The future of ticketing: ITSO?

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
But maybe there's a way of using the NFC function of suitably equipped phones to "scan" the QR code on a smartcard reader?
Yes...

You can add e-tickets to your phone wallet which will then allow you to present the Aztec code on your phone to the reader.

Or...


but your journey might be an hour quicker because you didn't miss the train because of a long at the ticket machine.
...you can buy a ticket and have it instantly delivered to your phone as an ITSO ticket, which you then just present via NFC. Simple.

NO !!! nor a debit / credit card
With the greatest respect, you are increasingly in the minority. Whilst I appreciate that ticketing needs to remain accessible for all, it cannot stand still for the minority who are not digitally enabled. It will, necessarily, become more inconvenient for those people who wish to still pay cash for a physical ticket at a ticket office.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

HSTEd

Veteran Member
Joined
14 Jul 2011
Messages
11,726
Aztec codes are clearly a suboptimal solution, they are slow and annoying to the passenger and thus clog up movement through the ticket gates.


When MiFARE cards are under 35p in quantities the railway would be buying there seems to be little reason not to simply put a 30p return bounty on tickets and just issue one with every single "physical" ticket.
 

jon0844

Veteran Member
Joined
1 Feb 2009
Messages
24,493
Location
UK
FWIW I think barcode tickets are a step backwards given that they take a moment to scan. Even using an e-ticket on a mobile phone is slower than using an old magstripe ticket. In this age of NFC technology, there's really no excuse for making passengers scan a QR code at a ticket gate.
I agree a smartcard or phone is the future, but they offer a 'backup' for those who don't want to, or cannot, use smarter technology options. If you don't want TVMs dispensing disposable smartcards, then the barcode is the next thing - and barcodes sent via email are pretty simple and understood by anyone who has booked cinema/theatre tickets and so on.

I cannot see barcodes being massively used on suburban rail services, but for intercity services they are pretty convenient and those stations likely have better facilities to cope.
 

Wallsendmag

Established Member
Joined
11 Dec 2014
Messages
2,310
Location
Wallsend or somewhere on the ECML
I cannot see barcodes being massively used on suburban rail services, but for intercity services they are pretty convenient and those stations likely have better facilities to cope.
That's the problem, we don't currently have a one size fits all solution. So we cover all bases and let the customer decide which flavour of smart they want.
 

squizzler

Established Member
Joined
4 Jan 2017
Messages
1,386
Location
Jersey, Channel Islands
Would the secret of a "National Oyster" type scheme be to create the equivalent of London Fare Zones bespoke to cardholders' own addresses?

If the ITSO card has to be sent to a confirmed address, it would be easy to generate automatically a zonal fares map centred on that address. The zones could be stretched in rural areas and shrunk in dense urban areas to reflect demand for travel (so, if you live at the edge of a town, the fare bands on the country side could be wider than those in the urban direction). This could all be generated algorithmically by mapping software, and means the fares map is centred on your own house.

Whilst not that knowledgeable on London Transport, the London fares map has apparently been successful, and provides an (admittedly imperfect) relationship between distance travelled and fare paid, whilst being also a simple and easy to comprehend visual tool. Arguably it is part of the same package of frictionless transport usage of which the contactless payment method is merely part.

Obviously it would be equally possible to produce an electronic version that generates its concentric fares bands around the registered address of your mobile phone, smart-watch, etc.
 
Last edited:

Kilopylae

Member
Joined
9 Apr 2019
Messages
170
Location
South-west England
Would the secret of a "National Oyster" type scheme be to create the equivalent of London Fare Zones bespoke to cardholders' own addresses?

If the ITSO card has to be sent to a confirmed address, it would be easy to generate automatically a zonal fares map centred on that address. The zones could be stretched in rural areas and shrunk in dense urban areas to reflect demand for travel (so, if you live at the edge of a town, the fare bands on the country side could be wider than those in the urban direction). This could all be generated algorithmically by mapping software, and means the fares map is centred on your own house.
I'm sure there are computing reasons beyond my knowledge that would render this non-trivial, and given that it represents a complete overhaul of the fares system (that would effectively abolish advance tickets, discounts for certain routes, split ticketing, routeing, ... , as we currently understand them), it seems very unlikely that would actually ever happen.

