Idea: up-to-date business card

Matthew S. Hamrick mhamrick at cryptonomicon.net
Wed Mar 14 21:13:01 CET 2007


Yeah... this is called "Meishi." I developed it while I was in Japan.

The idea was that you put a unique bar code on the bottom of your  
business card. The code is essentially a serial number and URL to  
your online Meishi server MACed with a secret key you maintain. You  
give your business card to someone who snaps a picture of it with  
their phone. Software on the phone extracts the URL from the picture  
and communicates with your Meishi server, registering itself with the  
serial number provided. The business card recipient then completes  
the transaction by giving their Meishi URL to your server. After the  
protocol is completed, you both have each other's "Meishi URL" that  
you both can use to receive phone and address updates.

An extension to the service also allows the person you gave your card  
to to put their public key fingerprint on their card and pass it back  
to you. This public key could be used to verify pseudo-identities.

Not all of the system would (or should) be required, you're likely to  
deal with a lot of people who don't have "Meishi System" business cards.

A couple points to remember:
a. you're using a secret key and a Message Authentication Code, so if  
your secret key is revealed, you get no forward security and you have  
to toss all yer business cards that use it.
b. your business cards turn into "one time use" tokens. If you give  
your business card to person "A" (whom you like) but they share it  
with person "B" (whom you can't stand), there's nothing that prevents  
person "B" from registering with your server unless you add an  
additional layer of authentication.
c. there's nothing that prevents people from copying your information  
and giving it to someone else. The thing that is hard is for them to  
give someone else the right to get updates.

It is, of course, a bit more complex than this, and I never did  
anything more than write a couple prototypes.

At some point I would love to add support for ECC for some  
transactions and IBE (Identity Based Encryption) so if you want to  
work with me, i'll probably have some time in May to work on such a  
system.

I thought for a while that I would patent the concept and try to  
license the concept of generating serialized business card stock to  
people like Avery, but then I realized having to pay an additional  
fee for business cards would seriously hamper adoption. So to the  
degree that such a process is patentable, I would not seek to do so.  
And to the degree that someone else would try to patent such a thing  
after 2001 (when I was in Japan) it would probably serve as prior art.

Also... Xerox PARC had this project that embedded digital information  
into screen-printed pictures. I always wanted to embed my Meishi data  
into such a thing. That way you could put a picture of yourself on  
your business card and it would have your Meishi information hidden  
in it.

-Cheers
-Matt H.

On Mar 14, 2007, at 12:19 PM, Ole Tange wrote:

> If I receive a business card it sometimes happens I try to call a year
> later. At that point the person has a new phone number and I will have
> to look that up. I would much rather receive an intelligent business
> card that was always up to date.
>
> To secure anonymity we will need a protocol that will allow me to get
> the new information without everyone knowing I got that. It will be OK
> if the original person is informed. Maybe using some kind of web of
> trust?
>
> /Ole
>
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community





More information about the community mailing list