Abstract
Near Field Communication (NFC) is a radio frequency (RF) based proximity coupling technology allowing transactions within a range of up to 10 cm. Using NFC technology for transactions like payment or ticketing in the real world brings a great benefit in terms of time savings, usability and process optimization. Therefore we propose an e-ticketing system making use of this proximity technology especially focusing on security aspects of the system as well as the distribution of the tickets.
While other systems rely on ticket distribution via SMS or home-printing a paper ticket, our approach is based on a browser plug-in in combination with a contactless RFID reader at the client side. This installation is used to transfer the e-ticket from a ticket server to the user’s PC client and to write the ticket over the proximity interface into the secure element of the NFC target. Thus an NFC target, a contactless smartcard or an NFC enabled mobile phone, can be used as a secure token. With this implementation we are able to bridge the gap between electronic internet transactions and the physical world in a secure way. Also the validation of the ticket at the point-of-access is based on this contactless technology. Our findings provide practical implications to implement web applications using NFC technology successfully.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
International Organization for Standardization: Near Field Communication - Interface and Protocol (NFCIP-1). ISO/IEC 18092 (2004)
Madlmayr, G., Ecker, J., Langer, J., Scharinger, J.: Near field communication: State of standardization. In: Michahelles, F. (ed.) Proceedings of the International Conference on the Internet of Things 2008, ETH Zürich, vol. 1(1), p. 6 (03 2008)
ABI Research: Near Field Communications (NFC) - Leveraging Contactless for Mobile Payments, Content and Access. Research Report (01 2007) Report Code: RR-NFC
Kunkat, H.: NFC und seine Pluspunkte. Electronic Wireless 01, 4–8 (2005)
International Organization for Standardization: Proximity cards. ISO/IEC 14443 (2003)
Hancke, G.P.: A Practical Relay Attack on ISO 14443 Proximity Cards. Technical report, University of Cambridge Computer Laboratory (2005), http://www.cl.cam.ac.uk/~gh275/relay.pdf
Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in first-generation RFID-enabled credit cards. In: FC 2007, vol. 11, pp. 1–22 (2007)
Stroh, S., Schneiderbauer, D., Amling, S., Kreft, C.: Next Generation eTicketing, 1st edn. Booz Allen Hamilton (01 2007)
Transport for London: The oyster card (02 2008) (last visited, 02/27/2008), http://www.tfl.gov.uk/
Xu, H., Teo, H.H., Wang, H.: Foundations of SMS commerce success: lessons from SMS messaging and co-opetition. HICSS, 90 (01 2003)
Mallat, N., Rossi, M., Tuunainen, V.K., rni, A.: The impact of use situation and mobility on the acceptance of mobile ticketing services. HICSS 2, 42b (2006)
Mobile Electronic Transactions Ltd. Keilalahdentie 2-4, 02150 Finnland: MeT White Paper on Mobile Ticketing. 1.0 edn. (01 2003)
Zmijewska, A.: Evaluating Wireless Technologies in Mobile Payments - A Customer Centric Approach. In: Proceedings of the International Conference on Mobile Business (ICMB 2005), USA, vol. 04, pp. 354–362. IEEE Computer Society, Los Alamitos (2005)
Atkinson, J.: Contactless Credit Cards Consumer Report 2006 (04 2006), http://www.findcreditcards.org/
Aigner, M., Dominikus, S., Feldhofer, M.: A System of Secure Virtual Coupons Using NFC Technology. PerComW 5, 362–366 (2007)
Giesecke and Devrient Munich, Germany: White Paper: Bearer Independent Protocol (BIP). 1.0 edn. (2006)
Bishwajit, C., Juha, R.: Mobile Device Security Element. Mobey Forum, Satamaradankatu 3 B, 3rd floor 00020 Nordea, Helsinki/Finland (02 2005)
Feng, B., Anantharaman, L., Deng, R.: Design of portable mobile devices based e-payment system and e-ticketing system with digital signature. ICII 6, 7–12 (11 2001)
GSMA London Office 1st Floor, Mid City Place, 71 High Holborn, London WC1V 6EA, United Kingdom: mobile NFC technical guidelines. 2.0 edn. (04 2007) 1st Revision
SmartTrust Inc.: Whitepaper - Mobile Authentication. Revision: B edn. (02 2004) BD 04-0041
Su, S.L., Garg, H.: Designing SMS applications for public transport service system in Singapore. ICCS 2, 706–710 (2002)
Noll, J., Calvet, J.C.L., Myksvoll, K.: Admittance Services through Mobile Phone Short Messages. ICWMC 1, 77 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Madlmayr, G., Kleebauer, P., Langer, J., Scharinger, J. (2008). Secure Communication between Web Browsers and NFC Targets by the Example of an e-Ticketing System. In: Psaila, G., Wagner, R. (eds) E-Commerce and Web Technologies. EC-Web 2008. Lecture Notes in Computer Science, vol 5183. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85717-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-85717-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85716-7
Online ISBN: 978-3-540-85717-4
eBook Packages: Computer ScienceComputer Science (R0)