PDA

View Full Version : Programming of a virtual Cash-System (like Bitcoins, but centrally)




UniCash
May 13, 2013, 08:38 PM
Hey guys,

I'm currently working on a student start-up to develop a "virtual currency" similar to BitCoins for our University.

This project should consist of the following:
1) Secure Website: Where Students can sign up to manage their StudentCoins. They should be able to buy StudentCoins on this website by using Bank transfers and Credit Cards. Furthermore, they should be able to transfer these StudentCoins to any other Account within our system.

2) iPhone + Android App: In order to use the StudentCoins like cash there should be a phone app which allows the users to use the StudentCoins like cash.

3) Unlike Bitcoins, we would like to have everything centrally organized on our own servers. Since the StudentCoins will be like cash, the system has to be 100% secure!

Does anyone knows how i could find a qualified programmer for such a project? How much do you think it would cost in total?

Thank for your help and advices!



chown33
May 13, 2013, 09:05 PM
The system you describe is nothing at all like BitCoins. Your system is based on an actual currency, namely bank transfers and credit cards.

Your system is not a "virtual currency" except in a very simple sense. Your users simply have online accounts, which they fill from credit cards or bank transfers, and then use the credited funds to pay other accounts. For what, I don't know. As described, it's an incomplete currency system, because there's apparently no way to take value out of the system, or spend it on anything in the real world.


Unless you are extremely familiar with well-known and well-tested real-world security (including online protocols, secure storage, etc.), you are placing every account's funds at serious risk. You may also be placing credit cards, bank accounts, and other real-world sources of funds at risk.

Your statement that it must be "100% secure" suggests you have limited experience with real-world online accounts that have cash-like funds available. No real-world system is ever 100% secure. Acting as if it is (or can be) is a grave mistake.

And I won't even get into possible vulnerabilities like back-doors intentionally placed in the system by the programmers. If you don't have access to trustworthy developers, and a way to thoroughly audit their work product, you probably shouldn't be making a system on this scale.

I suggest that if you don't have the developers or the skills to design, build, deploy, and maintain a toy system (i.e. no real-world funds) that is reasonably secure, auditable, traceable, etc., then you should do that before making it work with real-world funds.

softwareguy256
May 13, 2013, 09:43 PM
Um well you have to start somewhere. I'd stop being negative and give him a chance. Great odds he will fail but he'll probably learn something.

The system you describe is nothing at all like BitCoins. Your system is based on an actual currency, namely bank transfers and credit cards.

Your system is not a "virtual currency" except in a very simple sense. Your users simply have online accounts, which they fill from credit cards or bank transfers, and then use the credited funds to pay other accounts. For what, I don't know. As described, it's an incomplete currency system, because there's apparently no way to take value out of the system, or spend it on anything in the real world.


Unless you are extremely familiar with well-known and well-tested real-world security (including online protocols, secure storage, etc.), you are placing every account's funds at serious risk. You may also be placing credit cards, bank accounts, and other real-world sources of funds at risk.

Your statement that it must be "100% secure" suggests you have limited experience with real-world online accounts that have cash-like funds available. No real-world system is ever 100% secure. Acting as if it is (or can be) is a grave mistake.

And I won't even get into possible vulnerabilities like back-doors intentionally placed in the system by the programmers. If you don't have access to trustworthy developers, and a way to thoroughly audit their work product, you probably shouldn't be making a system on this scale.

I suggest that if you don't have the developers or the skills to design, build, deploy, and maintain a toy system (i.e. no real-world funds) that is reasonably secure, auditable, traceable, etc., then you should do that before making it work with real-world funds.

lee1210
May 13, 2013, 09:55 PM
Lots of schools do this or something very similar for food already. The iOS/Abdroid piece is just a bit of an extension like LevelUp. Generally parents can fill the card instead of giving their children cash that could be spent on drugs or prostitutes.

http://www.utexas.edu/student/bevobucks/index.php?site=5

You can look for other schools and ask what the budget was for the project.

-Lee

chown33
May 13, 2013, 10:00 PM
Um well you have to start somewhere. I'd stop being negative and give him a chance. Great odds he will fail but he'll probably learn something.

