[Clips] Contactless payments and the security challenges

[Bill Frantz]

On 9/21/05, nowen at wikidsystems.com (Nick Owen) wrote:

>Interesting question.  I know that we can solve it on a
>application-enabled cell phone with public keys - each service has only
>swapped public keys so you can have any number.  Can such a thing be
>done on an RFID card too?
>
>Bill Frantz wrote:
>> One issue I have not seen addressed in these "contactless" payment systems 
>>is the needs of people who carry multiple payment instruments.  A simple 
>>example is a personal and a corporate credit card.

It seems to me a use case is paying for a meal.  The cost may be
personal: I've taken my wife out to dinner and a show; or corporate: I'm
on a business trip.  I need to specify which payment instrument is to be
used, and not have it automatically sniffed out of my wallet or cell
phone.

If payment means putting the token next to the reader, i.e. a read
distance of only a few centimeters, then there should be no problem.  If
payment happens at RFID distances, then I'll need Faraday shields for the
tokens, eliminating most of the value of contactless payments.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | gets() remains as a monument | Periwinkle 
(408)356-8506      | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns.             | Los Gatos, CA 95032

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com