Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: David Buehrer <dbuehrer@******.CARL.ORG>
Subject: Smart Card or Key Card
Date: Tue, 27 Oct 1998 12:11:39 -0700
There're two types of money cards: smart cards which have a chip which
stores all the information, and key cards which store the information
required to access the owners account on a magnetic strip.

Which one of the above methods is used in Shadowrun? This area is not one
of my strong suites in SR.

<omygod a leggy babe in a short skirt just walked across the parking
lot outside my window>

<put's tongue back in mouth>... where whas I?

Oh yeah :)

IIRC a credstick has the monatary information stored directly on the
stick and can be accessed by whoever has the stick.

IMHO a SIN card would probably just have the access information stored
on it and the owner's monatary info would reside in the banks system
(accessible with the card and the owner's thumb print and password).

-David B.
--
"Earn what you have been given."
--
email: dbuehrer@******.carl.org
http://www.geocities.com/TimesSquare/1068/homepage.htm
Message no. 2
From: HAUPT ULRICH FB08 <sandman@****.UNI-OLDENBURG.DE>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 09:50:47 MEZ-1MESZ
On Tue, 27 Oct 1998 12:11:39 -0700 David Buehrer wrote:

> There're two types of money cards: smart cards which have a chip which
> stores all the information, and key cards which store the information
> required to access the owners account on a magnetic strip.
>
> Which one of the above methods is used in Shadowrun? This area is not one
> of my strong suites in SR.
Since in VR(2) only optical discs and optical chips are mentioned I
assume chips are used in credsticks and I'd say they will use
holographic memory!


> <omygod a leggy babe in a short skirt just walked across the parking
> lot outside my window>
I'm sure you made a picture and stick it into your web page ;_)

> <put's tongue back in mouth>... where whas I?
I said nothing

>
> Oh yeah :)
>
> IIRC a credstick has the monatary information stored directly on the
> stick and can be accessed by whoever has the stick.
>
> IMHO a SIN card would probably just have the access information stored
> on it and the owner's monatary info would reside in the banks system
> (accessible with the card and the owner's thumb print and password).
Since you can exchange money directly from stick to stick I'd say
that there are at least some security information in the credstick.
Otherwise a decker hanging in the matrix could grap all the
information about retina, thumb print and password while the owner of
the credstick is performing a transaction. But looking at it with
this point of you could be right because during the transfer SOME
information has to betransferred to the bank.

Cash will never die because sticks and cards do not survive the
washing-machine. Everbody needs a money-laundery outfit from time to
time.


> -David B.

Sandman
Message no. 3
From: Gurth <gurth@******.NL>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 09:56:18 +0100
According to David Buehrer, at 12:11 on 27 Oct 98, the word on the street was...

> There're two types of money cards: smart cards which have a chip which
> stores all the information, and key cards which store the information
> required to access the owners account on a magnetic strip.
>
> Which one of the above methods is used in Shadowrun? This area is not one
> of my strong suites in SR.

Both, I'd say. Normal credsticks would access accounts just like modern
bank cards (regardless of whether they have a magnetic strip or a chip on
them) do, while certified credsticks store the money on the stick.

Perhaps a better way of making certified credsticks would be to only
include a pointer on the stick to an account that only needs a code
embedded in the credstick to take money off the account. This makes it
much harder to add money to a certified credstick simply by hooking it up
to a PC and tampering with it.

> <omygod a leggy babe in a short skirt just walked across the parking
> lot outside my window>
>
> <put's tongue back in mouth>... where whas I?

Weren't you married? :)

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html
Een beetje van jezelf en een beetje van magie.
-> NERPS Project Leader * ShadowRN GridSec * Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-
-> The New Character Mortuary: http://www.electricferret.com/mortuary/ <-

GC3.1: GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+
PE Y PGP- t(+) 5++ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 4
From: David Buehrer <dbuehrer@******.CARL.ORG>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 07:46:46 -0700
For the mere cost of a Thaum, Gurth wrote:
/
/ According to David Buehrer the word on the street was...
/
/ Perhaps a better way of making certified credsticks would be to only
/ include a pointer on the stick to an account that only needs a code
/ embedded in the credstick to take money off the account. This makes it
/ much harder to add money to a certified credstick simply by hooking it up
/ to a PC and tampering with it.

