AU2018203904A1 - Secure transactional cryptocurrency hardware wallet - Google Patents

Secure transactional cryptocurrency hardware wallet Download PDF

Info

Publication number
AU2018203904A1
AU2018203904A1 AU2018203904A AU2018203904A AU2018203904A1 AU 2018203904 A1 AU2018203904 A1 AU 2018203904A1 AU 2018203904 A AU2018203904 A AU 2018203904A AU 2018203904 A AU2018203904 A AU 2018203904A AU 2018203904 A1 AU2018203904 A1 AU 2018203904A1
Authority
AU
Australia
Prior art keywords
internet
transaction
digital device
wallet
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2018203904A
Inventor
Nickolas Daskalou
George Parthimos
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to AU2018203904A priority Critical patent/AU2018203904A1/en
Priority to GBGB1907453.3A priority patent/GB201907453D0/en
Priority to CA3044991A priority patent/CA3044991A1/en
Publication of AU2018203904A1 publication Critical patent/AU2018203904A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

(57) Abstract A hardware cryptocurrency wallet with wireless communications, identification means for inputting identification information and a display to present transaction details to a user.

Description

2018203904 02 Jun 2018
A Cryptocurrency Hardware Wallet
TECHNICAL FIELD
This invention relates to a hardware wallet for cryptocurrency. The object of the invention is to make the use of the wallet easier and safer while at the same time keeping the information in the wallet more secure.
BACKGROUND ART
Cryptocurrency In General
Cryptocurrency has unique features. Cryptocurrency is an encrypted, decentralized digital currency transferred between peers. A digital currency can be a coin or a token. The transactions are recorded in a public ledger also known as a blockchain. In general the recording of the transactions take place by a process known as mining. The recording of the transactions can also take place without any mining. Cryptocurrency is a digital currency that only exists on digital devices like a computer, laptop, desktop, tablet, phablet and smartphone. The blockchain is distributed as it is hosted on many computers across the globe. Cryptocurrencies are traded on online cryptocurrency exchanges like stock exchanges. These exchange services such as COINJAR or COINBASE make it possible to convert cryptocurrency to fiat currency.
Public and Private Keys
2018203904 02 Jun 2018
In general the cryptography used in cryptocurrency uses keys pairs. There is a public key and a private key. The two keys are paired together. The public key verifies that a holder of the paired private key has sent the information. Only the holder of the paired private key can decrypt the message encrypted with the public key. The public and private keys are used to spend and receive the cryptocurrency. The public key is typically used to generate a cryptocurrency address which can then be used to send cryptocurrencies to. If you provide someone with a public key or public address key it is the same as providing a bank account number. The public key and/or public address is used to receive money.
In the case of the Bitcoin cryptocurrency, when Bitcoin is sent to an address (which is derived from the public key), there is additional information sent with the transaction. This includes conditions on how the Bitcoin sent to an address can be spent. Typically the conditions are that only the person who has a private key which matches the public key associated with the receiving address is allowed to spend the Bitcoin. In such a case, with this condition, the receiving address will need to verify that he holds the required private key by signing particular parts of the transaction with his private key when he wishes to spend the Bitcoin he has received.
There are other conditions which could apply, such as requiring multiple private keys to provide a signature in order to spend the Bitcoin, or requiring at least a certain amount of a group of signatures to provide a signature before the Bitcoin can be spent. As mentioned the above applies to mostly Bitcoin,
2018203904 02 Jun 2018 however most other cryptocurrencies have similar rules although they may vary slightly.
Transfer Of Funds
A transaction is the transfer of cryptocurrency. A transaction is broadcasted over the internet to the network and collected into blocks. The network has nodes. Nodes are computers connected to the network. The nodes relay and rebroadcast the transaction over the internet. Transactions are sent between peers using software called cryptocurrency wallets. The person creating the transaction uses the wallet software to transfer balances from one account to another. To transfer funds from an account you have to know the private key of the account from which you transfer the funds. As mentioned you have to know the public key or public address of the account to which you transfer the funds to. The person who sends the cryptocurrency only has to know the destination address. Only the person who has the private key of the receiving address can use the cryptocurrency that has been sent to the receiving address.
The Public Ledger or Blockchain
Transactions made between peers are encrypted and then broadcasted to the cryptocurrency's network to all users hosting a copy of the blockchain. The information held on the blockchain exists as a shared and continually reconciled database. If the transaction is valid, the nodes will include it in the block they are mining. The transaction will be included, along with other
2018203904 02 Jun 2018 transactions, in a block in the blockchain. At this point the receiver is able to see the transaction amount in his wallet.
Specific types of users called miners try to solve a cryptographic puzzle using software. The miner, who first solves the puzzle, adds the transaction to the ledger. The miner gets as a reward a few newly mined crypto coins. As mentioned, cryptocurrencies can also be recorded without mining meaning that there is no reward for solving the puzzle and adding the transaction to the blockchain. Generally the transactions are queued up and many transactions are added to the ledger at once. These blocks are added sequentially. Each block is connected to the data in the last block by one way cryptographic codes called hashes. This makes tampering with the blockchain very difficult.
Cryptocurrency Wallet
