EP2118856A1 - Procédé, dispositif de manipulation de ticket, produit de programme d'ordinateur et plate-forme de produit pour un mécanisme de sécurité d'un ticket électronique - Google Patents
Procédé, dispositif de manipulation de ticket, produit de programme d'ordinateur et plate-forme de produit pour un mécanisme de sécurité d'un ticket électroniqueInfo
- Publication number
- EP2118856A1 EP2118856A1 EP08709314A EP08709314A EP2118856A1 EP 2118856 A1 EP2118856 A1 EP 2118856A1 EP 08709314 A EP08709314 A EP 08709314A EP 08709314 A EP08709314 A EP 08709314A EP 2118856 A1 EP2118856 A1 EP 2118856A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- ticket
- seal
- information
- handling apparatus
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K1/00—Methods or arrangements for marking the record carrier in digital fashion
- G06K1/12—Methods or arrangements for marking the record carrier in digital fashion otherwise than by punching
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/12—Card verification
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B11/00—Apparatus for validating or cancelling issued tickets
Definitions
- the invention relates to a method, ticket handling apparatus, computer program product and product platform for an electronically readable ticket, which can be a travel ticket, entrance ticket or a corresponding voucher exchangeable for a commodity or service, where the purpose of the method, ticket handling apparatus, computer program product and product platform on which the ticket can be saved is to protect the authenticity and properties of the ticket and to implement a security mechanism.
- a problem related to electronically readable tickets which can be, for example, single tickets, smart cards or files in mobile communication devices, is that they should be both safe so that dishonest users would not be able to modify or copy the tickets and the information therein, and flexible to provide comfort of use so that, for example, the ticket would not become valid before it is stamped, and it could be acquired in advance.
- the making and checking of the ticket and stamping it as used must take place quickly. Tickets like this can be used, for example, to pay for journeys, as entrance tickets or to pay for products, such as for food or drink in large public events.
- Patent specification WO 2004/015917 deals with the security of tickets sent as text messages.
- an individual security code is generated on the basis of the transmission time of the text message, which prevents copying the message or transferring it to another platform.
- the electronic ticket is secured by identification codes.
- the identification codes are separately created by using the identification number of the product platform, an external encryption key and a random number generator. A lot of calculation is required in this method, and it may slow down the writing of the ticket and its inspection.
- the file structure of the electronic ticket includes the basic data of the electronic ticket and the ticket application information. This file structure can be read, written and processed by ticket handling apparatus, and at least part of the information of the ticket application is protected by seals.
- the first seal is calculated by a ticket handling apparatus, using the basic data of the ticket and the ticket application information, and this first seal is written on the ticket. This seal protects the information by which it has been calculated.
- the second seal is calculated in con- nection with the stamping of the ticket by the ticket handling apparatus, using the basic data of the ticket, the updated information of the ticket application and the broken first seal.
- the broken first seal is written in place of the intact first seal.
- the ticket handling apparatus calculates a reference seal from the values read from the ticket, and compares it with the seal read from the card. If the reference seal and the read seal correspond to each other, the ticket is accepted. If the reference seal and the read seal do not correspond to each other, the ticket is rejected. If the ticket has been checked and accepted, the information on the ticket, which is not protected by a seal, can be updated.
- the ticket can be saved on a remote-readable travel card, a contact card, a one-time card with a memory or a mobile communication device.
- the ticket-handling apparatus includes a central unit, a memory, a communication unit and means for remote reading the file structure of the ticket from the product platform and to write in the file structure of the ticket.
- the ticket handling apparatus can carry out ticket selling, stamping and checking measures.
- the selling measures and the stamping and checking measures are generally carried out in separate ticket handling apparatus units. For example, when a ticket is being bought for a mobile communication device, the sales unit can be very far physically.
- the ticket handling apparatus sets the selling information and calculates the first seal, for which it uses the basic data of the ticket and the information of the ticket application, including the sale information.
- the information of the ticket application and the first seal which protects the information by which it was calculated are written on the ticket.
- the basic data of the ticket has usually been set earlier, or it is ready as properties of the product platform, as the case usually is with mobile communication devices.
- the ticket handling apparatus checks whether the ticket already has a second seal ready, i.e. whether the ticket has already been stamped. If a second seal does not exist yet, the ticket handling apparatus first checks the correctness of the ticket by calculating a reference seal and comparing it with the first seal of the ticket. Then it calculates the second seal by using the information of the ticket application updated in the stamping, the basic data of the card and the first seal, which has been broken. After this, the ticket handling apparatus writes the updated information of the ticket application on the ticket on the product platform, and then replaces the first seal by a seal used in the calculation of the second seal.
- the ticket handling apparatus can complement or edit the file structure of the ticket read from the product platform, if it is not in the form required by the ticket handling apparatus. This enables the use of many product platforms of different types in the same system.
- the method according to the invention is implemented by a computer program product, which has means for calculating the first seal from the basic data of the ticket and the information of the ticket application in connection with the selling, and for calculating the second seal from the basic data of the ticket, the information of the ticket application and the broken first seal in connection with the stamping of the ticket.
- the computer program product operates in the ticket handling ap- paratus.
