Introduction

Context

The B.CHAIN card is a hardware wallet. It allows their holder to secure their blockchain private keys, generate public keys and sign transactions.

The B.CHAIN card is also a biometric card which has a biometric sensor to perform authentication with fingerprints and remove/complement the usage of PIN on a daily basis.

This SDK allows communicating with the card with simple interfaces.

It provides the functions listed on the table below:

Method name	High level details
connect	Power the cardSelect the B.Chain appletInitialize secure channel
authenticate	Authenticate to the card with PIN
changePin	Change card PIN
unlockPin	Unlock card PIN with PUK
initializeSeed	Import a seed in the card
getPublicKey	Get a public key
signTransaction	Sign a hashed transaction
wipeWallet	Wipe the card data and block the card
getCardStatus	Card identifier Card state PIN try counter PIN try limit PUK try counter PUK try limit Biometry try counter Biometry try limit User authentication rule Enrolled finger count
updateUserAuthenticationRule	Change the user authentication rule (PIN or Biometry)

Deliverable

The package is delivered as a versioned zip file containing all needed files for integration including Android and iOS libraries.

To get access to the B.CHAIN package you can contact us by email at the following address: bchain@idemia.com.

Architecture

The package is delivered as a versioned zip file containing all needed files for integration including Android and iOS libraries.

High level diagram of the system and its interactions

1. As per the diagram, the wallet application uses the SDK "manager" to perform desired actions on the card.

2. Then the manager uses the “security provider” to work with cryptography and secure messaging and the “key manager” to handle the SCP03 keys of the card.

3. Both “security provider” and “key manager” can communicate with the integrated secure element of the phone (Keystore on Android / Secure enclave on iOS), to generate keys or perform cryptographic operations on the secure chip.

4 & 5. The "manager" uses the “NFC Communication” layer to communicate and send data with the card.

The SDK also provides an alternative way to the manager to perform actions on the card (get card public keys & perform signature) with custom pure Java “Provider” to ease the SDK integration without to much usage of proprietary classes, find below the concerned classes:

BChainProvider (6): This class installs the classes BChainSignature (9) and BChainKeyStore (10) to the global provider; this installation is required to have access to these classes, see section Custom Keystore Providers for more details,
BChainSignature (7): This class enables to perform a signature with the card,
BChainKeyStore (8): This class enables to get the card’s public keys and initialize the card seed.

11 & 12. These classes (BChainSignature & BChainKeyStore) will call the manager to perform their tasks.