|
Conflict of Oyster Cards
|
Conflict of Oyster Cards
On Jan 30, 10:45*am, Paul Terry wrote: In message , ticketyboo writes The access control suppliers really should move on beyond Mifare Classic for new smart card installations. OK, the simple hack of access control systems has attacked those that do not even use the security functions available with Mifare Classic (they attack schemes that only read the card serial number), but attackers quickly learn more. Access control should use Mifare DESFire and AES encryption now, with provision for Mifare Plus (also in its AES version) later (because Mifare Plus cards will cost less). The new Freedom Passes currently being issued use the Desfire 4K chipset, in order to allow for future ITSO compatability. I gather that Oyster readers were upgraded to read the new Desfire chip at the end of last year. This presumably was a software/firmware update, as opposed to any physical modification - the latter would've entailed an enormous programme of works! |
Conflict of Oyster Cards
In message
, Mizter T writes On Jan 30, 10:45*am, Paul Terry wrote: The new Freedom Passes currently being issued use the Desfire 4K chipset, in order to allow for future ITSO compatability. I gather that Oyster readers were upgraded to read the new Desfire chip at the end of last year. This presumably was a software/firmware update, as opposed to any physical modification - the latter would've entailed an enormous programme of works! I'm not sure. According to the October issue of Freedom Pass News: "We have had to wait for this opportunity while TfL colleagues amended their gate and reader network for the new generation cards. So far approximately 15 Underground/Overground stations have been completed and approximately 4,000 of the 8,500 bus gate readers have been updated." This sounds as though the update was more than just a simple data dump from the central system, but it may have just involved flashing the firmware in individual readers rather than physical changes, as the whole process was finished and tested before Christmas. TfL have also had to supply at least 1.2 million cards for the changeover, as the old ones cannot be renewed and will all cease to work on 31st March (as it is a legal requirement for all Concessionary Bus Travel cards to be ITSO compatible from April). It seems astonishing that the testing went so smoothly, especially given that the cards have only a single chip that can hold both Oyster and ITSO data (two chips on one card was deemed too expensive). But I guess that the Freedom Pass is a very simple implementation of Oyster, and I doubt that the ITSO part has been tested at all, given that the only working ITSO ticket scheme I know of is on Blackpool Borough Council buses! -- Paul Terry |
Conflict of Oyster Cards
On Fri, 29 Jan 2010 23:26:57 -0800, ticketyboo wrote:
On Jan 29, 8:23Â*pm, Matthew Geier wrote: Â*The people who make the 'access control' system at my work have said they want to replace the mag-strip readers with MiFare Classic readers and replace all our cards. The access control suppliers really should move on beyond Mifare Classic for new smart card installations. I assume they are concerned more with the price of the cards than actual real security. The current mag cards can be cloned, so can the MiFare classic, so from that point it's bought nothing. I suspect their main concern is the maintenance - the mag readers need regular cleaning of the read heads and wear out and thus need replacing after a time. The cards wear out from constant swiping. RFID gets rid of a lot of maintenance. The system is designed around simply reading the serial number of the card and consulting a database, so they won't be using any of the other 'smart' features either with out a significant redesign of the system. It's really just a cost cutting exercise. |
Conflict of Oyster Cards
"Paul Terry" wrote It seems astonishing that the testing went so smoothly, especially given that the cards have only a single chip that can hold both Oyster and ITSO data (two chips on one card was deemed too expensive). But I guess that the Freedom Pass is a very simple implementation of Oyster, and I doubt that the ITSO part has been tested at all, given that the only working ITSO ticket scheme I know of is on Blackpool Borough Council buses! Presumably London buses will be able to read bus passes issued outside London. Peter |
Conflict of Oyster Cards
On Fri, 29 Jan 2010, CJB wrote:
