New Key to the World Cards coming soon.

[RSoxNo1]

RFID readers to track guest movement around the parks certainly has value. It's something that could more accurately predict wait times, establish definitive numbers on crowd movement in the parks and out of the parks for busses.

 

[flavious27]

I'm sure Disney thought of security by doing this. But it makes me a little nervous about someone taking my personal information off the card with the RFID card readers. Will we need the wallets that guard against theft?

Easy solution and disney can put some logos on them.

 

[wdwpooh1027]

The Peabody has the RFID..it's pretty cool.

 

[PirateFrank]

Easy solution and disney can put some logos on them.

I doubt that would even be necessary. The only thing Disney would need to put on the RFID card is a unique identifier and a checksum.... The unique identifier would be some encrypted 15-20 digit alpha-numeric number. The checksum is a key so that the server knows how to decode the encrypted number. This way, the only thing that someone would be able to steal off of your card, is this encrypted 15-20 digit alpha-numeric number and the useless checksum.

Without the two, the information is useless. With the two, you would still need access to the central server. Then, whenever you swipe your card or it's referenced by some next-gen tech...the tech decrypts the alpha-numeric identify, references a central server, downloads the information it needs to perform it's function....and performs its function.

I highly doubt disney is going to be placing exploitable data on these rfid tags....not with the liability associated with it.

 

[flynnibus]

I doubt that would even be necessary. The only thing Disney would need to put on the RFID card is a unique identifier and a checksum.... The unique identifier would be some encrypted 15-20 digit alpha-numeric number. The checksum is a key so that the server knows how to decode the encrypted number. This way, the only thing that someone would be able to steal off of your card, is this encrypted 15-20 digit alpha-numeric number and the useless checksum.

ehh.. no workie.

Such a layer of security is no security at all. Because it doesn't alter what is read back from the card. Which means what is read back from the card is easily replayed. And if the checksum is transmitted, it too is easily replayed.

The point is not to read the card - but to simply duplicate what the card answers. aka a replay attack.

As long as the card is static, and doesn't compute responses based on a challenge input - it's simply a radio version of a barcode. Which is what RFID tags are today.

Their sole value is a way of reading an ID without requiring line of sight. They do not offer authentication or identity. Hence, they alone, do not offer any validation of the authenticity of the information presented.

For transactions, Disney may link several different methods to the account to offer the authentication aspect. The simpliest is to require a PIN for purchases - similar to your debit card. For admission media, Disney may do something like photos. This would allow quick scanning, and a limited number of terminals (compared to POS which require many many many more terminals.. where updates would be more expensive).

 

[jmargarone27]

Do they have them at Bay Lake Tower yet?

 

[Ex-Floridian]

ehh.. no workie.

Such a layer of security is no security at all. Because it doesn't alter what is read back from the card. Which means what is read back from the card is easily replayed. And if the checksum is transmitted, it too is easily replayed.

The point is not to read the card - but to simply duplicate what the card answers. aka a replay attack.

As long as the card is static, and doesn't compute responses based on a challenge input - it's simply a radio version of a barcode. Which is what RFID tags are today.

Their sole value is a way of reading an ID without requiring line of sight. They do not offer authentication or identity. Hence, they alone, do not offer any validation of the authenticity of the information presented.

For transactions, Disney may link several different methods to the account to offer the authentication aspect. The simpliest is to require a PIN for purchases - similar to your debit card. For admission media, Disney may do something like photos. This would allow quick scanning, and a limited number of terminals (compared to POS which require many many many more terminals.. where updates would be more expensive).

Being from IT, all the security measures for compliance are done. Else, why would Disney want to open themselves up for a lawsuit. I can't wait looks super cool!

 

[PirateFrank]

ehh.. no workie.

Such a layer of security is no security at all. Because it doesn't alter what is read back from the card. Which means what is read back from the card is easily replayed. And if the checksum is transmitted, it too is easily replayed.

The point is not to read the card - but to simply duplicate what the card answers. aka a replay attack.

As long as the card is static, and doesn't compute responses based on a challenge input - it's simply a radio version of a barcode. Which is what RFID tags are today.

Their sole value is a way of reading an ID without requiring line of sight. They do not offer authentication or identity. Hence, they alone, do not offer any validation of the authenticity of the information presented.

