Wealth Security Protocol
Go to Casa Home
  • 🗺️Overview
  • 💜Casa vs. Alternatives
    • Introduction
    • Option #1: Do-it-yourself
    • Option #2: Custodial Storage
    • Option #3: Commercial Systems
  • 🔑System Design Principles
    • Introduction
    • Minimal Knowledge
    • High Security
    • Usability is Security
    • Expert Support
    • Redundancy
    • Sovereignty
    • Incentive Alignment
  • 🚨Threat Overview
    • Introduction
    • Data and Credential Loss
    • Phishing
    • SIM Hijacking
    • Network Attacks
    • Malware
    • Supply Chain Attack
    • Physical Coercion
    • Child/Pet Attack
    • Internal Service Provider Attack
    • Platform / Hosting Provider Attack
    • Code Dependency Attack
    • Official Seizure
    • Inheritance Failure
  • 🔐Chosen Features
    • Introduction
    • Hardware Wallet Signing
    • Multi-signature
    • Multi-location
    • Heterogeneous Hardware and Software
    • Seedless Hardware Wallets
    • Emergency Recovery Key
    • PIN or Biometrics for Mobile Key only
    • PIN for every device
    • Sovereign Recovery Instructions
    • Emergency Lockdown Button
    • Health Check
    • Identity Verification for Account Recovery
    • Inheritance
  • ✅Chosen Key Schemes
    • 5-Key Vault
    • 3-Key Vault
    • Pay Wallet
  • ❌Rejected Key Schemes
    • Shamir's Secret Sharing
    • 2-of-2
    • 1-of-2
  • ❌Rejected Features
    • Biometrics General Usage
    • Brain Wallet -- Memory Based Solutions
  • 🔧Remaining Attack Vectors
    • Address Spoofing
    • Malicious Insider Key Theft
    • Extreme disaster scenarios
    • Extortion
  • 👨‍🚀Future Improvements
    • Taproot/MAST
    • Schnorr Signatures
Powered by GitBook
On this page
  • Target Use and Audience
  • System Details
  • Threat Mitigation

Was this helpful?

  1. ✅Chosen Key Schemes

Pay Wallet

The lowest security level of Casa storage is a single-key wallet on the client’s mobile device.

Target Use and Audience

The Casa single-key storage system is designed for holding small amounts of assets (<$1,000) that do not need more complex and secure storage systems.

System Details

The Mobile Key storage system is a 1-of-1 system with the single key kept on a client’s phone.

Features provided with the Mobile Key system:

  • Mobile Key Backup - An encrypted copy of the mobile key is kept in the cloud storage offered by the client’s mobile provider (iCloud or Google Drive). The decryption key is kept by Casa. This allows a client to recover their mobile key if it is lost, for example by dropping their phone off a boat. At the same time, neither Casa nor the mobile provider have access to the key.

Threat Mitigation

  • Data and Credential Loss - The mobile key backup provide additional layers of safety against accidental loss.

  • Credential Theft - The mobile key is guarded by two sets of credentials (mobile login + Casa login) or two biometric/PIN gates (the phone lock screen and Casa App lock screen).

  • Stolen Phone Attack - Use of the mobile key in the Casa app is protected by biometric identification or a PIN and the phone manufacturer’s locking system.

  • Official Seizure - Casa does not have access to the client's encrypted key backup, and so cannot be forced to turn over client's funds. However, an authority could force both Casa and the mobile provider (Apple and Google) to turn over information (the decryption key stored with Casa and the encrypted backup stored with the mobile provider) that in combination could be used to access client funds.

Previous3-Key VaultNextShamir's Secret Sharing

Last updated 1 year ago

Was this helpful?