What mechanism is embedded within, for instance, tram cards that you can use to check in and out of your train ride, that prevents you from copying the signal that is coming from that card ? I could maybe understand this for cards that have an account linked to them (e.g. bank cards or other personalised cards), but what about cards you just [top up](https://en.wikipedia.org/wiki/Stored-value_card?wprov=sfti1) (e.g. [train cards in the Netherlands](https://en.wikipedia.org/wiki/OV-chipkaart?wprov=sfti1)). Why couldn’t you just copy every signal that is coming out of that card and clone it to a different one making a receiving device think you have a topped up card?
In: 0
In a well designed system, the data sent is different every single time and based on secret data the card doesn’t externally expose.
Eg, reader tells the card: “Here’s a number: 23475325”. And the card answers back: “Here’s my answer: 987323472”.
There’s some internal algorithm and secret that’s known both by the reader and the card. The reader uses a different random number every time, so just listening to the conversation doesn’t let you clone the card.
Latest Answers