A Secure Architecture for Electronic Ticketing Based On the Portuguese e-ID Card
Crocker, P.
; Nicolau, VN
A Secure Architecture for Electronic Ticketing Based On the Portuguese e-ID Card, Proc European Conf. on Information Warfare and Security - ECIW, Talin, Estonia, Vol. 10, pp. 38 - 50, July, 2011.
Digital Object Identifier:
Abstract
The current state of the art for electronic ticketing is based around a mobile concept, where the diverse players involved, clients, payment agents, mobile operators and merchants, often have different and competing needs in terms of technology and very often security. In this paper we shall discuss and analyse the security of current electronic ticketing, payment, delivery and authenticating systems and show that today’s new payment system has the mobile operator as a central player and the mobile phone, giving its undisputed role in today’s society, as a central agent. We shall then propose and describe a new innovative architecture for electronic ticketing that makes use of the Portuguese national electronic identity (e-ID) card as a fundamental aspect of the security of the ticketing architecture. This architecture is combined with the latest technologies such as NFC enabled mobile handsets. We shall describe the potentialities of our architecture to store electronic tickets, in the form of QR-Codes, in a secure way. We shall also how the proposed architecture permits flexible authenticating scenarios for the e-tickets based on the different levels of security which may be required for any given scenario. Different scenarios range from low level and rapid authentication for mass transit system to the stronger authentication level required for the delivery of high value items and to the stringent security required at border controls. The flexibility and secure authentication is made available due to the cryptographic PIN and biometric authentication available on national and in particular Portuguese National e-ID cards.