[17838] in cryptography@c2.net mail archive
RE: EMV
daemon@ATHENA.MIT.EDU (Gabriel Haythornthwaite)
Tue Jul 12 20:05:03 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Reply-To: <gabriel@castelain.com.au>
From: "Gabriel Haythornthwaite" <gabriel@castelain.com.au>
To: "'Ben Laurie'" <ben@algroup.co.uk>,
"'Peter Fairbrother'" <zenadsl6186@zen.co.uk>
Cc: "'Florian Weimer'" <fw@deneb.enyo.de>,
"'David Alexander Molnar'" <dmolnar@EECS.berkeley.EDU>,
"'? Schmidt'" <joern2473@yahoo.com>, <cryptography@metzdowd.com>
Date: Wed, 13 Jul 2005 09:02:12 +1000
In-Reply-To: <42D397CB.5050408@algroup.co.uk>
In Hong Kong a lot of people do little more than wave their bags at the
turnstile. Removing the wallet and revealing its size is unnecessary.
> -----Original Message-----
> From: owner-cryptography@metzdowd.com
> [mailto:owner-cryptography@metzdowd.com] On Behalf Of Ben Laurie
> Sent: Tuesday, 12 July 2005 8:14 PM
> To: Peter Fairbrother
> Cc: Florian Weimer; David Alexander Molnar; ? Schmidt;
> cryptography@metzdowd.com
> Subject: Re: EMV
>
> Peter Fairbrother wrote:
> > Florian Weimer wrote:
> >
> >
> >>* David Alexander Molnar:
> >>
> >>
> >>>Actually, smart cards are here today. My local movie theatre in
> >>>Berkeley, California is participating in a trial for "MasterCard
> >>>PayPass." There is a little antenna at the window;
> apparently you can
> >>>just wave your card at the antena to pay for tickets. I haven't
> >>>observed anyone using it in person, but the infrastructure
> is there right now.
> >>
> >>If you are interested in useful RFID applications, just visit
> >>Singapore. 8-) They use RFID tickets on the subway (MRT) and on
> >>busses, and you don't have to worry about buying the right ticket
> >>because the system charges you the correct amount.
> However, there's
> >>one thing that makes me nervous: if you know the card
> number (which is
> >>printed on the cards), you can go to a web page, enter it,
> and obtain
> >>the last 20 rides during the last 3 days, without any further
> >>authentication.
> >
> >
> > London Underground have a contactless system too, but it isn't used
> > much. As I remember it had a similar problem, but they may
> have changed that.
> >
> > You take out your wallet with the card in and wave it over a
> > palm-sized yellow blob on the turnstile, but you don't have to open
> > your wallet to withdraw a token.
> >
> > Muggers and pickpockets keep a close eye out to see how fat your
> > wallet is and where you keep it ...
>
> Which, of course, they would never do if you were extracting
> money to buy a ticket, or showing your season ticket. Explain
> to me how the contactless system alters this risk in any way?
>
> Cheers,
>
> Ben.
>
> --
> >>>ApacheCon Europe<<< http://www.apachecon.com/
>
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>
> "There is no limit to what a man can do or how far he can go
> if he doesn't mind who gets the credit." - Robert Woodruff
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
