Introduction to ITSO April 2015
Introduction to ITSO ITSO is an open Specification which belongs to the Crown. ITSO Limited is the guardian of this Specification All transport providers can use the same, open, Specification so that their ticketing systems speak the same language - interoperable In theory, you could use just one smart card as an ‘electronic wallet’ for tickets for your end-to-end journey. Member transport operators and transport authorities are licensed to use ITSO to enable smart ticketing for concessionary and commercial travel. The smartcard might be called Pop, StagecoachSmart, Swift or ‘the key’, but the Specification behind it is ITSO.
What does ITSO Limited do? Provides the ITSO Security Management Service (ISMS) – the ‘keeper of the keys’ Tests and certifies equipment to ensure it complies with the Specification Supports and advises members and suppliers on setting up ITSO-compliant smart ticketing schemes Liaises with members, government and the industry – both in the UK and Europe – to ensure the Specification is fit for purpose and future-proofed
The ITSO Ltd team
Timelines 1995 – First EMV standard for bank cards [Non-ITSO] December 1998 – First pre-ITSO meeting January 2000 – Version 1.0 of ITSO Specification 2002 – Cheshire Travelcard introduced 2003 limited [non-ITSO] Oyster use after 10 years in development February 2010 – Version of ITSO Specification December 2010 – ITSO Part 11 Remote Download December 2012 – EMV introduced on London buses
Where is ITSO now? At the heart of concessionary travel in England, Scotland and Wales (42,000 buses, of which 9,000 are in London) At the heart of many commercial ticketing schemes on-bus, train, tram, ferry, hovercraft and even steam trains. Big Five multi-operator smart ticketing will be ITSO- compliant Specified for most current and all future national rail franchises – SEFT and STN ITSO chairs the Smart Ticketing Alliance in Europe which is pushing transport ticketing interoperability One size does not fit all - ITSO works alongside other technologies, such as EMV, but also cash
Who are ITSO’s Members?
c2c Smart on rail Cheshire Travelcard Citycard – Nottingham Iff - Cardiff MCard - West Yorkshire mygetmethere – Manchester Oxford SmartZone Passport – Newport Pop card - Tyne and Wear SimplyGo - Reading SolentGo – South Hampshire StagecoachSmart including rail Swift – West Midlands the key card – Go-Ahead including rail Touch Card – First Bus in Bristol TravelMaster - South Yorkshire Walrus - Merseyside Some of the ITSO schemes around the UK
Some numbers … 8.3 billion passenger journeys on public transport in UK in 2013/14 - DfTDfT 1.1 billion rail journeys, nearly 70% on SEFT operators 9.7 million ENCTS passholders in England alone making more than 1 billion trips a year – mostly smart We don’t get stats from all of our members but here are a few: Stagecoach: More than 240 million smart transactions a year on ITSO based systems – StagecoachSmart (including concessionary travel) Stagecoach Go-Ahead: 43.8 million ‘the key’ transactions a year (not including concessionary travel) Go-Ahead ACT: 1.25 billion digital transactions a year through their HOPS – most of these are ITSO-based ticketing transactio ns ACT
ISMS activity As of end January 2015: Around 80 different HOPS processing ITSO transactions in the UK 87.2k active ISAMs 1.2k Active products / IPEs (inc 341 concessionary and companion products) 381 Active CMDs
Certification As of 13 March 2015, the following number of products have valid ITSO Certificates: Customer Media: 40 POSTs: 86 PersoPOST: 30 Remote POST: 8 HOPS: 13
ITSO scheme components - terminology CMCustomer Media (deliberately not just a smartcard) ITSO ShellThe ITSO “wallet” on a CM CMDCustomer Media Definition (defining a type of CM) IPEITSO Product Entity (deliberately not just a ticket) POSTPoint Of Service Terminal Perso-POSTPersonalistion POST (can add a Shell to a CM) ISAMITSO Secure Application Module HSAMHOPS ISAM ISMSITSO Security Management Service HOPSHost Operator or Processing System NB: A dictionary is available at
ITSO Specification - History The ITSO Specification is an open Specification which belongs to the Crown ITSO Ltd maintains and publishes the Specification under licence from the Department for Transport (DfT) The Specification has now been in existence for 15 years, undergoing 7 revisions and the addition of Remote POST functionality:
ITSO Specification - Components The ITSO Specification is officially entitled ITSO TS 1000 Split into 12 component parts: Part 0: “Concept & Context” Gives a general overview of the Specification Part 1: “General reference” Contains definitions of ITSO terms, data types, location types Part 2: “Customer media data structure” Defines the ITSO Shell and data storage within Part 3: “Terminals” Defines the requirements for a POST in the ITSO environment
ITSO Specification – Components (continued) Part 4: “HOPS” Defines the requirements for a HOPS in the ITSO environment Part 5: “Customer media data record definitions” Defines IPEs and their structures Part 6: “Message data” Defines the ITSO message types, elements & data structures Part 7: “ITSO Security Subsystem” Defines the security system in the ITSO environment Part 8: “ITSO Secure Application Module detailed operation” Details the commands for use with ISAMs/HSAMs and their behaviour, as well as ISAM file contents
ITSO Specification – Components (continued) Part 9: “Communications” Defines data transmission formats, lossless data transfer, VPN requirements, general communications in the ITSO environment Part 10: “Customer media definitions” Defines all CM structures and commands Part 11: “Remote POST” Defines the requirements for a Remote POST in the ITSO environment Quite a complex set of documents, with a lot of cross-referencing required. All (except Part 8) freely available on the ITSO website at:
ITSO Specification – Supplemental information In addition to the formal Specification, there are various types of supplemental documents: Developer Guidance Guidance on various subjects to assist suppliers in developing to the Specification Temporary Reference Guide Documents the message structures to/from the ISMS Frequently Asked Questions (FAQs) Generally taken from Technical Support questions Operational Guidance Coming soon - a new type of document giving more operational, rather than technical, guidance All available in the members/registered suppliers areas of the ITSO website
ITSO Specification - Current version ITSO currently supports version of the ITSO Specification and test products against that specification – however some products still have certificates for previous versions New functionality (LOG1 usage, new IPE/message formats, etc.) introduced in later Specification versions isn’t compatible with previous versions, so consideration needs to be given to equipment levels in a scheme. The large degree of flexibility allowed by the Specification can cause problems, but there seems to be an appetite to change this. The Specification isn’t perfect, but we’re working on it (there’s a lot to do!).
