1. Patent Search
  2. Details

ELECTRONIC TICKET MANAGEMENT

20170286873 · 2017-10-05

    Inventors

    Cpc classification

    International classification

    Abstract

    A method for providing an electronic ticket by a security element associated with a mobile terminal. The ticket is stored in the mobile terminal and designed to access a service via an access control device. The method includes the following acts by the security element: receiving the electronic ticket originating from the mobile terminal; temporarily storing the electronic ticket in the security element; providing the electronic ticket for the access control device; authenticating taking into account at least one item of data contained in the ticket and one item of data linked to the security element; and deleting the ticket from the memory of the security device.

    Claims

    1. A method for making available an electronic ticket via a security element associated with a handheld device, the ticket being stored in the handheld device and provided for accessing a service via an access control apparatus, the method comprising the following acts performed by the security element: receiving the electronic ticket from the handheld device; temporarily saving the electronic ticket in the security element; making the electronic ticket available for the access control apparatus; authenticating, taking into account at least one item of data contained in the ticket and one item of data linked to the security element; and deleting the ticket from the memory of the security apparatus.

    2. The method for making available an electronic ticket as claimed in claim 1, further comprising: receiving by the security element, from the handheld device, a command for deleting the ticket saved in the security element.

    3. The method for making available an electronic ticket as claimed in claim 1, said ticket comprising at least a public key for the security element, and wherein the method further comprises the following acts performed by the security element: receiving a random from the access control apparatus; signing the random by means of the private key of the security element; making the signed random available for the access control apparatus.

    4. The method for making available an electronic ticket as claimed in claim 1, wherein at least part of the ticket has been signed by a private key of the issuing entity.

    5. A method for managing an electronic ticket in a handheld device, with which device a security element is associated, the ticket being provided for accessing a service via an access control apparatus, wherein the method comprises the following acts performed by the handheld device: storing the electronic ticket in a non-transitory computer readable medium; selecting the electronic ticket stored by the device in the medium; sending said ticket to the security module.

    6. The method for managing an electronic ticket as claimed in claim 5, wherein communication between the security element and the access control apparatus is near field communication.

    7. The method for managing an electronic ticket in a handheld device as claimed in claim 5, further comprising sending a command for deleting said ticket from the handheld device to the security module.

    8. The method for managing an electronic ticket in a handheld device as claimed in claim 5, further comprising a prior step of receiving the electronic ticket from an issuing entity, said ticket comprising at least a public key for a user of the handheld device corresponding to the private key which is located in the security element.

    9. The method for managing an electronic ticket in a handheld device as claimed in claim 5, wherein the handheld device comprises a cellular phone and the selecting act is automatic if a powering level of the cellular phone is located below a predetermined threshold, and occurs according to a pre-established rule.

    10. The method for managing an electronic ticket in a handheld device as claimed in claim 9, wherein the pre-established rule comprises selecting a last ticket looked at by the user.

    11. The method for managing an electronic ticket in a handheld device as claimed in claim 5, wherein the selecting is automatic if data contained in the ticket includes certain predefined characteristics relating to validity of the ticket.

    12. A security element associated with a handheld device suitable for making available, to an access control apparatus, an electronic ticket stored in the handheld device, wherein the security element comprises: a non-transitory computer-readable medium comprising instructions stored thereon; a processor configured by the instructions to perform acts comprising: receiving an electronic ticket from the handheld device; temporarily saving the ticket; making the electronic ticket available for the access control apparatus; authenticating, which takes into account at least one item of data contained in the ticket and one item of data linked to the security element; and deleting the ticket from the memory of the security apparatus.

    13. A handheld device with which is associated a security element, suitable for managing a ticket provided for accessing a service via an access control apparatus, wherein the handheld device comprises: a non-transitory computer-readable medium comprising instructions stored thereon; a processor configured by the instructions to perform acts comprising: selecting an electronic ticket from a memory of the device; and sending said ticket to the security module.

