The hardwallet cannot be currently used in POS because pairing is required before usage.
There are several possible ways to overcome this with different security/usability tradeoffs and we must decide something.
The most secure way is not to change anything in the card and implement POS support in the client. The POS beams through NFC or BLE the ethereum transaction to the phone and from there the user can proceed as usual (except it might beam back the signed tx to the POS instead of submitting autonomously, so no internet connection on the device side is required). This is probably the most secure and still usable solution.
If however we want to exclude the usage of a third device. My proposal is as follows
define a "payment PIN" which can be used in pairless transactions and which is separate from the main pin. This PIN can be 4 digits.
define pairing-less key derivation paths with mechanism similar to PIN-less path. A path could even be both pairing-less and PIN-less (for example for door opening usage or for pocket money accounts).
allow pairing-less clients to establish a secure channel and execute operations ONLY using pairingless keys. All other card operation will be disabled and PIN verification will only work for the payment PIN.
I think this is something that will eventually be needed, because it opens the door to several usage scenarios while not really compromising on security. The UX suffers a little, since you need to remember another PIN, but for PIN-less applications this would work a treat. We could even not introduce the payment PIN and only allow PIN-less transactions using this mechanism.
The hardwallet cannot be currently used in POS because pairing is required before usage.
There are several possible ways to overcome this with different security/usability tradeoffs and we must decide something.
The most secure way is not to change anything in the card and implement POS support in the client. The POS beams through NFC or BLE the ethereum transaction to the phone and from there the user can proceed as usual (except it might beam back the signed tx to the POS instead of submitting autonomously, so no internet connection on the device side is required). This is probably the most secure and still usable solution.
If however we want to exclude the usage of a third device. My proposal is as follows
I think this is something that will eventually be needed, because it opens the door to several usage scenarios while not really compromising on security. The UX suffers a little, since you need to remember another PIN, but for PIN-less applications this would work a treat. We could even not introduce the payment PIN and only allow PIN-less transactions using this mechanism.