A general principle is that any coin representation is seen by at most one participant other than the issuer. Thus, after an issuer issues a coin, the withdrawer is the only party who ``sees'' this coin. When the withdrawer makes a payment with it, the payee doesn't see the coin; it is in a digitally sealed envelope which goes straight to the issuer for validation. This implies ``on-line'' payments where the issuer is involved in every such transaction. In addition, the internal representation of the coin does not enable insiders with access to its database to use it--a coin is checked by a tamper-proof hardware for its validity.
Coins are treated as bearer instruments, like real currency. The user has the money if s/he has a (valid) coin; no questions asked.
The security requirements that we pursue are those of ``strong cryptography'' for the protection of financial transactions; the use of ``weak cryptography'' only (e.g., 40 bit-long keys and passwords) is insufficient for e-money. International usage of the system is possible if the encryption is not made ``general purpose,'' but is rather restricted to the use inside the user's software.