Mike Hearn [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-07 📝 Original message:HCE is a bit scary. It's ...
📅 Original date posted:2014-03-07
📝 Original message:HCE is a bit scary. It's like the card companies tried the secure element
thing, decided the security was too hard and were like "screw it, let's
just use regular apps after all". Not that we're any better :)
At any rate, Bitcoin doesn't have any need to emulate smartcards as we
don't have any pre-existing infrastructure. We can just use a regular
non-smarcard-emulation ISO-DEP protocol. The new UI in Android 4.4 provides
some way to choose the default payment app, but I think it's only intended
to disambiguate between credit card providers. Everything else gets dumped
into CATEGORY_OTHER and I dunno what happens if you have multiple Bitcoin
wallet apps doing the same thing. Worst case, we can add some
disambiguation code on top, inside the apps themselves.
On Fri, Mar 7, 2014 at 10:26 AM, Johannes Zweng <johannes at zweng.at> wrote:
>
> 2014-03-06 12:26 GMT+01:00 Andreas Schildbach <andreas at schildbach.de>:
>
>
>
>> In current phone implementations, the screen must be on already for NFC
>> to be active. Also it must be unlocked, although I certainly hope future
>> OSes will allow payment apps on the lock screen, just like they allow
>> music players.
>
>
> Just a small input to this point:
> On Android 4.4 the new host card emulation (HCE) feature (aka: the phone
> emulates a ISO-DEP Smartcard and processes ISO7816-4 APDU commands like a
> Smartcard would do) only works when the display is on, but even when the
> screen is locked (can be changed with "android:requireDeviceUnlock" in
> Manifest). See here for detailled specification:
> http://developer.android.com/guide/topics/connectivity/nfc/hce.html
>
> Using the HCE API on Android 4.4 also has the beauty that any app that
> registers itself for HCE and sets its category to CATEGORY_PAYMENT in the
> Manifest automatically shows up in Adroid's system settings under "Tap &
> Pay" (where a user would expect payment applications).
>
>
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140307/49ed8d6b/attachment.html>
📝 Original message:HCE is a bit scary. It's like the card companies tried the secure element
thing, decided the security was too hard and were like "screw it, let's
just use regular apps after all". Not that we're any better :)
At any rate, Bitcoin doesn't have any need to emulate smartcards as we
don't have any pre-existing infrastructure. We can just use a regular
non-smarcard-emulation ISO-DEP protocol. The new UI in Android 4.4 provides
some way to choose the default payment app, but I think it's only intended
to disambiguate between credit card providers. Everything else gets dumped
into CATEGORY_OTHER and I dunno what happens if you have multiple Bitcoin
wallet apps doing the same thing. Worst case, we can add some
disambiguation code on top, inside the apps themselves.
On Fri, Mar 7, 2014 at 10:26 AM, Johannes Zweng <johannes at zweng.at> wrote:
>
> 2014-03-06 12:26 GMT+01:00 Andreas Schildbach <andreas at schildbach.de>:
>
>
>
>> In current phone implementations, the screen must be on already for NFC
>> to be active. Also it must be unlocked, although I certainly hope future
>> OSes will allow payment apps on the lock screen, just like they allow
>> music players.
>
>
> Just a small input to this point:
> On Android 4.4 the new host card emulation (HCE) feature (aka: the phone
> emulates a ISO-DEP Smartcard and processes ISO7816-4 APDU commands like a
> Smartcard would do) only works when the display is on, but even when the
> screen is locked (can be changed with "android:requireDeviceUnlock" in
> Manifest). See here for detailled specification:
> http://developer.android.com/guide/topics/connectivity/nfc/hce.html
>
> Using the HCE API on Android 4.4 also has the beauty that any app that
> registers itself for HCE and sets its category to CATEGORY_PAYMENT in the
> Manifest automatically shows up in Adroid's system settings under "Tap &
> Pay" (where a user would expect payment applications).
>
>
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140307/49ed8d6b/attachment.html>