Bitcoin Forum
November 11, 2024, 02:53:36 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Here's how I think we could implement Bitcoin debit cards w/o a third party  (Read 1085 times)
moddedmatt (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
June 16, 2014, 01:08:47 AM
 #1

Alright, I have no idea if this has been suggested before, but here's how I think we could do it.

It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.

We could make it so every private key is protected by a PIN number. It would either give you one or you could decide which PIN you want depending on how it is implemented. This way, not only would this help implement debit cards, but it would take away a big danger of people finding your private key since they would need to know the PIN number associated with it.
The chip on the debit card would pretty much be an encryption of your private key and you would insert it in a card reader connected to the blockchain, enter your PIN number and complete the transaction!

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
June 16, 2014, 01:19:20 AM
 #2

The problem with that approach is, how do you determine the PIN? Also, desktop and mobile apps would need to include it as well, otherwise we would have two kinds of private keys, and how would that work?
One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.
Yet most banks have created apps to make payments with your phone. For me it's more practical to carry a single object to do most stuff.

I understand why a decentralized debit card system would work, but the implementation may be harder than it seems.

An economy based on endless growth is unsustainable.
Cranky4u
Hero Member
*****
Offline Offline

Activity: 810
Merit: 1000



View Profile WWW
June 16, 2014, 01:21:26 AM
 #3


One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.


QR codes are a cultural acceptance issue, much like mobile phones were only for yuppies in the 80s. With next gen users, both physical age brackets [gen x, y & z] and smart technology, becoming more of the majority will influence the adoption rate of QR codes.

doof
Hero Member
*****
Offline Offline

Activity: 765
Merit: 503


View Profile WWW
June 16, 2014, 03:44:33 AM
 #4

I PIN is only 10,000 combinations.  Would take a few minutes to brute force.
doof
Hero Member
*****
Offline Offline

Activity: 765
Merit: 503


View Profile WWW
June 16, 2014, 03:46:24 AM
 #5

Coinkite card does this anyway.
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
June 16, 2014, 06:35:53 AM
 #6

Alright, I have no idea if this has been suggested before, but here's how I think we could do it.

It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.

We could make it so every private key is protected by a PIN number. It would either give you one or you could decide which PIN you want depending on how it is implemented. This way, not only would this help implement debit cards, but it would take away a big danger of people finding your private key since they would need to know the PIN number associated with it.
The chip on the debit card would pretty much be an encryption of your private key and you would insert it in a card reader connected to the blockchain, enter your PIN number and complete the transaction!

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.


The card can be a bitcoin signing class (BSC) device that reads a raw transaction from the PoS terminal and signs it subject to certain signing rules.  This way, the private key never leaves the device.  You can even implement daily spending limits.   

Coindesk published an article on an NFC version of this idea yesterday:  http://www.coindesk.com/sigsafe-key-tag-brings-bitcoin-payments-nfc-devices/

Of course, this works as a contact smart card too. 

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
rhino34567
Sr. Member
****
Offline Offline

Activity: 288
Merit: 250


View Profile
June 16, 2014, 07:01:59 AM
 #7

Wouldn't the card reader owner be able to see your private key, though? Unless I am missing something in here, since I would imagine somebody else would have pointed it out.

R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
June 16, 2014, 04:15:08 PM
 #8

Wouldn't the card reader owner be able to see your private key, though?
A fiat debit card reader also reads your “private key” (or equivalent for bank accounts). It's essential for it to work.

An economy based on endless growth is unsustainable.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
June 16, 2014, 04:21:48 PM
 #9

Wouldn't the card reader owner be able to see your private key, though?
A fiat debit card reader also reads your “private key” (or equivalent for bank accounts). It's essential for it to work.

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
June 16, 2014, 04:59:09 PM
 #10

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.
It needs to somehow tell your bank that it wants to take funds from there. How can the bank prove that they are trying to spend from the right account?

Of course the bank is a trusted entity, but it's one that needs private keys to confirm who's spending what.

An economy based on endless growth is unsustainable.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
June 16, 2014, 05:08:00 PM
 #11

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.
It needs to somehow tell your bank that it wants to take funds from there. How can the bank prove that they are trying to spend from the right account?

Of course the bank is a trusted entity, but it's one that needs private keys to confirm who's spending what.

"private key" implies that there is some form of digital signature or encryption involved.

When I make an online purchase with my debit card, I just enter the card number (which is clearly a publicly visible account number), and not a "private key".  There is no digital signature, and there is no "encryption" where the bank would need to know my private key to decrypt it.

The bank has contracts with the payment processors to make sure that the payment processors have an incentive to prevent fraud.  The payment processors have contracts with the merchants to make sure that the merchants have an incentive to prevent fraud. The merchants have employment contracts with the employees to make sure that the employees have an incentive to prevent fraud.

Regardless of all those contracts and incentives, credit card fraud and debit card fraud are a significant cost for banks and merchants.  Fortunately, because of the contracts, the banks can recover much of the loss directly from the merchants, and the rest of it is covered by the other revenue (such as merchant fees, and customer fees).  As such, the bank can generally give you back your funds if you are victim of fraud.
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
June 16, 2014, 08:30:08 PM
 #12

"private key" implies that there is some form of digital signature or encryption involved.
OK, you're right. I used the wrong word. However, I still need to give some “secret code” to make a transaction with my debit card (e.g. the 4 digit code at the back when purchasing online, totally unrelated to my account number). If the whole system is to be trusted, then nobody can spend from my account without that secret code.

An economy based on endless growth is unsustainable.
TimS
Sr. Member
****
Offline Offline

Activity: 250
Merit: 253


View Profile WWW
June 16, 2014, 08:42:13 PM
 #13

Wouldn't the card reader owner be able to see your private key, though? Unless I am missing something in here, since I would imagine somebody else would have pointed it out.
No, it wouldn't.

Just like with some current smart cards: The card reader would tell the card "I want you to sign this data, and here's the PIN the user entered" and the card would use the PIN to decrypt the private key, sign the data, and send back the signature without the private key ever leaving the card.

What you describe is similar to how non-chip-and-PIN credit cards work: when you swipe it, it tells you all of its secrets (credit card number, name, anything else needed) and you use that to make the transaction.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
June 17, 2014, 03:37:20 AM
 #14



It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.



I stopped reading here

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
neha
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile WWW
June 17, 2014, 06:55:17 AM
 #15

There are alot of hurdles to this without a 3rd party and management of the pin is the primary one. If by mistake you left your wallet/your wallet gets stolen and someone had seen the pin when you entered last, your money is gone and its not like banks that you can trace it or get it back in anyway. FYI we are also coming up with a debit card which would require a pin but the pin is only valid for 1 transaction. The only place your money can go is back to your own wallet or to the merchant. Thus keeps your money safe. Will be announcing it soon this forum.

nvK
Sr. Member
****
Offline Offline

Activity: 381
Merit: 259



View Profile WWW
June 17, 2014, 02:04:03 PM
 #16

Hi, from Coinkite here. We will be launching out API in a couple weeks, you will be able to do some of the things you want.

Just FYI, we did some research on having "smarter" smart cards to hold priv keys before, in our opinion most of them were not safe enough or not cost effective.

It's the bitcoin incentive that makes the "blockchain" technology work, stupid.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!