ionspin (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 21, 2011, 09:30:08 PM |
|
Hey everyone, Yesterday a few people from #bitcoin and myself decided to start an open source project with the aim of designing/producing a physical Bitcoin card, not unlike standard credit cards The card would contain a separate wallet, which you could recharge from your computer. Currently there are several proposals on the card concept, and the two most practical are : 1. Smartcard with custom software to support BitCoins 2. Custom hardware dongle/card with display and keypad for increased security The other part of the project is the desktop-side software which would take care of backing up the cards wallet, and general management related to the BitCoinCard Both approaches have their pros and cons On the note that that the BitCoin is not ready for this type of usage, I agree, but it doesn't prevent us from starting on time, and have a solution when it's ready You can follow and join the discussion here: http://groups.google.com/group/bitcoincardWiki (which is currenly unorganized and mostly empty): http://bitcoincard.wikispot.org/Front_PageGitHub repository (also empty): https://github.com/ionspin/BitCoinCardThe project is just beginning, and any input and support will be appreciated! Note to mods, as this is my first post, I can only post in the newbies section, so please move the topic to the appropriate session. Thanks!
|
|
|
|
acesun
Newbie
Offline
Activity: 16
Merit: 0
|
|
June 21, 2011, 09:57:42 PM |
|
This is very interesting, I wish you good luck and I hope to hear great news from you in the future.
|
|
|
|
bitcoindude
Newbie
Offline
Activity: 13
Merit: 0
|
|
June 21, 2011, 10:09:17 PM |
|
Good project. Keep on innovating. This thing is here to stay...
|
|
|
|
enmaku
|
|
June 21, 2011, 10:20:52 PM |
|
I have a suggestion.
Part of why mag-stripe cards find more use than smart cards is because they are cheap and ubiquitous. Every merchant on the planet has some device already which scans mag-stripe cards and if they somehow don't (or use an embedded device) they can be had for less than $20.
When base-64 encoded, the public and private keys for a single wallet are plenty small enough to fit on the two tracks readable by most devices. Simply use a block cipher of some sort and a standard PIN number to secure the private key before burning to a card, write a little software to b64decode the keys and you're good to go. More merchants will accept a mag-stripe solution than a smartcard solution because it either uses hardware they already own OR it requires less expensive hardware.
You may also consider hacking together a small embedded device that handles all of this for the merchant and just needs a network connection. Once bitcoin gets ported to Android successfully you could easily write software for a smallish tablet like the Archos 7, which has a USB host adapter cable that allows keyboards and other HID compliant devices (like mag-stripe readers) to be attached. It's also fairly cheap in the $130-$150 range.
Merchants like easy, merchants like familiar, and merchants definitely like cheap. Give them something with a < $200 buy-in cost that will bring them niche business from the bitcoin folks that won't cost them monthly fees or steal a percentage of their profits and they will come in swarms. Make it convert to USD and deposit in Dwolla or such automatically and it'll be an even easier sell.
|
|
|
|
smartcardguy
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 22, 2011, 02:35:48 PM Last edit: June 22, 2011, 07:06:03 PM by smartcardguy |
|
Hey everyone, Yesterday a few people from #bitcoin and myself decided to start an open source project with the aim of designing/producing a physical Bitcoin card, not unlike standard credit cards The card would contain a separate wallet, which you could recharge from your computer. Currently there are several proposals on the card concept, and the two most practical are : 1. Smartcard with custom software to support BitCoins 2. Custom hardware dongle/card with display and keypad for increased security The other part of the project is the desktop-side software which would take care of backing up the cards wallet, and general management related to the BitCoinCard Both approaches have their pros and cons On the note that that the BitCoin is not ready for this type of usage, I agree, but it doesn't prevent us from starting on time, and have a solution when it's ready You can follow and join the discussion here: http://groups.google.com/group/bitcoincardWiki (which is currenly unorganized and mostly empty): http://bitcoincard.wikispot.org/Front_PageGitHub repository (also empty): https://github.com/ionspin/BitCoinCardThe project is just beginning, and any input and support will be appreciated! Note to mods, as this is my first post, I can only post in the newbies section, so please move the topic to the appropriate session. Thanks! Started a thread on a very similar concept see: http://forum.bitcoin.org/index.php?topic=20933.0;all
|
|
|
|
smartcardguy
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 22, 2011, 02:40:56 PM Last edit: June 22, 2011, 06:20:45 PM by smartcardguy |
|
I have a suggestion.
Part of why mag-stripe cards find more use than smart cards is because they are cheap and ubiquitous. Every merchant on the planet has some device already which scans mag-stripe cards and if they somehow don't (or use an embedded device) they can be had for less than $20.