That said, it's a good idea. The convenience of being able just to tap in and tap out for walk-up journeys, as in London, would increase my own personal likelihood to travel by train, and that's speaking as someone with a very high tolerance for ticketing faff. I'm sure it wouldn't be too big of a leap to allow for cheaper advance tickets to be loaded onto the card from a device or (less preferably) at something analogous to an Oyster top-up point.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
MiFARE Classic is perhaps the worst possible product you could use.

See: https://www.sciencedirect.com/science/article/abs/pii/S1363412710000348

--

I'm a little confused as to why the issue of loading tickets onto devices or giving people disposable smartcards keeps coming up.

Most people have a phone. Issue the ticket to their phone (either as an ITSO ticket, or an e-ticket).

For those that don't, they can use an ITSO smartcard (just like many people do today), or a PRT/printed e-ticket. They will be in the minority.

I don't see why we need to make it complicated?
 

Meerkat

Established Member
Joined
14 Jul 2018
Messages
4,501
MiFARE Classic is perhaps the worst possible product you could use.

See: https://www.sciencedirect.com/science/article/abs/pii/S1363412710000348

--

I'm a little confused as to why the issue of loading tickets onto devices or giving people disposable smartcards keeps coming up.

Most people have a phone. Issue the ticket to their phone (either as an ITSO ticket, or an e-ticket).

For those that don't, they can use an ITSO smartcard (just like many people do today), or a PRT/printed e-ticket. They will be in the minority.

I don't see why we need to make it complicated?
Maybe because some non-millenials are a bit cautious about flashing around a personal item worth several hundred quid? I would rather drop a train ticket than my phone as I try to rush for a train (and it’s a lot easier to hold a ticket/card in your teeth or a hand that is also carrying multiple bits of luggage)
 

squizzler

Established Member
Joined
4 Jan 2017
Messages
1,386
Location
Jersey, Channel Islands
I'm sure there are computing reasons beyond my knowledge that would render this non-trivial, and given that it represents a complete overhaul of the fares system (that would effectively abolish advance tickets, discounts for certain routes, split ticketing, routeing, ... , as we currently understand them), it seems very unlikely that would actually ever happen.
Perhaps when I said "national Oyster" I meant that anybody living in GB can make their local journeys using an Oyster-like system of tap-to-pay using an easy to comprehend fare zone map bespoke to their home address rather than it being for any journey within the UK. Presumably for long distance travel it would still be possible to get a better deal (and seat reservation) using advance fares.
 

35B

Member
Joined
19 Dec 2011
Messages
562
Perhaps when I said "national Oyster" I meant that anybody living in GB can make their local journeys using an Oyster-like system of tap-to-pay using an easy to comprehend fare zone map bespoke to their home address rather than it being for any journey within the UK. Presumably for long distance travel it would still be possible to get a better deal (and seat reservation) using advance fares.
I'd love to see a zone map centred round me that copes with the seemingly random distances between stations and very different service patterns provided by EMR and LNER (I'll ignore Hull Trains for now). Zonal fares work ok in built up areas where the distortions aren't too extreme. Deep in the country, and I have serious doubts.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
58,278
Location
"Marston Vale mafia"
Maybe because some non-millenials are a bit cautious about flashing around a personal item worth several hundred quid? I would rather drop a train ticket than my phone as I try to rush for a train (and it’s a lot easier to hold a ticket/card in your teeth or a hand that is also carrying multiple bits of luggage)
Which is why e-ticketing is the way to go. I use my phone, you use a piece of paper. No problem.

Smartcards are tech from 20 years ago.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
Which is why e-ticketing is the way to go. I use my phone, you use a piece of paper. No problem.

Smartcards are tech from 20 years ago.
I think we actually may not disagree as much as we think @Bletchleyite. I would like to see an end to people carrying around additional pieces of plastic, unnecessarily.

I'm not (although it may not seem like it!) that attached to ITSO in itself.

My primary objection to e-tickets is:
- they are not interoperable with other modes of transport
- they do not actually encode that much data and are 'one shots' (eg. you can't top up and use a balance, or get a season ticket via them)
- you have to scan them (which is slow)

There are very practical challenges to issuing season tickets via Aztec codes. The reason smartcards *are* still very relevant is they carry out 'trusted computing' - you can do cryptographic challenge response. This means you can verify you have the genuine smartcard, with the genuine ticket - not a copy or duplicate. Smartcards have been tested to death now (I did my degree at the university which did a lot of the original research into them!) and we know they are reasonably secure.

