What is Case?

Case is a hardware bitcoin wallet that makes it easy to store and use bitcoin without worrying about security, theft, or loss.

Who is the team behind Case?

We are based in Rochester, NY with some folks in New York City and San Francisco. Our CEO previously co-founded Digsby and our CTO previously co-founded Pictometry. Our team has pioneered aerial oblique imaging, built cryptography systems for the IDF, built firmware at Tesla and worked on payment systems for Paychex.

Are there only 1,000 units?

Yes, our first manufacturing run will be 1,000 units so each one will be individually numbered. Pre-order yours today.

When does it ship?

Case units will begin to ship in Summer 2015.

Do you ship internationally?

Yes, Case works in 109 countries by connecting to 183 mobile carriers. See the FAQ section on Connectivity for more info.

What information must I provide when buying Case?

When purchasing a Case, you will need to provide an email address to manage the order and the name/address where we should ship the device. During device registration and activation, your email address and phone number will need to be validated to so that they can be used to prove your identity in the event that you lose your device. No further information is required to store, send, and receive bitcoin. However, customers interested in using the device to buy and sell bitcoin will need to provide personally identifiable information such as their name, address, and bank account information to our exchange partner.

How do I use Case?

To send bitcoins, just press the ฿ button, use the built-in camera to scan a payment QR code, and swipe your finger on the fingerprint scanner. The ฿ button cycles through the other features so receiving, buying, and selling bitcoin is just as easy.

Do I need to install any software in order to use Case?

No, Case is a standalone device that doesn’t require a smartphone or a laptop. There is a web portal that lets you check your balance and transaction history but you can’t send bitcoin using the web portal - transactions can only be executed using the device. You need a browser for the first-time setup process, but you don’t need anything other than the device to spend and receive bitcoin.

How do I charge my Case?

Case has a built-in inductive charging coil so there are no ports or wires to deal with. To charge your case, just place it on the inductive charging pad that’s included with the device. Case supports the Qi inductive power standard and will be compatible with existing chargers.

How long will Case last before needing to be charged?

We are still optimizing the firmware to get the most out of our battery but we’re targeting somewhere between 50-100 transactions per charge.

How do I get all of my bitcoin into my new Case?

Just use the receive feature to generate a receive address QR code and send your bitcoins from your existing bitcoin wallet to the Case generated address that’s encoded into the QR code.

Can I exchange bitcoins for USD or other currencies with Case?

Yes, we’ve partnered with Celery to make it easy for US users to buy and sell bitcoin from your Case. You can connect your Case account to the Celery exchange. After you have verified a US bank account with Celery, you can exchange bitcoin for USD using the Buy and Sell options on your Case. We plan to offer this service to users outside the US at some point in the future.

How is Case different from cloud wallets?

Cloud wallets are accessed from general purpose computing devices like PCs and smartphones that are susceptible to viruses, malware, and hackers. This single point of failure makes cloud wallets insecure since accidentally downloading a virus could lead to all your bitcoins being stolen. Adding two-factor authentication to a cloud wallet makes it more secure but makes transactions around 10 steps so cloud wallets are either insecure or cumbersome to use, or both. Case offers security and ease-of-use with no compromises on either front.

How is Case different from other hardware wallets?

Existing hardware wallets aren’t really wallets – they are more like vaults that make it possible to store bitcoin on a dedicated secure device rather than an insecure computer or smartphone. However, since they require you to plug them in to a USB port to actually send bitcoin, you can’t really use them as a payment instrument to go buy a cup of coffee. Our goal is to build a device that both securely stores your bitcoin and is easy-to-use as a payment instrument. While existing USB wallets keep keys secure, they depend on the insecure screen, camera, and keyboard of the host device.

Do I need to have my phone or laptop to use Case?

No, you do not need a laptop, phone, or any other device to use your Case once activated. Your Case has a GSM chip built in for network communication; no tethering is necessary! When you first setup your Case, you will need a web browser to set up an account on our website and activate the device.

How does Case connect to the Internet?

Case has a built-in GSM chip so it doesn’t require a smartphone or computer to connect to the Internet. Case works with 183 mobile carriers in 109 countries.

Is there a monthly fee for the GSM connection?

No, there are no monthly fees. Case comes with free global Internet access for the life of the device so you can use it to execute transactions all over the world.

In what countries does the device work?

