Comments: smart cards with displays - at last!

in theory, people with cellphones and/or pdas could use their own pin entry device ... and the cellphone/pda could have proximity, near field, bluetooth, &/or wifi ... with point-of-sale (and/or some server).

note that all sorts of things are subject to mitm-attacks ... this mentions possibility of mitm-attacks on terminals (potentially even with dda cards):
http://www.garlic.com/~lynn/2006o.html#16 Gen 2 EPC Protocol Approved as ISO 18000-6C
http://www.garlic.com/~lynn/2006o.html#17 Gen 2 EPC Protocol Approved as ISO 18000-6C

... however there possibly are also MITM-attacks against cards even with class 4 secured reader (aka possibly even overlays similar to what has been used with ATM-machines, counterfeit/compromised operations). this is somewhat related to the finread stuff:
http://www.garlic.com/~lynn/subpubkey.html#finread

in the case of finread, the terminal is supposedly yours and it is used for your own protection where potentially your own PC (that the finread is attached to) might be compromised (an isolated security boundary supposedly out of reach of common PC compromises)

in the case of a class 4 secured terminal ... there is potential of something like a MITM terminal/overlay between you and the real terminal.

misc. past postings mentioning MITM-attacks
http://www.garlic.com/~lynn/subpubkey.html#mitm

recent near field article:

Near Field Communication Technology Turns Cell Phones into "Debit Cards"
http://www.dailytech.com/article.aspx?newsid=1856

Posted by Lynn Wheeler at July 30, 2006 05:07 PM

How would you compare this to Mondex's cards?

Posted by SS at August 4, 2006 08:37 AM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x55f9accad6a8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.