OST Wallet Recovery Solutions, Features, Technical Challenges, and Implementation
Today, most DApps require users to write down a 12 word mnemonic phrase, which results in a bad user-experience. However, the storing of back-up keys on the cloud, third parties, and stand alone passwords don’t align well with the principles of blockchain. Over a year ago, OST set out to find a better UX for crypto wallets while reserving the core principles of blockchain and decentralization.
‘Mainstream applications do not have a desire to educate their users about core-cryptography. It’s very hard to explain why you would need to use 12 words to own your money. That is just not going to scale to millions or tens of millions of users.” — Benjamin Bollen, OST Chief Blockchain Strategist
A Frictionless Crypto Wallet
OST Wallet enables end users to seamlessly and securely interact with Brand Tokens within existing mobile applications. Developers can integrate Brand Tokens into their application without compromising user experience and they can take advantage of OST’s innovative wallet recovery solutions.
OST Wallet has been designed to be adopted by mass consumer applications. A user can create a crypto wallet by setting up a security feature that they are already familiar with, a 6-digit PIN. This 6-digit PIN is used for all critical features such as signing in, authorizing session keys, and authorizing new devices. To further reduce friction, users can use biometrics instead.
OST Wallet Recovery
In OST’s solution, private keys remain on a user’s device. If the device is lost, users can easily recover it in a secure manner.
First, a user can recover wallet access using their 6 digit PIN. This is a delayed recovery process that takes 12 hours to complete. The client, the user, and OST are the only parties involved. The client and OST provide the salt and the password prefix. This along with a user PIN is used to generate a hash that is converted into an Ethereum key address that goes into a multisig contract. OST has written an add-on for multisig contracts in which a signature from the generated key along with OST’s signature would allow the ownership of a multisig contract to be changed 12 hours after the initial request.
Second, users can authorize multiple devices and recover access if one device is lost. When you integrate the OST Wallet SDK into a consumer application, the SDK creates the key, encrypts it, and keeps it secure in the device enclave. There are two ways to authorize a new device. First, a new key address is generated after signing into a new device. The user simply scans a QR code with the first authorized device to authorize the second device. Second, if a user has set up a mnemonic phrase, they can enter their phrase into a new device to authorize it. In the diagram above, a multisig contract is referred to as a device manager in which there are multiple owners. Additional owners can be authorized by reaching a certain requirement.
Third, a user can set up a mnemonic phrase and use it to recover access to their wallet. A mnemonic phrase is a secret 12-word backup code that can be used on its own to access a wallet. When set up, it is very important to save this phrase in a very safe place. Mnemonic phrases should be used as the final recover option if all else fails.
Manageable User Responsibility
The end user needs to bare some responsibility for wallet management. OST has worked hard to make it a manageable responsibility by asking users to simply remember their 6 digit PIN. Users are also encouraged to write down their mnemonic phrases or have multiple devices set up. Bollen says that “as users hold more money in their account, they might be encouraged to write down the 12 words or take stronger measures.” If a user forgets their 6-digit PIN, loses or fails to set up their mnemonic seed phrase, and doesn’t have an active session on another device, then there is no recovery option.
OpenST smart contracts allow developers to write any Ethereum smart contract on-chain. Developers can leverage the same contracts and SDK to write a smart contract that performs stateful behavior (e.g. NFTs). Because these contracts are meta transaction contracts, they don’t display what happens with a users tokens. The contract code is open source, has been audited, and the cryptography has been reviewed and completed in cooperation with academics. OST also has an extensive developer resource center available here.
OST powers the future of brand loyalty. Innovators use OST Platform to reward behaviours and increase engagement with Brand Currency. It’s a complete set of developer tools that any company can integrate without any in-house blockchain expertise. OST partners reach more than 300 million end-users and we will be rolling out live implementations throughout 2019. OST currently has offices in Berlin, New York, Hong Kong, and Pune, and is expanding to other markets. OST is backed by leading institutional equity investors including Tencent, Greycroft, Vectr Ventures and 500 Startups.