Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: Inputs.io | Instant Payments, Offchain API, Secure Wallet, 82000 BTC transferred
by
dillpicklechips
on 18/09/2013, 03:29:05 UTC
An idea that's been brewing since reading about how txtbitcoin handles OTP....

A bitcoin "pin card" as a non-technical, physical, cheap, portable solution to Bitcoin security that
wallet providers can use.

It's some type of paper or plastic card that contains a grid of 3-digit pin codes.
Perhaps laid out in this way for convenient printing onto credit card size cards:

      1   2   3   4   5   6   7   8   9   10
   0   356    678   355   843   356   313  121   134   662   345
   1   245   245    239   458   848   245   428  242   472   198
   2   221   503    etc
   3   
   4
   5
   6
   7

Then the person could look up numbers easily so "17" would be correspond to "428"

Important parts:
-the codes all derive from some type of publicly known algorithm using a seed
-the seed is packaged with the card but is separated so the person can safely store the seed somewhere safe
-the seed also creates private keys and bitcoin addresses!
-open methodology for making them so anyone can create their own bitcoin pin card and all they will have to
do is upload the seed to the wallet provider
-if the wallet provider makes the cards there is little chance anyone can steal the codes as they were never transferred over
the the internet and the wallet provider has stored all the seeds when the cards were made
-if a card is lost or stolen the funds can be moved somewhere else using the seed
-it allows for someone to use the online wallet without registering!


What the user will see:
-a simple card with codes and a user number at the top along with address that can be used anytime for funding the account
-the user numbers could be grouped based on provider. We could have inputs.io wallets for example
always start with 001. This way as different wallets adopt the cards they can transfer across providers using user
numbers and not bitcoin addresses.
-the bitcoin wallet provider keeps track of each user number and the card it goes with
-the user number is just so the user doesn't have to type firstbits or addresses into a phone every time


-Bitcoin pin cards are meant for when someone else is hosting a wallet for you and want better security.
We can now use unsecured channels to communicate without worrying about losing funds!

SMS
-phone numbers can be spoofed or spied on which makes it hard to send BTC securely with SMS
How the card could work: we could text "to (usernumber or address) 0.1 from (usernumber)" to a wallet provider. They would then text you "17".
The person now looks that up and sends back "428". A correct reply will cause the 0.1 to send.

Email
-by emailing the wallet provider "to address 0.1 from usernumber", we would get an email back with "18" and we just have to
reply just like in the sms example

-it could even work for using 1-800 number automated machines

-the wallet provider could also lock the account after a set number of failed codes and the only way to unlock it, is to find the seed that was stored somewhere else
-as the pins run out the person is encouraged to move funds to a new card before it "goes back to 1" or the first code


Is it a good idea?

I think it could provide a simple secure way of using sms, email, phone, to sent BTC and internet or a computer isn't even required!