- the computer program product can be adapted to operate in ticket handling apparatus units intended both for ticket selling and ticket inspection.
- the electronic ticket according to the invention is stored on a product platform, which is electronically readable and writable and which has a central unit, a memory and a RFID unit or a corresponding unit enabling remote reading and writing and which has an individual identifier or for which one can be generated.
- the memory of the product platform has been arranged, by means of its RFID unit, in connection with the sale transaction to receive an electronic ticket, which consists of the basic data of the ticket, the information of the ticket application and the first seal calculated therefrom, which is individual for each product platform and ticket. In connection with the checking or stamping of the ticket, it also offers the information of the ticket to be read by the card handling device.
- This product platform is a. remote-readable travel card, a contact card, a single card with a memory or a mobile communication device.
- the invention has the advantage that the use of seals increases the data security of the cards. Compared to access right keys, the sealing method has the advantage that the keys need not be distributed to the card, which is slow and cumbersome and may cause problems with data security. For example, for casual users who use tickets loadable to NFC devices, the sealing method described by the in- vention is the only way of ensuring the correctness of the product in practice. Because the encryption keys used for calculating the seals are kept as protected in the card handling apparatus, unauthorized modification of the information protected by them is difficult.
- the invention has the advantage that this method speeds up the han- dling of the cards during stamping and checking. More convenience of use is also provided by the fact that the invention enables buying the product in advance, because according to the invention, the product can be set to become valid in connection with the stamping. It is also adaptable to different devices and platforms, which enables the use of many different product platforms in the same system.
- the invention enables new ways of contactless trading, which may be, for example, the implementation of auxiliary sales in large public events, such as food products, drinks and the like, in accordance with the invention, which would facilitate the arrangements and reduce the time needed for them.
- the invention also has the advantage that it makes it possible to return or change the product purchased electronically. This possibility increases the customer's trust in the system.
- Figure 1 shows the ticket handling apparatus by way of example
- Figure 2 shows an example of the product platform of the electronic ticket according to the invention
- Figure 3 is an exemplary flow chart of the method according to the invention
- Figure 4 shows an example of the file structure of the electronic ticket in a simplified manner
- Figure 5 shows an example of the use of seals on the level of the file structure of the electronic ticket.
- the arrangement for assigning the right of use and checking of travel tickets and the checking method used in it is presented as an example of utilizing the method according to the invention.
- seals are used for increasing the security and convenience of use of the electronic ticket.
- An example of the handling of a single card application used for travelling with public transport means, and other examples, will be described in the following.
- a ticket when a single card application is meant, it will be referred to as a ticket.
- a single card application or other electronically purchased ticket providing the right of use to a service or product it will be referred to as a ticket.
- the means on which this ticket is is called the product platform.
- the apparatus by which the tickets on the product platform are read and written, the information of the tickets is modified and their rights of use are checked, and selling and stamping measures are carried out, are called ticket handling apparatus.
- Fig. 1 shows the ticket handling apparatus 10 according to the invention by way of example. It may be, for example, a travelling means checking and registering means located in a travelling means. It preferably comprises a central processing unit (CPU) 101 , in which the checking and granting measures for the right of use of the ticket required by the method according to the invention are performed.
- the central processing unit may utilize the memory 102 for executing the program ac- cording to the invention and for saving its results.
- the ticket handling apparatus 10 also includes a RFID unit 103. It enables the ticket handling apparatus to exchange messages with the object being checked, which can be, for example, a remote-readable travel card 203, a contact card or a mobile communication means.
- the RFID unit 103 of the ticket handling apparatus comprises both a transmitter and a receiver.
- a remote-readable travel card for example, is activated by means of the transmitter.
- the information transmitted by the travel card 203 is received by the receiver.
- new information is written on the travel card 203. This information preferably comprises the writing instructions of the seals according to the inven- tion. Similarly, other information, such as validity information, can also be saved in the travel card.
- the ticket handling apparatus can advantageously include a GPS positioning device 106, which receives positioning information from the satellites 107.
- the location information can be used for checking the right to utilize the right of use.
- the ticket handling apparatus may also comprise a communication unit 104, through which it can exchange information with a data system belonging to the travel card system (not shown in Fig. 1).
- the data transfer connection 105 can be either a wireless or wired data transfer connection. Through the data transfer connection, it is possible to update user or location information or the software of the checking device, for example.
- the ticket handling apparatus may also have a display or a corresponding indicator, which tells the customer about the steps of the ticket handling and the properties of the ticket, such as the time of validity of the ticket, or the apparatus indicates by a sound or light signal whether the stamping or checking of the ticket was successful.
- Fig. 2 shows the functional main parts of an exemplary, remote-readable travel card 20.
- the card has a central processing unit (CPU) 201 , which can read from the memory 202 and write into the memory 202.
- the electronic ticket is preferably in the memory of the travel card.
- the travel card 20 includes a RFID unit 203, by which the travel card can receive information from the ticket handling device 10 from the RFID unit 103, for example.
- the travel card can also transmit information of the ticket saved in the memory 202 of the travel card 20. This information may advantageously comprise information re- lated to the right of travel and the seal information according to the invention.
