It is time for open-loopOpen-loop ticketing allows fare payments with Visa, Mastercard, etc. cards. UniTiAg unlocks non-card-based open-loop ticketing tools, e.g., direct banking, e-wallets, crypto, etc. More ticketing to shift from using contactless bank cards (in any form factor) as the means of card-present payments for transportation. It is time to embrace smartphones and wearables with authentication methods that are completely free of PCI DSS scope and the card-present transaction regulations imposed by payment schemes.
This evolution is driven by two undeniable realities: global smartphone ubiquity and the dominance of social platforms like Telegram.
UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More is currently the only Open-LoopOpen-loop ticketing allows fare payments with Visa, Mastercard, etc. cards. UniTiAg unlocks non-card-based open-loop ticketing tools, e.g., direct banking, e-wallets, crypto, etc. More model that fully aligns with this paradigm. We invite ticketing vendors, their customers—transit operators—and online marketplaces to brainstorm this approach with us and start piloting. Let’s make Open LoopOpen-loop ticketing allows fare payments with Visa, Mastercard, etc. cards. UniTiAg unlocks non-card-based open-loop ticketing tools, e.g., direct banking, e-wallets, crypto, etc. More affordable for even small cities and convenient for their people.
For this, we created several DEMO apps that implement cEMV-like and QR Code flows. These apps are integrated with AmuzeBuy – a DEMO TSMPAn online marketplace comprising two categories of customers: (A) online shoppers—e-wallet holders with cards or cash, and service receivers; (B) online merchants, sellers, and service providers. Examples include Amazon, Walmart, Uber, and many others. More – which is integrated with UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More. You can download and try the following DEMO aps:
- AmuzeRide Transit for Android. It implements the cEMV-like and QR flows.
- AmuzeRide Transit for iOS. It implements only the QR flow, as Apple restricts NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More host card emulation usage.
- Bye-Bye Cards for Android. It implements the cEMV-Like and QR flows. Whereas AmuzeBuy Transit is integrated with AmuzeBuy web application directly, Bye-Bye-Cards is integrated with AmuzeBuy Telegram’s WebApp.
The above apps demonstrate how CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token is used in UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More Open-LoopOpen-loop ticketing allows fare payments with Visa, Mastercard, etc. cards. UniTiAg unlocks non-card-based open-loop ticketing tools, e.g., direct banking, e-wallets, crypto, etc. More ticketing model. Similar apps can be implemented by any TSMPAn online marketplace comprising two categories of customers: (A) online shoppers—e-wallet holders with cards or cash, and service receivers; (B) online merchants, sellers, and service providers. Examples include Amazon, Walmart, Uber, and many others. More participating in UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More.
The TSMPAn online marketplace comprising two categories of customers: (A) online shoppers—e-wallet holders with cards or cash, and service receivers; (B) online merchants, sellers, and service providers. Examples include Amazon, Walmart, Uber, and many others. More is responsible for generating its unique CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token, according to the TSMPAn online marketplace comprising two categories of customers: (A) online shoppers—e-wallet holders with cards or cash, and service receivers; (B) online merchants, sellers, and service providers. Examples include Amazon, Walmart, Uber, and many others. More APIApplication Programming Interface More, and managing its CA Public certificate. UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More maps the PKIPublic Key Infrastructure is a framework of cryptographic technologies, policies, and services that enables secure authentication by managing digital certificates and public-private key pairs. More Public Key certificate X.500 “O” (organization name) to participating TSMPsAn online marketplace comprising two categories of customers: (A) online shoppers—e-wallet holders with cards or cash, and service receivers; (B) online merchants, sellers, and service providers. Examples include Amazon, Walmart, Uber, and many others. More.
cEMV-like Example
The following is an example of a cEMV-like session between a validator’s NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More card reader and a CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More that is a smartphone.
The app AID does not represent a payment EMVA protocol used by payments smart cards and points of sales for execution of payments transactions. application. In UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More, there is no any payment-related or personal data exchange in the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More communication with the ValidatorsValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More.
We designed our cEMV-like protocol for seamless implementation on the existing cEMVContactless EMV More card readers. This example demonstrates that the proposed card reader logic is already implemented in regular cEMVContactless EMV More card readers. This approach makes it easier for ticketing system vendors to integrate with UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More, and it fully exempts TAsA transit operator or an agency representing several transit operators. In our model, the TA is a seller of their services on an online marketplace. More from the complexity of PCI DSSPayment Card Industry Data Security Standards. and payment scheme regulatory obligations such as EMVA protocol used by payments smart cards and points of sales for execution of payments transactions. Level 3.