A cryptocurrency wallet stores the public and private keys which can be used to receive or spend the cryptocurrency. A wallet can contain multiple public and private key pairs for each cryptocurrency stored in the wallet. The cryptocurrency itself is not in the wallet. As mentioned the cryptocurrency is stored and maintained in a publicly available ledger called a blockchain. In the case of Bitcoin every piece of cryptocurrency has conditions on how it can be spent. As mentioned typically the conditions are that the cryptocurrency can be spent by the entity which can prove they have the matching private key to the public key associated with the address of the particular piece of cryptocurrency. In such a case every piece of cryptocurrency has a private key. With the private key, it is then possible to write in the public ledger or
2018203904 02 Jun 2018 blockchain, effectively spending the cryptocurrency to which the private key belongs. In order to conduct a transaction, the cryptocurrency wallet connects to a client or node on the network to conduct the transaction on the ledger. There are generally two types of wallets namely a software wallet and a hardware wallet.
Software Wallet
A software wallet is generally stored on an electronic internet device that can connect to the internet like a desktop, laptop, phablet, tablet or smartphone. The same electronic internet device on which the software wallet is stored is then used to connect to the internet to do the cryptocurrency transaction. The disadvantage of a software wallet is that it is on the same electronic device that can connect to the internet and it is therefore more vulnerable to an attack. This is also known as a hot wallet.
Hardware Wallet
A wallet can also be stored on a separate digital device that is not always connected to the internet. This is a far more secure way of storing your cryptocurrency wallet. This is known as a hardware wallet or a cold wallet. There are hardware wallets on the market. However these hardware wallets involve cumbersome methods to connect the separate digital device to an electronic internet device, as these hardware wallets typically connect to the electronic internet device by using USB cables. It is the object of this invention to mitigate the shortcomings of these hardware wallets.
2018203904 02 Jun 2018
SUMMARY OF THE INVENTION
The invention discloses a cryptocurrency hardware wallet for use to perform a transaction comprising: a digital device having an input to enter a personal identification means and confirm the transaction; a display to display the details of the transaction; and a wireless communication means for connecting to an internet electronic device. The internet electronic device is connectable to the internet to obtain the transaction details. During the transaction the internet electronic device transmits via the wireless communication the transaction details to the digital device; the details of the transaction are then displayed on the display and a user of the card enters the personal identification means and confirms the transaction via the input of the digital device. The digital device then generates cryptographic signatures and other information and transmits it to the internet electronic device via the wireless communication means.
It should be understood that as far as the input and personal identification means are concerned there is a wide variety of possibilities possible. The input may be a keypad, fingerprint reader, retina scanner and microphone with the corresponding personal identification means a personal identification number or PIN, fingerprint, retina and voice of a user.
The wireless communication means can be anywhere in the electromagnetic spectrum be it at any frequency or power. So for instance it can be in the Near Field Communication (“NFC”) range or in the Bluetooth range, radio frequency range or whatever range and power where communication is possible. It can
2018203904 02 Jun 2018 be light like infra-red or ultra violet or even in the visible light range. It can also be acoustic or sound waves as a means of wireless communication. Any means of wireless communication falls within the scope of the invention.
The cryptographic signatures may be securely stored so that they cannot be read or copied. The digital device may allow the personal identification means to be entered only when there is no communication between the digital device and internet device. The digital device may instruct the user to move the digital device away from the internet device so that there is no communication between the digital device and internet device. The digital device may deactivate the wireless communication means so that there is no communication between the digital device and internet device.
The input may be a keypad with buttons and personal identification means is a personal identification number or PIN and the buttons on the keypad may be randomly re-assigned a different character as the character shown on the button.
The digital device may have a panic PIN so that when a user inputs the panic PIN the user is still able to use the wallet as normal however one or more of the following occurs in the background: a pre-selected person is alerted via SMS and/or email and/or message service that the user is in some sort of danger and/or under some sort of threat; a geo position is sent as part of the notification; it appears that the wallet is granting access to all the menus and features as normal, but instead the wallet is showing a limited amount of assets
2018203904 02 Jun 2018 available to transfer and restricting the transferring of assets via the wallet to a maximum amount as shown.
The digital device may be an electronic card.
The invention also includes a method of performing a transaction comprising: the providing a digital device having an input to enter a personal identification means and confirm the transaction; a display to display the details of the transaction; a wireless communication means for connecting to an electronic internet device that can connect to the internet; and providing the electronic internet device. It further includes connecting the internet device to the internet; obtaining the transaction details via the internet; transmitting the transaction details via the wireless communication means to the digital device; displaying the details of the transaction on the display; entering the personal identification means and confirming the transaction via the input of the digital device; generating cryptographic signatures and other information with the digital device then and; transmitting it to the internet device via the wireless communication means.
