ie. send money phone to phone, with NO central control
The SIMs control security.
I would suggest asymmetric eg RSA, but I suppose it could be done with symmetric (eg AES)
- which would mean every SIM has the main key on board.
Obviously, using SMS, or similar, lost transmissions would be a problem.
Oddly, you can only cancel a send (and get your money back) if your receiver has an active Log file.
If your receiver can put a Cancel message on her log, her SIM will then permit her to send you a signed CancelOK message.
Your SIM would verify this, then reverse your transaction - ie money back.
If your receiver is non-contactable, ie if she breaks her SIM, you can NOT cancel, ie you can not get your money back.
Still & all, wouldnt it be grand to send money with no Govt snooping, no Western Union 20%...
________________________________________________________________
Obscurity
DESFire manual is still available online MF3 IC D40 3.1 April 2004
(hint: search for M075031 and pudn)
- Why is Philips so set on secrecy for its documentation? Reeks of 'security through obscurity'
I guess theyre still smarting from that bunch of students who cracked their 'classic' 48bit key.
Nobody supposes the 'new' 112bit key will be cracked, so why hide the docs?
__________________________________________________________________
Detecting Readers
I've spent a lot of hours trying to Auto-Detect card readers
Contact readers are OK to autodetect.
I've decided that it is NOT possible to auto-detect NFC/ContactLess Readers.
All the 'utility' card reader programs I have seen start with "Pick your readers from a list"
Its just impossible to wait for a card on every reader, and eg check the ATR.
I thought for a while it was a threading problem with java Swing, but console apps cant do it either.
Oddly, even if you pick readers from a list, I still get a hiccup on first NFC read if I auto-detect my SAM.
We tend to assume people have Omnikey (5321)
Sometimes we even hardcode "-CL" into the terminal name comparison (ugh)
Omnikey does a bunch of read & writes to DESFire AV1 in 140msec, whereas an ACR122U-A2 takes 638msec which is so slow I reckon I have missed a section on "speeding up your ACS reader" somewhere (?)
_____________________________________________________________________