    14. A computer program including code instructions for implementing a method for making available electronic tickets via a security element associated with a handheld device, when the instructions are executed by a processor of the security element, the ticket being stored in the handheld device and provided for accessing a service via an access control apparatus, wherein the instructions configure the processor to perform acts comprising: receiving the electronic ticket from the handheld device; temporarily saving the electronic ticket in the security element; making the electronic ticket available for the access control apparatus; authenticating, taking into account at least one item of data contained in the ticket and one item of data linked to the security element; and deleting the ticket from the memory of the security apparatus.

    15. A computer program including code instructions for implementing a method for managing tickets in a handheld device, when the implementation is executed by a processor of the handheld device, wherein the device is associated with a security element and the ticket is provided for accessing a service via an access control apparatus, and wherein the instructions configure the processor to perform the acts comprising: storing the electronic ticket; selecting the electronic ticket stored by the device; and sending said ticket to the security module.

    Description

    [0072] THE FIGURES

    [0073] FIG. 1 shows the general context of an embodiment of the invention.

    [0074] FIG. 2 shows an architecture of a piece of mobile equipment provided with a subscriber identity module and with an NFC module, which is suitable for implementing an embodiment of the invention.

    [0075] FIG. 3 shows the possible structure of an electronic ticket according to an embodiment of the invention.

    [0076] FIG. 4 shows a flowchart illustrating the various steps of the method according to an embodiment of the invention.

    DETAILED DESCRIPTION OF AN EXEMPLARY EMBODIMENT ILLUSTRATING THE INVENTION

    [0077] FIG. 1 corresponds to the general context of an embodiment of the invention; it relates to the local control, by an access control apparatus or terminal (B), of paperless tickets stored on the handheld (T) of a user (1), with an authentication by the security element (C). In this embodiment of the invention, the handheld device (T) also has an NFC module (3) allowing the use of contactless communications between the handheld, the associated SIM card (reference is also made in this case to NFC SIM) and the terminal (B).

    [0078] It is recalled that the uses targeted by the invention are those for which the user must prove being in possession of a right of access to a service with a validity limited to a precise date or for a defined duration (for example, a transit pass for the month of October 2014) or with an electronic ticket number which can be verified when accessing the service (for example, access to a concert, a sports competition, etc.). It is considered, in this embodiment, that the intended application is an application for ticketing delivering concert tickets.

    [0079] It is assumed in this case that the electronic tickets are provided by SMS to the user: the latter has chosen an electronic ticket (in this case, for a concert) from a service provider (5). The service provider (in this case, a concert ticket provider), located, in the example, in a network (9), has generated a ticket (4), signed it with the private key thereof, then transmitted it by SMS to the cellular phone of the user (T) (or several SMSs, due to the intrinsic limitation of the size of an SMS). The network (9) is, in this case, a mobile network but other types of networks would be possible, for example the Internet, an intranet network, etc. The user can order his ticket on the server of the service provider (5), with his handheld device, through a data connection of the mobile network extending to the Internet, and receive his ticket on his handheld as an SMS.

    [0080] Before delivering the ticket, the service provider has verified that the user is registered with a trusted authority (not shown). It has obtained, from the trusted authority, the public key of the user, the name of the associated algorithm and the reference of the key. It is recalled that “public key” cryptography systems (also called “asymmetric cryptography”) are methods which are based on the use of a public key (which is broadcast) and of a private key (which is kept secret). In the context of the signature, the private key is used to sign a message and the public key is used to verify the validity of the signature of the message. An entity which has a certificate for the public key (certificate provided by a trusted authority) can thus authenticate the author of the message.

    [0081] The public key for the user that the trusted authority provides to the ticket provider is the public key for which the corresponding private key is contained in the SIM card of the user. In the context of this embodiment of the invention, it is managed by an authentication and transit security application, that is called an application for making available tickets, or security application for short, that will be described later. For a subsequent purpose of authentication, the service provider can have integrated, in the ticket, information provided by the trusted authority and the user. A possible format for such a ticket will be described hereafter with reference to FIG. 3.

