Bitcoin Forum
December 03, 2016, 10:01:20 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
Author Topic: Bitcoin smartcard Point of Sale terminal  (Read 24491 times)
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 02, 2012, 03:27:45 PM
 #61

Universal adaptor, sorry mate, not really in scope for the way you are envisioning your system. I was thinking about a virtual wallet that enables BTC to link seamlessly into debit or credit card networks.  Okay back to your design. It's likely best to work with whatever hardware is currently in place. Selling into small mom & pop shops will be easier than selling into a national chain (but still time consuming) b/c they are more likely to accept some manual processes.

Sure you could depend on someone else to handle exchange risk, but hedging exchange risk might give you the opportunity to offset the cost of deploying your solution. (Most smaller merchants are not that tech savvy and rather risk adverse)  In my experience changing Merchant behavior to achieve meaningful scale will involve some sort of incentive meaning accepting BTCs is cheaper and/or brings new Biz.

If you want a recent analog, take a look at GreenDot. (Since they are publicly traded you should be able to get their Annual Report for the past few years from the SEC's website for free. In it you'll see a bit more about the cost of floating their system.  It ain't cheap) Sure the hardware relative cheap but the time and labor to implement, not so much.

Sure you could design an opt in Smart Card system, but it'll be more like a novelty/alpha test than a prototype/beta test.

Payment systems are hard b/c they are highly regulated, little is published, and they touch both Merchant-- Inventory Mgmt and the G/L of the business on the front end, and cash management, accounting and audit in the back office. Realize that one way the regulators and IRS are able to "encouraged" the Merchants to follow best practices is to link compliance to bank--loans, cash management services, and even merchant acquiring accounts.

When someone shows you who they are, believe them the first time.
1480802480
Hero Member
*
Offline Offline

Posts: 1480802480

View Profile Personal Message (Offline)

Ignore
1480802480
Reply with quote  #2

1480802480
Report to moderator
1480802480
Hero Member
*
Offline Offline

Posts: 1480802480

View Profile Personal Message (Offline)

Ignore
1480802480
Reply with quote  #2

1480802480
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 02, 2012, 03:38:33 PM
 #62


It should not be much of a stretch to wire a USB cable from that into the corp computer that merges it with the normal POS data.

True. You'll need to factor in Merchants reluctance. They tend to be afraid of voiding their warrantee, and that an untested systems might write errors to their G/L. So doable, but time to sell and implement and merchant value proposition must be compelling.


Otherwise all transactions and their times going into the corp address would be in the blockchain for later auditors.

So we're talking BTC converts like ourselves....


When someone shows you who they are, believe them the first time.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 02, 2012, 07:11:54 PM
 #63

Universal adaptor, sorry mate, not really in scope for the way you are envisioning your system. I was thinking about a virtual wallet that enables BTC to link seamlessly into debit or credit card networks.
Yeah that seems quite impossible as the card would need to access mtgox, sell the BTC, send it back from mtgox... not happening via terminal!


Quote
Selling into small mom & pop shops will be easier than selling into a national chain (but still time consuming) b/c they are more likely to accept some manual processes.
I am imagining the first markets as something like Greece where no one wants to pay tax to the bankers or young innovators starting out with minimum cash for terminals etc..

As for manual processes its pretty clear you know more than me about exactly what a cash register needs to do.

Still I am sure we could do more advanced functions; a spreadsheet with transaction records should be doable in an Android POS app from V.1 though - just save it to the SD card.

Since the Android has camera it could scan QR codes and add to an order too!


As for a complete automatic system that a supermarket would use that can wait a little.


Quote
Sure you could depend on someone else to handle exchange risk, but hedging exchange risk might give you the opportunity to offset the cost of deploying your solution.


Well BTC are more stable these days and probably going up, that said you could set your address in the app to your mtgox address - that way your coins can be sold immediately for regular cash.

Quote
(Most smaller merchants are not that tech savvy and rather risk adverse)  In my experience changing Merchant behavior to achieve meaningful scale will involve some sort of incentive meaning accepting BTCs is cheaper and/or brings new Biz.
I'm pretty sure our Android system would be simpler to start with than any Visa terminal I have heard of!

