CSSv5.0.0 en:Activation of QUICK access

Aus Cryptshare Documentation
Version vom 21. September 2021, 13:48 Uhr von Birkenmeierm (Diskussion | Beiträge) (→‎Activate 'by yourself')
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche



General

QUICK Technology is a new feature of Cryptshare since version 4.3.0. The initial activation of QUICK is done by the user himself. To do this, the user creates a transfer to a recipient with whom he wants to use QUICK in the future and activates the "QUICK" option. This generates the required keys on the server side and stores the QUICK access credentials on the local client. The process of "Activation" described here only refers to situations where the user wants to equip an additional client with QUICK access credentials or has lost the QUICK access credentials on a previously activated client and wants to restore them. If you are not yet familiar with the technology and the terms, please refer to the chapter 'Introduction to QUICK' in this manual.

Questions concerning the activation

Why is an activation required?

QUICK activation is a procedure by which users, who have used QUICK earlier, can transfer the necessary verification token, as described in 'Introduction to QUICK', to another client. This procedure must be performed in the following cases:

  • When a user wants to use QUICK on a new client.
  • When a user has lost his QUICK credentials and wants to regain them.

Reasons for losing QUICK credentials

As described in the QUICK Introduction, the verification token is part of the QUICK key chain and is stored on client-side. In case of the Cryptshare Web-App this happens in form of a browser cookie. Therefore losing the verification token (the cookie) always also implies losing the QUICK credentials. Please note the following additional reasons which cause Cryptshare to offer the activation options:

  • Changing the base-url in the Administration Interface or opening the Cryptshare User Interface under a different URL.
The verification token is not lost (it is available under the original URL), however cannot be accessed (as cookies are domain-based). Cryptshare cannot determine the difference and therefore will offer the activation options. This basically is the same situation as if the user would use a new client. It is therefore also possible to proceed as if using a new client.


  • Losing or resetting browser cookies.
The verification token is lost and cannot be accessed in this browser any longer. An activation is required.
Due to the domain-based nature of a browser cookie, a migration/exchange of cookies between different URLs is not possible. For users it is therefore recommended to always use the same URL on the same client.


What are the consequences of losing QUICK credentials? If QUICK credentials have been lost:

  • Users cannot download the contents of a QUICK transfer any longer.
  • Users cannot initiate new QUICK transfers any longer.

How can a user initiate an activation procedure?

The activation procedure cannot actively be initiated by a user. The system automatically detects whether an activation is required or not. If an activation is necessary, the activation options will be presented to the user at the following points:

  • On sender side: After transfer options have been selected and the user tries to proceed to the notification preview screen.

After the activation process is finished, the user can continue providing the transfer.

  • On recipient side: When accessing a QUICK transfer and QUICK credentials are missing. Depending on the circumstances, different activation options will be available.

The download section opens up as soon as the activation has finished successfully.

External reasons for loosing QUICK credentials
Please note the following external reasons for loosing QUICK credentials:
  • Changing the base-url:

If the base-url is changed or a user opens the user interface under a different URL, the verification token and therefore the QUICK credentials are lost. It is therefore recommended to configure Cryptshare and the network to always redirect users to the same URL internally and externally.

  • Loss or reset of browser cookies
If browser cookies are deleted, the verification token and with it, the QUICK credentials will be lost.


Which kinds of activation options exist?

There are three different kinds of activation options available. Each method requires certain prerequisites, respectively has certain requirements and implications.

Activation Option Available To Advantage Disadvantage
​Activate by yourself
  • Senders
  • Recipients​
  • Users can go through the activation process all by themselves.
  • The QUICK status of the user is fully restored afterwards.
A second client enabled for QUICK must exist.
Administrative Activation
  • Senders
  • Recipients
The QUICK status of the user is fully restored after the process. An administrator needs to be available who can provide an activation code.
Reset Senders only Clients can be used again with QUICK.
  • All existing QUICK connections are lost and must be re-established.
  • Existing pure QUICK transfers cannot be accessed any longer.
Cryptshare Server User Interface
45516769.png


Cryptshare for Office 365 & Outlook
45516759.png


Activation options in detail

Activate 'by yourself'

Using the activation option 'Activate by yourself', users can restore their QUICK credentials by themselves. To do this, the user must have access to another client which is already QUICK-enabled. During the activation process, a list of QUICK-enabled clients is shown to the user. Using one of these clients, the user can generate an activation code, which he then needs to enter on the client he wants to activate.

Cryptshare Server User Interface
Client A - The client which needs an activation
45516761.png


Client B - The Client which can generate an activation code
45516760.png


Cryptshare for Office 365 & Outlook
Client A - The client which needs an activation
45516758.png


Client B - The Client which can generate an activation code
45516757.png


Activation codes generated by another client are valid for 15 minutes and cannot be used for activation after this time has passed. For security reasons an activation code can only be used once. When the activation succeeds, or the wrong activation code is is entered more than 10 times, it is invalidated.


Administrative Activation An administrative activation can be used if no second client is available and an activation 'by yourself' can therefore not be performed. However, for this option the help of an administrator is required. In the section ' QUICK → Activate Access ' in the administration interface, the administrator is able to enter the email addresses of the user(s) for whom an activation code shall be generated. The generated codes can then be provided to the user(s) who want to perform the activation.

Codes not persistently available
Please note, that the page for the activation code creation does not persistently keep the codes available. When leaving the page and re-visiting it again, these codes will not be displayed again. Therefore it is recommended to instantly provide the codes to the users or to copy them in order to provide them later.


Activation codes generated by administrators are valid for 24 hours and cannot be used for activation after this time has passed. For security reasons an activation code can only be used once. When the activation succeeds, or the wrong activation code is entered more than 10 times, it is invalidated.


Reset Resetting QUICK access is a remaining alternative if the other activation options are not available or not desired. This option is currently only available during the provision of a transfer. As the recipient of a QUICK transfer, it is not possible to reset the QUICK access with this option. The reset can be performed by the user without the need for any other clients or contact to an administrator.

The existing Personal Key as well as all already established or pending QUICK connections with other users are removed and a new Personal Key is created.


A reset will have the following effects:

  • The user can perform QUICK transfers again. The verification token used for this purpose is reactivated for QUICK.
  • QUICK connections with other users must be re-established, i.e. as with a new QUICK user, either by providing a QUICK transfer or by accepting a QUICK connection when retrieving a QUICK transfer.
  • Existing QUICK transfers that are still available and have been provided by the user earlier, can only be retrieved by entering the transfer password given that the transfer was an invitational transfer.