- the file structure of the ticket read from the product platform is complemented and changed in the memory of the ticket handling apparatus to comply with the requirements of the ticket handling application in the ticket handling apparatus. This means that the file structures of the tickets need not necessarily be alike, but many different platforms can then be used in the same system.
- Figure 3 illustrates the method according to the invention as an exemplary flow chart. The method is described in it step by step.
- step 301 of Fig. 3 the ticket is sold, whereupon the ticket handling apparatus carrying out the selling measures starts to prepare the ticket for transfer to the product platform.
- step 302 the ticket is initialized, i.e. the basic data according to the product platform and the application is given to it.
- step 303 the ticket selling information is set. After this, the first seal is calculated for the ticket in step 304, after which the ticket can be written on the product platform in step 305.
- step 306 of Fig. 3 the ticket is stamped.
- step 307 the values of the ticket are read from the product platform to the ticket handling apparatus.
- step 308 it is checked whether another seal is found from the values read. If the answer is "NO”, it is checked in step 309 whether the first seal of the ticket is valid. If the first seal is found to be valid, i.e. the answer in step 309 is "YES”, the process moves to step 310, in which a second seal is calculated for the ticket, after which in step 316, the second seal and the updated information is written on the ticket on the product platform, and the stamping transaction is stopped in step 317.
- step 309 of Fig. 3 If in step 309 of Fig. 3, the first seal is found to be invalid, i.e. the answer is "NO", the process moves to step 314, in which the ticket is rejected. The stamping trans- action is stopped in step 315.
- step 308 of Fig. 3 If in step 308 of Fig. 3, a second seal is found from the ticket, the answer is "YES”, and the process moves to step 311 , in which the second seal is checked. If the second seal is found to be invalid, i.e. the answer is "NO”, the process moves to step 314, in which the ticket is rejected. The stamping transaction is stopped in step 315.
- step 311 of Fig. 3 If in step 311 of Fig. 3, the second seal is found to be valid, i.e. the answer is "YES”, the process moves to step 312, in which the updated information of the ticket is written on the product platform. The stamping transaction is stopped in step 313.
- Fig. 4 the file structure of the ticket is divided into two parts: the basic data of the ticket (Applicationlnformation) and the ticket application (eTicket).
- the ticket application consists of the sale information (Salelnformation), the first seal, the validity information (Validitylnformation), the second seal and the boarding information (Boardinglnformation).
- the basic data of the ticket are set in con- nection with the initialization of the ticket, which may take place at the time of the selling or before it.
- the basic data include a series of numbers, or an ID number, which identifies the ticket. This ID number is formed, for example, from the number of the travel card chip given by the manufacturer. The ID number is different on each product platform unit, or there is so much variation that it is almost impossible to utilize it in a dishonest manner.
- the sale information includes the properties of the purchased commodity, i.e. in this case those of the travel ticket, which for example include the quality of the ticket, its date of sale, area of validity, time of validity, price and other possible properties.
- the sale information is protected by the first seal, by which the authenticity and intactness of the information is secured, and by which it is checked that the information is on the original product platform.
- the first seal is calculated in connection with the selling.
- the sale information and the first seal which has been calculated in the sales system, are written on the initialized ticket.
- the rest of the area of the ticket application where space is reserved for the validity information, the second seal and the boarding information, is written as zero.
- the selling is carried out by a ticket handling apparatus for selling. The selling may take place at a sales point or an automatic selling machine.
- the seal can be calculated in many different ways.
- the seal is calculated by the 3DES key according to the ISO 9797 standard.
- the ticket handling apparatus can calculate the seals programmably, or it may contain a security module, in which the encryption keys have been saved, and the calculation is carried out in a protected environment.
- the basic data and sale information of the ticket are required for calculating the first seal. Merely the ID number and the sale information can be used for this. Because the information content, from which the first seal is calculated, includes the individual ID number of the product platform, it is not possible to create a functional copy of the ticket information on another product platform.
- the ticket handling apparatus for checking and stamping checks and stamps the ticket and calculates a new seal when required.
- the ticket handling apparatus may be in the means of transport for which the ticket has been acquired, or on the platform, station or corresponding space from which the means of transport is accessed.
- the ticket handling apparatus reads from the product platform the ticket information, which in this case includes the application information, sale information and the first seal of the ticket. It examines whether there is a second seal on the ticket, which would mean that the ticket has already been stamped. If a second seal is not found, the first seal is searched for. When the first seal has been found, it is checked whether it corresponds to the application information and sale information of the ticket which have been read.
- the reference seal is compared with the first seal read from the ticket. If they are alike, the file structure of the ticket is accepted. This is done to check the authenticity and intactness of the sale information and whether they are on the correct product platform. If the valid sale information according to the first seal is on the ticket, the validity information is formed. If the ticket has been sold so as to become valid from the first use, the validity information of the ticket is calculated in connection with the first stamping according to the time of the ticket handling apparatus and the length of the validity period in the sale information of the ticket.
- the ticket handling apparatus calculates the second seal by means of the application information, sale information, first seal and validity information read from the ticket.
