EP3189485A1 - Electronic ticket management - Google Patents
Electronic ticket managementInfo
- Publication number
- EP3189485A1 EP3189485A1 EP15767215.5A EP15767215A EP3189485A1 EP 3189485 A1 EP3189485 A1 EP 3189485A1 EP 15767215 A EP15767215 A EP 15767215A EP 3189485 A1 EP3189485 A1 EP 3189485A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- ticket
- mobile terminal
- security element
- electronic ticket
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/02—Reservations, e.g. for tickets, services or events
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/045—Payment circuits using payment protocols involving tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/045—Payment circuits using payment protocols involving tickets
- G06Q20/0457—Payment circuits using payment protocols involving tickets the tickets being sent electronically
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3229—Use of the SIM of a M-device as secure element
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B15/00—Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
Definitions
- the invention relates to the general field of the dematerialization of title deeds otherwise known as "electronic tickets” and more particularly to the field of application in which an electronic ticket is intended to be stored in a mobile terminal capable of restoring said ticket to allow its user to access a property or more generally a service.
- NFC Near field communication techniques
- ISO International Standard Organization
- transport services are known in which public transport users use a dedicated application of their mobile terminal to buy electronic tickets and to validate their ticket at the entrance of the bus or tram by approaching their mobile terminal with a device.
- access control able to communicate with the mobile terminal, or more exactly with an element of the mobile terminal, by NFC near-field communication means to obtain the electronic ticket in order to check the validity thereof.
- security element is meant here a data storage and manipulation element to guarantee a user of the mobile terminal a high security since the data recorded in the security element is not accessible to an unauthorized user .
- user is meant the user of the mobile terminal, which is also the customer of the ticket provider.
- This security element may for example be constituted by a SIM (Subscriber Identity Module) SIM card, used in mobile telephony to store the subscriber-specific information of a mobile network and the user's applications. its operator or in some cases third parties.
- SIM Subscriber Identity Module
- This security element can still be a removable support type "Secure SD Card” or a security element integrated in the terminal ("Embedded Secure Element”) or a secure area of the application processor through the use of a technology of integrated security in the processor and its peripheral components (for example "TrustZone” technology, registered trademark of the ARM company).
- Embedded Secure Element a technology of integrated security in the processor and its peripheral components
- TrustZone registered trademark of the ARM company
- access control device is meant a physical device capable of acquiring knowledge of the content of the electronic ticket and checking its validity in association with one or more verification servers (of the validity date of the ticket, etc.) and authentication (of the security element associated with the user of the mobile terminal). Subsequently, the terms “access control device” and “terminal” will be used interchangeably.
- ticket validation we mean all two operations, namely ticket verification and authentication of the security element. In another example, the experiment "M-
- a service-specific application is developed and then installed in the security element, so that the security element can provide authentication of the user for access to the service (transport subscription, access to the football stadium, etc.) and at the same time manage service-specific data.
- Relatively complex techniques need to be used to load applications into the security element via service platforms located in the mobile operator infrastructure and / or OTA (over the air) service providers. ) which comply with the specifications published by the "Global Platform" association.
- Such platforms are expensive.
- the user can not install such an application himself in a SEVI card.
- the multiplication of dedicated applications considerably loads the SIM card which is generally limited in memory resources.
- the invention proposes a system for controlling access to a service by the user of a mobile terminal equipped with a security element, by validating an electronic ticket, which does not have such disadvantages.
- the subject of the invention is a method of providing an electronic ticket by a security element associated with a mobile terminal, the ticket being stored in the mobile terminal and designed to access a service via an access control device, the method being characterized in that it comprises the following steps in the security element: a step of receiving the electronic ticket from the mobile terminal;
- an authentication step taking into account at least one piece of data contained in the ticket and data related to the security element.
- the ticket is not exploited by the security element but only made available to the access control device by an application of the security element, called security application (in computer language, applet).
- security application in computer language, applet.
- the invention differs from current techniques which require the installation of an application specific to each service in the security element of the mobile terminal (SEVI card in particular), by example an application for access to a show and another application for transport tickets.
- a secure application in the SEVI card is often not sufficient to cover the needs of the service and must be associated with an application on the mobile, including a graphical interface adapted to the service.
- This set consisting of the specific application on mobile interacting with the specific security application on the SIM card is a complex technical set to develop and test.
