-----BEGIN PGP SIGNED MESSAGE----- Jiri Baum <jirib@cs.monash.edu.au> wrote in private e-mail:

Apart from that, this kind of thing has been proposed before, and (for payment at least) I've read a paper somewhere that uses something like this to get off-line anon. e-cash with multi-party mistrust. (Ie nobody trusts anybody.)

Yes, even such klooges such as Mondex might be considered a variation on my idea. Ultimately, though, I expect this device to become my *only* interface with the Net. I don't own any long-term storage device. Instead I just rent it over the Net and encrypt any long-term data that I consider private. I do any *sensitive* processing on the CPU in my handheld computer, but if it's a big job and I don't mind people watching then I rent a CPU over the Net to chew on it. This device is perfectly portable and can be plugged into any Net jack in an office or telephone booth, or perhaps it can do wireless. The important point is that no matter where I am physically, or what long-term storage device I am using via the Net, I have complete crypto security. (Mod Tempest- surveillance, physical subversion of my crypto box, etc.) If it were done right I could use this same box for my notepad, wallet, e-mail agent, Web browser, game-player, etc. etc. etc.

(But that requires the bank to trust tamper-proof h/w; if you give up anon, as you have, you don't need that because it only need resist until Joe can revoke his key - easily enough done because the shop needs to have a list of valid ones anyway. Alternatively you can keep anon but make clearing on-line, which results in what is usually called a digital wallet.)

Hm. As often happens in these kinds of discussions, we've missed each other because of different semantic conventions or something. My idea does not depend upon tamper-proof hardware in the sense that the owner must be prevented from cracking it open, but it *does* (as does every conceivable crypto system) depend on tamper-prevention in the sense that those antagonistic to the owner must be prevented from cracking open his box! Also I haven't given up anonymity at all. Oh! You mean in my example of Joe paying at the grocery store. Well he can have a pseudonymous account at that store if he wants. There is certainly no *necessity* to give up self-identity-control in any way.

...

It only does this in response to some kind of authentication-action from Joe himself. Perhaps he inputs a 4-digit PIN. (It should be designed so that ...

Fingerprint scan?

I thought about that but I personally wouldn't trust it. It might fail to recognize my fingerprint at an important moment. Besides, I hate the thought of a mugger taking my index finger also when he takes my wallet... Regards, Bryce signatures follow  "To strive, to seek, to find and not to yield." -Tennyson <a href="http://www.c2.org/~bryce/Niche.html"> bryce@colorado.edu </a>  -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMNXSW/WZSllhfG25AQEF4AP9GKHbSh5RgROKFclm/fgkpI+FcZjagTo9 SBa7Kdn9sFczdk23u6mHbKufDKFJO5oyri5MOPvU2QZwa9iP3zGjaBKcS6QbSOJ2 c4W71cFVJ+YZw8nnsMGwNmdISl2T0VYjQo/za4D2blZMRGDLdHgcl/E3FfTXxn5K vBEUglr59Gs= =ksB+ -----END PGP SIGNATURE-----