over broken WTLS or HTTPS
Results in sign-up on WEB only, like Trainline
No sign-up process
no usernames
no passwords
Mostly off-line interface, SMS backup
Fast repeated regular purchases
Auto-show tickets, full screen barcodes
Payments straight from phone No need for explicit sign-up or passwords Just type CVV again for future purchases
All user data entry and validation performed off-line by application
Secure SMS for users without data settings or with poor reception
New user can sign-up and pay in just one SMS
95% of trial users said:“better than the IVR system we used until now”
Buy anywhere No paper, no queues - barcode tickets Tunnels aren’t showstoppers!
Auto-detects SMS or GPRS 1-2 SMS per ticket Doubles the consumer uptake by removing Data issues
Quick repeat tickets Customer loyalty and lock-in
Chiltern Railways with YourRail
Trial user feedback: “Better than the web!”
Two snags against mass-adoption of the existing SMS/MMS tickets
1. User delay in finding ticket before gatecustomers manually searching the phone’s lists of messages/images to find today’s ticket
2. Some phones don’t scan successfullyGuards simply don’t scan certain phones, and customers know the gates won’t let them through without manual intervention
Answer: application auto-shows today’s ticket
Answer: application displays full-screen Aztec for scanner
Instant sign-up from the queue
Give everyone a personal ticket machine
Soft rollout to avoid cap-ex
Customer behaviour tracking and targeted SMS offers
Cross-sales to raise margins
SMS “Tickets” to 89080
Auto-Install SMS
XML WebService Requests
Purchase Request and Payment Details(sent by encrypted SMS or Data from the mobile application)
Success message with content, ticket or code
Retailer Web Services
Masabi Proxy(can be hosted by
retailer)
1
2
3
4
5
Optimise for the regular use cases
Make them fast and obvious
Allow advanced search for users that choose it
Dynamic interface can expand options
Enable goal seeking for
▪ Cheapest Advanced tickets, with maximum date/time range
▪ Off-peak services
▪ Advanced/non advanced
Full-Screen Barcode Display on Mobile
Size = speed and reliability of scanning
More reliable than SMS, MMS or WAP delivered barcodes
Off-line Scanning
Allows for total loss of site WiFi / Internet connectivity or loss of the central ticket server
Secure Barcodes
PKI barcode signatures prevent modification of tickets by criminals
Public Key Validation allows any 3rd party vendor or EPOS till integrator to scan and check tickets