- the first seal is broken in the memory of the ticket handling apparatus. This can be done by writing numerical values on either the whole first seal or a part thereof.
- the values that break the first seal are agreed on in advance, and they can be zeros or random numbers, for example.
- the second seal is calculated in the same way as the first one. In this case, the encryption key of the ticket handling apparatus, the application information and sale information read from the ticket and the first seal broken in the ticket handling device are used for calculation.
- the second seal of the ticket confirms the authenticity and intactness of the validity information.
- the boarding information of the ticket which indicates where and when the ticket has been used, is also created in connection with the stamping. The content of the boarding information is not pro- tected by sealing.
- the corresponding values which were used when calculating the second seal in the ticket handling apparatus, are written on the first seal.
- This breaking of the seal annuls the sale information and at the same time validates the validity information.
- the annulment of the sale information ensures that the resetting of the validity information would not restore the sale information as valid.
- the second seal also covers the sale information and the application information of the ticket, and thus it also confirms their authenticity and intactness. If the means of transport is changed during the validity of the ticket, it is stamped again by the ticket handling apparatus.
- the ticket handling apparatus reads the ticket information.
- the ticket handling apparatus checks whether the ticket has a second seal, i.e. whether it has already been stamped. Having found it, the ticket handling apparatus checks whether this second seal corresponds to the application information and validity information of the ticket. The checking is carried out in the memory of the ticket handling apparatus by calculating a reference seal from the read ticket information and by comparing this reference seal with the second seal read from the card. If the second seal is accepted, i.e. the reference seal and the second seal have been found to be the same, the changing carried out is added to the boarding information of the ticket.
- the validity information can also be set in connection with the purchase transaction. They can be made valid for a certain period of time beginning from the sale or for a certain period of time in the future. This selling made for a certain period of time can be used, for example, when selling travel tickets for the duration of a certain event. This event could be, for example, an athletic contest lasting for several days, partial events of which are on different sides of the usage range of the tickets. If the validity information is set in connection with the selling, the first seal is not calculated but it is set directly in the broken mode, which may be zeros, and the second seal is then calculated in the manner described above.
- Fig. 5 describes the use of seals more accurately on the level of the file structures.
- the functionality may vary in accordance with the requirements of the product platform or the different purposes of use of the product (ticket).
- the manner described follows, for the applicable parts, the file structure of a single card application adapted on the Mifare Ultralight product platform.
- the charts denote the content of the file structure in the calculation processes. The chart is not accurate, and it should not be used as a bit-level description of the file structure.
- the Mifare Ultralight cards are remote readable and writable storage means, the memory of which is divided into segments and blocks.
- the remote use of the cards is based on the ISO 14443 technology.
- the cards have a memory of 512 bits (64 bytes). A part of the areas of the memory are required by the format, the rest are used by the user application.
- the Mifare Ultralight card is used in this example, the described file structure and its use can be easily adapted on other platforms as well.
- Fig. 5 shows the three different states of the file structure of the ticket of a single card application.
- Point a) (SEAL1) is the situation when the ticket has been bought.
- Point b) (SEAL1 & 2) is the situation when the ticket is being stamped.
- Point c) (SEAL2) is the situation when the ticket has been stamped and used for travelling.
- SEAL2 Segmented Two
- the segments are named consecutively as D1 , D2, D3, D4, D5 and D6.
- segments D7 and D8 have not been named in it. 8 blocks have been reserved for each segment, except the last segment D8, for which 7 blocks have been reserved in this case.
- Point a) in Fig. 5 is the file structure of a bought and unused single ticket application.
- Segment D1 includes the card serial number set by the manufacturer (blocks 1 to 7, which have been named SN0-SN6).
- OTP One Time Programmable
- Segment D2 and partly segment D3 contain the application information of the ticket, which include the ID information of the ticket, the version numbers of the application, the identifiers of the owner of the application and the like.
- This application information has been written in connection with the initializing of the ticket. This can be done in advance or in connection with buying the ticket.
- the individual ID number of the card (ApplicationSerialNumber) is saved in the blocks 18, 19 and 20 in the segment D3.
- the card chip serial number given by the manufacturer is used for calculating this ID number.
- the sale information is given to the product in the purchase transaction. This information is set in accordance with the product bought by the customer. If the application and sale information do not fill up the space reserved for them, the space remaining empty is filled with values of a pre- determined type.
- the seal calculation method used requires that the area to be calculated has been complemented as multiples of 8 bytes, i.e. the calculation takes place in eight-byte blocks.
- the standard also defines the complementation mechanism. In the case of point a) of Fig. 5, the points to be complemented have been the blocks 21 , 31 and 32.
- the first seal is calculated. This is calculated in the sales system from the information content of the card, which includes the serial number of the card, its application information and sale information.
- the seal is preferably calculated by the 3DES key according to the ISO 9797 standard.
- this encryption key is only in the sales system and the ticket handling apparatus, calculating the seals dishonestly is difficult and time- consuming even in the cases when it would be possible. Because the information content used for calculating the seal includes an individual identifier of the card, it is not possible to create a functional copy of the information content of the ticket on another product platform, which may be another card or some other device, but the sale information protected by the seal functions only on the product platform on which it has been set.