    [0082] The handheld device (T) contains a mobile application (for example an Android application) for managing electronic tickets which particularly allows the user to display the relevant information linked to the data of the ticket (name of the show, date and time, etc.).

    [0083] When the handheld device receives an SMS, the mobile application detects the ticket, for example upon the receipt of an SMS starting with a given identifier. This ticket is stored on the handheld. All of the tickets stored on the handheld appear in the interface that the mobile application for managing tickets proposes to the user, and can be used if their expiry date is not before the current date. Alternatively, the tickets can be managed by several applications on the handheld (one for transport, another for shows, etc.). The paperless electronic tickets are therefore not stored in the security element but on the handheld device. As will be seen hereafter, the security element is used solely for authenticating the user and for transiting the ticket (temporary storage before reading by the terminal (B)).

    [0084] Each ticket can be selected by the user, for example by pressing a finger on the touchscreen of the cellular phone, and a dialog box can request therefrom a confirmation for the selection of the ticket.

    [0085] The security element (C), or SIM card, contains a security application, also called an applet (APS) which is installed on the SIM cards of the users of handheld devices wishing to have access to the paperless ticket service. It is a single application for all tickets. Hereafter, it is called an applet, or security application, or else APS. It can access the private key of the user in the memory of the SIM card, which allows the SIM card, and therefore the user, to be authenticated with the access terminal. This applet also makes it possible to temporarily store the ticket which will be read by the terminal.

    [0086] When the user selects the ticket (4) on his handheld device, the management mobile application APM sends the ticket to the applet of the SIM card and then requests the user to present his handheld device to the terminal.

    [0087] When the user presents his handheld device to the access terminal, an NFC communication is established between the terminal and the NFC SIM card contained in the handheld device of the user. The terminal can then communicate with the SIM card in order to read the ticket previously saved. The applet of the SIM then makes it possible to authenticate the user, only the SIM card of which has the private key corresponding to the public key contained in the ticket.

    [0088] The terminal (B) converses moreover with a “business” server (7) for verifying the tickets, which itself is linked to a server for verifying the signatures having the public key of the service provider (5) and verifies that the signature of the ticket (i.e. the signature by the service provider) is correct. These two servers are, according to this example, local servers. They can alternatively be located in the terminal itself or in a local network, or else in the wide area network.

    [0089] After the stage of receiving the ticket by NFC, followed by the stage of sending the random to the SIM card and of receiving this signed random, the NFC terminal awaits the response from the ticket verification stages carried out by the business server (6) and the signature verification server (7). The NFC terminal can include a graphics interface, not shown, which allows it to display information intended for the carrier of the handheld device. For example, a “state” part indicates the state of the verification: the display of the terminal indicates, in green, that the access is authorized, in gray, what the user must do and, in red, any error that has occurred. If the stage for verifying the signature of the random by the SIM card, followed by the stage for verifying the “business” fields of the ticket, followed by the stage for verifying the signature of the service provider are correctly validated by the servers, then the terminal responds positively to the request of the user, for example it opens a gate to allow the latter to pass.

    [0090] The terminal detects when the handheld device is no longer placed on the NFC reader, and can then start a new verification when a new device comes close to the NFC terminal.

    [0091] With reference to FIG. 2, a system comprises a device T suitable for communicating with a network (9) including a ticket provider, and a security element (C) suitable for being inserted into the device (T) and for communicating with a terminal (B) in order to validate an electronic ticket.

    [0092] The device T is, for example, a cellular phone or a PDA (meaning “Personal Digital Assistant”) or else a tablet.

