Bitcoin Forum
May 19, 2022, 07:48:52 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Economy / Securities / [IPO][Offline hardware wallet with RFID] - BitAegis IPO Plan on: November 25, 2014, 05:00:05 PM
BitAegis IPO Plan

1. What is BitAegis?

BitAegis is a specialized hardware that design of bitcoin holder, you can be very convenient to use it with your mobile phone&computer to send, receive the bitcoins, and you completely don't need to worry about the risk of the private key leak.
BitAegis is based on singlechip to develop, you can communicate between the hardware and networking terminal’s APP with RFID medium. It follows the principle of design is not connect to the Internet, not communication with networking equipment, encrypted data storage and don't use unsafe algorithm. RFID medium will be designed into the ring, bracelet or necklace, very easy to carry. You can communicate between the BitAegis and the networking terminal, using the RFID medium is work in 13.56MHz, the whole communicate process is completely encrypted transmission.

2. What is the advantage of BitAegis?

(1) BitAegis plans to use the fingerprint module called FPC1020 to protect security. FPC1020 is the world's first touch fingerprint sensor for Android mobile devices, and supports MCU secondary development. It's small size, low power consumption, simple interface, high reliability, reliable fingerprint template, large capacity fingerprint recognition (1700 fingerprint identification and response time of less than one second), you can perfect embed user system components to meet demand fingerprint identification products.

(2) FPC is the world's leading fingerprint sensors and capacitive touch phones and tablets fingerprint sensor supplier. And FPC1020 fingerprint payment module is dedicated fingerprint chip in cooperation with Alipay, Huawei. Since the second quarter of 2014 the current, FPC became the world's largest manufacturer of mobile payments. Huawei's products and solutions have been used in more than 170 countries around the world, the world's top 50 telecom operators in 45 and 1/3 of the world's population. These companies are in the transaction payment industry has a pivotal position.
(3) BitAegis compare with others similar products: don't use the QR code scanning mode, is not directly connect with the networkinging equipment (use Bluetooth, USB, WIFI etc.), the use of the process is more convenient, more secure.
(4) BitAegis will hire a designer to design the appearance of production appearance, packaging, makes the product more beautiful, accord with human body engineering. And we will choose the best of several factories that by the board of Directors voted OEM factory, to ensure product quality and quickly.
(5) Pay flowsheet:

(6) Collect flowsheet:

3. How to protect bitcoins?

3.1 Data is encrypted to store.

(1) All data in BitAegis (including but not limited to the private key and personal password, fingerprint images, fingerprint password, keyA/keyB when using RFID communication needs) is encrypted to store.
(2) We’ll using SHA256 encryption storage cycle 7600 times, when the authentication password, the entered password can be encrypted 7600 times, compared with the stored ciphertext, in order to determine whether the password is correct.

3.2 Access control

In the payment process, networking terminal only input address and payment amount, process transactions offline signature run in hardware wallet.

3.3 How to prevent the password guessing?

When you use the BitAegis and networking terminal’s APP to conduct special operations, all have password authentication steps.

(1) The use of BitAegis will compulsory locked when wrong password is entered 3 times, it unlock only allows the use of fingerprint password.
(2) The use of networking terminal’s APP will compulsory locked when wrong password is entered 3 times, it unlock only allows the use of RFID medium.(The networking terminal don't save the privacy data, this is just to prevent the password guessing.)

3.4 How to control risk of networking terminal, when it is Rooted or Jailbreaked?

(1) To ensure the networking terminal’s APP will not be root-permissions-malicious-APP or root-permissions-malicious-user to read the APPdata's privacy data when it is Rooted or Jailbreaked: we will using SHA256 encryption storage cycle 7600 times to save personal password.
(2) To ensure the networking terminal’s APP will not be root-permissions-malicious-APP or root-permissions-malicious-user to change the use of SHA256 encryption ciphertext when it is Rooted or Jailbreaked,thereby bypassing password change process: RFID medium's keyA/keyB is encode by the personal password, if it is forced to change the SHA256-ciphertext , the RFID medium will not work with the networking terminal’s APP.
(3) To ensure the networking terminal’s APP will not be root-permissions-malicious-APP or root-permissions-malicious-user to delete the APPdata's privacy data when it is Rooted or Jailbreaked, thereby bypassing password change process: if it is forced to delete the SHA256-ciphertext, the networking terminal will be the first time you use case, and the networking terminal’s APP will does not communicate with the RFID medium, when you set up a non-original password.

