2What is ITSO?ITSO is the UK Open Standard for integrated and interoperable smart ticketing, owned under Crown Copyright by the UK Government.The standard is supported and maintained by ITSO Ltd, a non-profit distributing organisation licensed by the UK Department for Transport.ITSO Ltd is owned by member organisations including:Central government, regional and local authorities;Bus operators;Train companies; andSuppliers to the industry.
3The ITSO Interoperable Fare Management environment consists of: The ITSO Specification: an Open Specification available for downloading off the internet. Version of the ITSO Specification was published in late February 2010An ITSO Security Access Module (the ISAM) that resides in every Point of Service. The ISAM securely holds the keys to sign all transactions and verifies authenticityThe ITSO Security Management Service (the ISMS) which generates, stores and securely distributes keysThe method for showing Equipment ComplianceThe ‘Business Rules’ for inter-operability and Registration
4ITSO supports the full interoperability of Customer Media between schemes and the compatibility of Equipment and Software.It is currently the responsibility of our suppliers and operators to:Provide other equipment (i.e. Ticketing posts, readers and gate machines)Process or hold Transaction DataProcess or hold Customer Data (including usage)Handle payment or settlement
5The ITSO Specification states . . . . . . that all Data Records must be:Free readProtected by a 3-DES seal that is diversified by a number of factors including:Date-time stampISAM identityMedia identityValueTransaction numberThus ensuring personal data is protected and secure.
6Transaction speed is key ITSO Transactions by Points of Service are benchmarked for both “simple” and “complex” transactions:Java, DESfire and Calypso: 300mSec maxLow Memory media: 200mSec maxFor off-line bus and hand held equipment, an allowance of 2x and 3x the maximum is madeSpeeds achieved through the rigorous testing and compliance processes are recorded on the equipment Certificate of Compliance
7The ITSO Specification has the following parts: Part 0: General IntroductionPart 1: Terminology, ReferencesPart 2: Customer Media (CM)Part 3: Point of Service Terminals (POSTs)Part 4: Host Operator Processing Systems (HOPS) including Asset Management (AMS)Part 5: Data Record Definitions on Customer MediaPart 6: Message DataPart 7: Security Sub-systemPart 8: Security Management SystemPart 9: CommunicationsPart 10: Customer Media Types
8International Standards, the EU and ITSO ITSO complies with and supports the development of the following International Standards:Media: ISO/IEC 14443File Structure: ISO/IEC 7816Architecture: EN ISO (IFM)Applications: EN (IOPTA)Data Elements: EN 1545ISAM Security: ISO (Protection Profile PP9911)And in doing so anticipates compliance with the proposed EU-IFM Specification
9ITSO supports the following Customer Media: CMD1: Mifare® Classic standard 1KCMD2: Generic Micro-processor (Java)CMD3: Mifare® Classic standard 4KCMD4: Mifare® ultra lightCMD5: Innovision Jewel – 0301/70CMD7: Mifare® DESfireCMD8: CalypsoOf these, the Mifare Classic family are being phased out, and ITSO is looking to further enhance the CMD2 definition to embrace Global Platform and comply with the EU-IFM definition of a Secure Element.
10SE Unique Identifier (eg MCRN) The ITSO solution supports Multi-Application use, can exist alongside EMV Payment or NFC Applications and has its own ITSO Stored Value propositionSecure Element (SE)IssuerSE Unique Identifier (eg MCRN)Secure Element layer(eg smartcard, USB key,NFC phone etc)DirectoryITSO ShellEnvironmentEMV???ITSOShell(Application)Application layerDirectoryIDSTRTickets???Credit/DebitProduct layerIPE layer
11ITSO supports the following Product Types: TYP0: Private ApplicationTYP2: Stored ValueTYP3,17: LoyaltyTYP4,5: Charge to AccountTYP14,16: Entitlement and IDTYP22,23,24: Pre-defined TicketsTYP25: VoucherTYP26: TollingTYP27,28,29: Space-saving TicketsTYP34: Transient Ticket
12The ITSO TYP0, Private Application, allows Operators to use the ITSO Security to protect a local Application such as Library Card, or a Leisure or Event Ticket.The ITSO Stored Value Product supports:Different currencies and currency changeMultiple Stored Value Products on same Media (including EMV)Auto top-upJourney legs and cumulative fareReceipt printing (when available)ITSO Products are suitable for remote downloading using Secure Messaging.
13. Current ITSO Implementations cover*: 20,000+ Points of Service (ISAMs) connected into the Security System; more than 12 million ITSO Customer Media covering all of Scotland and Wales, and 23 PTA in England (on both, bus and rail, for concessionary and commercial ticketing.These figures are expected to double over the next 5 years in order to meet the UK Government Smart and Integrated Ticketing strategy.These developments will include ITSO operating in Greater London alongside TfL’s Oyster product before the 2012 Olympics.ITSO is currently being considered by a number of other countries.* As of March 2010.
14For more information:Or call ITSO on +44 (0)Or visit