Bitcoin Forum
December 04, 2016, 06:37:06 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
Author Topic: Bitcoin smartcard Point of Sale terminal  (Read 24494 times)
sebastian
Member
**
Offline Offline

Activity: 119


View Profile
May 15, 2011, 06:54:30 PM
 #41

I think a better idea here is:

You have one CARD keypair.
And one ACCOUNT keypair.

The ACCOUNT keypair is not available on the card, only on computer, and the CARD keypair is available on BOTH card and computer, BUT the private portion is saved in a way that does not allow it to be extracted (only used).

When you do a purchase, you insert the card into the POS terminal, and the POS terminal searches for some of your coins (The card could also save some transactions for faster search), uses them as sender, sends the coins you wants to purchase for to merchant and receives change.

Since the private key is "locked" into the card (so it can only be used, not copied), any crook merchant cannot copy the private key and use it later when your'e not around.

A crook merchant COULD debit your card more than agreed purchase amount like debiting 100$ but showing 1$ on display, but thats true for cash too.

If you give a 50 $ bill to a merchant for a 30 $ item, he could simply refuse to give a 20 $ bill back. Its the same problem. You need to trust the people you are doing affairs with. And in case its a crook merchant, you simply police report him and the police does it's work.

Thats why you should never carry more on your card than you are prepared to lose. So you can carry lets say 3 cards with you, one card with 10BTC, one with 50BTC and one with 100BTC. This will be like bills in a wallet. You give the smallest possible bill to merchant, in case he is a crook.



But the big bonus is that you can PIN protect the card, AND if you lose your card, you can "ban" the card in this way:
Simply move ALL coins currently saved under CARD key to ACCOUNT key. Now the card is empty, so even if someone figures out the pin or physically hack the card, theres no coins on card.
1480876626
Hero Member
*
Offline Offline

Posts: 1480876626

View Profile Personal Message (Offline)

Ignore
1480876626
Reply with quote  #2

1480876626
Report to moderator
1480876626
Hero Member
*
Offline Offline

Posts: 1480876626

View Profile Personal Message (Offline)

Ignore
1480876626
Reply with quote  #2

1480876626
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480876626
Hero Member
*
Offline Offline

Posts: 1480876626

View Profile Personal Message (Offline)

Ignore
1480876626
Reply with quote  #2

1480876626
Report to moderator
1480876626
Hero Member
*
Offline Offline

Posts: 1480876626

View Profile Personal Message (Offline)

Ignore
1480876626
Reply with quote  #2

1480876626
Report to moderator
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
March 13, 2012, 04:07:08 AM
 #42

How are things going with this project?

I think its instrumental to the widespread success of BitCoin and its why I joined this forum.


I think I "solved" the "no-display" problem:
1. POS displays debit amount 1$
2. POS sends this amount to the smartcard.
3. Smartcard multiplies this amount with a number only you now, say "5".
4. The result is sent back to the terminal.
5. Terminal displays "checksum" "5" - only you can know whether this number is correct or not. The number may even increment once each time making logging results impossible, you just have to remember slightly correctly to check the checksum.
6. You punch the pin code. If the terminal attempts to post a NEW amount before a pin is given the card locks itself for 10 minutes.
7. Card sends signed transaction to the terminal.
8. Merchant is happy. If there is double-spend, unlikely as it is, he has seen you in person and can call the cops.

I imagine that both card and POS software should be public with checksums for the trusted versions.

New smartcards could be made by anyone with a smartcard programmer so though you would trust that party you would not be bound at all.
It would be as ubiquitous as BTC itself.

Next, the card would be sent in the mail along with the address, private key and pins so that you could back up your card or refill it on your own.
Naturally the card should not be your main storage medium despite all the safety.

Such terminals would cost very little and the cards would be affordable even in third world countries - UNLIKE android wallets!

Merchants would simply link their terminal to their mtgox address and post an immediate and large sell order. At the end of the day fiat currency could be withdrawn from mtgox.

