Download - Customer hand-off between Bitcoin partners
![Page 1: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/1.jpg)
Customer hand-off between Bitcoin partners
Joris Bontje @mids106
![Page 2: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/2.jpg)
Use Case
![Page 3: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/3.jpg)
![Page 4: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/4.jpg)
![Page 5: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/5.jpg)
![Page 6: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/6.jpg)
Making the connection
![Page 7: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/7.jpg)
Copy / paste bitcoin address
Not very user friendly “Scary address”
First time user are anxious about their payments
Can’t detect referring partner
Poor customer support
![Page 8: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/8.jpg)
Link via URL
User no longer has to enter the address himself
Can detect wallet type / partner (referrer)
Better customer support
Not secure: All kind of scams possible
![Page 9: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/9.jpg)
Using API
Not “peer to peer”; unequal partners
How do you hand over user sessions?
Everybody has their own API
![Page 10: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/10.jpg)
Signed links
Uses OAuth 1.0a signing scheme (used by Twitter)
Requests signed with shared secret (HMAC-SHA1)
Communication goes via the browser; no internal API or callbacks required
Existing scheme; “don’t invent your own crypto”
![Page 11: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/11.jpg)
Implementation
![Page 12: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/12.jpg)
Request
![Page 13: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/13.jpg)
Security
Request signed with shared secret (HMAC-SHA1)
Limited time validity (5 minutes by default)
Prevent replay attacks with nonce
Shared secret exchanged out-of-band (PGP)
![Page 15: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/15.jpg)
Demo
![Page 16: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/16.jpg)
Buy Bitcoin
![Page 17: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/17.jpg)
![Page 18: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/18.jpg)
![Page 19: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/19.jpg)
![Page 20: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/20.jpg)
Sell Bitcoin
![Page 21: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/21.jpg)
![Page 22: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/22.jpg)
![Page 23: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/23.jpg)
![Page 24: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/24.jpg)
? @mids106
Image by: casascius
![Page 26: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/26.jpg)
BIPS 0070
![Page 27: Customer hand-off between Bitcoin partners](https://reader033.vdocuments.us/reader033/viewer/2022052820/54c955944a7959e87a8b45b4/html5/thumbnails/27.jpg)
BIP 0070: Payment Protocol
Not yet in production *)
Uses SSL / Certificate Authorities
Relies on accessing a third party web page
Might only work in 1 direction (selling bitcoins)