Figure 1: Architecture of an offline wallet with a secure element hardware chip
Figure 1 is a graphical depiction of double-spend and counterfeiting, the two vulnerabilities inherent to offline digital payments. In the left panel, a consumer, Alice, duplicates an offline token and uses the same funds to pays two separate recipients. In the right panel, a bad actor creates an invalid token by tampering with the valid fields of an offline token.
Figure 2: Threats applicable to offline protocol
Figure 2 depicts how a token ends up in consumer Bob's wallet after three online transfers and one offline transfer-from the issuer to the financial institution (FI) wallet, from the FI wallet to Alice's bank, from Alice's bank to Alice's wallet, and, finally, from Alice's wallet to Bob's wallet. In each successive transfer window, the token is chained to the ancestor field.
Figure 3: Ancestors of token t4 are tracked all the way back to the freshly minted token from the issuer (t0).
Figure 3 depicts the full architecture of an offline wallet with a secure element hardware chip. On the top left, each of the root-of-trust terms are defined-this includes SCP, Secure Channel Protocol as well as HTTPS or secure HTTP. Then, the two major components, the offline applet on the left and the offline wallet application, are illustrated. The secure element includes the offline applet, secure transport layer, operating system, key store, and crypto engine. The "insecure world," contains the communication channel (NFC/SPI/I2C Stack), data protocol (HTTPS), and NFC/Bluetooth stack, secure transport layer, and offline token manager.
Figure 4: Offline token data structure
Figure 4 shows the offline token data structure and respective fields in a grid structure on the left. This includes the tokenID, value, token ownership key, endorsement key, proof(s) of ownership, ancestor tokens, and sibling tokens. It also includes the values of each of these fields and the corresponding operations in the key store.
Figure 5: Schematic of t5: Ancestors of token t5 which are formed by mint, transfer, merge, and merge operations
Figure 5 is a schematic depiction of the root tokens of t5-tokens t0, t2, and t3-that are formed by the sequence mint, transfer, merge, and merge.
Figure 6: Offline token mint and transfer flows
In four panels, figure 6 shows the offline token lifecycle and associated operations for an offline transaction. In step 1, a financial institution would use the MintToken API call to send the issuer's core transaction processor a mint request. In step 2, a user would use the WithdrawToken API to request offline tokens. In steps 3 and 4, two wallets would request or send offline tokens, even without an internet connection. In step 5, a user would convert excess offline tokens in their wallet to their online account balance. Finally, in step 6, a financial institution would convert the excess offline tokens back into an online account balance using the Redeem Token API.
Figure 7: Offline token transfer protocol to nearby offline wallet
Figure 7 depicts the three-phase offline protocol, including calls, responses, and confirmations, that the sender and receiver's wallets leverage to transfer a token. The sender's wallet is illustrated on the left, the receiver's wallet is depicted on the right-with the three phases enumerated in the middle of the figure. In step 1, the sender's wallet scans and finds a nearby wallet and executes a challenge-response protocol guaranteeing both the sender and the receiver have a valid, issuer-endorsed SEs. In step 2, the wallets are connected, but the sender must prove to the receiver that it has a valid offline token with the expected value. Finally, in step 3, the sender transfers the offline token to the receiver, and the receiver verifies the token history. After successful verification, the receiver generates a confirmation code and sends the code to the sender. The sender would then check whether it can generate the same confirmation code on its own. If it can, the transfer is considered successful.
Figure 8: Offline wallet running in iOS device
"Screenshot of the offline digital wallet application interface on a smartphone. The screen displays a clean, modern design with the heading "Offline Wallet" appearing at the top of the screen. Beneath that heading the "Online Balance," and "Available Offline Balance" are displayed. There are three function buttons on the screen "Recharge," "Deposit," and "Send." The user's "Recent Transactions" are listed beneath a heading at the bottom of the screen."