Point is: no physical wallet & docs to lose/have stolen/forget at home; and a means of positive ID at all times that could be more difficult to forge and thus be more reliable.
I don’t think a rolling code algorithim works in this case. With your car door opener, your trying to verify if the code is coming from one specific device. In the case of the OP’s RFID, your trying to tell which of many hundreds of millions of chips the code is coming from. Thats a more complicated problem, and I don’t think I see how it can be solved just by reading down a code list.
I don’t think that scheme works in this case either. First, if the RFID system is going to encrypt its signal, its going to have to have a processor and a power-source, which is going to make the unit a lot larger and problamatic to install and maintain. Secondly to encrypt its number it needs a public key from the bank. But if the bank can transmit a public key to the RFID and have it encrypt the number and transmit it back, then so could a thief. Your scheme would keep someone from finding the number by snooping on the signal sent to someone else, but it doesn’t keep someone from stealing the number just by making their own request.
Maybe there’s another algorithim that works, but my suspicion is that the problem is unsolvable. There’s no way for a user to transmit a unique identifier on request and keep that identifier secure.
Memorize your SS# and debit card number, then there’s no need for a physical wallet and you can give banks/medical staff/etc a unique identifier.
As to stealing/forging, see above. I think the new scheme would be substantially more open to theft/forgery then just carrying around a debt card.
If the issue is convenience and security, as the OP suggests, then we already have biometric identification that isn’t invasive and can’t be used for tracking. I mean, my pharmacy has a biometric reader (thumbprints) to activate their point-of-sale computer now. I’ve seen security devices that read handprint pressure, and I’ve read about others that identify based on perspiration and other unique biological markers on the surface of the skin.
I think we are moving towards using mobile phones for a lot of these applications as well, and the downside of that is those CAN be used to track people.
I’m normally pro-technology, stop-whingeing-about-big-brother-your-life-isn’t-that-interesting. But for some reason this gives me the creeps.
For one thing, there’ll be a point where I ask Simon Phoenix what his boggle is, and he’ll realize he just needs my chip to get into the secure area…
I wasn’t suggesting using a rolling code system. It was an analogy. But for that matter, there’s no restriction that the reciever in a rolling code system can only accept one autorized transmitter. My garage door will take 4 remotes. The limit is arbitrary. You could have a million authorized remotes and still run little risk of collisions in the code domain.
Again, the exact implementation of public-key cryptography as used in most current systems is more of an example of how systems exist where intercepting data isn’t useful on its own. But even for a conventional PK implementation, a system that required some onboard processing ability is feasible if it’s implanted. Being housed in a warm, moving, bioelectrical meatsack provides plenty of power options, and there’s no reason it has to be big at all.
My whole point was that the fear of casual “sniffing” is overblown and can be mitigated in many different ways. Even something as simple as requiring a PIN is a huge step in making things difficult for thieves. With a system that has reasonable crypotgraphic protections in place, I’d personally worry very little about it. How little? About as much as I worry about a guy across the street with a big telephoto lens snapping a pic of my house key as I put it up to the lock, and then going and getting a duplicate cut based on the photo. That can be done today, but it’s stupid to fret over.
The rolling code algorithm requires you to keep the remote and the receiver synchronized. You can’t do this if you have millions of receivers and hundreds of millions of remotes running around.
My point is that I don’t think such cryptographic protections exist, even conceptually, for a user to transmit a unique identifier on request and keep that identifier secure. I’d be interested in being corrected if that isn’t the case, but it seems fairly obvious to me that its impossible.
Freaking out the apocalyptic nutballs would be the only thing that would make me consider getting one of these. If these are ever developed I imagine that sooner or later they’ll be monitoring your physical status as well as your purchases. Imagine the spam you’d get: “Your blood pressure is a little high. Why not take out a membership at a Bally’s, eat some Quaker Oats, and talk to your doctor about Lipitor? Also it’s been a little while since you’ve had a shower and Axe body spray is on sale. And I can’t help noticing you didn’t last that long the last time you had sex-” [detactivated]
Annoying, yet…sensible.
I think we’ve found our corporate slogan at LargeSibling, Inc.