There is no way to do that with an optical code (as is currently designed), as there is no two way data transfer. So yes, you can verify that the Aztec code is valid (perhaps it is signed) and it exists in a database, but it is not possible to verify that it is not a copy or duplicate.

This essentially precludes issuing any kind of 'roving' ticket (season, Travelcard, Ranger, Rover, top up) via them, as you cannot guarantee that it's only that person using the e-ticket (without some very complex anti-fraud calculations that would be full of holes and edge cases); whereas you can with a single/return (since you should only go through the originating gateline once, etc).

You could, I suppose, make them 'live' codes which contain a rotating OTP derived from a key, but I've not seen an example of that (I'm not sure how the m-tickets work. I haven't seen the spec for them, so if anyone would like to share it I would appreciate a copy :) )
 

Wallsendmag

Established Member
Joined
11 Dec 2014
Messages
2,310
Location
Wallsend or somewhere on the ECML
There is no way to do that with an optical code (as is currently designed), as there is no two way data transfer. So yes, you can verify that the Aztec code is valid (perhaps it is signed) and it exists in a database, but it is not possible to verify that it is not a copy or duplicate.

This essentially precludes issuing any kind of 'roving' ticket (season, Travelcard, Ranger, Rover, top up) via them, as you cannot guarantee that it's only that person using the e-ticket (without some very complex anti-fraud calculations that would be full of holes and edge cases); whereas you can with a single/return (since you should only go through the originating gateline once, etc).

You could, I suppose, make them 'live' codes which contain a rotating OTP derived from a key, but I've not seen an example of that (I'm not sure how the m-tickets work. I haven't seen the spec for them, so if anyone would like to share it I would appreciate a copy :) )
I take it that you haven't heard of an eTVD Electronic Ticket validation Database) ? It holds details of where and when and by what each barcoded ticket was scanned.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
I take it that you haven't heard of an eTVD Electronic Ticket validation Database) ? It holds details of where and when and by what each barcoded ticket was scanned.
I haven't heard of it by name, I assumed it existed.

As I said, I think would be difficult and computationally expensive to run anti-fraud checks in the "authorisation loop" when you're scanning your ticket at the gate, working out whether it's possible for you to be at that gateline, based on your previous journey history. Plus, prone to error (clock skew, anyone?), particularly within London where tolerances would be very tight as things are very close together.

You could do it in the background, sure, but that would be reactive.

---

Essentially, it's a very different threat model. At the moment, the thread model is we trust the validity of paper tickets and smartcards intrinsically (the latter because the 'unique' magstripe is hard to forge, the latter because we can cryptographically prove it is genuine).

You cannot trust an e-ticket in the same way.
 

Wallsendmag

Established Member
Joined
11 Dec 2014
Messages
2,310
Location
Wallsend or somewhere on the ECML
I haven't heard of it by name, I assumed it existed.

As I said, I think would be difficult and computationally expensive to run anti-fraud checks in the "authorisation loop" when you're scanning your ticket at the gate, working out whether it's possible for you to be at that gateline, based on your previous journey history. Plus, prone to error (clock skew, anyone?), particularly within London where tolerances would be very tight as things are very close together.

You could do it in the background, sure, but that would be reactive.

---

Essentially, it's a very different threat model. At the moment, the thread model is we trust the validity of paper tickets and smartcards intrinsically (the latter because the 'unique' magstripe is hard to forge, the latter because we can cryptographically prove it is genuine).

You cannot trust an e-ticket in the same way.
OK think what you like, not like we've seen it in use for a number of years or anything.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
58,278
Location
"Marston Vale mafia"
I think we actually may not disagree as much as we think @Bletchleyite. I would like to see an end to people carrying around additional pieces of plastic, unnecessarily.

I'm not (although it may not seem like it!) that attached to ITSO in itself.

My primary objection to e-tickets is:
- they are not interoperable with other modes of transport
There is no reason they couldn't be. In the unlikely event (as they're expensive!) of you having a full IATA "Y" Economy fare issued as an e-ticket, that can be transferred to another IATA airline, for example.