When base-64 encoded, the public and private keys for a single wallet are plenty small enough to fit on the two tracks readable by most devices. Simply use a block cipher of some sort and a standard PIN number to secure the private key before burning to a card, write a little software to b64decode the keys and you're good to go. More merchants will accept a mag-stripe solution than a smartcard solution because it either uses hardware they already own OR it requires less expensive hardware.
You may also consider hacking together a small embedded device that handles all of this for the merchant and just needs a network connection. Once bitcoin gets ported to Android successfully you could easily write software for a smallish tablet like the Archos 7, which has a USB host adapter cable that allows keyboards and other HID compliant devices (like mag-stripe readers) to be attached. It's also fairly cheap in the $130-$150 range.
Merchants like easy, merchants like familiar, and merchants definitely like cheap. Give them something with a < $200 buy-in cost that will bring them niche business from the bitcoin folks that won't cost them monthly fees or steal a percentage of their profits and they will come in swarms. Make it convert to USD and deposit in Dwolla or such automatically and it'll be an even easier sell.
The problem with this approach is that every merchant "has" to steal your private key for it to work, even a honest host could screw up and keep a copy or if they infected they could be doing it for the bad guy without knowing it. It's very possible build a secure variant wih cards being around 10 usd each if in reasonable volume with pos solutions ranging from 20 to 200 or so. Just have to design around commodity hw just not mag cards
|
|
|
|
ionspin (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 22, 2011, 02:43:23 PM |
|
@bitcoindude & acesun Thanks for the support!
@enmaku
I agree with you that this solution would be the most cost effective and ubiquitous, but we haven't really considered mag-stripe cards yet, and the reason is (other than I know very little about them:) ) that we want to provide a certain level of security. With mag-stripes the problem is that they could be cloned, and then easily brute-forced to reveal the private key. With a normal card in this situation you could call your bank and declare the card invalid before most of the damage is done, but with bitcoins that option doesn't exist. Of course I strongly support the development of mag-stripe bitcoin cards if there are people willing to use it, it's just that I would like for us to focus first on smartcard based cards because they provide a higher level of security. My suggestion is to prioritize development in this order:
1. Smartcard Bitcoin card 2. Custom hardware with keypad and display Bitcoin card 3. Mag-Stripe Bitcoin card
If we can gather enough people and resources to develop all of three of these options in parallel, excellent!
Again, I must say, that I'm not an expert in this area, and if my assumptions are wrong, please correct me, I would also like to receive continued input from the community during the development of the project. The project is still in it's early beginnings, but already people are starting to participate, and I am really happy about that.
|
|
|
|
joepie91
|
|
June 22, 2011, 03:08:02 PM |
|
Watching this thread.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
cothoms
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 22, 2011, 03:23:22 PM |
|
It's great to get such an early head start! Look at how well the early miners have done for themselves. There are still quite a few hurdles for BTC to overcome, but if it happens, I think you are positioning yourself well. It will be worth it as long as you enjoy doing it; if you are okay working on this with the mindset that you might never make a penny, then you have nothing to lose.
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
June 22, 2011, 03:29:44 PM |
|
2. Custom hardware dongle/card with display and keypad for increased security
A custom device with only the bare essentials to connect to the bitcoin network and send transactions would be something awesome. I can't see a better way to protect your wallet while also using it.
|
|
|
|
ionspin (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 22, 2011, 04:57:47 PM |
|
2. Custom hardware dongle/card with display and keypad for increased security
A custom device with only the bare essentials to connect to the bitcoin network and send transactions would be something awesome. I can't see a better way to protect your wallet while also using it. We have considered this approach also,in one scenario, you would have: 1.(at home) a secure smart card reader with display and keypad (something like this http://www.smartcardfocus.com/shop/ilp/id~312/ACR83/p/index.shtml) 2. your "main" wallet smart card (this smart card wouldn't be used for small transactions when you are out shopping). Whenever the bitcoin client wants to send bitcoins, it would send the card request to sign a certain amount of bitcoins, the amount would be shown on the the display, and you would enter your pin to confirm the request. This would secure your transactions from keyloggers and malware as long as the card reader is not compromised. Of course there would need to have a backup of your wallet.dat so that in case you lose your smart card (unlikely for a "main" wallet smart card) you don't lose the coins. This backup would of course be on a media not stored in your network-connected pc (usb in safe is a safe bet ) You can see the more links on http://bitcoincard.wikispot.org/Front_Page (Oh, and a perfect opportunity to ask if someone is willing to administer the wiki?)