He's asking how to build a commercial quality system, that has to withstand real-world attackers. It's not just about a grade or a paper, it's about large amounts of fungible cash. When it fails, it fails with real-world money, from real users.

That's why I ended by saying he should start with a toy system. If he can't put that together, and make it withstand real concerted attacks, he's unqualified to take on something that needs even more skills, and involving something with even more risk.

UniCash
May 14, 2013, 01:59 AM
Hey Guys,

thank you a lot for your responses. :)

Please let me clarify some points:
-> The entire budget for programming this currency will be in the range of 50k to 150k USD. (Do you think this will cover the cost?)
-> I'm a 100% computer noob. In order to offer a secure system, I was thinking about letting it being programmed by one company, and later let it test for "backdoors", security bugs etc. by other companies! Could I achieve a 100% secure system with that, or could the first programmer put in "backdoors" other programmers will never find? Since there is expected to be a lot of money in the system, we indeed though about launching a "toy system" first, present it to the online community, and then award prices (e.g. USD3.000) for hackers to break into that system. What is important is that in the end we achieve a 100% system.
-> We now that it is actually possible to pay with BitCoins secure by using your phone. However, unlike bitcoins, we intend to have a central system and we want to achieve much faster confirmation of the payment (e.g. after 2 Seconds, unlike up to 10 Minutes with bitcoins). One idea to achieve a similar of security level like bitcoins would be to let each payment being confirmed by e.g. 5 different systems which where each programmed by different companies. Do you think that is a good idea? :confused:
-> From an economic point, our currency would be our "own" currency, because we would back it by some assets (e.g. Gold). Therefore, there would be some fluctuation of StudiCoins against the currency our students use to by StudiCoins (e.g. USD, EUR etc.)
-> It should be a kind of "open system" in the sense that students should not only be able to pay with it in our university facilities, but also at accriditated shops in our city.

UniCash
May 14, 2013, 02:19 AM
Btw. we intend to use a similar Screen-Scanning system than there is with BitCoins: http://www.welt.de/img/geldanlage/crop115272391/8605351068-ci3x2s-w220-ai2x3l/Bitcoin-3-.jpg

This seems to us the safest and fastest way of transacting SudiCoins

xStep
May 14, 2013, 10:05 AM
First, you don't have enough funds to even do this project in a serious manner. Good luck with a mere $150k. That likely won't cover a years salary of single person knowledgeable in the type of system you want to put together. And you do want somebody with the appropriate experience.

I'll repeat what has already been said; There is no such thing as a 100% secure computer system.

To me, your most interesting point was the independent currency one. I suppose the suckers who buy Microsoft points would be accepting of such a BS system. Go read this timely piece, Amazon Coins: A Terrible Idea For Consumers (http://log.maniacalrage.net/post/50374973629/amazon-coins-a-terrible-idea-for-consumers). I can't see any value to the customer of your system compared to what is likely already in place, such as debt and credit card processing.

lee1210
May 14, 2013, 10:07 AM
I'll just say it:
This sounds totally unrealistic.
You are (at least admittedly) out of your depth. This is a huge undertaking. Students' money and that of their parents will be on the line, and so will their trust.
Talk to other universities that have done the same thing. See what it cost (it will be more than $150k. Find out how much it costs to run and maintain. Find out if the system could be cost-neutral by charging the vendors that accept the payment (with the idea that they will get more business because they accept your system). That could be flat monthly fees, or percentage of transactions. They already pay a fee for credit cards, so that's not unreasonable.
Understand that there will be an expectation of getting refunds for unused points. If you don't allow this, be ready for backlash.
Expect to run a support line for problems with the system, questions about how it works, issues from vendors that accept it, etc. Even with cheap student labor the cost will add up.
Expect to pay to run secure servers for your app to run against. This isn't trivial, especially with the security level involved. To accept credit cards, your system must be certified, and you'll need limits on who has access. It's unlikely that anyone who writes code will have access to your production systems. But other (better paid than support staff) people will need access to keep systems up to date, patch software, etc.
At this point, I'd say you'd be better off finding an off-the-shelf system (or service, really) that you can brand as you own, but is run by a vendor. There will be up-front costs, and on-going costs, but those would be known up-front. Developing your own could have unlimited costs you don't expect. And the vendor would already have other customers you could talk to, and legal/contractual obligations. In this case the "buy" vs. "build" seems pretty cut and dry. If you want to explore that further you can, but I wouldn't expect the university to take on the burden of cost and liability that this project will incur by doing it itself.
Stop talking about bitcoins. It has nothing to do with what you're trying to do. Nothing. I think someone told you or you told somebody that this idea is viable because: bitcoin. The argument is that it's viable because lots of other schools already do this, and they did it before bitcoin existed.
Don't get me wrong, this is a noble goal. But it's heady, too. It's a huge project. I'm guessing startups burn 100s of thousands or millions of dollars on building something like this. Don't fall into that trap. Spend some of that budget on research and exploration. Don't hire someone to start building it. Approach this eyes wide open. It's dangerous and expensive. Understand all dimensions of that before you start.
Sure, a toy system is a good idea and proof of concept, but you could easily spend your budget on this system alone.