3.5 How to control risk of RFID communicate’s MITM(Man-in-the-Middle Attack)? Although it is unlikely.

Every communication that between the BitAegis and the networking terminal,will show the communication information in their respective screen (address the amount and so on) and confirmation of these information.

3.6 How to control risk of the charging interface’s attack(USB Trojan)?

BitAegis 's interface can only charge, we will remove the data transmission function. The data line was also cancelled data transmission function.

As shown:

Of course, we will remove the data transmission function from the circuit, not just in the data line. This picture is just for the convenience of everyone to understand.

3.7 How to control risk of the algorithms, when the networking terminal's APP is cracked?

(1) We’ll using SHA256 encryption storage cycle 7600 times to save data, SHA256 is a strong algorithm, bitcoin system is also in the use of it.
(2) If the verification of personal password is correct, then use the personal password encrypted, to generate 32 ciphertext to as each sector keyA/keyB. So if you don't know the personal password, get the algorithm is not helpful.

3.8 How to control risk, when the RFID medium is lost?

(1) RFID communicate need to use keyA/keyB. So if you don't know the personal password, unable to read RFID medium's data.
(2) With two RFID medium will be in the product list, if you lose the RFID media, you can continue using BitAegis, but in order to perfectly safe you can transfer bitcoins to a new address and take new private key save to BitAegis.

3.9 How to control risk, when BitAegis is lost?

(1) All data in BitAegis is encrypted storage, boot and transact both need to verify the fingerprint password or personal password, and BitAegis doesn't have any interface can read or transmit data.
(2) RFID medium can be traded and backup, you can put the private key backup to RFID medium. These data will be encrypted with AES, and if you don’t have A cann’t read the data.
(3) You can also use the networking terminal's APP function is called emergency and transfer bitcoins to a new address.

4. The Goal of the BitAegis IPO

This project needs the money and manpower. We must follow the latest technology and many details need to optimize, maintain. And we are need to planning for its final go-to-market and commercialization.

The BitAegis IPO plan aims to raise money for the following efforts:
(1) We plan to build R & D team and operation team.
(2) We plan for BitAegis go-to-market and commercialization.
(3) We plan to applied for BitAegis's technical details to patent protection.
(4) We will build a sales team and sell BitAegis to profit when we finish the above task.
(5) And we will continue to research of software and hardware that work on more system, we will also continue to maintain the product.

5.Business Plan

5.1 Business Model

(1) We plan to sell our full set of hardware, which includes a offline hardware wallet and RFID mediums.
(2) We plan to sell a single RFID medium.
(3) We plan to allow to DIY the RFID medium.
(4) We plan to go on to develop of free APP and their function maybe not used in Bitcoin.

5.2 Project Team Members

First hires: 3 Embedded Engineers, 2 programmers in C/C++ language, 2 programmers in Android language, 1 RFID Engineer, 1 UI Designer, 1 Outline Designer.
Additional Hires: 1 HR & Adm. Manager, 2 sales representative.
Additional Hires: 2 IOS Engineers, 1 RFID secondary development Engineer, 1 OS X development Engineer, 1 Blackberry Software Engineer.

5.3 Operations Plan

(1) We plan to BitAegis commercialization, within 6-8 months after the end of the IPO.
(2) We plan to make our shares tradable on virtual exchanges, subject to board and share holder approval.
(3) We plan to make BitAegis can work on all systems, within 18 months after the end of the IPO.
(4) We plan to continue to develop more free APP to profit.
(4) We plan to continue to develop other hardware and their role may include but are not limited to protect the security of the users Bitcoins.

