Trust Exchange

Overview

This process describes how two users, Alice (the initiator) and Bob (the recipient), securely establish a mutual trust relationship and exchange their verified identity personas, rooted in their hardware keys.

Phase 1: Initiation and Token Exchange

The process begins with Alice setting up a secure, temporary rendezvous point for the exchange.

1. Alice Selects Persona: Alice decides which specific digital persona (e.g., "Professional Identity," "Personal Friend") she wants to share with Bob.

2. Session Creation: Alice's device uses the SessionManager server component to create and join a unique, temporary trust session and stores her selected persona there (encrypted).

3. Token Generation: Alice generates a Trust Exchange Token, typically a QR code or a link sent via SMS.

4. Token Delivery: Alice displays or sends this token to Bob, completing the out-of-band invitation.

Phase 2: Mutual Persona Exchange

Bob uses the token to join the session, and both parties prepare their identity data for the cryptographic handshake.

1. Bob Joins: Bob scans the QR code or clicks the link, joining the trust session via the SessionManager.

2. Data Provision: The SessionManager provides Bob with Alice’s initial persona data and trust details. This allows Bob the abillity to consent to the share with knowlege.

3. Bob Accepts & Selects Persona: Bob accepts the trust request and selects his own persona to share back with Alice.

4. Certificate Verification: Bob's device retrieves Alice’s public certificate (signed by her Master Identity CA) and verifies its authenticity and validity.

Phase 3: Cryptographic Handshake and Verification

This is the critical security phase where the devices generate a shared session key and verify the exchange integrity using a secure, human-verified challenge.

1. Shared Secret Generation (ECDH): Both devices independently compute a shared secret. Alice uses her Device Private Key and Bob's Public Certificate; Bob uses his Device Private Key and Alice's Public Certificate. Since they use key pairs generated from the same underlying identity systems, they arrive at the same shared secret.

2. Session Key Derivation (HKDF): Both devices use the HKDF-SHA256 standard to derive a strong, symmetric Session Key from the shared secret. All further communication within this session is encrypted with this key.

3. Secure Nonce Challenge:Both Bob and Alice generate a unique six-digit secure nonce (PIN) using the shared secret of the exchange.

4. Out-of-Band Verification: Alice and Bob must verbally or visually verify this six-digit PIN out-of-band (e.g., reading the number aloud). This prevents Man-in-the-Middle (MITM) attacks.

5. Challenge Completion: Alice enters the final digit of the PIN back into her device to complete the challenge, confirming the human-verified match.

Phase 4: Finalization and Attestation

Once the cryptographic session is verified and the human challenge is complete, the trust is formalized and recorded.

1. Session Finalization: Alice and Bob both send a verification success message to the SessionManager. The SessionManager notifies both devices that the trust exchange is complete.

2. Data Retrieval: Both Alice and Bob retrieve the now fully encrypted, reciprocal persona data from the session store.

3. Trust Attestation (Logging): Both Alice and Bob's devices separately send an event to the AttestationManager server to log the new mutual trust relationship on the verifiable, immutable Trust Graph. This enables future key discovery reguardless of device recovery as trust is created at the master identity level.

4. Session Closeout: The session is closed by the SessionManager, concluding the secure exchange.

Process Flow

Cryptographic Summary