Old businesses might stay the same, but new businesses may see BTC and BTC POS as a godsend of simplicity to get started.

Yeah wouldn't need to rely on market penetration of BTC either as they could gift regular customers with BTC cards and load them with cash or something.

Hell for all the customers need to know they could be told it was a reusable gift card!

Quote
If you want a recent analog, take a look at GreenDot. (Since they are publicly traded you should be able to get their Annual Report for the past few years from the SEC's website for free. In it you'll see a bit more about the cost of floating their system.

Sure you could design an opt in Smart Card system, but it'll be more like a novelty/alpha test than a prototype/beta test.

I have seen quite a few debit cards and they all seem like an expensive overlay to mastercard - whats the point?

Lets go full BTC and ALL that trouble, cost and those 2-3% fees disappear.

There must be a million BTC users by now, if 10% of them gave friends and relatives a smartcard loaded with 2 BTC as birthday presents that's an instant mega market.

Quote
Payment systems are hard b/c they are highly regulated
Well in Scandinavia and Germany I think you can trade BTC all you like - as long as you pay your taxes as normal and a yearly budget - nothing new there.

True. You'll need to factor in Merchants reluctance. They tend to be afraid of voiding their warrantee, and that an untested systems might write errors to their G/L. So doable, but time to sell and implement and merchant value proposition must be compelling.
The same could be said for BTC, why did it ever take off?

Well however we debate that part of the reason was because it was THERE and it was USEFUL. If we focus on just that we can't mess up.

As for advanced merchants as you describe, for now, I would ignore them completely.

Quote
So we're talking BTC converts like ourselves....
Well isn't it pretty sad that WE can't use our own damn currency even if we all lived in one town?

Lets fix that and see what happens.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 02, 2012, 10:02:32 PM
 #64

There are a few paper-based analogs. I seem to remember reading of a handful of towns that created there own voucher (currency) that could be used in all the shops in that town.  Maybe Ithaca NY (Cornell) was one?

Yes agree, the US markets are highly regulated and the FATF is driving KYC rules thru the entire global payments systems via SWIFT. Remember that anyone using the VISA or MC networks must have a BIN to even apply for access. 

I think your system will work and if you work 100% in BTC you may not even need a money transmittal license until such time BTCs are formally defined. Having said that, there is a elephant in the room that simply cannot be ignored. For everyday mom and pop shops, they would really have to be BTC enthusiasts b/c at present the # of potential customers, likely sales and the costs and risks of running a separate offline payments system that has to be marked to market and cashed out on an exchange is likely to be a very hard sell given the dollar amount in tax savings. 

Or to put it another way, can you think of actual products or specific types of stores that would benefit from adding a BTC capability and have you constructed a simple spreadsheet showing the # of such goods or services they would have to sell to break even on their startup costs (meaning lower cost per transaction + interest on deferred taxes)?

As some point all of us early adopters and innovators will need to level up quite a bit in terms of infrastructure/support (hardware+ software, txt & video manuals = ease of use) if we expect to see the growth in BTCs acceptance and usage that gets us to some sort of tipping point in the brick & mortar world. Strategically, I am developing a pretty clear vision of how BTCs can interact with the current global payment systems, and to me that's exciting. As for network and app development, I am a total noob, all I can offer is a list of must have functionality.

When someone shows you who they are, believe them the first time.
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 03, 2012, 01:26:46 AM
 #65

There are a few paper-based analogs. I seem to remember reading of a handful of towns that created there own voucher (currency) that could be used in all the shops in that town.  Maybe Ithaca NY (Cornell) was one?

I believe ithaca uses a time-currency worth about ~$10 an hour. There's also Berkshares and a few others. All of said currencies come with a socialist hook, however.

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it? Seems to me it'd be up to memory and luck to make sure you didn't overdraft, which would end up sending an invalid tx anyway. More importantly, how do you set your pin without a central authority doing it for you? I think it's also worth noting that if a card continuously re-uses a single address, then it kinda kills your privacy too.

