Does nem have account token verify system like nxt?

Does nem have account token verify system like nxt?

I believe by far this is one of the most underrated feature that nxt has from the very beginning!
If you have experience with nxt you may know what im talking about. If not, i will try to explain it here.

Basically every nxt account has an internal verification system that can verify an account is owned by you, or atleast you have the access to it. Its like the PGP system most devs already use.

With this verification system, you can make use of msg+verify code as an universal login for everything that is keen to integrate this feature. Imagine login into forum.nemcoin.com by entering your account number and verify key provided by the nem client.

Now imagine not needing to register a new account for anything ever again, even for something that doesn't exist yet.

https://nxtforum.org/unity/how-to-verify-tokens/msg103042/#msg103042
You generate and validate tokens in the NXT client.

0 - Click "gear icon" on top right corner of nxt client

1 - Click "Generate Token"
2 - Click "Validate Token" on the "NXT Token Generation / Validation" pop-up box.
3 - Paste their message into the "Data" entry box.
4 - Paste their token into the "Token" entry box.
5 - Click "Validate"

It will then tell you if the token is valid, what account the token was generated from and the date/time of generation.

As an example try to valid longzai1988's token for the NXT Services v1.4.6 release.
His message is:
Code: [Select]
https://bitbucket.org/longzai1988/nxt/downloads/nxt-services-plugin-1.4.6.zip-23FC738FA24652A48D6BC8C255939C8F3D18502048A0DF59248D891C4455ADC6
His token is:
Code: [Select]
f0dgog6229p16d2qefboj5isoqjk6bm54or7nis1h2ljoosleofpcrhsi249cig1hveqamfduht524celb769klk8d06u0h3kabc3utgc4f0siqu51oi6635lbd9atj98615u3kamu9l6us8pbsj0cqrqjlvcd98
His account is:
Code: [Select]
NXT-HSBE-8PWL-CUCD-BHUD6

When you validate this in the NXT client it should say, "The token is valid and belongs to account NXT-HSBE-8PWL-CUCD-BHUD6. It was generated on 9/4/2014 02:42:30."

Now take the above data for use in the website login.
The token is valid (login true/false)
belongs to account NXT-HSBE-8PWL-CUCD-BHUD6 (login user)
It was generated on 9/4/2014 02:42:30 (acceptable range for token to be valid can be in seconds or years depend the security you need for the website)

Shouldn't be a problem to build it but currently the feature doesn't exist in NCC afaik.

Does nem have account token verify system like nxt?

I believe by far this is one of the most underrated feature that nxt has from the very beginning!
If you have experience with nxt you may know what im talking about. If not, i will try to explain it here.

Basically every nxt account has an internal verification system that can verify an account is owned by you, or atleast you have the access to it. Its like the PGP system most devs already use.

With this verification system, you can make use of msg+verify code as an universal login for everything that is keen to integrate this feature. Imagine login into forum.nemcoin.com by entering your account number and verify key provided by the nem client.

Now imagine not needing to register a new account for anything ever again, even for something that doesn't exist yet.

https://nxtforum.org/unity/how-to-verify-tokens/msg103042/#msg103042
You generate and validate tokens in the NXT client.

0 - Click "gear icon" on top right corner of nxt client

1 - Click "Generate Token"
2 - Click "Validate Token" on the "NXT Token Generation / Validation" pop-up box.
3 - Paste their message into the "Data" entry box.
4 - Paste their token into the "Token" entry box.
5 - Click "Validate"

It will then tell you if the token is valid, what account the token was generated from and the date/time of generation.

As an example try to valid longzai1988's token for the NXT Services v1.4.6 release.
His message is:
Code: [Select]
https://bitbucket.org/longzai1988/nxt/downloads/nxt-services-plugin-1.4.6.zip-23FC738FA24652A48D6BC8C255939C8F3D18502048A0DF59248D891C4455ADC6
His token is:
Code: [Select]
f0dgog6229p16d2qefboj5isoqjk6bm54or7nis1h2ljoosleofpcrhsi249cig1hveqamfduht524celb769klk8d06u0h3kabc3utgc4f0siqu51oi6635lbd9atj98615u3kamu9l6us8pbsj0cqrqjlvcd98
His account is:
Code: [Select]
NXT-HSBE-8PWL-CUCD-BHUD6

When you validate this in the NXT client it should say, "The token is valid and belongs to account NXT-HSBE-8PWL-CUCD-BHUD6. It was generated on 9/4/2014 02:42:30."

Now take the above data for use in the website login.
The token is valid (login true/false)
belongs to account NXT-HSBE-8PWL-CUCD-BHUD6 (login user)
It was generated on 9/4/2014 02:42:30 (acceptable range for token to be valid can be in seconds or years depend the security you need for the website)

I don't exactly understand what it is but I sort of get the drift. I think it is a good feature to have. We can implement this as a universal login solution like how some websites use facebook login credential. Is that what I am made to understand?

a token is essentially a digital signature of an account right? so i dont get why they didnt just call it a signature? like "generate account signature" instead of generate token as its much more understandable … many users wouldnt know what "generate token" means and therefore wouldnt know what its for…

a token is essentially a digital signature of an account right? so i dont get why they didnt just call it a signature? like "generate account signature" instead of generate token as its much more understandable .. many users wouldnt know what "generate token" means and therefore wouldnt know what its for..