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
June 23, 2011, 12:08:06 PM |
|
I'm not an expert, but isn't the private key memory area of a smart card unrecheable? How would you backup your wallet if it is in a smart card? For a home use dedicated device, I don't think it needs a smartcard. Just a flash memory, plus wallet encryption with a password should be enough. Actually it's better, since you could easily make backups of this encrypted wallet. How I see such device: - Small, but not necessarily pocket-portable
- With a small keyboard
- With inner storage capable of storing the wallet, a light-weight blockchain (headers + blocks in which you have money) and all the software it needs
- Capable of password protecting your wallet
- Wallet management and transfers features just like in the bitcoin client
- A camera so the user can read bitcoins addresses or QR codes with btc addresses from anywhere
- Wi-fi used only to connect to the bitcoin network, nothing else
- With a USB port so you can make backups of your wallet somewhere else
- As cheap as possible, meaning monochromatic screen and no unnecessary fancy stuff like touchscreen etc
And as a big bonus, although not that important: - Embedded anonymisation proxies (Tor, I2P)
- Bio-metric authentication
Such a device would be just wonderful.
|
|
|
|
karoshi
Newbie
Offline
Activity: 11
Merit: 0
|
|
June 23, 2011, 01:01:14 PM |
|
very interesting concept.
|
|
|
|
MichaelNightTime
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 23, 2011, 03:05:56 PM |
|
This is exactly what we need.
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
June 23, 2011, 03:10:15 PM |
|
A 'light' client for use on portable devices would be a huge win. Does that already exist?
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
bitcola
|
|
June 23, 2011, 03:27:49 PM |
|
You should look at smartphones.
Already in Japan and Korea they have skipped the smartcard and people are now paying by waving their smartphones at the counter (no idea how it works).
Also, have a separate wallet for this concept as a whole then security is not really a concern.
It's like my current smartcard used for public transport and sometimes other services that can be used in London (Oyster), Hong Kong (Octopus) and many other cities. You don't store your entire bank holdings on it, just enough for a week, say $100 max.
If you encrpyt it good enough, no hacker will bother to spend time to just get 10 bucks on the card.
|
|
|
|
ionspin (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 23, 2011, 07:19:50 PM |
|
I'm not an expert, but isn't the private key memory area of a smart card unrecheable? How would you backup your wallet if it is in a smart card? For a home use dedicated device, I don't think it needs a smartcard. Just a flash memory, plus wallet encryption with a password should be enough. Actually it's better, since you could easily make backups of this encrypted wallet. How I see such device: - Small, but not necessarily pocket-portable
- With a small keyboard
- With inner storage capable of storing the wallet, a light-weight blockchain (headers + blocks in which you have money) and all the software it needs
- Capable of password protecting your wallet
- Wallet management and transfers features just like in the bitcoin client
- A camera so the user can read bitcoins addresses or QR codes with btc addresses from anywhere
- Wi-fi used only to connect to the bitcoin network, nothing else
- With a USB port so you can make backups of your wallet somewhere else
- As cheap as possible, meaning monochromatic screen and no unnecessary fancy stuff like touchscreen etc
And as a big bonus, although not that important: - Embedded anonymisation proxies (Tor, I2P)
- Bio-metric authentication
Such a device would be just wonderful. There are two different usage scenarios I was talking about here: The one we are concentrating on is 1. A Bitcoin smart card that would contain a separate wallet you could "fill-up" and go shopping outside, here you would back up your wallet by making a copy of keys when initializing the smart card The one i guess you are referring to, and which was just an after-tought to the first one 2. A Bitcoin card that holds your "main" wallet key and you keep at home in your smart card reader, that authorizes transactions by signing them (after you enter the pin), therefore mitigating the risk, i was talking about backing up the keys of this card on a safe location. This would prefent malware, keylogers etc, from getting your keys. As for the device proposition, we are actively talking about such device, but we want to start cost efficient and with less development at first, and concentrate on a smart card. The hardware device would come later, or if we have enough resources (manpower and expertize) we could do it in parallel. Anyways, thanks for your input on this!
|
|
|
|
ionspin (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 23, 2011, 07:24:44 PM |
|
You should look at smartphones.
Already in Japan and Korea they have skipped the smartcard and people are now paying by waving their smartphones at the counter (no idea how it works).
Also, have a separate wallet for this concept as a whole then security is not really a concern.
It's like my current smartcard used for public transport and sometimes other services that can be used in London (Oyster), Hong Kong (Octopus) and many other cities. You don't store your entire bank holdings on it, just enough for a week, say $100 max.
If you encrpyt it good enough, no hacker will bother to spend time to just get 10 bucks on the card.
As I have seen, there already are some projects regarding wallet on smartphone (at least on the android devices), and we are considering this, or at least supporting something like this. But as smartphone systems are complex, there is a lot of room for security issues, and we want to make something that will be secure enough to prevent at least remote hacking. Nobody will bother to hack for 10$, but if you can replicate the hypothetic issue on a number of phones, the profit could be large. With smart card you need physical presence to hack them (Or so I believe) Thanks for the suggestion though!
|
|
|
|
|