On the merchant end, assuming physical sales, there's still the problem of integrating a bitcoind backend for register and accounting software, and exchange risk. It seems to me CAO/ICS systems would be less affected, if at all except for the inherent exchange risk involved.

Protecting against double spends = easy
Protecting against exchange risk = not so much
Protecting against arbitrary government confiscation and dealing with accounting conversions = jungle gym

In Greece I think all the disadvantages are moot. Greek business owners currently can't get loans, greek people have no money to spend, and the value of the Eur is evaporating out from under them both in government debt and inflation. Anything that would allow them to easily manage their business or even do business at all would be nothing short of deus ex machina for them, and it's not like they give a damn about complying with government tax regulations or anything. They would like nothing better than for the EUR, the ECB, the IMF, the unelected European Commission, and their own unelected government to hurry up and die so they can get on with their lives.

I'm So Meta, Even This Acronym
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 03, 2012, 01:42:02 AM
 #66

Okay, If I understand you now. If you'd like to build a prototype geared to the Greek market? Because if that's the case, I'd recommend a mobile solution rather than a card based solution. Matters not what kind of phone they have, old flip fone, smartphone... The key to making it work is a middle office. You'd have to build that. Where would customers get their BTCs? From storefronts or online via the exchanges? If I am hearing you about your target market we can work out more details...

When someone shows you who they are, believe them the first time.
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
April 03, 2012, 01:59:32 AM
 #67

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it?

Obviously it doesn't in that case.  What I'm proposing is that you stick your card into a machine and deposit your $5, the machine sends a +1 BTC transaction, it gets displayed on the card, and you okay it.  The card keeps track of your balance.

For the cards I posted at least, if you browse the site you can see they have cards with keypads as well.  It would be possible to manually set your balance with those.

Quote
More importantly, how do you set your pin without a central authority doing it for you?

Same solution, cards with keypads.  But a pin is not necessarily a requirement, especially when using multisig keys as mentioned.  Ultimately a reader is only like $15 anyways so I think your minimum outlay is going to be around $20 regardless of which type of card you use.

Quote
I think it's also worth noting that if a card continuously re-uses a single address, then it kinda kills your privacy too.

The high end cards can store several keys, several hundred even.

Civil Liberty Through Complex Mathematics
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
April 03, 2012, 02:05:56 AM
 #68

assuming you can even implement a protocol that doesn't allow the private keys to be leaked, you'll also need some sort of way to prevent unscrupulous merchants from skimming the card using a tampered terminal.

related vid:
http://www.youtube.com/watch?v=JABJlvrZWbY

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 03, 2012, 02:11:48 AM
 #69

Okay, If I understand you now. If you'd like to build a prototype geared to the Greek market? Because if that's the case, I'd recommend a mobile solution rather than a card based solution. Matters not what kind of phone they have, old flip fone, smartphone... The key to making it work is a middle office. You'd have to build that. Where would customers get their BTCs? From storefronts or online via the exchanges? If I am hearing you about your target market we can work out more details...

Well, I wouldn't exactly call them "my market". I don't have the resources to launch a huge BTC promotion in Greece (nor do I have greek contacts), although I am curious; how could you use BTC with an old flip phone?

Also, that would depend on what technology is commonly affordable/available in Greece. Since "not EUR/ECB" is the most appealing feature of BTC for Greeks, delivering the currency to them requires putting it in whatever form is most available to them. I don't even have the slightest clue what greeks commonly use or have.

I'm only interested in that point because it would be nice to see the people of a country outsmart their multi-hierarchal dictators for once, not particularly because I want to profit from the venture.

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it?

Obviously it doesn't in that case.  What I'm proposing is that you stick your card into a machine and deposit your $1, the machine sends a +5 BTC transaction, it gets displayed on the card, and you okay it.  The card keeps track of your balance.

For the cards I posted at least, if you browse the site you can see they have cards with keypads as well.  It would be possible to manually set your balance with those.

Quote
More importantly, how do you set your pin without a central authority doing it for you?