During the cEMV-like session, the app emulates a cEMVContactless EMV More card. The ‘card” presents the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token to the card reader and proves its authenticity using a simplified cEMVContactless EMV More approach, similar to the standard EMVA protocol used by payments smart cards and points of sales for execution of payments transactions. offline data authenticationOffline Data Authentication. A process for ensuring that the contactless instrument presented to the Validator is genuine. More .
The entire NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More session time takes around 200 msec or less on the modern smartphones. Let’s walk through it step-by-step.
The APDU request/response trace is obtained with app NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More EMVA protocol used by payments smart cards and points of sales for execution of payments transactions. Explorer which can be installed from Google Play Store here.
Step 1: Select PPSE 2PAY.SYS.DDF01
This step is implemented for the compatibility purposes. It is not mandatory because the card reader knows exactly which AID to select in the next step. If this step is executed the smartphone’s operating system may direct the NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More session to an app with a higher priority, e.g. a Wallet.
APDU Request/Response Trace:
Select PPSE APDU Request: 00a404000e325041592e5359532e444446303100
Transceive Time=31 msec. SW1/SW2=9000.
Response content:
6f FCI Template, length=41
84 Dedicated File Name, length=14
"2PAY.SYS.DDF01"
a5 FCI Proprietary Template, length=23
bf0c FCI Issuer Discretionary Data, length=20
61 Directory Entry, length=18
4f ADF Name, length=7
f5633545180001
50 Application Label, length=7
"UNITIAG"
---- End of Response Content.
|
Tag 4F comprises the AID of the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token app
Step 2: Select ADF
The card reader selects Application Data File for the AID F5633545180001.
APDU Request/Response Trace:
==== Select ADF APDU REQUEST: 00a4040007f563354518000100.
Transceive Time=15 msec. SW1/SW2=9000.
Response content:
6f FCI Template, length=49
84 Dedicated File Name, length=7
f5633545180001
a5 FCI Proprietary Template, length=38
50 Application Label, length=7
"UNITIAG"
9f38 PDOL, length=8
9f1c089f37049a03
df01, length=15
73084de18d15f9ac4734662814d4bb
---- End of Response Content.
|
In tag 9F38, the “card” requests from the card reader 9F1C (Terminal ID, 8 bytes), 9F37 (Unpredictable Number, 4 bytes), and 9A (Transaction Date, 3 bytes). In tag DF01, the “card” presents the 15 byte-long CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token.
At this point, the validatorValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More can initiate a parallel process to look up the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token in the validator’s OTRBOpen-to-Ride Balance is an e-wallet monetary value for ticketing purposes, associated with a contactless token, shared between Transit Agencies. It can be pre-authorized, prepaid, postpaid, or a combination of thereof. More list (don’t forget to re-encode the binary value on DF01 to Base64-encoded string), and continue with CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token offline data validation (next steps).
Step 3. Get Processing Option
On this step, the card reader presents the data objects requested in the PDOL which the “card” signs with its private key and returns the Signed Dynamic Application Data.
APDU Request/Response Trace:
==== GPO APDU REQUEST: 80a8000011830f30303132303031325cb0b6f725122000
Transceive Time=34 msec. SW1/SW2=9000.
Response content:
77 Response Message Template Format 2, length=73
94 Application File Locator, length=4
08010202
9f4b Signed Dynamic Application Data, length=64
7f54 ... db
---- End of Response Content.
|
Tag 94 points to file 1, records 1 and 2. The card reader obtains these records on the next step and uses them for Offline Data AuthenticationOffline Data Authentication. A process for ensuring that the contactless instrument presented to the Validator is genuine. More.
Step 4. Read Records
The terminal reads two records specified in the AFL tag . The records comprise the public key X.509 certificate issued by the TSMP’s Certification Authority. This is the last step of the NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More session.
APDU Request/Response Trace:
==== Read Record 1 in file 1 APDU REQUEST: 00b2010c00.
Transceive Time=44 msec. SW1/SW2=9000.
Response content:
70 Read Record Response Message Template, length=244
9f46 ICC Public Key Certificate, length=240
3082 ... d718
---- End of Response Content.
==== Read Record 2 in file 1 APDU REQUEST: 00b2010c00.
Transceive Time=36 msec. SW1/SW2=9000.
