Your Security breached ….
No security is perfect
Facebook.com/cyber.command0s

[+]Team_CC[+]

Abstract— Operating at 13.56 MHz and transferring data up to 424 Kbits/second, Near Field Communication (NFC) provides intuitive, simple, and safe communication between electronic devices. NFC uses both the “read” and “write” technology, establishing communication between two NFC-compatible devices. Target of this research is an automatic process transaction of ordering and buying tickets through mobile device, cutting down necessity of human works. This research is intended to solve problems in existing airport system; like necessity of expense and time to buy tickets, and frequently missing passenger’s belongings. The solution of existing problems is an application of ordering tickets through mobile device with GPRS or SMS and payment by credit card; e-ticket applet which can be downloaded to mobile phone instead of paper ticket; application to change booking code when there is no Internet connection; application to check validity of e-ticket using NFC; and checking of passenger’s belonging using NFC tagged by Radio of Frequency Identification (RFID).

Keywords: Near Field Communication, contact less, e-ticket applet, tag Radio Frequency Identification.

1 Introduction

Advancement of technology development and information system to support business process requires faster transaction data processing. Current transaction mechanism such as Internet Online Payment, Smart Card, Radio Frequency Identification (RFID), and Mobile Payment are designed to simplify the transaction for people.

In order to speed up the process of ticket ordering and payment transaction with high accuracy and efficiency, it needs a support system that already mentioned at above. In a normal daily practice, transaction such as payment will be conducted with money and information exchange will be conducted with the use of paper; so it is a necessity to have a transaction mechanism which can conserve resources and also improve the accuracy and the safety. With the growing needs for faster transaction and faster information exchange, this research will discuss NFC technology that will conduct the transactions. Using implemented NFC technology in a cell phone will make buying and selling transaction faster, safer and more efficient.

2 Reference Literature

2.1 Airline Model

Airline model is a system overview which shows ticket ordering and purchasing from the beginning to the end of the process that used in flight companies. From an interview with an airline corporation, the ticket ordering and purchasing system in Indonesia is still done through locket, travel agent, telephone, and online (through internet). However, ticket ordering and purchasing system is still quite difficult and time consuming process.

Shown in Figure 1 below, after passenger ordering and buying ticket, the passenger will check the baggage. Next, the passenger lets the airline staff check the ticket. If it’s an international flight, immigration staff will check the passport and fiscal. After the whole checking process, the passenger stays at waiting room that is provided in airport until the departure time. At the destination airport, the international passenger has to check passport and fiscal and take his/her baggage.

Figure 1. Process Model in Soekarno-Hatta Airport

2.2 Database

One of the technology terms that most people have become accustomed to hearing either at work or while surfing the internet is the database. The database used to be an extremely technical term, however with the advancement of computer systems and information technology throughout our culture, the database has become a household term.

DBMS (Database Management System) lets information systems be changed more easily as the organization’s requirements change. New categories of data can be added to the database without disruption to the existing system. Adding a field to a record does not require changing any of the programs that do not use the data in that new field.

The following features of DBMS are:

l Data Definition Language (DDL)

The Data Definition Language (DDL) is one of two major components of the Structured Query Language (SQL). Some of the major commands comprising DML are CREATE TABLE, DROP TABLE and CREATE INDEX. (Connolly and Begg, 2002, p40).

l Data Manipulation Language (DML)

The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands will be used by all database users during the routine operation of the database. The basic DML commands are INSERT, SELECT, UPDATE, DELETE.

l Providing control access into Databases, for example:

 Security System, preventing consumer which have no right to access Databases

 Integrity System, taking care of consistency from data

 Concurrency Control system, permitting to access divisible in Data Bases

 Recovery Control system, bringing back condition of Bases of Data before failure of hardware or software.

 Consumer – accessible catalog, containing description from data in Data Base.

2.3 Software Development Methodology

Software engineering is the practice of using selected process techniques to improve the quality of a software development effort. This is based on the assumption, subject to endless debate and supported by patient experience, that a methodical approach to software development results in fewer defects and, therefore, ultimately provides shorter delivery times and better value. The documented collection of policies, processes and procedures used by a development team or organization to practice software engineering is called its software development methodology (SDM) or system development life cycle (SDLC).

· Software Development Life Cycle (SDLC)

a. Initiation/planning

b. Requirements gathering and analysis

c. Design

d. Build or coding

e. Testing

f. Operations and maintenance

· Waterfall Model

All projects can be managed better when segmented into a hierarchy of chunks such as phases, stages, activities, tasks and steps. In system development projects, the simply rendition of this is called the “waterfall” methodology, as shown in the following figure 2:

Figure 2. Waterfall Methodology

In looking at this Figure 2, which was for major defense systems developments, please note this presumes that the system requirement have already been defined and scrubbed exhaustively, which is probably the most important step towards project success. Nevertheless, the graphic illustrates a few critical principles of a good methodology:

1. Work is done in stages,
2. Content reviews are conducted between stages, and
3. Reviews represent quality gates and decision points for continuing.

