Lecture Notes in Computer Science vol:9149 pages:135-150
29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2015) location:Fairfax, VA, USA date:13-15 July 2015
The public transport ticketing systems are undergoing significant changes in recent years. The tickets can now be issued and presented in digital form, significantly improving the user experience. The digital data is also used to improve the services’ efficiency. Travelling patterns and route occupancy can be analysed to adjust the frequency and coverage of the service. However, data recorded by the providers extends the information that is needed for simple analysis. The travel passes that are issued usually contain unique identifiers, allowing to trace the movement of users, which can even be linked to their identities. In order to tackle these privacy issues, we propose a novel, privacy-preserving ticketing system, based on a scheme for issuing and redemption of unlinkable certified tokens. The design also allows offering advanced services, such as reduction plans or monthly passes, without introducing privacy concerns. Even though the travellers’ actions cannot be linked, the service providers are given assurances against possible misuse, and are able to control the usage of the issued products. Additionally, experimental evaluation shows that the system performance is adequate for practical applications.