(keitai-l) Re: Tokens and free movies

From: Jani PATOKALLIO <jpatokal_at_iki.fi>
Date: 11/18/00
Message-ID: <3A1612EA.4A41AB4@iki.fi>
Heimo Laukkanen wrote: 
> Jani PATOKALLIO wrote:
> > Well well, looks like I just won the two free movie tickets from
> > Giga -- but it turns out that I have no interest whatsoever in
> > the movie and I've already made other plans.

"If you can't change your mind, are you sure you still have one?"

Well, I did, so I suppose I do, as I went to the movie after all --
and greetings to Tom, Konrad & co. from keitai-l who were also
present.  The movie was almost worth the price (0 yen, that is)
and everybody even got a free baggie of hair care products,
spaghetti sauce and canned coffee!  Whee!

> And please also tell that to the list. ,-) We have been wondering with
> SMS-messages that how could we arrange all the logistics with this kind
> of competetions. 

Contact First Hop (http://www.firsthop.com/) and ask about the
Escio Tokens system!  See http://www.firsthop.com/Products/Tokens/.

The system they had in place at Giga didn't amount to much.  The email
token I received contained the line "WGRT2 002 Jani Patokallio",
I assume the first two chunks are a shared-secret checksum of
some sort, probably something like (name_string XOR magic_number),
where the sender and receiver share the magic number.  Problems:
receiver can also generate valid tokens, heavy security needed at
both ends to guard magic number, magic number can probably be deduced
if you get sufficient numbers of token to work with, etc.

But even this went to waste, since in real life, entrance verification
was handled by pretty girls in cowboy hats who looked at the screen
of your phone and waved you in if it looked good enough -- somehow I
doubt they were computing XORs in their heads.  A few suited guys
with clipboards ran interference, but they weren't even crossing
names off a list or anything...

> With one movie theatre that would not be a problem
> since we could send a key to the customer and that could be checked on
> the cashier, but what to do if we have a chain of stores which are not
> connected all the time with each other. How to make sure the rewars will
> not be collected more than once ( from different stores that is ).

Alas, this is not possible with any system: either the systems must be
connected in real-time, or the token has to be specific to one store
(or one date, one showing, whatever).

Cheers,
-- 
Jani PATOKALLIO / jpatokal@iki.fi / +81 90 7722 3557
Sanpo Laboratory, Mechano-Informatics Dept., University of Tokyo
ヤニ・パトカリオ / jani@sanpo.t.u-tokyo.ac.jp / 090 7722 3557
東京大学、工学系研究科、機械情報工学科、算法設計研究室

[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Sat Nov 18 07:01:45 2000