Category: Public Sector and NGO

Would you use the NHSX app?

7th May 20207th May 2020by Steve PanniferLeave a comment

I listened with interest to yesterday’s parliamentary committee on the proposed NHSX contact tracing app, which is being trialled on the Isle of Wight from today. You can see the recording here.

Much of the discussion concerned the decision to follow a centralised approach, in contrast to several other countries such as Germany, Switzerland and Ireland. Two key concerns were raised:

1. Can a centralised system be privacy respecting?
Of course the answer to this question is yes, but it depends on how data is collected and stored. Cryptographic techniques such as differential privacy are designed to allow data to be de-indentified so that is can be analysed anonymously (e.g. for medical research) for example, although there was no suggestion that NHSX is actually doing this.

The precise details of the NHSX app are not clear at this stage but it seems that the approach will involve identifiers being shared between mobile devices when they come into close proximity. These identifiers will then be uploaded to a central service to support studying the epidemiology of COVID-19 and to facilitate notifying people who may be at risk, having been in close proximity to an infected person. Whilst the stated intention is for those identifiers to be anonymous, the parliamentary debate clearly showed there a number of ways that the identifiers could become more identifiable over time. Because the identifiers are persistent they are likely to only be pseudonymous at best.

By way of contrast, a large team of academics has developed an approach called DP-3T, which apparently has influenced designs in Germany and elsewhere. It uses ephemeral (short-lived) identifiers. The approach is not fully decentralised however. When a user reports that they have COVID-19 symptoms, the list of ephemeral identifiers that user’s device has received, when coming into close proximity to other devices, is shared via a centralised service. In fact, they are broadcast to every device in the system so that risk decisioning is made at the edges not in the middle. This means that no central database of identifiers is needed (but presumably there will be database of registered devices).

It also means there will be less scope for epidemiological research.

All of this is way beyond the understanding of most people, including those tasked with providing parliamentary scrutiny. So how can the average person on the street or the average peer in Westminster be confident in the NHSX app? Well apparently the NHSX app is going to be open sourced and that probably is going to be our greatest protection. That will mean you won’t need to rely on what NHSX says but inevitably there will be universities, hackers, enthusiasts and others lining up to pick it apart.

2. Can a centralised system interoperate with the decentralised systems in other countries to allow cross border contact tracing?
It seems to us that whether a system is centralised or not is a gross simplification of the potential interoperability issues. True, the primary issue does seem to be the way that identifiers are generated, shared and used in risk decisioning. For cross border contact tracing to be possible there will need to be alignment on a whole range of other things including technical standards, legal requirements and perhaps even, dare I say it, liability. Of course, if the DP-3T model is adopted by many countries then it could become the de facto standard, in which case that could leave the NHSX app isolated.

Will the NHSX app be an effective tool to help us get back to normal? This will depend entirely on how widely it is adopted, which in turn will require people to see that the benefits outweigh the costs. That’s a value exchange calculation that most people will not be able to make. How can they make a value judgment on the potential risks to their civil liberties of such a system? The average user is probably more likely to notice the impact on their phone’s battery life or when their Bluetooth headphones stop working.

There’s a lot more that could be said and I’ll be discussing the topic further with Edgar Whitley, Nicky Hickman and Justin Gage on Thursday during our weekly webinar.

Rail usage up, so what?

19th June 20197th August 2020by John ElliottLeave a comment

The Office of Rail and Road (ORR) has just made a quarterly statistical release for Passenger Rail Usage. So what?

There are relevant economic and social trends to which public-sector bodies must respond with transport policies:

Circa 60% of the UK population lives in cities. Congestion is a real problem which in turn leads to increased pollution and reduced air quality.
As a population, we travel substantially less today than we did one or two decades ago.
We are travelling less by car and more by train and bike. Fewer of us are getting driving licences, and we are getting them much later in our lives.

A key response to these trends is to try to drive modal shift from privately owned cars to mobility as a service (MaaS). Rail is a key mode in MaaS solutions, and Rail, in the UK, is undergoing a root and branch review which was announced by Chris Grayling and the Department for Transport in September 2018. Keith Williams is leading the review, supported by an expert panel. Amongst other things, it will look at the structure of the whole rail industry, regional partnerships and improving value for money for passengers and taxpayers. Any emerging reform plans will be implemented from 2020.