Good luck (temper it with a lot of skepticism).

-Lee

nutman
May 14, 2013, 10:29 AM
-> The entire budget for programming this currency will be in the range of 50k to 150k USD. (Do you think this will cover the cost?)

As someone said above, 50K is basically a programmer's entry level pay. You can get three really inexperienced guys or one decent guy with that kind of money. And that is just for development costs. There are other factors like maintenance of the system that include ongoing support that needs to be factored into your costs.

-> I'm a 100% computer noob. In order to offer a secure system, I was thinking about letting it being programmed by one company, and later let it test for "backdoors", security bugs etc. by other companies! Could I achieve a 100% secure system with that, or could the first programmer put in "backdoors" other programmers will never find? Since there is expected to be a lot of money in the system, we indeed though about launching a "toy system" first, present it to the online community, and then award prices (e.g. USD3.000) for hackers to break into that system. What is important is that in the end we achieve a 100% system.

The use of the phrase "toy system" was to tell you that you are way out of your league in terms of creating commercial grade software. In this context, he means that your "toy system" won't be able to withstand attacks and your company will not be able to cover the liability inured from fraudulent transactions. Basically, the risks your startup is dealing with is beyond the scope of the expertise/money you have backing you up.

-> We now that it is actually possible to pay with BitCoins secure by using your phone. However, unlike bitcoins, we intend to have a central system and we want to achieve much faster confirmation of the payment (e.g. after 2 Seconds, unlike up to 10 Minutes with bitcoins). One idea to achieve a similar of security level like bitcoins would be to let each payment being confirmed by e.g. 5 different systems which where each programmed by different companies. Do you think that is a good idea? :confused:

Like the last guy said, you are dealing with a system totally different from bitcoins. You basically have a 1 to 1 conversion of cash to your scrips. To say that you will have five companies create you redundant systems for security just sounds like a nightmare.

-> From an economic point, our currency would be our "own" currency, because we would back it by some assets (e.g. Gold). Therefore, there would be some fluctuation of StudiCoins against the currency our students use to by StudiCoins (e.g. USD, EUR etc.)

Really keep your expectations in check. In order to deploy on an international scale you will need so much testing. Keep your scope small. Maybe make deals with one school, or one shop before even thinking that you can compete with companies who specialize in these things.

-> It should be a kind of "open system" in the sense that students should not only be able to pay with it in our university facilities, but also at accriditated shops in our city.

Again, start small. There are so many business concerns that need to be hashed out before you even think about creating this program. Get some business people. Write a business case. Know the stakeholders, the risks, the costs. You can't start a business with just code. Or for you, just an idea.

UniCash
May 14, 2013, 02:20 PM
Guys, thanks a lot for your feedback. Since I’m a total IT noob all kind of criticism about this idea is very welcome.

First of all, I should disclose further information. As already said, I have a business background and the StudiCoins will be pegged by some very valuable assets (unfortunately, I cannot fully disclose the finance model yet, due to non-disclosure agreements.)

The overall budget for this project is in a range of 1Mio. USD. Initially, we hoped that $150k + X would be enough to come up with a stable and secure system, and that we would have the remaining €750k for support of our clients and sellers using StudiCoins and other unforeseen expenditures.