- the sale information and the first seal are ready in the sales system, they are written on the ticket on the card.
- the application information and sale informa- tion of the ticket are placed in the segments D2, D3 and D4.
- the first seal of the ticket is placed in the segment D5, which includes the blocks 33-40, which are named in Fig. 5 as Data18-Data25.
- the rest of the file structure, segments D6, D7 and D8, are written full of zeros.
- the file structure of the ticket is ready for use.
- the calculated file structure of the ticket is not neces- sarily written entirely as such, but the memory properties of the physical card may set restrictions. This does not cause problems, because when the file structure of the ticket on the card is read for stamping into the ticket handling apparatus, checking or some other measure, the file structure is complemented into the form required by the application. This for its part makes it more difficult to misuse the ticket.
- the seal can also be made with some other method. In cases like that, it is not necessary to complement the incomplete segments.
- the file structure of a single ticket application when the ticket is being stamped for the first time is shown at point b) of Fig. 5.
- the card contained by the ticket has been taken in the vicinity of the ticket handling apparatus for stamping.
- the ticket handling apparatus reads the file structure of the ticket, which in this case includes the serial number, application information, sale information and the first seal.
- the ticket handling apparatus looks for a second seal in order to see whether it has been stamped earlier.
- the ticket handling apparatus checks whether the read file structure of the ticket corresponds to the first seal. This is done by calculating the first reference seal corre- sponding to the seal in the memory of the ticket handling apparatus and comparing it to the read value.
- the validity information of the ticket is formed.
- the validity of the ticket according to the time by the clock of the ticket handling apparatus and the length of the validity period read from the sale information is included in the validity information. If the validity information does not fill up the space reserved for it, the space remaining empty is complemented with values of the agreed type in the same way as was described at point a). In the case de- scribed at point b), values for the amount of one block have been added to the validity information in block 48, in which case it fills up the segment D6.
- a second seal is calculated for the ticket in the ticket handling apparatus. Calculating the second seal takes place practically in the same way as calculating the first seal.
- the first seal is broken. In this case, it is done by setting the third, fourth, fifth and sixth block of the segment contained by the first seal preferably as zeros.
- the information content of the ticket, from which the seal is calculated includes, in addition to the information required for calculating the first seal, also the validity information and the first seal as broken.
- the second seal is calculated by the 3DES key in the ticket handling apparatus according to the ISO 9797 standard. In addition to the application and sale information, the second seal thus covers the first seal as broken and the validity information.
- the ticket handling apparatus checks them by reading them and comparing them to the values in the memory.
- the first seal is broken so as to correspond to the broken seal used for calculating the second seal.
- blocks 35, 36, 37 and 38 of segment D5, which contains the first seal are written with zeros on the ticket.
- This writing command breaks the first seal, whereby the sale information ceases to be valid.
- this writing command also sets the information content of the ticket to correspond to the information content used in the calculation of the second seal.
- the second seal corresponds to the informa- tion content of the card, and therefore the authenticity and intactness of trie ticket can by checked by means of the second seal.
- the annulment of the sale information ensures that the resetting of the validity information and the second seal would not restore the sale information as valid.
- the situation described here corresponds to point c) in Fig. 5.
- the boarding information indicating where and when the ticket has been used is written on the ticket.
- the boarding information is formed by means of the location information and the time by the clock of the ticket handling apparatus.
- the boarding information is placed in segment D8. In this case, they fill blocks 57-59 of segment D8.
- the information is intended mainly for the use of ticket checking, and it has not been protected by sealing.
- the OTP area (One Time Programmable) is taken into use. Its length is 32 bits. The state of the OTP area is checked in the ticket sale transaction. If all the bits of the area have been set, i.e. they are ones, the card is regarded as used up, and no more selling is allowed for this card. If the area is empty, i.e. all the bits are zeros, it is the first sale transaction for the card in question. Then, in the first sale transaction, the value of the OTP area is written as OxCOOOOOOO, i.e. the two topmost bits of the OTP area are set as ones.
- the first seal of the ticket is calculated, like in the previous example, from the serial number of the card, the application and sale information of the ticket, but the information of the OTP area is also included now.
- the OTP area is either not calculated, or it is set as zero in the ticket handling device.
- the validity information and the second seal have been written on the ticket, the information content of the OTP area, or the bit sequence, is circulated in the memory of the ticket handling apparatus one step to the left so that the first value becomes the last, and the new value thus obtained is written to the OTP area on the card.
- the bits of the OTP area cannot be restored back to zero, the two topmost bits of the OTP area remain as ones, and the lowermost bit moves to the one-state, being thus of the form OxC-0000001.
- the ticket is restamped, its file structure is read into the memory of the ticket-handling apparatus, and there the OTP area can be set as zero or alternatively ignored when calculating the reference seal for checking.
- the card is wanted to be reused for the sale transaction, i.e. a new product is purchased for it, it is found that all the bits in its OTP area are not zeros, and thus the basic value need not be set.
- the value of the OTP area which is OxC-0000001 in this case, is also used in addition to the other values.