Same solution, cards with keypads.  But a pin is not necessarily a requirement, especially when using multisig keys as mentioned.  Ultimately a reader is only like $15 anyways so I think your minimum outlay is going to be around $20 regardless of which type of card you use.

Well if the initial outlay for a USB card reader isn't so bad, and you can get a card with a numpad, then you could just input the price they display to you on your card, enter your pin, then hit send. The card signs a tx with only that exact value so they can't change the price after you begin entering your pin. It could be doable but it seems a bit complicated imo. That and, what's the price difference between a USB card reader + supercard with screen and such vs the cost of the cheapest BTC runnable smartphone?

I'm So Meta, Even This Acronym
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 03, 2012, 02:16:06 AM
 #70

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it?

The essential usefulness of SmartCards was that it allowed for the writing to and reading of data (account balances) from the smart chip even when the merchant didn't have access to the card payment networks i.e., when the phone lines fail.

When someone shows you who they are, believe them the first time.
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
April 03, 2012, 02:24:22 AM
 #71

That and, what's the price difference between a USB card reader + supercard with screen and such vs the cost of the cheapest BTC runnable smartphone?

I imagine the "supercards" are less than $20.  The point is that once you have a display and keypad, you don't need a reader.  So the cost is similar.

you could just input the price they display to you on your card, enter your pin, then hit send. The card signs a tx with only that exact value so they can't change the price after you begin entering your pin. It could be doable but it seems a bit complicated imo.

No, there's no need to manually enter the transaction amount.  Transactions can be sent over the wire.  This is irrelevant.

assuming you can even implement a protocol that doesn't allow the private keys to be leaked

A lot of smartcard apps are poorly designed.  But it isn't black magic or anything.  It's definitely doable.  Look at the satellite TV access cards.  They can be reverse engineered, if you have access to the card itself and a scanning electron microscope.

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it?

The essential usefulness of SmartCards was that it allowed for the writing to and reading of data (account balances) from the smart chip even when the merchant didn't have access to the card payment networks i.e., when the phone lines fail.

Why are you mis-quoting me?

Civil Liberty Through Complex Mathematics
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 03, 2012, 02:33:27 AM
 #72

Oops my bad, didn't mean to misquote you. Sloppy on my part. I was merely giving the context for why the card providers developed the smart card technology to make it a little easier for people to understand its limitations.

When someone shows you who they are, believe them the first time.
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 03, 2012, 04:56:59 AM
 #73

Okay, If I understand you now. If you'd like to build a prototype geared to the Greek market? Because if that's the case, I'd recommend a mobile solution rather than a card based solution. Matters not what kind of phone they have, old flip fone, smartphone... The key to making it work is a middle office. You'd have to build that. Where would customers get their BTCs? From storefronts or online via the exchanges? If I am hearing you about your target market we can work out more details...

Well, I wouldn't exactly call them "my market". I don't have the resources to launch a huge BTC promotion in Greece (nor do I have greek contacts), although I am curious; how could you use BTC with an old flip phone?

Also, that would depend on what technology is commonly affordable/available in Greece. Since "not EUR/ECB" is the most appealing feature of BTC for Greeks, delivering the currency to them requires putting it in whatever form is most available to them. I don't even have the slightest clue what greeks commonly use or have.

I'm only interested in that point because it would be nice to see the people of a country outsmart their multi-hierarchal dictators for once, not particularly because I want to profit from the venture.

I agree, it would be helpful, but you'll have to seed the market for it to be meaningful.  Incidentally, markets can be big or small as in mass marketing or niche market. They can be high margin or they can generate losses. Markets in the strategic design sense is separate from profits.  People can seek profitable markets or narrow their definition to make the market more profitable (i.e., exclude poorer people) A market is just a collection of people who you believe will benefit from your good or service.  For programmers it's like a collection of objects, where objects are always people.