The waterfall provides an orderly sequence of development steps and helps ensure the adequacy of documentation and design reviews to ensure the quality, reliability, and maintainability of the developed software. While almost everyone these days disparages the “waterfall methodology” as being needlessly slow and cumbersome, it does illustrate a few sound principles of life cycle development.

2.4 Smart Card

Smart Card technology is an industry standard that is defined and controlled by Joint Technical Committee 1 (JTC1), a part of International Standards Organization (ISO) and International Electronic Committee (IEC). ISO/IEC 7816 international standard was introduced in 1987 and it was updated in 2003. This standard contains many aspects of smart card like physical characteristics, physical contact, electronic signal, command, security architecture, application identification and other elements.

Smart Card is a card from plastic material which has integrated circuit (IC). Smart Card can be used as credit card and SIM card for mobile phone. Smart Card is a card which has secure storage and non-volatile media but in next generation Smart Card has microprocessor and memory to support data processing. Because there is a microprocessor inside the Smart Card, it is capable for security processing with cryptography algorithm likes RSA, AEC and (3) DES.

Smart Card doesn’t have battery and it is can be activated if the Smart Card interacts with a card reader. When the Smart Card is connected with card reader and doing a reset process, the card will change to passive mode and it is wait for next command from card reader. Smart Card can be contact or contactless. Contact Smart Card is communicate with card reader through 8 pins inside the Smart Card. Contactless Smart Card is communicate with card reader through radio frequency in the certain distance.

Smart Card can be accessed by creating an application that called applet. Applet program will be installed into Smart Card using smart card loader application. Smart Card can be accessed using communication protocol that called Application Protocol Data Unit (APDU). APDU structure is described in table below.

Table 1. APDU instruction structure

CLA is a block that identifies an application specifically. INS is a block that contains instruction code to be executed for processing. P1 and P2 are parameters for INS that will be executed. Lc is a block contains length of data that will be sent through APDU instruction. If APDU doesn’t send data, Lc value is 0x00. Data block contains data collections sent through APDU instruction. Le block is containing maximum byte length from expected response that will be returned from card reader. Le block can contain certain value or 0x00. APDU instruction is collection from hexadecimal values that will send from card reader to applet program inside of Smart Card.

APDU can have response value from given instruction. APDU response has structure that more simple than instruction structure. APDU response structure is described below.

Table 2. APDU response structure

Data block contains data that returned from specific instruction. SW1 and SW2 blocks are containing instruction status. Form of this APDU response is a hexadecimal values.

2.5 Near Field Communication (NFC)

Near Field Communication (NFC) [1] is a new short-range wireless connectivity technology that evolved from a combination of existing contactless identification and interconnection technologies. Products which built-in NFC technology will dramatically simplify the consumer devices to interact with each other, helping people to get quick established connections, receive and share information and even make fast and secure payments.

Operated at 13.56 MHz and transferring data at up to 424 Kbits/second, NFC provides intuitive, simple, and safe communication between electronic devices. NFC is both a “read” and “write” technology. Communication between two NFC devices occurs when they are brought within four centimeters of one to another. A simple wave or touch can establish an NFC connection, which is then compatible with other known wireless technologies such as Bluetooth or Wi-Fi. The underlying layers of NFC technology universally implemented ISO, ECMA, and ETSI standards. Because the transmission range is too short, NFC-enabled transactions are inherently secure. Also, physical proximity of the device to the reader gives users the reassurance of being in control of the process.

There are 3 special functions or ability owned by peripheral NFC, the abilities are:

1. Ability to deal with electronic peripheral by peer-to-peer like home office system, wireless headset and mobile phone.
2. Ability access digital of content. The example of Digital content is an advertisement poster which has been planted by RF tag so that the consumer can download content advertisement into mobile phone.
3. Making transaction like ticket payment or micro payment transaction so that the payment becomes contactless transaction method.

Figure 3. NFC technology architecture

Figure 4 is a payment transaction where NFC can change the way of payment to be “contactless payment”. Consumer only just hand the mobile device to near by a terminal which have planted of reader to pay or buy goods. This kind of mobile has ability to save account like credit card number and number of money which later will be available for payment.

Figure 4. Payment Transaction with NFC

2.6 Radio Frequency Identification (RFID)

RFID (Radio Frequency Identification) is a wireless system used to identify tags. These tags may be carried by people or animals or mounted on object or vehicles. They may even be embedded under the skin. RFID tags are non-contact and non-line-of-sight. This means that you don’t have to “swipe” your card for an RFID system to identify you.

