ChipAndPin/AnotherSolution

In /IdealSolution?, the conversation ran around how easy it was to clone a card, and how difficult it was to protect the contents of the card with encryption with a key that the cardholder memorises.

The problem is that if one puts a private key capable of signing digital cheques on card, then it can be stolen. Even if one encrypts that private key with some passphrase that the cardholder knows, the private key can still be stolen (because it will be impossible to get the cardholder to memorise a good enough passphrase to resist brute-force decryption).

The solution to this problem is to remove the possibility for brute-forcing the passphrase. The current system of a 4-digit PIN as a passphrase depends on the bank itself performing the passphrase verification - that way they can only allow three tries etc. Therefore, a viable solution to the card system is as follows:

The vendor presents a digital cheque to the public interface on the card.
The card displays the amount to be transferred on its own display.
The cardholder types in a PIN into a keypad on the card itself.
The card takes a hash of digital cheque and the PIN together, and signs the hash with its key, known only to the card and the bank.
The PIN is then forgotten by the card, and the signed digital cheque is passed back to the vendor.
The only way the vendor can verify the validity of the signed digital cheque is to present it to the bank.

Pros

The card's key is known only to the card and the bank, so the vendor cannot work out from the digital cheque what the PIN is. If the key was public/private, then the vendor could try all 10,000 PINs to find the one that matches the digital cheque.
If the card is stolen or cloned, it is useless without the PIN - the bank would only allow a small number of failed digital cheques before freezing that card. This is made possible because only the bank can verify the digital cheque.
The card would need to be powered-up through the whole cheque-signing operation. Therefore, there is no excuse for a vendor to take the card out of the cardholder's sight.
The card would be more difficult to clone than simple magnetic stripe cards. Certainly it would make it hard to put a false front on a cash machine that can clone them, as is happening today.

Cons

If the card is cloned or stolen, and the same thieves managed to get the cardholder to sign a digital cheque for them, they could use the digital signature and the card's internal data to discover the PIN by replaying the same digital cheque. This could be partially prevented by having the card add a random salt to each digital cheque it signs. This fix would prevent the attack being made using the same card, and would force the thieves to extract the secret key from the card rather than use the public card interface.
The vendor needs to be online to the bank to verify each transaction.