- the security element of the mobile terminal (SIM card for example) is used as a strong authentication means, namely to provide proof that the mobile terminal approaching the terminal has the correct security element, that is to say say that of the user of the mobile terminal with which the security element (the user's SIM card) is associated. It is therefore important that this strong authentication function remains dedicated to the SIM card.
- the invention avoids the need to load a specific security application for each service in the security element (application that should specifically manage tickets according to the service to be rendered, ie an application for transport, an application for payment a third for shows, etc.) It still retains the advantages of the secure element, ie the strong authentication of the SEVI card which stores the electronic ticket, under the control of a secure applet which is satisfied to make the ticket available to the terminal and therefore does not perform any particular analysis or management of the ticket data.
- a method as described above also includes the following steps: a step of receiving, from the mobile terminal, an erasure order of the stored ticket ;
- the ticket is stored in the security element only temporarily. It is typically removed from the SIM card when the user has benefited from the service (e.g. has passed the gantry gate associated with the access control device) and therefore no longer needs the ticket in the SEVI.
- the ticket can however be kept in the mobile (for example if it is a transport ticket valid for several days). It is advantageous, in accordance with the invention, to store the tickets in the mobile phone and to make them available temporarily in the secure memory of the SEVI card, because the tickets can be bulky (in number of bytes) and occupy a large memory space in the SIM card.
- erasure is meant here deletion or replacement of the ticket, the deletion of releasing the memory while the replacement consists of storing another ticket (also temporary) instead of the ticket to be erased, typically the next ticket selected by the terminal mobile.
- This mode of implementation of the invention makes it possible, while benefiting from the authentication and security capabilities naturally linked to the security element, not to overload it.
- a method as described above is such that said ticket comprises at least one public key of the element security system, and is characterized in that it comprises the steps of: receiving a random event originating from the access control device; signature of the hazard by means of the private key of the security element; provision of the signed hazard for the access control device.
- the security procedure implemented according to the invention is very simple: the ticket issued by the ticket provider includes a public key of the SEVI card of the user, whereas the security element (SEVI card) conventionally comprises the corresponding private key. If the hazard is correctly signed by the SEVI card, the access control device can decrypt it using the public key contained in the ticket, thus ensuring authentication of the SIM card and therefore the user of the mobile terminal.
- SEVI card security element
- a method as described above is further characterized in that at least a portion of the ticket has been signed by means of a private key of the issuing entity.
- this signature of the message, or of a part of the message contained in the ticket by the secret key of the issuing entity makes it possible to add additional authentication relating to the identity of the service provider (and tickets): the device access control having access, directly or indirectly, to the public key of the issuing entity that provides the tickets, can verify the authenticity of this provider by decrypting the encrypted message.
- the subject of the invention is also a method for managing an electronic ticket in a mobile terminal with which a security element is associated, the ticket being provided for accessing a service via a control device. access, this method being characterized in that it comprises the following steps at the mobile terminal: a step of selecting an electronic ticket stored by the terminal;
- the electronic ticket is stored and managed within the mobile terminal by a ticket management application that runs on the mobile terminal and communicates with the security element.
- the electronic ticket is stored in a memory of the mobile terminal out of the secure element and transferred only after it has been selected, for example by the user by means of a graphical interface offering him a choice of tickets.
- the electronic tickets and the associated application are loaded into the mobile terminal by simple and flexible techniques known to those skilled in the art (for example SMS short messages (Short Message Service) or MMS (Multimedia Message Service), downloading to a mobile network server or the Internet via the mobile network, etc.) without the need for complex techniques used to load applications or data into the Internet.
- a SEVI card via OTA platforms.
- the user of the invention can advantageously install the application itself on his mobile terminal (for example an Android or Apple type application).
- Such an application can be adapted to each type of service or even to each service (graphics and adapted menus) without there being complex interaction between this application and the secure application for authentication and provision of the ticket which is in the secure element.
- Such an application can be dedicated to a certain type of service or on the contrary a single application on the mobile can manage all the tickets of all the services, without loss of generalities for the invention.
- the user can load several management applications into his mobile phone which generally has a larger memory than the SIM card.
- the temporary storage of the ticket in the SIM card limits the number of communication sessions to be chained between the terminal and the set SEVI-MOBILE: indeed if the terminal had to communicate simultaneously with an application on the mobile phone and another application on the SIM card, it should open two separate sessions, for example a Bluetooth session (with the mobile terminal) and an NFC session (with the SIM card) or two NFC sessions, etc. It is of course easier to open a single session to the SIM card when it has the ticket.