- the information content of the OTP area, or the bit sequence is circulated again in the memory of the ticket handling device one step to the left. Now the two first and the two last values of the OTP area are ones. This value is written to the OTP area of the card. This process can be continued, until all the bits in the OTP area are ones. Then the card has been used up, and the customer must get a new card. A method like this allows reloading the card 30 times.
- the information content of the OTP area is changed after the setting of the validity information and the OTP area is included in the first seal, restoring the sales information to the card does not form new, valid sales information.
- other values can also be set as the basic value of the OTP area. If the value is set as 0x00000000, reuse of the card is in no way limited. If the value is set as OxFFFFFFFE, the card can be used only once. It is also possible to use other kinds of OTP areas and corresponding solutions. Their use is very similar to that of the case described.
- the steps described by the method according to the invention can be carried out by a program in the memory of the ticket handling apparatus, and the program is executed in the central processing unit of the apparatus.
- the ticket application is described by using a NFC device (Near Field Communication), which can be a telephone, a palm computer or the like, as the product platform.
- NFC device Near Field Communication
- a data structure of the ticket application like the one described above can be placed in an NFC device, which functions through the NFC interface according to the ISO 14443 standard.
- the product platform must have a unique ID number, which must be electronically readable, and the application must have a sufficient memory capacity available in order to save the ticket application. Then it is possible to use the ticket application through the NFC interface in the same way as the application on the card.
- the file structure of the ticket application has been designed such that it can be loaded to the NFC device.
- the ID number of the device is transmitted in the ticket purchase re- quest.
- the sales system calculates the first seal from the ID number of the device and the sales information of the ticket.
- the first seal is calculated by the 3DES key in the ticket handling apparatus according to the ISO 9797 standard. This seal confirms the authenticity and intact- ness of the sales information, and by it it can be checked that the ticket is on the original product platform.
- the sales system forms a sealed ticket product accord- ing to the product being purchased, which is sent back to the NFC device as one file, for example.
- the transmission of information can also take place as text messages coded as SMS messages.
- the NFC device must then have an application program, which converts the character-coded text message files into the form required by the ticket product.
- the NFC device In which a ticket application ready for use has been saved, is taken close to the ticket handling apparatus for the stamping of the ticket.
- the ticket handling apparatus reads the ticket information through the NFC interface.
- the ticket handling apparatus checks whether the ticket has a second seal, i.e. whether it has already been stamped. If there is no second seal, the first seal is searched for. When this has been found, the ticket handling apparatus checks the first seal on the basis of the information it has read. The first seal is checked in the memory of the ticket handling device by calculating from the read values, which are the ID number of the device and the sale information of the ticket, a reference seal corresponding to the first seal in the same way as in con- nection with the buying of the ticket in the sale system.
- This reference seal is compared to the read first seal. If they are the same, it means that the ticket is valid. If the checking of the first seal tells that the ticket is in force and valid, the validity information is formed in the ticket handling apparatus and the second seal is calculated.
- the ID information of the NFC device, its sale information, validity in- formation and its first seal as broken are required for calculating the second seal.
- the first seal can be broken in the memory of the ticket handling apparatus by writing predetermined values on the seal or on a part of it. These values can be zeros or random numbers, for example. It is essential that these same values are used later when breaking the first seal in the ticket application in the memory of the NFC device.
- the second seal is calculated in the ticket handling apparatus by the 3DES key according to the ISO 9797 standard.
- this seal covers the first seal and the validity information of the ticket.
- the validity information and the second seal are written in the ticket application in the NFC device.
- the first seal is broken by writing in its memory area the same values as were written in the memory of the ticket handling apparatus when calculating the second seal.
- This writing annuls the sale information, i.e. breaks the seal, but at the same time validates the validity information by another seal.
- This second seal can be used for checking the correctness and validity of the ticket, for example when it is a travel ticket, which is used for changing to another means of transport.
- the boarding information which is not protected by the seal, is written on the ticket at the same time.
- the ticket handling device When the ticket is stamped for a second time, e.g. when changing to another means of transport, the ticket handling device reads the information contained by the ticket. At first, it searches for the second seal from the information it has read. When it has found it, the ticket reading device checks the correctness of the second seal with regard to the file structure of the ticket. If the second seal confirms the information of the card, the ticket handling apparatus checks the validity information in the next step. If the validity information is in force and entitle to use the service, such as a means of transport, the boarding information of the ticket is updated.
- a third example of using seals in an electronic ticket is, for example, buying a drink or a corresponding product during the interval of some event.
- the customer establishes a connection to the sales system with an NFC device, which may be a tele- phone provided with an NFC connection, by calling or sending some other message to a predetermined number.
- the sales system calculates from the identifier of the NFC device and the information content of the ticket wanted by the customer the first seal, which becomes a part of the ticket, and sends the ticket to the NFC device of the customer.
- the customer acti- vates the ticket and takes the NFC device to the range of operation of the ticket handling apparatus.
- the ticket handling apparatus recognizes the ticket and checks the correctness and validity of the ticket from the seal.
- the ticket handling apparatus calculates the second seal in its memory by means of the first seal it has broken and the sale information.
