how to read information from RFID equipped credit cards

[Peter Gutmann]

"Steven J. Murdoch" <crypto+Steven.Murdoch at cl.cam.ac.uk> writes:

>You can get a fairly high-bandwidth channel with 2D barcodes. It's uni-
>directional, but that's enough for many useful scenarios. The data gets shown
>on the PC monitor and is captured by a ubiquitous camera-phone or a dedicated
>locked-down device. This approach avoids the problems you mentioned about
>USB/Firewire/Ethernet lockdown.

That's what one company ended up using, not specifically 2D barcodes but a
visual channel via the PC monitor (actually nothing like 2D barcodes in this
particular case :-).  The problem is, as you point out, that the channel is
unidirectional and not very high-bandwidth.  This makes the crypto very hard
because you have to roll your own protocols and mechanisms and everything ends
up custom and nonstandard.

Here's an interesting crypto design problem, how do you do something like
S/MIME or PGP (to submit or receive an authenticated request/purchase order/
whatever) with a relatively low-bandwidth channel in one direction and almost
no channel (perhaps humans typing in a 4-digit number) in the other, and
without requiring huge amounts of oddball custom crypto mechanisms.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com