[81] in 6.033 discussion
Card Reader Connections
amdehon@ATHENA.MIT.EDU (amdehon@ATHENA.MIT.EDU)
Thu May 5 15:39:35 1994
> From: snidley@mit.edu
> Date: Tue, 03 May 94 21:28:53 EDT
>
>
>
> I have a question about card readers. I haven't been able to find
> a source which talks about how to connect a card reader to your typical
> UNIX workstation. What is the best way to do this? Could you just use
> the serial port and an RS-232 or similar little piece of hardware? Is there
> an easier/better way? Thanks for the help.
>
> Tony
>
A serial port certainly works, is moderately universal, and fairly
inexpensive. As a pragmatic matter, you might worry about how long the
cable run is (there are electrical limits) and how exposed the line is to
tapping along its run (the longer the run the harder to physically secure
it). If you just do the most straightforward thing you may have plaintext
running over that wire. Will that pose a security problem? Can someone
splice in an alternate RS-232 source (say their PC) and spoof your card
reader? Of course, even if the serial line is secure, how secure does the
unix system keep the serial i/o device?
A PC parallel port works, too (perhaps in a more primitive way).
It will have even more severe limits on cable length.
One question is how much smarts get built into the card reader
itself. As a crude characterization, I could picture:
1) None. It just decodes bits to digital pulses. It doesn't even
know about RS-232. This is pretty raw, but I've seen them
this raw. They are pretty cheap at this level.
2) It decodes bits and frames them into some standard physical
transport level (e.g. RS-232 bytes over a serial line).
[at a little more expense you might could get it to talk
straight TCP/IP over AUI or some such.]
3) Add a little smarts to the above and do data fielding.
4) Add more smarts and do encryption and/or smart processing at the
card reader
Basically, you do start with (1). The question is what you build
around it before "connecting" it into a "general purpose" computer. It's
not uncommon for people to put a 4/8-bit microcontroller along with (1) to
get (2) or (3). If you've got the computer anyway, sometimes it's
easier/cheaper/more-flexible to connect as raw a mechanism as possible to
the computer and let it do the processing (end-to-end type argument) -- but
in a security-concious case, you do need to worry about exposure for
tapping and spoofing as suggested above.
"Best" depends on what you're optimizing for...so you'll have to
make that judgment.
Andre'