ITSO Specification – How to make changes In brief: Suggestions for changes to the Specification can be made by any ITSO member (NB: for the supplier sector, the requester must be a supplier member, not a registered supplier) The suggestion is made to the ITSO Technical Committee, where the suggestion is reviewed for its technical and operational merits. If the suggestion is approved, it is written into a Technical Note, which requires membership consultation before being ratified by the ITSO Board and the DfT. Can be a long, complex process!
There is a need for a Specification refresh to incorporate new technologies, encryption methods and corrections to identified issues (pending Technical Notes). Need for widespread adoption of latest Specification versions to assist in interoperability However, scheme owners are understandably wary that new versions might involve costs in upgrading their systems ISAM H3 is in development, will give us the ability to support AES Mobile world – a project is underway to investigate the feasibility of using Host Card Emulation (HCE) on smartphones. This is where a smartphone could be used for downloading & storing ITSO ticketing products. ITSO Specification – the future
ITSO Security fundamentals The ITSO system is highly secure, and our goal is to maintain the high level of security Regular ITSO Security Committee meetings chaired by independent security and cryptology expert Fred Piper, Royal Holloway University London The security is subject to regular independent assessment and evaluation, including regular penetration testing
ITSO Security fundamentals The scheme is largely based on symmetric security, for which Triple DES is used Asymmetric security is largely used as a means of protecting symmetric keys in transport Transactional data needs to be protected from change and so such details are sealed (with a MAC) using Triple DES In addition to the messaging security ITSO also uses SSL/TLS to protect the HOPS-HOPS traffic
Testing & Certification Provided for different devices types: CMD; POST; PersoPOST; Remote POSTs and HOPS POSTs can be certified according to categories defined by their usage and the sectors in which they operate HOPS are subdivided into Collection & Forwarding, Shell Accounting, Product Accounting and Asset Management Services functions (although now all HOPS provide for all such functions)
Certificates Suppliers must be a Registered Supplier or Supplier Member to have devices tested and certified Licensed members (operators) also have an obligation to ensure that they use only devices tested and certified by ITSO ITSO certificates last for seven years from issue, after which the device must either be represented for re-certification under the latest Specification version or withdrawn from use All devices certified under ITSO Specifications 2.1 and have already expired, and devices certified under will expire most this year, with a few in 2016
ITSO Test tools ITSO Test tools are provided by Clear2Pay, and use Micropross hardware ITSO test tools are available for any ITSO member to purchase (under licence) ITSO also provides some basic tools (ISAM Reader tool and Card Checker tool) for members, which are distributed free of charge but require a contact/contactless card reader
Interoperability testing Definition according to IEEE 90: “The ability of two or more systems or components to exchange information and to use the information that has been exchanged.” A copy of all devices tested must be lodged with ITSO for inclusion within the ITSO Interoperability Warehouse ITSO certifies a Product’s Compliance with the ITSO Specification and validates its Interoperability with other products through their interfaces A device is compliant with the standard as determined by a series of tests, and is then shown to be interoperable with other devices that meet the same standard
Our Interoperability Warehouse in Milton Keynes – we test for compliance with Specification, but not with business rules and configuration
Benchmark testing Benchmark Transaction Time Testing is required to evaluate the speed of media and Products in the field Transportation demands fast transaction times and the Benchmark Transaction Time Tests are designed to replicate likely scenarios of simple and complex transactions for each type of Media and POST Benchmark Testing is not carried out on Personalisation POSTs, Remote POSTs and HOPS.
Testing & Certification - Process Supplier submits details of device to be tested Scope of tests based on device type and functionality Supplier representation encouraged through testing sessions ITSO test scripts made available to suppliers Self testing by suppliers encouraged prior to testing commencement at ITSO
Smart Media
How to join the ITSO community You can become: An ITSO Member – full ITSO membership means helping determine the Specification and the working of ITSO Limited through consultation and voting rights An ITSO Licensed Operator – as above but also with the ability to run ITSO-certified smart ticketing schemes An ITSO Registered Supplier – can be a member or not. You will have had your smart ticketing equipment tested and certified by ITSO as being compliant with the ITSO Specification Contact Relationship Manager Kim Clarke on
ITSO fees and prices – see full schedulesee full schedule
How to contact ITSO Kim Clarke Relationship Manager ITSO Limited Deltic Avenue Milton Keynes MK13 8LW Tel: Fax: Website: