17 April 2011

Money by Phone, Obscurity, Reader Detection

Peer to Peer money transmission
ie. send money  phone to phone, with NO central control
The SIMs control security.
I would suggest asymmetric eg RSA, but I suppose it could be done with symmetric (eg  AES)
- which would mean every SIM has the main key on board.

Obviously, using SMS, or similar, lost transmissions would be a problem.

Oddly, you can only cancel a send (and get your money back) if your receiver has an active Log file.
If your receiver can put a Cancel message on her log, her SIM will then permit her to send you a signed CancelOK message.
Your SIM would verify this, then reverse your transaction - ie money back.

If your receiver is non-contactable, ie if she breaks her SIM, you can NOT cancel, ie you can not get your money back.

Still & all, wouldnt it be grand to send money with no Govt snooping, no Western Union 20%...

________________________________________________________________
Obscurity
 DESFire manual is still available online  MF3 IC D40 3.1 April 2004
(hint: search for M075031 and pudn)
- Why is  Philips so set on secrecy for its documentation? Reeks of 'security through obscurity'
I guess theyre still smarting from that bunch of students who cracked their 'classic' 48bit key.
Nobody supposes the 'new' 112bit key will be cracked, so why hide the docs?



__________________________________________________________________
Detecting Readers

I've spent a lot of hours trying to Auto-Detect card readers
Contact readers are OK to autodetect.
I've decided that it is NOT possible to auto-detect NFC/ContactLess Readers.

All the 'utility' card reader programs I have seen start with "Pick your readers from a list"

Its just impossible to wait for a card on every reader, and eg check the ATR.

I thought for a while it was a threading problem with java Swing, but console apps cant do it either.

Oddly, even if you pick readers from a list, I still get a hiccup on first NFC read if I auto-detect my SAM.

We tend to assume people have Omnikey (5321)
Sometimes we even hardcode "-CL" into the terminal name comparison (ugh)

Omnikey  does a bunch of read & writes to DESFire AV1 in 140msec, whereas an ACR122U-A2 takes 638msec which is so slow I reckon I have missed a section on "speeding up your ACS reader" somewhere  (?)
_____________________________________________________________________

Posted by C T Skinner at 10:03 PM 0 comments
Subscribe to: Posts (Atom)