One can imagine that there are many problems to be addressed as part of this review and that fares and ticketing might not get much of a look in. However, the ‘value for money for passengers and taxpayers’ part seems significant.

In a February meeting with DfT about the future of fare collection and transport payments, Consult Hyperion was asked to respond to the recent Rail PAYG Consultation covering:

what a Pay-As-You-Go (PAYG) travel area is, and how it would work in general
where a PAYG travel area could cover
the changes to fares that could be made within the area

The consultation ran from February to the end of April 2019 and now the Department for Transport is considering the responses.

In the context of this activity, the ORR statistical release makes perhaps more interesting reading than it otherwise would have done.

“Passenger journeys using ordinary tickets increased by 5.0% in 2018-19 compared to the previous year. This was driven by a 6.9% growth in anytime tickets. In contrast, the number of passenger journeys made using season tickets fell for the third consecutive year, down 0.4%. Market share of season ticket journeys was 36% in 2018-19, down from 48% a decade ago.”

These would seem like exactly the right market conditions for introducing PAYG on rail beyond London. Today’s passengers cannot easily predict their journeys in advance, but would like to be rewarded for frequency of travel; which, by choosing Rail, will help meet social and environmental goals. Granted, PAYG is not well suited to long-distance Rail if ticket prices are high, but there are many train journeys that are in the right price bracket.

In time, it would seem desirable to phase out season tickets. Ticketing should be tailored to the increasingly flexible patterns of work: perhaps for a specified number of days per month or the use of digital carnet tickets (to be enabled prior to departure). It would seem that smartphone apps are ideal for handling this.

Flexibility is also required within each day. Passengers travelling out in off peak times frequently don’t know until they start their return journey whether it will be peak or off-peak. In addition, designations of peak and off-peak are complex, localised and require further study.

A PAYG solution which focuses primarily on the gate line may limit subsequent progress. Mobile ticketing has an important role to play. It provides the means to offer a variety of ticket types on a single device and is comparatively easily updated. It also offers much greater flexibility for passengers travelling from unmanned stations, where gate lines don’t generally feature, and ticket machines are frequently vandalized. Another benefit of mobile ticketing is the quality of travel data that can be collected (while respecting passenger privacy).

We have recently been advising three UK Sub-national Transport Bodies (STBs) and recently facilitated a transport operator workshop to discuss options for fare collection and transport payments. The thing that the operators seemed most excited about was PAYG. The kind where customers just turn up and travel without having to worry about the tariffs in advance and trusting that they will be charged a fair price. Inevitably, the discussions dipped into which technologies are good at this and which are bad, but the fact remains, they are clear what their customers want and truly believe that by giving them what they want, they will receive increased ridership in return.

Clearly, this is what Transport for London already provides and their offering is slowly extending out from London into the SE region, for example to Gatwick Airport. However, the open-payment-based PAYG models (using contactless bank cards) are limited in the amounts up to which fares can be aggregated before payment is taken. This is for reasons of risk of payment for the journey never being received, but it also makes sense from the point of view of the customer who does not want to travel on trains all day not knowing how many hundreds of pounds they will be charged at the end and they also want to benefit from any available capping of fares.

What is needed is flexibility. Open-loop transit payments are better than conventional card-based transport cards for travelling within cities. As we have said before, open-loop transit payment suffers from the passenger identifier (their bank card) being tightly coupled to just one of their payment mechanisms (one of their bank accounts). We have been exploring other mobile-based solutions with the Rail Delivery Group (RDG) recently and are hopeful that such customer-centric alternatives will emerge soon.

If you’re interested in finding out more, please contact: sales@chyp.com

Integration, that’s what you need

24th September 20187th August 2020by John Elliott3 Comments

I’m pleased to be chairing a new working group in the DfT-sponsored Transport Card Forum (TCF). I’ll be reporting on progress to date at the annual two-day TCF event, TCF18, in Manchester in a couple of days’ time.

The new working group, WG27, is in search of a title. But first, let me explain what the objectives are.

There is clearly a desire to move towards progressively more integrated transport. Ideally, all forms of mobility would be working in concert: public and private modes available either on demand or timetabled to join seamlessly to ensure that passengers can get where they want when without the need for retaining their expensive and polluting personal cars. Whether or not this end goal is fully achievable, there will be many ‘baby-steps’ to take along the way.

