Secure Communication between Web Browsers and NFC Targets by the Example of an e-Ticketing System

  • Gerald Madlmayr
  • Peter Kleebauer
  • Josef Langer
  • Josef Scharinger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5183)


Near Field Communication (NFC) is a radio frequency (RF) based proximity coupling technology allowing transactions within a range of up to 10 cm. Using NFC technology for transactions like payment or ticketing in the real world brings a great benefit in terms of time savings, usability and process optimization. Therefore we propose an e-ticketing system making use of this proximity technology especially focusing on security aspects of the system as well as the distribution of the tickets.

While other systems rely on ticket distribution via SMS or home-printing a paper ticket, our approach is based on a browser plug-in in combination with a contactless RFID reader at the client side. This installation is used to transfer the e-ticket from a ticket server to the user’s PC client and to write the ticket over the proximity interface into the secure element of the NFC target. Thus an NFC target, a contactless smartcard or an NFC enabled mobile phone, can be used as a secure token. With this implementation we are able to bridge the gap between electronic internet transactions and the physical world in a secure way. Also the validation of the ticket at the point-of-access is based on this contactless technology. Our findings provide practical implications to implement web applications using NFC technology successfully.


Mobile Phone Trusted Third Party Near Field Communication Mobile Network Operator Mobile Payment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    International Organization for Standardization: Near Field Communication - Interface and Protocol (NFCIP-1). ISO/IEC 18092 (2004)Google Scholar
  2. 2.
    Madlmayr, G., Ecker, J., Langer, J., Scharinger, J.: Near field communication: State of standardization. In: Michahelles, F. (ed.) Proceedings of the International Conference on the Internet of Things 2008, ETH Zürich, vol. 1(1), p. 6 (03 2008)Google Scholar
  3. 3.
    ABI Research: Near Field Communications (NFC) - Leveraging Contactless for Mobile Payments, Content and Access. Research Report (01 2007) Report Code: RR-NFCGoogle Scholar
  4. 4.
    Kunkat, H.: NFC und seine Pluspunkte. Electronic Wireless 01, 4–8 (2005)Google Scholar
  5. 5.
    International Organization for Standardization: Proximity cards. ISO/IEC 14443 (2003)Google Scholar
  6. 6.
    Hancke, G.P.: A Practical Relay Attack on ISO 14443 Proximity Cards. Technical report, University of Cambridge Computer Laboratory (2005),
  7. 7.
    Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in first-generation RFID-enabled credit cards. In: FC 2007, vol. 11, pp. 1–22 (2007)Google Scholar
  8. 8.
    Stroh, S., Schneiderbauer, D., Amling, S., Kreft, C.: Next Generation eTicketing, 1st edn. Booz Allen Hamilton (01 2007)Google Scholar
  9. 9.
    Transport for London: The oyster card (02 2008) (last visited, 02/27/2008),
  10. 10.
    Xu, H., Teo, H.H., Wang, H.: Foundations of SMS commerce success: lessons from SMS messaging and co-opetition. HICSS, 90 (01 2003)Google Scholar
  11. 11.
    Mallat, N., Rossi, M., Tuunainen, V.K., rni, A.: The impact of use situation and mobility on the acceptance of mobile ticketing services. HICSS 2, 42b (2006)Google Scholar
  12. 12.
    Mobile Electronic Transactions Ltd. Keilalahdentie 2-4, 02150 Finnland: MeT White Paper on Mobile Ticketing. 1.0 edn. (01 2003)Google Scholar
  13. 13.
    Zmijewska, A.: Evaluating Wireless Technologies in Mobile Payments - A Customer Centric Approach. In: Proceedings of the International Conference on Mobile Business (ICMB 2005), USA, vol. 04, pp. 354–362. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  14. 14.
    Atkinson, J.: Contactless Credit Cards Consumer Report 2006 (04 2006),
  15. 15.
    Aigner, M., Dominikus, S., Feldhofer, M.: A System of Secure Virtual Coupons Using NFC Technology. PerComW 5, 362–366 (2007)Google Scholar
  16. 16.
    Giesecke and Devrient Munich, Germany: White Paper: Bearer Independent Protocol (BIP). 1.0 edn. (2006)Google Scholar
  17. 17.
    Bishwajit, C., Juha, R.: Mobile Device Security Element. Mobey Forum, Satamaradankatu 3 B, 3rd floor 00020 Nordea, Helsinki/Finland (02 2005)Google Scholar
  18. 18.
    Feng, B., Anantharaman, L., Deng, R.: Design of portable mobile devices based e-payment system and e-ticketing system with digital signature. ICII 6, 7–12 (11 2001)Google Scholar
  19. 19.
    GSMA London Office 1st Floor, Mid City Place, 71 High Holborn, London WC1V 6EA, United Kingdom: mobile NFC technical guidelines. 2.0 edn. (04 2007) 1st RevisionGoogle Scholar
  20. 20.
    SmartTrust Inc.: Whitepaper - Mobile Authentication. Revision: B edn. (02 2004) BD 04-0041Google Scholar
  21. 21.
    Su, S.L., Garg, H.: Designing SMS applications for public transport service system in Singapore. ICCS 2, 706–710 (2002)Google Scholar
  22. 22.
    Noll, J., Calvet, J.C.L., Myksvoll, K.: Admittance Services through Mobile Phone Short Messages. ICWMC 1, 77 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Gerald Madlmayr
    • 1
  • Peter Kleebauer
    • 1
  • Josef Langer
    • 1
  • Josef Scharinger
    • 2
  1. 1.University of Applied Sciences Hagenberg 
  2. 2.Johannes Kepler University Linz 

Personalised recommendations