From: jim@bilbo.suite.com (Jim Miller)
To: cypherpunks@toad.com
Message Hash: a4831f36b8d59a02b8cae1fd74a1ae4f7b405345cbc1febfba4b5d31113fe0b3
Message ID: <9312150059.AA15316@bilbo.suite.com>
Reply To: N/A
UTC Datetime: 1993-12-15 01:00:29 UTC
Raw Date: Tue, 14 Dec 93 17:00:29 PST
From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 14 Dec 93 17:00:29 PST
To: cypherpunks@toad.com
Subject: anonymous video rental store
Message-ID: <9312150059.AA15316@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain
I couldn't sleep last night and, as is often the case, my brain gets a
mind of its own and starts thinking irrelevant thoughts. The irrelevant
thought that occupied my brain's mind last night was "anonymous video
rental store - Is it possible?"
Ignoring for the moment the "fact" that video rental stores will some day
go the way of the dinosaurs, would it be possible to structure a video
rental store with the following properties:
1) The store could not track which customers rented which tapes.
2) The store *could* tell which tapes get rented and which tapes do not
get rented. The store would adjust it's selection of tapes based in this
information. (get more of the popular tapes, remove the unpopular ones)
3) The store could some how penalize customers that returned tapes late,
or not at all. The nature of the "penalty" is flexible. This implies
that the store could somehow verify that the tape a customer returned is
the same tape the customer rented, but without discovering which tape it
is. (I believe this is the hard part)
I have a partial solution. Here it is:
The store is arranged like a Blockbuster video store in that there are a
bunch of shelves with videos on them. For each video, there is a box
describing the video and a variable number of tapes co-located with the
box. In a Blockbuster video store, the tapes are in plastic cases that
identify the video on the tape. In the AVRS (Anon Video Rental Store), the
plastic cases would not contain any identification. However, the tapes
themselves *would* contain some kind of identification (stickers with
video name and bar code, for example)
When a customer enters the AVRS, it (the customer) grabs a random handful
of tokens from an "available" bin. These tokens each contain a unique
identifier. The customer walks around the store searching for videos.
When the customer finds a video, it takes one of the plastic cases
(opening it to verify it really is the movie it wants). The customer
inserts one of the tokens into a pocket that exists on the outside of the
plastic case. The pocket is transparent and the token's identification
number can be seen.
The customer selects the videos it wants, inserting tokens into pockets.
When the customer is done, it returns the unused tokens to the "available"
bin and proceeds to the check-out counter.
The customer hands the clerk an AVRS id card. The AVRS id card contains
information about the customer (TBD). The clerk at the checkout counter
scans the id card and the tokens that were placed in plastic case pockets.
From this information, the AVRS knows that the customer identified by the
AVRS id card has rented N tapes on a given day. (Actually, all the clerk
*really* knows is that the customer has rented N tokens.) The clerk
collects some money, the customer leaves with the plastic cases, tapes,
and tokens.
The customer returns to the store a couple of days later. The customer
removes the tokens from the case pockets. The customer places the plastic
cases (with tape inside) in a "tape return" bin and places the tokens in a
"token return" bin, and then leaves.
Periodically throughout the day, a clerk examines the tapes in the "tape
return" bin. The clerk opens each case and scans the bar code on the
tape. This way the AVRS can track which tapes get rented and which tapes
do not get rented. The clerk returns the plastic cases (with tapes) to
the shelves.
At the end of the day, a clerk collects the tokens from the "token return"
bin and scans them. The computer marks the tokens as returned and clears
the appropriate customer record. The clerk places the tokens in the
"available" bin.
----
The most obvious problem with this scheme is that the store has no way of
knowing if the tape the customer returned is the same tape the customer
rented. A customer could return a blank tape without getting caught.
(A less obvious problem with the scheme is that the store could use
surveillance cameras to identify which tapes the customer selected, but I
chose to ignore that problem.)
The problem to solve, then is: how can the store catch dishonest
customers, yet be unable to track which customer rented which video?
There needs to be an additional step at the time a customer returns a
tape. The store needs to be able verify that the tape a customer is
returning is a tape that was rented from that store and is not overdue.
The store doesn't need to know what tape it is, or who is returning it,
just that it came from that store and is not overdue. If the tape *is*
overdue, then the customer must personally return the tape to a clerk and
pay a fine. (and risk a bit of anonymity)
Perhaps we could embed some electronics in the tape cassette (or sticker)
that would enable a clerk to store a signed "due-back" timestamp on the
cassette without being able to store any information that would identify
the tape. The signed timestamp would have to be transferred through the
plastic case, since opening the case would reveal the tape inside. Sounds
sort of like a blind signature.
Needless to say, it should be difficult for the customer to tamper with
the information on the cassette.
Any comments or better ideas?
Jim_Miller@suite.com
Return to December 1993
Return to “sdw@meaddata.com (Stephen Williams)”