What mechanism is embedded within, for instance, tram cards that you can use to check in and out of your train ride, that prevents you from copying the signal that is coming from that card ? I could maybe understand this for cards that have an account linked to them (e.g. bank cards or other personalised cards), but what about cards you just [top up](https://en.wikipedia.org/wiki/Stored-value_card?wprov=sfti1) (e.g. [train cards in the Netherlands](https://en.wikipedia.org/wiki/OV-chipkaart?wprov=sfti1)). Why couldn’t you just copy every signal that is coming out of that card and clone it to a different one making a receiving device think you have a topped up card?
In: 0
Secure cards don’t send out a constant code; they’re sent a challenge code and they transform that using a secret on the card before sending it back. Listening in doesn’t tell you the secret and, unless you’re sent the same challenge, you don’t know the correct response.
Latest Answers