The method may further provide for securely storing the cryptographic signatures so that they cannot be copied or read. The method may include that entering of the personal identification means is only allowed by the digital device when there is no communication between the digital device and internet device. It may provide that the digital device instructs the user to move the digital device away from the internet device so that there is no communication between the digital device and internet device. Further the
2018203904 02 Jun 2018 method may provide that the digital device deactivates the wireless communication means so that there is no communication between the digital device and internet device. The method may further provide that a keypad with buttons as the input and the personal identification means is a personal identification number or a PIN and randomly re-assigning the buttons on the keypad to a different character as the character than is shown on the button. The method may further provide that the digital device has a panic PIN that when a user enters the panic PIN the user is still able to use the wallet as normal however one or more of the following steps are occurring in the background: alerting a pre-selected person via SMS and/or email and/or message service that the user is in some sort of danger and/or under some sort of threat; sending geo position as part of the notification; allowing it to appear that the wallet is granting access to all the menus and features as normal, but instead the wallet is showing a limited amount of assets available to transfer and restricting the transferring of assets via the wallet to a maximum amount as shown.
The method may provide using an electronic card as the digital device.
eSecuCard-GPfL)
There are several ways to implement this invention. This invention can be implemented on a single digital device or a combination of separate discrete electronic components that are assembled so that it can function separately on its own as a functional wallet. One of the digital devices that can be used to implement this invention is the eSecuCard-GP(L) from the Shenzhen ίο
2018203904 02 Jun 2018
Excelsecu Data Technology Co. Ltd. The trademark they use is EXCELSECU. The card has several components and features available that comes in a single convenient package of a card that are used to implement the invention. It has a Bluetooth chip, an electronic paper display or EPD that is a 256 by 256 pixel dot matrix screen, a keypad with 12 touch buttons and 1 mechanical button, rechargeable battery, smart card chip and microcontroller unit and one-time-password secure chip. It also comes with a charger. It should be understood that this invention is not limited to the eSecuCard-GP(L) from the Shenzhen Excelsecu Data Technology Co.
When using this card to implement the invention the input is a keypad with buttons and the personal identification means is a personal identification number or PIN. However as pointed out above there are several other options available to be used as input and personal identification means.
When a transaction is performed the wallet implemented on this card or digital device is used in conjunction with an electronic internet device to connect to the internet. The electronic internet device can be a smartphone, tablet, phablet, laptop, desktop or any other similar type device that can connect to the internet. The digital device connects wirelessly to the electronic internet device.
The Electronic Internet Device
This electronic internet device can be stationary like a desktop or a cash register that connects to the internet. The electronic internet device can also
2018203904 02 Jun 2018 be mobile like a smartphone such as an iPhone or a Samsung Galaxy mobile phone, with NFC technology built in.
NFC and Bluetooth
The card is equipped with wireless communication means such as Near Field Communication (“NFC”) technology to perform the contactless data transfer between itself and another electronic internet device that is also NFC capable. Near Field Communication or NFC is a set of short-range wireless technologies, where communication is over a range of 10 cm or less. NFC uses an activator and a target. The activator generates a radio frequency field that can power a passive target. With NFC peer-to-peer communication is possible, if both devices are powered. The eSecuCard built-in NFC is the key feature for the “Tap and Go” feature of the invention. At the time of writing this specification the Bluetooth feature will be used initially for all Apple products (including iPhone and iPad devices) as Apple have not yet opened their NFC functionality to developers. Therefore, at this stage Bluetooth is used for all Apple devices. Apple has suggested they will open NFC functionality to developers in the next operating system release, but this is yet to be confirmed. As an additional security safety feature this invention will implement what is known as an ON/OFF sequence for the radio frequency connection like NFC and Bluetooth connectivity. When the card is not in use, both NFC and Bluetooth will be deactivated or there will be no contact between the digital device or wallet and internet electronic device. When the card is switched on and the correct PIN entered, the card will switch the NFC and Bluetooth ON
2018203904 02 Jun 2018 again. When the transaction is completed and the card is closed, NFC and Bluetooth will be switched OFF. This will help protect the card from potential NFC and Bluetooth scanner vulnerability.
Bluetooth makes connection between the hardware wallet and the internet electronic device easier as it uses radio frequency and there is no need for a physical cable. Bluetooth is not as secure as Near Field Communication or NFC. Bluetooth communication is over a longer range than NFC. As mentioned above NFC is a set of short-range wireless technologies over a range of 10 cm or less. Bluetooth can be compromised, mainly because of the longer range of the technology and the method of handshaking which connects or pairs the two devices. Bluetooth is more vulnerable to man-in-the-middle attack. This is where the attacker relays the conversation between the two parties communicating. The two parties believe they are communicating directly with each other. Another example of man-in-the middle attacks is eavesdropping when the attacker is secretly listening to the conversation of the two parties.
The eSecuCard as part of its hardware also has Bluetooth. To overcome the man-in-the-middle vulnerabilities of Bluetooth pointed out above this invention is implemented with an encryption algorithm between the pairing devices, plus a confirmation process on the eSecuCard. This should mitigate the risk of the mentioned attacks.