When defining a market segment for the purposes of developing new payment systems I look for what is the most accessible, low-cost technology at the POS for both customer and merchant. Avoiding the whole hardware sell, install, train headache. So in the case of Greece solutions may well look more like M-Pesa (9 million people in 3 years. B/c it is a top down authoritarian model. They're being studied at all the top B-schools now) or the mobile solution in Ghana (open source with equal rights to participation for all consumers and all telcos)

Don't assume that b/c those economies are lesser developed that they haven't found a way to exchange value without using the debit and credit card networks, b/c they have and in that sense they are years ahead of the US (ironic isn't it?) Mass market access to mobile payment, elite only access to Visa/MC. The very opposite of the US. In our case we'd replace bank ACH clearing and settlement with BTC clearing and settlement.

When someone shows you who they are, believe them the first time.
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 03, 2012, 05:10:51 AM
 #74

That and, what's the price difference between a USB card reader + supercard with screen and such vs the cost of the cheapest BTC runnable smartphone?

I imagine the "supercards" are less than $20.  The point is that once you have a display and keypad, you don't need a reader.  So the cost is similar.

you could just input the price they display to you on your card, enter your pin, then hit send. The card signs a tx with only that exact value so they can't change the price after you begin entering your pin. It could be doable but it seems a bit complicated imo.

No, there's no need to manually enter the transaction amount.  Transactions can be sent over the wire.  This is irrelevant.

I was talking more about security from merchant overcharging, and for that matter, since BTC is spent by referring to previous txOuts, you'd have to load all the txOuts onto your card, or trust the merchant to construct a tx with the proper amounts that pays you the proper change. If the merchant is using a USB smart-card reader, they would have even more room for messing with clients since there are no software restrictions on a general computer as opposed to a specialized card payment unit.

I agree, it would be nice, but you'll have to seed the market.  Markets can be big or small as in mass marketing or niche market. They can be high margin or they can generate losses. Markets in the strategic design sense is separate from profits.  People can seek profitable markets are narrow their definition to make the market more profitable (i.e., exclude poorer people) A market is just a collection of people who you believe will benefit from your good or service.  For programmers it's like a collection of objects, where objects are always human being.

It is important to be able to visualize the participants you are looking to serve. It is difficult to design a system for a foreign market w/out understanding their infrastructure. In one design I had to go back to flip phones (SMS) and a middle office because that was the only reliable technology people in that market had access to on a consistent basis. When defining a market segment I look for what is the most accessible, low-cost technology at the POS for both customer and merchant. So in the case of Greece solutions may well look more like M-Pesa (9 million people in 3 years! A top down authoritarian model. They're being studied at all the top B-schools now) or the mobile solution in Ghana (open source with equal rights to participation for all consumers and all telcos) Don't assume that b/c those economies are lesser developed that they haven't found a way to exchange value without using the debit and credit card networks, b/c they have an in that sense they are years ahead of the US (ironic isn't it?) Mass market access to mobile payment, elite only access to Visa/MC.

Can these solutions be fully automated? Yes. As for the cost of service, you are essentially getting the Telcos to dump data into a middle office for processing and then you need to be able to send replies to both the merchant and their customer. These Telcos modules are now a commodity product (See BOKU) I can find out how much it costs here in the US if you'd like that reference point. But I don't see why you can't build your own, I mean it's just bits and bytes across a wire like all e-payments. Can't you grab the data from an email client and process it? Yes the run rate could be higher than that of a cobbled together smart card system, (# of SMS messages per month) on the other hand once you write the customer/merchant facing app and automate the middle office (just a big data base with a few rules) you don't have to spend a whole lot of time installing hardware and the merchants won't have to buy any new systems or devices. Oh and for BTCs system users would also need cloud-based wallet services.

Well, I can see that M-Pesa works. Theoretically BTC should work under similar conditions. However, I don't know anything about cloud-based services, and I don't even own a smart phone =\. Where possible, QR codes printed on a receipt are probably the easiest route, requiring only an internet connection to validate, but again that depends on what hardware is available for clients as well as what is typically available for merchants. The only way to find that out is to visit Greece and see what it's like. If smart phones are common and merchants can easily get an internet connected computer, then a flip phone service would only be needed to make it available to the stragglers. If the best anyone can afford is a flip phone, then you're pretty much stuck with centralization, which is a Very Bad Thing in a confiscation-sensitive environment. Also possibly relevant are the fees incurred by said service, although really it shouldn't be more than current banking fees.