But, if you can pull the code off the chip that can give a decker
direct access to the bank's accounts. A card is safeguarded because the
owner's password and thumbprint is needed. So if you get the account
information off the card you still need to work to get to the account.
AFAIK (remember, not a strong suit of mine :) credsticks can be used by
anyone and don't need passwords and such.

Hmm.. Now that I think of it, credsticks aren't very appealing.

/ > <omygod a leggy babe in a short skirt just walked across the parking
/ > lot outside my window>
/ >
/ > <put's tongue back in mouth>... where whas I?
/
/ Weren't you married? :)

Still am (just celebrated our first anniversary last month :). But
this was one of those women that could turn a blind man's head. And
only my eyes wandered. My body heart and soul still belong to my
wife. It was just a Baywatch moment ;)

-David B.
--
"Earn what you have been given."
--
email: dbuehrer@******.carl.org
http://www.geocities.com/TimesSquare/1068/homepage.htm
Message no. 5
From: Lehlan Decker <DeckerL@******.COM>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 10:06:12 -0400
<SNIP Smart Cards>
Just my .02 cents. This goes back to my personal theory,
that sometimes, technology doesn't make your life safer or
more secure.

<Quoth David B>
>Still am (just celebrated our first anniversary last month :). But
>this was one of those women that could turn a blind man's
>head. And
>only my eyes wandered. My body heart and soul still belong to
>my wife. It was just a Baywatch moment ;)

Amen to that. My Sig other's and mine's rule is we're both
allowed to look, hell even comment occasionally, just no
touching. Besides my usual line is "But honey, she walked
in front of me, I mean really what was I spose to do, close my
eyes and look away?". Needless to say it doesn't always work. :)
------------------------------------------------------------------------------------
Lehlan Decker, Unix Admin (704)331-1149
deckerl@******.com Fax 378-1939
Moore & Van Allen, PLLC Pager 1-888-608-9633
Message no. 6
From: Gurth <gurth@******.NL>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 19:57:36 +0100
According to David Buehrer, at 7:46 on 28 Oct 98, the word on the street was...

> / Perhaps a better way of making certified credsticks would be to only
> / include a pointer on the stick to an account that only needs a code
> / embedded in the credstick to take money off the account. This makes it
> / much harder to add money to a certified credstick simply by hooking it up
> / to a PC and tampering with it.
>
> But, if you can pull the code off the chip that can give a decker
> direct access to the bank's accounts. A card is safeguarded because the
> owner's password and thumbprint is needed. So if you get the account
> information off the card you still need to work to get to the account.
> AFAIK (remember, not a strong suit of mine :) credsticks can be used by
> anyone and don't need passwords and such.

_Certified_ credsticks can be used by everyone. Normal credsticks require
validation, like a code, a fingerprint, or other check (check your SR3
page 239 for info) to access the money "on" them.

However, it would make much more sense to me that a certified credstick
would only access money on a bank account as well, at least in an era
where computer crime is rampant and the tech to commit it (at least at the
lower end of the scale) is available to just about everybody. I would
imagine the certified credstick's code only working when the credstick
itself is present, so only having the code doesn't help.

There is _always_ a way around these protections, for the simple reason
that people have to be able to use the credstick. I think what banks would
go for is a protection that's too difficult to crack for a casual thief.

> Hmm.. Now that I think of it, credsticks aren't very appealing.

