03-13-2018, 07:24 PM
(This post was last modified: 03-13-2018, 07:25 PM by danbrotherston.)
(03-13-2018, 05:01 PM)megabytephreak Wrote: All the new phones with NFC also have a secure element, a separate processor which is supposed to be able to store this kind of info on a user device, without them being able to alter it. This include an ability to load "apps" which are also secure from each other. This emulates the behavior of the processors in the DESfire cards. One of the applications is (eventually) to replace SIM cards with an eSIM functionality, which I understand has similar security requirements to something like a fare card. So from a technical perspective it is supposed to be possible to do the stored value thing securely. I'm not sure how far along the phone vendors are on exposing this functionality though.
Perhaps the bigger issue is that given the locally stored value model, there would need to be a mechanism to move the info from a card to phone, or from phone to phone (i.e. if getting a new phone). And if your phone died, anything stored on it (passes, value) would not be able to be recovered without risk of duplication (how do you prove it it dead). Some sort of revocation mechanism might be possible though, similar to what I think is supposed to be available if you lose your card and it is registered.
*supposed to* being the key here. GRT is unlikely to trust a third party open ecosystem to store value. If there was a bug found in Android's implementation (or any Android phone vendor, there are hundreds), anyone could get free rides, there's nothing GRT could do to stop it, besides stop accepting that form of payment, which is much harder to do than simply not starting.
But I don't make GRT policy, I guess it's possible they'll surprise us one day.