- a management method as described above is further characterized in that the communication between the security element and the access control device is performed in the near field.
- Near-field communication offers many advantages in this context of dematerialized tickets: an intrinsic security to this mode of communication, since the user of the mobile terminal must be only a few centimeters from the terminal to be able to validate his ticket; but still, the NFC allows the consumption of the ticket even when the battery of the mobile terminal is discharged or when the mobile is off: in fact the access control device is capable of supplying the SEVI card via its NFC field, thus ensuring the reading of the ticket and the signed hazard in the absence of even battery.
- a management method as described above also includes a step of transmitting to the security module an erase order of said ticket.
- this aspect of the invention reduces the space occupied by the tickets in the security element. Erasing can be a deletion or replacement of the ticket (by another ticket).
- a management method as described above also includes a prior step of receiving an electronic ticket in from a sending entity, said ticket comprising at least one public key of the user of the mobile terminal corresponding to the private key that is in the security element.
- the ticket issued by the ticket provider comprises a public key of the user's SIM card
- the security element comprises the corresponding private key
- a management method as described above is further characterized in that the selection step is automatic. if the power level of the mobile phone is below a predetermined threshold, and is carried out according to a pre-established rule.
- a management method is further characterized in that the pre-established rule consists in selecting the last ticket consulted by the user.
- the last ticket viewed or accessed by the user is selected as the most likely choice that the user would have made if he had himself made this selection, for example in a list of tickets.
- a management method as described above is further characterized in that the selection step is automatic. if the data contained in the ticket has certain predefined characteristics relating to the validity of the ticket.
- the ticket closest to its expiry date can thus be "pushed" automatically to the security module.
- the invention also relates to a security element associated with a mobile terminal able to make available to an access control device an electronic ticket stored in the mobile terminal, characterized in that it comprises the following modules: a reception module arranged to receive an electronic ticket from the mobile terminal;
- an authentication module able to take into account at least one piece of data contained in the ticket and a piece of data related to the security element.
- a module for erasing the ticket from the memory of the security device a module for erasing the ticket from the memory of the security device.
- module may correspond to both a software component and a hardware component or a set of hardware and software components, a software component itself corresponding to one or more computer programs or subprograms or more generally any element of a program capable of implementing a function or a set of functions as described for the modules concerned.
- a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions for the module concerned (integrated circuit, smart card, memory card, etc. .).
- the invention also relates to a mobile terminal with which is associated a security element, able to manage a ticket intended to access a service via an access control device, characterized in that it comprises the following modules: - a module for selecting an electronic ticket in the memory of the terminal; a module for sending said ticket to the security module;
- the invention also relates to a computer program adapted to be implemented by a method of providing electronic tickets as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the method of providing electronic tickets.
- the invention also relates to a computer program adapted to be implemented by an electronic ticket management method as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the electronic ticket management method.
- the invention relates to a recording medium readable by a data processor on which is recorded a program comprising program code instructions for executing the steps of the methods defined above.
- FIG. 1 represents the general context of one embodiment of the invention.
- FIG. 2 represents an architecture of a mobile equipment equipped with a subscriber identity module and an NFC module, able to implement an embodiment of the invention.
- FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention.
- FIG. 4 represents a flowchart illustrating the different steps of the method according to one embodiment of the invention.
- FIG. 1 corresponds to the general context of one embodiment of the invention; it is the local control, by an access control device or terminal (B), dematerialized tickets stored on the mobile (T) of a user (1), with authentication by the security element ( VS).
- the mobile terminal (T) also has an NFC module (3) allowing the use of contactless communications between the mobile phone and the associated SIM card (in this case also referred to as SEV1-NFC) and the terminal (B).
- the uses covered by the invention are those for which the user must prove to be in possession of a right of access to a service with a validity limited to a specific date or during a definite period of time (for example, a transport subscription for the month of October 2014) or with an electronic ticket number that can be verified when accessing the service (for example, access to a concert, sports competition, etc.).
- the intended application is a ticketing application delivering concert tickets. It is assumed here that the electronic tickets are delivered by SMS to the user: he has chosen an electronic ticket (here, in concert) from a service provider (5).