Casascius coins are very cool, but I believe the market has found smartcards to be the most easy to use and we should act on that.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
March 19, 2012, 11:46:39 PM
 #43

I've done a little research on this, and I think the way to go is to use a smartcard with an integral LCD display and at least one button.  These are on the market already.



http://www.nidsecurity.com/

Basically, the POS terminal just sends the balance due to your card, which displays it for you.  You then press the button to verify, and the card creates the transaction and signs it.  No need to trust anything.  The card can keep track of your balance, and you can verify it via some other trusted channel just like you do with debit cards now.

Civil Liberty Through Complex Mathematics
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
March 20, 2012, 12:45:36 AM
 #44

1. Smart cards are expensive to produce, so cardholder adoption rates will be disappoint.
2. The "S" curve for Merchant acceptance in the US is nil. Europe is a possibility. 
3. Better solutions are simpler and will leverage existing infrastructure with an eye towards smart phones.
4. Your current design will attract US regulatory oversight, resulting in need for money transmitter licensing.

When someone shows you who they are, believe them the first time.
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
March 20, 2012, 12:54:04 AM
 #45

4. Your current design will attract US regulatory oversight, resulting in need for money transmitter licensing.

Whose design?

Civil Liberty Through Complex Mathematics
nedbert9
Sr. Member
****
Offline Offline

Activity: 252

Inactive


View Profile
March 25, 2012, 01:54:02 PM
 #46



@OP:  Smartcard that's lost = lost money = non starter.

The populous would hate this and ultimately reflect poorly on Bitcoin in public perception.
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
March 25, 2012, 02:05:42 PM
 #47



@OP:  Smartcard that's lost = lost money = non starter.

The populous would hate this and ultimately reflect poorly on Bitcoin in public perception.
Not if it has multisig protection. Just activate your backup card. The lost card is worthless.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 01, 2012, 10:12:17 PM
 #48

I've done a little research on this, and I think the way to go is to use a smartcard with an integral LCD display and at least one button.  These are on the market already.
Yes, but my checksum solution achieves the same with only normal super cheap smart cards.

What are the price of these display cards, I couldn't find it?

Quote
Smart cards are expensive to produce, so cardholder adoption rates will be disappoint.
Actually normal smartcards cost less than 2$ a piece; buy in bulk and it comes down from even that.

(http://www.smartcardsupply.com/Content/Cards/ISO7816.htm)

An innovator/BTC promoter could send them to everyone in a city as a stunt for the price of a normal small ad campaign.

From there, usage can spread like a wildfire.

POS terminals are rented out to the largest merchants in town as part of the campaign.

Quote
@OP:  Smartcard that's lost = lost money = non starter.
This depends entirely on design - I know my pin code, why wouldn't I just know my private key too?

With my BTC smartcard/wallet and my BTC client I am my own bank and card provider.


I can help develop stuff after the 30. of June and I'm an educated programmer.
I will do it for free, but with a small payment I could do it full time.

I don't see this as something that would take long to create a development kit for.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 02, 2012, 03:15:31 AM
 #49

Quote
@OP:  Smartcard that's lost = lost money = non starter.
This depends entirely on design - I know my pin code, why wouldn't I just know my private key too?

With my BTC smartcard/wallet and my BTC client I am my own bank and card provider.


I can help develop stuff after the 30. of June and I'm an educated programmer.
I will do it for free, but with a small payment I could do it full time.

I don't see this as something that would take long to create a development kit for.

I can see really two problems with the smart card proposal.

With a smartphone, you can have your home desktop computer act as a server for your phone's app and then it's easy to limit the liability of how much money you can lose if someone steals your phone.

With a smartcard you could do basically the same thing, store the private/public keypairs for some pre-made accounts that you want to spend from along with the reference txOuts, and some software for negotiating/signing tx.

However, in order to make this work, you have to have your own smartcard reader to load it with money, which may or may not be expensive for your average user (or maybe not?).

