|
|
|
|
|
|
by erpellan
2487 days ago
|
|
|
- Phone generates public/private key pair. - Phone registers public key with backend during signup. - Phone generates ticket signed with private key. - Backend checks signed ticket against registered public key to charge customer. Fraud is still possible but limited to individual customer accounts. |
|
|
- phone displays the generated ticket to the ticket scanner in the bus. - the scanner connects to the backend to verify the ticket.
this way the phone can remain offline after registration, and only need to get online to send money for your account.
i see no way for possible fraud as in fact all the ticket is doing in that case is to verify your identity to the server.
now how can we do the same thing but without revealing your identity, but just verifying that you paid?