A Privacy Enhancing Service Architecture for Ticket-based Mobile Applications

Jorns, Oliver; Jung, Oliver; Quirchmayr, Gerald

doi:10.1109/ares.2007.16

Cited by 14 publications

(12 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the majority of these schemes, the provider can link different journeys from the same user [8,2,4,5,6]. In a linkable system, the disclosure of the identity of the user in a journey leads to the disclosure of all the journeys of the same user (weak anonymity).…”

Section: State-of-the-artmentioning

confidence: 99%

See 1 more Smart Citation

An electronic and secure automatic fare collection system with revocable anonymity for users

Vives-Guasch

Castellà‐Roca

Payeras–Capellà

et al. 2010

Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia

View full text Add to dashboard Cite

Automatic Fare Collection (AFC) systems calculate the fare that the user must pay which depends on the points of entrance and exit of the system. These systems were paperbased, but the progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets which helps to reduce costs and it improves the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud, and they must also preserve users' privacy. We propose an AFC system that offers strong privacy for honest users. The service provider can not disclose the identity of its users and, moreover, different journeys of the same user are unlinkable. However, anonymity for users could be revoked if they misbehave. This system has been designed in order to use personal mobile devices.

show abstract

Section: State-of-the-artmentioning

confidence: 99%

“…We have performed an analysis of AFC proposals that consider anonymity for users, offering revocable anonymity [8,2,3,4,5,6]. In the majority of these schemes, the provider can link different journeys from the same user [8,2,4,5,6].…”

Section: State-of-the-artmentioning

confidence: 99%

An electronic and secure automatic fare collection system with revocable anonymity for users

Vives-Guasch

Castellà‐Roca

Payeras–Capellà

et al. 2010

Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia

View full text Add to dashboard Cite

show abstract

“…Each application provider therefore shares at least one contractual relationship and a shared secret with the network operator. Application provider may implement various applications such as the one described by Jorns et al [10] which realizes a transport ticket system with location support. We discuss this example application briefly in a later section.…”

Section: The Third Party Application Providermentioning

confidence: 99%

Transaction pseudonyms in mobile environments

2007

Self Cite

View full text Add to dashboard Cite

Network Operators start to offer formerly hidden services such as location service, messaging services and presence services. This fosters the development of a new class of innovative context aware applications that are operated by third party application providers. However, without the implementation of proper privacy protection mechanisms, location and presence information, that is processed by third party application providers, may also imply severe risks to users. If no privacy protection is foreseen, the user's identity could be used maliciously which renders such applications dangerous. To protect the user's sensitive data such as location information we propose a novel service architecture which fosters the development of innovative applications that brings together internet applications with telco services. An underlying privacy enhancing mechanism that is based on the notion of pseudonyms allows even untrusted third party application providers to access sensitive data provided by telco services such as location, presence or messaging services. Due to their high security, pseudonyms guarantee that the user's identity is kept secret towards the untrusted application providers. Due to its low computational complexity this pseudonym generation scheme can also be implemented on devices such as mobile phones and digital assistants with only little computational power and restricted memory capabilities. To illustrate our approach, we demonstrate a transportation ticket application that implements the proposed service architecture. This application allows the use of transportation tickets which are extended by the location-tracking functionality. Similar to the well known paper based transportation tickets our solution supports anonymity of users even if the ticket application "knows" the location of the holder.

show abstract

“…However, the system describes the functioning on a higher level of abstraction and system flexibility is limited compared to currently offered services. On the other hand, work of Jorns et al [12] focuses on the problem of location services. As the network operators gradually open their interfaces for mobile applications that use travellers' location and presence information, privacy issues arise.…”

Section: Related Workmentioning

confidence: 99%

“…It also issues a temporary ticket, which is a signed timestamp t val , starting bus stop loc start , challenge c start and reduction information, info tp (9). When the temporary ticket is issued, the T app stores it and can delete the eTokens (12).…”

Section: Validatestarttrip(epurse)mentioning

confidence: 99%

Privacy-Preserving Public Transport Ticketing System

Milutinovic

Decroix

Naessens

et al. 2015

Data and Applications Security and Privacy XXIX

View full text Add to dashboard Cite

Abstract. The public transport ticketing systems are undergoing significant changes in recent years. The tickets can now be issued and presented in digital form, significantly improving the user experience. The digital data is also used to improve the services' efficiency. Travelling patterns and route occupancy can be analysed to adjust the frequency and coverage of the service. However, data recorded by the providers extends the information that is needed for simple analysis. The travel passes that are issued usually contain unique identifiers, allowing to trace the movement of users, which can even be linked to their identities. In order to tackle these privacy issues, we propose a novel, privacy-preserving ticketing system, based on a scheme for issuing and redemption of unlinkable certified tokens. The design also allows offering advanced services, such as reduction plans or monthly passes, without introducing privacy concerns. Even though the travellers' actions cannot be linked, the service providers are given assurances against possible misuse, and are able to control the usage of the issued products. Additionally, experimental evaluation shows that the system performance is adequate for practical applications.

show abstract

A Privacy Enhancing Service Architecture for Ticket-based Mobile Applications

Cited by 14 publications

References 4 publications

An electronic and secure automatic fare collection system with revocable anonymity for users

An electronic and secure automatic fare collection system with revocable anonymity for users

Transaction pseudonyms in mobile environments

Privacy-Preserving Public Transport Ticketing System

Contact Info

Product

Resources

About