I wrote: >The FAQ handwaves the details, so it could be either 1 or 3. Can someone who >has one of these things try reading the ATR off it?
He Who has No Shame [0] reports that it's a GemClub memory card, which is reasonably similar to the old SLE4428-style cards: 256 bytes of memory, some of it PIN-protected. Available commands are read, write, and verify PIN. Given the info in the FAQ, it would appear that the PIN is fixed/hardcoded into the driver, since there's no indication that users are asked for it, and it mentions that if someone else finds your card, they get access (or they may just use the non-protected storage in the card). I'm guessing this was a marketing decision, expecting x-teen-year-old kids (whatever the target market for these things is) to remember and enter PINs, not to mention the UI issues involved in obtaining the things, would make it unworkable, while reading off a URL and password and poking it into a browser is something which is a lot safer to deploy. Access control is by an XML version of basic-auth. In other words, it's (effectively) a dumb memory card with (effectively) HTTP basic-auth. It does however use the T=0 serial protocol and not I2C, which is a bit trickier to read with wires poked in the parallel port :-). Peter. [0] He actually bought it under his own name, without pretending it was for his nieces or something.