What I take from the overall comments is that only “off-the-shelf systems” are within our budget. I’ll will do further research now on which kind of solutions there are available and ask those companies for a cost estimation for using their codes + doing some small customization. In case anyone knows a good “off-the-shelf system” any kind of recommendation is welcome.

I’m still wondering how then a single guy could come up with BitCoins and make it a 100% secure system?!?

Cheers

ytk
May 15, 2013, 12:22 AM
THERE IS NO SUCH THING AS A 100% SECURE SYSTEM!!!

Get this notion out of your head. It is impossible. Even Bitcoin is not necessarily 100% secure—it's just that we don't know what all the potential exploits are yet, or the exploits we do know about aren't practical for various reasons.

What makes Bitcoin different from what you're doing is that Bitcoin requires a LOT of independent, redundant verification by multiple systems throughout the network, which means that any attempt to fraudulently create Bitcoins will ultimately be detected by the network. It's a matter of design, not of programming. There is no central authority with Bitcoin. It's basically just a lot of clever math that makes it very difficult—but perhaps not impossible—to lie to other users about how many Bitcoins you have, because the entire transaction history of every valid Bitcoin is passed around the network and compared against each individual transaction. That is where Bitcoin's security comes from, not any particular programming technique.

There is no way you can design a system that works like Bitcoin but has a central authority that approves and tracks transactions. What you're trying to do is nothing at all like Bitcoin, so forget the notion that it is even close to the same thing. If you can't understand why, then you'll just have to take it on faith that this is true, or else you'll go on a wild goose chase looking for your mythical “100% secure system”.

You cannot build the thing you are describing. Nobody can, regardless of how much money or effort you throw at the problem. You can, theoretically, make a “secure enough” system that does what you want, but I can't imagine that you can do so for anywhere near $150k if you're starting from scratch.

ghellquist
May 15, 2013, 06:06 AM
Hi Unicash.

I like your (youthful? naïve?) approach. Being an old grumpy person this is not anything I would attempt to do personally. Of course I am sort of wounded from working with bank transfer systems since around 1990 in various positions. Don´t let me discourage you. But let me try to point you in some directions from my safe position. Let´s hope this is all totally clear and covered already.

The business plan has to cover a number of things, at least the following:
• A cash flow analysis showing that you have the “stamina” to survive the meager first years
• The compelling reasons why a student would elect to be part of your system and not some other scheme
• The compelling reasons why the shops / restaurants would elect to be part of your system
• The compelling reasons why the university would elect to be part of your system
• The compelling reasons why none of the “big fish” would not either do it themselves or crowd you out of the market window once you start operations. And a survey showing that they are not already doing it.
• The legal and regulatory aspects of your idea (can you get required permissions from authorities), what does it take to follow all the rules.

Now once that part is covered.

We can agree that there will never be a 100% secure technical system. Any little opening will be a potential entry point for an intruder. Sooner or later any technology you choose to use to protect your systems will become obsolete and opened for attack. And unless you continuously work on improvement, sloppiness will eventually creep in. So what you need is an organization that is built from the ground up to consider security to be a key function. This includes doing periodical checks and tests, trying to find and plug any leaks or openings before the damage becomes too large.

I will try to point at some things I would include:
• A security department that checks every change done in your system both before and after it is done (controlled change management). Remember the old “four eyes” rule (at least four eyes should see and approve).
• An external security partner that periodically checks things. There are specialized “hackers” that work on the good side to find issues. And be warned that last time I checked a system setup the cost ended at 25K USD simply to find that the system had large security problems, not to solve them.
• Extensive logging, and most importantly checking of the logs. Both of computer stuff and the transactions done. You will probably want an “anti-fraud” system and organization that checks all transactions and flags those that are suspicious looking and does follow ups. And while you are at it, do check for money laundering and terrorist financing (check customers at least against the united nations sanctions lists).
• Usage of industry standard technology and security solutions. Creating new solutions is even more expensive than using the standards. This includes using the normal crypto solutions, periodical change of user passwords and such, backups of all systems in multiple locations, secured server environments and so on.

