Replies: 7 comments 1 reply
-
Copying some notes in here that @vindard and I penned before realizing this idea was already quite thoroughly laid out. Recently had a chat with CoinCorner folks, as some community projects have been showing interest in the BOLT card. With a few updates, we can enable users of Galoy wallets to send funds from their default wallet using a BOLT card or similar NFC-enabled payment solutions as listed in original post. Features to enable:
Tasks:
|
Beta Was this translation helpful? Give feedback.
-
List of Sticker types: Prices are generally from $0.5 - $1 per sticker/card depending on the order size and location. Are available on amazon, ebay, aliexpress. |
Beta Was this translation helpful? Give feedback.
-
Just adding some notes here regarding BOLT card integration... To support BOLT card the flow requires standard lnurlw integration in addition to lud-17 (https://github.com/fiatjaf/lnurl-rfc/blob/luds/17.md), lud-17 is required on the BOLT card to allow the added security feature of a unique lnurlw on every tap. Gift card style BOLT cards are compatible with the normal lnurlw flow (without the need of extra luds) as they don't have the added security as @openoms mentioned above. |
Beta Was this translation helpful? Give feedback.
-
There are bounties now: |
Beta Was this translation helpful? Give feedback.
-
BOLT CardsAFAIK CoinCorner BOLT cards use NXP NTAG 424 DNA NFC chips, which have a feature called Secure Unique NFC message (SUN). The tag is initialized by the user's phone with an AES-128 secret key (in cooperation with the The The following explains in basic terms how the SUN feature works on the NTAG 424 DNA: The following is a good resource that explains how to initialize the NTAG 424 DNA for the LNURL-withdrawPOS purpose: Using a special-purpose NFC writer like the Every time that the user taps the card, a new unique request is generated by the card. That way, there should be no replay attack potential, as the Think of using the card like you would think of using loose change in daily retail contexts for buying a packet of crisps, or a chocolate bar, or a coffee and a sandwhich, etc. To make it reasonably secure, the The In the UK, we already have widespread use of contactless payments with NFC-enabled Visa & Mastercard debit cards, and they have a very similar mechanism where they cannot be used for purchases of over £100. This is a global limit that is set for everybody. It was raised to £100 from £45 during the pandemic, probably to further discourage the use of physical banknotes and coins from being exchanged. Fundamentally, limits like this are needed because it is a pull technology and not a push technology. Even though 99% of the time the merchant will not request more than the payment amount, they still could, so you don't want to enable them to be able to drain your entire account. One thing to consider is that anybody who has backend access to the Usability and added securityA notification should probably be sent to the user's phone app whenever funds are sent using the card, which will show the amount that was sent. This would allow for immediate awareness by the user if a merchant does take too much from them. This could also help if the user is pickpocketed, as they could immediately be made aware that somebody is currently charging their card, and then they could also immediately freeze/cancel the card from the same app. Potentially, you could also add pre-tap and post-tap authorization mechanisms. However, both of these would require the user to also have an Internet connection when paying, whereas the card by itself does not. For pre-tap authorization, the user could use their phone or smartwatch to pre-authorize the exact amount. It could automatically round up to the next whole number and add a small buffer (say +1% for exchange rate differences), so that the user does not have to type in the exact amount. So for example, if the user is currently being charged $5.45 by a merchant, then before tapping the card to the NFC terminal they could just type $5 into their phone or smatchwatch and it would pre-authorize the next tap of the card to only allow a payment of up to $6.06 (i.e. $6 + 1%). I think that this would be best done in a separate app away from the main app, which is dedicated to just performing this function. All the app would be doing is communicating with the For post-tap authorization, the user could get a notification sent to their phone or smartwatch showing the exact amount being requested by the merchant, and they would have to click on an Of course, if the user wanted to tap the merchant's NFC terminal with their NFC-enabled phone or smartwatch, instead of with a card, so that it's all integrated with their phone or smartwatch, then that is possible too. It doesn't matter how the merchant's POS device gets the LNURL-withdraw link, after all. So for example, in that case, the user might open the app on their smartwatch (perhaps requiring a PIN code or biometric approval) and then tap the POS with their smartwatch. Again, I think for something like this, it would arguably be better in a separate app away from the main app. Perhaps if it's a transaction under $30 then it just pays without the user needing to click In this case, the user would not necessarily need a card, as their smartwatch or phone would also be capable of generating unique LNURL-withdraw links that can be verified by the Real-world examplesBelow are some cool real-world examples of using the CoinCorner BOLT card:
† The |
Beta Was this translation helpful? Give feedback.
-
Thank you @strangebit for this detailed expalanation. I have sourced some NXP NTAG 424 DNA NFC type cards and will distribute to the team for experimentation. There are a few more resource which appeared since further supporting the self-sovereign issuance: and management of the cards and the backend: The increasing adoption is tracked with the contactless badge on: |
Beta Was this translation helpful? Give feedback.
-
Client side bolt card supportThere are two pending PRs which would enable the mobile wallet to accept LNURLw links over NFC = client side bolt card support.
The web based NFC support like in the PoS page of BTCPayServer and the LNbits TPos could be the part of the Galoy/BBW PoS applcation. Bolt card serverTo be able to provide bolt cards backed by the individual accounts of the Galoy stack / BBW there would be two main things needed:
|
Beta Was this translation helpful? Give feedback.
-
LNURLpay
is similar to what the already implemented LigthningAddress does, but is not human readable.
Paying to an LNURLp string is already supported:
Generating an LNURLp string is not supported currently, but you can convert a Lightning Address from BBW.
For example:
[email protected]
https://ln.bitcoinbeach.com:443/.well-known/lnurlp/openoms
lnurl1dp68gurn8ghj7mrw9e3xjarrda5kucn9v93kstnrdakn5dp5xvhjuam9d3kz66mwdamkutmvde6hymrs9ahhqetwdakhxpjp8xx
This string can be loaded to the cheapest NFC stickers (will link some) and allows the scanner to pay to the account when scanned.
Currently Zeus, SBW and the Blixt wallet pops up on my Android phone when scanning such a string.
These can be useful for (offline) street merchants as an alternative to the printed QRcodes and can even put on merch, cards or anything coming to mind.
Related: GaloyMoney/blink-mobile#316
LNURLwithdraw
Being able to generate an LNURLw string would allow paying with the link while offline.
It can be loaded to an NFC sticker or card as well for contactless support or just support offline usage of the wallet app.
This is quite insecure as there are no checks in place how much is being pulled of it and the string is reusable. Think of it like a faucet.
To be able to receive by scanning an LNURLw string allows withdrawing from certain ATMs including DIY / FOSS ones like the LightningATM or the BleskoMat
Related: GaloyMoney/blink-mobile#415
Beta Was this translation helpful? Give feedback.
All reactions