- the service provider (here, a provider of concert tickets), located in the example in a network (9), generated a ticket (4), signed it with its private key, then transmitted by SMS to the mobile phone of the user (T) (or several SMS, because of the intrinsic limitation of the size of an SMS).
- the network (9) is here a mobile network but other types of networks would be possible, for example the Internet, an Intranet, etc.
- the user can order his ticket on the server of the service provider (5), with his mobile terminal, through a data connection of the mobile network extending to the Internet, and receive his ticket on his mobile in the form of SMS . Before issuing the ticket, the service provider verified that the user is registered with a trusted authority (not shown).
- the public key of the user provided by the trusted authority to the ticket provider is the public key whose corresponding private key is contained in the user's SIM card.
- it is managed by a secure authentication and transit application, which is called a ticket provisioning application, or in shorthand, secure application, that the we will describe later.
- the service provider may have included in the ticket information provided by the trusted authority and the user.
- a possible format for such a ticket will be described later in support of Figure 3.
- the mobile terminal (T) contains a mobile application (for example an Android application) for managing electronic tickets, which notably enables the user to view the relevant information related to the ticket data (show name, date and time, etc.). ).
- the mobile application detects the ticket, for example upon receipt of an SMS starting with a given identifier.
- This ticket is stored on the mobile. All tickets stored on the mobile appear in the interface that the mobile application for ticket management offers to the user, and are usable if their end of validity date is not earlier than the current date. Alternatively, the tickets can be managed by several applications on the mobile (one for transportation, another for shows, etc.). The dematerialized electronic tickets are therefore not stored in the security element but on the mobile terminal. As will be seen later, the security element serves only to authenticate the user and to transit the ticket (temporary storage before reading by the terminal (B)).
- Each ticket is selectable by the user, for example by a touch of the finger on the touch screen of the mobile phone, and a dialog box can ask for confirmation of the selection of the ticket.
- the security element (C), or SIM card contains a secure application, also known as an applet (APS), which is installed on the SIM cards of the users of mobile terminals wishing to have access to the paperless ticket service.
- APS an applet
- Applet or security application, or APS. It can access the private key of the user in the memory of the SEVI card, which allows the SIM card, and therefore the user, to authenticate with the base station.
- This applet also makes it possible to temporarily store the ticket which will be read by the terminal.
- the APM mobile management application sends the ticket to the applet of the SIM card and then asks the user to present his mobile terminal to the terminal.
- an NFC communication is established between the terminal and the SIM-NFC card contained in the mobile terminal of the user.
- the terminal can then communicate with the SIM card to read the previously stored ticket.
- the applet of the SIM then makes it possible to authenticate the user, of which only the SEVI card has the private key corresponding to the public key contained in the ticket.
- the terminal (B) also communicates with a ticket verification "business" server (7) which itself is in contact with a signature verification server that has the public key of the service provider (5) and verifies that the signature of the ticket (ie the signature by the service provider) is correct.
- These two servers are, according to this example, local servers. They can alternatively be in the terminal itself or in a local network, or in the wide area network.
- the NFC terminal After the reception phase of the ticket by NFC, followed by the random sending phase to the SIM card and reception of this signed randomness, the NFC terminal waits for the response of the ticket verification phases carried out by the business server ( 6) and the signature verification server (7).
- the NFC terminal may include a graphical interface, not shown, which enables it to display information intended for the bearer of the mobile terminal. For example, a "state" part indicates the state of the verification: the display of the terminal indicates in green that the access is authorized, in gray what the user must do and in red any error occurred.
- the terminal responds positively to the request of the user, for example it opens a gate to let it pass.
- the terminal detects when the mobile terminal is no longer placed on the NFC reader, and can then start a new check when a new terminal approaches the NFC terminal.
- a system comprises a terminal T able to communicate with a network (9) comprising a ticket provider, and a security element (C) able to be inserted into the terminal (T) and to communicate with a terminal (B) for performing the validation of an electronic ticket.
- the terminal T is, for example, a mobile phone or a PDA (for "Personal Digital Assistant") or a tablet.
- the terminal T conventionally comprises a processing unit, or "CPU"
- a set of memories M including a volatile memory, or "RAM” (for "Random Access Memory”) used to execute code instructions, store variables, etc. and a non-volatile memory, of the "ROM” type (of "Read Only Memory”), or "EEPROM” (for "Electronically Erasable Programmable Read Only Memory”) intended to contain persistent data, used for example to store electronic tickets and the APM ticket management application.
