Smart-card-based mobile wallets

Smart-card-based mobile wallets

In today’s instalment of business ideas that can be created using IP nChain has developed, I will detail how a smart-card application can both help secure a Bitcoin wallet and allow pseudonymous (private) and secure system authentication.

We (nChain) have been awarded or granted a patent [3] on the use of ECDSA as a means to securely share and create keys. The mechanism can be used to create a system that allows uses to authenticate to computers or to create a wallet-key store that can work with a smart card and a mobile phone to allow a single-use Bitcoin key that always updates the address.

Loading...

The existence of Java Smart Cards that have biometrics is not new; such cards are starting to be rolled out into common use.

A wallet can be used as an application on a smart phone. The data used in the process below can be saved publicly without any loss of security, written onto the blockchain, or backed up otherwise that allows recovery if it is ever lost.

A biometric smart card can be issued where the ECDSA key for the base part of the exchange remains unpublished and not publicly available on the blockchain. The associated address can even be attested on a PKI (Public Key Infrastructure) where the Bitcoin address (and not the Public Key) is recorded by a CA (Certification Authority). Doing so will even allow for a complete AML/KYC-based identity system, and an identity biometric card (such as the UK residency cards or passport) will allow the use of a Java ECDSA process.

Such a process solves all of the issues with PKI and privacy.

If we take the example in the patent, we now replace the laptop with a smart card.

We end with a system that allows keys to be signed on the device (such as a phone). Here, the key is stored as a joint process:

P0 = secret (smart card) X G (G is the ECDSA cure operator)

Pi = secret (wallet value) X G

The “coin help” on the blockchain is a c composite; that is, the wallet value plus the smart-card secret, and the user can have a backup for the wallet.

The app on the phone sends the coin secret (wallet value) to the smart card with the transaction hash. To do so, the app constructs the hash of the transaction (the phone has the “smarts” that allow the transaction to be constructed) and secret (wallet value) to the smart card.

The smart card signs the hash using the composite key:

S = secret (wallet value) + secret (smart card)

Then the app on the user’s wallet sends the following to the smart card:

Si = secret (smart card)

H = hash (transaction to be signed)
The smart card now computes the value for the Bitcoin address associated with the composite key, (P0+Pi). The card returns the signature as:

(R,S) i— a composite ECDSA signature for the address (P0+Pi).

The app sets the change (if any) to a new address, P(i+1).

The address for P(coin+1) is derived on the smart card and returned to the app. In order to do so, a new secret is generated on the app and sent to the smart card:

P0 = secret (smart card) X G (G is the ECDSA cure operator)

P(i+1) = secret (wallet value + 1) X G

P(coin+1) = P0 + P(i+1)

The phone app never needs to send the secret to the card, it sends the public key. If it is known — one possible means to do so — by the card holder (such as when not only a hashed address but a key is used), the app can do the calculation.

Using the smart card and the app, you can now have a secure wallet that requires the card to sign, which can also be made to enhance wallets such as Handcash or Centbee. Every time a message is signed, a new key is generated securely.

Using the card, a separate wallet can be created for each device and for multiple reasons. It allows all that people seek from a clumsy and antiquated hardware device such as Ledger and with far more flexibility. The process ensures that you only use keys once; and more, it can allow you to attest to a key later whilst maintaining complete privacy.

Each coin is sent as it is spent to a new address. Each is used once and only once, and the card only has to complete a simple operation, as most of the transaction construction is completed by the phone or app device.

A backup of the smart card can be created and stored in a safe allowing recovery, and, together, the card and app work only when the user’s biometrics are there to sign, such as the user’s fingerprint. The one card can be used over and over, never exposing the key as the registered key on the smart card is never used to send and receive Bitcoins.

More, the card can be used with the process detailed below to encrypt files securely (see also the last post) and to even authenticate to a computer and secure a VPN to a remote system……Read More>>>

 

Source:- medium

Share:
Loading...