Secure Elements
2018203904 02 Jun 2018
The card contains one or more secure elements where the private keys, seed words and other private data and/or secret information are stored. The secure elements are physical chips embedded in the card. They are secure in that even if an attacker has physical access to the card, the secure elements are difficult to break into and access the data within them. The data cannot be copied or read. This feature enables the secure storing of the private keys, seed words and other private data and/or secret information so that they cannot be copied or read. Therefore, even if the card was to be opened, the contents of the secure element cannot be recovered as it is encrypted. Other private data and/or secret information could be sensitive data added by a user, such as a password to access a privileged part of the application running on the separate digital device. It can also be a list of passwords the user wants to securely store on the card. The smart card chip is used for data storage including the public and private key pair as well as personal and other sensitive information. It can also be used to store data which needs to be encrypted or decrypted.
Setup New Wallet
When a user switches the card on, he is asked on the card screen if he wants to create a new wallet or if he wants to restore an existing wallet. The card can have more than one cryptocurrency wallet.
When a user wishes to create a new cryptocurrency wallet, the card will randomly select 12 to 48 words from a list of known words already preloaded on the card. These words will be used as seed words.
2018203904 02 Jun 2018
These seed words are used to generate private and public keys needed to perform cryptocurrency transactions. The public keys are used to generate the addresses that are used by the user of the card if cryptocurrency is transferred to him by other owners of cryptocurrency. A standard open source method called BIP39-Mnemonic is used in the generation of the seed words. The application which will run on the card is written using Java card technology as the eSecuCard is developed on a Java platform. The application runs on the card. The 12 to 48 seed words are generated using the standard BIP39Mnemonic method. These words are then “hashed” to generate the private key.
These 12 to 48 words will be shown to the user, and the user will be told to write down these words in the correct order. The purpose of the user writing down these words is that these words can be used to recover the user’s cryptocurrency wallet at any time by simply supplying these 12 to 48 words in the correct sequence to compatible devices.
As part of the setup of the card the user of the card will be prompted to select or define and enter a personal identification number or PIN code. The user then chooses a unique 4-10 digit PIN code which is used to unlock the card features. It is also used to confirm transactions with the card. This is discussed later on. The application which runs on the card in this case the eSecuCard is a separate application. It is the software used on the card for instance to accept PIN entry, confirm transaction amounts, verify transactions and generate public and private keys and transaction signatures.
2018203904 02 Jun 2018
Restore
As mentioned if a user switches the on the card, he is asked if he wants to create a new wallet or if he wants to restore an existing wallet on the display of the card. If the user wants to restore a wallet, then the user is asked to enter his seed words directly on the card. The user will have already recorded the seed words when he had previously set up their hardware wallet. Given that the card uses the BIP39-Mnemonic standard method, these seed words could have been created on another hardware wallet which also uses the same standard, and a restore can be done on the card using these seed words.
The Merchant Application
A purpose build merchant application that is used in conjunction with the eSecuCard will be supplied to the merchant. The merchant application runs on an internet electronic device. The merchant application sends details of the cryptocurrency transaction to the card using NFC technology. The transaction details will include the following:
1. The particular cryptocurrency being transferred (e.g. Bitcoin, Ether, Ripple etc.).
2. If necessary, the exchange rate of the fiat and cryptocurrency.
3. The amount of the currency being transferred. When the cryptocurrency amount is entered the application would typically display the fiat currency equivalent. As discussed later, the conversion rate is calculated by an intermediary exchange which provides the
2018203904 02 Jun 2018 exchange rates for the crypto and fiat currencies at the point of transaction.
4. The address of the receiver of the cryptocurrency, which would be obtained or derived from their public key as discussed above.
5. There may also be a “Miner’s Fee which is effectively a transaction fee as discussed above.
6. In addition, there could be other fees depending on the speed which the user would like to complete the transaction. In some cases the user could select to pay a higher transaction fee to ensure the transaction is completed as quickly as possible.
In addition, the user may also be able to select which account they would like to use to transfer their cryptocurrency from. The user can have multiple cryptocurrency accounts on a single hardware wallet configuration.
The user will then be prompted by the card to enter his PIN on the card. The user then enters his PIN on the card keypad. The user confirms the transaction details. The card will generate the required cryptographical signature and send the signature to the merchant application via NFC.
The merchant application will then use the signature and other applicable data received from the card to complete the cryptocurrency transaction using an Internet connection provided by the internet electronic device.
The merchant application will then broadcast the cryptocurrency transaction to one or more nodes of the cryptocurrency network so that the transaction
2018203904 02 Jun 2018 can be added to the blockchain. Alternatively, the merchant application may send the transaction details to a backend service.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 - is a flowchart that briefly shows the general steps followed when the merchant accepts cryptocurrency.
Figure 2 - is a flowchart that briefly shows the general steps followed when the merchant does not accept cryptocurrency but fiat currency only.
