April 2015

 ITSO is an open Specification which belongs to the Crown.
ITSO Limited is the guardian of this Specification
 All transport providers can use the same, open, Specification so that their ticketing systems speak the same language interoperable
 In theory, you could use just one smart card as an ‘electronic wallet’ for tickets for your end-to-end journey.
 Member transport operators and transport authorities are licensed to use ITSO to enable smart ticketing for concessionary and commercial travel.
 The smartcard might be called Pop, StagecoachSmart, Swift or ‘the key’, but the Specification behind it is ITSO.

 Provides the ITSO Security Management
Service (ISMS) – the ‘keeper of the keys’
 Tests and certifies equipment to ensure it complies with the Specification
 Supports and advises members and suppliers on setting up ITSO-compliant smart ticketing schemes
 Liaises with members, government and the industry – both in the UK and Europe – to ensure the Specification is fit for purpose and future-proofed

 1995 – First EMV standard for bank cards [Non-ITSO]
 December 1998 – First pre-ITSO meeting
 January 2000 – Version 1.0 of ITSO Specification
 2002 – Cheshire Travelcard introduced
 2003 limited [non-ITSO] Oyster use after 10 years in development
 February 2010 – Version 2.1.4 of ITSO Specification
 December 2010 – ITSO Part 11 Remote Download
 December 2012 – EMV introduced on London buses

 At the heart of concessionary travel in England, Scotland and Wales (42,000 buses, of which 9,000 are in London)
 At the heart of many commercial ticketing schemes on-bus, train, tram, ferry, hovercraft and even steam trains.
 Big Five multi-operator smart ticketing will be ITSOcompliant
 Specified for most current and all future national rail franchises – SEFT and STN
 ITSO chairs the Smart Ticketing Alliance in Europe which is pushing transport ticketing interoperability
 One size does not fit all - ITSO works alongside other technologies, such as EMV, but also cash

 c2c Smart on rail

Cheshire Travelcard

Citycard – Nottingham

Iff - Cardiff

MCard - West Yorkshire
 mygetmethere – Manchester

Oxford SmartZone

Passport – Newport

Pop card - Tyne and Wear

SimplyGo - Reading

SolentGo – South Hampshire

StagecoachSmart including rail

Swift – West Midlands
 the key card – Go-Ahead including rail

Touch Card – First Bus in Bristol

TravelMaster - South Yorkshire

Walrus - Merseyside

 8.3 billion passenger journeys on public transport in UK in 2013/14 DfT
 1.1 billion rail journeys, nearly 70% on SEFT operators
 9.7 million ENCTS passholders in England alone making more than 1 billion trips a year – mostly smart
 We don’t get stats from all of our members but here are a few:
 Stagecoach : More than 240 million smart transactions a year on ITSO based systems – StagecoachSmart (including concessionary travel)
 Go-Ahead : 43.8 million ‘the key’ transactions a year (not including concessionary travel)
 ACT : 1.25 billion digital transactions a year through their HOPS – most of these are ITSO-based ticketing transactio ns

As of end January 2015:
 Around 80 different HOPS processing ITSO transactions in the UK
 87.2k active ISAMs
 1.2k Active products / IPEs (inc 341 concessionary and companion products)
 381 Active CMDs

As of 13 March 2015, the following number of products have valid
ITSO Certificates:
 Customer Media: 40
 POSTs: 86
 PersoPOST: 30
 Remote POST: 8
 HOPS: 13

 CM Customer Media (deliberately not just a smartcard)
 ITSO Shell The ITSO “wallet” on a CM
 CMD
 IPE
 POST
Customer Media Definition (defining a type of CM)
ITSO Product Entity (deliberately not just a ticket)
Point Of Service Terminal
 Perso-POST Personalistion POST (can add a Shell to a CM)
 ISAM ITSO Secure Application Module
 HSAM
 ISMS
 HOPS
HOPS ISAM
ITSO Security Management Service
Host Operator or Processing System
NB: A dictionary is available at http://www.itso.org.uk/about-us/what-itso-does/itso-dictionary

 The ITSO Specification is an open Specification which belongs to the Crown
 ITSO Ltd maintains and publishes the Specification under licence from the Department for Transport (DfT)
 The Specification has now been in existence for 15 years, undergoing 7 revisions and the addition of
Remote POST functionality:

 The ITSO Specification is officially entitled ITSO TS 1000
 Split into 12 component parts:
 Part 0: “Concept & Context”
Gives a general overview of the Specification
 Part 1: “General reference”
Contains definitions of ITSO terms, data types, location types
 Part 2: “Customer media data structure”
Defines the ITSO Shell and data storage within
 Part 3: “Terminals”
Defines the requirements for a POST in the ITSO environment

 Part 4: “HOPS”
Defines the requirements for a HOPS in the ITSO environment
 Part 5 : “Customer media data record definitions”
Defines IPEs and their structures
 Part 6 : “Message data”
Defines the ITSO message types, elements & data structures
 Part 7 : “ITSO Security Subsystem”
Defines the security system in the ITSO environment
 Part 8: “ITSO Secure Application Module detailed operation”
Details the commands for use with ISAMs/HSAMs and their behaviour, as well as ISAM file contents

 Part 9 : “Communications”
Defines data transmission formats, lossless data transfer, VPN requirements, general communications in the ITSO environment
 Part 10 : “Customer media definitions”
Defines all CM structures and commands
 Part 11 : “Remote POST”
Defines the requirements for a Remote POST in the ITSO environment
Quite a complex set of documents, with a lot of cross-referencing required. All (except Part 8) freely available on the ITSO website at: http://www.itso.org.uk/the-specification/specification-resources/publicly-available-specification

