HeliosCard Wallet-Built with the same secure chip as a MasterCard/Visa Chip Card

[HeliosCard]

Hello,

We wanted to introduce the Bitcoin HeliosCard - http://www.helioscard.com.

HeliosCard is a Bitcoin Wallet in the form factor of a credit card, managed with a smartphone app. Built using the same secure chip as a MasterCard or Visa chip card, HeliosCard signs transactions entirely on the card, without your private key leaving the card.  The full fledged secure cryptographic processor on the HeliosCard is physically resistant to attacks.

HeliosCard communicates with your smartphone through your phone's NFC radio.

The HeliosCard makes a wonderful cold storage solution.  When tapping a HeliosCard to a smartphone, your smartphone instantly synchronizes the public addresses from the HeliosCard, but leaves your private keys on the card.  We believe it's a truly wonderful experience compared to a paper wallet and we invite you to watch the video posted at http://helioscard.com to see it in action.  When you want to send money, you simply enter your HeliosCard's password, tap the HeliosCard to the phone, at which point the HeliosCard will sign the transaction.

Although HeliosCard was written with several anti-malware measures, as the HeliosCard does not have a display or keyboard, trust is still needed in the phone.  HeliosCard is meant as a compromise between ease of use and portability (it retails for approximately $30 USD), physical resistance to attacks, as well as to be an effective and easy to use day-to-day or cold storage wallet solution offering a truly wonderful user experience.

The wallet app itself is a customized version of Andreas Schildbach's Bitcoin Wallet for Android, which itself is built on top of Mike Hearn's bitcoinj project (we have no affiliation with either project but wanted to give credit to these awesome projects).

If you have any questions or comments, we'd love to hear them!  Please feel free to respond in this thread or reach out directly to helioscard@helioscard.com.

--The HeliosCard Team

http://www.helioscard.com/images/helioscard_splash_image.png

[1714127355]

1714127355

[1714127355]

1714127355

[1714127355]

1714127355

[Verse]

I like this product, but I'm skeptical.

What prevents a malicious third party from simply copying/cloning the Helios NFC and brute-forcing the encryption, which would likely have a short password since it must be typed for every payment?

I'd rather lose credit card information than wallet information, since I'm not liable for credit card fraud if reported in a timely manner and Bitcoins are tantamount to cash. By using existing credit card technology I suspect you've opened yourself up to all of the advanced scams that the much larger market for credit card fraud funds. Everyone has a credit card, therefore everyone is targeted for credit card fraud (skimmers), which I suspect would be equally effective on Helios. If you had developed your own dedicated technology then you would have bypassed this threat. Few people will have Helios cards, the potential targets will be sparse and unidentifiable, therefore nobody would seriously invest in Helios fraud.

I suppose you could argue that a wallet clone could easily be rendered useless assuming one address contains majority funds and defaults to sending change funds to a new address, but once Helios data is identified as profitable it's a short step to automatically and immediately emptying detected wallets. Again, short password due to repeated manual entry => short brute force => quick and profitable theft.

I wouldn't personally mind having the password stored on the phone to bypass manual entry, as long as it does not also contain the encrypted wallet.

[HeliosCard]

Hi Verse,

Thanks for the great question.  This is one area where HeliosCards really shines.

It is not possible to copy data from the HeliosCard - there is simply no command that the software running on the card will accept that will result in its giving you its underlying encrypted data.

Instead, the secure chip on the card is a full fledged cryptographic processor.  When you validate the password, the HeliosCard software is actually checking the password, and then performing the needed operations for signing a transaction, while keeping the data on the card.  If you type the password wrong too many times, the card securely wipes itself, so bruteforcing the card software directly is not possible

In order to get access to the raw underlying data storage of the HeliosCard, you would need to physically open the secure chip up and read the flash memory.  By design, the Common Criteria EAL5 certified secure chip used by HeliosCard makes it very difficult to physically attack the card in that manner.  This is why credit cards like Visa and Mastercard tend to use these sorts of chips - it is expensive and time consuming to physically attack these cards.  That's not to say it's not impossible, but HeliosCard aims to give the best (and payment industry standard) physical protection on the market today, allowing you to feel safer using a short password.

In addition, you are mostly certainly welcome to use a long password, and HeliosCard will in turn encrypt your data against that long password, providing you with both physical and logical protection.

Please let us know if you have any additional questions.

[ticoti]

expected comeout date?
approximated price?

[HeliosCard]

Hi ticoti,

The release date is mid October, and the price will be somewhere between $20 and $30 (USD) for one HeliosCard, with discounts for puchasing HeliosCards in greater numbers.  Of course, the Helioscard will also be appropriately priced in BTC at launch time.

--The HeliosCard Team

[Verse]

I do not know enough about NFC to challenge your assertion of security. However I'll reiterate that there is a huge market for credit card fraud, which may or may not prey upon this technology (now or) in the future and thereby expose Helios. What NFC chip do you use? The only details I found were: Same as Visa/MasterCard and produced by NXP.

If you type the password wrong too many times, the card securely wipes itself, so bruteforcing the card software directly is not possible

Is this optional or scalable? I.E. I would not want my card to wipe after 10 failed attempts. I'd put it at a few thousand to prevent brute forcing but not accidental or forgetful manual entry.

