Hardware
13 views
Skip to first unread message
L
Jun 20, 2011, 8:14:48 PM6/20/11
to BitCoinCard
check http://www.mini-box.com/picoLCD-20x2-OEM
perhaps we can leave out the smartcards and put private keys in
firmware of this device?
we would have to flash the first time such that the LCD firmware
doesnt allow flashing without PIN...
it has connectors for a keyboard, so again we should inspect the
firmware source code so that it doesnt relay pin codes to computer...
theres an extraneous IR receiver...
cost: $40
in low volumes could be hard for us to go under this price for total
setup (low volumes of smart card with javacard or openplatform with
crypto capabilities is probably around $15-20)
perhaps look around for other USB lcd screens with keyboard
connectivity?
it would have been great if the firmware could only be flashed with
hardware jumper, and if it had some ram & memory card support for
wallets...
perhaps we can leave out the smartcards and put private keys in
firmware of this device?
we would have to flash the first time such that the LCD firmware
doesnt allow flashing without PIN...
it has connectors for a keyboard, so again we should inspect the
firmware source code so that it doesnt relay pin codes to computer...
theres an extraneous IR receiver...
cost: $40
in low volumes could be hard for us to go under this price for total
setup (low volumes of smart card with javacard or openplatform with
crypto capabilities is probably around $15-20)
perhaps look around for other USB lcd screens with keyboard
connectivity?
it would have been great if the firmware could only be flashed with
hardware jumper, and if it had some ram & memory card support for
wallets...
Rassah
Jun 20, 2011, 10:23:41 PM6/20/11
to bitco...@googlegroups.com
As long as every flash is forced to wipe the entire memory, it should be ok.
r2k-in-the-vortex
Jun 26, 2011, 6:44:46 PM6/26/11
to BitCoinCard
keypad + lcd + simple pc communication for data is very simple to
achieve
http://320volt.com/lpc2138-arm-microcontroller-based-check-point/ <--
just random example out of tens of thousands out there
and imho would offer better security over smartcard solution.
smartcards are okey for everyday banking because banks will reverce
any invalid activity, but still credit card thefts,
(physically)keylogging payment terminals and all that happen all the
time. with bitcoin where there is no revercing payments only way to
offer security is to drag along your own secure payment terminal
achieve
http://320volt.com/lpc2138-arm-microcontroller-based-check-point/ <--
just random example out of tens of thousands out there
and imho would offer better security over smartcard solution.
smartcards are okey for everyday banking because banks will reverce
any invalid activity, but still credit card thefts,
(physically)keylogging payment terminals and all that happen all the
time. with bitcoin where there is no revercing payments only way to
offer security is to drag along your own secure payment terminal
Ludwig Maes
Jun 26, 2011, 11:00:47 PM6/26/11
to bitco...@googlegroups.com
Which is exactly what would be achieved by having the display and
buttons on your trusted smart card...
buttons on your trusted smart card...
You are proposing another embedded device? No problem, as long as you
can show me that reprogramming that device needs permission from the
device side... and can provide convincing arguments that it doesnt
become more expensive than smartcards...
r2k-in-the-vortex
Jun 27, 2011, 1:32:03 AM6/27/11
to BitCoinCard
reprogramming is a non issue, most ucontrollers have protection
features for that, sure you can still forcefully reprogram (some
of)these devices but that means losing all program data on it along
with encryption keys stored there that are needed to load and decrypt
the wallet from eeprom...
price on the other hand, dont really know about that
im just worried that if you use your smartcard with payment terminal
at vendors site, then how do you know the terminal that has they
keypad and display has not been tampered with?
are you going to drag along your own terminal + smart card?
might as well have it in one device already then, why use smartcard at
all if you already need to have a physical device with you?
On Jun 27, 6:00 am, Ludwig Maes <ludwig.m...@gmail.com> wrote:
> Which is exactly what would be achieved by having the display and
> buttons on your trusted smart card...
>
> You are proposing another embedded device? No problem, as long as you
> can show me that reprogramming that device needs permission from the
> device side... and can provide convincing arguments that it doesnt
> become more expensive than smartcards...
>
features for that, sure you can still forcefully reprogram (some
of)these devices but that means losing all program data on it along
with encryption keys stored there that are needed to load and decrypt
the wallet from eeprom...
price on the other hand, dont really know about that
im just worried that if you use your smartcard with payment terminal
at vendors site, then how do you know the terminal that has they
keypad and display has not been tampered with?
are you going to drag along your own terminal + smart card?
might as well have it in one device already then, why use smartcard at
all if you already need to have a physical device with you?
On Jun 27, 6:00 am, Ludwig Maes <ludwig.m...@gmail.com> wrote:
> Which is exactly what would be achieved by having the display and
> buttons on your trusted smart card...
>
> You are proposing another embedded device? No problem, as long as you
> can show me that reprogramming that device needs permission from the
> device side... and can provide convincing arguments that it doesnt
> become more expensive than smartcards...
>
Ludwig Maes
Jun 27, 2011, 9:34:13 AM6/27/11
to bitco...@googlegroups.com
On 27 June 2011 07:32, r2k-in-the-vortex <rkor...@gmail.com> wrote:
> reprogramming is a non issue, most ucontrollers have protection
> features for that, sure you can still forcefully reprogram (some
> of)these devices but that means losing all program data on it along
> with encryption keys stored there that are needed to load and decrypt
> the wallet from eeprom...
>
> price on the other hand, dont really know about that
>
> im just worried that if you use your smartcard with payment terminal
> at vendors site, then how do you know the terminal that has they
> keypad and display has not been tampered with?
> reprogramming is a non issue, most ucontrollers have protection
> features for that, sure you can still forcefully reprogram (some
> of)these devices but that means losing all program data on it along
> with encryption keys stored there that are needed to load and decrypt
> the wallet from eeprom...
>
> price on the other hand, dont really know about that
>
> im just worried that if you use your smartcard with payment terminal
> at vendors site, then how do you know the terminal that has they
> keypad and display has not been tampered with?
This is the exact concern, i fully agree, you seem to misread my
card+display+buttons as smartcard in terminal, I am talking about the
smartcards that have their own buttons and display (for example look
up visa OTP + PIN smartcard on youtube)
Reply all
Reply to author
Forward
0 new messages