Trust Exchange

Overview

This process describes how two users, Alice (the initiator) and Bob (the recipient), securely establish a mutual trust relationship and exchange their verified identity personas, rooted in their hardware keys.

Phase 1: Initiation and Token Exchange

The process begins with Alice setting up a secure, temporary rendezvous point for the exchange.

1. Alice Selects Persona: Alice decides which specific digital persona (e.g., "Professional Identity," "Personal Friend") she wants to share with Bob.

2. Session Creation: Alice's device uses the SessionManager server component to create and join a unique, temporary trust session and stores her selected persona there (encrypted).

3. Token Generation: Alice generates a Trust Exchange Token, typically a QR code or a link sent via SMS.

4. Token Delivery: Alice displays or sends this token to Bob, completing the out-of-band invitation.

Phase 2: Mutual Persona Exchange

Bob uses the token to join the session, and both parties prepare their identity data for the cryptographic handshake.

1. Bob Joins: Bob scans the QR code or clicks the link, joining the trust session via the SessionManager.

2. Data Provision: The SessionManager provides Bob with Alice’s initial persona data and trust details. This allows Bob the abillity to consent to the share with knowlege.

3. Bob Accepts & Selects Persona: Bob accepts the trust request and selects his own persona to share back with Alice.

4. Certificate Verification: Bob's device retrieves Alice’s public certificate (signed by her Master Identity CA) and verifies its authenticity and validity.

Phase 3: Cryptographic Handshake and Verification

This is the critical security phase where the devices generate a shared session key and verify the exchange integrity using a secure, human-verified challenge.

1. Shared Secret Generation (ECDH): Both devices independently compute a shared secret. Alice uses her Device Private Key and Bob's Public Certificate; Bob uses his Device Private Key and Alice's Public Certificate. Since they use key pairs generated from the same underlying identity systems, they arrive at the same shared secret.

2. Session Key Derivation (HKDF): Both devices use the HKDF-SHA256 standard to derive a strong, symmetric Session Key from the shared secret. All further communication within this session is encrypted with this key.

3. Secure Nonce Challenge:Both Bob and Alice generate a unique six-digit secure nonce (PIN) using the shared secret of the exchange.

4. Out-of-Band Verification: Alice and Bob must verbally or visually verify this six-digit PIN out-of-band (e.g., reading the number aloud). This prevents Man-in-the-Middle (MITM) attacks.

5. Challenge Completion: Alice enters the final digit of the PIN back into her device to complete the challenge, confirming the human-verified match.

Phase 4: Finalization and Attestation

Once the cryptographic session is verified and the human challenge is complete, the trust is formalized and recorded.

1. Session Finalization: Alice and Bob both send a verification success message to the SessionManager. The SessionManager notifies both devices that the trust exchange is complete.

2. Data Retrieval: Both Alice and Bob retrieve the now fully encrypted, reciprocal persona data from the session store.

3. Trust Attestation (Logging): Both Alice and Bob's devices separately send an event to the AttestationManager server to log the new mutual trust relationship on the verifiable, immutable Trust Graph. This enables future key discovery reguardless of device recovery as trust is created at the master identity level.

4. Session Closeout: The session is closed by the SessionManager, concluding the secure exchange.

Process Flow

sequenceDiagram

    participant Alice
    participant Bob
    participant SessionManager
    participant AttestationManager

    Alice->>Alice: Selects persona to share with recipient
    Alice->>SessionManager: Creates and joins trust session
    Alice->>SessionManager: Stores selected persona in session
    Alice->>Alice: Generate QR or SMS trust exchange token
    Alice->>Bob: Displays or sends trust exchange token
    Bob->>Bob: Scan QR or click link from SMS
    Bob->>SessionManager: Joins trust session
    SessionManager->>Bob: Provides Alice persona and trust data
    Bob->>Bob: Decides to accept the trust request
    Bob->>Bob: Selects persona to share back to Alice
    Bob->>Bob: Gets Alice ID and public certificate then verifies validity
    Alice->>Alice: Compute shared secret ECDH device private with Bob public certificate
    Bob->>Bob: Compute shared secret ECDH device private with Alice public certificate
    Alice->>Bob: Derive session key using HKDF SHA256
    Bob->>Alice: Derive same session key
    Bob->>Bob: Generate six digit secure nonce
    Alice->>Alice: Generate six digit secure nonce
    Bob->>Alice: Verify six digit pin out of band
    Alice->>Bob: Enter last digit of pin to complete challenge
    Bob->>SessionManager: Send selected persona to store in session.
    Alice->>SessionManager: Send verification success
    Bob->>SessionManager: Send verification success
    SessionManager->>Bob: Trust exchange complete
    SessionManager->>Alice: Trust exchange complete
    Bob->>SessionManager: Get encrypted persona from session store
    Alice->>SessionManager: Get encrypted persona from session store
    Bob->>AttestationManager: Attest Bob trusts Alice on the graph
    Alice->>AttestationManager: Attest Alice trusts Bob on the graph
    Alice->>Bob: Bye
    Bob->>Alice: Bye
    SessionManager->>Alice: Bye
    SessionManager->>Bob: Bye

Cryptographic Summary