# NURI Hardware Supplier Briefing v1 Date: Jan 13th 2025 Emin Mahrt Below is a **concise request** to our supplier for a **biometric smart card** that merges: 1. **Crypto Hardware Wallet** (standard single-sig + optional MPC/threshold). 2. **FIDO2/WebAuthn** (passkey). 3. **EMV Payment** capabilities (Visa/Mastercard), prepared from the start but optional for the user. **Key Addendum**: - **No plaintext private key** export (similar to Cypherock’s multi-share approach). - Clarification needed on **Visa encoding/personalization** process. --- ## 1. Core Product Overview We want a **biometric NFC smart card** featuring: 1. **On-card key generation** (no raw private key exposure). 2. **Dual-mode** for crypto: - **Mode A**: Standard single-sig hardware wallet (like Ledger/Trezor). - **Mode B**: Advanced MPC/Threshold signing (partial sig flows). 3. **FIDO2** passkey for passwordless logins. 4. **EMV** (Visa/Mastercard) **prepared** from day one: - Some buyers only want crypto + FIDO2. - Others want to activate debit card functionality. **Goal**: A **single card** that can do normal hardware wallet duties (standard or MPC), serve as a FIDO2 authenticator, and optionally function as a debit/credit card—without ever exposing the full private key. --- ## 2. No Plaintext Key Export & Backup Approach 1. **No Full Key Leaves the Card** - We never want to output the entire private key as plaintext. 2. **Backup with Split Key** (e.g. Shamir Secret Sharing) - The card can internally produce partial shares for backup (2-of-3, 3-of-5, etc.). - No single share is enough to reconstruct the entire key, so intercepting one share is harmless. 3. **Day-to-Day** - The card holds the master key for normal signing (Mode A). - Or does partial signing if we use MPC (Mode B). --- ## 3. Dual-Mode Crypto Wallet ### Mode A: **Standard Single-Sig** - Acts like a normal hardware wallet. - Compatible with open-source wallets (e.g., “Lead Wallet,” MetaMask). - Returns standard ECDSA or Ed25519 signatures (depending on curve support). ### Mode B: **Advanced MPC/Threshold** - For users wanting partial-signature flows across devices. - The card never exports the whole key, only partial signatures. - External shares (phone, server, cloud) combine with the card’s partial data for final signatures. --- ## 4. FIDO2 / WebAuthn - The card also functions as a **FIDO2** passkey for passwordless logins. - If a FIDO2 applet is already certified, perfect. Otherwise, we can help integrate it. - Biometric check on-card + NFC or USB for universal second factor. --- ## 5. EMV Payments (Visa/Mastercard) - **EMV** must be included or easily loadable so the card is “payment ready” from the start. - We’ll offer **two SKUs**: 1. Crypto + FIDO2 only (no EMV personalization). 2. Crypto + FIDO2 + EMV (Visa/Mastercard). - **Question**: - **When and where** do we load the user’s Visa data (PAN, name, etc.)? - Do **you** (the supplier) handle encoding/personalization, or can we do it ourselves (or via a third party) after we receive the blank batch of cards? - If we must rely on your facility to do the final personalization, please clarify timeline, process, and additional costs. --- ## 6. Questions on Visa Encoding / Fulfillment 1. **Fulfillment & Encoding** - **Who** is responsible for the final card encoding for Visa (the user name, PIN, card number, etc.)? - Can the supplier handle it in a secure facility, or do we need a separate partner for that? - Is there a “generic” Visa card version we receive, then activate/personalize later? 2. **Batch File** from Supplier vs. Our Own Encoding - Do you (supplier) provide a **batch** of partially personalized cards and we do final activation? - Or do we provide the user data, and you do **all** the final encoding before shipment? 3. **Timeline** & **Cost** - If personalization requires new certification steps or specialized hardware, let us know the lead times. - We want to clarify how quickly we can launch the debit card variant for end users. --- ## 7. Fast Go-to-Market & Minimal Supplier Dev - **NURI** will: - Implement advanced cryptographic logic (MPC/TSS or Shamir backups). - Create phone/server apps for partial sig combination or multi-sig flows. - Integrate with standard wallet software for single-sig usage. - **You** (Supplier) provide: 1. A **secure hardware** card with: - Biometric sensor - NFC - Java Card environment - On-card seed generation - **Base cryptographic APIs** (ECDSA secp256k1/EVM, Ed25519 if possible) - **FIDO2** support - **EMV** readiness 2. Documentation for cryptographic calls (partial sig, ephemeral shares). 3. Clarification on **Visa** encoding/personalization steps and how we integrate or do it ourselves. **Timeline**: We want to move quickly. Please let us know what’s “ready now” vs. any new dev/certification (especially for Visa, partial ED25519 sig, etc.). --- ## 8. Conclusion Our card merges: 1. **Hardware Wallet** (standard single-sig + optional MPC) 2. **FIDO2** passkey 3. **EMV** payments (built in from day one, but optional for end users) We maintain a strict **no-plaintext** key policy—**Shamir** or **MPC** shares only. Please advise on **Visa encoding** processes (who personalizes the user’s card data and when) so we can finalize how to bring this product to market swiftly. --- ## 9. Resources 1. zengo.com MPC Software Wallet 2. cypherock.com MPC Hardware Wallet 3. [Binance MPC Sofware Wallet](https://www.binance.com/en/blog/markets/embracing-the-future-of-web3-binances-innovative-mpc-wallet-8512779582807569328)