And now for the development.
DON’T START WITH PROGRAMMING (sorry for shouting).
Start by doing the architechure of the system. The system will have quite a few different components and you need to start by describing the roles and functions of every component and the interfaces between them. Now test this architecture extensively on paper before starting programming. My experience is that the really expensive mistakes are the ones done early in the process.

Also consider things like how many versions of systems you need. Around my place we generally have three versions: the programmers workbench where actual development happens, the acceptance test environment where everything is installed and tested and finally the actual production system. The acceptance test system generally should be very similar to production in order to allow you to do performance tests. Code is only lifted from acceptance to production, and never by the programmer himself. The person doing the lift never does programming.

Now, the bottom line. No. I do not think you can do it for 150k.

UniCash
May 15, 2013, 07:00 AM
Hey Guys (especially YTK and GHELLQUIST) your feedbacks are very understandable even for a finance guy ;) Thanks a lot for them.

I did some further research and I understand now why BitCoins are seen as relatively safe, while centralized systems are always prone to be hacked, and that I would need an “army” of sophisticated programmers in order to keep such a system safe!

Regarding the Business Model everything is worked out (We indeed give students, shops, university a huge advantage for accepting our “own” currency). There are independent investors who are willing to invest in this model under the condition, that we can provide a concept that makes your “currency” safe.

Correct me if I’m wrong but the “mysterious” secret of BitCoins being extremely safe is their decentralized structure (which finds out if one account tries to spend coins it doesn’t really have).

Here are therefore two new approaches:

1) Using Coloured BitCoins:
• Could we just integrate BitCoins in our system? We could say that BitCoins who passed a specified “Master-Account” are worth more in our own system. Since every BitCoin is divideable by the factor 1 Million, there price of BitCoins would be nearly irrelevant.
• E.g. 1 StudiCoin is worth 1USD and represents 1/10.000 of a BitCoin. A StudiCoin is defined as a 1/10k portion of a BitCoin that at some point in time has passed our BitCoin-Account.
• Would something like this be possible?
• Since BitCoins are relatively expensive and their confirmation time is too slow, we could also use LiteCoins or any other cryptocurrency.

2) Using the Code of BitCoins:
• Since BitCoins is an open-source project, could we not use its code and modify it in a way that confirmations should be possible at a faster pace and that instead of mining, new coins can only be created by one defined master account? We would then pay several parties (e.ge. 100 – 1.000) for providing a service of “Transaction Confirmation”. Could such kind of modification be completed by a handful of sophisticated programmers … and would you estimate the costs in a range of 150-200k USD ?

Any comments are welcome.

ghellquist
May 15, 2013, 08:35 AM
Only a short, very personal, very biased view. And please note: I write this as “facts” while we all can agree that they are my opinions.

Stay off Bitcoins as base currency!

There are a lot of signs making Bitcoins extremely unsafe. I will highlight only two of them.

First problem is that nothing is behind the currency. The second enough persons lose their faith in Bitcoins it will start an avalanche where every large holder will run fast to exchange them into something different. And the value then plummets fast towards zero. An analogy is what is called a bank run. Check for example on Wikipedia. http://en.wikipedia.org/wiki/Bank_run

Normal banks are protected against bank runs by central banks and various types of insurance systems (deposit guarantee). There is nothing similar for Bitcoins.

Currently instead it has a lot of similarities to what is called pyramid schemes. The current investors wait while the Bitcoins increase in value, and then sells to the new persons joining the game. It is like a chicken race, the winners are the ones leaving shortly before the disaster, the stayers are the losers. The current holders of Bitcoins are bound to be very positive, they have seen the value rise steadily and has a lot to gain if even more persons invest in them. This has happened again and again all through economical history, the human nature has not changed.

Second problematic aspect of the technology is that transfers are anonymous. And to me this signals that the authorities sooner or later will step in and stop the currency being used in various territories. I believe a country can forbid businesses to accept Bitcoins as payment for goods and services delivered within the country. This could happen very fast, basically overnight, making any business relying solely on Bitcoins void. There are enough suspicions already (founded or not) that Bitcoins are used for money laundering and various illegal businesses. Expect tax authorities to start asking questions if nothing else.

I will try to think about if using Bitcoin technology might be applicable, in a different reply.