- RAM for "Random Access Memory”
- EEPROM for "Electronically Erasable Programmable Read Only Memory” intended to contain persistent data, used for example to store electronic tickets and the APM ticket management application.
- the terminal T furthermore comprises:
- a first communication module MCI able to communicate with the security element C via a first communication interface (II).
- a second communication module MR enabling communication, via a communication network, with remote servers, for example with the ticket provider (5) which is in the Internet network (9) accessible via the mobile network or on a mobile phone network. It is in this way that the mobile terminal (T) receives in particular the application APM (Mobile Application) ticket management (according to our example, in concert) loaded into a memory M of the mobile, and tickets.
- APM Mobile Application
- a third NFC contactless communication module (3) capable of communicating the security element with a remote device via an NFC contactless link, for example terminal B located near the terminal T.
- contactless module NFC is also able to communicate with the security element C via an MC2 communication module and a second communication interface 12. It communicates with the mobile terminal via an interface MC3.
- the NFC module conventionally comprises an antenna adapted to transmit and receive messages modulated on the radio channel in NFC.
- the security element C is for example a removable support type UICC (for "Universal Integrated Circuit Card”), also called “SIM card”, a memory card hosting a secure element (SD card, Embedded Secure control ... ) or a specific memory area of the terminal as in the context of the HCE standard defined above.
- UICC Universal Integrated Circuit Card
- SIM card Secure Digital card
- SD card Embedded Secure control ...
- specific memory area of the terminal as in the context of the HCE standard defined above.
- the security element C commonly used for authentication to the mobile network (case of the SEVI card) has the function, in addition to authenticate with the terminal, to store the specific information to the mobile subscriber (here called user and the processes that allow the device to authenticate to the mobile network. For this purpose it has the private key (K) of the user. It comprises a first transceiver module MCI 'able to communicate with the terminal T via the first communication interface II, a second transceiver module MC2' able to communicate with the NFC module via the second communication interface 12.
- the security element C is an SEVI card and conventionally comprises ROM type memories M 'containing in particular the operating system of the security element and programs implementing the security mechanisms.
- security among others the authentication algorithm of the card, EEPROM type memories permanently containing directories and data defined by the mobile standard (eg GSM, UMTS, etc.), the authentication key (K) , or private key (of the user), as well as specific applications (APS) also called applets running in a RAM type memory. Applets are for example software programs using the "SEVI Application Toolkit" protocols according to the ETSI 102.223 recommendation, which make it possible to control certain functions of the mobile telephone, for example to communicate with the subscriber via the interface of the mobile phone. communication II between the SIM and the mobile phone T.
- Figure 2 is shown the secure APS applet common to all electronic ticket services. It implements the functions of transi t / temporary storage of tickets, the provision of the ticket for reading via NFC and the signature of a random received by NFC.
- the mobile application uses SmartCard according to the ETSI 102.221 recommendation. It makes it possible to open a communication channel with the SIM card applets for sending the data (e.g. the ticket) in the form of packets.
- the Android application closes the channel to allow other Android apps or NFC players to interact with the SIM card applet.
- FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention.
- the electronic ticket is structured so as to be able to provide all the information, or data, enabling the authentication of the user. It also contains information about the expiry date, the place number, the name of the event, the date, and so on. for a ticket to a concert hall.
- Each service provider structures his ticket so that it can be read by the APM mobile application that receives the tickets.
- an "identifier / value" type coding system may be used: the user data is then preceded by an identifier and separated from each other by separation data.
- the ticket (4) represented in FIG. 3 comprises the following data fields: the object of the ticket (Ml) contains the name of the event, the number of the place, the price, the date, etc.
- the validity period (M2) contains the end date of validity of the ticket.
- the two-key reference (Cl) contains the reference of the user's key pair.
- the term "key pair" covers the set consisting of the private key contained in the SIM card and the public key corresponding to this private key.
- the private key is used by the SEVI card to sign the hazard sent by the terminal (B); the corresponding public key is used by the kiosk to verify this signature.
- This reference (Cl) is therefore used to the terminal to know the key pair to use. Thanks to this reference read in the ticket, the terminal (B) indicates to the SIM card which private key it must use to sign the hazard and that its corresponding public key terminal itself must use to verify the signature of the randomness.