The working group’s objective is to consider the impact that this migration towards better integration will have. The idea is that we will consider this from the strategic, commercial and technical angles. After six months or so, the intention is that the WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

The reason Consult Hyperion is interested in being involved in this WG is because we believe that Mobility as a Service (MaaS) is the ‘direction of travel’ for the transport sector. We’ve been doing a lot of thinking about MaaS recently and have started working with our first MaaS-Provider client. It feels like something genuinely new and exciting. And it is interesting because no-one knows how it is going to turn out.

At the same time, the world of payments if having a bit of a shake up with the emergence of Open Banking. Watch this space for a White Paper from Chyp in the next few weeks giving our view on how MaaS payments will be done in the future.

The WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

Now, this got me thinking: what integration and what stakeholders?

At the WG kick-off meeting at our offices in Guildford, I proposed that we define the work packages to consider the problem from the four different stakeholder groups that are emerging industry work on MaaS:

Customer: The passengers themselves who need to get from ‘A’ to ‘B’.
Mobility aggregator (a.k.a MaaS Provider): Organisations that offers mobility services to passengers in a convenient way by aggregating the transport operator and data provider offerings and provide the digital platform that allows passengers to conveniently plan, pay for and make their journeys.
Data Provider: Organisations that aggregate relevant data from transport operators and other sources.
Transport Operator & Local Transport Authority: The public and private organisations that actually operate the transport modes.

So far, we have 15 volunteers to be contributors in the WG. More discussion is needed, but I am expecting that at least four work packages will emerge based on the above segmentation and the volunteers will work in the ones best suited to their skills and experience. There may be additional work packages added if we see the need for overarching subjects to be tackled by the WG such as data privacy and standards.

We are keen to know if there are more volunteers out there interested in contributing.

But what about the WG title, I hear you say? Well, the placeholder name for the group is ‘the end-to-end journey’. Suggestions for the group name are welcome. My favourite so far is ‘Weapons of MaaS Integration’.

Crossing continents for knowledge sharing

13th November 20177th August 2020by John ElliottLeave a comment

Chyp believes that collaboration and knowledge sharing across markets can help the advancement of the industry and this is particularly true in transport ticketing. For example, we have found that our work for TfL with a large population and high journey count is not all directly applicable to smaller countries who cannot make such significant investments in infrastructure to serve small populations.

Recently, we have been working for MMRDA in Mumbai, India. While the environment is very different in some respect, compared to the UK, they have large passenger numbers and administer a system that makes extensive use of private transport operators, two factors similar to Transport for the North (TfN).

Sharing knowledge not only helps speed to market of deployments but creates a trusted environment and one with credibility. MMRDA asked Chyp to facilitate meetings for them in the UK with transport operators and suppliers in order that they could learn from those who have done it before or are planning to deliver a similar project. The result was a tour of the UK starting in London and taking in Transport for the North. The picture above shows the meeting which was held in Leeds and included presentations from:

Transport for the North

Alastair Richards (Director Integrated and Smart Travel (IST))
Jo Tansley Thomas (Programme Manager (IST))
John Elliott (ABT Back Office Requirements Team Lead (Consult Hyperion))

MMRDA

Ashish Chandra (PWC India)

Partnerships are hard to form. We hope that MMRDA will benefit from the organisations they met and their sharing in experience planning and deploying ABT in complex environments in the UK, remembering that differences can be as important to learn as similarities.

Password security

18th October 2017by Consult Hyperion1 Comment

The publication by NIST of an updated version of its digital identity guidelines marks a significant change in its approach to identity management. It highlights the importance of implementing digital identity in context, with three different elements replacing the previously monolithic Level of Assurance. These Levels are the Identity Assurance Level for identity proofing, the Authenticator Assurance Level for authentication and the Federation Assurance Level for use in a federated environment. Criteria for each Assurance type run from Level 1 to Level 3. This is intended to provide greater flexibility in implementation, for example combining pseudonymity with strong authentication for privacy purposes. Although optional, federation is positively encouraged for reasons of user experience, cost and privacy.