TABLE OF NUMERALS AND DESCRIPTION
Numeral Description
S5 Does The Merchant Accept Cryptocurrency? -Yes
S10 Merchant Enters Cryptocurrency Receiving Address.
S15 Merchant Selects Which Cryptocurrency He Wants To Be Paid In.
S20 Merchant Enters Fiat Amount In Merchant Application.
S25 Merchant Application Automatically Converts Fiat Currency Into Cryptocurrency.
S30 Merchant Application Displays The Cryptocurrency Amount On The Internet Electronic Device.
S35 User Taps Card On The Internet Electronic Device.
S40 Card Prompts User To Enter PIN.
S45 User Enters PIN To Unlock Card.
S50 The Transaction Details Appear On The Card.
S55 User Confirms The Transaction.
2018203904 02 Jun 2018
S60 The Card Cryptographically Signs The Transaction.
S65 Card Informs The User To Tap The Card Onto The Internet Electronic Device To Finalise The Transaction.
S70 User Taps The Card On The Internet Electronic Device.
S75 Card Transfers Transaction Confirmation To Application Running On The Internet Electronic Device.
S80 Application Running On The Internet Electronic Device Sends Transaction Details To Backend Service Of The Card.
S85 Card Backend Service Broadcasts The Transaction To The Cryptocurrency Network.
SI 00 Does The User Accept Cryptocurrency? -No
SI 05 Merchant Selects Which Of The Fiat Currencies He Would Like To Be Paid In.
SI 10 The Merchant Enters The Fiat Amount In The Merchant Application.
SI 15 User Taps Card On The Internet Electronic Device.
SI 20 Card Prompts User To Enter PIN.
SI 25 User Enters PIN To Unlock Card.
SI 30 Transaction Details Appear On The Card.
SI 35 User Chooses Which Cryptocurrency He Wants To Pay With.
SI 40 Card Displays Amount Of Cryptocurrency Needed To Complete Transaction.
SI 45 User Confirms Transaction Details.
SI 50 Card Cryptographically Signs The Transaction.
SI 55 Card Informs User To Tap The Internet Electronic Device.
SI 60 User Taps Card On The Internet Electronic Device.
SI 65 Card Transfers Transaction Confirmation To Application Running On The Internet Electronic Device.
SI 70 Application Running On The Internet Electronic Device Sends Transaction Details To Backend Service Of Card.
SI 75 Backend Service Uses Exchange Service To Convert Cryptocurrency Sent By User Into Fiat Currency Amount As Requested By Merchant.
2018203904 02 Jun 2018
SI 80 The Card Backend Service Deposits The Fiat Currency Into The Merchant's Account.
Steps Between User and Merchant (In Person)
Figure 1 is a flowchart that briefly shows the general steps followed when the merchant accepts cryptocurrency. A user of the card can purchase goods or services from a merchant in two ways. The transaction is made between a merchant and a user in person. This is typically done at a restaurant or a cafe or a retail outlet. The card can however also be used over the internet for online purchases. A merchant may accept cryptocurrency or he may only accept fiat currency. As mentioned a purpose build merchant application that is used in conjunction with the card is supplied to the merchant. The merchant application typically runs on an electronic internet device of the merchant that is mobile like the merchant's smartphone. The merchant application can also run on an electronic internet device that is not mobile such as a cash register of the merchant that is connected to the Internet and can run an iOS or Android application, or any other electronic internet device platform. The user discusses the payment method with the merchant when they go to the register to pay for their goods or service. The user firstly confirms with the merchant that the merchant accepts cryptocurrency as payment or fiat currency.
Merchant Accepts Cryptocurrency
2018203904 02 Jun 2018
In figure 1 at S5 if the merchant accepts cryptocurrency as payment, as shown in figure 1 at S10 the merchant enters a cryptocurrency receiving address or public key in merchant application. This allows the user to transfer cryptocurrencies directly to the merchant’s account on a peer-to-peer basis. There may or may not be an intermediary involved. The merchant public key or public address can be provided to the customer as either a long form alphanumeric number or as a Quick Response Code or QR Code. A QR Code is a machine-readable code consisting of an array of black and white squares generally arranged in a square, typically used for storing URLs or other information. The QR Code is read by the camera on a smartphone. The QR Code represents the cryptocurrency address of the merchant. The smartphone is equipped with a cryptocurrency transaction application. The cryptocurrency transaction application can be a purpose-built application or other existing applications that are available from COINJAR or COINBASE that scans the QR Code.
At SI 5 the merchant selects the cryptocurrency currency he wants to be paid in. The merchant then enters the fiat amount in the merchant application at S20. As shown at S25 the merchant application automatically converts fiat currency value of the price of the goods or service to be purchased into cryptocurrency. At S30 the merchant application will then display the cryptocurrency amount on the smartphone or internet electronic device.
2018203904 02 Jun 2018
The user, then atS35 taps the card on the internet electronic device. The card then prompts the user to enter his PIN as shown at S40. The user enters his PIN to unlock his card as shown at S45.
The transaction details then appear on the card as can be seen at S50.
As can be seen at S55 the user confirms the transaction details with the card's input. As shown at S60 of figure 1 the card cryptographically signs the transaction. The card then informs the user to tap the card onto the internet electronic device to finalize the transaction at S65. At S70 the user taps the card on the internet electronic device. The card transfers the transaction confirmation to the application running on the internet electronic device as can be seen at S75 of figure 1. This includes the cryptographic signature.
The application running on the internet electronic device sends transaction details (including confirmation information and signature received from card) to backend service of the card as shown at S80. The card backend service broadcasts the transaction to the cryptocurrency network as can be seen at S85 of figure 1.
Merchant Does Not Accept Cryptocurrency But Does Accept Fiat Currency
