Slashdot Mirror
The Timex Speedpass Watch
RedWolves2 writes "Timex Corporation is developing a watch which incorporates Speedpass technology embedded into it. McDonalds has also partnered with Speedpass with 400 stores in the Chicago area that accept speedpass. Now you can order a value meal like this "You will serve me a Big Mac Meal with a Coke!" (While waving your hand like a Jedi Knight using the Jedi Mind trick)."
It is a little larger then a normal Swatch and you can load it at umpteen or so ski resorts, where it can be used instead of a normal ski pass.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Shell has used this technology for a while now (at least a year) with its "Easypay" system. I haven't seen any fraud stories in the media yet. It uses a PIN number, so an RF intercept alone isn't going to be enough to duplicate a key. Also, its range is only about 10cm.
Battery life is not an issue. The cards seem to be passive, and are powered by an EM field that's generated by te card reader.
They do not have batteries. I'm not exactly sure HOW they work but I haven't seen anyone else explain it either and, you know, this is the net. The answer can't be that difficult.
A web google search didn't turn up much besides this. The Mobil Speedpass is based on Texas Instruments' Registration and Identification System (TIRIS), the first radio-frequency identification (RFID) device used for retail transactions. The system is similar to a remote control but different in that RFIDs transmit a user-specific signal, almost like a wireless PIN number.
But a usenet search turned up a lot, like this post. Ok, a typical device of this type is quite simple in concept. The coil with rod, acts to recieve 100Khz or so RF, which is then rectified to charge a capacitor, to power the rest. There is a small chip in there, which talks to the reader, usually by shorting out the coil for short periods of time, this causes the RF field to change, which can be read by the reader. Another way is for the chip to connect a diode to the coil, this causes the transmitter/reciever to generate a harmonic, at 2* the frequency of the exciting field, this can also be picked up.
Speedpass is a good idea, but all the consumer protections associated with a normal credit card DO NOT APPLY.
According to consumer advocates (one among them being Clark Howard in Atlanta GA) SpeedPass is bad news. If your speedpass device is lost or stolen or in any way abused you are LIABLE for ALL charges. Not so with a real credit card. According to Clark on his syndicated radio show part of the SpeedPass agreement states this (I have not seen it.) A consumer called into Clarks show and relayed that they had to pay over $4000 in bogus charges for a fleet vehicle because one of his employees had lost the SpeedPass. Clark explained to him that there was nothing he could do to help, SpeedPass is built that way. It was clearly fraud but SpeedPass, again, does not offer the protections a credit card does. BE ADVISED, NOT A GOOD IDEA.
Until these clowns step up to the plate and make SpeedPass work identically to a credit card, then forget it.
It's just another version of the no-contact access badges I uses at work. There are only two main components. An antenna/induction loop + a chip. The detector has a charged loop that generates a magnetic field. When passing the card/speedpass within a certain radius of the detector, an inducted current strong enough for the chip to be powered will be generated by the antenna in the card/speedpass. The card/speedpass chip then uses the antenna to generate a coded radio pulse. This pulse is then read by the detector and used to identify the sendor.
As an access key, this system works great. It's cheap & simple, as the intelligence is in the software used to manage the card ID's, not in the cards. For example; if I lose my key, only MY key needs to be canceled. As all the detectors are set at pocket level, I don't even need to have a hand free to open doors.
The only minor bug I've encountered is that you cannot have two cards in the same pocket. They both wake up & send their signal pulse at the same time which corrupts both pulses.
However, as a means to control acces to a credit card, this system really sucks as there is NO AUTHENTIFICATION. All you need is a detector to be able to stealthily read anyones ID. The owner of the speedpass will never even know that the ID has been stolen, after all it never left his pocket/wrist!
Coming up with a device able to resend the purloined ID is within the means of most EE grad students, so I predict that abuse of this system in the very near future.
I certainly won't be using one.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Why can't it be both consious and easy? If the burden of typing in a number can be done away with securely then fantastic! I can buy what I want with less trouble and that's good for everyone.
You mean like this?
They thought of that! Every single Mobil has a live sattelite link.
all charges instantly propogate. If a speedpass moves to fast in geometric space, or too frequently used, spoof is detected and disabled.
Your crack idea only works when all the satellites are not active... and they are always active, at least at rollout.
however if you built a receiver of the emission created when the device is pulsed and captured radio data at 121kHz through 134.2 kHz, you could then LEGALLY build a signature database of all speedpasses and their primitive challenge response logic ladder.
Nothing to crack unless you are merely trying to make bogus unlisted speedpasses with correct checksum and digital crypto signature.
Its called snagging or lifting and is popular in LA county to the tune of several million dollars of fraud last year from credit card/debit card intercepts.
the natural extension is SpeedPass.... if the FCC does not ban them for damaging AM reception first.
in Hong Kong, they have been using the "Octopus Card" for the past 6 or 7 years. It's actually really cool because you can go to the subway station and get one. It is a standard magnetic card that you could use for subway, City buses, vending machines and I believe they had a couple of stores that had them. They started to market the Octopus watches for kids so they won't lose it (as public transportation in HK is a huge business). It would really be nice if we had a system like that here. From the way things look, we may be up to speed in a few more years!
I am a Speedpass user in the Chicago area.
Firstly, the Speedpass needs to be pretty close to the speedpass readers to get your "secret speedpass code". (within a foot or so)
Secondly, McDonalds and Walgreens don't turn their readers on until you tell them you are using Speedpass. You can't just walk past one and have it ring up someone's happy meal.
(The readers are also in Mobil gas stations but are too high up on the pump to be read accidentally)
As to the stolen point kwishot makes, yes it would suck if my speedpass got stolen, but it's attached to my car keys. If it got stolen I'd notice. They'd have to take half of my keychain to get it. I agree it IS a bit less secure than a credit card but somebody could smash my car window and get my Ipass and cruise the tollway free and clear until I noticed the gaping hole in my windshield...
modmemodmemodmemodme-thankyoupleasedrivethrough
MMMmmmmmm....erotic cakes!!! Homer J. Simpson - Treehouse of Horror VI
Heh, user puts on speedpass watch and forgets he/she's wearing it and at a visit to a speedpass supported gas station, walks a wee bit too close to the pumps...
Actually I've been using the Speedpass technology for some time now and, as far as I can see there are many more advantages than disadvantages.
First of all, most of the reasons not to use the speedpass are some what mythical. Take, for example, the one cited above. You can only pump gas while in the general vicinity of the pump. In other words, if you walk a wee bit too close to the pumps they will be active for the 2 seconds you are directly in front of them and no longer active when you walk away.
The other great thing that has been mentioned in some of the posts as a disadvantage is that it is attached to your credit card and it doesn't require a pin/signature. Remember you have ZERO liability for any fraudulent activity that ends up on your credit card. (I know that in actuality there is some minimal legal liability, but here are links from Visa and Mastercard guaranteeing cardholders will have no liability.)
All things considered, I think its pretty cool technology. Like anything there are some risks, but, as far as I can tell, all of these are taken by the big credit card companies leaving you with all the benefits and none of the liability.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
You can only loose what is digitally on the card. Just like loosing your wallet.
I suspect that you did not mean to talk about letting loose or releasing digital currency on a card, just as I hope that you do not go around randomly letting loose or releasing your wallet. On the other hand, one could certainly fail to retain either one of those items. The words you were looking for are lose and losing.
Congratulations! You have been participant #47 in my campaign to rid Slashdot of this error.
Proudly correcting Slashdot's most irritating linguistic error since 2002.