|
Title: Simple Merchant Payment Processing w/o a 3rd Party Post by: judah on September 04, 2013, 04:59:55 AM [Request for Comment]
A generalized and extendable merchant payments system utilizing hierarchical deterministic keys (BIP 32 (https://en.bitcoin.it/wiki/BIP_0032)). Needs addressed:
Proposed Solution: 1. A core set of end-use agnostic merchant tools 2. Bridges to specific merchant environments developed and shared as needed. With a stable core back-end providing key management and bitcoin network communication, bridge work can focus directly on meeting merchant needs. A bounty system can be used to develop special-use bridges. Examples: a REST bridge for Android or a Megento bridge with automatic fiat-to-btc conversion. Core functionality (draft, requesting feedback)
Simplest walkthrough: a) Core configured with master public extended key and datastore. b) request for payment of 1btc received (with attached callback) c) created address returned, SPV watch set on address d) Zero-conf payment received, callback and datastore notified - confirmations subsequently received, callback and datastore notified e) or, configured timeout time reached, watched address dropped, callback canceled. f) --later-- audit report requested for all payments received (i.e., over a given timeframe). Why isn't this already developed? If it is, why haven't I heard of it? Similar Projects (please supply more): acceptbit.com (http://acceptbit.com): Uses BIP 32, Http interface, uses blockchain.info for notifications, *can be hosted locally. BitcoinSCI (Shopping Cart Interface) (http://bitfreak.info/?page=tools&t=bitsci): Uses BIP 32, PHP/MySQL implementation, uses blockexplorer.com for watch wallet. BitShop (http://bitfreak.info/bitshop/) Web Store package uses BitcoinSCI MultiBit Merchant (https://github.com/gary-rowe/MultiBitMerchant/wiki/Introduction): In development, full Web Store/multi-use implementation. Shopping cart interfaces (https://en.bitcoin.it/wiki/Category:Shopping_Cart_Interfaces) list at Bitcoin Wiki. project website: bitcashier.org (http://bitcashier.org) related Reddit thread (http://www.reddit.com/r/Bitcoin/comments/1ljnjb/better_merchant_tools_wanted_bitcoinstarter/) edit: formatting, this is my first bitcointalk post, please be gentle. Title: Re: Generalized Payment Gateway Post by: judah on September 05, 2013, 12:20:11 AM General Module Diagram
https://i.imgur.com/RgNHhaP.png Bridge and Persistence modules can chosen to best match the Merchant's needs and desires. Title: Re: Simple Merchant Payment Processing w/o a 3rd Party Post by: jedunnigan on September 06, 2013, 06:43:13 AM Quote d) Zero-conf payment received, callback and datastore notified me again. To minimize the probability of a double spend attack I recommend you increase the default number of node connections to around 100. This will be implemented in the protocol somewhere down the line (hopefully soon) but regardless it is something to think about. 0 confs are tricky be careful with those. source: http://www.tik.ee.ethz.ch/file/848064fa2e80f88a57aef43d7d5956c6/P2P2013_093.pdf Title: Re: Simple Merchant Payment Processing w/o a 3rd Party Post by: judah on September 06, 2013, 07:00:24 AM Quote 0 confs are tricky be careful with those. Yes certainly, especially with sales of digital media.zero-conf would primarily be used to notify the customer that their broadcast has been received. Merchant business logic should actually place the order on 4, 5, 6, confirmations or whichever is necessary. Point-of-sale (i.e., a restaurant) is an interesting case because the double-spender would physically be present while another agent would be elsewhere trying to double spend within the same block, correct? Title: Re: Simple Merchant Payment Processing w/o a 3rd Party Post by: jedunnigan on September 06, 2013, 04:37:24 PM Quote 0 confs are tricky be careful with those. Yes certainly, especially with sales of digital media.zero-conf would primarily be used to notify the customer that their broadcast has been received. Merchant business logic should actually place the order on 4, 5, 6, confirmations or whichever is necessary. Point-of-sale (i.e., a restaurant) is an interesting case because the double-spender would physically be present while another agent would be elsewhere trying to double spend within the same block, correct? A double spend occurs when an attacker broadcasts two txs at once spending the same coin, one to the receiving party and the other to themselves. There is a ~75% chance that the first tx seen by the network will be accepted. There is a 50/50 chance that either one will be seen first, so a double spend has ~32.5% probability of occurring right now. It can be lowered pretty significantly with a few minor changes to the merchant's client software. You can read about it here (disclaimer, I wrote the summary): http://btcgsa.info/?p=284 You should read about the return chaining as well, because giving change is definitely a feature you will need. |
