Ask MetaFilter questions tagged with smartcard

Where do RFID cards store information?

shoesandships — Tue, 29 Apr 2008 18:11:26 -0800

[RFID filter] When you add money to an RFID metro card, does the information get stored in the card's chip or in a central database? I know that both systems are possible. London's Oyster card stores the balance on the card rather than the central database according to its Wikipedia page. Hong Kong's Octopus card connects to the database whenever possible.

I'm specifically curious about Atlanta's Breeze Card system for MARTA. I know they use Cubic Transportation's Nextfare system, and that the data is encrypted, but I can't find the answer to my question.

If you have two identical cards (same ID) with 1 ride left and use up the ride on the first card, would the second card say it has 0 or 1 ride left?

Smart Cards for Windows Login?

CrayDrygu — Fri, 21 Sep 2007 09:00:22 -0800

Help me figure out Smart Cards! I work for the IT department of a company looking to use smart cards for Windows domain login. Windows (XP/2003) has built-in support for several brands of smart card. Great, it should be easy! It's not. It's taken me three days just to find some cards that are both still manufactured, and still supported in Windows. These are the Gemalto (aka Axalto aka Gemplus aka Schlumberger) Cryptoflex for Windows XP, and the Gemalto Cryptoflex .Net. But the former isn't supported in Vista (and besides, I can only find one website that sells them anymore, aside from the manufacturer). And the .Net cards are $40 each (the other's $15)!

On top of this, I'm finding it frustratingly difficult to find a USB reader that is both verifiably Plug & Play (I really don't want to install drivers if I don't have to), and is not being sold through a very shady-looking website.

Why is this so difficult? Surely other businesses are using smart cards for login, and not everyone is paying hundreds of dollars per seat for an Enterprise Solution when Windows has built-in support? Or does the built-in support suck so much that an Enterprise Solution is the only realistic option? And if that's the case, well...what's good?

Can an Oyster Card be hacked?

complience — Fri, 22 Jun 2007 06:45:17 -0800

Can an Oyster Card be hacked? As i was leaving the tube yesterday a security guard scanned my oyster card with a handheld device just before I was about to scan out through the barrier.

This made me wonder why?.. what was it his handheld scanner would show that the normal barrier scanner couldn't pickup. The only thing i could think of was that somehow oyster cards can be faked and he was checking the status of the card against the main central database.

Oyster card?
if your wondering what an oyster card is.. its a new contactles smartcard that you use instead of a normal ticket on the london underground. It uses Philips' MIFARE Standard 1k chips provided by G&D and SchlumbergerSema. It is the same contactless smartcard as Touch 'n Go card in Malaysia which is mainly used for tollway fares.
http://en.wikipedia.org/wiki/Oyster_card

I found a MIFARE card writer on ebay.. could this do it?
http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=250134169733

So my question is..
1.) can Oyster cards be hacked and faked?
2.) How would it be done?