UniCash
May 15, 2013, 12:16 PM
Our idea is not to copy BitCoins in any way.

We are just a bunch of finance guys who came up with an Asset with a high ability to store value (e.g. Gold or Silver bars, which we keep in a Bank Vault and its' value will limit the amount of StudiCoins in the market). We will always guarantee that all circulating StudiCoins can be redeemed into cash (even if everybody would like to convert them at once!).

Now we need a secure "Vehicle" that allows our Students to use the value behind our asset for everyday transactions. So if I'm talking about integrating Coloured BitCoins (see 2 posts before) I'm just referring to them as a tool to make our assets liquid, not to BitCoins as such. Since the confirmation time of 10 Minutes is just way to slow for daily transactions in a shop, we are now thinking about using the source code of BitCoins and to modify it in a way, that transactions are confirmed decentrally but at a faster pace (e.g. by a number X of independent server providers, who get paid for their confirmation service).

Think of it as something like that:
http://postimg.org/gallery/5qb657pm/4c790950/

The Security issues we have identified so far are:
1) Confirm that Payer is the real owner of the Account (Strong Password Protection of Accounts)
2) Confirm that Payer has enough credit (no double spending of the same coins) (Solution, decentralized system like BitCoins)
3) Confirm that Seller receives the Coins (and not a hacker)

Any comments are welcome

chown33
May 15, 2013, 01:01 PM
We are just a bunch of finance guys who came up with an Asset with a high ability to store value (e.g. Gold or Silver bars, which we keep in a Bank Vault and its' value will limit the amount of StudiCoins in the market). We will always guarantee that all circulating StudiCoins can be redeemed into cash (even if everybody would like to convert them at once!).

That's pretty much what e-gold did:
http://en.wikipedia.org/wiki/E-gold

They were shut down.

Now we need a secure "Vehicle" that allows our Students to use the value behind our asset for everyday transactions. So if I'm talking about integrating Coloured BitCoins (see 2 posts before) I'm just referring to them as a tool to make our assets liquid, not to BitCoins as such. Since the confirmation time of 10 Minutes is just way to slow for daily transactions in a shop, we are now thinking about using the source code of BitCoins and to modify it in a way, that transactions are confirmed decentrally (e.g. by by a number X of independent computer users, who get paid for this service) but at a faster pace.


Who is the "we" in "we are now thinking", and why would anyone trust them? By your own posts here, you have no relevant technical experience yourself. So on what basis (skill, experience, education, etc.) should anyone treat these ideas as anything more than random ideas?

Unless "we" includes experienced technical advisers who already know how to design and implement this, then by your own admission it's just a bunch of finance guys talking, without any grounding in reality.

Rather than going to your own technical advisers, you posted here for what seems to be your sole source of technical advice. You said nothing about why you chose this site, so it's an apparently random choice. This suggests a lot about the reality of your current business plan. In short, the evidence so far is that you have no on-staff technical advisers, no apparent plan to hire or acquire any (as work-for-hire or an equity stake), and apparently none of the finance guys actually knows the first thing about creating or operating networked merchant payment systems.

Without technical advisers, what sane investor would fund this venture?


I have no idea what "coloured BitCoins" really means. It's a cute but content-free buzzword.

Your so-called description isn't a description at all. It just says you accept BitCoins at a fixed conversion rate. Even that makes no sense, because BitCoin value fluctuates against the US dollar, so fixing your conversion rate is extremely foolish: either you'll lose money or the user will. Either one is a huge detriment for a system. One would think finance guys would know this.

You say you're not going to copy BitCoin in any way, yet you want to use their source code. That makes no sense at all. If you know nothing about how software is developed, making suggestions about what source code to use only erodes your credibility.


Think of it as something like that:
http://postimg.org/gallery/5qb657pm/4c790950/

The Security issues we have identified so far are:
1) Confirm that Payer is the real owner of the Account (Strong Password Protection of Accounts)
2) Confirm that Payer has enough credit (no double spending of the same coins) (Solution, decentralized system like BitCoins)
3) Confirm that Seller receives the Coins (and not a hacker)

Again, who is the "we"?

