Bitcoin Forum
November 11, 2024, 03:41:22 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BitcoinCard - take your bitcoins out for a walk  (Read 1518 times)
ionspin (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 21, 2011, 09:30:08 PM
 #1

Hey everyone,

Yesterday a few people from #bitcoin and myself decided to start an open source project with the aim of designing/producing a physical Bitcoin card, not unlike standard credit cards

The card would contain a separate wallet, which you could recharge from your computer.
Currently there are several proposals on the card concept, and the two most practical are :

1. Smartcard with custom software to support BitCoins
2. Custom hardware dongle/card with display and keypad for increased security

The other part of the project is the desktop-side software which would take care of backing up the cards wallet, and general management related to the BitCoinCard

Both approaches have their pros and cons

On the note that that the BitCoin is not ready for this type of usage, I agree, but it doesn't prevent us from starting on time, and have a solution when it's ready

You can follow and join the discussion here: http://groups.google.com/group/bitcoincard

Wiki (which is currenly unorganized and mostly empty): http://bitcoincard.wikispot.org/Front_Page
GitHub repository (also empty): https://github.com/ionspin/BitCoinCard
The project is just beginning, and any input and support will be appreciated!


Note to mods, as this is my first post, I can only post in the newbies section, so please move the topic to the appropriate session. Thanks!
acesun
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 21, 2011, 09:57:42 PM
 #2

This is very interesting, I wish you good luck and I hope to hear great news from you in the future.
bitcoindude
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
June 21, 2011, 10:09:17 PM
 #3

Good project. Keep on innovating. This thing is here to stay...
enmaku
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
June 21, 2011, 10:20:52 PM
 #4

I have a suggestion.

Part of why mag-stripe cards find more use than smart cards is because they are cheap and ubiquitous. Every merchant on the planet has some device already which scans mag-stripe cards and if they somehow don't (or use an embedded device) they can be had for less than $20.

When base-64 encoded, the public and private keys for a single wallet are plenty small enough to fit on the two tracks readable by most devices. Simply use a block cipher of some sort and a standard PIN number to secure the private key before burning to a card, write a little software to b64decode the keys and you're good to go. More merchants will accept a mag-stripe solution than a smartcard solution because it either uses hardware they already own OR it requires less expensive hardware.

You may also consider hacking together a small embedded device that handles all of this for the merchant and just needs a network connection. Once bitcoin gets ported to Android successfully you could easily write software for a smallish tablet like the Archos 7, which has a USB host adapter cable that allows keyboards and other HID compliant devices (like mag-stripe readers) to be attached. It's also fairly cheap in the $130-$150 range.

Merchants like easy, merchants like familiar, and merchants definitely like cheap. Give them something with a < $200 buy-in cost that will bring them niche business from the bitcoin folks that won't cost them monthly fees or steal a percentage of their profits and they will come in swarms. Make it convert to USD and deposit in Dwolla or such automatically and it'll be an even easier sell.
smartcardguy
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
June 22, 2011, 02:35:48 PM
Last edit: June 22, 2011, 07:06:03 PM by smartcardguy
 #5

Hey everyone,

Yesterday a few people from #bitcoin and myself decided to start an open source project with the aim of designing/producing a physical Bitcoin card, not unlike standard credit cards

The card would contain a separate wallet, which you could recharge from your computer.
Currently there are several proposals on the card concept, and the two most practical are :

1. Smartcard with custom software to support BitCoins
2. Custom hardware dongle/card with display and keypad for increased security

The other part of the project is the desktop-side software which would take care of backing up the cards wallet, and general management related to the BitCoinCard

Both approaches have their pros and cons

On the note that that the BitCoin is not ready for this type of usage, I agree, but it doesn't prevent us from starting on time, and have a solution when it's ready

You can follow and join the discussion here: http://groups.google.com/group/bitcoincard

Wiki (which is currenly unorganized and mostly empty): http://bitcoincard.wikispot.org/Front_Page
GitHub repository (also empty): https://github.com/ionspin/BitCoinCard
The project is just beginning, and any input and support will be appreciated!


Note to mods, as this is my first post, I can only post in the newbies section, so please move the topic to the appropriate session. Thanks!

Started a thread on a very similar concept see: http://forum.bitcoin.org/index.php?topic=20933.0;all

smartcardguy
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
June 22, 2011, 02:40:56 PM
Last edit: June 22, 2011, 06:20:45 PM by smartcardguy
 #6

I have a suggestion.

Part of why mag-stripe cards find more use than smart cards is because they are cheap and ubiquitous. Every merchant on the planet has some device already which scans mag-stripe cards and if they somehow don't (or use an embedded device) they can be had for less than $20.

