ID-based travelling

Background

ID-based travelling is a term used in the pre-studies that preceded the BoB-project. The meaning of this term was, however, not clearly stated. Essentially, the intended meaning is that what the traveller presents in connection with the trip is not a ticket, but rather a reference to a repository containing the travel rights (tickets, credits, etc.) that the traveller is entitled the disposition of.

This means that the document the traveller presents does not carry any ticket information at all, but it is rather a certificate of competence to disposition the rights contained within a central repository. This certificate does not have to be personal and should therefore be considered as identifying the repository - rather than a particular individual.

Characteristics of ID-based systems

Basically, all modern ticket and fare collection systems are based on the principle of account-based ticketing. The transactions that comes from, for example, a travel card usage are collected and settled on a shadow account, though this may occur asynchronously with the actual travel.

The decisive difference between such ticket-centric systems and strict ID-based systems is that, in the latter case, the traveller does not carry any ticket information at all. The document the traveller presents must either be validated by information from an underlying system or accepted as it is based on its mere existence.

The BoB project has defined ID-based travel systems as follows:

Travel where the traveller does not carry any ticket or ticket information, but instead a documentary proof entitling the traveller the disposition of the rights attached to this document in a central repository which is managed by an underlying ticket and fare collection system.

Benefits of ID-based systems

The benefits of ID-based systems can be found in both improved user convenience and savings for the carriers. An ID-based system makes it easy to broaden the use of other related services outside of the carriers own business; For example, to combine a trip with rental bikes, taxi or a cup of coffee provided as a courtesy when waiting for a delayed train.

This flexibility also facilitates the goal of reaching boundless travel across different modes of transports, carriers and borders. The traveller may have one ID-based travel document, instead of today, a set of travel cards or apps for those regions and carriers with whom a customer travels. An ID-based system can also allow a genuine ticket-free travel, where the traveller does not need to pre-empt the specific tariffs, zones, coupon values and other business rules of each carrier, but can easily embark on a vehicle and be safe in paying the right fare. This, however, may require reformation of the business rules, so that it will be possible to determine in retrospect how a traveller shall be charged.

Wider use of such ID-based travel documents also enables relatively large savings opportunities as each carrier does not need to issue its own cards and provide its own card management. Though it may be desirable from the marketing point of view, that the customer holds the carriers own card, such coordination must not necessarily be precluded. In the same way that credit cards are today designed with the logos and profile colors of a retail store, petrol company or airline, it is still a credit card network with the issuing banks which is behind the card.

It can also be noted that, in principle, all of the above-mentioned benefits can be accomplished in a ticket-based system if the traveller uses a connected device (such as a smartphone) that can communicate with the ticketing system in any way - for example through an App. The App also provides the opportunity to interact with the traveller in a way that may not otherwise be possible, for example, through travel planning features and sending traffic information and disturbance notices in real time. The fact that an App can also keep ticket information often means that the ticket validation can be simplified and made more robust, as validation units does not need to be connected to the back end system to the same extent.

So the largest benefit of ID-based travel is the possibility to use one ID to for several services.

Checking the validity of a travel document

When ID-based travelling is used, the travel document (as previously mentioned) does not contain any ticket information. It is not possible to determine if the traveller has the right to travel by only reading the travel document. An entity intending to accept a particular travel document for ID-based travelling must therefore chose to either verify the right to travel on-line with the back end system or allow the passengers to travel with the risk of them not having the right to do so.

If a credit card is used for travel, this credit risk may to some extent be transferred to the credit card issuer (for transactions up to a certain amount) at the price of the transaction fee. In other cases, it is likely appropriate to, selectively and in advance, communicate travellers rights to the validating equipment so when an ID is used it can be checked towards a local list in the validation equipment. From a technical point of view, it may require some thought about how such a structure can function on a large scale. It is hardly reasonable that all information should exist everywhere. Well-designed mechanisms are required to determine what information need to be communicated, when and to which devices.

Security aspects of ID-based travelling

Such a travel document which should be of eligibility for ID-based travelling must be designed according to the principles of documentary proof in order to obtain the legal protection that should be required. The ID-based travelling can be said to represent a greater risk for the traveller, as falsification of this document can lead to direct and substantial while forgery of traditional tickets is essentially a risk to the carrier. It is therefore required that the ID document used for disposing of travel rights can not be easily copied, and that it use also bring so-called non-repudiation, that is, the holder can not legitimately claim that he has not undertaken a specific trip and thus is incorrectly charged.

When designing the ID document to be eligible for travel, a number of security-related issues need to be addressed. When other forms of payment methods are handled in everyday life, for example, when we use payment cards, these are both personal and are often combined with personal code (PIN). A payment card may also use more or less daily. A travel card linked to an ID-based travelling should probably be used without a PIN, and may also be shared within the family, to acquaintances or used within a group of employees at the company. It can thus be considerably more difficult to find out in many cases whether a card has been lost, and there is also no way for the entity accepting the document to detect whether it is used by someone unauthorised. Rationality checks and other types of automatic controls are required which allow suspicious activity of travel documents to be detected and followed up upon. Some types of events may, under certain circumstances, also lead to automatic blocking of access to rights from certain credentials.

For ID-based travelling with self-issued travel documents, it is therefore appropriate to assume a generous attitude to the question of how passengers should be held accountable for unauthorised use. However, the way in which the conditions for the traveller are to be devised are beyond the scope of the BoB project, but it is a matter that needs to be coordinated between those involved in an ID-based travel scheme.

National coordination

An ID-based travelling scheme which spans across organisational boundaries requires coordination of the travel documents to be used. It will not only be a matter of technical coordination, but also a coordination of the security regulations that will apply for issuing and otherwise handling such documents and the conditions that will apply to the traveller.

Collaborating on the issuance of a travel card (or other type of ID-based travel document) may also constitute an opportunity for the industry, which does not necessarily mean that all actors involved in the cooperation must use these documents. In the same way as most merchants accept multiple types of payment cards, several different issuers of travel cards may be included in the scheme. This is referred to as a form of federation, where participating entities choose to rely on all approved travel documents of all issuers participating in the scheme. In such collaboration, it is of course important to comply with the same technical and security standards, so that the various travel documents can easily be read and the same degree of trust can be attributed to the fact that it will be possible at a later stage to be paid for the service performed.

Furthermore, interfaces are needed to implement settlement and transfers between the different operators' systems. This applies irrespective of whether the settlement relates to travelling with a carrier or purchase of a service in connection to the trip.

Information flow for ID-based travelling

The information flow/sequence diagram is described in API-page: BoB Token API - ID based travelling