Idea: up-to-date business card
Matthew S. Hamrick
mhamrick at cryptonomicon.net
Wed Mar 14 21:13:01 CET 2007
Yeah... this is called "Meishi." I developed it while I was in Japan.
The idea was that you put a unique bar code on the bottom of your
business card. The code is essentially a serial number and URL to
your online Meishi server MACed with a secret key you maintain. You
give your business card to someone who snaps a picture of it with
their phone. Software on the phone extracts the URL from the picture
and communicates with your Meishi server, registering itself with the
serial number provided. The business card recipient then completes
the transaction by giving their Meishi URL to your server. After the
protocol is completed, you both have each other's "Meishi URL" that
you both can use to receive phone and address updates.
An extension to the service also allows the person you gave your card
to to put their public key fingerprint on their card and pass it back
to you. This public key could be used to verify pseudo-identities.
Not all of the system would (or should) be required, you're likely to
deal with a lot of people who don't have "Meishi System" business cards.
A couple points to remember:
a. you're using a secret key and a Message Authentication Code, so if
your secret key is revealed, you get no forward security and you have
to toss all yer business cards that use it.
b. your business cards turn into "one time use" tokens. If you give
your business card to person "A" (whom you like) but they share it
with person "B" (whom you can't stand), there's nothing that prevents
person "B" from registering with your server unless you add an
additional layer of authentication.
c. there's nothing that prevents people from copying your information
and giving it to someone else. The thing that is hard is for them to
give someone else the right to get updates.
It is, of course, a bit more complex than this, and I never did
anything more than write a couple prototypes.
At some point I would love to add support for ECC for some
transactions and IBE (Identity Based Encryption) so if you want to
work with me, i'll probably have some time in May to work on such a
system.
I thought for a while that I would patent the concept and try to
license the concept of generating serialized business card stock to
people like Avery, but then I realized having to pay an additional
fee for business cards would seriously hamper adoption. So to the
degree that such a process is patentable, I would not seek to do so.
And to the degree that someone else would try to patent such a thing
after 2001 (when I was in Japan) it would probably serve as prior art.
Also... Xerox PARC had this project that embedded digital information
into screen-printed pictures. I always wanted to embed my Meishi data
into such a thing. That way you could put a picture of yourself on
your business card and it would have your Meishi information hidden
in it.
-Cheers
-Matt H.
On Mar 14, 2007, at 12:19 PM, Ole Tange wrote:
> If I receive a business card it sometimes happens I try to call a year
> later. At that point the person has a new phone number and I will have
> to look that up. I would much rather receive an intelligent business
> card that was always up to date.
>
> To secure anonymity we will need a protocol that will allow me to get
> the new information without everyone knowing I got that. It will be OK
> if the original person is informed. Maybe using some kind of web of
> trust?
>
> /Ole
>
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
More information about the community
mailing list