- they do not actually encode that much data and are 'one shots' (eg. you can't top up and use a balance, or get a season ticket via them)
I don't think transport operators should be in the business of top-up balances; that ship has sailed. That is a facility provided by banks. There is no need nor sense in duplicating that provision. So if you want that (e.g. for your kids), get a pre-paid debit card.

I see your point on season tickets, and only season tickets. However, these could be "dumb" cards with the back-end doing the validation, as "new Oyster" will be (thus proving my point!) However, with a proper capped contactless system like TfL has, season tickets are increasingly niche.

- you have to scan them (which is slow)
Part of that is poor barrier design, in particular the use of laser based scanners (which don't like phone screens) instead of camera-based scanners (which are fine with anything that looks like a barcode).

There is no way to do that with an optical code (as is currently designed), as there is no two way data transfer. So yes, you can verify that the Aztec code is valid (perhaps it is signed) and it exists in a database, but it is not possible to verify that it is not a copy or duplicate.
There are ways and means of doing this, such as logging and flagging up odd usage patterns. If for example a season ticket is scanned at the barrier at Euston twice within half an hour, you pretty much know there are two knocking about. If you want to investigate, you can then block that ticket ID, then next time it's used you've got one of its users to have a talk to about what's going on (and prosecution, if then deemed appropriate).

This essentially precludes issuing any kind of 'roving' ticket (season, Travelcard, Ranger, Rover, top up) via them, as you cannot guarantee that it's only that person using the e-ticket (without some very complex anti-fraud calculations that would be full of holes and edge cases); whereas you can with a single/return (since you should only go through the originating gateline once, etc).
This is similar to the arguments that were being put against me when I proposed an e-ticket system very similar to the one that actually happened a number of years ago on here before it came about (I should dig the thread out). It's a flawed argument because it assumes you need 100% security. You don't, you just need it to be "secure enough".

You could, I suppose, make them 'live' codes which contain a rotating OTP derived from a key, but I've not seen an example of that (I'm not sure how the m-tickets work. I haven't seen the spec for them, so if anyone would like to share it I would appreciate a copy :) )
That is unnecessary overcomplication.

You could do it in the background, sure, but that would be reactive.
Reactive is fine. It's an improvement on "basically none whatsoever" from a paper ticket.

You cannot trust an e-ticket in the same way.
You don't need to.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
I don't think transport operators should be in the business of top-up balances; that ship has sailed. That is a facility provided by banks.
Agreed.

as "new Oyster" will be (thus proving my point!)
Do you have a source? ;)

However, these could be "dumb" cards with the back-end doing the validation
What does "dumb" mean? :) Presumably the card will still be required to do crypto, otherwise what is the point.

There are ways and means of doing this, such as logging and flagging up odd usage patterns. If for example a season ticket is scanned at the barrier at Euston twice within half an hour, you pretty much know there are two knocking about. If you want to investigate, you can then block that ticket ID, then next time it's used you've got one of its users to have a talk to about what's going on (and prosecution, if then deemed appropriate).
This appears to be what @Wallsendmag is referring to above, which I think is a bit of a lost opportunity to be honest. One of the *key* things that has helped banks defeat first party fraud (on the part of the customer) is the ability to cryptographically prove that the original card they issued was used. I can't really go into more detail, sorry.

This approach is very reactive, whereas you can essentially eliminate the problem entirely by using a smartcard you can trust. The only problem then is people sharing the card between people.

It's a flawed argument because it assumes you need 100% security. You don't, you just need it to be "secure enough".
It depends what your threat model is. The railways are very behind the times and, with respect...

Reactive is fine. It's an improvement on "basically none whatsoever" from a paper ticket.
...
You don't need to.
...I think a bit more ambition isn't a bad thing here. The problem is the choice of the wrong technology (optical codes) from the start.

That is unnecessary overcomplication.
It's how you could solve the issue. Forging paper tickets is reasonably difficult (especially the magstripe) because they are antiquated and thus pretty much the only stuff that can interface with the card stock is bought and sold within the railway company loop - it's security by obscurity, not by design.

Aztec codes are trivial to copy and, if the gateline is only checking a checksum, trivial to forge. I don't know what the spec for them is; I'd hope they are at least signed.

Security is important and settling for significantly less is just bad decision making imho.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
58,278
Location
"Marston Vale mafia"
Do you have a source? ;)
I don't, I'm afraid, but there are threads on here about "new Oyster", and it's basically running on the contactless back-end.