Risk management features prominently in the guidelines, with risk assessments used to determine appropriate identity choices according to system requirements. Although the requirements are technology agnostic, they are prescriptive regarding the assurance levels required for particular purposes. One area in which the guidelines are particularly refreshing is in their approach to passwords. Drawing on research into passwords exposed during data breaches, the use of unwieldy complexity rules is discouraged. Instead, it is suggested that users should be allowed to make passwords as long as they wish, encouraging the use of pass phrases and excluding very short passwords.

Faced with restrictive rules, many users will select predictable passwords which just meet the system requirements but are easily guessed. It is suggested that passwords should be checked against a blacklist of obvious choices and known compromised passwords, to filter these out. Randomly-generated secrets are therefore preferred to user-generated secrets.

The guidelines also highlight the importance of usability, supporting the use of password managers and only requiring passwords to be changed when there is evidence of compromise. There is some flexibility regarding displaying passwords on screen, depending on the context. In order to maintain an adequate level of security, a mechanism for limiting the number of possible failed authentication attempts is required.

This new, more person-centric approach from NIST follows on from UK government guidance published by GCHQ in 2016, advising ‘dramatic simplification’ of password management policies. This guidance also focused on achieving security by implementing processes which are easier for people to follow and therefore less susceptible to being undermined by users attempting to take short cuts through the system.

CHYP’s involvement in research has highlighted for us the difference between the way people say they behave and how they actually behave online. This kind of performativity may take the form of people describing how careful they are online (perhaps repeating recent official advice), while doing something conflicting on screen even as they are speaking. A similar effect can be seen when comparing figures produced from a user survey by the Gambling Commission, to usage statistics reported by gambling companies. The companies are able to draw statistics directly from their systems, while the survey figures are composed of gamblers’ reporting of their own behaviour. These discrepancies highlight the importance of observation when developing policies based on user behaviour.

It is encouraging to see a more effective approach to combination of privacy, security and usability in Identity Management being promoted at the highest levels. Even in local hospitals, it is now common to see screens showing simply ‘tap your pass or enter your passphrase’, where previously unpredictable processes were in place. Organisations such as FIDO have done a great deal to promote standardisation.

For a standalone organisation to adopt the new NIST rules would seem both positive and achieveable. They are in any case intended to be used within the US government. However, where organisations are already working in partnership and have existing legacy agreements regarding security requirements, it may be necessary to revisit these and agree a new set of password rules to replace existing, outdated approaches. Standardisation and education can go a long way towards supporting this process, although for larger organisations and those with multiple partners, it may take longer.

Publications such as ‘Why Johnny can’t encrypt’ and ‘Users are not the enemy’ have long been recognised for highlighting enduring issues with implementing security software. While education is important, attempts to fundamentally change people will inevitably fail, resulting in escalating support costs and unpredictable security risks. People are simply not equipped to adjust that quickly. In comparison, machines are generally designed by people and comparatively easily modified. Even with the advent of AI, machines are likely to remain reasonably malleable.

Where most user interaction involves people and machines, security tends also to involve mathematics. The NIST guidelines prescribe the use of appropriate cryptography at every stage. This is essential to securing the system but does not of itself guarantee that the system will remain secure. Appropriate system design and implementation are crucial to ensuring secure operations. This is exemplified by the recent flaw discovered in the WPA2 WiFi protocol. A mathematical proof is available for the security of the protocol but there is a vulnerability in the key management, which is not covered by the proof.

As in any system, a mathematical proof has to be ‘situated’ to be useful. Effective risk modelling will take into account the wider context of the system, focusing in on the most critical areas for greater attention. This process may have to be revisited over time, as the surrounding environment evolves. The increasing interconnectedness of the Internet of Things will require greater attention to disconnection technologies to preserve system integrity over time.

AMLD4.1, AMLD5 or 5AMLD?

5th July 2017by Consult HyperionLeave a comment

I recently came across a statistic that surprised me.

Approximately 50% of new bank accounts are opened by customers that have recently arrived in the UK to work or study.

http://www.openidentityexchange.org/wp-content/uploads/2016/10/Digital-Identity-Across-Borders-FINAL-Feb2016-2.pdf

I had wrongly assumed that the majority of new bank accounts openings in the UK would be from students just about to go off to University, like my son, and that migration whilst high (as the media keeps telling us) would still be a minority. But based on some back-of-the-envelope calculations it appears that the 50% number is about right.

