64 lines
2.7 KiB
Markdown
64 lines
2.7 KiB
Markdown
# Card Privacy
|
|
|
|
## Payment tracking
|
|
|
|
This document describes the different levels of privacy possible with bolt card implementations.
|
|
|
|
## Card NDEF
|
|
|
|
The URI that is programmed into the card and returned as the NDEF consists of three parts.
|
|
1. The static part
|
|
2. The encrypted part
|
|
3. The authentication part
|
|
|
|
```
|
|
lnurlw://card.yourdomain.com/ln?p=A2EF40F6D46F1BB36E6EBF0114D4A464&c=F509EEA788E37E32 URI example
|
|
|
|
lnurlw://card.yourdomain.com/ln?p= &c= static
|
|
|
|
A2EF40F6D46F1BB36E6EBF0114D4A464 encrypted
|
|
|
|
F509EEA788E37E32 authentication
|
|
```
|
|
|
|
| part | use |
|
|
|------|-----|
|
|
| static | specfying the protocol and service location as a URI |
|
|
| encrypted | unique id and counter values encrypted by the card |
|
|
| authentication | a value to authenticate that the entire URI is as generated by the card |
|
|
|
|
## Card privacy levels
|
|
|
|
In order for the system to work, the card must provide the point-of-sale with a URL for the backend server.
|
|
For maximum privacy, it should not be possible for the point-of-sale to identify the card any further than this.
|
|
|
|
Unfortunately, early implementations do not have this fully built out.
|
|
|
|
You can check your card/s by reading the NDEF value (e.g. with the NXP TagInfo app) to check for a static identifier or a static UID value. This will enable you to find the level of privacy that has been implemented on creating the card.
|
|
|
|
| Privacy level | Static id | UID plaintext|
|
|
| ------------- | --------- | ------------ |
|
|
| minimal | yes | yes |
|
|
| good | no | yes |
|
|
| best | no | no |
|
|
|
|
### Minimal privacy (aka tracker)
|
|
|
|
An identifier is included in the static part of the lnurlw.
|
|
This is used on the server side to look up the decryption key and the authentication key per card.
|
|
This is how early systems were implemented and allows the point-of-sale devices to track the use of the card.
|
|
|
|
### Good privacy
|
|
|
|
There is no identifier included in the static part of the lnurlw.
|
|
This is made possible by holding the decryption key at database level.
|
|
The authentication key is still recorded per card.
|
|
|
|
This protects against leaking of point-of-sale databases and log files, however, a untrustworthy point-of-sale could still obtain the card UID using proprietary NXP commands.
|
|
|
|
### Best privacy
|
|
|
|
There is no identifier included in the static part of the lnurlw.
|
|
In addition, the UID field is made inaccessible by NXP proprietary commands by using the Random ID feature.
|
|
|
|
This protects against individual card tracking by trustworthy and untrustworthy point-of-sale systems.
|