The other thing is the sneaky merchant problem. Most smart cards are designed to be used with a tap of your wallet, so a screen would basically defeat the point, and a button on the card would be too easy to accidentally activate (or too easy for a thief to use). The only way to completely circumvent that problem is to have something with basically the capabilities (and independent power source) like a smartphone, where the merchant has no direct control over what is sent. Or else a card with a screen, a pinpad, a cancel button and a "lock price" button, which wouldn't be so easy to use one way or the other and isn't available since most banks can just do a chargeback instead.

I'm So Meta, Even This Acronym
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
April 02, 2012, 03:44:44 AM
 #50

However, in order to make this work, you have to have your own smartcard reader to load it with money, which may or may not be expensive for your average user (or maybe not?).

With a display, at least, there's no reason you couldn't add Bitcoins the same way you spend them.  Even multi-sig backups could probably be made to work without a reader as well.

Quote
The other thing is the sneaky merchant problem. Most smart cards are designed to be used with a tap of your wallet, so a screen would basically defeat the point, and a button on the card would be too easy to accidentally activate (or too easy for a thief to use).

Personally I lean towards the contact smartcards rather than RF.  They are more reliable, and less subject to tampering.  It's less convenient, but not really any less convenient than credit cards currently.

Civil Liberty Through Complex Mathematics
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 02, 2012, 04:58:30 AM
 #51

With a display, at least, there's no reason you couldn't add Bitcoins the same way you spend them.  Even multi-sig backups could probably be made to work without a reader as well.

I don't really get it. If you don't have a smart card interface to your computer, how do you load any coins onto them? By going to some centralized bank? Certainly the grocery store isn't going to offer deposit services for bitcoin cards. If you do have a card interface for your computer, you could set up your pin securely from there and load whatever coins you wanted from your online or offline wallets.

Personally I lean towards the contact smartcards rather than RF.  They are more reliable, and less subject to tampering.  It's less convenient, but not really any less convenient than credit cards currently.

I don't see how a contact based smart card would be any better than an RF card security wise. Neither has a large enough range to allow someone to steal your money remotely, and in both cases you're trusting that the manufacturer of the card reader has made it so that the merchant can't charge more than they said they would without retyping your pin.

AFAIK (from the few RF smartcard readers I've seen, and McDonald's is about the only place I've seen them) most RF card readers don't even require even so much as a pin input, which would be a disadvantage vs contact cards, but the card itself could require a pin to mitigate that problem. On the other hand, requiring a pin would be a disadvantage for small token purchases, like the original usage of smart cards as subway tickets.

Although the price tag of a smart card is way more affordable than a smart phone, I don't think they're well suited to the technology and usage of BTC.

I'm So Meta, Even This Acronym
ThomasV
Legendary
*
Online Online

Activity: 1722



View Profile WWW
April 02, 2012, 05:05:56 AM
 #52

shameless plug: https://en.bitcoin.it/wiki/Smart_card_wallet

Electrum: the convenience of a web wallet, without the risks
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 11:32:44 AM
 #53

With a display, at least, there's no reason you couldn't add Bitcoins the same way you spend them.  Even multi-sig backups could probably be made to work without a reader as well.

1. You load simply by sending BTC to the address of the card - you don't need a smartcard programmer to load it.

2. The card receives a transaction request and if you see the right checksum returned from the card, you give your pin.

3. Provided the pin, the card now signs the earlier transaction with a unreadable private key on the card and sends this signed message to the terminal.

4. The terminal publishes the signed message to the network.

ANYONE see any holes in this?

Yeah seen it; already added my proposal with checksums instead of LCD screens (not that those aren't cool! I had no idea that could be done) Cheesy

Anyway we can create a complete BitCoin economy system here:
1. Bitcoin client is your bank and online payment device.
2. Smart card is your wallet and credit card.
3. Simple terminals accept payments.

That's it! And its physically impossible for a merchant to hack your card.

Lets do a mailing list or facebook group with people who support this and have programming skills.

