web/boltcard
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Update CARD_PRIVACY.md

Browse source
This commit is contained in:
Peter Rounce 2023-04-15 10:50:35 +01:00 committed by GitHub
parent e249324e64
commit 2165e248ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

35
docs/CARD_PRIVACY.md
View file

@ -1,6 +1,10 @@
# Card Privacy
## Brief
## Payment tracking
This document describes the different levels of privacy possible with bolt card implementations.
## Card NDEF
The URI that is programmed into the card and returned as the NDEF consists of three parts.
1. The static part
@ -23,7 +27,32 @@ lnurlw://card.yourdomain.com/ln?p= &c=
| encrypted | unique id and counter values encrypted by the card |
| authentication | a value to authenticate that the entire URI is as generated by the card |
## NXP NTAG424DNA features
## Card privacy levels
## Implementation
In order for the system to work, the card must provide the point-of-sale with a URL for the backend server.
For maximum privacy, it should not be possible for the point-of-sale to identify the card any further than this.
Unfortunately, early implementations do not have this fully built out.
You can check your card/s by reading the NDEF value (e.g. with the NXP TagInfo app) to check for a static identifier or a static UID value. This will enable you to find the level of privacy that has been implemented on creating the card.
### Minimal privacy (aka tracker)
An identifier is included in the static part of the lnurlw.
This is used on the server side to look up the decryption key and the authentication key per card.
This is how early systems were implemented and allows the point-of-sale devices to track the use of the card.
### Good privacy
There is no identifier included in the static part of the lnurlw.
This is made possible by holding the decryption key at database level.
The authentication key is still recorded per card.
This protects against leaking of point-of-sale databases and log files, however, a untrustworthy point-of-sale could still obtain the card UID using proprietary NXP commands.
### Best privacy
There is no identifier included in the static part of the lnurlw.
In addition, the UID field is made inaccessible by NXP proprietary commands by using the Random ID feature.
This protects against individual card tracking by trustworthy and untrustworthy point-of-sale systems.