6. This IPO Plan

6.1 Investment options

Investors can choose to buy shares or buy pre-sale hardware:
Investors purchase shares, you will get the profit when the sale of the product, and we will receive dividends according to the proportion of investments. Investors hold more than 1% of the total share capital, you can have a 30% discount to buy two sets of BitAegis again, investors hold more than 2% of the total share capital, you can have a 35% discount to buy two sets of BitAegis again, investors hold more than 5% of the total share capital,you can use the cost price to buy two sets of BitAegis again, and investors hold more than 10% of the total share capital, you can get two BitAegis and you can hava a 45% discount to buy unlimited sets of BitAegis again.
Investors purchase pre-sale equipment, you will get a complete set of equipment when the BitAegis is successfully release and you can have a 20% discount to buy two sets of BitAegis again, but you don't have profit-sharing.
If there is no shares will stop, and pre-sale will stop before the BitAegis was released.

6.2 Shares Issuing Plan

(1) We have created 5,000 shares for this BitAegis project. Existing project founders will be issued 3,000 shares (or 60%). We plan to make 2,000 shares available in the upcoming IPO.
(2) We plan an IPO price of 1 BTC per share, raising 2,000 BTC in funding for the project.
(3) We plan to keep 80% of the IPO proceeds in BTC, and the other 20% in fiat currencies as working capital. As the project proceeds, we will exchange the BTC funds into fit currencies on an as-needed basis.
(4) If the IPO to less than 500B, we will return all coins, IPO failed; if IPO to over 2,000B, we will all return that exceeding the coins, the project will be officially launched.

6.3 Board of Directors

We plan to operate this project using customary practices of operating a corporation. We plan to have a board to represent the interest of the share holders and make major decisions for the project.
(1) The board shall have 5 seats, 3 of them will be designated by the founding members of this project.
(2) The shares sold through the IPO are called “floating shares”. Owners of the floating shares are entitled to appoint 2 members to the board using the following process: The two largest holders of floating shares can each appoint a board member (possibly the holders themselves) provided that such holders' shares exceed 1% of total outstanding shares. If there are remaining board seat, the top 5 remaining floating shares owners can each appoint a board member candidate, and a vote of the floating share holders will determine the board members.
(3) In general the board makes decisions by simple majority. If any decisions are made against the votes of the 2 board members appointed by the floating share owners, the board is to provide a good-faith explanation on the issues.
(4) Board Meeting. The board makes decision through board meetings, each of which is to be attended by board members. Board members can attend such meetings remotely through telephone or instant messaging services, provided that each board members is able to clearly hear (or otherwise understand) the issues being discussed, and be able to effectively cast votes on decisions. The board shall keep minutes of each meeting and make it available for inspection for all share holders of 1% of more shares, upon request.

6.4 Shareholder Rights

(1) A share holder can elect board members, and can also be elected as board members.
(2) A share holder is entitled to dividend payout proportional to the shares. When the project starts to generate profits, we plan to declare a dividend every month. 20% of net profit will be kept by the project as working capital, the other 80% will be declared as dividend.
(3) A share holder has priority in purchasing our hardware.
(4) A share holder enjoy priority for trial of our new hardware and software.
(5) A share holder is entitled to review the monthly financial statements of the project.

6.5 Board Members Rights and Responsibilities

Board Members Rights
(1) Board members have all rights of shareholders.
(2) Board members are to attend a board meeting once every quarter, possibly through a email/offline conferencing arrangement. We make important decisions for the project in these meetings.
(3) Board members are to attend special board meetings when called upon, to make certain necessary and urgent decisions for the project.
Board Member Responsibilities
(1) Attend regular board meeting on a quarterly basis.
(2) Keep project information in strict confidence, unless specifically authorized by the board to communicate certain limited information to outside parties.
(3) Not to trade the floating shares or any derivative rights of this project based on inside information gained from board meetings.
(4) Violation of rules above will result in the termination of board membership, as decided by a majority of board members. Vacated seats will be filled through special elections.
(5) Board members are to stay current with the desires and thinking of the share holders, and help represent their interest at board meetings.