I agree the term digital signature sounds better as well. 

The way I know it from nxt is you can generate a "token" in the client and then you paste it on a website (are there any websites who really use it ?) to authenticate.

I'm wondering if we could somehow use open-id connect to make it easier to adopt such an authentication system. Maybe setup our own openid server and use special tx to feed it credentials.

We could at least provide a simple to drop-in JS lib for websites that want to support authentication via NEM-ID

Lot's of possibilities there…

The way I know it from nxt is you can generate a "token" in the client and then you paste it on a website (are there any websites who really use it ?) to authenticate.

I'm wondering if we could somehow use open-id connect to make it easier to adopt such an authentication system. Maybe setup our own openid server and use special tx to feed it credentials.

We could at least provide a simple to drop-in JS lib for websites that want to support authentication via NEM-ID :)

Lot's of possibilities there....

Yes, definitely a good idea. If our devs spend time coding up this feature, then a drop-in js lib would make it much more practical of a solution. 

The way I know it from nxt is you can generate a "token" in the client and then you paste it on a website (are there any websites who really use it ?) to authenticate.

i know that DGex.com the first nxt exchange used to require the token generation to withdrawal to prevent stealing of funds. They made a new website so im not sure anymore.

---------------------------------------------------------------------------------------

And i read it somewhere that the nxt token was designed in mind to be used as an universal login by BCNext, but just couldn't find that post now.

We could use the same principle but make it easier for use. Blockchain universal login is going to be very useful if crypto are going to be mass adopted. Might as well to fine tune it early.


and if you combine with this, i think we can have mass adoption!
https://forum.ournem.com/index.php?topic=2477.0 ("rule based recurring payment")


I'm asking these two features because the goal i want is to have an easy pay subscription system+direct login without further sign ups or linking credit card details to profiles.

Considered done at V1!! This is called rule based recurring payment.

since nem already have something similar, i would like take one further step and allow the client to be able to simply check an account and hit subscribe and be automatically paying and immediate use of service begins after confirmation in the blockchain.

use case eg. porn membership website with account id 123

i look up on id 123 and hit subscribe, now im automatically paying x amount of nems a month. and also i am now able to login their membership area using the nem universal login. Which the porn website is able to confirm my subscription of service through blockchain and grants access.

now you know how this would work, now think youtube subscription system and think instead of youtube, you have user made "netflix" where you subscribe to watch/download their contents.
and if any content provider out there is interested in this, all they need is to intergrate nem client to verify "the acc signature" and "subscription status".

no need anyone to register it, everyone is automatically registered as long as they have a account with nem.
its like saying at the present time, as long as you have a bank account you can login anywhere and pay for things securely! but in the future replace bank with crypto.

doesn't have to be nem as the monopoly but we can be the first to adopt it. any other blockchain can make this feature and those content provider just need to download the client to support it and everyone is automatically registered.

since nem already have something similar, i would like take one further step and allow the client to be able to simply check an account and hit subscribe and be automatically paying and immediate use of service begins after confirmation in the blockchain.

use case eg. porn membership website with account id 123

i look up on id 123 and hit subscribe, now im automatically paying x amount of nems a month. and also i am now able to login their membership area using the nem universal login. Which the porn website is able to confirm my subscription of service through blockchain and grants access.

now you know how this would work, now think youtube subscription system and think instead of youtube, you have user made "netflix" where you subscribe to watch/download their contents.
and if any content provider out there is interested in this, all they need is to intergrate nem client to verify "the acc signature" and "subscription status".

no need anyone to register it, everyone is automatically registered as long as they have a account with nem.
its like saying at the present time, as long as you have a bank account you can login anywhere and pay for things securely! but in the future replace bank with crypto.

doesn't have to be nem as the monopoly but we can be the first to adopt it. any other blockchain can make this feature and those content provider just need to download the client to support it and everyone is automatically registered.

I am not sure if that can be done without compromising the security. I believe it still needs a two or three step procedure at least. Subscribe and then make the payment.

One step involves probably making your public key known so that the merchant knows id123 is attached to the public key.

THe other step is when you subscribe, you still need to sign off, otherwise it is an open check, which is not advisable.

I am not sure if that can be done without compromising the security. I believe it still needs a two or three step procedure at least. Subscribe and then make the payment.

One step involves probably making your public key known so that the merchant knows id123 is attached to the public key.