As shown in figure 2 at SI 00 the merchant does not accept cryptocurrency as payment. As shown in figure 2 at SI05 the merchant selects which of the supported fiat currencies he would like to be paid in. At SI 10 the merchant enters the fiat amount in the merchant application.
Then as shown at SI 15 the user taps card on the internet electronic device. The card prompts user to enter the PIN as can be seen at SI20 of figure 2. At
2018203904 02 Jun 2018
S125 the user enters the PIN to unlock the card. The transaction details including the fiat amount and cryptocurrency equivalent appear on the card display at SI 30. User chooses which cryptocurrency he wants to pay with at SI 35. The card then displays the amount of cryptocurrency needed to complete the transaction on the card display at SI40. The user confirms the transaction details with the card's input at SI45.
The card cryptographically signs the transaction at SI50 of figure 2. Once again at SI 55 the card informs user to tap the card onto the internet electronic device to finalize the transaction. The user then taps the card on the internet electronic device at SI 60. The card transfers the transaction confirmation which includes the cryptographic signatures to the application running on the internet electronic device at SI 65. The application running on the internet electronic device sends transaction details to the card backend service. The transaction details include the confirmation information and signature information received from the card at SI 70 of figure 2. At si 75 the backend service of the card uses an exchange service to convert the cryptocurrency sent by the user into the fiat currency amount as requested by the merchant. At si 80 the card backend service deposits the fiat currency amount into the merchant's account.
Entering Of PIN
As an additional safety feature of the invention before the user enters the PIN or personal identification means the user is prompted to move the card or digital device away from the smartphone or internet device. As the user moves
2018203904 02 Jun 2018 the card away from the smartphone, the card goes out of NFC range of the smartphone. Additionally the NFC can be deactivated. There is then no contact between the card and the smartphone. When there is no contact between card and smartphone the user enters the correct PIN on the card. The user will, after entering the PIN and confirming the transaction details on the card, be prompted to once again place the card into close contact with or to tap the card on the smartphone. Once again the NFC re-activates and/or the card is in NFC range with the smartphone and contact between the card and the smartphone is re-established.
PIN Scrambler
When the user needs to physically enter a PIN code on the card or in order to gain access to a privileged part of the system such as authorising a transaction payment, the card will randomly re-assign each character shown on the buttons of the keypad to a different button. To put it differently the buttons on the keypad are randomly re-assigned a different character as the character shown on the button.
This re-assignment is done so that each time a re-assignment of the buttons occurs, the re-assignment of the values of the buttons is different. This means each time the PIN is entered on the card different buttons on the keypad are struck by the user. The card's screen or display will indicate to the user how the buttons on the keypad have re-assigned new values for each button, so that the user knows which button on the keypad to press in order to enter their actual desired PIN.
2018203904 02 Jun 2018
For example, if a system consisted of just 4 input buttons:
[1] [2] [3] [4]
The reassignment of the above 4 input keys might be presented to the user on the screen like this:
Enter PIN:____
NOTE: The following key reassignment has taken place:
• For 1 press[3];
• For 2 press [ 1 ] ;
• For 3 press[4];
• For 4 press[2];
Let's say the PIN code is 2, 2, 4 and 3.
A user to enter the PIN would then strike the following sequence of buttons: [1],[1],[2] and [4].
The re-assignment will be done by the software that runs on the card.
Panic PIN
When a user is forced, under duress or by other means, to log in to an online or mobile application which contains balances and/or methods to transfer financial funds, the card application or smartphone application will allow the user to input a “Panic PIN” which, once the PIN has been submitted by the user, puts the system into a lockdown state.
The user will continue to use the application as normal; however one or more of the following will occur in the background:
2018203904 02 Jun 2018
1. Alert a pre-selected person via SMS/email/message service that the user is in some sort of danger and/or under some sort of threat.
2. A geo position can also be sent as part of the alert.
3. The application will appear to allow access to the menus and features as normal, but instead:
3.1. Shows a limited amount of assets available to transfer.
3.2. Restricts the transferring of assets via the application to a maximum amount as described in point 3.1 above.
The Panic PIN is different to the actual credentials the user enters when he wishes to log in to the application and have it function normally with a “normal PIN”.
The Panic PIN is created by the user via the card application or smartphone application, after he has logged in with his normal PIN, as part of the application’s optional or mandatory settings and/or configuration.
If available, an Internet connection is used by the application to contact appropriate authorities. It can be either on the device hosting the application, or via another connected device.
It should be understood that for purposes of this invention, the invention is not limited to a particular sequence of events.
ABSTRACT
2018203904 02 Jun 2018
A cryptocurrency hardware wallet for use to perform a transaction that includes a digital device having an input to enter a PIN and confirm the transaction; a display to display details of the transaction; and a wireless communication means for connecting to an electronic internet device. The electronic internet device is connectable to the internet to send transaction details. During the transaction the internet device transmits via the wireless communication the transaction details to the digital device. The user of the card enters the PIN to unlock the card, then the details of the transaction are displayed on the display. The user then confirms the transaction via the input of the digital device. The digital device then generates cryptographic signatures and other information and transmits it to the internet device via the wireless communication means.