6.6 Exit Methods

(1) Floating shares can be traded freely post IPO, provided that such trading is properly recorded with the project.
(2) After we make our shares available on exchanges, the shares can be traded freely.
(3) The project founders' 60% shares are to be locked up for 12 months after the IPO date. No sales of such shares shall take place during the lock-up period.

6.7 Information Disclosure on Finances and Dividends

(1) The project will send out a newsletter to all registered share holders at the beginning of every month, with information on project progress over the past month, and project balance sheet and income statement.
(2) In special situations, the project may contact all share holders for special information disclosure, and/or call for special elections.
(3) The project will declare 80% of operating profit (if any,defined as revenue minus cost) as dividend at the beginning of every month, and issue to all share holders.

6.8 Share Holder Risks

(1) The project team members and IPO organizers may fail to fulfill their obligations.
(2) Additional risk exists with the possibility that we will not be able to sell the hardware in enough qualities, or at all. So far we have seen great demand for such hardware and believe this to be a low risk, which nevertheless exists.
(3) Other unforeseen risks.

6.9 Project Termination and Liquidation

We plan to terminate this project in the following scenarios.
(1) We incur losses for two consecutive years.
(2) Unforeseen factors causing our project not to be able to continue.
Upon project termination, we use the following formula to calculate the value of each outstanding share.
(1) If we have net profit of the project (defined as revenue minus cost) for the life of the project, every one of the floating shares is to be worth:
(IPO proceeds + (sales profit- dividend)* 40%) / floating shares
(2) If the net sales profit above is negative, every one of the floating shares is to be worth:
(IPO proceeds + profit – dividend) / floating shares
The project will repurchase each floating share at a price calculated above.

Demonstration Scheme:
We issues 2,000 BTC and 2,000 shares are raised in funding for the project. One day, the project has to be terminated. We calculate the value of every floating shares depended on two different situations.
(1) Revenue 3250B, dividend 1600B, cost 1250B
The value of every floating share:
So, every floating share will receive 1.08B.
Shareholders' total income = 1.08+1600*0.4/2000=1.40B
Project founders will get 1600*0.6=960B.

(2) Revenue 1250B, dividend 0B, cost 1500B
The value of every floating shares= (2000-250)/2000=1750/2000=0.875B
Shareholders' total income = 0.875B
Project founders will get 0B.

It is obviously that the project team can't make money unless they operate the project better and will be rewarded a lot from shares, that is the common interest of IPO share holders.

6.10 Possible Secondary Offering

The project may conduct a secondary offering to issue additional shares, when the following conditions are met.
(1) The project is seeing some sales volume.
(2) The project is seeing additional new direction of development.
(3) The board has approved such secondary offering plan.

The project team commits to the following:
(1) The secondary offering will not take place within 1 year of the IPO.
(2) We make every effort to protect the interest of the floating share holders.

BitAegis Project Team

Shares address:
BitAgis's shares address.

Pre-sale address:
BitAgis's pre-sale address.
2  Other / Off-topic / Cross-VM attack on AES on: November 24, 2014, 04:56:04 PM
Abstract: In cloud computing, efficiencies are reaped by resource sharing such as co-location of computation and deduplication of data. This work exploits resource sharing in virtualization software to build a powerful cache-based attack on AES. We demonstrate the vulnerability by mounting Cross-VM Flush+Reload cache attacks in VMware VMs to recover the AES keys of OpenSSL 1.0.1 running inside the victim VM. Furthermore, the attack works in a realistic setting where different VMs are located on separate cores. The modified flush+reload attack we present, takes only in the order of seconds to minutes to succeed in a cross-VM setting. Therefore long term co-location, as required by other fine grain attacks in the literature, are not needed. The results of this study show that there is a great security risk to OpenSSL AES implementation running on VMware cloud services when the deduplication is not disabled.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!