Soneso is a small company from Munich, Germany. We specialize in the Stellar network and we want to offer services and products related to the Stellar network. With our iOS SDK for Stellar, we are winners of the last build challenge (#6).
Currently, we are working intensively with 6 developers on our new Lumenshine Wallet and our Lumenshine Tool Suite projects. Our Lumenshine Wallet is designed for the public. We want to offer our users a new Wallet based on the Stellar Network whose focus is on the highest possible security and usability.
With our Lumenshine Tool Suite, we want to offer our business customers the ability to plan, publish and manage their own arbitrary tokens based on the stellar network as it would be the case in an ICO - without the need for software development on the part of the customer.
The Tool Suite should include a Wallet for Web, IOS and Android, which is brand able for our customers. Furthermore, we would like to give our business customer the opportunity to additionally promote and sell their ICO tokens within our public Lumenshine Wallet.
In the first steps, our public Lumenshine Wallet will implement the following features:
- Safe and easy way to register and login
- Support for different platforms like web, iOS and android
- Managing multiple currencies based on the stellar network
- Support for multiple stellar accounts / wallets per user
- Federation client and easy way to set the inflation destination
- Charts for lumens and stellar based currencies
- Of course, possibility to send and receive payments
- Push notification service on received payments
- Transaction history
- Fingerprint and face recognition support at login on mobile devices
- Backup of wallets and signatures with the help of mnemonic
- ICO promotions and possibility to order and buy ICO tokens with XLM, BTC and ETH
Future steps and planning include:
- Possibility to fund new wallets with Stellar Lumens by using services like changelly (2018 - 2019)
- Support for multi-signature and possibility to add shared wallets (2019)
- Possibility to purchase XLM and ICO tokens with Fiat by using services like stripe/paypal (2019)
- Trading of stellar based currencies by using SDEX (2019)
- Social trading as soon as we have a notable number of trading users (2019)
- Peer-to-peer functionality without the need of anchors, as soon as we have a notable number of users (2019)
- Web-Widgets and APIs to be used by developers and sellers to integrate our peer-to-peer functionality into their services (2019)
Current status of our public Lumenshine Wallet:
- Registration and Login process - 95%:
Concept 99%, Implementation 90% (Web - 95%, IOS - 90%, Android - 85%)
The registration and login process is based on the concept of mnemonics. Each user receives his own randomly generated 24 words mnemonic when registering. The mnemonic and the associated payment-sensitive data are encrypted using a KDF password derived from the user’s password. The encrypted data is then sent to the server for storage. The user's password is never sent to the server, so neither we nor any potential server attacker can gain access to the user’s payment-sensitive data. The client uses a KDF with a large number of permutations and master key encryption.
The flip side of this concept, however, is that if the user's password is used to encrypt the payment-related data and is not transmitted to the server, then it cannot be used to authenticate and login the user into the server of the portal. Normally, in web portals, users are authenticated via their email address, password and two factor codes. However, our server cannot validate the password (because it never receives it) and thus it cannot authenticate the user by using the password. Because we use the user's password to encrypt the payment-related data and not as usual to authenticate the users, we had to find other ways of authentication without affecting the usability of the portal, as would be the case, for example, with a second password.
How this works is described in our registration and login concept. It describes the whole process including the reset and change of the password and 2FA Secret. The concept can be downloaded here:
We would be very happy about your feedback regarding our registration and login concept. It would be important for us to know if you can find any security vulnerabilities in it.
For generating the mnemonic for each user we are using:
a) Web client: the open source stellar-hd-wallet provided by chatch
b) IOS App: our Soneso stellar iOS SDK (open source - btw. winner of the last build challenge) that can be found here: https://github.com/Soneso/stellar-ios-mac-sdk
c) Android app: our java mnemonic lib (open source). It can be found here: https://github.com/Soneso/stellar-java-mnemonic
- Support for different platforms: 50%
- Managing multiple currencies on all platforms: 80%
- Federation client and federation service based on internal data structures: 20%
- Charts: 40%
- Send/receive payments on all platforms: 90%
- Push notifications service by parsing the ledgers: 80%
- Transaction history on all platforms: 80%
- Fingerprint and face recognition on iOS: 100%, android: 0%
- Backup of wallets and signatures with help of mnemonic: 99%
- ICO promotions, ordering and purchasing of ICO tokens: 50%
- Design: Briefing: 90%, Design: 0%
The web client is implemented in vue.js, the iOS and android clients have native implementations. The backend is implemented in golang.
