Automatic fare collection (AFC) systems calculate the fare that the users must pay depending on the time of service (time-based) or the points of entrance and exit of the system (distance-based). The progressive introduction of Information and Communication Technologies allows the use of electronic tickets, which helps us to reduce costs and improve the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud and they must also preserve users' privacy. Therefore, we have studied the security requirements for the time-based and distance-based systems and we have proposed a protocol for each of the AFC systems.(1) The protocols offer strong privacy for honest users, i.e. the service provider is not able to disclose the identity of its users and, moreover, different journeys of the same user are not linkable between them. However, anonymity for users could be revoked if they misbehave. The protocols have been implemented in Android and its performance has been evaluated in two Android smartphones. The results remark that protocols are suitable to be used on an AFC system with a medium class mobile device although they offer a better experience with a high-class smartphone. The appearance in the market of more powerful mobile devices suggests a better usability of our proposal in a near future.

• 出版日期2013-10