When base-64 encoded, the public and private keys for a single wallet are plenty small enough to fit on the two tracks readable by most devices. Simply use a block cipher of some sort and a standard PIN number to secure the private key before burning to a card, write a little software to b64decode the keys and you're good to go. More merchants will accept a mag-stripe solution than a smartcard solution because it either uses hardware they already own OR it requires less expensive hardware.

You may also consider hacking together a small embedded device that handles all of this for the merchant and just needs a network connection. Once bitcoin gets ported to Android successfully you could easily write software for a smallish tablet like the Archos 7, which has a USB host adapter cable that allows keyboards and other HID compliant devices (like mag-stripe readers) to be attached. It's also fairly cheap in the $130-$150 range.

Merchants like easy, merchants like familiar, and merchants definitely like cheap. Give them something with a < $200 buy-in cost that will bring them niche business from the bitcoin folks that won't cost them monthly fees or steal a percentage of their profits and they will come in swarms. Make it convert to USD and deposit in Dwolla or such automatically and it'll be an even easier sell.

The problem with this approach is that every merchant "has" to steal your private key for it to work, even a honest host could screw up and keep a copy or if they infected they could be doing it for the bad guy without knowing it.

It's very possible build a secure variant wih cards being around 10 usd each if in reasonable volume with pos solutions ranging from 20 to 200 or so. Just have to design around commodity hw just not mag cards Smiley
ionspin (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 22, 2011, 02:43:23 PM
 #7

@bitcoindude & acesun
Thanks for the support!

@enmaku

I agree with you that this solution would be the most cost effective and ubiquitous, but we haven't really considered mag-stripe cards yet, and the reason is (other than I know very little about them:) ) that we want to provide a certain level of security. With mag-stripes the problem is that they could be cloned, and then easily brute-forced to reveal the private key. With a normal card in this situation you could call your bank and declare the card invalid before most of the damage is done, but with bitcoins that option doesn't exist. Of course I strongly support the development of mag-stripe bitcoin cards if there are people willing to use it, it's just that I would like for us to focus first on smartcard based cards because they provide a higher level of security. My suggestion is to prioritize development in this order:

1. Smartcard Bitcoin card
2. Custom hardware with keypad and display Bitcoin card
3. Mag-Stripe Bitcoin card

If we can gather enough people and resources to develop all of three of these options in parallel, excellent!

Again, I must say, that I'm not an expert in this area, and if my assumptions are wrong, please correct me, I would also like to receive continued input from the community during the development of the project. The project is still in it's early beginnings, but already people are starting to participate, and I am really happy about that. 
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 22, 2011, 03:08:02 PM
 #8

Watching this thread.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
cothoms
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 22, 2011, 03:23:22 PM
 #9

It's great to get such an early head start!  Look at how well the early miners have done for themselves.  There are still quite a few hurdles for BTC to overcome, but if it happens, I think you are positioning yourself well.  It will be worth it as long as you enjoy doing it; if you are okay working on this with the mindset that you might never make a penny, then you have nothing to lose.
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
June 22, 2011, 03:29:44 PM
 #10

2. Custom hardware dongle/card with display and keypad for increased security

A custom device with only the bare essentials to connect to the bitcoin network and send transactions would be something awesome. I can't see a better way to protect your wallet while also using it.
ionspin (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 22, 2011, 04:57:47 PM
 #11

2. Custom hardware dongle/card with display and keypad for increased security

A custom device with only the bare essentials to connect to the bitcoin network and send transactions would be something awesome. I can't see a better way to protect your wallet while also using it.

We have considered this approach also,in one scenario, you would have:
1.(at home) a secure smart card reader with display and keypad (something like this http://www.smartcardfocus.com/shop/ilp/id~312/ACR83/p/index.shtml)
2. your "main" wallet smart card (this smart card wouldn't be used for small transactions when you are out shopping).

Whenever the bitcoin client wants to send bitcoins, it would send the card request to sign a certain amount of bitcoins, the amount would be shown on the the display, and you would enter your pin to confirm the request. This would secure your transactions from keyloggers and malware as long as the card reader is not compromised. Of course there would need to have a backup of your wallet.dat so that in case you lose your smart card (unlikely for a "main" wallet smart card) you don't lose the coins. This backup would of course be on a media not stored in your network-connected pc (usb in safe is a safe bet Smiley )

You can see the more links on http://bitcoincard.wikispot.org/Front_Page (Oh, and a perfect opportunity to ask if someone is willing to administer the wiki?)

caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
June 23, 2011, 12:08:06 PM
 #12

I'm not an expert, but isn't the private key memory area of a smart card unrecheable? How would you backup your wallet if it is in a smart card?

For a home use dedicated device, I don't think it needs a smartcard. Just a flash memory, plus wallet encryption with a password should be enough. Actually it's better, since you could easily make backups of this encrypted wallet.