I'm busy now, but in the summer I can program for this project.

Since ?Cascious? has done this sort of thing before he should probably be the lead dev and we just help where we can and with promotion.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 12:25:00 PM
 #54

I had another idea:

Step 1: Create smart card reader that can be connected to an android phone via the standard plug.

Step 2: Create app using said cable connector to turn the phone into a POS terminal.


Now anyone with a sub 200$ android phone could become a merchant!

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
April 02, 2012, 01:03:11 PM
 #55

I don't see any point in developing new hardware. Bitcoin is the most adaptable currency invented (I consider it the ninja currency) and should use whatever is already ubiquitous. Magstrip readers are plethera, barcode scanners too. I don't see many smart card scanners in America, though it's probably because I live in a rural area. I'm sure there are a lot of magstrip haters here, so I probably shouldn't have mentioned it. I'm sure many other countries are technologically way ahead on the smartcard trend to buy their bullet train tickets. I hate to be a pessimist, but I see the way most average Joes behave and they won't be using iPhones, smart cards, or any other new gadget any time soon in the retail environment. They will be using magstrips and paper. If Bitcoin cannot adapt to magstrips, paper, and sms, then it will require bucking the system. It's too expensive to try to educate the masses about new gadgets.

tl;dr  Bitcoin is the most adaptable currency and should use what is already ubiquitous, because it's too expensive to educate a market.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 01:31:01 PM
 #56

daptable currency and should use what is already ubiquitous, because it's too expensive to educate a market.

I agree totally. However to expand BTC beyond computer-to-computer use we need a POS-system.

Given this, the nature of BTC and your argument the technology that exists IS smart cards.


I don't think a swipe card can be programmed unless it has the same chip as a smart card anyway - otherwise I would be with you there.

Paper BTC won't work as you would have to trust a million different printers who could have saved the private key they put on the coin.
(Even Casasciuos has admitted this flaw)


Smart cards work very much like swipe cards though; the ONLY exception is that you insert it instead of swiping - PIN, terminal etc. all looks and acts the same.

You ignore the returned checksum unless merchants start scamming people.


The cards cost 2$ a piece so you could practically hand them out.

The terminal could be a 10$ cable, a free app and your already-owned android phone. A total cost of maybe 110$ that even grandmas could pay to with their card.


All WE have to do is to order the cards, cable (I'm sure it exists), develop the chip program and the android terminal client.

Then we release all our code, suppliers, data and guides and anyone can sell programmed cards in their region and anyone can download the app/buy the cable.

EDIT:
EXACT supplies needed to turn my Android into a POS terminal:
http://www.amazon.com/USB-Type-Female-Adapter/dp/B000GHXTA0
(1.1$)

http://www.athena-scs.com/products-solutions/readers/contact
(Approx. pricing of above: 14$ - source: http://www.kinapriser.dk/konig-smart-card-reader-p-4695.html)

So... lets start programming?

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 02, 2012, 02:24:43 PM
 #57

Guys the adoption rates on new merchant POS devices is an S curve. As for adapting existing hardware, merchants tend to be VERY reluctant as the POS device typically links into inventory management or at a minimum the G/L.  Incidentally, the Europeans have been trying to get the Americans to adopt Smart Cards for almost a decade. They've kind of given up on the retail payments side, but it's my understanding that they are now pitching it as a medical records management solution.  Doubt it'll work there either, as the developing world is leapfrogging over smart cards to mobile (Smart cards are too expensive for both consumer and doctors/pharmacies/clinics/hospitals to implement.) As for working through the card processor, not very likely as you have to have a BIN to join the network. The big banks, Paypal, and new retail payments entrants like Google are using competing protocols to fight over share of wallet, and they typically look to devise solutions that erect barriers to entry (friction and fees)

Personally, I think a card based solution that leverages tradition POS technology is a mistake, as the entire systems is in flux; (thus crappy dongle technology like Isis and Square) and the merchants seem to be waiting on a dominant design to emerge before yet another upgrade to their POS hardware. As you know the banks are trying to shove NFT down the merchants' throats, haven't heard of any positive news un uptake rates beyond markets serving the top 1%.

