#
Identity Tokens
HexaEight Authentication can be broadly divided into two categories: one for users and another for machines. It is essential to understand the following terminology when working with HexaEight authentication:
Any individual who has access to an email address and a mobile phone, and can install the HexaEight Authenticator Mobile Application is considered a user.
Any system, machine, or device that does not have the capability to use a mobile phone for authentication is considered a machine.
#
HexaEight EMail Identity Tokens
HexaEight EMail Identity Tokens are used for User Authentication but also serve several purposes beyond allowing users to authenticate themselves. These tokens are also utilized by Machine Owners to create Resource Identity Tokens in order to authorize Machines and Devices
To generate a HexaEight EMail Identity Token, the user must have a permanent email address and a mobile phone capable of installing the HexaEight Authenticator Mobile App
sequenceDiagram actor Alice participant HexaEight Mobile App participant HexaEight Platform Alice->>HexaEight Mobile App: (1) HexaEight Mobile App->>HexaEight Platform: (2) HexaEight Platform-->>HexaEight Mobile App: (3) HexaEight Platform-->>Alice: (4) Alice->>HexaEight Mobile App: (5) HexaEight Mobile App->>HexaEight Platform: (6) HexaEight Platform-->>HexaEight Mobile App: (7)
EMail Identity Token
An EMail Identity Token is comprised of a Login Token linked to the user's email address. The Login Token is used in conjunction with the user's password to retrieve pre-authentication data and asymmetric shared keys from the HexaEight Platform. Even if the Login Token is stolen, it does not pose any security threat without the user's password.
HexaEight Platform does not store user passwords, instead it uses the user password to only generate a Login Token which helps the platform to generate asymmetric shared keys for different destinations in the future for that user.
Passwords
The HexaEight Authenticator Mobile App is designed not to store passwords associated with EMail Identity Tokens. Therefore, it is the responsibility of the user to remember the password associated with the EMail Identity Token.
When the user enters a password in the Mobile Application, the password is stored in memory until the application is terminated. The app can be pushed to the background, allowing the user to authenticate multiple times without re-entering the password every time.
However, if the user forgets the password, the EMail Identity Token becomes unusable, and the user will need to generate a new token
#
HexaEight Resource Identity Tokens
HexaEight Resource Identity Tokens are the core of the HexaEight Authentication system, providing a unique identity for machines, devices, and systems. They can also be assigned to any processes, functions, or objects that have the capability to securely store a password and use HexaEight encryption libraries. These tokens are essential for authenticating and authorizing various entities, such as users, machines, and devices.
To generate a HexaEight Resource Identity Token, the user must already have an Email Identity Token generated.
sequenceDiagram actor Alice participant HexaEight Mobile App participant HexaEight Platform Alice->>HexaEight Mobile App: (A) HexaEight Mobile App-->>Alice: (B) HexaEight Mobile App->>HexaEight Platform: (C) HexaEight Platform-->>HexaEight Mobile App: (D) HexaEight Mobile App->>HexaEight Platform: (E) HexaEight Platform-->>HexaEight Mobile App: (F) HexaEight Mobile App-->>Alice: (G)