Claims (16)

  1. 2018203904 02 Jun 2018
    1. A cryptocurrency hardware wallet for use to perform a transaction comprising:
    a digital device having an input to enter a personal identification means and confirm the transaction;
    a display to display details of the transaction;
    and a wireless communication means for connecting to an internet electronic device;
    the internet electronic device being connectable to the internet to send transaction details;
    so that during the transaction the internet electronic device transmits via the wireless communication the transaction details to the digital device;
    the user of the card enters the personal identification means and the details of the transaction are then displayed on the display, and the user confirms the transaction via the input of the digital device;
    the digital device then generating cryptographic signatures and other information and transmitting it to the internet electronic device via the wireless communication means.
  2. 2. A wallet as in claim 1 wherein the cryptographic private keys and/or seed words are securely stored and cannot be read or copied.
  3. 3. A wallet as in claim 1 wherein the digital device allows the personal identification means to be entered only when there is no communication between the digital device and internet device.
    2018203904 02 Jun 2018
  4. 4. A wallet as in claim 3 wherein the digital device instructs the user to move the digital device away from the internet device so that there is no communication between the digital device and internet device.
  5. 5. A wallet as in claim 3 wherein the digital device deactivates the wireless communication means so that there is no communication between the digital device and internet device.
  6. 6. A wallet as in claim 1 wherein the input is a keypad with buttons and personal identification means is a personal identification number or PIN and the buttons on the keypad is randomly re-assigned a different character as the character shown on the button.
  7. 7. A wallet as in claim 1 wherein the input is a keypad with buttons and personal identification means a personal identification number or PIN and the application running on the digital device or internet enabled device has a panic PIN so that when a user inputs the panic PIN the user is still being able to use the wallet as normal however one or more of the following occurs in the background:
    alerting a pre-selected person via SMS and/or email and/or message service that the user is in some sort of danger and/or under some sort of threat;
    sending geo position as part of the alert;
    allowing it to appear that the wallet is granting access to all the menus and features as normal, but instead the wallet is showing a limited amount of assets available to transfer and restricting
    2018203904 02 Jun 2018 the transferring of assets via the wallet to a maximum amount as shown.
  8. 8. A wallet as in claim 1 wherein the digital device is an electronic card.
  9. 9. A method of performing a transaction comprising:
    providing a digital device having an input to enter a personal identification means and confirm the transaction; a display to display details of the transaction; a wireless communication means for connecting to an electronic internet device that can connect to the internet;
    and providing the internet electronic device;
    connecting the internet electronic device to the internet;
    transmitting the transaction details via the wireless communication means to the digital device;
    entering the personal identification means, displaying the details of the transaction on the display and confirming the transaction via the input of the digital device;
    generating cryptographic signatures and other information with the digital device and;
    transmitting the transaction information to the internet electronic device via the wireless communication means.
    2018203904 02 Jun 2018
  10. 10. A method as in claim 9 wherein further securely storing the cryptographic private keys and/or seed words so that they cannot be copied or read.
  11. 11. A method as in claim 9 wherein entering of the personal identification means is only allowed by the digital device when there is no communication between the digital device and internet device.
  12. 12. A method as in claim 11 wherein the digital device instructs the user to move the digital device away from the internet device so that there is no communication between the digital device and internet device.
  13. 13. A method as in claim 11 wherein the digital device deactivates the wireless communication means so that there is no communication between the digital device and internet device.
  14. 14. A method as in claim 9 wherein further providing a keypad with buttons as the input and the personal identification means is a personal identification number or a PIN and randomly re-assigning the buttons on the keypad to a different character as the character than is shown on the button.
  15. 15. A method as in claim 9 wherein providing a keypad with buttons as the input and personal identification means is a personal identification number or PIN further providing the application running on the digital device or internet enabled device with a panic PIN that when a user inputs the panic PIN the user is still being able to use the wallet as normal however one or more of the following steps are occurring in the background:
    2018203904 02 Jun 2018 alerting a pre-selected person via SMS and/or email and/or message service that the user is in some sort of danger and/or under some sort of threat;
    sending geo position as part of the alert;
    allowing it to appear that the wallet is granting access to all the menus and features as normal, but instead the wallet is showing a limited amount of assets available to transfer and restricting the transferring of assets via the wallet to a maximum amount as shown.
  16. 16. A method as in claim 9 wherein using an electronic card as the digital device.
AU2018203904A 2018-06-02 2018-06-02 Secure transactional cryptocurrency hardware wallet Abandoned AU2018203904A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU2018203904A AU2018203904A1 (en) 2018-06-02 2018-06-02 Secure transactional cryptocurrency hardware wallet
GBGB1907453.3A GB201907453D0 (en) 2018-06-02 2019-05-28 Secure transactional cryptocurrency hardware wallet
CA3044991A CA3044991A1 (en) 2018-06-02 2019-06-03 Secure transactional cryptocurrency hardware wallet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2018203904A AU2018203904A1 (en) 2018-06-02 2018-06-02 Secure transactional cryptocurrency hardware wallet

