grumbling
yep, my hunch was right, it's asymmetric key cryptography, they drive the point that "a token is issued to the customer device" home really hard in the patents...what a godawful service, would it have really been that much more expensive to slap on a vending machine style payment terminal..
hacker in me still wants to poke at the bluetooth side of it, see if i can't get metrics out of it or something :neocat_floof_happy: