I want to create my own cryptocurrency wallet. I know about private and public key concept which is used in the wallet but I could not understand how my wallet verified other public address? How my … wallet verified other users? How coinomi manage their wallet to store all kind of currency? Can anyone explain the full logic of wallet?
The wallet is an application where the user can view their accounts. Think of the wallet like somebody's online banking experience.
The addresses are strings used in the transaction cryptography. The addresses involved in a transaction become part of the formula that creates a block. People who know some of the private information from this transaction (ie, the addresses/keys) can look at the block and discern the significance of their transaction (how much money moved between the sender and receiver addresses). Wallet programs hide this decoding process from cryptocurrency users so they can simply experience their balance.
If the wallet is like somebody's online banking, an address is like a check routing number. You can see multiple checking accounts from one online banking profile.
Hope this clears it up a bit!
Related
I faced with a such question for which can not find an answer in google. For example, I have a company which provides some services for customers. And for new users I have a promo/discounts. As we know there are a lot of websites which provide fake number for receiving sms for registration. I need a useful solution to prevent registration with such numbers. I want to check if this number is real or not and allow registration only if real. What is your suggestion/solution ? What would you do or maybe already did something for escaping a such problems.
Note: Maybe Some tags are not relevant to this issue, so please inform me and I will remove this tag. Or vice verse, if you have any suggestions related tags please let me know I will add this tag.
Thank you in advance.
Usually what you do is you take the number/email and you send it to a service most likely through an API. There is rarely any inhouse software that does this functionality!
Here are a few services, I have used & worked with etumos before, not bad but it comes with a price!
https://etumos.com/products/etumos-verify/
https://numverify.com/documentation
For numverify, it is free to an extent. Try it out & see if it works with your solution.
It supports Carrier Detection
While phone numbers help businesses identify and legitimize customers, some numbers are very easy to retrieve from certain carriers. For exmaple, anyone can quickly register multiple phone numbers from a free online provider, making it easy to create fake profiles.
To address this risk, the numverify API will return a separate carrier object containing the name of the carrier the requested phone number is registered with. This way businesses can require additional identity authentication for carriers associated with higher fraud instances.
Send an SMS to the number, ask a question that a human can answer better than a bot and request a response.
Hello everyone i am new in this technology and i am confused please clear my few doubts. Thanks in advance.
Blockchain consist of Blocks but where these blocks are stored, i mean what is the physical location of Blocks.
As per my theoretical knowledge blockchain exist in network but in which network, do we need to create our own network or is there any third party those who provide network for our application.
Suppose i have to develop land registry application i need some space somewhere where i can store my blocks. if i store all block in my system itself then how it will behave like a decentralized.
Does Ethereum stored our blocks in his network?
Blockchain itself is a database but how we can manage the data.
Does BigchainDB stored our blocks or blockchain in his database?
Blockchain is shared among all the p2p network hosting it. So basically blockchain is stored in many simple HDD all around the world.
If you want to create a totally new blockchain, you create your own network. If you want, for example, to use Ethereum network to run your token, then you'll use Ethereum network (which has been created for Ethereum at the first place)
That's what the blockchain and it's protocol do. Store datas in multiple places and handle the integrity and safety of the datas. You need to have multiple agents in your network to be decentralized. You alone is centralized.
Yes, or more exactly, Ethereum users store datas in their storages for the Ethereum network
You can imagine different form of blockchain, but speaking about the first one, Bitcoin, when the p2p network is launched and used, you can't manage datas by yourself. The network will handle it, and the only way you can manage datas is by having more than 50% of the mining power (in an other way the network let users manage datas in an normal use case, for exemple, send your bitcoin is a normal use case, steal someone is not)
Sorry, I never heard about it =/
To others: Feel free to modify my answer as you please, I'm not an expert, just trying to share and perfect my knowledge
The question - Our payment flow is as follows:
1 - Customer adds items to basket.
2 - When viewing basket, customer can see products & also has the option of entering a delivery address AND a billing address, but NO sensitive card details.
3 - The customer proceeds to a new page, hosted on our website. Customer enters sensitive card details here.
4 - Crucially, on pressing "order", the card details are POSTed directly to our Payment Processor. They are NOT sent to our server first.
I'm trying to argue with my merchant bank that we fall under SAQ A - Is this the case?
My reasoning:
1) Our dedicated server is managed by a third-party, PCI compliant host.
2) We never store card details.
3) While the customer enters their card data on a webpage hosted by ourselves, this is dynamically generated and so only exists in the customer browser. On submitting the order, the details are POSTed directly to our payment processor. These details therefore never touch our server and A) Are not stored on the server HDD or database as a Session or B) not even fleetingly held in the server RAM
4) We have passed a number of PCI scans from different authorities to make sure we are compliant and have SSL, TFA for the server etc etc
5) As far as I can see, the two main attack vectors here would be a compromised customer computer (not under our jurisdiction) or if someone managed to gain control of our server and changed how the checkout works. But this surely affects ANY eCommerce site, even one that outsources the pages the card details are entered into to (a malicious attacker with server access could just redirect to a fake set... it's pretty much game over)
However, the eligibility criteria for SAQ A is slightly ambiguous (to my mind anyway). It states:
Merchant does not store, process or transmit and cardholder data on merchant systems or premises but relies entirely on third party service provider(s) to handle these functions *
For me, that 'merchant systems' could include the wider meta-system of the checkout as a whole. In which case, our checkout DOES transmit card details, albeit in what I believe is a secure fashion. However, if 'merchant systems' means, for example, hardware, then we do NOT have any POS systems or servers that transmit details.
I've not been able to get a straight answer out of my compliance liaison. Sometimes they suggest I fill out D, then say it's not applicable for me so say to fill out SAQ C, but then say this is specifically for 'payment applications' such as physical terminals that are connected to the internet.
I think the crucial pivot to our argument is that even though we host the payment pages, the card data never reaches our server.
Any help would be gratefully appreciated. I'd offer a bounty but it won't let me atm :(
Thank you very much in advance!
Sorry to disappoint you, but you are an A-EP.
For SAQ A: Your company has no direct control of the manner in which cardholder data is captured, processed, transmitted, or stored
For SAQ A-EP: Your e-commerce website does not receive cardholder data but controls how consumers, or their cardholder data, are redirected to a PCI DSS validated third-party payment processor.
"In a Direct Post implementation, the merchant website produces the web page that is used to accept payment data, and then passes it directly to the third-party payment processor."
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Why-is-SAQ-A-EP-used-for-Direct-Post-while-SAQ-A-is-used-for-iFrame-or-URL-redirect
I think that you are right and you should be able to use a SAQ A. However, how is this "3 - The customer proceeds to a new page, hosted on our website. Customer enters sensitive card details here." implemented? Is it a full redirect, an iFrame or something else? The hand off effects things. Remember, it's between you and your bank, if they want you to do a SAQ D, you may have to do an SAQ D.
Cheers,
Nate
I'm new here, can't comment,
I'm trying to figure out myself which SAQ to use A or A-EP in case if I use 3rd party provider.
So for discovered the following:
SAQ A: Your page is NOT originated on your server. You may have a shopping cart and pay button which redirects customer to a processor which hosts a payment form. Example: PayPal Express.
SAQ A-EP: Your page is originated on your server, you fill it in with data and submit via post to a 3rd party. As long as data is not captured by your server and POST payload flies directly to your processor via normal form submit or JS ajax - it's A-EP.
SAQ-D: you submit data to your server. They probably worry that you can log sensitive data, or forward it somewhere else, etc.
IMHO SAQ D is way over complicated for small business that doesn't store data.
Does anyone know of any documentation of how to access bank data via some sort of webservice or other method for use in a Silverlight financial / banking application? Is there any sort of standard protocol or terminology used for this that I can look up online. I'm having trouble finding any sort of information on how this is typically done.
"Access bank data"... Not exactly something banks allow from the outside world. They kinda want to keep things secure :)
If you work for a bank you may well have access to various web services internally. There are standards for data transfers, but every bank will likely have it's own systems.
I'm having trouble finding any sort of information on how this is typically done.
That's probably a good thing. This is typically done by either internal bank developers or consultants. For example, take the Bank of America Windows Phone 7 app (which is a Silverlight app): it connects to BofA's servers, but I would be surprised if the way in which it connects is public information. Because you can use it to check your account, I can only presume that there is a web service hosted somewhere that allows these clients to get this data. I'm pretty confident, however, that the connection is secured, and the details of it are kept hidden for good reason.
In short, banks don't usually expose web services to the outside world for public consumption. Unless you've been hired by a bank to specifically do this, I'm not sure you should be able to.
I want to develop a demo mobile application using Qt that does money transactions and shows account information to the user based on a demo database created and stored in the server program. Suppose you want to pay someone. Then you enter your password, account no. and then acc. no. of the receiver and the amount to be transferred to the receiver. The same change should be reflected in the database. If the amount to be transfered is less than the balance, or a bad password is entered an error message is displayed. The database should contain say five records with fields password, name, account no., and balance.
Please do help me out as I'm new to Qt and I have read books on it to accomplish the above program but finding it difficult to code.
if you don't know how to do this I think you should use some easier technology like Java or c#, using hibernate or linq to persist to database. There are lots of tutorials on how to do this.