Recently I obtained a Hillingdon Community Services card which doubles as a Library user's card. And put it into the same card wallet as my Oyster card - in which I also keep my bank card. Suddently my Oyster card stopped working on trains and buses, and even the Heathrow Connect portable validators wouldn't recognise it - to considerable embarrasment. The culprit was the Hillingdon Community Services card - which seems to use the same technology as Oyster and was causing a confict. An irritation 'cos now I have to keep them in separated. CJB. My entry card at UCL was the same. I asked my building manager about it, and he said that it was okay if i tapped my Oyster on the building reader, as long as i remembered to touch out later. He had a *very* good straight face. tom -- I know thats not really relevant but I've just typed the words and my backspace key doesn't work. -- phorenzik |
Conflict of Oyster Cards
|
Conflict of Oyster Cards
On Jan 30, 6:25*pm, Paul Terry wrote:
In message , Mizter T writes On Jan 30, 10:45*am, Paul Terry wrote: The new Freedom Passes currently being issued use the Desfire 4K chipset, in order to allow for future ITSO compatability. I gather that Oyster readers were upgraded to read the new Desfire chip at the end of last year. This presumably was a software/firmware update, as opposed to any physical modification - the latter would've entailed an enormous programme of works! I'm not sure. According to the October issue of Freedom Pass News: "We have had to wait for this opportunity while TfL colleagues amended their gate and reader network for the new generation cards. So far approximately 15 Underground/Overground stations have been completed and approximately 4,000 of the 8,500 bus gate readers have been updated." This sounds as though the update was more than just a simple data dump from the central system, but it may have just involved flashing the firmware in individual readers rather than physical changes, as the whole process was finished and tested before Christmas. TfL have also had to supply at least 1.2 million cards for the changeover, as the old ones cannot be renewed and will all cease to work on 31st March (as it is a legal requirement for all Concessionary Bus Travel cards to be ITSO compatible from April). It seems astonishing that the testing went so smoothly, especially given that the cards have only a single chip that can hold both Oyster and ITSO data (two chips on one card was deemed too expensive). But I guess that the Freedom Pass is a very simple implementation of Oyster, and I doubt that the ITSO part has been tested at all, given that the only working ITSO ticket scheme I know of is on Blackpool Borough Council buses! From a Cubic man about 18 months ago: latest model gates being produced then still did not have a controller able to handle ITSO, but next upgrade to the controller (needing hardware change: more memory, possibly more powerful processor) would be a drop-in replacement. Then the older the gate, the more difficult it will be to upgrade it. ITSO testing? There are services available to do that (but the ITSO Ltd / Integri certification service doesn't include full functional testing - AIDC in Barnsley is working up to doing that), and I would expect Cubic to also do it themselves. But the new Freedom passes of course also do need testing for ITSO use outside London, and I'm trying to find out if a reported problem in that operating environment has been fixed (nobody seemed to be taking ownership of the problem a couple of months ago, with ITSO Ltd being a headless chicken until last week when a new CEO took over with DfT funding). At least half of the buses in Lancs/Cumbria/Blackpool/Blackburn (NoWcard scheme) are reported as now accepting ITSO on Mifare Classic and on DESFire, although some have trouble with the Bracknell microprocessor card. NoWcard is currently going through a core back office upgrade procurement process. |
Conflict of Oyster Cards
On 30 Jan 2010 00:29:48 GMT someone who may be "Michael R N Dolbear"
wrote this:- obviously you should wrap the Singapore card in tinfoil - err aluminium foil - like an RFID passport. Sleeves and wallets are available [1]. Anyone who does not have their passport/card(s) in one, and thus is able to know when it is read, is taking a risk which will only become greater over time. [1] for example http://www.smartcardfocus.com/shop/ilp/se~102/p/index.shtml -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000...#pt3-pb3-l1g54 |
Conflict of Oyster Cards
On Fri, 29 Jan 2010 15:08:26 -0800 (PST) someone who may be D7666
wrote this:- And if you bothered to read the user information when you got the oyster card it tells to do EXACTLY that - keep it away from other cards. I don't recall any information being provided with the cards our group got in December, we bought 25-30 of the things. However, they are not the ones one has to leak personal information to Boris for. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000...#pt3-pb3-l1g54 |
| All times are GMT. The time now is 02:03 AM. |
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright ©2004-2006 LondonBanter.co.uk