Matthew Geier wrote

On Fri, 29 Jan 2010 06:31:42 -0800, ticketyboo wrote:


- But, if more than one of those cards collects enough power to
operate,
the terminal then has to use the anti-collision mechanism specified
by
the standard (ISO 14443 in the case of Oyster and bank payment
cards -
and also for ITSO cards) in order to identify all the operating
cards,
send the ones that it doesn't want to communicate with to sleep,
and
then carry out its transaction.

My experience with having a (new) Singapore CEPAS ezlink in my
wallet is
an Oyster terminal says 'multiple cards presented' and then won't
continue until you remove the other cards from it's field so it only
sees
one.

And the Singapore card has a better antenna - I discovered that the
LU
gates were still getting upset - I had removed my oyster from my
wallet
and was placing it on the reader to open the gates - but as I walked
through the gates beeped. It dawned on me later, the Oyster pad must
have
been getting a response from the Singapore CEPAS card as I walked
through
the gate - at range of over 20cm between my hip pocket and the Oyster

reader pad. (The Oyster card being my my hand or back in my shirt
pocket
by this stage).

obviously you should wrap the Singapore card in tinfoil - err aluminium
foil - like an RFID passport.

But if you want hands-free entrance to your office block and the
anti-collision mechanism isn't implemented properly a lot of card
shuffling is going to have to take place.

--
Mike D

On 29/01/2010 14:31, ticketyboo wrote:
And the terminal does not implement the anti-collision function...

Yikes, I expect it would cost a fair amount to replace all those
readers, which they will have to do when more and more people are
carrying cards with rfid in them (apart from oyster).


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLY42QAAoJEKba9nIFysTLLO8P/A83XJJ/H6tzbI9ZpzDSS11Y
qZzwefd9sbLOxWaZyhK/HAMaThkwBlDJyo7EjhXU9md876vhSKp7me/HzNafGJOF
wS1OGmnNM9n09zHVfhSH5m3bI2hOi94XgqGLXSb4UsGP3kUBuY X9YCneXCPEDnMN
r3y7hXS1EQIvNVlgfWdzgwgac9UDKG62fTVBJcCXfecvY2qmCb rptk5717pmkYBl
XgPMWTN54/CWSUTVwlkvxK9V4njKSgMDcYjMdN+5lxvW2I7kV7lANWbYLHx6 jYJs
aMAjWa1eeupcVCuN4lXrMKBKfSRuZSgvBKKFSFfI6yzO7oAFwq OfWtI2odsBxYfo
x9W/sdJ4XqUcllVHW7whJ2exmH9Prfjq1HvazkvkSGTMlG56vdM0Gp VrT+ndxM0U
lfyS+PeW9NIWLdsuLUSKTdViLgofj953t4SlOZzoe9KQEie8N7 E9PTN+sIb6RlgZ
ayEVDtb9eGd5KxdGPPnUMYiJer1+HqtSHYunLVWB8BL2VZE5M3 88LbWoDHfD/Pj0
uKZrKXLIolMEIm/RoxxW7rSYlRT3wYDPgLZNi9z/t/brzsXyyn31B/FkigWIHcaQ
nktF3gL4PXa7Kqk8injc3M/jsm8w4ry2OmpVABlXaRZNMQGkHZIryEsA/y3+PnQS
aecPr+KKbbjdxXI3yTE5
=JInF
-----END PGP SIGNATURE-----

On Jan 29, 5:00*pm, Stephen Furley wrote:
On 29 Jan, 14:31, ticketyboo wrote:

And the terminal does not implement the anti-collision function...

I have a Smartlink (similar to Oyster) card for PATH in New Jersey.
It works fine with my Oyster card next to it, but the Oyster will
never read unless I take the Smartlink card away. *Not too much of a
problem in this case, since I'm seldom going to want to use both on
the same day, but it could be a real problem as these cards become
more common if you need to carry several around with you, and they
interfere with each other. *Clearly they don't have to do this, as the
Smartlink readers will quite happily ignore the Oyster card.

Which further suggests that indeed today Oyster does not implement the
anti-collision function. Maybe the next generation of Oyster terminals
will do that - they have to be rather more powerful, in order to be
able to handle all of the ITSO card types (about 4 in truth) as well
as Oyster and contactless bank payment).

On Jan 29, 8:23*pm, Matthew Geier
wrote:
On Fri, 29 Jan 2010 02:44:17 -0800, CJB wrote:
embarrasment. The culprit was the Hillingdon Community Services card -
which seems to use the same technology as Oyster and was causing a
confict. An irritation 'cos now I have to keep them in separated.