Nope, and neither is normal money if you really look at it :)

> / Weren't you married? :)
>
> Still am (just celebrated our first anniversary last month :). But
> this was one of those women that could turn a blind man's head. And
> only my eyes wandered. My body heart and soul still belong to my
> wife. It was just a Baywatch moment ;)

In that case, count me out :)

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html
Een beetje van jezelf en een beetje van magie.
-> NERPS Project Leader * ShadowRN GridSec * Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-
-> The New Character Mortuary: http://www.electricferret.com/mortuary/ <-

GC3.1: GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+
PE Y PGP- t(+) 5++ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998
Message no. 7
From: David Buehrer <dbuehrer@******.CARL.ORG>
Subject: Re: Smart Card or Key Card
Date: Wed, 28 Oct 1998 13:15:02 -0700
For the mere cost of a Thaum, Gurth wrote:
/
/ According to David Buehrer the word on the street was...
/
/ > / Perhaps a better way of making certified credsticks would be to only
/ > / include a pointer on the stick to an account that only needs a code
/ > / embedded in the credstick to take money off the account. This makes it
/ > / much harder to add money to a certified credstick simply by hooking it up
/ > / to a PC and tampering with it.
/ >
/ > But, if you can pull the code off the chip that can give a decker
/ > direct access to the bank's accounts. A card is safeguarded because the
/ > owner's password and thumbprint is needed. So if you get the account
/ > information off the card you still need to work to get to the account.
/ > AFAIK (remember, not a strong suit of mine :) credsticks can be used by
/ > anyone and don't need passwords and such.
/
/ _Certified_ credsticks can be used by everyone. Normal credsticks require
/ validation, like a code, a fingerprint, or other check (check your SR3
/ page 239 for info) to access the money "on" them.

Whoops. Thank you for enlightening me Guru Gurth :)

/ However, it would make much more sense to me that a certified credstick
/ would only access money on a bank account as well, at least in an era
/ where computer crime is rampant and the tech to commit it (at least at the
/ lower end of the scale) is available to just about everybody. I would
/ imagine the certified credstick's code only working when the credstick
/ itself is present, so only having the code doesn't help.

But if you have the code you can deck into the account and increase the
ammount of available funds. Then you can use the certified credstick
to do some real shopping.

/ There is _always_ a way around these protections, for the simple reason
/ that people have to be able to use the credstick. I think what banks would
/ go for is a protection that's too difficult to crack for a casual thief.
/
/ > Hmm.. Now that I think of it, credsticks aren't very appealing.
/
/ Nope, and neither is normal money if you really look at it :)

:) Point taken.

-David B.
--
"Earn what you have been given."
--
email: dbuehrer@******.carl.org
http://www.geocities.com/TimesSquare/1068/homepage.htm
Message no. 8
From: Gurth <gurth@******.NL>
Subject: Re: Smart Card or Key Card
Date: Thu, 29 Oct 1998 10:42:06 +0100
According to David Buehrer, at 13:15 on 28 Oct 98, the word on the street was...

> / However, it would make much more sense to me that a certified credstick
> / would only access money on a bank account as well, at least in an era
> / where computer crime is rampant and the tech to commit it (at least at the
> / lower end of the scale) is available to just about everybody. I would
> / imagine the certified credstick's code only working when the credstick
> / itself is present, so only having the code doesn't help.
>
> But if you have the code you can deck into the account and increase the
> ammount of available funds. Then you can use the certified credstick
> to do some real shopping.

I would imagine that the accounts are glaciers, and that just having the
code would not be enough to find the account. A smart bank would set it up
in such a way that the code itself does not point to the account, but (for
example) has to be decoded, processed, reprocessed, etc. a few times
before it returns the actual account location in the system.

An alternative would be for the decker to simply find the certified
credstick accounts and simply writer money onto _all_ of them, but this
should be hard enough in itself if there's enough IC at low enough
thresholds.

Like I said before, the best protection is probably to make this too
difficult for people to do without a lot of effort, rather thantry and
make it completely tamper-proof.

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html
Een beetje van jezelf en een beetje van magie.
-> NERPS Project Leader * ShadowRN GridSec * Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-
-> The New Character Mortuary: http://www.electricferret.com/mortuary/ <-

GC3.1: GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+
PE Y PGP- t(+) 5++ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
Incubated into the First Church of the Sqooshy Ball, 21-05-1998

Further Reading

If you enjoyed reading about Smart Card or Key Card, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.