- the reference of the SEVI authentication algorithm (C2) is the reference of the algorithm that is associated with the user's key pair (Cl). Indeed, some companies may want, not only their own key pair, but also their own authentication algorithm.
- the public key of the SIM card (C3) is the public key of the user according to the bi-key reference (Cl).
- the seller ticket identifier is the reference of the service provider who sold and signed the ticket.
- the reference of the signature algorithm (S2) is the reference of the algorithm that is associated with the seller's key pair.
- the signature (S3) is the signature obtained by signing the fields M1, M2, C1, C2, C3, SI and S2. This signature is made by the service provider (ticket vendor) before sending the ticket to the mobile of the user.
- FIG. 4 represents a kinematics of the exchanges between the different entities of the invention.
- the terminal (B) When the user approaches, during a step El, the terminal (B), with his mobile (T) hosting the ticket, he selects on his mobile application the ticket (4) he wants to consume.
- the APM ticket management application on the mobile sends the ticket, during a step E2, to the APS applet of the SIM card and the ticket is stored temporarily in step El i in a memory ( ⁇ ') SIM card. It is a temporary storage before reading by the terminal (B).
- AID identification number
- the secure applet does not know or manage the contents of the ticket: it only makes temporary storage of the ticket that will be consumed.
- the applet of the SEVI card verifies during a step E12 that the ticket is received (the loading of the ticket may require several data packets), then optionally returns a response attesting to the good reception of the APM application of management of the ticket on the mobile, which receives it during a step E3 and can then ask the user to present his phone at the base station.
- the terminal B immerses the mobile terminal in an electromagnetic field from its NFC module.
- the emitted electromagnetic field is sufficiently high to properly power the NFC module of the SEVI card, ie when the mobile phone is sufficiently close to the terminal for the NFC module of the SEVI card to be powered, a communication can be established according to the protocol NFC between the two devices.
- the terminal can read the ticket in the memory of the SEVI-NFC.
- NFC communication is well known to those skilled in the art and will not be detailed further.
- the data flow of the NFC session passes through a controller (CLF for ContactLess Frontend) of the NFC module, which redirects the data to the SEVI-NFC card via the Single Wire Protocol (SWP).
- CLF ContactLess Frontend
- SWP Single Wire Protocol
- the terminal reads the key reference (Cl) and the algorithm reference (C2) to be used on the SIM card for the signature of the next hazard.
- the key reference (Cl) and the algorithm reference (C2) to be used on the SIM card for the signature of the next hazard.
- the terminal sends the SEVI-NFC a randomly generated number, also called a random number. Having a different random number each time prevents a person who has succeeded in recovering a signature of an old random number from reusing it.
- the SEVI card receives the hazard (A) during a step E14. During the step E15 it signs it using its private key, and returns the random signed S ⁇ A ⁇ to the terminal. To sign the random number, the applet uses cryptographic libraries of the SIM card well known to those skilled in the art. Note that only the SIM card of the user of the mobile terminal has this key, which implies that the user is strongly authenticated by this signature.
- the terminal receives the signature S ⁇ A ⁇ during the step E22 and then checks (E23) using the public key of the user, which it read in the ticket, that the signature of this random number has been done with the private key of the user. If step E23 fails, the process stops and the terminal does not give access to the service.
- the terminal checks during the step E24 the date of validity of the ticket: if it is incorrect, the process stops and the terminal does not give access to the service.
- the terminal sends during a step E24 the "business" fields of the ticket (Ml, M2: name of the concert, date, place number, etc.). ) to the business server (6).
- the business server verifies (E30) that the business fields are correct. If they are incorrect, the process stops and the terminal does not give access to the service.
- the business server has the signature (S3) of the ticket verified by the signature verification server (S3) (step E31) by the signature verification server (7) because the server (7) has the public key of the service provider that has signed the ticket. If the signature of the ticket is valid, the business server sends to the terminal (E32) its agreement to allow the user to access the service, that is to say here enter the room. The terminal opens the gantry (E25) and the user can enter.
- the process stops and the terminal does not give access to the service.
- the ticket can be unloaded from the memory of the SIM card (El 6).
- the SIM card contains only one ticket at a time (ticket in transit); a new ticket (from concert 2) hunts the concert ticket 1 in the SIM: when the user selects the ticket 2, it is transmitted to the SIM which erases the ticket 1, and the same for the following tickets. This avoids unnecessarily overloading the mobile memory.