How I see such device:

  • Small, but not necessarily pocket-portable
  • With a small keyboard
  • With inner storage capable of storing the wallet, a light-weight blockchain (headers + blocks in which you have money) and all the software it needs
  • Capable of password protecting your wallet
  • Wallet management and transfers features just like in the bitcoin client
  • A camera so the user can read bitcoins addresses or QR codes with btc addresses from anywhere
  • Wi-fi used only to connect to the bitcoin network, nothing else
  • With a USB port so you can make backups of your wallet somewhere else
  • As cheap as possible, meaning monochromatic screen and no unnecessary fancy stuff like touchscreen etc

And as a big bonus, although not that important:
  • Embedded anonymisation proxies (Tor, I2P)
  • Bio-metric authentication

Such a device would be just wonderful.Grin
karoshi
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
June 23, 2011, 01:01:14 PM
 #13

very interesting concept.
MichaelNightTime
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 23, 2011, 03:05:56 PM
 #14

This is exactly what we need.
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 23, 2011, 03:10:15 PM
 #15

A 'light' client for use on portable devices would be a huge win. Does that already exist?

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
bitcola
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
June 23, 2011, 03:27:49 PM
 #16

You should look at smartphones.

Already in Japan and Korea they have skipped the smartcard and people are now paying by waving their smartphones at the counter (no idea how it works).


Also, have a separate wallet for this concept as a whole then security is not really a concern.

It's like my current smartcard used for public transport and sometimes other services that can be used in London (Oyster), Hong Kong (Octopus) and many other cities. You don't store your entire bank holdings on it, just enough for a week, say $100 max.

If you encrpyt it good enough, no hacker will bother to spend time to just get 10 bucks on the card.

ionspin (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 23, 2011, 07:19:50 PM
 #17

I'm not an expert, but isn't the private key memory area of a smart card unrecheable? How would you backup your wallet if it is in a smart card?

For a home use dedicated device, I don't think it needs a smartcard. Just a flash memory, plus wallet encryption with a password should be enough. Actually it's better, since you could easily make backups of this encrypted wallet.

How I see such device:

  • Small, but not necessarily pocket-portable
  • With a small keyboard
  • With inner storage capable of storing the wallet, a light-weight blockchain (headers + blocks in which you have money) and all the software it needs
  • Capable of password protecting your wallet
  • Wallet management and transfers features just like in the bitcoin client
  • A camera so the user can read bitcoins addresses or QR codes with btc addresses from anywhere
  • Wi-fi used only to connect to the bitcoin network, nothing else
  • With a USB port so you can make backups of your wallet somewhere else
  • As cheap as possible, meaning monochromatic screen and no unnecessary fancy stuff like touchscreen etc

And as a big bonus, although not that important:
  • Embedded anonymisation proxies (Tor, I2P)
  • Bio-metric authentication

Such a device would be just wonderful.Grin

There are two different usage scenarios I was talking about here:

The one we are concentrating on is
1.  A Bitcoin smart card that would contain a separate wallet you could "fill-up" and go shopping outside, here you would back up your wallet by making a copy of keys when initializing the smart card

The one i guess you are referring to, and which was just an after-tought to the first one
2. A Bitcoin card that holds your "main" wallet key and you keep at home in your smart card reader, that authorizes transactions by signing them (after you enter the pin), therefore mitigating the risk, i was talking about backing up the keys of this card on a safe location. This would prefent malware, keylogers etc, from getting your keys.


As for the device proposition, we are actively talking about such device, but we want to start cost efficient and with less development at first, and concentrate on a smart card. The hardware device would come later, or if we have enough resources (manpower and expertize) we could do it in parallel.

Anyways, thanks for your input on this! Smiley
ionspin (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 23, 2011, 07:24:44 PM
 #18

You should look at smartphones.

Already in Japan and Korea they have skipped the smartcard and people are now paying by waving their smartphones at the counter (no idea how it works).


Also, have a separate wallet for this concept as a whole then security is not really a concern.

It's like my current smartcard used for public transport and sometimes other services that can be used in London (Oyster), Hong Kong (Octopus) and many other cities. You don't store your entire bank holdings on it, just enough for a week, say $100 max.

If you encrpyt it good enough, no hacker will bother to spend time to just get 10 bucks on the card.

As I have seen, there already are some projects regarding wallet on smartphone (at least on the android devices), and we are considering this, or at least supporting something like this. But as smartphone systems are complex, there is a lot of room for security issues, and we want to make something that will be secure enough to prevent at least remote hacking. Nobody will bother to hack for 10$, but if you can replicate the hypothetic issue on a number of phones, the profit could be large. With smart card you need physical presence to hack them (Or so I believe)

Thanks for the suggestion though!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!