What does "dumb" mean? :) Presumably the card will still be required to do crypto, otherwise what is the point.
It could be a simple RFID type card like building access cards. The only purpose of it would be that reading the card is quicker than lining up and reading a barcode. No crypto required.

...I think a bit more ambition isn't a bad thing here. The problem is the choice of the wrong technology (optical codes) from the start.
It's not the wrong technology, it's the right technology. You may be able to add simple NFC to it later, because all it is is about transferring simple data.

Your obsession with 100% security neglects the more important issues of cost and flexibility. It's very much like a business that enforces a silly password policy (excessive complexity or excessive change frequency), which tends to result in post-it notes stuck to monitors with passwords written on. Security is not the only, nor even the most important, consideration. It exists solely to serve the business.

Security is important and settling for significantly less is just bad decision making imho.
Disagree. "Secure enough" is an acceptable concept.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
It could be a simple RFID type card like building access cards.
Negating that this would require replacing all the barriers that use NFC and building cards are generally based on MiFARE DESFire (NFC, does crypto - clue is in the name)...

If it's just RFID then I can just buy another RFID tag with that identifier...?

Your obsession with 100% security neglects the more important issues of cost and flexibility
shrug.

I come from the banking and finance world where security is very important. I agree that it's something I tend to focus on.

I don't really see what the additional cost of using ITSO over optical codes (for which you've just recommended replacing all the laser scanners with cameras :P ) is?

It's very much like a business that enforces a silly password policy (excessive complexity or excessive change frequency), which tends to result in post-it notes stuck to monitors with passwords written on.
Password policies like that are stupid. NCSC have good guidance on it.

Except that none of this actually makes it harder for the user, as it would in your analogy ;) That's the thing.

e-ticket: You can have tickets on your phone. You can print tickets out. You can get PRTs at the station.
ITSO: You can have tickets on your phone. You can have tickets on a physical card. You can get cards at the station.

Some people consider 2FA to be silly, annoying and a waste of time. I managed to get it rolled out across a small public sector body within a week, because even though it inconvenienced people a bit when we kicked them out to set it up, the benefits were clear.

The worst security is that which you describe - security theatre - where the UX is so poor people work around it. I hate it too. But I'm not sure why ITSO fits that category?

It exists solely to serve the business.
Generally yes, particularly as a liability shift mechanism to reduce losses.

Disagree. "Secure enough" is an acceptable concept.
All security is "secure enough". There is no absolute.
 

Haywain

Established Member
Joined
3 Feb 2013
Messages
4,803
The worst security is that which you describe - security theatre - where the UX is so poor people work around it. I hate it too. But I'm not sure why ITSO fits that category?
I think you’re reading this the wrong way. @Bletchleyite isn’t saying that ITSO security is a problem, but that you seem to be expecting an excessive level of security for barcoded tickets. I can assure you that you are bringing nothing new to the table that hasn’t been considered prior to the widespread introduction of e-tickets.
 

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
that you seem to be expecting an excessive level of security for barcoded tickets
Yeah, I appreciate that. My position is really that I consider this to be a rather fatal flaw (which is inherant in barcoded tickets, but not in ITSO and thus avoidable), but as @Bletchleyite has indicated perhaps I take the security aspect too strongly. Again: shrug :P

That's fair enough :) I'm entirely sure all this has been considered before - there are much more competent people than I advise on these things.

I just consider it an interesting debate to have and, as on many forums, it's usually fairly ill informed discussion anyway :P
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
58,278
Location
"Marston Vale mafia"
I think you’re reading this the wrong way. @Bletchleyite isn’t saying that ITSO security is a problem, but that you seem to be expecting an excessive level of security for barcoded tickets. I can assure you that you are bringing nothing new to the table that hasn’t been considered prior to the widespread introduction of e-tickets.
What I'm saying is the cost and inconvenience of using ITSO is higher than the gain from it.

And I suspect that the railway professionals agree, hence the existence of barcoded e-tickets.
 

david1212

Member
Joined
9 Apr 2020
Messages
127
Location
Midlands
Maybe because some non-millenials are a bit cautious about flashing around a personal item worth several hundred quid? I would rather drop a train ticket than my phone as I try to rush for a train (and it’s a lot easier to hold a ticket/card in your teeth or a hand that is also carrying multiple bits of luggage)
Exactly. If dropped a plastic card will very rarely be damaged and mostly a traditional paper/card ticket will be useable too. Much greater risk with a phone.

