Comment Re:I have a OneCard (Score 1) 853
Hello fellow University of Alberta student!
As one of my last projects while obtaining my Computer Engineering degree at the University of Alberta, my group created a card security system. Basically, we got a card reader from the department, attached it to an MC68000 (damn, or was it some other microcontroller? and this was just last year...) and programmed it to read/output information based on the input from the cardreader. For this project, we used the University of Alberta's OneCards (student cards).
This project turned out to be laughably simple. There were two key components:
1. Configuring the card reader to the correct output type so we could decode the input from the OneCards. This took some tinkering.
2. Discovering the slightly illicit document detailing the standards of how magnetic card information is stored.
Once we managed to decode the information from the OneCards, it was simple. We went and talked to the OneCard office (basement of Cameron Library) with regards to our project, and we found out that there is no particular security or encryption on our cards. Our student numbers and other information is just stored as plain text (assuming you can decode the information). As for security, the actual funds/personal information is stored at a central database server. Given the simplicity of the cards themselves, however, I wouldn't put much stock in the effectiveness of security there.
It would seem to me that the security of our OneCard system is based on obscurity. As long as people don't know how it's done, it's safe! And if people start talking about how it's done, shut them up! I would suspect that this issue will become more pertinent once the UofA implements more conveniences/services that use the OneCard (such as the new vending machines that use OneCards).
I would post the specifics of my project, but I don't have them here at work...
As one of my last projects while obtaining my Computer Engineering degree at the University of Alberta, my group created a card security system. Basically, we got a card reader from the department, attached it to an MC68000 (damn, or was it some other microcontroller? and this was just last year...) and programmed it to read/output information based on the input from the cardreader. For this project, we used the University of Alberta's OneCards (student cards).
This project turned out to be laughably simple. There were two key components:
1. Configuring the card reader to the correct output type so we could decode the input from the OneCards. This took some tinkering.
2. Discovering the slightly illicit document detailing the standards of how magnetic card information is stored.
Once we managed to decode the information from the OneCards, it was simple. We went and talked to the OneCard office (basement of Cameron Library) with regards to our project, and we found out that there is no particular security or encryption on our cards. Our student numbers and other information is just stored as plain text (assuming you can decode the information). As for security, the actual funds/personal information is stored at a central database server. Given the simplicity of the cards themselves, however, I wouldn't put much stock in the effectiveness of security there.
It would seem to me that the security of our OneCard system is based on obscurity. As long as people don't know how it's done, it's safe! And if people start talking about how it's done, shut them up! I would suspect that this issue will become more pertinent once the UofA implements more conveniences/services that use the OneCard (such as the new vending machines that use OneCards).
I would post the specifics of my project, but I don't have them here at work...
