Kilowatt Cards are new and intriguing barter tokens. I am not sure whether it can take off, but as a pilot project and proof-of-concept it is very promising.
One problem I am spotted is the security system. It works the following way:
A six-digit serial number is printed on every 10kWh Kilowatt Card. That is a card is identified by the six-digit serial number, in other words, the six-digit serial number is the card.
To ensure that you have a real card and not just a fake one, you can go to the website and authenticate your card whereby you receive to new digits to make up a new serial number. In this way, everytime a card is authenticated, the serial number changes and the old holder or a stranger cannot create fake cards based on the old serial number.
However, it is very easy to sabotage the system. For example, if you give me a Kilowatt Card, and I pretend not being able to authenticate it due to a technial problem, I will then return you the card, but authenticate the card before you do and print the new serial number on a Kilowatt Card template. In this way, I have a card with a valid serial number while yours has become useless. In general, anyone who has had a look at the serial number and remembered it can take over the card by authenticating the serial number before the owner does.
A possible solution is to separate the authentication process from the generation of new serial numbers and to introduce secret serial numbers. That is, you need only the public serial to authenticate a card, but the secret serial to generate a new public serial number.
In this way, a stranger who has had a look at the card can authenticate the validity of the card online, but they are incapable of changing the serial. If you pay with the Kilowatt Cards, you can first show the seller the cards and let him authenticate them. Then after you are handed over the goods, you can give the seller the secret serial numbers. If these numbers are wrong (there is a website to authenticate the validity of secret serial numbers), then the seller can easily reclaim their goods.
1 comment
Comments feed for this article
February 27, 2010 at 1:52 pm
Robert Hahl
Thank you for this post. A partial way to deal with the problem you have raised is for the buyer to authenticate the cards himself before a transaction and keep the new serial numbers secret.
The seller could then ask for the new serial numbers of randomly chosen cards, and authenticate those. If sucessful, the deal could be consummated and goods exchanged for the list of secret numbers.
Another partial answer to the problem is that in future developments, there will be another code on the back, probably two or three digits like on modern credit cards, so it won’t be possible to look at the fronts and memorize numbers.