A Privacy Enhancing Service Architecture for Ticket-based Mobile Applications

Abstract

Network operators gradually open their interfaces to formerly hidden services. This fosters the development of a new class of mobile applications that take into account user's location and presence information. However, this development also raises problems especially the lack of protection of privacy in location-based services. This paper proposes a service architecture that is aimed at overcoming some of the shortages of currently existing context-aware applications that make use of network providers services as well as existing mobile payment systems. We therefore introduce the combination of tickets together with a novel privacy enhancing mechanism that is based on the notion of pseudonyms. Compared to other privacy enhancing solutions our pseudonym mechanism can also be implemented on mobile devices that have some restrictions regarding resources like memory or processing power. Due to their flexibility tickets can be used for many different kinds of applications. One important aspect in this respect is the highly postulated pay-as-you-go model. We give an example of a transport ticket application and explain the message interaction patterns for the basic functionalities of the systems, regarding aspects like data and privacy protection. This example further shows how 3rd party application providers can build meaningful mobile applications that are accepted by users