If that's the extent of your security analysis, you've got nothing.


EDIT
FWIW, a google search of UniCash shows:

a Canadian company (founded 1990)
a New Zealand university
a consortium of European banks (Unico Banking Group)

among others.

If the venture discussed here is associated with any of those, it'd be best to make that clear up front. If it's a completely new and different venture, also best to make that clear.

UniCash
May 15, 2013, 01:17 PM
Hey,

the "we" refers to a bunch of finance guys that came up with a business-plan for a new Campus-Currency and a third party investor is willing to invest if we can come up with a "secure technical" approach.

You are totally right about the fact that there is yet no IT guy on board in our team ... and going to "MacRumors" was just a rondom choice (we are aware that there are much more qualified tech-forums out there) ... we just wanted to get a "step into the door" and receive input from "semi-IT-professionials" who provide us answers that we can follow to some point.

The idea of Coloured BitCoins is that within our system BitCoins that have passed a Master Account are accredited a higher value. Since the history of every BitCoin is publicly available in the blockchain this would be possible and would give our system a similar security level as BitCoins. (e.g. a 1/10.000 BitCoin that has passed our master account once, is worth in the StudiCoin-System 100USD, outside of it it would be practically worthless). The question is, if such an approach makes sense, or if it would even be possible to modify the source code of BitCoins (then it wouldn't be BitCoin anymore at all, and we would need our own "Decentralized-Confirmation-Infrastructure").


Now we need someone like the "Mark Zuckerberg" for BitCoins ... has anyone any idea where we could find such a guy? (Forums?!??)

UniCash / StudiCash ... ist not the final name at all ;) ... it's just a name to give people an idea, what we are asking for.

lee1210
May 15, 2013, 02:42 PM
People have said it before, I will say it again:
BitCoin has nothing at all to do with this. Stop thinking about it, stop talking about it. You want someone to head to Wendy's, a cafeteria, or the campus bookstore, present their phone that displays a 2d barcode, this is scanned, and money changes hands. This exists. LevelUp does this, they just don't use pseudo currency in the middle. Many universities already do this with "dining dollars". I'd really encourage you to treat this as a stored value card, not an exchange of currency.

Do not add the burden to vendors to put a GoofyBuck price along with a dollar price on every item. It's 1:1, it's just storing the local currency with limited use. They're buying a gift card that can be used at multiple vendors.

This is not magic. This won't be innately more secure than existing solutions. BitCoin is getting buzz, but it's not related to what you're doing, and you can't leverage it for this project.

-Lee

ytk
May 15, 2013, 02:58 PM
Again, your confusion here stems from the fact that you don't seem to understand what exactly it is that makes Bitcoin secure. You're talking about using a system exactly like Bitcoin, or even using Bitcoin itself, but having the coins validated by a “master account” in order to create value in your system.

Think about that for a second—where's the weak point in this system? If somebody finds a way to compromise or spoof this “master account”, and can then validate an arbitrary number of their own coins, the entire system is immediately compromised. And guess who's going to be left holding the bag when all of those merchants you've promised a “secure system” to come asking for their StudiCoins (or whatever) to be redeemed for cash? What are you going to do when you've only put 10,000 StudiCoins into the system, but there are somehow 1,000,000 circulating?

UniCash
May 15, 2013, 03:15 PM
Lee1210 thanks a lot for speaking out of my mind, because we want exactly something where customers just need to "present their phone that displays a 2d barcode, this is scanned, and money changes hands." In the end the vendor should receive Studi-Coins.

My only question now is, if such a system is safe??? (Because now we have a centralized system).

We expect our "Students" to store on average USD 5.000,- in their StudiCoin Accounts. Then we could have a "Safe Account" on which the majority of the money is stored in and a seperate "on-the-go" account with that online-payments and payments in shops can be made. But I have to admit, that this concept is way out of our reach. Actually I would totally prefer a simple running system as described by Lee.






