New Credit Cards May Leak Personal Information;_ylt=A0WTUeOD9tVFrwkA7SwjtBAF

from above:

You may be carrying a new type of credit card that can transmit your personal 
information to anyone who gets close to you with a scanner.

The new cards--millions of which have been issued over the past year--use RFID, or Radio Frequency Identification, technology. RFID allows scanners to use radio signals at varying distances to read information stored on a computer chip.
... snip ...

this is somewhat discussed in recent post Failure of PKI in messaging

i.e. x9.59 eliminating divulged account number as a vulnerability ... 
effectively substituting
authentication & integrity for privacy/confidentiality (leading to claim that 
x9.59 was privacy agnostic)

The other item mentioned in the article was leaking names. Part of the x9a10 
financial standard working group ... starting in the mid-90s ... was taking 
into account of an EU-directive (from the period) that electronic point-of-sale 
transactions should be as anonymous as cash. Somewhat the x9a10 assertion was 
that name on credit card was required so that point-of-sale clerk could do 
additional authentication by matching that name with the name on various forms 
of identification. Given a sufficiently high integrity authentication 
implementation ... the additional forms of authentication could be eliminated 
and therefor the name on the card could be eliminated.

This also goes along with similar earlier discussions about RFID-enabled 
passposts Flaw in RFID-enabled passports Flaw in RFID-enabled passports (part 

i.e. avoid unnecessarily spraying personal information all over the world IBM donates new privacy 
tool to open-source Higgins

the parallel was drawn between these mechanisms deploying static data personal 
identification information infrastructures and the x.509 identity digital 
certificates from the early 90s ... also raising their own enormous privacy 
issues. In that period, there was even suggestions that the x.509 identity 
digital certificates could be overloaded with sufficient personal information 
that they could also serve as electronic driver licenses and passports.

In the x9.59/aads model ... simple strong authentication and integrity is used 
with sufficient countermeasures for things like replay attacks and other kinds 
of exploits ... eliminating requirements for significant amounts of additional 
personal information for transactions

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to