For transactions, Disney may link several different methods to the account to offer the authentication aspect. The simpliest is to require a PIN for purchases - similar to your debit card. For admission media, Disney may do something like photos. This would allow quick scanning, and a limited number of terminals (compared to POS which require many many many more terminals.. where updates would be more expensive).

Whatever, however it works....the point I'm making is that wdw is not going to put exploitable data on those cards....

 

[flynnibus]

Whatever, however it works....the point I'm making is that wdw is not going to put exploitable data on those cards....

The risk is not what's on the card ( that is uninformed fear ) but more in how the information can be easily retrieved by an unauthorized party and then used without authority.

People should think of the RFID as a unique barcode - nothing more. Disney will associate the code of the card with your account. Your account stored in disney's system is where all your info is.

The risk is how presenting your code will authorize access to your 'account'.

They will have to require other forms of verification NOT on the card to authorize use when doing something sensitive. Pin, signature, name, etc

 

[dreamfinder]

The risk is not what's on the card ( that is uninformed fear ) but more in how the information can be easily retrieved by an unauthorized party and then used without authority.

People should think of the RFID as a unique barcode - nothing more. Disney will associate the code of the card with your account. Your account stored in disney's system is where all your info is.

The risk is how presenting your code will authorize access to your 'account'.

They will have to require other forms of verification NOT on the card to authorize use when doing something sensitive. Pin, signature, name, etc

Exactly. The data stored on an RFID card is really no different than your credit card number. (Bear with me for a minute here) Your CC number doesn't actually have any value in it. The number is just a unique ID that tells the POS system what company holds your data, and then the ID that company assigned to you. The value is the information that the CC company holds telling them how to bill you, how much money they think you are worth risking them by loaning it to you (which is what a CC transaction is, a short term loan). So if you can get someones CC number, and find a vendor that doesn't require any additional verification, you can start making charges to their account. This is why so many web sites are asking for the verification number from the back of your card to confirm you have it (not like its not trivial to write it down if you ever actually had possession of the card in question..) and physical vendors often require you to sign the receipt, which gets verified (in theory) by the clerk against the signature on the back of the card.

I believe the same applies to the current KTTW cards. If I recall correctly, they have a unique ID number printed on the front of the card, in addition to being encoded on the strip. This would allow a CM to manually enter the ID number if for some reason the strip isn't working. Once again, the ID number has no value in and of itself, but if entered into their POS system, it allows charges to go against that record in their DB.

So an RFID KTTW card only stores a copy of a unique database entry called a primary key, and then uses that key to find out who you are, and either determine if you have rights to enter this hotel room, or if you are allowed to charge against the account. If they were being lazy, they wouldn't do anything beyond that, and then it would be a risk. If the RFID could be read from a distance using the tunnels discussed, then a bad guy could in theory create his own slightly smaller tunnel, and simply walk around DTD grabbing the RFID data from the guests. Rewrite that data to a card, and then try to swipe the card at the pretzel stand. If it fails, oops sorry, my card my be bad, hold the pretzel while I go figure it out. If it works, they know they have a card they could possibly use to buy big ticket items. However, they can simply require a second factor to authenticate that the card does belong to the user. Something as simple as a 4 digit code printed on the card, much the same way some vendors ask to see your card to enter the last 4 digits. The CM at the POS would need to enter this code or confirm it matches what the POS displays. This is a low tech quick way to ensure that the person using the card had physical access to it. Nothing to stop a rogue CM at a restaurant from writing both down, but we have eliminated the ability of some random guest to sniff RFID cards. Or stick with the signature on the back of the card, or heck, take a picture and show the picture on the POS terminal. If it doesn't match, no sale.

Sniffing cards for room entry is a much riskier proposition. The bad guy would need to know what room you left for it to have any value. Simply having the unique ID from the card would do nothing, unless they know what resort and room you are staying in. This requires them to physically lurk outside in a hallway until you walk by them. Much greater chance of getting caught, and the odds that there is nothing valuable in the room are decent.

 

[flavious27]

Exactly. The data stored on an RFID card is really no different than your credit card number. (Bear with me for a minute here) Your CC number doesn't actually have any value in it. The number is just a unique ID that tells the POS system what company holds your data, and then the ID that company assigned to you. The value is the information that the CC company holds telling them how to bill you, how much money they think you are worth risking them by loaning it to you (which is what a CC transaction is, a short term loan). So if you can get someones CC number, and find a vendor that doesn't require any additional verification, you can start making charges to their account. This is why so many web sites are asking for the verification number from the back of your card to confirm you have it (not like its not trivial to write it down if you ever actually had possession of the card in question..) and physical vendors often require you to sign the receipt, which gets verified (in theory) by the clerk against the signature on the back of the card.

