This blog post will cover what I learnt yesterday. I Started with the part 0 of the ITSO TS 1000 Specification.
Integrated Transport Smartcard Organisation(ITSO) TS 1000-0(Version 2.1.3)
Definition.
The aim of the organisation is to provide a platform and toolbox for interoperable contactless customer media, public transport ticketing and related Services in the UK in a manner which offers end to end loss-less data.
It has been kept as open as possible within the evolving national, european and international standards in order to maximize co-operation in order to maximize competition in the supply of systems and components.
Customer Media (CM)
Refers to the electronic platform used by the passenger to store the ticketing products. Currently most ITSO scheme implementations use smartcard as the platform for CM.
Requirements of a Customer Media
A customer Media (CM) can be anything but must support a Contactless Power and Data interface that complies with the relevant parts of ISO/IEC 14443. The CM must be an ISO/IEC 14443 card i.e. must comply with the relevant parts of ISO/IEC 14443 standard.
Any of the card types of the ISO/IEC 14443 standard is supported as long as the relevant parts of the standard are supported.
The CM-to-POST interface is a critical!! Of course it is. The ITSO Standard defines the following attributes for the CM-TO-POST interface for each supported platform.
· Physical
· Power Transfer mechanism
· Data Layout
· Data Access and Security
· Benchmark Transaction times
For each platform of a CM e.g. a smartcard, mobile phones or PDAs, the ITSO TS 1000-10 defines the corresponding attributes of the CM-TO-POST interface. This definition is referred to as the Customer Media Definition (CMD). This CMD covers all the defined attributes of the platform including the physical form factor and the data layout.
Since platforms with different physical form factor can have the same data layout, the Format Version Code (FVC) is used to make the distinction during the verification of the platform. The FVC is stored as part of the ITSO Data on the CM. The Point of Sale Terminal (POST) can read the FVC code and determine which data processing rules to apply.
Platform types for which a CMD has not been defined in the ITSO TS 1000-10 document are not supported and can therefore not be supported and/or certified.
Customer Media Definitions (CMD)
A CMD record for a platform defines the following main things
1. Data Structures
One of the main functions of the customer Media Definitions is to map the logical ITSO data structures to the physical electronic storage provided by the media..lalalalalalalala
Obviously in some cases this will involve mapping the data structure defined by the ITSO to the Physical bits and bytes of the platform (e.g. if this is on a memory card) where as in other cases, it will be mapped to the logical storage elements provided by the media (e.g. on a processor based platform with an operating system and a file storage system)
2. Commands
Another function of the CMD is to define the COMMANDS required to access the data on the chosen platform. The ISO/IEC 14443 standard, which defines the various types of cards, defines that cards that are certified to be ISO/IEC 14443 compliant should allow for the use of proprietary commands under certain circumstances and POSTs must be capable of supporting each command for the platform that use them.
3. Security
A number of mechanisms are used to ensure media security including
a. Use of anti-tear mechanisms to protect the integrity of the data in situations where the media is removed from the POST’s RF field before the required data is written (NOT SURE..lol)
b. ISAM generated seals are used to ensure authenticity of the data
c. Use of Media Access Keys to control write access to the CM and hence protect the integrity of the Data.
d. Use of fixed number that is unique to the CM to make key and seals media instance specific
4. Transaction Timing
The longer the transaction time, the higher the risk of the CM being removed prematurely before data update is complete. For each CMD, the ITSO TS 1000-10 defines a benchmark transaction together with the maximum time that is allowed to carry out a transaction
5. Classes of Media
The CMD groups CM platforms into two.
a. Full ITSO shell CM platforms
b. Compact ITSO Shell Platforms
Differences between Full and Compact ITSO Shells
FULL ITSO SHELL PLATFORM
| COMPACT ITSO SHELL PLATFORM
|
May host a number of ITSO ticketing products concurrently
| Hosts only a single ITSO ticketing product at any one time
|
Capable of Cyclic Logs into which transient tickets may be placed
| Not capable of hosting a cyclic log
|
|
|