I think solutions should be forward looking and with an eye toward creating some sort of universal adaptor should demand support the need for backwards integration.  My early sketches suggest that the cost structure of a "universal adaptor" would not be competitive, so how do you get the merchants to accept a more expense system with increased settlement risk (yes it's non reversible, but 10 mins is 9 min 50 seconds too long meaning you've got to build a middle office to hedge that risk) So to whom does one pass on costs in excess of the industry average 2.8%.

Don't mean to sound like a nay sayer, I think about this problem rather frequently, and I too find myself frustrated by the timing differences between the evolution of BTC, the lagging implementation of mobile money (the US is woefully behind, search "M-Pesa" 9MM users in 3 years), and the lack of vision and defensive genuflecting by the big banks when it comes to next generation retail payments solutions. 

When someone shows you who they are, believe them the first time.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 02:49:15 PM
 #58

Guys the adoption rates on new merchant POS devices is an S curve. As for adapting existing hardware, merchants tend to be VERY reluctant as the POS device typically links into inventory management or at a minimum the G/L.....

Well there is no reason we can't develop the software for real terminals first, but where do you think our chances are best? Immigrant shops that would prefer using their Android or big supermarket chains?

Whatever the shape of the curve it can't begin before we create this tech - we could be the creators of a new world spanning standard here.

Quote
My early sketches suggest that the cost structure of a "universal adaptor" would not be competitive
The components would cost in total 15$ as I wrote last post - that is at LEAST 10x cheaper than a normal POS system in my country.

If you go full terminal the cost largely remains the same, but you don't get a nice smartphone in the package to use after work.

Quote
, so how do you get the merchants to accept a more expense system with increased settlement risk (yes it's non reversible, but 10 mins is 9 min 50 seconds too long meaning you've got to build a middle office to hedge that risk)

The system would be cheaper actually, both in implementation and use:

You just go by unconfirmed transactions.

If somebody pulls a double spend they get arrested as they are on your store camera or witnesses saw them.

Heck even pulling off a double spend is pretty hard to do, especially considering that we could program the POS to check for it (lots of transactions suddenly coming from the address after purchase).

You would wait max. 10s. - the time it takes to pack your groceries anyway.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 02, 2012, 02:52:31 PM
 #59

4. Your current design will attract US regulatory oversight, resulting in need for money transmitter licensing.

Whose design?

Sorry about the delayed response.  Any design leveraging the card processing network. Any network that registers debit or credits in USD. It you co-locate a private BTC only network that doesn't talk to the merchant's cash register then you may as well move straight to mobile as the merchant will then have to reconcile by hand all BTC trade, since they well need some sort of paper trail for the accountants/ auditors.

When someone shows you who they are, believe them the first time.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 03:04:54 PM
 #60

Sorry about the delayed response.  Any design leveraging the card processing network. Any network that registers debit or credits in USD.
I agree that is unacceptable, I am talking about a pure BTC system - client = bank, BTC card = USD credit card and BTC POS = Visa terminal.

A complete replacement, beautiful, simple, cheap and pure like BTC itself.

Quote
It you co-locate a private BTC only network that doesn't talk to the merchant's cash register then you may as well move straight to mobile as the merchant will then have to reconcile by hand all BTC trade, since they well need some sort of paper trail for the accountants/ auditors.
Well lets say we develop a POS terminal accepting BTC (cards) directly.

It should not be much of a stretch to wire a USB cable from that into the corp computer that merges it with the normal POS data.

We would provide an API for communicating with the BTC terminal of course.

Otherwise all transactions and their times going into the corp address would be in the blockchain for later auditors.


Anyway big businesses will not be the first adopters, lets focus on the small guys - and thus, I think, the Android + 15$ cable connector.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!