Security is another big question, I think. What happens if someone steals your phone? How do you enter a pin or something without your phone recording it? Etc etc.

I'm So Meta, Even This Acronym
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
April 03, 2012, 05:16:45 AM
 #75

I was talking more about security from merchant overcharging, and for that matter, since BTC is spent by referring to previous txOuts, you'd have to load all the txOuts onto your card, or trust the merchant to construct a tx with the proper amounts that pays you the proper change. If the merchant is using a USB smart-card reader, they would have even more room for messing with clients since there are no software restrictions on a general computer as opposed to a specialized card payment unit.

That's exactly the point.  You can put multiple addresses on a smart card, verify the transaction amounts with a display, and create all the transactions right on the card.  There's absolutely zero need to trust merchants.

Civil Liberty Through Complex Mathematics
Haplo
Full Member
***
Offline Offline

Activity: 168



View Profile
April 03, 2012, 05:41:42 AM
 #76

I was talking more about security from merchant overcharging, and for that matter, since BTC is spent by referring to previous txOuts, you'd have to load all the txOuts onto your card, or trust the merchant to construct a tx with the proper amounts that pays you the proper change. If the merchant is using a USB smart-card reader, they would have even more room for messing with clients since there are no software restrictions on a general computer as opposed to a specialized card payment unit.

That's exactly the point.  You can put multiple addresses on a smart card, verify the transaction amounts with a display, and create all the transactions right on the card.  There's absolutely zero need to trust merchants.

How do you get them on there? In order for a card to create tx it would have to have the relevant txIns, in which case it could also know its own balance, and could use a simple interface for "locking in" the settling price for a tx prior to pin input. Again, though, that requires having a computer and a card reader for loading and managing it, or else a bank which can do it for you.

I'm So Meta, Even This Acronym
BitcoinAndie
Jr. Member
*
Offline Offline

Activity: 46



View Profile
April 03, 2012, 06:07:57 AM
 #77

Security is another big question, I think. What happens if someone steals your phone? How do you enter a pin or something without your phone recording it? Etc etc.
[/quote]

Right, don't know what the Telecom infrastructure looks like or the cost of service. But that's pretty straight forward market research.

Would need to consult/work with with a BTC expert on the security side, there are plenty of folks here. Yes, security would be PIN based. Realize that each phone has a unique number like a POS device.  But using dual PINs may also make a lot of sense, for example requiring a second PIN to send money to a new merchant not in the system or on the customers call list.  Also when sending money to another individual, that person would need a know the the special Receiver PIN as designated by the Sender (I believe that's how its done in Ghana) As you can see, mobile does solve a lot of problems but it also requires design/build, a server (hardware or space in the cloud) and a caretaker.  Meaning linking in folks who with an interest in helping to pull this together for the Greek market.  Let me know if you'd like to discuss further you can PM me.

When someone shows you who they are, believe them the first time.
benjamindees
Legendary
*
Offline Offline

Activity: 1288


View Profile
April 03, 2012, 06:23:42 AM
 #78

That's exactly the point.  You can put multiple addresses on a smart card, verify the transaction amounts with a display, and create all the transactions right on the card.  There's absolutely zero need to trust merchants.

How do you get them on there? In order for a card to create tx it would have to have the relevant txIns, in which case it could also know its own balance, and could use a simple interface for "locking in" the settling price for a tx prior to pin input. Again, though, that requires having a computer and a card reader for loading and managing it, or else a bank which can do it for you.

Hmm, I see your point.  If the card is your only device, you do have to trust whomever you purchase Bitcoins from.  That's not entirely different from most Bitcoin users today, though, who have to trust the exchanges they send money to.

But perhaps it could be solved by setting up some sort of centralized service that would just send you a signed verification of your balance.  That way, the card itself could query the service through a 3rd party terminal, and would only have to trust the service, but not the terminal.  The card would have the public key for the service, and can verify that the balance was not tampered with.