Basic components of RFID system are:

l Tag: Chip tags consist of a microchip and a coupling element – an antenna. Most tags are only activated when they are within the interrogation zone of the interrogator; outside they “sleep”. Chip tags can be both read-only (programmed during manufacture) or, at higher complexity and cost, read-write, or both. Chip tags contain memory. The size of the tag depends on the size of the antenna, which increases with range of tag and decreases with frequency.

l Antenna: for transmitting signal of frequency radio between reader and tag RFID.

l Reader of RFID (Micro-Reader): is appliance which compatible with tag RFID to communicate by wireless by tag.

l Software Application: Considered to be the heart and soul of a comprehensive RFID system. The transference of data between transponder and transceiver, and between transceiver and data accumulation, is electronic (mechanical, if you will). It’s the software that allows you to actually tie electronic identity to production and management information, massage the data and share the information with others.

 Passive RFID vs. Active RFID

Passive RFID tags operate using power from the RFID transceiver. Passive tags are small and inexpensive, but do not have good range.

Active RFID tags are powered, usually by a battery. Active tags are larger and more expensive, but offer a much better identification range.

RFID tags store data, which is typically used for authentication. Passive tags typically store between 32 and 128 bits of data; Active tags can store up to 1MB of data.

Passive tags are Read-Only; Active tags are typically rewritable.

 RFID Frequencies

RFID systems operate across a wide range of frequencies. Lower frequency systems are less expensive; higher frequency systems offer increased range. For RFID purposes, 300-500Khz are considered low frequencies, 850-900MHz and 2.4GHz-2.5Ghz are considered frequencies. RFID systems used to automatically pay highway tolls are high frequency systems.

3 Analysis

3.1 Problem Analysis

Based on interviews and questionnaires from airline company that has conducted there are four problem points:

l Booking and ticket purchase require time around 1-5 hours through the Internet and Online Travel Agent.

l A paper ticket may be lost and left behind.

l Current ticket order process needs extra costs, such as transportation costs to the counters or travel agents or internet costs if ordering process using web facility.

l Incompatibility of data due to human error often occurs, for example: Accidentally exchanged baggage happens because of airport staff and passengers that put not enough concern when the baggage arrives.

3.2 Solution

The solution from the problems is M-Fly system. M-Fly is a flight ticket transaction system based on Near Field Communication (NFC) technology. M-Fly is combination of applications that build integration flight transaction system. M-Fly system will handle many activities like mobile ticket order, baggage identification, flight check-in and electronic ticket device. This M-Fly project prototype includes front-end application that will be used by passenger and back-end application that will handle transaction work flow in airport.

Figure 5. Conceptual Model M-Fly System (Rich Picture)

From Figure 5, the conceptual model M-Fly System is the solution of the problem, and these are the workflow description:

• User open M-Fly MIDlet application in his/her mobile device. In this application user will check for flight schedule, fill user data and define payment method. After that M-Fly application will send and request data from gate (SMS gateway server / WEB server) server. We will use SMS (cover BTS / network tower that not support with GPRS / 3G access) and GPRS / 3G connection for data transfer.

l Data will be transferred using SMS connection and SMS gateway server will receive the data. In this network / connection mode, user will get booking ID for the ticket. User has to exchange the booking ID with electronic ticket data in e-ticket exchanger terminal. Because we predict size of e-ticket data is bigger than the SMS payload data capacity.

l Data will be transferred using GPRS or 3G connection over HTTP protocol and web server will receive the data. User can download e-ticket data from server into their NFC mobile device.

l Gate server will transfer data from user to application server for processing data. In this application server data will be processed based on the business logic in several applications that is implemented to this server. Application server will request data from database server to get appropriate data and check validity of data. This application server will also generate e-ticket data that will be downloaded by user via M-Fly application; and the application will store e-ticket data into mobile device database.

1. SMS gateway server transfer and request data to application server and application server will request and check data to database server.
2. Web server transfer and request data to application server web service and application server web service will request and check data to database server.

l Passenger will check for their baggage. During baggage checking process, passenger will put their NFC mobile device in Baggage ID Terminal. After checking e-ticket data validity, then Baggage check-in terminal will get e-ticket ID from NFC mobile device and generate baggage ID for the current passenger baggage. Baggage check-in terminal will push the generated baggage ID into mobile device and push both generated baggage ID and e-ticket ID into Mifare RFID Tag that will stick on passenger baggage. Baggage check-in terminal will send baggage ID and e-ticket to database server via application server.

• Passenger will enter the waiting room after checking their e-ticket validity in Barrier check-in terminal. The Barrier check-in terminal will read e-ticket applet data in NFC mobile device and transfer to application server for checking. If the data is valid then the Barrier Tripod will automatically opened.
• After taking the flight, passenger will check for their baggage and use their NFC mobile device for read Mifare RFID Tag on baggage to ensure and cross check the ID of the baggage.

