<quote who="Brian Fahrlander"> > Well, in general. I see authentication-by-pam as an alternative to > a fingerprint or iButton device, with different particulars. It would > be the way to make the fewest number of changes to the system by doing > it that way, and make it the most secure. > > I'm trying hard to keep the machines autonomous; if each one has to > have a coordinating server to make it work, that's a lot more money and > complication to add. And simple things don't tend to break, ya know? I guess now would be a good time to talk about security. If I understand correctly, you are suggesting that a person could walk up to one of your icafe machines, put their credit card in and then start surfing (or whatever). Is that correct? If so, there is no way I would use such a system and I would suggest no one else does either. Handling credit card information on public access machines is not a good idea. Storing some or all of that information where it can be accessed from your public machines is even worse. There is no way of getting around having some sort of central clearing house or network share. You can't just use any credit card that might show up. So you have to keep an account list. This list would need to include some or all of the credit card information for verification. This is what I would do: Security needs to be the primary concern. You do not want your customer's credit card information to be stolen while they are using your system. You also don't want to spend your entire day reading through security logs and checking your net traffic. So here is the system, the way I would set it up: You have one machine that is for payments only. It is not connected physically (not on the same network) to the public access machines. I would put that machine on a dialup account. Next I would have two types of magnetic cards made up for the business. One blue (long term use) and one red (short term). Ask the customer if they would like to have their information stored for quicker access on subsequent visits. If they say yes, you give them a blue card for them to keep. These cards would only store the amount of time a customer has purchased. This information would be encrypted using a some sort of key (to prevent customers from stealing time). Perhaps gnupg? The customer would put the card in the machine and access for as long as they have purchased. The system is not as easy as the one you have suggested but it is far more secure.
