Bitcoin Forum
December 03, 2016, 11:56:50 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Secure Bitcoin Using Existing "tanJack" Device for Online Banking!  (Read 1140 times)
Mageant
Legendary
*
Offline Offline

Activity: 1079



View Profile WWW
August 17, 2011, 03:45:58 PM
 #1

In Germany we use these devices called "tanJack" for secure online banking:
http://www.reiner-sct.com/content/view/189/
http://www.reiner-sct.com/component/option,com_docman/task,doc_view/gid,134/

What is does is when you do a bank transfer online the website displays some flashing blocks on a screen.
You put your bank card into the reader and hold it up against the screen where the website displays some flashing black&white blocks.
A photo-receptor in the device reads in the data and a small screen on the device shows the bank account and amount being transferred.
You then press a button on the device and it gives you a short (5 digit?) number (called "TAN") which you enter into the website to "sign" your bank transfer.

Here is a video how this works:
http://www.youtube.com/watch?v=GOQeZGe83YM

Question/Idea:
Could we use these devices for making bitcoin wallets or transfers secure?
Apparently you can buy them for ony 15 Euros (http://www.starmoney.de/index.php?id=tanjack-optic-sr).
I'm imagining a modified bitcoin client that uses either an encrypted or incomplete wallet file.
The only way the client can send money (i.e sign a transaction) is when it gets a proper TAN-number generated by the device (plus some card that is inserted into the device that contains the access key(?). This TAN-number would either enable the client to access the wallet file or it would be used to complete the incomplete private keys (I'm not exactly sure how this would work). Alternatively, this might be used for an online service like Mybitcoin.

Since you have a separate, trusted device with a separate screen this should be hacker-proof. It should work even on a totally compromised computer.

Do you think this would work for Bitcoin?


  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
1480766210
Hero Member
*
Offline Offline

Posts: 1480766210

View Profile Personal Message (Offline)

Ignore
1480766210
Reply with quote  #2

1480766210
Report to moderator
1480766210
Hero Member
*
Offline Offline

Posts: 1480766210

View Profile Personal Message (Offline)

Ignore
1480766210
Reply with quote  #2

1480766210
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480766210
Hero Member
*
Offline Offline

Posts: 1480766210

View Profile Personal Message (Offline)

Ignore
1480766210
Reply with quote  #2

1480766210
Report to moderator
1480766210
Hero Member
*
Offline Offline

Posts: 1480766210

View Profile Personal Message (Offline)

Ignore
1480766210
Reply with quote  #2

1480766210
Report to moderator
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
August 17, 2011, 04:14:39 PM
 #2

lol at first I was like wtf does flashing boxes and typing in the code help security but I read a little bit more and yes if we have a way for bitcoin clients to be set so nothing is sent with out an external device. I would probubly buy into this actually. This sounds very safe.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
August 17, 2011, 04:43:24 PM
 #3

What happens to your bitcoins if the device breaks?
Mageant
Legendary
*
Offline Offline

Activity: 1079



View Profile WWW
August 17, 2011, 04:55:14 PM
 #4

What happens to your bitcoins if the device breaks?
Get a new one?
I guess you need to have a smartcard with the passphrase/key on it.

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
August 17, 2011, 05:20:01 PM
 #5

Why don't we as the bitcoin community group invest in bio-metric scanning devices for bitcoin clients Cheesy then mass produce. Everyone that was involved in the project gets a piece Cheesy
zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
August 18, 2011, 04:01:44 PM
 #6

I'd buy one.  This sounds like a great idea.

Any idea how it works internally?

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
infested999
Hero Member
*****
Offline Offline

Activity: 490


DeCiB3l


View Profile WWW
August 18, 2011, 04:35:22 PM
 #7

Why don't we as the bitcoin community group invest in bio-metric scanning devices for bitcoin clients Cheesy then mass produce. Everyone that was involved in the project gets a piece Cheesy

Just start the company and put it up on the GLBSE

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
August 18, 2011, 05:44:02 PM
 #8

Why don't we as the bitcoin community group invest in bio-metric scanning devices for bitcoin clients Cheesy then mass produce. Everyone that was involved in the project gets a piece Cheesy

Just start the company and put it up on the GLBSE

I just might do that as soon as I have a viable business plan Wink
Rogue Star
Member
**
Offline Offline

Activity: 88


View Profile
August 19, 2011, 12:10:17 AM
 #9

I like this idea. I don't like the idea of biometrics though. There are lots of discussion about why linking biometrics to anything important are a bad idea (I like to use "Demolition Man" test).

I'm working on something that will partially fill the solution you are proposing, but I may borrow some of your ideas to make it better. I've been working on it in my spare time for over a month now, it's a similar concept but think QR codes/web cams instead of flashing screens. It's a bit clunkier but you can do it with commodity hardware. I believe there is just one more critical bug before the Proof of Concept is complete and it starts moving toward Alpha quality software.

you can donate to me for whatever reason at: 18xbnjDDXxgcvRzv5k2vmrKQHWDjYsBDCf
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 19, 2011, 12:20:33 AM
 #10

I watched the TAN video... it looked brilliant.

The flashing thing on the screens appeared to be a way to simply get a packet of information into the device.  That packet is presumably a random nonce and the details of the transaction.  It looked like it sent 4 bits of data at a time - there were 5 bars, one of the bars flashed a very consistent pattern as though it was the "clock" bar, the one that tells the device that we've moved on to the next 4 bits.

The device likely displays the transaction details, and if the user approves, passes the information to the smartcard inserted by the user, where the smartcard performs some crypto operation to give the code to be displayed on screen for the user to type in.

The whole system proves a lot to all of the transacting parties.  The bank can be certain the person doing the transaction is in possession of the smart card, and the person doing the transaction can be certain he is authorizing the transaction he thinks he is.  As long as both sides properly verify what they see, it seems bulletproof to man-in-the-middle attacks.

Scaled to Bitcoins, the same idea would work as long as it was tolerable for the user to have to enter a much larger number than 6 digits (such as if the device could type keys on the keyboard like a YubiKey) so that it could type an entire ECDSA signature rather than just a simple check code.  Basically, if the smart card contained Bitcoin private keys, it could sign a transaction pulsed into it, the user could verify the transaction amount on-screen, and then the smart card could sign the transaction with private keys.  Backup would be relatively simple - simply give the user a copy of their private keys on paper at the same time same keys are loaded into the smart card.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!