[taler-anastasis] branch master updated: minor fixes

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] branch master updated: minor fixes

From:	gnunet
Subject:	[taler-anastasis] branch master updated: minor fixes
Date:	Tue, 02 Jun 2020 17:45:42 +0200

This is an automated email from the git hooks/post-receive script.

ds-meister pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new 587f55e  minor fixes
587f55e is described below

commit 587f55e0d8f6b73b291033556ef0d4c456a66d74
Author: Dominik Meister <dominiksamuel.meister@students.bfh.ch>
AuthorDate: Tue Jun 2 17:45:34 2020 +0200

    minor fixes
---
 doc/thesis/implementation.tex      |  2 +-
 doc/thesis/server_architecture.tex | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/doc/thesis/implementation.tex b/doc/thesis/implementation.tex
index 79ca1f8..d44f5e6 100644
--- a/doc/thesis/implementation.tex
+++ b/doc/thesis/implementation.tex
@@ -45,7 +45,7 @@ This section describes a happy flow of the two protocols of 
Anastasis, key split
 \item The user selects a server on which he previously stored a recovery 
document.
 \item Next the client downloads the server salt to compute the server specific 
account public key(GET /salt). 
 \item After the user generated the public key he will downlaod the recovery 
document. At this point he can define if he wants a specific version or the 
latest version of the recovery document. In the graphic the client downloads 
the latest version(GET /policy/\$ACCOUNT\_PUB).
-\item The clien will now decrypt the recovery document and list all policies 
and authentication methods. The user now has to solve these challenges. For 
example he has to answer a secure question or he has to type in a pin which was 
sent to him by SMS.(GET /truth/\$UUID?resonse=\$RESPONSE \\ 
+\item The clien will now decrypt the recovery document and list all policies 
and authentication methods. The user now has to solve these challenges. For 
example he has to answer a secure question or he has to type in a pin which was 
sent to him by SMS.(GET /truth/\$UUID?resonse=\$RESPONSE) \\ 
 After each successfully solved challenge the client will check if one of the 
policies is fullfilled. If one of the policies is finished, the client will 
decrypt the core secret and provide it to the user.
 \end{enumerate}
 
diff --git a/doc/thesis/server_architecture.tex 
b/doc/thesis/server_architecture.tex
index 4bde737..21f3743 100644
--- a/doc/thesis/server_architecture.tex
+++ b/doc/thesis/server_architecture.tex
@@ -21,13 +21,18 @@ The webserver of Anastasis runs a RESTful API. For a 
detailed documentation of t
 REST API see the rest\_api\_documentation in the appendix.
 
 \subsection{Authentication Methods}
-This section describes the supported authentication methods in detail.
+This section describes an overview over the different possible authentication 
methods for Anastasis. In our implementation only the secure question is 
implemented. The other methods are just explained how they would be implemented.
 
 \subsubsection{SMS (sms)}
-Sends an SMS with a code to the users phone. The must send this code back with 
his request (see \$RESPONSE under ‘Manage truth’). If the transmitted code is 
correct, the server responses with the requested encrypted key share. FIXME: 
details!
+The user tells the server with a request that he wants to authenticate with 
him(GET /truth/\$UUID. The server will then generate a pin and send it with an 
SMS provider to the stored number in the truth object. The client then has to 
send another request with the sent pin(GET /truth/\$UUID?resonse=\$RESPONSE). 
The server can now check if the two pins match. Upon success the server will 
release the encrypted key share.
 
 \subsubsection{Video identification (vid)}
-Requires the user to identify via video-call. The user is expected to delete 
all metadata revealing information about him/her from the images before 
uploading them. Since the respective images must be passed on to the video 
identification service in the event of password recovery, it must be ensured 
that no further information about the user can be derived from them. FIXME: 
details!
+Requires the user to identify via video-call. The user is expected to delete 
all metadata revealing information about him/her from the images before 
uploading them. Since the respective images must be passed on to the video 
identification service in the event of password recovery, it must be ensured 
that no further information about the user can be derived from them. \\ 
+The user first has to send a request to server that he wants to 
authenticate(GET /truth/\$UUID).
+The server will then send a request to the video authentication provider that 
a user wants to authenticate. The provider will generate a link to a video 
conference which is sent to the user. The authentication provider then checks 
with image if the user is legitimate. Upon success the video provider sends an 
ok to the server and the server will release the key share.
+
+\subsubsection{Post identification (post)}
+The user tells the server with a request that he wants to authenticate with 
him(GET /truth/\$UUID. The server will then send a letter containing a pin with 
a post-service to the users address which is stored in the truth object. The 
client then has to send another request with the sent pin(GET 
/truth/\$UUID?resonse=\$RESPONSE). The server can now check if the two pins 
match. Upon success the server will release the encrypted key share.
 
 \subsubsection{Security question (qa)}
-Asks the user a security question. The user sends back a hash over the answer. 
If the hash value matches with the one the server is expecting, the server 
answers with the requested encrypted key share. A different hash function over 
the same security answer is used to provide optional data for the decryption of 
the (encrypted) key share.
+The user defines a secure question and answer and stores it on a server. The 
server stores the instcructions, here the question, encrypted. The answer is 
stored hashed on the server, the server will never learn the plaintext answer. 
If the user wants to release the key share from the server he must provide the 
hashed answer. The server then checks if the stored and the provided hash 
match. Upon success the server will send the encrypted key share. 
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-anastasis] branch master updated: minor fixes, gnunet <=
- [taler-anastasis] branch master updated: minor fixes, gnunet, 2020/06/11

Prev by Date: [taler-anastasis] branch master updated: implementation fix business start conclusion
Next by Date: [taler-anastasis] branch master updated (587f55e -> 22509e9)
Previous by thread: [taler-anastasis] branch master updated: implementation fix business start conclusion
Next by thread: [taler-anastasis] branch master updated: minor fixes
Index(es):
- Date
- Thread