Password Protection

Password Protection provides a sample of mixing smart and simple endpoints in the implementation of a crypto operation:

  • The enrollment of the password (passwordProtect) does not require to create anything on the application server. Hence, it is implemented as a simple endpoint.
  • The retrieval of the password actually occurs on the application server. Hence it is implemented as a smart endpoint.

Password Enroll Method

protectPassword

Protect the password with the CoTClosedCrypto-of-Things (CoT) - Unbound's CoT ensures that your apps are secure regardless of the security posture of the device on which they’re deployed. Now called Unbound CORE Virtual Enclave. SDK. It uses the simple endpoint. Hence, it is implemented in one step.

Methods of the Password-Retrieve Session

Password must be reassembled from its shares on the application server. Therefore, it uses smart endpoint on the application server. As such, its implementation triggers the 3-step session as described in the introduction of the Using Smart Proxy chapter:

  1. Create: Asks the SDK to:
    1. Create a context that will be used in the subsequent steps.
    2. Assembly payload of the request to be delivered to the server.
      • Once the SDK assembles the request, the mobile application is responsible for delivering it to the smart endpoint on the application server.
      • Upon reception of the server response, it must proceed to the next step.
  2. Update: processes the data received in the server response. The processing is carried in the context created in Step #1.
  3. Finalize: Ask SDK to finalize (close) processing of this context. It returns success/failure status.

Here are the relevant APIs:

  1. createRetrieveRequest

    2. It creates:

    • The context used in the subsequent steps.
    • Assemblies request to be delivered to the server.
  2. updateRetrieveRequest

    3. Uses the server response to perform the “update” step of the crypto operation within the context set by the 1st step (createRetrieveRequest).

  3. finalizeRetrieveRequest

    4. Finalizes (completes) password retrieval operation.

    Must be called by the application as the last step in processing password retrieval request.