Reply From: Chris Wilson <cmw32@hermes.cam.ac.uk>
> Reply From: Matthew Patton <patton@sysnet.net>
>
> we've done really is exchange a physical representation of money into an
> electronic one. None of the long established banking mechanisms has changed
> in any significant way. If your are doing bank to bank transfers, you
> simply move the digital coins to the other end, making sure you delete them
> out of your vault. Otherwise you could have 2 different banks/entities both
> claiming to have possession of the same coin. As we all know, computer
> snafus aren't exactly rare events.
There's a problem with this, though. Electronic coinage can be copied
directly as a series of bytes. Physical coinage includes the defense
measures you stated earlier as protection against one-for-one copying.
What's to stop someone literally pulling an electronic coin off their own
smartcard and putting ten identical ones back? If he spends them at
different locations and different times then there is no immediate way to
tell that they are counterfeit. One possibility would be to contact the
bank and ask if they will accept the coin (which they would presumably do
only if they didn't already have a copy of it), but that leaves the way
open for a denial of service attack where you can "steal" random people's
money by paying the equivalent e-coins into your own bank account first.
When the real owners try to pay their money in the bank will see that they
already have those coins and dismiss the real versions as fakes.
Perhaps it would help if only banks and authorised retailers had the keys
which could unlock the crypto layer of a person's smart card to download
the e-coins, but this only makes fraud slightly harder, not impossible.
I've been thinking about this problem for a while and I still haven't come
up with a better solution than this.
> It is by caffeine alone I set my mind in motion, it is by the beans of Java
> that thoughts acquire speed, the hands acquire shaking, the shaking becomes
> a warning, it is by caffeine alone I set my mind in motion.
That's by far the coolest signature I've seen in a long time. =D
___ __ _
/'__// / ,__(_)_ Wilson <Chris.Wilson@fitz.cam.ac.uk>
/ (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer
\__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM"
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 6 08:16:38 1998