I believe the same applies to the current KTTW cards. If I recall correctly, they have a unique ID number printed on the front of the card, in addition to being encoded on the strip. This would allow a CM to manually enter the ID number if for some reason the strip isn't working. Once again, the ID number has no value in and of itself, but if entered into their POS system, it allows charges to go against that record in their DB.

So an RFID KTTW card only stores a copy of a unique database entry called a primary key, and then uses that key to find out who you are, and either determine if you have rights to enter this hotel room, or if you are allowed to charge against the account. If they were being lazy, they wouldn't do anything beyond that, and then it would be a risk. If the RFID could be read from a distance using the tunnels discussed, then a bad guy could in theory create his own slightly smaller tunnel, and simply walk around DTD grabbing the RFID data from the guests. Rewrite that data to a card, and then try to swipe the card at the pretzel stand. If it fails, oops sorry, my card my be bad, hold the pretzel while I go figure it out. If it works, they know they have a card they could possibly use to buy big ticket items. However, they can simply require a second factor to authenticate that the card does belong to the user. Something as simple as a 4 digit code printed on the card, much the same way some vendors ask to see your card to enter the last 4 digits. The CM at the POS would need to enter this code or confirm it matches what the POS displays. This is a low tech quick way to ensure that the person using the card had physical access to it. Nothing to stop a rogue CM at a restaurant from writing both down, but we have eliminated the ability of some random guest to sniff RFID cards. Or stick with the signature on the back of the card, or heck, take a picture and show the picture on the POS terminal. If it doesn't match, no sale.

Sniffing cards for room entry is a much riskier proposition. The bad guy would need to know what room you left for it to have any value. Simply having the unique ID from the card would do nothing, unless they know what resort and room you are staying in. This requires them to physically lurk outside in a hallway until you walk by them. Much greater chance of getting caught, and the odds that there is nothing valuable in the room are decent.

My concern with the rfid cards going to be used at wdw is how well their secondary verification will be and how strong it will be. I can see alot of good use for having a rfid chip on me at wdw to enhance the experience. Not securing the ability to make purchases on my kttw card is not enhancing it. They could have a qr code on the back of the card that gets scanned when they place it on a rfid rd reader.

 

[monothingie]

The range is actually based on the receiver, from what I understand. There's an RFID expert lurking on these boards, so hopefully I don't stick my foot in my mouth.

But the receivers in the doorknobs is extremely weak. The RFID chip (which is embedded in your KttW card) must be within an inch (or less) of the sensor for it to work. It's all based on proximity.

Now, when they build these "tunnels", the proximity readers in them will have a wide angle of scanning, and a powerful signal reception strength. So, since you exit just about every ride or attraction through a minimum of a pair of doors (6' wide, 7' tall), there would be an array of sensors around that opening that could create sort of a "wall of reception" that you walk through (think of passing through the mist effect in Pirates).

So, no, your card can't open your room door unless the card is physically placed next to the sensor. And your card won't be randomly charged for a churro just by walking by the churro cart when someone else is buying one. You'll have to tap it on the terminal when you are making a purchase.

Having had done this for about 6 years, your foot came nowhere close to your mouth. Nice explanation.

From the looks of the readers they are probably made by HID. They are the leader in developing these type systems. Access control/Cashless Systems/Inventory Control/etc.

I've heard some posts that mentioned an operational range of about 1M, that would be under ideal circumstances, assuming minimal or no obstructions between tag and reader (plastic on the reader is an obstruction that decreases the operational range) Under normal operating conditions such a passive system would have a realistic range of about 0-3 inches. Chances are a persons wallet would provide enough insulation to make the card virtually unreadable from outside its confines

For perspective the type of RF Receivers you would need for such large scale passive applications (inventory control) it wold require a significantly larger sized tag to be read at such distances. These tags would be affixed to paper or plastic labels and would be several inches large.

For systems that require operability over large distances, and active RFID system would be needed. This would be a system similar to and ETC (Electronic Toll Collection) System such as EZPass, where each tag contains a battery, and the readers signal is more directional.