Components of smart ticketing
Security modules and system (ISAMs and ISMS) that protect every transaction through encryption and authentication.
ITSO Specification Parts 0 - 11
Part 0 of the ITSO Specification provides an overview of how the ITSO standard works. It is an introductory section designed to help readers understand the structure, purpose and architecture of the wider specification.
Unlike the technical parts, it explains the key ideas and brings together summaries of the other sections to show how everything fits together, for example it describes the Three Layer Model - separating the customer’s card or device, the ITSO Shell (the application on the card), and the ticket or product stored within it.
In short, Part 0 sets the scene for the rest of the ITSO Specification and helps readers understand the bigger picture.
- Explains overall architecture
- Summarises the security section
- Summarises terminals and back office systems
- Introduces important concepts such as security keys
Part 1 provides the common language and core rules that underpin the entire ITSO Specification.
It ensures that every other part of the Specification uses consistent terminology, data structures and technical references across the ITSO environment.
In short, Part 1 creates the shared technical foundation that allows the ITSO Specification to operate as a coherent, interoperable standard.
- Contains the master glossary of terms
- Defines core concepts such as Customer Media (CM) and ITSO Product Entities (IPEs)
- Establishes the ITSO data structures used throughout the Specification
- Outlines the scope of Parts 2 through to 11
It establishes the architectural rules that determine how data is organised within the ITSO environment, ensuring consistent storage and interpretation across certified devices.
In short, Part 2 sets the structural framework for how ITSO products and transaction data are held securely on the card.
- Defines the ITSO shell and how it sits on Customer Media
- Specifies core data groups including products, directory and transaction logs
- Establishes the standard data building blocks
- Describes memory management and data integrity
Part 3 defines the requirements for ITSO Point of Service Terminals (POSTs) - the devices used to read, validate, sell or update tickets on Customer Media.
It ensures that all certified terminals interact with cards, back-office systems and security modules in a consistent and secure way.
In short, Part 3 sets the rules for how ITSO smartcards are processed in real-world environments such as buses, ticket machines and retail locations.
- Defines how terminals read Customer Media
- Specifies how terminals communicate securely
- Sets rules for interaction with the ITSO Secure Application Module (ISAM)
- Establishes functional and accessibility requirements
Part 4 defines the requirements for the ITSO back office, known as the Host Operator or Processing System (HOPS).
The HOPS is responsible for processing transactions, managing products and accounts, and maintaining the security of the ITSO environment.
In short, Part 4 sets out how ITSO data is received, validated, stored and acted upon within the back office.
- Defines core functions required by every compliant HOPS
- Specifies the mandatory security used to manage keys and protect transactions
- Establishes account management for Shells and Products
- Defines how HOPS communicate with other components of an ITSO Scheme
Part 5 defines the detailed content and formatting rules for ITSO ticketing products and transaction records stored on Customer Media.
Where Part 2 establishes the structural framework of the ITSO Shell, Part 5 specifies exactly what data is held within that structure. It provides the formal definitions for ITSO Product Entities (IPEs), value records and transaction logs, ensuring that products behave consistently wherever they are used.
In short, Part 5 is the definitive reference for how ITSO tickets are defined, stored and operated.
- Defines the standard ITSO Product Entities (IPEs), ie period passes and entitlement products
- Specifies how dynamic data is recorded
- Defines transient transaction records used for journey logging and tap in/out
- Aligns ITSO product data with recognised external standards
Part 6 defines the structure and content of ITSO application messages - the communications exchanged between Customer Media, terminals (POSTs), HOPS and the ITSO Security Management Service (ISMS).
It sets out how transaction data, configuration updates and acknowledgements are formatted and transmitted, ensuring secure and lossless communication across the ITSO environment.
In short, Part 6 defines the language of the ITSO network, defining exactly how devices talk to each other and what data fields are exchanged during every possible system event.
- Defines transaction record messages generated by terminals, reporting sales, usage, updates and exceptions
- Specifies configuration messages such as Hotlists and Actionlists
- Establishes key messages to support secure, lossless data transmission
- Defines data encoding rules and structured data objects used for message exchange
Part 7 is one of the most important parts architecturally. It defines the ITSO Security Subsystem - the cryptographic framework that protects data across the entire ITSO environment.
It sets out the rules governing the ITSO Secure Application Module (ISAM), which operates within terminals and back-office systems to ensure that products, transactions and messages are secure and trusted.
In short, Part 7 defines how ITSO maintains the integrity, authenticity and confidentiality of ticketing data.
- Establishes the security architecture used to protect Customer Media, terminals and back-office systems
- Defines the mandatory transaction sequence enforced by the ISAM to prevent fraud
- Specifies authority controls that determine which products and organisations a device is permitted to transact with
- Defines the roles and behaviour of security modules in both POSTs and HOPS environments
Part 8 provides the detailed operational specification for the ITSO Secure Application Module (ISAM).
Part 8 sets out the technical implementation guidance for integrating and operating the ISAM within terminals and back-office systems.
In short, Part 8 contains the detailed technical instructions required to implement ITSO security in certified equipment.
- Defines how systems interact with the ISAM
- Specifies configuration and authority controls
- Describes operational modes for different deployment environments
- Provides detailed implementation guidance for secure transaction processing
Part 9 defines how ITSO application messages are transported between terminals (POSTs), back-office systems (HOPS) and the ITSO Security Management Service (ISMS).
While Part 6 specifies the structure and content of messages, Part 9 sets out the rules for how those messages are transmitted reliably and securely across the ITSO network.
In short, Part 9 defines the communication framework that connects all parts of an ITSO scheme.
- Establishes the principles of secure, lossless data transmission between ITSO systems
- Defines message packaging, routing and acknowledgement rules
- Categorises application messages according to their purpose and security requirements
- Specifies the transport protocols and network arrangements
Part 10 defines how ITSO data is physically implemented on supported smartcard and media platforms.
While Part 2 describes the logical structure of the ITSO Shell, Part 10 maps that structure onto specific card technologies. It ensures that terminals know exactly how to locate, read and update ITSO data across different media types.
In short, Part 10 ensures that ITSO works consistently across a range of approved smartcard platforms.
- Defines how ITSO data structures are mapped onto supported smartcard technologies
- Specifies the physical interfaces, memory layouts and command interactions for media types
- Distinguishes between full and compact ITSO Shell implementations depending on media capability
- Defines platform-specific security and data integrity protections
Part 11 defines the requirements for Remote POSTs - ITSO-compliant terminals where components such as the user interface, secure processing and card reader may be physically separated.
While Part 3 defines integrated terminals (such as bus ticket machines or gates), Part 11 adapts those requirements for distributed environments, including web-based retailing and remotely connected devices.
In short, Part 11 enables ITSO functionality to operate securely in networked and remote environments.
- Defines the architecture for distributed or network-based terminals
- Distinguishes between public and private Remote POST implementations
- Adapts standard POST functional requirements for remote environments
- Specifies secure interfaces between business logic, security modules and back-office systems
-
ITSO Specification
Solution outcome
When combined with certified systems and operated under an ITSO licence, the Specification creates a fully ITSO Compliant Scheme: a complete, operational ticketing solution that is secure, interoperable, and trusted nationwide.