- an order is issued by the management application on the mobile (APM) to the applet (APS) of the SEVI card (E4).
- the invention can nevertheless make the service to the user.
- the battery reaches a critical threshold
- the ticket whose validity date expires earlier can be selected and therefore stored in the SEVI card.
- the latter will be able to recover the ticket stored in the SEVI card by feeding it via the electromagnetic field NFC.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Tourism & Hospitality (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Finance (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1458202A FR3025377A1 (en) | 2014-09-02 | 2014-09-02 | MANAGEMENT OF ELECTRONIC TICKETS |
PCT/FR2015/052314 WO2016034810A1 (en) | 2014-09-02 | 2015-09-01 | Electronic ticket management |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3189485A1 true EP3189485A1 (en) | 2017-07-12 |
Family
ID=52016748
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15767215.5A Ceased EP3189485A1 (en) | 2014-09-02 | 2015-09-01 | Electronic ticket management |
Country Status (4)
Country | Link |
---|---|
US (1) | US20170286873A1 (en) |
EP (1) | EP3189485A1 (en) |
FR (1) | FR3025377A1 (en) |
WO (1) | WO2016034810A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3015725A1 (en) * | 2013-12-19 | 2015-06-26 | Orange | SYSTEM AND METHOD FOR PROVIDING SERVICE TO THE USER OF A MOBILE TERMINAL |
TWI529638B (en) * | 2014-05-26 | 2016-04-11 | 國立成功大學 | System and method for electronic ticket peer to peer secure transfer on mobile devices by near field communication (nfc) technology |
US20180060989A1 (en) * | 2016-08-30 | 2018-03-01 | MaaS Global Oy | System, method and device for digitally assisted personal mobility management |
FR3073304B1 (en) * | 2017-11-03 | 2021-03-05 | Thales Sa | PROCESS FOR LEGITIMING A TRANSPORTATION TICKET CARRIED BY A MOBILE TERMINAL, COMPUTER PROGRAM AND ASSOCIATED MOBILE TERMINAL |
TWI770279B (en) * | 2018-09-19 | 2022-07-11 | 財團法人工業技術研究院 | Voucher verification auxiliary device, system and method thereof |
DE102019114844A1 (en) * | 2019-06-03 | 2020-12-03 | VDV eTicket Service GmbH & Co. KG | Method and control device for the secure verification of an electronic ticket |
US11182786B2 (en) | 2020-01-29 | 2021-11-23 | Capital One Services, Llc | System and method for processing secure transactions using account-transferable transaction cards |
JP2021135552A (en) * | 2020-02-21 | 2021-09-13 | 株式会社ビットキー | Use management device, use management method, and program |
US11954205B2 (en) * | 2022-06-24 | 2024-04-09 | GM Global Technology Operations LLC | Security control for electronic control unit |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1439495A1 (en) * | 2003-01-17 | 2004-07-21 | Siemens Aktiengesellschaft | Electronic ticket, system and method for issuing electronic tickets, and devices and methods for using and performing operations on electronic tickets |
DE102010017861A1 (en) * | 2010-04-22 | 2011-10-27 | Giesecke & Devrient Gmbh | Method for handling electronic tickets |
US20120244805A1 (en) * | 2011-03-21 | 2012-09-27 | Nokia Corporation | Method and apparatus for battery with secure element |
US20120254030A1 (en) * | 2006-09-01 | 2012-10-04 | Mohammad Khan | Methods, systems and computer readable media for over the air (ota) provisioning of soft cards on devices with wireless communications capabilities |
US20130124349A1 (en) * | 2011-11-03 | 2013-05-16 | Mastercard International Incorporated | Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device |
US20130344807A1 (en) * | 2005-12-16 | 2013-12-26 | Broadcom Innovision Limited | Communications Devices Comprising NFC Communicators |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1166238B1 (en) * | 1999-04-07 | 2003-09-10 | Swisscom Mobile AG | Method and system for ordering, loading and using access tickets |
US20020065713A1 (en) * | 2000-11-29 | 2002-05-30 | Awada Faisal M. | Coupon delivery via mobile phone based on location |
KR20030072852A (en) * | 2002-03-07 | 2003-09-19 | 인터내셔널 비지네스 머신즈 코포레이션 | system and method for purchasing and validating electronic tickets |
FR2950450B1 (en) * | 2009-09-18 | 2013-10-11 | Oberthur Technologies | METHOD OF VERIFYING THE VALIDITY OF AN ELECTRONIC PARKING TICKET. |
-
2014
- 2014-09-02 FR FR1458202A patent/FR3025377A1/en not_active Withdrawn
-
2015
- 2015-09-01 US US15/508,152 patent/US20170286873A1/en not_active Abandoned
