Reproducing accounts open doors to flexible security, as an owner can easily create and destroy any number of new accounts at will, or have accounts self-destruct automatically under certain conditions and return any remaining money safely. Owners can choose their tradeoffs between security and convenience in each case -- avoiding the inconvenience and other costs of security they don't need. For instance, if an account only has $20 in it and the entire account will be gone forever in a few minutes, its owners might choose to email it openly with no ordinary security at all.
Here are some more examples. An account owner can:
- Easily generate a new account with a limited amount of money in it, and no personal information -- putting a cap on any possible loss. For example, the user might have hundreds of dollars in a master account that's kept in a safe place -- then use it create a new account with $25, for everyday use (the new account is created at the control center of the master account, and the communication channel is always protected, for example with SSL, which is used to protect credit-card transactions). The user might then be willing to share the small account with a not-totally-trusted merchant, or over unencrypted email, or carry around the account name in a wallet. Anyone who gets the account name (giving full owner access) can get no more than $25 out.
-
Irrevocably cap an account to pay no more than so much per day. (The owner can always kill the account if someone unauthorized is using it -- see below.
-
Irrevocably restrict an account to pay only one payee, through a particular smart-account that payee owns. For example, a library could give out smart-accounts to patrons, allowing them a certain amount of use of an expensive database. If they use the account or use it up, the library could give them a new one; the point for the library is not to ration access, but to avoid losing control entirely.
-
Get out of these or other irrevocable restrictions (and also perhaps foil a thief) by immediately killing the account, which can be done by an automated phone call -- touching a few buttons on a mobile phone will be enough. Smart-accounts will normally be set up with an irrevocable address to transfer any remaining money if they are killed by the owner, or if they self-destruct. This address could be another smart-account. It could also be a physical address to which the dying account sends any remaining money.
-
Get the money back if an account name is totally lost. This could be done by setting up the account in advance to self-destruct after some interval (such as three months) of inactivity (automatic activity doesn't count).
-
Alternatively, get the money back immediately from a totally lost account by setting it up with a "master" account (just an ordinary smart-account), which is kept in a safe place, and shows its owner either the (lost) name of the account, or a nickname that the owner will recognize as the same account. The master account will be able to take the money out.
-
Have an account telephone the owner to get approval for a transaction over a certain amount.
-
Keep complete records of where money from the lost account goes.
-
Not reveal any of these security features to whoever may steal or find the account -- making it risky as well a futile to try to use it.
-
And most importantly, we have seen the "public accounts." These are restricted to never give any money out -- though they can give valuable information, such as music downloads. These accounts could be sent by insecure email, or widely published in a newspaper or on a Web site for example, even if they have thousands of dollars of sponsorship funds in them -- since all an unauthorized person could do with that value would be to download thousands of identical copies of the same file, which would also take some time to do.
Many of these security possibilities are largely new, in that they are not easily done with accounts that do not reproduce, and therefore have much more overhead in their creation.
