On Mon, 17 Nov 2003, Ted Kosan wrote:
> But, if the messages were digitally signed, then only those messages
> signed by an authorized entity (our cell phone) would be considered
> valid.
Sure, I've been thinking some hash value based on data, shared secret, PIN
(in case cell phone gets lost) and transaction number (to prevent replay
attacks). Bouncy castle crypto should have some code for this. Will look
into this some time next week...
Regards,
Jac
--
Jac Kersing Technical Consultant The-Box Development
j.k...@th... http://www.the-box.com
|