    [0093] The device T conventionally comprises a processing unit, or “CPU” (meaning “Central Processing Unit”), intended to load instructions into a memory, to execute them, and to carry out operations; a memory assembly M, including a volatile memory, or “RAM” (meaning “Random Access Memory”) used to execute code instructions, store variables, etc., and a nonvolatile “ROM” (from the English “Read Only Memory”) or “EEPROM” (meaning

    [0094] “Electronically Erasable Programmable Read Only Memory”) memory for containing persistent data, used for example for storing the electronic tickets and the ticket management application APM.

    [0095] The device T further includes: [0096] a first communication module MC1 suitable for communicating with the security element C, via a first communication interface (I1). [0097] a second communication module MR, allowing a communication, via a communication network, with remote servers, for example with the ticket provider (5) which is located in the Internet network (9) accessible via the mobile network or on a cellular telephone network. It is by this means that the handheld device (T) particularly receives the application APM (application in the handheld) for managing the tickets (according to the example herein, for a concert), which application is loaded in a memory M of the handheld, and then the tickets. [0098] a third NFC contactless communication module (3), suitable for making the security element communicate with a remote piece of equipment via an NFC contactless link, for example the terminal B located close to the device T. The NFC contactless module is also suitable for conversing with the security element C, via a communication module MC2 and a second communication interface I2. It converses with the handheld device via an interface MC3. The NFC module conventionally includes an antenna suitable for sending and receiving messages having NFC radio modulation. The security element C is, for example, a UICC (meaning “Universal Integrated Circuit Card”) removable medium, also called a “SIM card”, a memory card hosting a secure element (SD card, Embedded Secure controller, etc.) or else a specific memory area of the device as in the context of the HCE standard defined above. The function of the security element C, commonly used for the mobile network authentication (the case of the SIM card), is, in addition to authenticating itself with the terminal, to store the information specific to the mobile subscriber (in this case called the user) and the processes which allow the equipment to be authenticated on the mobile network. To this end, it possesses the private key (K) of the user. It includes a first send-receive module MC1′ suitable for conversing with the device T via the first communication interface I1, a second send-receive module MC2′ suitable for communicating with the NFC module via the second communication interface I2.

    [0099] In this embodiment of the invention, the security element C is a SIM card and conventionally includes ROM memories M′ particularly containing the system for utilizing the security element and programs implementing the security mechanisms, including the authentication algorithm for the card, EEPROM memories permanently containing directories and data defined by the mobile standard (for example GSM, UMTS, etc.), the authentication key (K), or private key (of the user), and specific applications (APS) also called applets which run in a RAM memory. The applets are, for example, software programs using the “SIM Application Toolkit” protocols according to the ETSI 102.223 recommendation, which make it possible to control some functions of the cellular phone, for example to converse with the subscriber via the communication interface I1 between the SIM and the cellular phone T. FIG. 2 shows the security applet APS common to all of the electronic ticket services. It implements the ticket transiting/temporary storage functions, makes the ticket available for the reading via NFC and signs a random received by NFC. In order to communicate with the SIM card, the application on the handheld uses the SmartCard API according to the ETSI 102.221 recommendation. It makes it possible to open a communication channel with the applets of the SIM card in order to send data (for example the ticket) as packets. Once the communication has ended, the Android application closes the channel to allow other Android applications or NFC readers to interact with the applet of the SIM card.

    [0100] FIG. 3 shows the possible structure of an electronic ticket according to an embodiment of the invention.

