Mass Transit Ticketing with NFC Mobile Phones

  • Jan-Erik Ekberg
  • Sandeep Tamrakar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7222)


Mass transport ticketing with mobile phones is already deployed in many metropolitan areas, but current solutions and protocols are not secure, and they are limited to one-time or fixed-time ticketing in non-gated transport systems. The emergence of NFC-enabled phones with trusted execution environments makes it possible to not only integrate mobile phone ticketing with existing and future transport authority ticket readers, but also to construct secure protocols for non-gated travel eliminating many associated possibilities for ticketing fraud. This paper presents an architecture and implementation for such a system.


Smart Card Short Message Service User Device Transaction Time Current Counter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Smart Card Alliance. Transit and contactless financial payments: New opportunities for collaboration and convergence. A Smart Card Alliance Transportation Council White Paper (October 2006), (accessed: August 2011)
  2. 2.
    Anderson, R., Bond, M., Choudary, O., Murdoch, S.J., Stajano, F.: Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 220–234. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    ARM. Technical reference manual: Arm 1176jzf-s (trustzone-enabled processor),
  4. 4.
    Brakewood, C.E.: Contactless prepaid and bankcards in transit fare collection systems. Master’s thesis, Massachusetts Institute of Technology (2010),
  5. 5.
    Coron, J.-S., Naccache, D., Stern, J.: On the Security of RSA Padding. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 1–18. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    de Koning Gans, G., Hoepman, J.-H., Garcia, F.: A Practical Attack on the MIFARE Classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008), 10.1007/978-3-540-85893-5_20CrossRefGoogle Scholar
  7. 7.
    Ekberg, J.-E., Kylanpaa, M.: Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007),
  8. 8.
    EMV. Integrated Circuit Card Specifications for Payment System. Version 4.2, EMVCo (2008)Google Scholar
  9. 9.
    EMV. Contactless Specifications for Payment System. Version 2.1, EMVCo (2011)Google Scholar
  10. 10.
    NFC Forum. Logical Link Control Protocol. NFCForum-TS-LLCP_1.0, Technical Specification (2009) Google Scholar
  11. 11.
    Ghiron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: Nfc ticketing: A prototype and usability test of an nfc-based virtual ticketing application. In: First International Workshop on Near Field Communication, NFC 2009, pp. 45–50 (February 2009)Google Scholar
  12. 12.
    ISO/IEC 14443. Identification cards – Contactless integrated circuit cards – Proximity cards. ISO, Geneva, Switzerland (2008)Google Scholar
  13. 13.
    ISO/IEC 18092:2004. Information technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol (NFCIP-1), 1st edn., ISO, Geneva, Switzerland (2004)Google Scholar
  14. 14.
    ISO/IEC 21481:2005. Information technology – Telecommunications and information exchange between systems – Near Field Communication Interface and Protocol -2 (NFCIP-2), 1st edn., Geneva (2005)Google Scholar
  15. 15.
    ISO/IEC 7812-1:2006. Identification Cards - Idnetification of issuers - Part 1: Numbering system, 3rd edn., ISO, Geneva (2006)Google Scholar
  16. 16.
    ISO/IEC 7816-4:2005. Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange, 2nd edn., ISO, Geneva, Switzerland (2005)Google Scholar
  17. 17.
    KooMan, F.: Using mobile phones for public transport payment. Master’s thesis, Radboud University Nijmegen (2009)Google Scholar
  18. 18.
    Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 104–115. ACM, New York (2009)Google Scholar
  19. 19.
    Lau, P.S.C.: Developing a contactless bankcard fare engine for transport for london. Master’s thesis, Massachusetts Institute of Technology (2009),
  20. 20.
    Luptak, P.: Public transport sms ticket hacking. Presented in Hacking at Random (2009),
  21. 21.
    Mayes, K.E., Markantonakis, K., Hancke, G.: Transport ticketing security and fraud controls. Information Security Technical Report 14(2), 87–95 (2009); Smart Card Applications and SecurityCrossRefGoogle Scholar
  22. 22.
    Mehta, S.: Analysis of future ticketing scenarios for transport for london. Master’s thesis, Massachusetts Institute of Technology (June 2006),
  23. 23.
    Parno, P., Lorch, J., Douceur, J., Mickens, J., McCune, J.: Memoir: Practical state continuity for protected modules. In: IEEE Symposium on Research in Security and Privacy (2011)Google Scholar
  24. 24.
    Global platform. Globalplatform card specification v2.2.1 (2011),
  25. 25.
    Srage, J., Azema, J.: M-Shield mobile security technology. TI White paper (2005),
  26. 26.
    Wilcox, H.: Mobile ticketing: Transport, sport, entertainment event 2008-2013. Technical report, Juniper Research (October 2008), (accessed: July 2011)

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jan-Erik Ekberg
    • 1
  • Sandeep Tamrakar
    • 1
  1. 1.Nokia Research CenterHelsinkiFinland

Personalised recommendations