Presentation on theme: "ITSO An overview March 2010. What is ITSO? ITSO is the UK Open Standard for integrated and interoperable smart ticketing, owned under Crown Copyright."— Presentation transcript:
ITSO An overview March 2010
What is ITSO? ITSO is the UK Open Standard for integrated and interoperable smart ticketing, owned under Crown Copyright by the UK Government. The standard is supported and maintained by ITSO Ltd, a non-profit distributing organisation licensed by the UK Department for Transport. ITSO Ltd is owned by member organisations including: Central government, regional and local authorities; Bus operators; Train companies; and Suppliers to the industry.
The ITSO Interoperable Fare Management environment consists of: The ITSO Specification: an Open Specification available for downloading off the internet. Version of the ITSO Specification was published in late February 2010 An ITSO Security Access Module (the ISAM) that resides in every Point of Service. The ISAM securely holds the keys to sign all transactions and verifies authenticity The ITSO Security Management Service (the ISMS) which generates, stores and securely distributes keys The method for showing Equipment Compliance The Business Rules for inter-operability and Registration
ITSO supports the full interoperability of Customer Media between schemes and the compatibility of Equipment and Software. It is currently the responsibility of our suppliers and operators to: Provide other equipment (i.e. Ticketing posts, readers and gate machines) Process or hold Transaction Data Process or hold Customer Data (including usage) Handle payment or settlement
The ITSO Specification states that all Data Records must be: Free read Protected by a 3-DES seal that is diversified by a number of factors including: Date-time stamp ISAM identity Media identity Value Transaction number Thus ensuring personal data is protected and secure.
Transaction speed is key ITSO Transactions by Points of Service are benchmarked for both simple and complex transactions: Java, DESfire and Calypso: 300mSec max Low Memory media: 200mSec max For off-line bus and hand held equipment, an allowance of 2x and 3x the maximum is made Speeds achieved through the rigorous testing and compliance processes are recorded on the equipment Certificate of Compliance
The ITSO Specification has the following parts: Part 0: General Introduction Part 1: Terminology, References Part 2: Customer Media (CM) Part 3: Point of Service Terminals (POSTs) Part 4: Host Operator Processing Systems (HOPS) including Asset Management (AMS) Part 5: Data Record Definitions on Customer Media Part 6: Message Data Part 7: Security Sub-system Part 8: Security Management System Part 9: Communications Part 10: Customer Media Types
International Standards, the EU and ITSO ITSO complies with and supports the development of the following International Standards: Media: ISO/IEC File Structure:ISO/IEC 7816 Architecture: EN ISO (IFM) Applications: EN (IOPTA) Data Elements: EN 1545 ISAM Security: ISO (Protection Profile PP9911) And in doing so anticipates compliance with the proposed EU-IFM Specification
ITSO supports the following Customer Media : CMD1: Mifare® Classic standard 1K CMD2: Generic Micro-processor (Java) CMD3: Mifare® Classic standard 4K CMD4: Mifare® ultra light CMD5: Innovision Jewel – 0301/70 CMD7: Mifare® DESfire CMD8: Calypso Of these, the Mifare Classic family are being phased out, and ITSO is looking to further enhance the CMD2 definition to embrace Global Platform and comply with the EU-IFM definition of a Secure Element.
The ITSO solution supports Multi-Application use, can exist alongside EMV Payment or NFC Applications and has its own ITSO Stored Value proposition Directory ITSO Shell Environment ITSO Shell Environment Directory ID STR Tickets ??? Credit/ Debit Credit/ Debit EMV ??? Application layer Secure Element layer (eg smartcard, USB key, NFC phone etc) Product layer ITSO Shell (Application) Secure Element (SE) Issuer SE Unique Identifier (eg MCRN) Secure Element (SE) Issuer SE Unique Identifier (eg MCRN) IPE layer
ITSO supports the following Product Types: TYP0: Private Application TYP2: Stored Value TYP3,17: Loyalty TYP4,5: Charge to Account TYP14,16: Entitlement and ID TYP22,23,24: Pre-defined Tickets TYP25: Voucher TYP26: Tolling TYP27,28,29: Space-saving Tickets TYP34: Transient Ticket
The ITSO TYP0, Private Application, allows Operators to use the ITSO Security to protect a local Application such as Library Card, or a Leisure or Event Ticket. The ITSO Stored Value Product supports: Different currencies and currency change Multiple Stored Value Products on same Media (including EMV) Auto top-up Journey legs and cumulative fare Receipt printing (when available) ITSO Products are suitable for remote downloading using Secure Messaging.
Current ITSO Implementations cover*: 20,000+ Points of Service (ISAMs) connected into the Security System; more than 12 million ITSO Customer Media covering all of Scotland and Wales, and 23 PTA in England (on both, bus and rail, for concessionary and commercial ticketing. These figures are expected to double over the next 5 years in order to meet the UK Government Smart and Integrated Ticketing strategy. These developments will include ITSO operating in Greater London alongside TfLs Oyster product before the 2012 Olympics. ITSO is currently being considered by a number of other countries. * As of March 2010.
For more information: Or call ITSO on +44 (0) Or visit