    [0101] The electronic ticket is structured so as to be able to provide all of the information, or data, allowing the authentication of the user. It also contains information on the expiry date, the seat number, the name of the event, the date, etc., for a ticket for access to a concert hall. Each service provider structures its ticket such that it can be read by the mobile application APM which receives the tickets. It is possible to use, for example, an “identifier/value” coding system: the useful items of data are then preceded by an identifier and are separated from one another by separation data. The ticket (4) shown in FIG. 3 comprises the following fields of data: [0102] The subject of the ticket (M1) contains the name of the event, the number of the seat, the price, the date, etc. [0103] The validity time period (M2) contains the expiry date of the ticket. [0104] The dual-key reference (C1) contains the reference of the pair of keys of the user. The term “dual key” covers the assembly made up of the private key contained in the SIM card and of the public key corresponding to this private key. The private key is used by the SIM card in order to sign the random sent by the terminal (B); the corresponding public key is used by the terminal to verify this signature. Generally, all of the services use the same dual key, but sometimes services offered by large firms (for example transport companies) may have the intention of using a dual key that is specific thereto. This reference (C1) therefore informs the terminal of the dual key to be used. By virtue of this reference read in the ticket, the terminal (B) indicates to the SIM card which private key it must use in order to sign the random and which corresponding public key the terminal itself must use in order to verify the signature of the random. [0105] The SIM authentication algorithm reference (C2) is the reference of the algorithm which is associated with the pair of keys of the user (C1). Indeed, some firms may desire not only that the dual key is specific thereto, but also that the authentication algorithm is specific thereto. [0106] Advantageously, there is only a single private key in the SIM card and a single algorithm for all the services, which simplifies the SIM card, while preventing any service specificity in the card. [0107] The public key of the SIM card (C3) is the public key of the user according to the dual key reference (C1). [0108] The “ticket seller” identifier (S1) is the reference of the service provider who has sold and signed the ticket. [0109] The signature algorithm reference (S2) is the reference of the algorithm which is associated with the pair of keys of the seller. [0110] The signature (S3) is the signature obtained by signing the fields M1, M2, C1, C2, C3, S1 and S2. This signature is carried out by the service provider (ticket seller) before sending the ticket to the handheld of the user.

    [0111] FIG. 4 shows an operation sequence for the exchanges between the various entities of the invention.

    [0112] It is assumed in this case that the prerequisites for obtaining the ticket, which have already been described using FIG. 1, have been met during a step E0: the concert ticket (4) has been loaded onto the handheld of the user who wishes to pass through the terminal of the concert hall. A sequence of steps, which are clear for the user, is then carried out between the handheld (T), the NFC SIM card (C) and the terminal (B), the latter being shown at the top of FIG. 4.

    [0113] When the user approaches, during a step E1, the terminal (B), with his handheld (T) hosting the ticket, he selects on his mobile application the ticket (4) to be used. The ticket management application APM on the handheld sends the ticket, during a step E2, to the applet APS of the SIM card and the ticket is temporarily stored at the step E11 in a memory (M′) of the SIM card. This is a temporary storage prior to reading by the terminal (B). As is well known to a person skilled in the art, in order to be sure that the ticket is sent to the correct applet, the latter can be identified by an identification number (called AID). It is recalled in this case that the secure applet has no knowledge of, nor manages, the content of the ticket: it only temporarily stores the ticket which will be used.

    [0114] The applet of the SIM card verifies, during a step E12, that the ticket has indeed been received (loading the ticket can require several data packets), then optionally sends back a response confirming the receipt to the application APM for managing the ticket on the handheld, which receives it during a step E3 and can then request the user to present his phone to the access terminal.

    [0115] When the user is located sufficiently close to the terminal, the latter reads the ticket (E20) in the memory of the SIM card under the control of the NFC module (E13): the terminal B immerses the handheld device in an electromagnetic field coming from the NFC module thereof. When the emitted electromagnetic field is high enough to correctly power the NFC module of the SIM card, i.e. when the cellular phone is sufficiently close to the terminal that the NFC module of the SIM card is powered, a communication can be established using the NFC protocol between the two apparatuses. In particular, as illustrated by the bidirectional arrow under the ticket, the terminal can read the ticket in the memory of the NFC SIM. Such an NFC communication is well known to a person skilled in the art and will not therefore be described in further detail. It will be noted however that, during the reading and subsequent authentication stages, the flow of the data of the NFC session passes through a controller (CLF meaning ContactLess Frontend) of the NFC module, which redirects the data to the NFC SIM card via the SWP (Single Wire Protocol) protocol. The invention makes it possible to open a single session with the SIM card, via the interface I2, and none with the handheld.

