web/boltcard
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
boltcard/docs/SPEC.md
Peter Rounce 8b50c801c1
Update SPEC.md
2022-08-01 11:48:16 +01:00

1.4 KiB
Raw Blame History

Bolt card specification

The bolt card system is built on the open standards listed below.

Bolt card interaction

  • the point-of-sale (POS) will read an NDEF message from the card, for example
lnurlw://card.yourdomain.com?p=A2EF40F6D46F1BB36E6EBF0114D4A464&c=F509EEA788E37E32
  • the POS will call your bolt card service here
https://card.yourdomain.com?p=A2EF40F6D46F1BB36E6EBF0114D4A464&c=F509EEA788E37E32
  • your bolt card service should verify the payment request and continue the LNURLw protocol

Server side verification

  • for the p value and the SDM Meta Read Access Key value, decrypt the UID and counter with AES

  • for the c value and the SDM File Read Access Key value, check with AES-CMAC

  • the authenticated UID and counter is used on the bolt card service to verify that the request is valid

  • the bolt card service must only accept an increasing counter value

  • additional validation rules can be added at the bolt card service, for example

    • card enable flag
    • card payment limit per transaction
    • card payment limit per day
    • allowed merchant list
    • verification of your location from your phone

  • the bolt card service can then make payment from a connected lightning node