Response content:
70 Read Record Response Message Template, length=190
9f48 ICC Public Key Remainder, length=186
0a56 ... a8c4
---- End of Response Content.
|
Step 5. Offline Data Authentication
Upon finishing the NFCNear-Field Communications, a protocol used for data exchange between contactless cards and readers. More session, using the ICC Public Key, the PDOL data, the Signed Dynamic Application Data, and the well-known Certificate Authority public X.509 certificate, the card reader completes offline data authenticationOffline Data Authentication. A process for ensuring that the contactless instrument presented to the Validator is genuine. More.
The card reader also compares the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token obtained in Select ADF stage, tag DF01 with ICC Public Key Certificate component Certificate Name “CN’. The latter also presents the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token encoded as a 30 char-long string of hexadecimal digits. In this case it must be “CN=73084DE18D15F9AC4734662814D4BB”
More about Bye-Bye Cards and its integration with Telegram Web App – in our blog.
QR Code Example
Overview
Symbology & Physical Layer
- Standard: ISO/IEC 18004 (QR Code Model 2).
- Encoding Mode: 8-bit Byte Mode (Binary).
- Note to Integrators: The payload must be treated as a raw byte stream. Do not attempt to decode as UTF-8 or ASCII text, as this will corrupt the cryptographic signature.
- Error Correction Level: Level M (approx. 15% recovery) recommended for reader reliability under poor lighting/glass conditions.
- Minimum Module Size: 20 mils (0.5mm) recommended for optical scanners.
Data Link Layer (Payload Structure)
- The payload is a Proprietary TLV (Tag-Length-Value) binary stream. The structure allows for variable-length fields and forward compatibility (validatorsValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More should ignore unknown tags).
- Endianness: Big-Endian (Network Byte Order).
TLV Field Definition Table
| Field | Value (Hex) | Interpretation |
|---|---|---|
| Version | 01 | Protocol Version 1 |
| Tag: AID | 02 | |
| Length | 07 | |
| AID Value | F5633545180001 | AID |
| Tag: Label | 03 | |
| Length | 07 | |
| Label Value | 55 4E 49 54 49 41 47 | ASCII Text: “UNITIAG” |
| Tag: | 04 | |
| Length | 0F | 15 bytes |
| CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token | 73084DE18D15F9AC4734662814D4BB | CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token value |
| Tag: | 05 | |
| Length | 08 | |
| Timestamp | 0000019BDBD024F5 | In Unix Format |
| Tag: | FF | |
| Length | 47 | 71 bytes |
| Signature | 30450220…02CAA | ECDSA Signature (ASN.1 DER format) of CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token concatenated with the timestamp |
Offline Data Authentication
The ValidatorValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More verifies the signature of CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token concatenated with the timestamp tag.
The validatorValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More must retrieve the ICC Public Key Certificate component from the OTRBOpen-to-Ride Balance is an e-wallet monetary value for ticketing purposes, associated with a contactless token, shared between Transit Agencies. It can be pre-authorized, prepaid, postpaid, or a combination of thereof. More table (targeted replica) received in TANBA Transit Agency API that gives access to a Transit Agency Ticketing System to its targeted OTRB data replica at the Regional UniTiAg Host. More APIApplication Programming Interface More call “sync OTRBOpen-to-Ride Balance is an e-wallet monetary value for ticketing purposes, associated with a contactless token, shared between Transit Agencies. It can be pre-authorized, prepaid, postpaid, or a combination of thereof. More”.
The certificate Name “CN’ presents the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More Token encoded as a 30 char-long string of hexadecimal digits. In this case it must be “CN=73084DE18D15F9AC4734662814D4BB”
The app generates the QR code on the user request and displays the QR code for a short period of time or until the screen is locked. Each newly displayed QR code has a new timestamp. Respectively, the ValidatorValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More should decline expired QR codes.
UniTiAg cEMV Transit Validator
Android App UniTiAg Demo Transit Validator emulates a transit validatorValidator is a device with contactless card reader, registering card taps and validating access to the transit services. It is not a point of sale in UniTiAg model. More, using UniTiAgUniversal Ticketing Agent is a model of open-loop public transit ticketing using card-not-present transactions for fare acquiring. More TAA transit operator or an agency representing several transit operators. In our model, the TA is a seller of their services on an online marketplace. More APIApplication Programming Interface More and TANBA Transit Agency API that gives access to a Transit Agency Ticketing System to its targeted OTRB data replica at the Regional UniTiAg Host. More APIApplication Programming Interface More. The app “understands” the CRDContactless Rider Device that presents credentials to the Validator proving the rider’s right to access transit services, e.g. cEMV card, a smartphone, etc. More token presented by the app via the cEMVContactless EMV More channel as well as standard cEMVContactless EMV More cards.