As the OIX report above points out, these new arrivals in the UK are very difficult to perform KYC (“Know Your Customer”) on due to the lack of data. They have no history in the UK. This is exactly where eIDAS should be able to step in. For example, a person arriving from France should be able to use their French government-issued eID as one piece of evidence to help meet KYC requirements. The proposed new AML legislation – the amendment to the fourth AML directive – which I have seen referred to as AMLD4.1, AMLD5 and 5AMLD, explicits call out to eIDAS as a potential solution.

There are however some issues with this:

Firstly, to become part of the eIDAS scheme, governments have to “notify” their eIDs into the scheme. To date only Germany has done so.

Secondly, eIDAS provides a switching infrastructure that makes all eIDs interoperable but initially this will only available to the public sector. If a private sector organisation, such as a bank, wishes to leverage an eID it will need to find another way to access or read it.

Thirdly, the mobile channel is becoming increasingly important with banks needing to be able to onboard customers directly in that channel, as well as performing identification and verification of existing customers when provisioning a mobile app. Several of the existing eIDs are smart-card based. These will only be readable by phones if the cards themselves are contactless (which many of them are). They will not however be readable on iPhones, even with the limited opening up of the NFC interface expected in iOS11.

There is clearly therefore a need for some alternative mobile based technology. Fortunately such technology exists in the form of mobile document and selfie capture and verification. One of the vendors in this space, Mitek, kindly commissioned Consult Hyperion to write a paper on this very topic which I had the privilege of presenting at Money2020 last week. You can download the paper here:

Account-based ticketing workshops

18th December 2016by Consult Hyperion2 Comments

We’ve been having a lot of fun in recent months leading workshops for transport operators about account-based ticketing. Sharing our recent experience with clients such as the UK’s Transport for London (TfL) and Transport for the North (TfN), Hungary’s BKK, New Zealand’s NZTTL, Belgium’s De Lijn and Stockholm’s Storstockholms Lokaltrafik (SL) and Singapore’s LTA.

The workshops are designed to help transport operators who are new to account-based ticketing understand the issues and options, including how Open-Loop bank cards can be blended with existing smart ticketing. A typical agenda covers the following subjects:

Trends

Customer propositions should drive everything
Smart ticketing trends
Technology roadmap
Benefits of ABT and Open-Loop

Architecture

Basic architecture overview
Generic architecture
Open loop vs closed loop (the back office)
Providing for the unbanked

Open-Loop solutions

Open loop implementatons in other countries
The 4-party model for payments
Transit Transaction Models (’Models 1-3’)
Transit Charging Framework (generic, global)

Compliance

EMV
PCI DSS
Working with a QSA

Our latest workshop was sponsored by Mastercard and hosted by Swedbank in Riga, Latvia, and had an audience of 40 including:

Transport operators
Government bodies
Industry suppliers
Media

We are looking forward to leading more similar workshops in 2017 across Europe.

Riga workshop sponsored by Mastercard and hosted by Swedbank.

Discussing a 'strawman' solution for Riga's needs. — Discussing a ‘strawman’ solution for Riga’s needs.

‘Secure enough’ mobile ticketing

29th June 2016by Consult HyperionLeave a comment

We’ve been working with ITSO on how to implement ‘ITSO with HCE’ since January 2015. In January 2016 we presented at Transport Ticketing in London about the work that we had done to date and this was also summarised in an article in the BCS ITNow magazine.

We have since produced a Functional specification for how ITSO with HCE will work in Phase 1. In addition we have produced minimum security requirements that will have to be met by ITSO with HCE implementations. Currently we are helping ITSO determine how ITSO with HCE implementations will be tested and certified by ITSO to ensure that they are secure enough to be allowed to be used on live ITSO schemes.

We continue to work with ITSO on moving ITSO with HCE forward. Here is the latest from ITSO about plans to pilot ITSO with HCE on a live ITSO scheme in West Yorkshire.

Working together with West Yorkshire Combined Authority, Transport for the North, Ecebs, Penrillian and Consult Hyperion, ITSO will be leading on a trial, due to commence in September 2016, which uses HCE-enabled mobile phones on a live ITSO scheme.

