Transferable Digital Notes Project

TDNSYS Security and Privacy


Infrastructure Security

Server Side

TDNSYS infrastructure is deployed using existing, reliable and proven state of the art technologies in the Financial market infrastructures (FMIs). Operating systems, database and development tools and methodologies used in the system implementation have been in use for a long time in the IT world and they have been upgraded and hardened continuously to address new technical challenges and new security threats.

The security standards ruling the development, deployment and operation of TDNSYS are established by the government agencies that on daily basis assess new threats and threats mitigation All government legislation regarding security and privacy have to be respected as the system is owned by the Central Bank. TDNSYS Server site is as secure as any other system operated by the Central Bank.

If is impossible to counterfeit TDNs. It is impossible to access the TDNSYS database directly and the TDNSYS is balanced against the reserve accounts of member banks. Every time a TDN is issued or redeemed the reserve accounts are debited or credited as appropriate.

Resources:
NIST: National Institute of Standards and Technology
GSACybersecurity Programs & Policy
Federal Chief Information Officers (CIOs)
Federal Reserve Policy on Payment System Risk

Reading any of the documents listed above is very boring. It is not interesting as a Youtube video about Bitcoin might be making you feel smart because you understand how blockchain works. Unfortunately serious financial business is most of the time very boring.

TDNSYS does not record information about private holders of TDNs. The bank and merchants may be required to sign the TDNs with a Central Bank issued digital certificate because in this situation the security is more important than privacy. Private holders of TDNs may setup PKI instead of PIN based security. This may be a digital certificate and in this situation the anonymity of the holder is waved.

TDNSYS may record information available when a transaction is executed. Most of the time this is the information about the Internet traffic related to the transaction.

Client Side

TDNSYS Server interacts with its clients over the Internet. Financial institutions may connect to the Central Bank through existing private networks. All the security issues associated with the Internet apply to TDNSYS clients. Clients deployed by banks comply with financial industry mature security standards and are less exposed to penetration and fraud.

TDNSYS exposes a public API. Third parties can develop applications for TDN transfers or payments using this API. This may create the possibility fraudulent applications. The Central Bank may decide to certify applications and allow transaction only for applications signed with a Central Bank issued digital certificate.

TDN holders must always be confident they are dealing with a trusted party. This is similar to sending money using Western Union or any other money transfer company. The money goes to party specified by the sender.


Payments Security

When using TDNs for making payments most of the security issues applying to cash payments have to be addressed. If you pay somebody with cash you may never have a chance to see that seller again. This is why it is very important make payment and transfer money only when you are confident that you know exactly who the other party is.

The parties involved in a TDN transaction have to assure that the TDN is valid and the double spending is prevented. This means that when transferring a TDN the party receiving it has to make sure it is valid and to request the ownership from TDNSYS immediately. The transactions should be considered completed only after the TDN was validated the ownership transferred.

Because the parties involved in a TDN transactions are responsible for validation and double spending prevention there is flexibility in the way TDNs are used. When the parties involved in a transaction trust each other or when the amount transferred is small the validation and double spending prevention can be performed later or not at all. The parties might exchange the printed TDN barcode or a TDN stored on some memory device

During handling of a TDN as printed text or barcode it is possible for somebody to take a picture of it. This means that the TDN was compromised, there is a new holder of the TDN and he/she may request its ownership locking out the rightful holder

Because TDNSYS clients are handling TDNs using computing devices and the Internet all the related security issues have to be addressed and all the precautions be taken.

Next

Prev






Handling TDNs in a secure way is very similar with handling paper money. The holder of a TDN is responsible if it is lost or stolen.

The most important thing to understand about TDNs is the fact that anybody in the possession of a TDN may be able to use it. If a TDN is exposed in public there is a slight possibility that somebody may take a picture of it and enter in the possession of that TDN.

This is not such a big problem as it is not easy to take a picture of the text or barcode representation of a TDN and most of the time TDNs are not used directly, they are transferred using computer applications.

To prevent stilling, the holder can protect the TDN with a PIN or PKI and if the PIN or PKI is not set to be aware of the surroundings.