... regading YTK: The Master Account would have to be subject to highest security protection (extremely long password, stored on a separate PC that is not used for "random surfing, opening e-mails, opening any files from the internet"). In the unlikely case this Master Account would get hacked, we could in the end just "freeze" our system and check in the bitcoin BlockChain where fraud has taken place and invalidate fraudulent created BitCoins from their StudiCoin value (the hacker could then only benefit from the underlying BitCoin value).

ytk
May 15, 2013, 04:24 PM
The Master Account would have to be subject to highest security protection (extremely long password, stored on a separate PC that is not used for "random surfing, opening e-mails, opening any files from the internet"). In the unlikely case this Master Account would get hacked, we could in the end just "freeze" our system and check in the bitcoin BlockChain where fraud has taken place and invalidate fraudulent created BitCoins from their StudiCoin value (the hacker could then only benefit from the underlying BitCoin value).

All this is making a few faulty assumptions. First, you'd have to detect the fraud before any StudiCoins are spent, which in an inherently decentralized system like Bitcoin, you won't be able to do. Also, someone could find a way to simply spoof the master account to the rest of the network, which is easier than you think. In a decentralized system such as the one you're describing, if you can control a majority of the computing power on the network it would be possible to convince the entire network that the master server is a completely different server not controlled by you. In other words, you could lose control of your own network to an attacker.

What prevents this in the case of Bitcoin is the vast size of the network and the huge amount of computing power that would be required to mount such an attack. In the case of a much smaller network like you're proposing, where transaction times are very short (meaning a low amount of computing power required to verify each transaction), an attacker with access to a botnet could easily take control of your network, and short of shutting it down completely you'd be powerless to stop it.

If you want to build a cash-alternative network, fine. But as Lee said above—forget about Bitcoin entirely. And as to your question about whether a system that depends on a centralized server is “safe”, if you mean “100% secure” then no. Can it be made “reasonably safe” or “safe enough”? Yes, probably, but only if you know what you're doing or hire people who do. And there aren't many of those people. I would have no idea how to design such a system, and I doubt most programmers you could hire would know either. What you need isn't a programmer, but a security consultant to act as your system architect.

Or go with an off-the-shelf system, which I'm certain must exist already. I'm still not entirely clear how this is different from “discretionary funds” systems that many schools have in place that are tied to the student's ID card. There's no reason such a system couldn't be expanded to nearby merchants, or used with a smartphone app instead of the actual ID card. What is it you're trying to do differently with your system as opposed to existing systems that are at least proven to be fairly reliable in real world usage?

UniCash
May 15, 2013, 05:03 PM
Guys you totally won -> thanks for being that patient with me and sorry for annoying you with my BitCoin concept.

Here is my new analogy: PayPal!

We want to have online accounts + a phone app so that customers could use our StudiCoins like Cash. The prices will be only labelled in USD and the payment would take place in StudiCoins at the current conversion rate.

Could anyone tell me, if we could implement such a system (which would only need basic functions, but with high safety requirements) for a given budget of USD 150k + X ?




Note to YTK: Actually System-Wise there should be not much different from those already in place. In fact we would prefer a simple already proven system much more over any "crazy-BitCoin-alternative" which has to be implemented at our cost, by people we maybe cannot even trust. I just thougt this kind of "discretionary funds" systems might not be safe if we reach a higher scale (e.g. 30.000 Students with each USD 5k in their account), but if even PayPal uses them, I guess they have to be save to some point.

ytk
May 15, 2013, 06:14 PM
It's not a bother, or nobody would respond. :) I'm just glad that you're receptive to criticism of your concept, and that you're able to realize when you're out of your depth. Many people wouldn't be...

In terms of security, once you abandon the notion that you can make a system that's totally secure against any attack, the only questions are how secure can you make it, and what do you have to do in order to maintain that security? In practice, it's possible to design a system that's quite secure, certainly secure enough to handle transactions at the level you're talking about. I don't know exactly how you'd go about doing it, but it clearly exists and is already used by not just schools, but companies such as PayPal (as you point out).

The key thing is don't pretend your system is 100% secure, and more importantly don't advertise your system as being 100% secure, because it never will be and it will be very bad for you if and when your system is compromised. Instead, you can point out all the security features you do implement (“1024-bit end to end encryption”, “two-factor authentication support”, etc.) which will show that you know what you're talking about in terms of security, without making the untrue (and honestly, incredible by anyone with any knowledge in this field) that your system is unbreakable.