    [0116] During a step E20, the terminal reads the key reference (C1) and the algorithm reference (C2) to be used at the SIM card for the signature of the random which will follow. Advantageously, there is only a single private key in the SIM card and a single signature algorithm for all of the services, which simplifies the SIM card, while preventing any specificity for the various services.

    [0117] During an authentication step E21, the terminal sends to the NFC SIM a randomly generated number, also called a random. The fact of having a different random number on each occasion makes it possible to prevent a person who has succeeded in recovering a signature of an old random number from being able to reuse it.

    [0118] The SIM card receives the random (A) during a step E14. During the step E15, the card signs it by using the private key thereof, and sends back the signed random S{A} to the terminal. In order to sign the random number, the applet uses cryptographic libraries of the SIM card which are well known to a person skilled in the art. It will be noted that only the SIM card of the user of the handheld device possesses this key, which means that the user is subjected to strong authentication by virtue of this signature.

    [0119] The terminal receives the signature S{A} during the step E22 and then verifies (E23), using the public key of the user, that it read in the ticket, that the signature of this random number has indeed been produced with the private key of the user. If the step E23 fails, the process stops and the terminal does not give access to the service.

    [0120] When the SIM card of the user is correctly authenticated, the terminal verifies, during the step E24, the validity date of the ticket: if it is incorrect, the process stops and the terminal does not give access to the service.

    [0121] When the user is correctly authenticated (via his SIM card) and the date is valid, the terminal sends, during a step E24, the “business” fields of the ticket (M1, M2: name of the concert, date, seat number, etc.) to the business server (6). The business server verifies (E30) that the business fields are correct. If they are incorrect, the process stops and the terminal does not give access to the service.

    [0122] The business server has the signature (S3) of the ticket verified (step E31) by the server (7) for verifying the signatures, since the server (7) has the public key of the service provider that has signed the ticket. If the signature of the ticket is valid, the business server sends to the terminal (E32) its agreement in order to authorize the user to access the service, i.e., in this case, enter the hall. The terminal opens the frame (E25) and the user can go in.

    [0123] If the signature is not correct at the end of the step E31, the process stops and the terminal does not give access to the service.

    [0124] Once the user has entered, the ticket can be unloaded from the memory of the SIM card (E16). According to a first example, the SIM card only contains one ticket at a time (in-transit ticket); a new ticket (of concert 2) replaces the ticket of concert 1 in the SIM: when the user selects ticket 2, it is transmitted to the SIM which deletes ticket 1, and the same applies for the following tickets. Therefore, this prevents the memory of the handheld from being needlessly overloaded. Alternatively, a command is sent by the management application on the handheld (APM) to the applet (APS) of the SIM card (E4).

    [0125] It will be noted that, even when the battery of the handheld device is on the point of being drained, the invention can nevertheless deliver the service to the user. For example, according to a variant of the invention, when the battery reaches a critical threshold, the ticket with the earliest expiry date can be selected and therefore stored in the SIM card. Thus, even if the battery of the handheld is drained when the user presents the handheld to the terminal, the latter will be able to recover the ticket stored in the SIM card by powering it via the NFC electromagnetic field.

    [0126] Other variants for automatically selecting the ticket when the battery threshold is reached can be envisaged: selection of the last ticket looked at by the user, selection depending on the data relating to the validity duration of the ticket, selection depending on the environment (giving priority to a subway ticket if the user is close to a station), etc. Moreover, it is possible to store no longer only one, but a few tickets in the SIM card.

    [0127] Of course, the embodiment which has been described above has been given in a purely indicative manner that is in no way limiting, and many modifications can be easily implemented by a person skilled in the art without however departing from the scope of the invention.