Further if someone else makes the effort to pick up picked up the ticket 99.99% it will be then be handed back. If a phone more likely to be picked up and less likely to be handed back.

I would not have an expensive phone anyway. Regardless it is the risk and inconvenience of it being either lost or damaged.

With the greatest respect, you are increasingly in the minority. Whilst I appreciate that ticketing needs to remain accessible for all, it cannot stand still for the minority who are not digitally enabled. It will, necessarily, become more inconvenient for those people who wish to still pay cash for a physical ticket at a ticket office.
Nothing to do with not being digitally enabled.

Rather keeping what I titled my ' National Travel Ticket Card ' totally separate from any bank card or phone.

At a ticket office or machine once the payment be it cash or card is accepted the ' National Travel Ticket Card ' is then presented to the card reader for details of the purchased journey(s) to be loaded. No physical ticket just a receipt for the payment and detail of the ticket bought.

If the card is lost, damaged or snatched ( low risk compared to a phone or contactless bank card as little use to anyone else since they don't know the validity ) that is all I have lost. I still have the bank card to repurchase a physical single use paper/card ticket for the immediate journey. Ideally later when the loss is reported and replacement requested if at the same time proof of purchase of the replacement ticket is provided as the linked account will show a valid ticket for the journey was already held it will automatically load a credit for the repurchased ticket. If at a major station maybe the ' National Travel Ticket Card ' could be replaced immediately ?

For London Oyster or any similar area scheme with a daily or weekly cap the card could be loaded with credit up to say £50 either online in advance or at a ticket machine / office with either cash or a bank card.

On a train simply present the ' National Travel Ticket Card ' to the reader held by the member of staff. No faffing with phone to get the right screen up. If say 5 tickets loaded on a phone then got to select the right QR code too.

To use a phone I really need reading glasses on. I have varifocals but except for distance they come a poor second. Swapping or removing is another unnecessary risk.


I cringe every time a see someone with a phone at a ticket gate and at shop put their phone against the payment unit rather than a debit / credit card be it contactless or require a pin.
 
Last edited:

Kilopylae

Member
Joined
9 Apr 2019
Messages
170
Location
South-west England
This point has been raised before, but it wasn't adequately answered - with a 'true e-ticket system', how do on-train ticket checks work in areas with no internet connection? This is a particular problem given that lines where there's no internet connection are often the same lines where it's possible to make the journey without passing through a ticket barrier.
 

HSTEd

Veteran Member
Joined
14 Jul 2011
Messages
11,726
MiFARE Classic is perhaps the worst possible product you could use.

See: https://www.sciencedirect.com/science/article/abs/pii/S1363412710000348
Well that article states that they are far from the worst card in use today!

Bu then again, the more modern MiFARE ultralight is under 30p in large bulk!

For those that don't, they can use an ITSO smartcard (just like many people do today), or a PRT/printed e-ticket. They will be in the minority.
Because the equipment necessary will have to be deployed at every location anyway, unless you propose to forbid non phone uses from using certian stations?
Therefore, deploying both an aztec code and smartcard based ticketi nfrastructure is a wasteful duplication of resources.

And given how awful aztec code readers actually are, phone tickets should be restricted to NFC only and smartcards should be the dominant ticket system.
 

Haywain

Established Member
Joined
3 Feb 2013
Messages
4,803
I cringe every time a see someone with a phone at a ticket gate and at shop put their phone against the payment unit rather than a debit / credit card be it contactless or require a pin.
I’m really not sure why you should be cringing because someone else chooses to use Apple Pay to buy their shopping.
This point has been raised before, but it wasn't adequately answered - with a 'true e-ticket system', how do on-train ticket checks work in areas with no internet connection? This is a particular problem given that lines where there's no internet connection are often the same lines where it's possible to make the journey without passing through a ticket barrier.
If it’s a problem that’s for the train operator to worry about but the reality is that the detail of the scan will be sent to the database when connectivity is again available.
 

jon0844

Veteran Member
Joined
1 Feb 2009
Messages
24,493
Location
UK
That's the problem, we don't currently have a one size fits all solution. So we cover all bases and let the customer decide which flavour of smart they want.
We can't have just one solution.