4 Design

4.1 Main Feature

Main features of these applications are:

A. User

• Ticket Order

User can order electronic ticket from M-Fly ticket order application based on Short Messaging Service (SMS) connection or GPRS connection.

• Baggage ID Storage

Baggage ID Storage application will receive and store baggage ID that will be generated by Baggage Check-in terminal. Baggage ID will use to identify passenger baggage.

• Flight electronic ticket

This electronic ticket will be used to check-in.

• Contactless check in

With NFC technology, user can use the mobile device as a smart card and do contactless check-in or transaction based on electronic ticket applet that embedded in NFC mobile device chip.

• Baggage RFID Tag checker

Like Figure II, user can identify baggage by reading RFID Tag that stick on passenger baggage. User can use mobile device as a RFID tag reader to check baggage ID that store in RFID tag and baggage ID that store in mobile device database.

B. Backend

• E-ticket exchanger terminal

E-ticket exchanger terminal will use for exchange e-ticket booking ID with e-ticket data.

• Baggage check in terminal

Baggage check-in terminal will generate baggage ID. The baggage ID will write to RFID Tag that will stick on passenger baggage and send baggage ID to mobile device by contactless method.

• Barrier check in terminal

Like at figure 9, this is barrier for block passenger to the guest room. User will unlock the barrier by hand the mobile device to the terminal (contactless method) and the terminal will check the electronic ticket validity to the server.

l Flight ticket order web service

This web service will use for handling GPRS ticket order transaction.

l SMS Gateway

This gateway module will be used to handle SMS ticket order transaction.

l Control Report Center

This is a web report application that will show the transaction data.

5 Implementation

5.1 Marketing Appeal and User Benefit

M-Fly helps people’s mobility by providing a system for passenger traveling via airplane. M-Fly will make ticket queues in airport obsolete because passenger will not need to queue for tickets; instead they only need a mobile phone equipped with NFC technology to provide a faster transaction. By passing through the terminal gates with NFC equipped mobile phone, passenger will automatically buy flight tickets. Passenger will not need to wait to receive a printed boarding pass because the boarding pass is stored in the mobile phone.

In the other hand, M-Fly is helping Airline Company to input passenger’s data which is reside in their mobile phone to the aviation company’s database. Using embedded NFC in mobile phone will make a fast, secure, and efficient transaction and information exchange.

5.2 Markets Applications

These applications are very useful for Airline companies that needs fast data processing and wants their system have high integrity and computerization. And their passengers with high mobility can get benefit to booking and buy airline ticket wherever and whenever passenger wants.

6 Conclusions

This System benefits are:

1. mobility transaction anywhere and anytime
2. Contactless transaction and automation system in airline.
3. Simple baggage identification.
4. Implement electronic ticket, so can reduce paper ticket.
5. Fast data transfer, integrated system and reduce time

.

System Development:

• M-Fly can’t develop the system perfectly because, I have limitation in hardware.
• This system is still prototype, but the application has been developed.
• This system in the real condition will interact with bank system, telecommunication operator, and airline.

References

[1] Near Field Communication, http://en.wikipedia.org/wiki

[2] An Introduction to Java Card Technology, http://java.sun.com/javacard/reference/techart/

[3] Pressman, R. S. (2001). Software Engineering. Fifth Edition. McGraw-Hill, Singapore.

[4] Connolly, T. dan C. Begg. (2002). Basis Data Systems. Third Edition. Addison Wesley, United States of America

[5] Supriatna Dedi, (2007), Studi Mengenai Aspek Privasi Pada Sistem RFID, http://www.cert.or.id/~budi/courses/security/2006-2007/Report-Dedi-Supriatna.pdf

Ada pertanyaan dari mas yuliam “opo kuwi”.  Hehe ini namanya barcode 2D penerusnya barcode linier yang biasa dipake.  Barcode readernya pake kamera dengan teknik computer vision.  Barcode 2D ini ada informasinya lho … bisa di decode contoh nya pake program handphone punya kaywa.  Format barcode ini adalah open format jadi bebas dipakai sama siapa aja and dikembangkan oleh siapa pun.  Barcode tipe ini banyak dijumpai di negara Jepang.  Gw sekarang lagi kembangin aplikasi mobile pake barcode 2D ini, biasa disebut QR Code.

Nah akhirnya selesai juga research gw, di bawah ini adalah video tampilan aplikasi mobile berjudul Mobile Cinema yang dikembangkan pake J2ME dan LWUIT framework untuk User Interface nya. Aplikasi Mobile Cinema ini juga menyertakan e-tiket berformat QR Code. Silahkan melihat-lihat ^_^

Mobile Cinema Simulator Demo
Mobile Cinema Implemented Demo
Mobile Cinema Devices
Mobile Cinema QR Code Reader Application