Feeds

French train tickets go USB

We don't need no stinkin' ISO7816

Internet Security Threat Report 2014

The French National Railway Company is trialling contactless tickets with USB connections, replacing the ubiquitous ISO7816 for online top-ups and data storage.

The trial, which involves 1,000 tickets, is to start in the autumn in four as-yet-undisclosed regions of France, reports the RFID Journal. SNCF already uses contactless tickets, so no additional infrastructure will be needed to support the new USB-equipped versions, though new servers will offer online topping up of tickets.

The tickets, termed "Smart Objects" to distinguish from "Smart Cards", are coming from wireless start-up Neowave, and have moved away from the traditional credit-card format to accommodate a full-sized USB plug. That change also allows them to squeeze in up to 4GB of memory as well as the ISO1443 RFID circuits needed to work with the existing contactless infrastructure.

Companies have been trying to get their smart cards connected to home computers for decades. American Express even tried handing out free smart card readers to customers for a while, so they could be used to securely authorise transactions - using the PC as a host through which to create a secure connection between the processor on the card and the issuing bank. But such efforts have been hampered by technical support issues and customer reluctance.

Fitting a USB connection would seem to deal with many of the problems - assuming the connection can be made as secure as a traditional ISO7816 connection (ISO7816 is the contact pattern common to chip-based credit cards, and GSM SIMs), but the size presents a problem. A flattened connection can be squeezed onto a fat card (about 2mm), as used by various companies for promotional material, but those are quite fragile and won't survive being shoved into a wallet.

Neowave reckons their Smart Objects can be dropped into a wallet or purse - but at 8mm thick they're going to leave an unsightly bulge in most wallets, and are more suited to a keyring than a back pocket.

The convenience of being able to plug your card into a PC might be worth the additional bulk, but it's going to be a while before USB replaces the ISO7816, which is a relief for anyone who has the pattern tattooed, say on the back of their left hand. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.