Civil Liberty Through Complex Mathematics
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
April 03, 2012, 01:58:38 PM
 #79

Okay replying loosely to posts above and questions from Haplo:

1. The card does not know the balance -> The terminal will check if the address the card returns along with the tx has sufficient funds.
If so the terminal sends the tx to the network otherwise it says "overcharge" on the screen.

2. The card would be programmed by a third party that you would have to trust, however:
* The program loaded would be the same for ALL card manufacturers.
* The program would be open source and standardized.
* Anyone with a with a cable could program cards - for the paranoid.
* Using web-of-trust you would choose a trusted card programmer.

-> The cost for the individual remains 2$ for the card.
-> 15$ for the Android Phone + Cable Terminal (APCT) for the merchants.

3. PIN, address and keys would be sent to you along with the card or you would know if you programmed it yourself.

4. Maintaining anonymity:
* The card would contain multiple addresses and keys (~50).
* This allows spending with it again within 60 mins. after use.
* It also allows maintaining anonymity by only sending the address to the terminal that will be used to pay with.

5. Overcharge prevention:
* The card will have a number only you know.
* This number will be multiplied by the charge amount from the terminal and sent back.
* If the wrong result is shown you know you have been tricked and can just leave.
* If a new charge is sent before giving the PIN the card locks itself for 10 minutes.

6. Backend:
* We can add two features to the APCT app.
* A QR code scanner to scan price and item type from the wares. (QR code formats are standardized)
* The app will create a file with a column with QR results and a column with charged price.
* The auto-file/spreadsheet can later be merged with corporate databases automatically with a small parsing program.
* If the auto-spreadsheet is saved as XLS (Excel) it could also be used as-is.

7. "Needing a reader" - only merchants will need a reader (15$) (+Android and APCT app).

8. Hackability:
* Locked memory: Casascious (who seems knowledgeable about this field) said there is locked memory ONLY the card can see.
* Force: You would need access to the physical card and a microscope to FORCE the chip.
* Hack: If you hack the APCT app, save all used customer addresses and pins THEN you MAY one day be able to overcharge a multi-return customer for the small amount he keeps on his spending card.

So YES you CAN hack the smartcard, but it requires the physical card and collecting a lot of card information.
Merchants will have little incentive to do this anyway as their shops would be raided shortly after.
I'm sure Visa is no better really.

To BitCoinAndie about early markets:
1. First market:
Market:
* Bitcoin promoters and bitcoin physical exchanges.
Motive:
* This could be used by people trying to replace Western Union and such.
Users:
* It would be used by early adopters or rarely by normal people as a novel means of easy money moving.

2. Second market:
Market:
* Greece and other oppressed economies.
Motive:
* Cash is good and WILL be used, but it is not always practical - hiding your pension as devaluing bills inside your couch is hardly optimal.
* With a BTC client you have a safe savings account.
* All the users need is access to internet bars and a smartcard.
* The shop owners can more easily hide BTCs than cash in case of a raid.
* Transferring cash over larger distance (pay, relatives and investors) is a complete pain.
Users:
* Savers, businessmen, drug dealers and at times shops.

3. Third market?

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
April 03, 2012, 03:20:45 PM
 #80

I've tried to follow this thread, but it meanders a bit.

Is the basic idea under discussion having a wallet-only client running in a small hardware device that can interact with POS terminals?

Most of the smartcards that I've seen are just (tiny) general purpose CPUs embedded in a card, usually with a small ROM containing a secret key.  This is not a useful model for bitcoin.  For bitcoin, you need the secrets in RAM (flash, etc) because you need to be able to add new secrets.  You also need to make sure that you don't ever let the device communicate with a hostile device using the same physical pins that can be used to reprogram or dump it.

Think more along the lines of a small custom device with a screen, a couple of buttons, and a serial port (or serial over USB, or serial over bluetooth, or serial over NFC, etc).  The programming interface, if it has one, must be internal, or it must load software from a memory card (like SD).

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!