Other concepts/mockups related to the Lumenshine Wallet can be downloaded here:
1) Wallet design briefing document (also shows the current status of implementation):
2) Mockups of web wallet:
3) Mockups of mobile apps:
Lumenshine Tool Suite:
In the first steps, our Tool Suite will implement following features:
- Kubernetes, using docker containers for stellar core, horizon and our backend services
- Administration portal (manage user accounts, stellar accounts, tokens, ICO Phases, wallet)
- Backend services such as federation or push notifications
- Payment service for receiving and processing ICO orders based on XLM, BTC and ETH
- Web, IOS and Android Wallet that can be branded for individual business customers
Future steps and planning include:
- Extending the payment service to support fiat payments (2019)
- Extending the admin portal to allow configuration of more smart contract types (2019)
- Extending services and admin portal to provide more services, such as dividends (2018 - 2019)
- Extending the brand able wallets (2018 - 2019)
Current status of our Tool Suite:
1. Registration and Login process - 95%: same ad for the Lumenshine Wallet
2. Network setup via Kubernetes: 70%
3. Admin portal: Concept: 60% Implementation: 5%
4. Backend services such as Federation and Push: 40%
5. Payment service: 75%
6. Wallet that can be branded: 60%
We are currently working on the admin portal and payment services.
The Admin Portal will provide following components:
- Team management (manage the team of admins, service employees)
- Customer management (manage the customers registered for the ICO. Including KYC, orders, etc.)
- Stellar accounts management (manage different types of stellar accounts used for ICO management and processing of payments such as issuing accounts, distribution accounts, worker accounts)
- ICO Management (Plan, configure, start, review, support the different phases of an ICO depending on the selected sales model)
- Wallet management (plan and start ICO promotions for the wallet)
The current version of the admin portal concept can be downloaded here:
We are currently also working on the ICO ordering and payment process/service:
- Client/Wallet: user places order
- Server: Validates and stores order received from the wallet, provides payment address to client
- Client: poll for "order payment received" status
- User: sends exchange currency order payment: XLM, BTC or ETH
- Server: Waits and scans blockchain for order payment by exchange currency: XLM, BTC, ETH
- Server: Fund stellar account of user (public key from user mnemonic) as soon as order payment received (if needed, e.g. in ICO Phase 1)
- Server: Set status: "order payment received" in database
- Server: answer to polling client with request to create trustline (if needed - e.g. if user account has been funded before)
- Client: Create trustline and request payment of tokens
- Server: Authorize trustline (if needed)
- Server: Send ICO token payment transaction signed by the distribution account to the wallet to also be signed by the user
- Client: Sign token payment transaction and send back to server
- Server: Receive, validate and execute signed token payment transaction (source account: user account - used as channel)
- Server: Set status: "order completed" in db, inform client
We are not using Biforst, because we already have user accounts (mnemonic) at registration. Furthermore in
our process it does not matter if the client crashes, has no internet connection or cannot execute partial steps
like in Bifrost. It has no status and can always continue the process, even after user re-login or re-deploy.
Following concept describes the ordering process from the client (wallet) point of view:
We are planning to release the web and mobile Lumenshine Wallet in Q4 2018 or Q1 2019.
Currently a demo alpha version can be found here (operates on test net – no design - pls. use chrome browser):
We will continue updating the documents and demo client and we will keep you up to date. We will also make more and more components of our project open source and publish them to github.
If you are a member of the SBC team and would like to review our current source code, please contact us so that we can provide access to our repositories.
If you are a security expert or if you are interested in the security aspects of our Lumenshine Wallet, please review our Registration and Login concept. Your thoughts, comments and feedback are very much appreciated:
General Manager of Soneso