W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

MintChip and duplicate detection

From: Dave Raggett <dsr@w3.org>
Date: Fri, 20 Sep 2013 14:22:13 +0100
Message-ID: <523C4C05.8000708@w3.org>
To: public-webpayments@w3.org
I read on [1] that MintChip uses a random number generated by the 
receiver to detect duplicates and prevent double spending.

Can anyone explain the details of this?  Is there a history of these 
numbers to prevent replay attacks?  I presume that the history can be 
bounded by only allowing transactions within a limited time after the 
initial payment request. Is a MintChip restricted to a single 
transaction at any given time? What happens when a valid transaction 
message isn't received in time? The sender would have debited its 
balance, but the received wouldn't have credited its balance.

Is there any discussion on revoking the private key used to sign 
transactions? Whilst it is probably impractical to extract the key from 
the secure chip, it might be stolen from the Royal Canadian Mint.

[1] http://developer.mintchipchallenge.com/devguide/transactions.html

-- 
Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
Received on Friday, 20 September 2013 13:22:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC