Thought this might be of interest... forwarded with permission..
From Andy Meredith (meredith@bcs.org.uk) on the ecm list :
On Jul 18, 9:21am, Marcel van der Peijl wrote:
Subject: Re: e$, c$$$, Cyberbucks & ECash - terminology.
electronic cash (also digital cash) is a general term for the concept of encrypted messages that have inherent value - as opposed to credit notes or electronic checks. I guess that the Mondex smart cards have ecash in them, but that seems different.
I am such a bad reader! You are right. This is a good definition of electronic cash or digital cash. Mondex is questionable. The card has an account, and uses crypto to proof it is a real Mondex card, so you'd better believe it when it says it took the money of it's internal balance. I would vote this is not digital cash.
I am participating in the Mondex pilot scheme in Swindon. It took me a great deal of pushing to get _any_ details at all. The details I did get didn't go into the encryption schemes used or any such fun stuff. It did in fact take quite a while for me to realise the significant differences between ecash and Mondex. As they didn't, in the end, make me sign an NDA, I guess I can share. 1 - The Value is not encrypted on the card, that is held as plain text, it is the front door on the card that is heavily guarded. If therefore you can inject value into the card from the back door, it is then taken as real money. The logic being; Hey it managed to get through all that security which is imposible for anything except another mondex card to do, it must therefore be Mondex money ... that's Ok then. There can never be a software only version of Mondex as it stands. The trust is in the front door, not the cash values themselves. 2 - Some of their transaction monitoring is very "Big Brother"esque. As you can imagine, if a card is seen to be creating money but not consuming it, there IS a problem. Therefore whenever you get some money from a "hole in the wall", the bank sucks over your transaction log & error log. It will of course only ever use this for security monitoring. It will never follow the likes of AMEX and start stock pilling these transactions, using it's knowledge of the which physical entity own what card ID, and using the cross reference for market research/direct mail/consumer profiling. No of course not. That would be TOTALLY unethical ... 3 - Mondex is billed as "Electronic Cash", but you won't find the concept of anonymity in there anywhere. They talk about it, but I haven't seen them write it down explicitly. One could suggest however that that "Cash == Anonymous", so the scheme would have to be anonymous for them to have a right to the "Electronic Cash" title.
So what is the name for schemes like this?
How about "Stored Value Card"
-- End of excerpt from Marcel van der Peijl
One interesting thing that I noted. When I read through the technical blerb on ecash a while back, I had to sit back and think very clearly, and read very slowly. However, it was relatively easy to understand the bits, and then even easier to put the bits together into a system. The reason, I suggest, is that if you understood all the encryption technology behind ecash, and had the requirements that it has for anonymity and security (hand in hand). You would reinvent ecash. Maybe the layering would be subtly different, the real one ond your independant derivative wouldn't interact, but ... If however you were to have asked me to explain ecash a week later, I would have been totally stumped. It is a very elegant system. Mondex, on the other hand, worried from the word go. It just didn't seem to add up. Apart from everything else, why were they being so damned secretive. I read and thought, and read and thought. Then it finally dawned on me. Mondex just simply doesn't have the same requirements list as ecash. I was prejudging the requirements from my previous exposure to ecash. Ask me to explain Mondex to you now ... what do you want to know :) Andy M (this is my opinion of information gained outside of company time. It is not the opinion my employer.) And : On Jul 18, 12:29pm, Marcel van der Peijl wrote:
Subject: Re: Mondex
I am participating in the Mondex pilot scheme in Swindon. It took me a great deal of pushing to get _any_ details at all.
Of course! Security through obscurity has always been a good way of protecting your systems... ;)
Absolutely. That's why VISA have lost so little money :)
3 - Mondex is billed as "Electronic Cash", but you won't find the concept of anonymity in there anywhere. They talk about it, but I haven't seen them write it down explicitly.
Hahahaha. Let me explain. You can buy the card anonymously. This gives anonimity.... NOT!
Actually, you can't. You need to supply bank details in order to get one. At least you do for the Swindon trial. The cards in use here are in fact combined ATM and Stored Value ;) cards. They have all your bank details in a mag. stripe on the back of the card. The current batch of EPOS terminals don't use this stripe, but I wait with interest.
They are forgetting that tracebility plus one link of a person to an 'anonymous' account is the same as identification.
Sainsbury's (et al) sussed that one a while back. Hence the introduction of "Customer Loyalty Cards" (yuch!!). Thereby allowing them to bind purchases/times/locations => Credit card numbers => Physical customer addresses & therefore demographic data. Only in this situation for Credit card number read Mondex card ID.
Do you realise any ATM, and a lot of stores, have security camera's embedded? No, they wouldn't use that to link a person to a card, would they? That would be unethical...
No need. They have not only formed the link, but they are getting you to fill in the damned form :)
How about "Stored Value Card" For Mondex, perfect. What about FV? And NetChex?
Don't know about these ones.
About your perception of ecash: I admit that the blurp on our server does not fully cover the system in such a way it is easy to remember and explain.
Not at all. If you had asked me to explain the system while it was still fresh in my mind, I would have had no trouble. It is very neat and logical, but it is also pretty intricate. Apart from anything else, I didn't feel it was necessary to hold on to the mental model of how it works. I liked it. However, Mondex ...
-- End of excerpt from Marcel van der Peijl
Cheers Andy M
participants (1)
-
Rev. Mark Grant