Reply From: Matthew Patton <patton@sysnet.net>
>There are two problems with this system. First, it is bad for privacy;
No kidding. While the scenario you paint is perfectly sound there is
entirely too much signature passing going on. It's a clear departure from
how we conduct business today and IMO the more different it is the less it
will find support among the common people and it will therefore die a quick
death. The logistics of the PKI needed are way too complex and the
verification of certs is entirely out of control. That's why, though I
think the ideas are pefectly correct, it will never fly.
We need to somehow come up with a transparent replacement for paper money
which works on the same principles. That's the picture I was painting and
the other poster's reply was completely correct in stating that I could
reuse the coin as many times as I wanted to and nobody would be the wiser
until it came time to balance the books and now a bunch of people claim
posession of the same coin. He's got me there. In my opinion, anonymity is
#1 in importance followed closely by transparent, non-intrusive use.
Visiting a bank is what we do now anyway. Instead of pulling bills out of a
ATM, you get a chip card back. The problem could be conceivably solved if
there were a way that a merchant could 100% reliably delete or mark a coin
as used in a user's wallet. And that only BANK's had the privs to add keys.
Given the miserable track record of smart card security that won't fly no
matter how hard we try. And duplicating coins is indeed no harder than
getting the card to issue the same byte stream. Note that the coin has a
fixed value unlike your example where it is assumed the value will be the
exact amount for the merchandise.
Implementing the methodology you outlined isn't really that hard. I was
involved in one of the first such demonstrations at Carnegie Mellon's INI
before CyberCash was even on the map.
Maybe the transplantation of real coins into the cyber world is the wrong
approach entirely. It would simply matters greatly if we reduced it to the
prepaid phone card / prepaid metro or bus fare card model. You go to the
bank, you "buy" a $300 card and the bank deducts the value out of your
account. Every time you visit a merchant they subtract the amount of sale
from the card's value and that's the amount you have left. No fancy or
complicated public keys or audit trails, simplicity itself for all
involved. You loose the card, you loose the money just like if you lost
your wallet or dropped the wad of cash on the street. Though I will admit
that misplacing a several hundred dollar money card is more painful than a
measily $20 fare card. The problem remains, however, of miserable token
security. I suspect we don't see much in the way of bus/metro card cracking
as it's of low interest. Phone card cracking on the other hand is rampant I
have been led to believe.
Hmm, let's say we combine the "prepaid value card" with credit card style
instant authorization. What if the bank were to digitally sign the card
when it is first issued with a timestamp and a hash of say the account
number and some other relevant data. Better yet, disassociate the card from
the account entirely by keeping a separate journal for each card upon
creation. The bank creates a new card ID, and stores in it's database the
starting value that you asked to have loaded. So you present the card to
the merchant. He reads off the value stored on the card. He checks the
digital signature on it and yes it is a card signed by bank X. The problem
here is that we still don't know if the stored value is correct. Or
alternatively there is no stored value and the merchant requests a check
for sufficient funds against that card's value as stored back at the bank.
If ok, the sale goes thru and the bank decrements the card's value at the
back end.
So how does this differ from widely available credit cards or band debit
cards? Frankly not much. It's more like an evolution, the best of both the
"plastic age" and paper money. Digital signing of the card by the bank
provides some degree of assurance that the card is ligit. The bank simply
stores the current value of the card on it's computers independant of any
user account data. There is no association of cards to real persons'
accounts unless you can somehow correllate the buying of cards via the
account details, the time of state change (from reserve to active, for
example) and the actual card issued. If the bank only issues well known
denominations, then this can be even harder to track if the cards are
"pregenerated". You can further enhance user security by making them
specify a PIN or biomedical imprint in order to activate the card's use.
Naturally the complete security and eventual destruction of this stored
private information is of great concern. Then again maybe we can live with
the occassional purse/watch snatcher so such measures are unnecessary.
Sorry for the long winded rambling. I can't be the only one spinning his
wheels on this. Anyone else out there have some great ideas or resources
that have already hashed the topic to death? Most current cybercash schemes
with their extremely detailed logging and authentication methods are a
snooping federal government's wet dream. I hope we can work together to
frustrate them at every turn.
--------
"If I were called upon to identify briefly the principal trait of the 20th
Century, here too I would be unable to find anything more precise and pithy
than to repeat once again: Men have forgotten God."
- Aleksander Solzhenitsyn
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Jul 7 11:20:39 1998