Publications (1)

Publication Number Publication Date
AU2018203904A1 true AU2018203904A1 (en) 2019-12-19

Family

ID=67385398

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2018203904A Abandoned AU2018203904A1 (en) 2018-06-02 2018-06-02 Secure transactional cryptocurrency hardware wallet

Country Status (3)

Country Link
AU (1) AU2018203904A1 (en)
CA (1) CA3044991A1 (en)
GB (1) GB201907453D0 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11210658B2 (en) 2020-05-12 2021-12-28 iCoin Technology, Inc. Constructing a distributed ledger transaction on a cold hardware wallet
US11526874B2 (en) * 2020-06-11 2022-12-13 Seagate Technology Llc Offline value transfer using asymmetric cryptography

Also Published As

Publication number Publication date
GB201907453D0 (en) 2019-07-10
CA3044991A1 (en) 2019-12-02

Similar Documents

Publication Publication Date Title
US10594498B2 (en) Method and service-providing server for secure transmission of user-authenticating information
US10102510B2 (en) Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key
EP2701416B1 (en) Mobile Electronic Device And Use Thereof For Electronic Transactions
JP6818679B2 (en) Secure host card embroidery credentials
US7606560B2 (en) Authentication services using mobile device
US20120159612A1 (en) System for Storing One or More Passwords in a Secure Element
KR20160042865A (en) System and method for initially establishing and periodically confirming trust in a software application
CN103136668A (en) Terminal payment method, terminal and payment platform
TW201443798A (en) Methods, apparatuses and systems for providing user authentication
US11151562B2 (en) Secure passcode entry using mobile device with augmented reality capability
WO2010002541A1 (en) Trusted service manager (tsm) architectures and methods
WO2015065249A1 (en) Method and system for protecting information against unauthorized use (variants)
US20220311610A1 (en) Authentication system using paired, role reversing personal devices
KR101914649B1 (en) Radio link authentication system and methods using Devices and automation devices
JP2002259866A (en) Card reader device of type connected to portable terminal and method of authentication and settlement using it
KR20160146734A (en) Remote transaction system, method and point of sale terminal
CA3044991A1 (en) Secure transactional cryptocurrency hardware wallet
KR20180036922A (en) Radio link authenticationsystem and methods using Devices and automationdevices
CN106330897A (en) Information storage method and system
EP3686827A1 (en) Information display method and apparatus, storage medium and electronic device
JP2017534961A (en) User authentication method, corresponding terminal and authentication system
CN104955030A (en) Acquiring method through mobile phone and device and terminal thereof
Azam Symmetric Key Management for Mobile Financial Applications: A Key Hierarchy Approach
Tran Mobile Payment Security: A case study of Digital Wallet MOMO
Pourghomi et al. Java Implementation of a Cloud-based SIM Secure Element NFC Payment Protocol

Legal Events

Date Code Title Description
NB Applications allowed - extensions of time section 223(2)

Free format text: THE TIME IN WHICH TO GAIN ACCEPTANCE HAS BEEN EXTENDED TO 17 JUL 2021

MK5 Application lapsed section 142(2)(e) - patent request and compl. specification not accepted