THe other step is when you subscribe, you still need to sign off, otherwise it is an open check, which is not advisable.

the universal account login shouldn't add any security risk as the subscription is separate thing.

pay subscription via nem account with nem passwords or wallet.dat etc.
the membership login to view content is just checking a signature generated against an account number to identify the account.
then checks against the provider's own acc to see if the acc is subscribed or not. (if not a paid service this step can be ignored)

currently with this method to be used with the nxt token system it will look something like this;

1.provider asks for the nxt token generated with the a random key abc (can use nxt account id instead if wanted to make it easier but user need to enter their id in the form).
2.user returns with token generated with abc is xyz.
3.provider checks with client via api call. enters token xyz and corresponding key abc.
4.client returns token xyz generated with key abc is true, is generated by "nxt id", at year/month/day/hour/minute/second
5.provider verify token generation time within 10minutes range for validity and then checks against own account record to see if user is currently subscribed or not. if true then access is granted.

i'm hoping to make this with less steps for the users.
1.user enters their account id+generated key into membership area as login and password
2.provider checks account id and verify generated key is made by such account in the range of 5blocks.(after 5blocks this key is unable to login) if anyone else somehow got this key, they are only able to login to providers membership content, they can't take anything from actual nem account.
3.provider checks for subscription validity, if true then access is granted.

Can I just say that subscription is a totally confusing name for this kind of feature ? I f I subscribe to something then I'd expect to get and not send something. I realize you're example was a journal subscription but the feature should be called something more generic that makes sense.
Sheduled txs, monthly payments, standing orders…many imho way better alternatives.

(Plus this thread just went OT)

I'm trying to get the idea out first. if this works we can call it what ever everyone likes most.

anyway im use to the term from youtube subscription.

i want something like the way youtube uses subscription, but make it a user paid service. say i like the youtube vsauce channel and their contents.
and to view their contents, it will cost  10 nems a month. so i click subscribe to account vsauce @ 10nem per month in blocks. and i will have access to their content as long as im paying/subscribed.

or if we have a digital marketplace and i like the music contents provided by nem account 222, i can buy his contents one by one via the marketplace OR i can have full access to all of his contents+future contents for a monthly subscription price of xx nems.

or for a mobile game app. lets just say angry birds so everyone knows.
im a developer for angry birds, i sell each copy for 2nem. and to update with newer versions it will cost 1nem.
or you can become a subscriber to me and it will cost you 1nem per year and you will have access to all updates to angry birds.
AND if you choose the subscription option 2, it will cost you 2nems per year but you will have full access to all games and updates developed by me not limited to angry birds.

im hoping this will incentivize users to make creative contents and sell it through paid memberships via blockchain. People can make subscriptions with 0 cost as a startup until they get popular and provide pay services.

if im good at making comic books, i will write comic books and sell it to an audience via blockchain membership. maybe music is my thing, then i will create musics and sell it for 10nems a month, and you get atleast 2 new songs i make each month if you are subscribed to my account.

if you just get the idea.

if this works as i expect it to. it should go viral especially for all those of college/graduate age.

Here is an idea for client visual.

Here is an idea for client visual.

[img width=753 height=264]http://oi61.tinypic.com/2dvtsgn.jpg[/img]

"Opens up NEM Marketplace" is a provider opening up that market place for the client to click and subscribe. any security consideration here?

Here is an idea for client visual.

[img width=753 height=264]http://oi61.tinypic.com/2dvtsgn.jpg[/img]

"Opens up NEM Marketplace" is a provider opening up that market place for the client to click and subscribe. any security consideration here?

Needs to be thought through. If a click is enough it's always a security risk. XSRF could maybe be a problem there. At the very least entering the pwd again should be required.

by marketplace i mean something like digital goods store that nxt has. a blockchain digital marketplace.

We could extend this digital signature thing to also signing files, encrypting text/files/data with someone elses public key, and decrypting data with my own secret key.
So if someone wants to send me a large file and knows my nem address, he can encrypt it, send it over unsecure channel, dropbox or whatever and only i with my passphrase can decrypt it.
Would be an awesome feature ( in my view ) to have this in NCC in a simple gui, and all of the hardcore crypto stuff is already implemented anyway.

We could extend this digital signature thing to also signing files, encrypting text/files/data with someone elses public key, and decrypting data with my own secret key.
So if someone wants to send me a large file and knows my nem address, he can encrypt it, send it over unsecure channel, dropbox or whatever and only i with my passphrase can decrypt it.
Would be an awesome feature ( in my view ) to have this in NCC in a simple gui, and all of the hardcore crypto stuff is already implemented anyway.

This is a possibility. I am glad people are beginning to work on thinking what's nxt, I mean NEM.  ;D

by marketplace i mean something like digital goods store that nxt has. a blockchain digital marketplace.

I still think it should be user initiated, not provider initiated. I am not sure, honestly, but I believe it should  not be just a "click" at the provider's website. It doesn't make sense, security wise.

Edit: I would do it this way. Click on the "subscribe" button, Provider account key pops up. User copies address and launches its wallet. Paste the address and send off in the transaction menu. Copies transaction ID and fills in the form in the provider menu and press submit. Done!

Round about way, but sure to be more secure.