[HeliosCard]

Hi Verse,

The secure chip we use is from NXP's P5CD family.

Skimming is not effective on a chip-based card such as HeliosCard.

Skimming does work on older magnetic stripe based technologies that credit cards like Visa and MasterCard have used in past years.  On those cards, credit card information is exposed right on the magstripe of the card.

On HeliosCard, as with modern day Visa and MasterCard chip cards, data from the chip cannot simply be cloned - the user inputs a PIN or password at which point the card performs the needed operations for signing.  Some NFC Visa/MasterCards will allow you to perform low-value transactions through NFC without the need for entering the PIN.  However, HeliosCard requires your password on every transaction and will NOT perform any action on your private key without having first verified the password.

The United States in particular has been very slow to adopt this technology, but it is the de facto standard in mostly every other part of the world, as a result credit card skimming for chip-only cards is essentially non-existent.

Here's an article describing the differences between magnetic cards versus chip cards:
http://www.npr.org/blogs/alltechconsidered/2013/12/19/255558139/outdated-magnetic-strips-how-u-s-credit-card-security-lags

We're also very happy to provide any more information we can about the benefits of chip technology!

At the moment the number of password attempts is not re-configurable, though that is a great suggestion and something we will consider!

--The HeliosCard Team

[btchip]

A bit late to the party, but good try nonetheless 

Do you have any kind of specification you can share ?

Especially, how are you generating keys ?

[john641]

Did I get this right: a HeliosCard user would be reusing the keys stored in the card (up to five keys)?

[intron]

Sign me up for one:-)

[collinstar]

Cool, but: Man-in-the-middle-attack. My (hacked) smartphone says I sign a 5 dollar transaction, but it's actually a 100 Bitcoin transaction to a Russian hacker.

[HeliosCard]

Hello IcIc_,

We have built HeliosCard with as many anti-malware features as possible, but ultimately these are all best-effort solutions and trust in the phone is still required. 1) When the HeliosCard smartphone app first connects to the HeliosCard, a secure pairing key is generated which the app stores in secure private storage, and uses to authenticate later connections to the card. In order to switch phones/apps, a number from the back of the card must be re-entered. 2) When the HeliosCard application is in the foreground, it locks other applications out from using the NFC radio. 3) Given the relatively few apps that use NFC, as a user, you can be especially scrutinizing of installing applications that use NFC permissions (or even not install such apps altogether), thus preventing giving other apps permissions to use the NFC radio and potentially talk to the HeliosCard.
These are all best efforts, and trust in the phone will ultimately be needed. However, we believe benefits of HeliosCard, including 1) payment-industry standard physical resistance to attack 2) the wonderful user experience of simply tapping your HeliosCard to your phone and have your phone instantly becoming your new wallet 3) its relatively low price point at $20-$30 USD 4) Its extreme portability, requiring no battery and charging as a result of its having no display
Give HeliosCard truly compelling use cases as a cold storage or even day-to-day use. A user might use multiple HeliosCards to use as cold storage and at its current price point, that would be a great way to use it. Given that a user does not touch their cold storage solutions that often, putting a keyboard/display on such a device would increase the cost and make it less compelling.
We are also investigating the possibility of offering a stripped down, low-cost Android device for those users who are worried about malware. The user would use this low-cost phone only for talking to their HeliosCard, and not install other software on it.

--The HeliosCard Team

[Dawnbreaker]

Pretty amazing. Five addresses are few though. i'll wait untill they have a HD wallet. Greenaddress with Btchip has an HD wallet. Their system is usable with Android and an On the go adapter. They should go for NFC as well.

[proofofarat]

How many addresses does it hold? Is it a deterministic wallet? Can you use different addresses for each transaction?

[factor280]

Cool idea.. looking for some positive feedback though.

[FloodZone]

Besides smartphones, is there a software that can synchronize the card in let's say a linux desktop with a USB reader? I don't have a smartphone and I don't want one either, but your card look sexy.
Would you ship outside USA?

[Verse]

Besides smartphones, is there a software that can synchronize the card in let's say a linux desktop with a USB reader? I don't have a smartphone and I don't want one either, but your card look sexy.
Would you ship outside USA?

The card really does look sexy. You could put that chip into all sorts of accessories, couldn't you? A ring, for instance or even a sleek metal card. I've been lusting after a metal card after seeing those $450 metal starbucks gift cards, so sexy...

Since you're not exactly a payment processor you might ought to consider branching out into customizable semi-cold storage. Or just highly customizable cards. After all, at the end of the day, you're just selling another (secure) form of storage. Your semi-cold storage is not price competitive with basic cold storage, like paper wallets, so it would make sense for Helios to cater to the luxury market. Find that niche, and don't wipe the chips after a silly number of guesses. Several thousand should be the minimum, if not already.

I wonder if I could dissolve your card and put the chip in my shoe or something? You know, emergency money. Then again the phone would probably be gone by that point. You should consider selling the chips by themselves, so I don't end up with chemical burns.

[intron]

The secure chip we use is from NXP's P5CD family.

You are running your own code in the
processor embedded in the smartcard,
right? Did you use something like these
things for development?

http://www.ashling.com/index.php?option=com_content&view=article&id=341&Itemid=405

Thanks,
intron