Case connects to 183 mobile carriers in 109 countries: Afghanistan, Albania, Algeria, Anguilla, Antigua and Barbuda, Argentina, Armenia, Aruba, Australia, Austria, Azerbaijan, Bangladesh, Barbados, Belgium, Bermuda, Brazil, British Virgin Islands, Bulgaria, Canada, Cayman Islands, Chad, Chile, China, Colombia, Cote de Ivoire, Croatia, Cyprus, Czech Republic, Denmark, Dominica, Dominican Republic, DR Congo, Ecuador, Egypt, El Salvador, Estonia, Faeroe Islands, Finland, France, Germany, Ghana, Greece, Grenada, Guatemala, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Jamaica, Japan, Kazakstan, Laos, Latvia, Liechtenstein, Lithuania, Luxembourg, Malaysia, Malta, Martinique, Mexico, Montserrat, Namibia, Netherlands, Netherlands Antilles, New Zealand, Nicaragua, Nigeria, Norway, Pakistan, Panama, Peru, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Rwanda, Saint Kitts and Nevis, Saudi Arabia, Singapore, Slovakia, Slovenia, South Africa, Spain, St. Lucia, St. Vincent and the Grenadines, Suriname, Sweden, Switzerland, Tanzania, Thailand, Trinidad and Tobago, Turkey, Turks and Caicos Islands, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uruguay, Uzbekistan, Venezuela. This list may change as partner networks are added or removed.

Is it open source?

Yes, we will be releasing as much of the source code to our device’s firmware as possible.

How is the device key generated and when?

The device generates a public-private key pair using a cryptographically secure random number generator during the initial setup. This key will never leave the device, and will never be known by our servers. Case does not ship with pre-generated keys. The hardware RNG is based on an analog circuit which generates continuous analog line noise to produce non-deterministic keys.

Does your cryptographic hardware have any security certifications?

Yes, FIPS PUB 197, FIPS PUB 140-2, and FIPS PUB 180-2

What BIPs does Case implement or support?

BIP-0016, BIP-0021, BIP-0032, and BIP-0045

Where do you manufacture the device?

We are happy to work with a hardware manufacturer in the United States. Our manufacturing facility is just a few miles from our office, which has allowed us to work closely during the hardware testing and quickly iterate through design modifications.

Are my bitcoins stored securely?

Case is extremely secure because it is built on top of a multi-signature, multi-factor architecture with no single point of failure. Your bitcoin wallet has three keys and two of them are needed to complete a transaction. One key is embedded on the device so it is secured by the possession factor. No one can gain access to this key without having possession of the device. However, this key isn’t enough to complete a transaction. A second key is stored on our servers and transactions are only signed by the server key if the fingerprint scan is a match so this key is secured by a biometric factor. That means even if your device is lost or our servers are compromised, your bitcoins are safe. A third key sits in an offline vault and is only used if you ever lose your Case to help you recover your bitcoins.

How is my fingerprint data stored?

We do not store direct images of your fingerprints on our servers. We store a geometric template of the relative locations of unique elements of your fingerprint and this template is used to validate the fingerprint scan. That template, along with all your other sensitive user data are encrypted with what we call the User Data Encryption Key (UDEK). Each user has a unique UDEK and that UDEK does not live on our servers, it actually lives on the device. The device grants the server temporary access to your user data in order for the server to validate the fingerprint scan and sign the transaction with the server key. If the server-side database is ever compromised, an attacker would get encrypted fingerprints that they can’t decrypt since the keys to decrypt them don’t actually live on the server.

Have you been audited?

Yes, we are working with an auditing firm that specializes in Bitcoin companies. We will undergo architecture, cryptographic, and source code audits before we ship our devices. We designed our system with security as a top priority, and expect to achieve Level III certification in the CryptoCurrency Security Standard, which is currently a draft.

What type of encryption do you use to protect my data?

All communication between the device and our servers is secured by Transport Layer Security. On top of that, we encrypt sensitive data with a shared symmetric key we call the Shared Private Key (SPK) that is unique for each device. Sensitive user data such as the public keys, server private key, and fingerprint template are encrypted with another device-specific User Data Encryption Key (UDEK) that lives on the device and is sent whenever the device authorizes a transaction. Our cryptographic methods include AES-256 for symmetric encryption and HMAC-SHA-512 for message authentication.

What happens if my Case is lost or stolen?

Don’t worry - your bitcoins are safe. Since only one of the three keys has been lost, whoever finds or steals your Case can’t access your bitcoins. If you lose your Case, just use our online recovery process. We’ll ask you to verify your email address and phone number. This information layer will unlock the offline recovery key. We’ll then mail you a fingerprint scanner that you can use to unlock the biometrically secured server key and recover your bitcoins. The vault key can also be controlled by you.

Who holds the third key?

During first time setup for the device, you can choose where you want your recovery key stored. The default option is to store it in a secure vault operated by Third Key Solutions. If you wish to store your own third key, you will be prompted during the setup flow to scan the public key of your recovery private key. Please note that you will be responsible for signing a transaction with this private key if your device is lost or stolen, and we recommend this only as an advanced option for expert users.