ITSO Smart ticketing is a system that electronically stores a travel ticket on a microchip, which is then usually embedded on a smartcard. An ITSO smartcard could allow passengers of public transport to seamlessly hop on and off buses, trams or trains without having to use traditional payment systems like cash or a purchasing a paper ticket.
The contactless smartcard is scanned by the transport operator either at a static or handheld ticket machine, or barrier, to authorize your travel.
Smart ticketing puts the passenger first and is seen as one of the factors which encourages people to use public transport because it is:
- Convenient - does away with the need for cash
- Flexible - tickets can be brought in advance and online
- Quicker - can decrease the time it takes to board transport, thereby improving punctuality
- Easy to use - can be used throughout a door-to-door journey on different modes of transport
Transport providers use the ITSO Specification to develop smart ticketing schemes for the national, government-funded English National Concessionary Travel Scheme (ENCTS) as well as for their commercial smart ticketing schemes. The smartcard might be called Swift, Pop, The Key or Stagecoach Smart, but the IT Specification behind it is ITSO.
By using the same ITSO Specification, transport operators can ensure that their fare charging systems speak the same language. So, no matter which form of transport you are travelling on, which operator is providing it, or where you are in the UK, in theory, one ITSO smartcard could be used for end-to-end journeys. In some areas of the country, ITSO-based smart ticketing scheme means that your smartcard is valid no matter whose bus you get on, because operators are working together to offer what is known as multi-operator tickets.
The technology behind ITSO
All ITSO-compliant systems rely on ISAMs (ITSO Secure Application Modules) which are secure electronic data processing modules, the size of a mobile phone SIM card. These check the card holders’ permissions, authenticate and validate their electronic tickets, and store journey data for further processing.
The ISAM communicates with the back office system (HOPS or Host Operator or Processing System) through another security device called an HSAM (HOPS Secure Application Module).
The overarching security application module in a system is known as the Primary HSAM or PHSAM.
ISAMs are inserted into railway ticketing gates and machines, or on bus, tram or ferry ticketing machines. They can also reside within handheld ticketing machines used by bus or train ticket inspectors, or be used in toll systems such as on bridges or in transport tunnels.
When an operator sets up an ITSO system, the ISAMs are profiled using the ITSO Security Management System (ISMS) which is run by ITSO Limited. This is the central part of the ITSO Security Sub System which acts as the ‘keeper of the keys’, managing the provision of data access keys to the secure devices (ISAMs) in ticketing machines and barriers.
The electronic wallet within a smartcard that contains electronic tickets for ITSO-compliant schemes, similar to an ‘app’ on a smartphone, is known as a shell. The shell can be programmed to be read by machines to say ‘yes this person has enough money on the card to pay for this ticket’, or ‘yes this person is a railway season ticket holder for this route’. This is programmed by individual transport operators to reflect their individual tickets and prices.
ITSO Limited only provides the services of the ISMS. It does not offer smartcards, ticketing machines or HOPS services. These are provided by suppliers whose equipment is tested and certified by ITSO to ensure it can run ITSO-compliant schemes.
Whilst we try to ensure that we use plain English as much as possible, we appreciate that there are many technical aspects of ITSO. A dictionary of ITSO definitions can be found here.
ITSO SAM certification to the security assurance “Common Criteria” (CC) evaluation standard EAL4+, Protection Profile 9911
Certificate (2005/38) issued by DCSSI, 24 November 2005
The common criteria standard is a multipart framework that is used as the basis for the evaluation of security properties of IT products and systems in market sectors such as the Military, Aerospace and Finance industries worldwide.
Within each of these industries there are specific product “protection profiles” that are internationally recognized as applicable to particular products. For Smartcard based products, the relevant Protection Profile for the ITSO SAM is designated PP9911, which includes the silicon, the underlying Operating System, and the Application.
In completing the certification process using the appropriate Protection Profile, you are gaining approval by an independent and recognized authority that your entire product is as secure as you need or claim it to be.
The Common Criteria standard (currently at v2.2) harmonizes several older security assurance standards, namely ITSEC (The European Information Technology Security Evaluation Criteria), CTCPEC (Canadian Criteria) and US Federal Criteria (FC) into one Common Criteria for Information Technology Security Evaluation (CC) and for stating security requirements in a standardized way. Increasingly it is replacing national and regional criteria with a worldwide set accepted by the International Standards Organization in ISO15408.
More information on Common Criteria can be downloaded here.