[ISN] Re: cyber cash ramblings

From: mea culpa (jerichot_private)
Date: Mon Jul 06 1998 - 22:43:35 PDT

  • Next message: mea culpa: "[ISN] Kevin Mitnick Movie"

    Reply From: Matthew Patton <pattont_private>
    >There are two problems with this system.  First, it is bad for privacy;
    No kidding. While the scenario you paint is perfectly sound there is
    entirely too much signature passing going on. It's a clear departure from
    how we conduct business today and IMO the more different it is the less it
    will find support among the common people and it will therefore die a quick
    death. The logistics of the PKI needed are way too complex and the
    verification of certs is entirely out of control. That's why, though I
    think the ideas are pefectly correct, it will never fly.
    We need to somehow come up with a transparent replacement for paper money
    which works on the same principles. That's the picture I was painting and
    the other poster's reply was completely correct in stating that I could
    reuse the coin as many times as I wanted to and nobody would be the wiser
    until it came time to balance the books and now a bunch of people claim
    posession of the same coin. He's got me there. In my opinion, anonymity is
    #1 in importance followed closely by transparent, non-intrusive use.
    Visiting a bank is what we do now anyway. Instead of pulling bills out of a
    ATM, you get a chip card back. The problem could be conceivably solved if
    there were a way that a merchant could 100% reliably delete or mark a coin
    as used in a user's wallet. And that only BANK's had the privs to add keys.
    Given the miserable track record of smart card security that won't fly no
    matter how hard we try. And duplicating coins is indeed no harder than
    getting the card to issue the same byte stream. Note that the coin has a
    fixed value unlike your example where it is assumed the value will be the
    exact amount for the merchandise.
    Implementing the methodology you outlined isn't really that hard. I was
    involved in one of the first such demonstrations at Carnegie Mellon's INI
    before CyberCash was even on the map.
    Maybe the transplantation of real coins into the cyber world is the wrong
    approach entirely. It would simply matters greatly if we reduced it to the
    prepaid phone card / prepaid metro or bus fare card model. You go to the
    bank, you "buy" a $300 card and the bank deducts the value out of your
    account. Every time you visit a merchant they subtract the amount of sale
    from the card's value and that's the amount you have left. No fancy or
    complicated public keys or audit trails, simplicity itself for all
    involved. You loose the card, you loose the money just like if you lost
    your wallet or dropped the wad of cash on the street. Though I will admit
    that misplacing a several hundred dollar money card is more painful than a
    measily $20 fare card. The problem remains, however, of miserable token
    security. I suspect we don't see much in the way of bus/metro card cracking
    as it's of low interest. Phone card cracking on the other hand is rampant I
    have been led to believe.
    Hmm, let's say we combine the "prepaid value card" with credit card style
    instant authorization. What if the bank were to digitally sign the card
    when it is first issued with a timestamp and a hash of say the account
    number and some other relevant data. Better yet, disassociate the card from
    the account entirely by keeping a separate journal for each card upon
    creation. The bank creates a new card ID, and stores in it's database the
    starting value that you asked to have loaded. So you present the card to
    the merchant. He reads off the value stored on the card. He checks the
    digital signature on it and yes it is a card signed by bank X. The problem
    here is that we still don't know if the stored value is correct. Or
    alternatively there is no stored value and the merchant requests a check
    for sufficient funds against that card's value as stored back at the bank.
    If ok, the sale goes thru and the bank decrements the card's value at the
    back end.
    So how does this differ from widely available credit cards or band debit
    cards? Frankly not much. It's more like an evolution, the best of both the
    "plastic age" and paper money. Digital signing of the card by the bank
    provides some degree of assurance that the card is ligit. The bank simply
    stores the current value of the card on it's computers independant of any
    user account data. There is no association of cards to real persons'
    accounts unless you can somehow correllate the buying of cards via the
    account details, the time of state change (from reserve to active, for
    example) and the actual card issued. If the bank only issues well known
    denominations, then this can be even harder to track if the cards are
    "pregenerated". You can further enhance user security by making them
    specify a PIN or biomedical imprint in order to activate the card's use.
    Naturally the complete security and eventual destruction of this stored
    private information  is of great concern. Then again maybe we can live with
    the occassional purse/watch snatcher so such measures are unnecessary.
    Sorry for the long winded rambling. I can't be the only one spinning his
    wheels on this. Anyone else out there have some great ideas or resources
    that have already hashed the topic to death? Most current cybercash schemes
    with their extremely detailed logging and authentication methods are a
    snooping federal government's wet dream. I hope we can work together to
    frustrate them at every turn.
    "If I were called upon to identify briefly the principal trait of the 20th
    Century, here too I would be unable to find anything more precise and pithy
    than to repeat once again: Men have forgotten God."
      - Aleksander Solzhenitsyn
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:19 PDT