In addition to the formal Specification, there are various types of supplemental documents:
 Developer Guidance
Guidance on various subjects to assist suppliers in developing to the Specification
 Temporary Reference Guide
Documents the message structures to/from the ISMS
 Frequently Asked Questions (FAQs)
Generally taken from Technical Support questions
 Operational Guidance
Coming soon - a new type of document giving more operational, rather than technical, guidance
All available in the members/registered suppliers areas of the ITSO website

 ITSO currently supports version 2.1.4 of the ITSO Specification and test products against that specification
– however some products still have certificates for previous versions
 New functionality (LOG1 usage, new IPE/message formats, etc.) introduced in later Specification versions isn’t compatible with previous versions, so consideration needs to be given to equipment levels in a scheme.
 The large degree of flexibility allowed by the Specification can cause problems, but there seems to be an appetite to change this.
 The Specification isn’t perfect, but we’re working on it (there’s a lot to do!).

In brief:
 Suggestions for changes to the Specification can be made by any ITSO member (NB: for the supplier sector, the requester must be a supplier member, not a registered supplier)
 The suggestion is made to the ITSO Technical
Committee, where the suggestion is reviewed for its technical and operational merits. If the suggestion is approved, it is written into a Technical Note, which requires membership consultation before being ratified by the ITSO Board and the DfT.
 Can be a long, complex process!

 There is a need for a Specification refresh to incorporate new technologies, encryption methods and corrections to identified issues (pending Technical Notes).
 Need for widespread adoption of latest Specification versions to assist in interoperability
 However, scheme owners are understandably wary that new versions might involve costs in upgrading their systems
 ISAM H3 is in development, will give us the ability to support AES
 Mobile world – a project is underway to investigate the feasibility of using Host Card Emulation (HCE) on smartphones. This is where a smartphone could be used for downloading & storing ITSO ticketing products.

• The ITSO system is highly secure, and our goal is to maintain the high level of security
• Regular ITSO Security Committee meetings chaired by independent security and cryptology expert Fred Piper,
Royal Holloway University London
• The security is subject to regular independent assessment and evaluation, including regular penetration testing

•
The scheme is largely based on symmetric security, for which Triple DES is used
•
Asymmetric security is largely used as a means of protecting symmetric keys in transport
•
Transactional data needs to be protected from change and so such details are sealed (with a MAC) using
Triple DES
•
In addition to the messaging security ITSO also uses
SSL/TLS to protect the HOPS-HOPS traffic

•
Provided for different devices types: CMD; POST;
PersoPOST; Remote POSTs and HOPS
•
POSTs can be certified according to categories defined by their usage and the sectors in which they operate
•
HOPS are subdivided into Collection & Forwarding,
Shell Accounting, Product Accounting and Asset
Management Services functions (although now all
HOPS provide for all such functions)

•
Suppliers must be a Registered Supplier or Supplier Member to have devices tested and certified
•
Licensed members (operators) also have an obligation to ensure that they use only devices tested and certified by ITSO
•
ITSO certificates last for seven years from issue, after which the device must either be represented for re-certification under the latest Specification version or withdrawn from use
•
All devices certified under ITSO Specifications 2.1 and 2.1.1 have already expired, and devices certified under 2.1.2 will expire most this year, with a few in 2016

•
ITSO Test tools are provided by
Clear2Pay, and use Micropross hardware
•
ITSO test tools are available for any
ITSO member to purchase (under licence)
•
ITSO also provides some basic tools
(ISAM Reader tool and Card Checker tool) for members, which are distributed free of charge but require a contact/contactless card reader

•
Definition according to IEEE 90: “The ability of two or more systems or components to exchange information and to use the information that has been exchanged.”
•
A copy of all devices tested must be lodged with ITSO for inclusion within the ITSO Interoperability Warehouse
•
ITSO certifies a Product’s Compliance with the ITSO
Specification and validates its Interoperability with other products through their interfaces
•
A device is compliant with the standard as determined by a series of tests, and is then shown to be interoperable with other devices that meet the same standard

Our Interoperability Warehouse in Milton Keynes – we test for compliance with Specification, but not with business rules and configuration

•
Benchmark Transaction Time Testing is required to evaluate the speed of media and Products in the field
•
Transportation demands fast transaction times and the Benchmark Transaction Time Tests are designed to replicate likely scenarios of simple and complex transactions for each type of Media and POST
•
Benchmark Testing is not carried out on
Personalisation POSTs, Remote POSTs and HOPS.

•
Supplier submits details of device to be tested
•
Scope of tests based on device type and functionality
•
Supplier representation encouraged through testing sessions
•
ITSO test scripts made available to suppliers
•
Self testing by suppliers encouraged prior to testing commencement at ITSO

You can become:
 An ITSO Member – full ITSO membership means helping determine the Specification and the working of ITSO Limited through consultation and voting rights
 An ITSO Licensed Operator – as above but also with the ability to run ITSO-certified smart ticketing schemes
 An ITSO Registered Supplier – can be a member or not. You will have had your smart ticketing equipment tested and certified by ITSO as being compliant with the ITSO
Specification
 Contact Relationship Manager Kim Clarke on 01908 255485 email kim.clarke@itso.org.uk

Kim Clarke
Relationship Manager
ITSO Limited
Deltic Avenue
Milton Keynes
MK13 8LW
Tel: 01908 255485
Fax: 01908 255450
Email: kim.clarke@itso.org.uk
Website: www.itso.org.uk