I'd go with the technology solution, but accept some people want a more basic system that works better for turn up and go travel - as well as providing a fallback if my phone breaks, gets stolen etc.

I think we can agree that magstrip tickets are too limited these days. Barcodes allow for more flexibility and the option to have online or offline checks made (or they can just be accepted as is during a network outage).

Barcodes and smart tickets/phones will co-exist for some time.

I haven't heard of it by name, I assumed it existed.

As I said, I think would be difficult and computationally expensive to run anti-fraud checks in the "authorisation loop" when you're scanning your ticket at the gate, working out whether it's possible for you to be at that gateline, based on your previous journey history. Plus, prone to error (clock skew, anyone?), particularly within London where tolerances would be very tight as things are very close together.

You could do it in the background, sure, but that would be reactive.

---

Essentially, it's a very different threat model. At the moment, the thread model is we trust the validity of paper tickets and smartcards intrinsically (the latter because the 'unique' magstripe is hard to forge, the latter because we can cryptographically prove it is genuine).

You cannot trust an e-ticket in the same way.
At a station, you'd have the local gates remember the ticket and so all gates would reject it again if passed back.

The gates can then bundle tickets scanned together and upload periodically, and update a remote database in the cloud that gradually feeds this info out to other gatelines. In this way, you don't need to worry about latency and connectivity issues to try and validate a ticket in real time.

Yes, it would mean that a slow or failed update wouldn't mark the ticket as 'used' but that is the problem of the railway, not the customer, so in effect a proper failsafe.

You'd assume that the process could take place before the passenger has managed to get to another station. A check by a member of staff with a terminal/phone would need a real-time connection to check as I am not sure a phone would be set to store that amount of data (even though with compression and 4G/5G connectivity, I am sure any phone could easily store it and discard periodically) but there's not the same level of rush in that case anyway.

And if anyone hasn't seen the mobile tickets that 'rotate', they will change the data sent to include the current time/date, which has to match the reader (give or take a set time to allow for variances) so a screen capture won't work. That has caused me problems before when a bus had a ticket machine with the clock out by an hour. I was fortunately allowed travel even though it said my ticket had expired.

If it’s a problem that’s for the train operator to worry about but the reality is that the detail of the scan will be sent to the database when connectivity is again available.
There aren't many places these days that have no connectivity (and as time goes on, 700 and 800MHz 4G and 5G coverage will help reach almost all of the UK landmass, not just populated areas).

If a station hasn't got any connectivity, it's perfectly possible for a fixed connection to be hooked up to an access point to allow staff wireless access. Chances are, you'd also offer a connection to the public too. If there are gates or TVMs there is already some sort of connectivity, and likewise to provide data to the CIS etc.

On a train, have the train manager or whoever scan a ticket and if it can't check within a certain timeframe, queue it for checking and move on. If the ticket comes back as rejected, you can return to the passenger. If all else fails, they get away with it - that time. It would be quite hard for someone to bank on problems so the fact a ticket is checked would likely put opportunists off.
 
Last edited:

crablab

Member
Joined
8 Feb 2020
Messages
268
Location
UK
Guess I've just discovered one of the advantages of digital issuance over PRT.

These PRTs are pretty huge to be honest (lots of wasted space). I've just been issued 3 for my journey. Like most young people, I don't carry a "wallet" as such. Some people have card attachments to the back of their phone, I carry a metal card holder that is the size of a standard ISO/IEC 7810 ID-1 card.

a) PRT takes up significantly more space than both a smartcard and the equivalent in magstripe tickets.
b) PRTs don't seem to have a good way to fold down to card size (I accept user error may be at fault, advice appreciated).
c) For those of us (increasing number) with minimal/no wallet, they are a bit of a pain to store compared to the traditionally shaped tickets.

I suppose @Bletchleyite would argue since it's just a lookout on an ID, you should be able to add it to your phone. To which I entirely agree, but in which case, why isn't there some guidance on this since I expect if I corrall Google Pay into displaying the Aztecs on the tickets, it's technically not a valid ticket and I still have to carry the PRTs anyway.

PXL_20201017_080228407.jpg
 
Last edited:

Top