In message <20030902233422.81119.qmail@web40609.mail.yahoo.com>,
Morlock Elloi
Anything that regular camera captures the attacker can also capture and reproduce it for the benefit of the camera.
Please read the paper. What's sent is not a picture of the token, but a hash of a picture of the pattern produced by a laser shining through the token. Because the laser scatters through the token in three dimensions it is difficult to model or reproduce the token. By varying the angle of the laser you can produce a large number of possible patterns, too many to be stored -- it's claimed this can be as much as 7 TB of data. So you can have a useful level of security even with untrusted token readers, and an extremely high level of security with trusted token readers. -- Shields.