Re: [89attendees] Oyster card balance
Derek Atkins <DAtkins@mocana.com> Tue, 11 March 2014 11:48 UTC
Return-Path: <DAtkins@mocana.com>
X-Original-To: 89attendees@ietfa.amsl.com
Delivered-To: 89attendees@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99BCC1A068D for <89attendees@ietfa.amsl.com>; Tue, 11 Mar 2014 04:48:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SabnXPj5zZtj for <89attendees@ietfa.amsl.com>; Tue, 11 Mar 2014 04:48:49 -0700 (PDT)
Received: from smtp.mocana.com (smtp.mocana.com [IPv6:2001:470:8254:40:21d:92ff:fe68:1e6e]) by ietfa.amsl.com (Postfix) with ESMTP id 19D1F1A070E for <89attendees@ietf.org>; Tue, 11 Mar 2014 04:48:49 -0700 (PDT)
X-ASG-Debug-ID: 1394538520-01c788098ce20c0001-OowX3S
Received: from email.mocana.com ([10.200.16.9]) by smtp.mocana.com with ESMTP id ZJ3D0JrrBpDhENf5 (version=TLSv1 cipher=RC4-MD5 bits=128 verify=NO); Tue, 11 Mar 2014 04:48:40 -0700 (PDT)
X-Barracuda-Envelope-From: DAtkins@mocana.com
Received: from yugi.mocana.local ([10.200.16.9]) by yugi.mocana.local ([10.200.16.9]) with mapi; Tue, 11 Mar 2014 04:48:40 -0700
From: Derek Atkins <DAtkins@mocana.com>
To: Stefan Winter <stefan.winter@restena.lu>
Date: Tue, 11 Mar 2014 04:48:36 -0700
Thread-Topic: [89attendees] Oyster card balance
X-ASG-Orig-Subj: Re: [89attendees] Oyster card balance
Thread-Index: Ac89H9f9DxzRfbDETnOfYossfMB9Dw==
Message-ID: <1394538516.30828.39.camel@localhost>
References: <AE6329C4-4FBF-467C-8CDC-1069153607AA@juniper.net> <531EBBEE.2070105@restena.lu> <CA+qGm=_g6pWc6h2rWmAfw_7oCSE5VW0hvcO=SopvuGhy0JQSjA@mail.gmail.com> <531EE043.1080205@restena.lu>
In-Reply-To: <531EE043.1080205@restena.lu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[10.200.16.9]
X-Barracuda-Start-Time: 1394538520
X-Barracuda-Encrypted: RC4-MD5
X-Barracuda-URL: http://10.200.40.6:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at mocana.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.3786 Rule breakdown below pts rule name description ---- ---------------------- --------------------------------------------------
Archived-At: http://mailarchive.ietf.org/arch/msg/89attendees/fhhnVZUp5TF-6NxZ0jg0s4lrIAw
Cc: "89attendees@ietf.org" <89attendees@ietf.org>
Subject: Re: [89attendees] Oyster card balance
X-BeenThere: 89attendees@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list of IETF 89 attendees that have opted in to the list." <89attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/89attendees>, <mailto:89attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/89attendees/>
List-Post: <mailto:89attendees@ietf.org>
List-Help: <mailto:89attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/89attendees>, <mailto:89attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 11:48:50 -0000
On Tue, 2014-03-11 at 03:06 -0700, Stefan Winter wrote: > It escapes my why an online top-up can't stand on its own? It is after > all an UDPATE in some DB of the accounting system. Unless the balance is > actually kept on the card, not in a central DB. If it is on the card, I > wonder if messing with the card is a worthwhile hacker's target for, uh, > "self-service" top-up. I don't know specifically about Oyster, but the Boston MBTA Charlie Card which appears to use similar technologies definitely has the balance stored on the card itself. Although it is *possible* that it uses a database for reconciliation to detect fraud/tampering. I'm pretty sure the SF-Bay-Area Clipper Card works similarly, too, and indeed I recall hearing about a ring of counterfitters that were generating fake cards with balances. Before the MBTA moved to the contact card they used mag swipe cards, and those were very easy to rewrite/hack with a card-reader-writer machine. -derek
- Re: [89attendees] Oyster card balance Bob Hinden
- [89attendees] Oyster card balance Jeff Haas
- Re: [89attendees] Oyster card balance Ted Lemon
- Re: [89attendees] Oyster card balance Peter Yee
- Re: [89attendees] Oyster card balance Andrew G. Malis
- Re: [89attendees] Oyster card balance Mark Duckworth
- Re: [89attendees] Oyster card balance Andrew G. Malis
- Re: [89attendees] Oyster card balance David Sinicrope
- Re: [89attendees] Oyster card balance Eric Gray
- Re: [89attendees] Oyster card balance Mahesh Jethanandani
- Re: [89attendees] Oyster card balance Bill Mills
- Re: [89attendees] Oyster card balance Stefan Winter
- Re: [89attendees] Oyster card balance Alexander Harrowell
- Re: [89attendees] Oyster card balance Stefan Winter
- Re: [89attendees] Oyster card balance Derek Atkins
- Re: [89attendees] Oyster card balance Ted Lemon
- Re: [89attendees] Oyster card balance Alexander Harrowell
- Re: [89attendees] Oyster card balance Stefan Winter
- Re: [89attendees] Oyster card balance Mikael Abrahamsson