- 2015-09-01 WO PCT/FR2015/052314 patent/WO2016034810A1/en active Application Filing
- 2015-09-01 EP EP15767215.5A patent/EP3189485A1/en not_active Ceased
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1439495A1 (en) * | 2003-01-17 | 2004-07-21 | Siemens Aktiengesellschaft | Electronic ticket, system and method for issuing electronic tickets, and devices and methods for using and performing operations on electronic tickets |
US20130344807A1 (en) * | 2005-12-16 | 2013-12-26 | Broadcom Innovision Limited | Communications Devices Comprising NFC Communicators |
US20120254030A1 (en) * | 2006-09-01 | 2012-10-04 | Mohammad Khan | Methods, systems and computer readable media for over the air (ota) provisioning of soft cards on devices with wireless communications capabilities |
DE102010017861A1 (en) * | 2010-04-22 | 2011-10-27 | Giesecke & Devrient Gmbh | Method for handling electronic tickets |
US20120244805A1 (en) * | 2011-03-21 | 2012-09-27 | Nokia Corporation | Method and apparatus for battery with secure element |
US20130124349A1 (en) * | 2011-11-03 | 2013-05-16 | Mastercard International Incorporated | Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device |
Non-Patent Citations (2)
Title |
---|
LANGER ET AL: "Anwendungen und Technik von Near Field Communication (NFC)", 31 December 2010 (2010-12-31), XP055641202, Retrieved from the Internet <URL:http://babylon.internal.epo.org/projects/babylon/evl.nsf/0/AAAB25117F1D5E12C1257C850055AEBE/$FILE/Anwendungen-und-Technik-von-Near-Field-Communication-NFC-German-Edition.pdf> [retrieved on 20191111] * |
See also references of WO2016034810A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2016034810A1 (en) | 2016-03-10 |
FR3025377A1 (en) | 2016-03-04 |
US20170286873A1 (en) | 2017-10-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3189485A1 (en) | Electronic ticket management | |
EP3085133B1 (en) | System and method for providing a service to the user of a mobile terminal | |
EP2741466B1 (en) | Method and system for managing a built-in secured element eSE | |
WO2016110589A1 (en) | Method of processing a transaction from a communication terminal | |
CA2941313C (en) | Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal | |
EP1687953A2 (en) | Method for the authentication of applications | |
FR2989799A1 (en) | METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE | |
EP3857413A1 (en) | Method for processing a transaction, device, system and corresponding program | |
WO2015059389A1 (en) | Method for executing a transaction between a first terminal and a second terminal | |
WO2016207715A1 (en) | Secure management of electronic tokens in a cell phone | |
EP3110190B1 (en) | Method and device for managing contactless applications | |
EP4125240A1 (en) | Pre-personalised secure element and integrated personalisation | |
EP4078922B1 (en) | Method for obtaining a command relating to a network access profile of an euicc security module | |
EP2471237B1 (en) | Mobile electronic device configured to establish secure wireless communication | |
WO2020128240A1 (en) | Processing of an electronic ticket service | |
EP2911365B1 (en) | Method and system for protecting transactions offered by a plurality of services between a mobile device of a user and an acceptance point | |
EP3371760A1 (en) | Method for verifying identity during virtualization | |
WO2017005644A1 (en) | Method and system for controlling access to a service via a mobile media without a trusted intermediary | |
WO2020148492A1 (en) | Authorization for the loading of an application onto a security element | |
EP4348459A1 (en) | Method for processing a transaction, device and corresponding program | |
FR3081246A1 (en) | METHOD FOR MAKING A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM | |
WO2016051059A1 (en) | Method of protecting a mobile terminal against attacks | |
WO2013045793A1 (en) | Method of distributing contents, device for obtaining and computer program corresponding thereto | |
FR2998398A1 (en) | Method for activating on-line payment service from e.g. near field communication integrated tablet personal computer, involves starting subscription process by administration server from unique identifier if checking of sign is positive |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170403 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20191118 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20220217 |