*This is going to start happening more and more as various other
organisations start using non contact smart cards.

*The people who make the 'access control' system at my work have said
they want to replace the mag-strip readers with MiFare Classic readers
and replace all our cards. Oyster is Mifare Class - so the door reader at
work will one day cause any near by Oyster card to respond as well as the
'proper' access card, with the system probably objecting when it gets
responses from two cards instead of one.

The access control suppliers really should move on beyond Mifare
Classic for new smart card installations. OK, the simple hack of
access control systems has attacked those that do not even use the
security functions available with Mifare Classic (they attack schemes
that only read the card serial number), but attackers quickly learn
more. Access control should use Mifare DESFire and AES encryption now,
with provision for Mifare Plus (also in its AES version) later
(because Mifare Plus cards will cost less).

On Jan 29, 11:53*pm, David E Newton wrote:
martin wrote:
On Jan 29, 10:44 am, CJB wrote:
Recently I obtained a Hillingdon Community Services card which doubles
as a Library user's card. And put it into the same card wallet as my
Oyster card - in which I also keep my bank card. Suddently my Oyster
card stopped working on trains and buses, and even the Heathrow
Connect portable validators wouldn't recognise it - to considerable
embarrasment. The culprit was the Hillingdon Community Services card -
which seems to use the same technology as Oyster and was causing a
confict. An irritation 'cos now I have to keep them in separated. CJB.

A former colleague had similar trouble with his Oyster card and his
season ticket for a football club - Fulham, IIRC.
I think this problem's only going to become more prevalent over the
next few years.

I keep my Oyster and my work pass together. My work barriers can cope
fine with them together, but TFL barriers can't and I have to separate them.

Is my work too lenient or is TFL too strict?

Paraphrasing my comment on an earlier post, Oyster is too simple.

On Jan 30, 1:38*am, Chris Hills wrote:
On 29/01/2010 14:31, ticketyboo wrote:

And the terminal does not implement the anti-collision function...

Yikes, I expect it would cost a fair amount to replace all those
readers, which they will have to do when more and more people are
carrying cards with rfid in them (apart from oyster).

*signature.asc
1KViewDownload

Part of the investment coming about as a result of TfL breaking the
Transys contract at its breakpoint this year is that new investment is
triggered (including some DfT money), which is how all the readers and
embedded controllers in the gates and buses will be upgraded to handle
ITSO and contactless bank payment as well as Oyster.

On 30.01.10 7:22, ticketyboo wrote:
On Jan 29, 5:00 pm, Stephen wrote:
On 29 Jan, 14:31, wrote:

And the terminal does not implement the anti-collision function...

I have a Smartlink (similar to Oyster) card for PATH in New Jersey.
It works fine with my Oyster card next to it, but the Oyster will
never read unless I take the Smartlink card away. Not too much of a
problem in this case, since I'm seldom going to want to use both on
the same day, but it could be a real problem as these cards become
more common if you need to carry several around with you, and they
interfere with each other. Clearly they don't have to do this, as the
Smartlink readers will quite happily ignore the Oyster card.

Which further suggests that indeed today Oyster does not implement the
anti-collision function. Maybe the next generation of Oyster terminals
will do that - they have to be rather more powerful, in order to be
able to handle all of the ITSO card types (about 4 in truth) as well
as Oyster and contactless bank payment).

Are there indeed plans for new oyster readers? I imagine that they would
not look any different from an external point of view.

I wonder if TfL will eventually get rid of the magnetic strip tickets in
favour of disposable SmartCards for single journeys or infrequent trips?

And if you bothered to read the user information when you got the
oyster card it tells to do EXACTLY that - keep it away from other
cards.
Oh - so that's all right then. Thank goodness the customer is at fault for
having only one wallet.

--
Peter 'Prof' Fox
Multitude of things for beer, cycling, Morris and curiosities at
http://vulpeculox.net

In message
,
ticketyboo writes

The access control suppliers really should move on beyond Mifare
Classic for new smart card installations. OK, the simple hack of
access control systems has attacked those that do not even use the
security functions available with Mifare Classic (they attack schemes
that only read the card serial number), but attackers quickly learn
more. Access control should use Mifare DESFire and AES encryption now,
with provision for Mifare Plus (also in its AES version) later
(because Mifare Plus cards will cost less).

The new Freedom Passes currently being issued use the Desfire 4K
chipset, in order to allow for future ITSO compatability. I gather that
Oyster readers were upgraded to read the new Desfire chip at the end of
last year.

--
Paul Terry