Beacons in Transit

24th June 2016by Consult Hyperion2 Comments

You’ve probable heard about Bluetooth Low Energy (BLE) Beacons being used to help the visually impared navigate on their own around public transport systems. This has been trialled in Bucharest on buses and in London Underground. These are examples of relevant information being pushed to users’ smart phones based upon their location. Other similar use cases might include telling passengers when they are approaching the stop at which they plan to get off, or telling them that their selected vehicle is about to arrive.

The use case I am more interested in is the one that allows passengers to travel without paying upfront and be charged afterward based on the journey that they took. We implemented this with TfL in London using contactless bank cards and it has become known as ‘Aggregated Pay As You Go’. This works well, but relies upon the passenger rembering to ‘tap in’ and ‘tap out’ to mark the end point of each leg of the journey in order that the back office can calculate the journey taken. Appropriate charges are made to the passenger’s bank card account at the end of the day.

Beacons could be used in implementations for this use case. Such a beacons trial is to be carried out in 2017 in West Yorkshire as part of the Transport for the North’s Integrated and Smart Travel (I&ST) programme.

The aim is to automatically determine the bus journey taken by the passenger and charge on a PAYG basis. Therefore, we need to know accurately where the passenger gets on and off the bus. This information will be determined by a smart phone app by interacting with beacons and sent to the back office where the charge is calculated and payment taken.

The trial, commissioned by West Yorkshire Combined Authority (WYCA), will be used to determine:

whether the passenger experience is favourable;
whether BLE technology can deliver sufficient location accuracy; and
how the journey timestamp and location information sent to the back office in such a way that can be trusted and not open to fraud.

Open-loop payment in transit

17th March 2016by Consult Hyperion4 Comments

In my previous blog, I talked about the trends in smart ticketing systems leading to account-centric and open-loop payments which I want to consider in more detail in this blog.

‘Open-loop’ Payments

‘Open-loop’ is the term used for transit payment instruments which can also be used for generic payments outside of the transit system. By contrast, traditional transit payment smart cards (such as Oyster in London) have required customers to convert their money to transit-only funds stored in a transit account and used to pay for travel. Customers have been prepared to do this because of the benefits of speed of access to the transit system without having to stop to purchase tickets. However, the down-side is that they have to periodically load funds to their CTCs, such funds then being unavailable for other purposes unless a refund from the CTC is sought.

There are many payment instruments emerging, but the one which is currently most ubiquitously accepted by merchants is EMV, the smart debit and credit standard used by the large payment networks including MasterCard, Visa and American Express whose members are the banks. These Payment Schemes are currently lobbying the transit sector for their open-loop cards to be accepted as payment instruments within transit.

This approach has the obvious benefits that (i) fewer CTCs need to be issued by the transport operator, and (ii) customers can arrive in a city from anywhere in the world and travel using the bank cards in their pockets.

The leading example of open-loop payments in transit is London where all Oyster readers have accepted contactless EMV (cEMV) payment cards from across the globe since 2014. Other transit schemes already committed to rolling out acceptance of cEMV open-loop payments include the national OV-Chipkaart scheme in the Netherlands and MTA in New York.

UKCA Transit Framework Model

The country with the most practical experience of a large-scale open-loop payment transit deployment is the UK, and, in particular, Transport for London which now sees more than one million journeys per day using ‘contactless payment cards’, the generic term used to described all EMV-compliant contactless devices, including ApplePay.

The deployment in London was pioneering and occurred before any models existed for cEMV use in transit. Subsequently, a payment model framework has been developed by the UK Cards Association (UKCA) in conjunction with the transport industry. The Association’s members issue the vast majority of debit and credit cards in the UK.

UKCA has identified three models which are described below. Two of the models are ‘pay as you go’ (PAYG) and the third model assumes that a ‘travel right’ or PAYG balance has already been purchased.

The important point to understand is that UKCA models 1 and 2 exploit EMV payments and are therefore bound to EMV-issuing banks, which are communicated with via the Merchant Acquirer. These models are different from transit account-centric solutions which could accept pre-payment from any payment instrument, not just bank cards. Furthermore, the ‘token’ used to identify the passenger in the account-centric solutions can be either an open-loop (CPC) or a closed-loop (CTC) token.

This last point is important in relation to ‘unbanked’ passengers. It has been shown (e.g. Ventra in Chicago) that cEMV technology cards can be issued to the unbanked and used as smart ticketing ID tokens to access pre-purchased transit products.