status-im / status-keycard

Our Javacard Implementation for making secure transactions within Status and Ethereum
Apache License 2.0
215 stars 65 forks source link

POS support #11

Open bitgamma opened 6 years ago

bitgamma commented 6 years ago

The hardwallet cannot be currently used in POS because pairing is required before usage.

There are several possible ways to overcome this with different security/usability tradeoffs and we must decide something.

The most secure way is not to change anything in the card and implement POS support in the client. The POS beams through NFC or BLE the ethereum transaction to the phone and from there the user can proceed as usual (except it might beam back the signed tx to the POS instead of submitting autonomously, so no internet connection on the device side is required). This is probably the most secure and still usable solution.

If however we want to exclude the usage of a third device. My proposal is as follows

I think this is something that will eventually be needed, because it opens the door to several usage scenarios while not really compromising on security. The UX suffers a little, since you need to remember another PIN, but for PIN-less applications this would work a treat. We could even not introduce the payment PIN and only allow PIN-less transactions using this mechanism.