A Decentralised Digital Token Architecture for Public Transport

Digitisation is often viewed as beneficial to a user. Whereas traditionally, people would physically have to identify to a service, pay for a ticket in cash, or go into a library to access a book, people can now achieve all of this through a click of a button. Such actions may seem functionally identical to their analogue counterparts, but in the digital case, a user's actions are automatically recorded. The recording of user's interactions presents a problem because once the information is collected, it is outside of the control of the person whom it concerns. This issue is only exacerbated by the centralisation of the authentication mechanisms underpinning the aforementioned services, permitting the aggregation and analysis of even more data. This work aims to motivate the need and establish the feasibility of the application of a privacy-enhancing digital token management service to public transit. A proof-of-concept implementation is developed, building upon a design proposed by Goodell and Aste. This implementation was optimised for the public transport use case. Its performance is tested in a local environment to better understand the technical challenges and assess the technical feasibility of the system in a production setting. It was observed that for loads between one and five requests per second the proof-of-concept performs comparably to other contactless payment systems, with a maximum median response time less than two seconds. Due to hardware bottlenecks, reliable throughput in our test environment was limited to five requests per second. The demonstrated throughput and latency indicate that the system can feasibly compete with solutions currently in use. Yet, further work is needed to demonstrate their performance characteristics in an environment similar to that experienced in production.