security of limits in mondex (Re: Spending velocity limit implementation in smart cards)

R. A. Hettinga rah at shipwright.com
Tue Nov 12 18:57:33 EST 2002 

--- begin forwarded text


Status: RO
Date: Mon, 11 Nov 2002 19:32:54 +0000
From: Adam Back <adam at cypherspace.org>
To: IanG <iang at systemics.com>
Cc: "R. A. Hettinga" <rah at shipwright.com>, anders.rundgren at telia.com,
   Digital Bearer Settlement List <dbs at philodox.com>
Subject: security of limits in mondex (Re: Spending velocity limit
 implementation in smart cards)
User-Agent: Mutt/1.2.2i
Sender: <dbs at philodox.com>

On Mon, Nov 11, 2002 at 12:55:24PM -0500, IanG wrote:
> [...] If you are talking about the system, then simply go to
> the backends and do some statistics on the backend data
> base.  Even Mondex uploads transactions, so you would
> be able to do the numbers.  (From memory, Mondex uploads
> the last 10 transactions when you plug it into certain
> terminals.  Although, this "feature" is contraversial,
> as the company has never released sufficient details to
> know for sure.)

I was wondering about this recently to do with mondex.  They claim as
you say have limits on transaction uploads, so the user could hide
some transactions.  Indeed the user need never reconnect to the bank,
always refilling via other users and spending to other users.
Although they could if they chose implement something on the card to
force it to connect within some maxium interval to the bank.

And yet I thought they claimed to be able to have some liability
limiting factors such as limits on card spending per month, and
perhaps card spending ever.

And the card itself is just a tamper resistant counter, and signed
receipts are exchanged between cards to add to the counter (received
payment) and subtract from the counter (send payment)>.

But I think these claims are contradictory unless the limiting factors
are implemented on the card, in which case they offer limited
protection against someone extracting private keys from the card.

So are they really uploading everything to bank via other cards even
in peer to peer, or perhaps enough information (value, but not user or
transaction description) to notice imbalances (corresponding to hacked
bottomless cards)?  Or is it that the limits in fact implemented on
card and their likely effectivness in combatting fraud from tampered
cards exaggerated?

Adam
--
http://www.cypherspace.net/

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list