mCITYPASS: Privacy-Preserving Secure Access to Federated Touristic Services with Mobile Devices

Destination cards are offered in many cities to provide tourists a simple and integrated way to access interest points and public transport. In the one hand, these systems, called citypasses, are usually inefficiently implemented on smartcards. In the other hand, existing e-ticketing proposals are general purpose systems or created for its application to transport services and they are not adapted to the requirements of a citypass system. In this paper we present an electronic ticketing system intended to be used for touristic services. Our proposal is the first one that can be implemented on portable devices, such as smartphones, and is flexible enough to include reusable and non-reusable services in the same citypass. The system has been designed taking into account all the security and privacy requirements described for electronic tickets, including the challenging ones (exculpability, reusability and unsplittability) obtaining a very secure and powerful system. The dispute resolution protocol assures that all the parts are protected against other part's attacks. Finally, the system allows the user to use the system anonymously, so the privacy of the system is assured.