Enabling Seamless In-App Crypto Micro-Transactions with Sessions Keys

Introduction

One of the major user experience advancements of the OST blockchain platform (Ethereum layer-2) is the enablement of token transfers — in non-custodial wallets — without users having to manually sign each transaction. This is made possible with Session Keys that sign transactions on behalf of the user up to pre-defined limits.

This opens up a whole new world of possibilities and enables, for the first time, a seamless user experience for app users to interact with blockchain. For example, integrated micro-transactions are now possible. Imagine a like, heart, vote, share, refer button with real value embedded. Session Keys make it possible for web3 to be as easy to use as web 2.0.

The new Pepo app — built on OST Platform and to be launched end of September — has drawn attention to Session Keys and generated quite a few aha moments in early pre-launch previews. We thought it would be worthwhile to explain what is happening behind the scenes and how OST Platform and Session Keys enables smooth and seamless microtransactions in apps.

Building Blocks

There are several building blocks that make transaction signing with session keys possible. First, users hold tokens in a non-custodial crypto wallet on their mobile device. The crypto wallet is integrated into apps using the OST Wallet SDK.

1. Access to tokens is managed via a Token Holder contract. Each user has one TH contract per token. For example, if Uber launched a token, a user holding UBER tokens would have an UBER Token Holder contract.
2. The TH contract is owned and controlled by a users Device Manager contract. This is a multisig contract based on GnosisSafe and enables support for multiple devices; the public addresses of device keys are whitelisted in the DM contract. Device keys are set as the owners of the DM contract.
3. Session keys are generated on the device for the purpose of signing messages that act as a carrier of transaction information. These messages are sent to a user’s TH contract where the signature is verified and a Token Rule execution request is initiated. The fact that an active and authorised session key exists allows the Token Holder to execute transactions on the user’s behalf, as per EIP-1077 Executable Signed Messages.
4. Note: For a session key to be valid and its signed messages accepted, it’s public key must first be whitelisted in a users TH contract. This is done by the DM contract using an authorized device key.

Mobile-First Approach

We opted for a mobile-first approach to leverage the security features of modern mobile devices such as biometrics (fingerprint and facial recognition), Android Keystore and iOS Secure Enclave to securely generate and store cryptographic keys. Device and session keys are encrypted using Secure Enclave and Keystore and securely stored on the device. Device keys cannot be shared across apps.

*The non-custodial wallet is secured via a 6-digit PIN or biometrics. A user needs to use either to unencrypt device private keys on device. The 6-digit PIN is one of three inputs that is used to recover a wallet in the case that a users device is lost or stolen. There is no need for a user to remember her 12-word mnemonic seed phrase.

Token Holder contract

Each user is represented by a smart contract, the Token Holder contract. The TH contract

• Holds the tokens for the user on blockchain
• Has a configured owner, the Device Manager multisig contact
• Can have multiple session keys whitelisted (each with different blockheights and maximum amount per transaction)

Device Manager Contract

Device Manager enables support for multiple devices. The DM contract whitelists session keys in a users TH contract using an authorised device key. Once whitelisted, those session keys can be used to sign messages that are sent to a user’s Token Holder contact.

Session Keys

Session keys own the operations of the Token Holder contract and are authorized by a user’s Device Manager contract to sign messages. Session keys are created and stored on a device in the same way as device keys. In theory, session keys could be managed less securely because of limited spending power and expiration time. However, OST Wallet SDK doesn’t do that and stores them in the most secure way possible.

Session keys are defined for a predetermined amount of time (blockheight) and with a defined maximum spend per transaction. Once the time limit is reached, user authorizes a new session key with biometrics or 6-digit PIN.

Executing Transactions

Whenever a user does an action, a message signed by an authorized session key is sent from the user’s device to the Token Holder and a Token Rule execution request is initialized. The TH contract

• Verifies the message signature, i.e. that the request is initiated by an authorized session key
• Approves Token Rule for spending
• Calls Custom Rule method, if applicable
• Signs the transaction on the user’s behalf

Signed transactions are picked up by facilitators and submitted to OST Platform side chains. The facilitators calculate and pay for the cost (gas) of the transaction. As such, the user does not need to hold the base currency of the chain to pay for fees.

Advanced users can manually revoke active sessions, revoke other authorized devices and sign out of the Token Holder thereby revoking all sessions.

How to Experience the OST Platform Session Keys

• The Pepo App, launching at the end of this month, utilizes Session Keys to enable users to transfer tokens with each like, and up to $10 per transaction within a two week period, without having to manually sign each transaction. This enables users to enjoy a fluid user experience for day-to-day microtransactions and not have to re-authorize sessions regularly. Sign up here to try the Pepo app.
• We have also created a demo app, OST Popcorn, which demonstrates all the OST Wallet SDK features, including Session Keys. In Popcorn you can change the Session limits and explore the OST wallet recovery features and contracts. Sign up here to try OST Popcorn.