- the ticket handling apparatus marks the ticket as used by breaking the first seal in the NFC device in the same way as it was done for calculating the second seal and by writing the second seal on the ticket. After stamping the ticket as used, the customer gets his product.
- the sold tickets can be specified by the sale information to be valid only at a certain point of time, and therefore trying to copy them is of no use for the dishonest customer. This payment method would be useful in large public events in which there are no automatic teller machines available, and the use of payment cards would slow down sales.
- the case of this example can be further expanded by giving to the customer the right to return or exchange an unused ticket, i.e. one in which the first seal is intact.
- seals include inverse use of seals, i.e. the second seal is first calculated from the first one and the data, after which a new first seal can be calculated from the second seal and the data. Writing the new seal breaks the old seal at the same time. It is also possible to use a plurality of seals; in the case of four seals, for example, the first seal is used to calculate the second seal and to break the first one, the second seal is used to calculate the third seal and break the second one, and the third seal is used to calculate the fourth one and to break the third one.
- the seals can also be circulated, whereby three seals, for example, are used, i.e.
- the first seal is used to calculate the second one and to break the first one
- the second seal is used to calculate the third one and to break the second one.
- the third seal is used to calculate a new first one and to break the second one. After this, the round starts from the beginning.
- the seals also make it possible to return the unused ticket or change it for another product.
Landscapes
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Devices For Checking Fares Or Tickets At Control Points (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FI20075092A FI121323B (fi) | 2007-02-09 | 2007-02-09 | Menetelmä, lipunkäsittelylaite, tietokoneohjelmatuote ja tuotealusta sähköisen lipun turvamekanismille |
PCT/FI2008/050046 WO2008096041A1 (fr) | 2007-02-09 | 2008-02-07 | Procédé, dispositif de manipulation de ticket, produit de programme d'ordinateur et plate-forme de produit pour un mécanisme de sécurité d'un ticket électronique |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2118856A1 true EP2118856A1 (fr) | 2009-11-18 |
EP2118856A4 EP2118856A4 (fr) | 2011-03-02 |
Family
ID=37832243
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08709314A Ceased EP2118856A4 (fr) | 2007-02-09 | 2008-02-07 | Procédé, dispositif de manipulation de ticket, produit de programme d'ordinateur et plate-forme de produit pour un mécanisme de sécurité d'un ticket électronique |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2118856A4 (fr) |
FI (1) | FI121323B (fr) |
WO (1) | WO2008096041A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102346925B (zh) * | 2010-08-02 | 2014-06-11 | 中国移动通信集团公司 | 电子票存储设备、电子检票系统及方法 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0950968A1 (fr) * | 1997-08-13 | 1999-10-20 | Matsushita Electric Industrial Co., Ltd | Systeme de commerce electronique mobile |
WO2000062260A1 (fr) * | 1999-04-07 | 2000-10-19 | Swisscom Mobile Ag | Procede et systeme permettant de commander, charger et utiliser des billets d'acces |
EP1069539A2 (fr) * | 1999-07-14 | 2001-01-17 | Matsushita Electric Industrial Co., Ltd. | Ticket électronique, porte-monnaie électronique, et terminal d'informations |
EP1079334A1 (fr) * | 1999-08-24 | 2001-02-28 | Kabushiki Kaisha Toshiba | Système de barrière |
US6223166B1 (en) * | 1997-11-26 | 2001-04-24 | International Business Machines Corporation | Cryptographic encoded ticket issuing and collection system for remote purchasers |
US6473790B1 (en) * | 1997-02-07 | 2002-10-29 | Casio Computer Co., Ltd. | Network system for serving information to mobile terminal apparatus |
EP1267289A1 (fr) * | 2000-03-13 | 2002-12-18 | Pia Corporation | Systeme de ticket electronique |
EP1439495A1 (fr) * | 2003-01-17 | 2004-07-21 | Siemens Aktiengesellschaft | Ticket électronique, système et procédé permettant d'émettre des tickets électroniques, dispositifs et procédés pour utiliser et réaliser des opérations sur des tickets électroniques |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06501324A (ja) * | 1990-04-27 | 1994-02-10 | スキャンディック・インターナショナル・プロプライエタリー・リミテッド | スマートカード妥当性検証装置および方法 |
EP0823694A1 (fr) * | 1996-08-09 | 1998-02-11 | Koninklijke KPN N.V. | Tickets enregistrés dans des cartes à circuit intégré |
JPH1063884A (ja) * | 1996-08-14 | 1998-03-06 | Nippon Shinpan Kk | 電子チケットシステムおよび該システムを用いた電子チケットの利用方法 |
