Department Of The Treasury 1500 Pennsylvania Ave Washington, D.C. 20220 Robert Johnson Dear Sirs: I am deeply disturbed by the fact that Iran and other countries find it so easy to counterfeit or (sic - our) currency, and would like to suggest a durable solution. It is not elegant, as it requires some overhead for implementation, but once the equipment has made it around, It might halt counterfeiting for a substantial time frame. Thereafter maintenance might be much cheaper. It is not a physical solution, but an electronic one. Please do not dismiss it out of hand, and I will try to be reasonably brief. Bills already have some electronically readable marks, but the readers for these have not yet been made widely available. My suggestion will need to be part of these. The solution is not intended to be needlessly intricate. The first step is to electronically encode the serial number so it must be read from the bill at each point it is checked. I envision making this read operation part of every cash transaction. Then, a substantial PGP password is to be set for the Treasury. The maintainable Public key may be seen and known of all, but the Private key kept as securely as may be allowed. Hardware that is distributed to read the bills should support the changing of the Public key at intervals to be determined by the Government. Exactly what data should be included to make each bill unique would be open to discussion, but it might be a Hash of the serial number for purposes of discussion. The Hash that translates from serial number to the electronically readable "tape" would need to be kept back. By it's nature, a Hash is difficult to reverse engineer, and if something more sophisticated than merely the serial number were used, there would be plenty of data to work with. When electronically verified, a different Hash would operate on this "tape," physically part of the bill. This should be part of the hardware, this second Hash also hopefully difficult to obtain. The result is PGP encrypted and wired to a Database for lookup. The database would be simply one field, a list of "doubly hashed serial numbers." Binary lookups would make this a reasonably efficient operation, with the list maintained to add new bills and delete old. If the database with private key included is distributed on *****NOTE***** I did not send because I did not have anyone to discuss how counterfeiting might take place. Upon review, possibly by obtaining a list of valid serial numbers AND the first hash function - then the serial number on the counterfeit would have to match the hash value encoded on the electronic portion of the bill. It was hashed so that people intercepting data traffic would not get the serial number of the specific bill in question - this fails to make the transaction anonymous, a problem if you think about the basic purpose of cash. Overall this solution seems Orwellian, and the current efforts limit the time frame drug dealers have for money laundering. A power failure or data network failure would suspend verification of cash, without stopping people from spending it. RFID is getting small and comparatively cheap, but if someone can scan your wallet for hashes, and spend them electronically without your permission, that presents a problem. For this to work verification would have to be different than spending. A side effect is that money counting might become truly trivial electronically. I started thinking about this by thinking about hashing PIN numbers for debit cards when THOSE are verified. I reason that keeping a database of hashes is safer than a database of PINs.
Counterfeit evident electronics might still work IF they spent in a blackout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment