On Mon, 28 Oct 2002, Nick May wrote:
> >The mobile TIX system recognizes the validity of a ticket on the mobile
> >phone via a unique and encrypted picture message, allowing entry to the
> ... sez the webpage - but the 2d pattern they show hardly seems to contain
> enough information for proper "encrypting"....
There seem to be 11 rows of 26 dots (plus a twelfth row at the top
used for synchronization), giving 286 bits of data, or 35.75 bytes.
Presumably there's some error correction in there too, so probably
there's more like 20-28 bytes of data. This is nowhere near enough
to do even a proper signature, much less encryption.
On the other hand, encryption isn't necessary for an application
like this if, when you scan the code, you've got real-time access
to a database containing the codes you've issued. In that case,
eight or even four bytes of information would be plenty.
Looking at the security features they mention:
o Falsification proof
Well, I doubt it. But "highly unlikely to be falsified," yes.
Even for the largest venues, you could have a, say, 70,000 in
2^64 chance of faking a code, which is much harder than faking
a paper ticket. And you'd catch it if someone tried to use it twice,
o blacklist - ticket can only be redeemed once
Easy enough, and sensible enough.
o bound to SIM-Kard of buyer
Now I wonder how they do this? How do you check the SIM card information
in the phone when you scan the code? I don't think you can.
But still, just the fact that the guy can wave the code at the
scanner indicates that the phone's owner has, at some point, received
the bar code. You don't really care if he forwards it to someone
else, any more than you care if someone gives his paper ticket to
someone else, since the tickets can't be used twice.
Curt Sampson <cjs_at_cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
Received on Mon Nov 4 05:50:17 2002