US6192349B1 (en) * | 1998-09-28 | 2001-02-20 | International Business Machines Corporation | Smart card mechanism and method for obtaining electronic tickets for goods services over an open communications link |
JP2002183633A (ja) * | 2000-12-13 | 2002-06-28 | Sony Corp | 情報記録媒体、情報処理装置および情報処理方法、プログラム記録媒体、並びに情報処理システム |
WO2003044711A1 (fr) * | 2001-11-21 | 2003-05-30 | Kent Ridge Digital Labs | Procede de distribution et d'echange de bons de reduction electroniques au moyen d'un service de messagerie electronique |
WO2003077473A1 (fr) * | 2002-03-13 | 2003-09-18 | Beamtrust A/S | Procede de traitement d'un cheque de paiement electronique |
US9002724B2 (en) * | 2003-02-28 | 2015-04-07 | Panasonic Corporation | Incentive provision system |
-
2007
- 2007-02-09 FI FI20075092A patent/FI121323B/fi not_active IP Right Cessation
-
2008
- 2008-02-07 WO PCT/FI2008/050046 patent/WO2008096041A1/fr active Application Filing
- 2008-02-07 EP EP08709314A patent/EP2118856A4/fr not_active Ceased
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6473790B1 (en) * | 1997-02-07 | 2002-10-29 | Casio Computer Co., Ltd. | Network system for serving information to mobile terminal apparatus |
EP0950968A1 (fr) * | 1997-08-13 | 1999-10-20 | Matsushita Electric Industrial Co., Ltd | Systeme de commerce electronique mobile |
US6223166B1 (en) * | 1997-11-26 | 2001-04-24 | International Business Machines Corporation | Cryptographic encoded ticket issuing and collection system for remote purchasers |
WO2000062260A1 (fr) * | 1999-04-07 | 2000-10-19 | Swisscom Mobile Ag | Procede et systeme permettant de commander, charger et utiliser des billets d'acces |
EP1069539A2 (fr) * | 1999-07-14 | 2001-01-17 | Matsushita Electric Industrial Co., Ltd. | Ticket électronique, porte-monnaie électronique, et terminal d'informations |
EP1079334A1 (fr) * | 1999-08-24 | 2001-02-28 | Kabushiki Kaisha Toshiba | Système de barrière |
EP1267289A1 (fr) * | 2000-03-13 | 2002-12-18 | Pia Corporation | Systeme de ticket electronique |
EP1439495A1 (fr) * | 2003-01-17 | 2004-07-21 | Siemens Aktiengesellschaft | Ticket électronique, système et procédé permettant d'émettre des tickets électroniques, dispositifs et procédés pour utiliser et réaliser des opérations sur des tickets électroniques |
Non-Patent Citations (1)
Title |
---|
See also references of WO2008096041A1 * |
Also Published As
Publication number | Publication date |
---|---|
FI121323B (fi) | 2010-09-30 |
WO2008096041A1 (fr) | 2008-08-14 |
FI20075092A (fi) | 2008-08-10 |
EP2118856A4 (fr) | 2011-03-02 |
FI20075092A0 (fi) | 2007-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100383777C (zh) | 包括便携式数据处理单元的数据交换系统 | |
US6119945A (en) | Method and system for storing tickets on smart cards | |
DK174912B1 (da) | Automatiseret transaktionssystem anvendende mikroprocessorkort | |
US5185798A (en) | Ic card system having a function of authenticating destroyed data | |
US5688056A (en) | Method for controlling a printer in order to obtain postages | |
US7428987B2 (en) | Cashless vending system | |
US20050131577A1 (en) | Cashless vending system, method, vending machine, and center apparatus | |
WO2003023560A2 (fr) | Procede et dispositif permettant a des consommateurs de controler l'acces a leurs donnees personnelles | |
JP2003263622A (ja) | 無線タグと無線タグに関する判定装置および方法、管理装置および方法。 | |
JP2008508578A (ja) | 非接触型支払カード取引変数を引渡すためにビットマップを使用する方法およびシステム | |
US20010014885A1 (en) | IC card and its controller, and a method for selection of IC card applications | |
US10257697B2 (en) | Systems and methods for product activation | |
EP1156435A2 (fr) | Système de paiement de commerce électronique | |
Attoh-Okine et al. | Security issues of emerging smart cards fare collection application in mass transit | |
JP2003526128A (ja) | Icカードおよび端末の間で再構成可能通信プロトコルを選択するための方法および装置 | |
CN101351809A (zh) | 用于接近式设备中安全账号的系统和方法 | |
EP2118856A1 (fr) | Procédé, dispositif de manipulation de ticket, produit de programme d'ordinateur et plate-forme de produit pour un mécanisme de sécurité d'un ticket électronique | |
JP6270005B1 (ja) | 磁気記録カード及び情報照合システム | |
JP2000215286A (ja) | 電子通貨、電子通貨の使用方法、電子通貨システム及び記憶媒体 | |
US20070226151A1 (en) | Method for Processing a Cashless Payment Transaction | |
JP6860710B2 (ja) | 発券機、およびサーバ装置 | |
JP3044194B2 (ja) | カード管理システム | |
US20040035924A1 (en) | System and method for replacing identification data on a portable identification device | |
EP1426905A1 (fr) | Dispositif pour la délivrance contrôlée de produits ainsi que dispositif de programmation et moyens de paiement pour son usage | |
JP2002133345A (ja) | ワンタイム・クレジットカード及びクレジットカード認証システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20090826 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: HSL HELSINGIN SEUDUN LIIKENNE Owner name: EJO CONSULTING |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20110127 |
|
17Q | First examination report despatched |
Effective date: 20110808 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20121023 |