CODEL: The Key To Digital Certainty

• 2: Home
• 3: News
• 4: People
• 5: Register
  • 5.1: Change Password
  • 5.2: Forgotten Password
• 9: Verify Item
• 10: Compliance
• 11: Applications
  • 11.1: Financial Services
  • 11.2: Webform Authentication
  • 11.3: Government
    • 11.3.1: National Identity Cards
  • 11.4: Legal
    • 11.4.1: Legal Copyright
    • 11.4.2: Anti-Counterfeiting Legal Action
  • 11.5: Software
  • 11.6: Music
  • 11.7: Pharmaceutical
  • 11.8: Supply Chain Visibility
    • 11.8.1: Validation Reference Length
  • 11.9: Anti-Counterfeiting
    • 11.9.1: Ticket Copying
    • 11.9.2: Retail Voucher
    • 11.9.3: VR Tests
  • 11.10: Digital Imaging
• 12: Products
  • 12.1: Codel Bible
  • 12.3: Codel Email
  • 12.4: Codel E-Wills
  • 12.5: Anti-Counterfeit Software
• 13: Partners
  • 13.1: List
  • 13.2: Partner Programme
  • 13.3: Marketing Materials
• 14: Technical
  • 14.1: Security
  • 14.2: Data Storage
  • 14.3: Glossary
  • 14.4: Hash & Hashing
    • 14.4.1: Hash Change
    • 14.4.2: Hash Table
    • 14.4.3: Master Document Hash
    • 14.4.4: Hash Publication in the Financial Times
    • 14.4.5: SHA 256 Hashing Algorithm
  • 14.5: Audit Trail Protection
    • 14.5.1: Local Data Audit Policy
• 16: Contact
• 18: White Papers

Ticket Copying

The Ticket Problem

We'll examine the Ticket problem in the context of an airline ticket, though the same logic would apply for theatre tickets, concerts or sports events etc.

The key requirements for Ticket distribution are to ensure that a given ticket is authentic, only used once and that only the authorised user of the ticket is able to use it. The risks that arise from forged tickets range from simple commercial loss to terrorist threat.

The first concern can be tackled by testing for Uniqueness.

The Content may also be important, if not for security reasons then for contractual purposes. For example, an airline ticket should spell out clearly the number and departure time of the flight the passenger is booked on, perhaps together with standard conditions like the need to check in well ahead of the departure. If this content is wrong and, as a result, the passenger misses their flight, they may well have a legal claim against the airline. If, on the other hand, the passenger fails to turn up on time and the airline can prove that appropriate instructions were indeed included in the ticket content, then the airline is protected.

The issue of document Origin is primarily an issue for the buyer rather than seller. The "author" of an airline ticket can easily check their own records to establish that they created a given ticket. The buyer on the other hand might require some proof of origin - particularly if they've bought the ticket from someone other than its purported author.

Finally, it would be rather useful to be able to prove the Transfer of Ownership in the sense of binding the ticket to the passenger.

The Codel Solution

The requirement for uniqueness is identical to the Validation References we describe in the context of the anti-counterfeiting protocol and most of the issues are discussed in those areas. Whatever else is on the ticket, its VR will ensure both that the ticket can only be used once and that only someone with the right name can use it. (although it doesn't prove, on its own, that the ticket holder is that person - just that they are claiming to be).

Next comes the question of Content. The difficulty of protecting content on a printed ticket is that you can't create a hash of the printed document for comparison to the Codel record.

There are a couple of potential solutions to that problem. One, relatively expensive, option is to store the content either magnetically (like traditional Credit Cards) or digitally like more modern Credit Cards and Smart Cards generally. A reader at the ticket station would then extract the content data, create the hash and perform the standard Codel validation at the same time as the VR check. The human agent could also check visually that the digital content matched the printed content.

This would work but it is an expensive option. One time smart cards are not an economically viable option - yet. Magnetic stripes might be cost effective but may not have the reliability we would need. Even if "only" 0.1% failed at the check in, that would equate to around 80 extremely irate airline passengers being turned away every day at Heathrow and about 500 a day across the world. The industry would not easily survive the resulting bad publicity.

Codel offers an alternative based on a combination of our own VR, our protected audit trail and novel idea patented in 1995 by a company called Abathorn.

Essentially we print the content, including its VR, as normal. Then, in a one centimetre square we print it again using a 2 dimensional barcode. The 2d barcode of the text on this page (up to this point) looks something like this:

There are several key advantages to this approach.

First, the barcode is machine readable and, if it can be read at all, its error correction algorithms ensure that it will always produce the same result. That result can be hashed and the hash can be stored by Codel for remote validation. The VR will have its own standard barcode which can be read, hashed and validated at the same time. As a result, the ticket checking agent is now certain that both the VR and the 2D barcode are valid, registered on the Codel database and have not previously been used.

Second, because the entire content of the ticket can be retrieved from the barcode, and, with appropriate scanners, the ticket can be read at the same time as the barcode is scanned; OCR software can convert the scanned plaintext into digital text and the result can be compared with the content retrieved from the barcode.

Abathorn have written software which compares the two and presents the "document" on screen with any differences highlighted. The human agent can quickly decide if the differences are substantive (eg the name is wrong) or trivial (eg the scanner has failed to pick up a hyphen at the end of a line). So now we know that the printed content of the ticket matches the 2D barcode which has already been validated and linked to the VR.

We have now proved Content and Uniqueness. With Uniqueness, we've also established its Status (Used or Unused). Now we address proof of origin - who created the ticket?

The third advantage of the 2d barcode helps with proof of origin. The barcode can be encrypted. If we do that using the ticket issuer's private key then although anyone can read it - using the ticket issuer's public key - no one else could have generated it; a further substantial obstacle to forgery and satisfactory proof of origin.

However, the take up of Public Key Cryptography has not been as widespread as its promoters had hoped. Fortunately, Codel can achieve the same assurance without the aid of PK. But only through the Fourth advantage of 2d barcodes.

Because the security of the tickets is bound up in their VR and 2D barcodes, we can distribute the tickets as digital files and allow ticket holders to print them at home or office on plain paper.

What this means is that - if the digital tickets are distributed using either PK or Codel's email validation protocol (or both) - the buyer of the ticket can be absolutely certain of the origin of the ticket.

Simultaneously, of course, the seller can now be equally certain that the correct buyer has received the ticket - proving Transfer of Ownership.