NatWest card reader
in [UK Linux]
|
From: Tim Southerwood on 10 Jul 2007 05:13 Gordon wrote: > "Dave Liquorice" <new5pam(a)howhill.com> wrote in message > news:nyyfbegfubjuvyypbz.jkyrhr0.pminews(a)srv1.howhill.net... >> On Tue, 10 Jul 2007 08:00:49 +0100, Dejanews Fan wrote: >> >>>> Just received magazine from NatWest which mentions they're bringing out >>>> card readers for extra security on home banking >>> >>> You sure this isn't a standalone device? >> >> It is. A small handheld device that reads your chip 'n pin card producing >> an eight digit number you feed to the online banking website. >> >> http://www.newsroom.barclays.co.uk/content/Detail.asp?ReleaseID=1013&NewsA >> reaID=2 >> >> http://blog.jazzle.co.uk/why-i-might-leave-my-bank-the-natwest-card-reader >> > > If this reader has no connection to Natwest, how does the website know > that the (presumably random) number that its generated is correct? Hi, Same way that your car knows that the random number that your radio keyfob is sending is valid. Pseudo random sequence is one technique, where both ends have the same algorithm - this stops replay attacks. There are probably other ways too. Cheers Tim
From: John Taylor on 10 Jul 2007 05:20 Gordon wrote: > "Dave Liquorice" <new5pam(a)howhill.com> wrote in message > news:nyyfbegfubjuvyypbz.jkyrhr0.pminews(a)srv1.howhill.net... >> On Tue, 10 Jul 2007 08:00:49 +0100, Dejanews Fan wrote: >> >>>> Just received magazine from NatWest which mentions they're bringing out >>>> card readers for extra security on home banking >>> You sure this isn't a standalone device? >> It is. A small handheld device that reads your chip 'n pin card producing >> an eight digit number you feed to the online banking website. >> >> http://www.newsroom.barclays.co.uk/content/Detail.asp?ReleaseID=1013&NewsA >> reaID=2 >> >> http://blog.jazzle.co.uk/why-i-might-leave-my-bank-the-natwest-card-reader >> > > If this reader has no connection to Natwest, how does the website know that > the (presumably random) number that its generated is correct? > > A number of years ago, I used to use a similar device to log in to a secure network. The card is synchronised with the base system, and part of the number was fixed. The number displayed used to change every minute or so. I assume that the system uses a combination of the time, and a random seed to generate a unique hash that can be calculated by both devices.
From: Ewan Mac Mahon on 10 Jul 2007 08:45 On Tuesday, 10 July, Gordon wrote: > "Dave Liquorice" <new5pam(a)howhill.com> wrote in message > news:nyyfbegfubjuvyypbz.jkyrhr0.pminews(a)srv1.howhill.net... >> On Tue, 10 Jul 2007 08:00:49 +0100, Dejanews Fan wrote: >> >>>> Just received magazine from NatWest which mentions they're bringing out >>>> card readers for extra security on home banking >>> >>> You sure this isn't a standalone device? >> >> It is. A small handheld device that reads your chip 'n pin card producing >> an eight digit number you feed to the online banking website. >> > > If this reader has no connection to Natwest, how does the website know that > the (presumably random) number that its generated is correct? > > The NatWest site says that you enter an 'authorisation number' into the cardreader, and it then generates another number, which you enter into the site, which makes it look like a challenge-response arrangement. If the response generated based on the 'authorisation number' and the data from the card matches what the bank has generated from the same starting point then it proves that you have both the authorisation number (which stops replay attacks) and access to the card. Or, in an alternative way of looking at it, it /is/ connected to NatWest through a low bandwidth, serial, digital link :-) Ewan
From: Chris on 10 Jul 2007 12:27 Andy Burns wrote: > On 10/07/2007 08:00, Dejanews Fan wrote: > >> Chris wrote: >>> Just received magazine from NatWest which mentions they're bringing >>> out card >>> readers for extra security on home banking (www.natwest.com/reader). >> >> You sure this isn't a standalone device? > > A friend has one already, it *is* completely standalone, like a small > calculator with a slot for your card to let it read the chip. Thanks to all. I did a search at work and found a couple of articles (Computer Weekly, etc.) on the banks' plans for bringing these in. Yes, they are stand-alone. According to CW, German banks have had a similar paper-based system for many years, but I've never seen any site ask for this sort of data (it's difficult enough finding any German site that accepts cards at all!) Presumably it's only if you have a relevant bank's card that it would ask for the digits - but how does it know if you have such a device? Talking to a colleague, according to him the banks have their own implementations of the devices. -- Chris
From: Paul Cager on 10 Jul 2007 18:13
Chris wrote: > Andy Burns wrote: > >> On 10/07/2007 08:00, Dejanews Fan wrote: >> >>> Chris wrote: >>>> Just received magazine from NatWest which mentions they're bringing >>>> out card >>>> readers for extra security on home banking (www.natwest.com/reader). >>> You sure this isn't a standalone device? >> A friend has one already, it *is* completely standalone, like a small >> calculator with a slot for your card to let it read the chip. > [...] > Talking to a colleague, according to him the banks have their own > implementations of the devices. > By the way, the devices are interchangeable - you could use a Nat West one for Barclays and vice-versa. |