ByteSync Reference Manual

Trusted Clients

18 January 27, 2023

The Trusted Clients are all ByteSync clients whose identity has been recognized and validated through a secure authentication process.

A client’s identity is defined by its Client ID and its asymmetric Key Pair, itself represented by its Public Key.

The Trusted Clients system is used to secure Cloud Sessions and Cloud Session Lobbies. It contributes to ByteSync’s End-to-End Encryption functionality and helps ensure that each participant is aware of the identity of other participants and prevents Man-in-the-Middle (MITM) attacks.

Registration of a Trusted Client

The Trusted Client registration process is a secure 1-to-1 process between two clients, at least one of which does not recognize the other as a Trusted Client.

When a client-applicant requests to join a Cloud Session, the registration process is automatically initiated for each client-applicant/Session Member pair for which :

  • Either the client-candidate does not recognize the Session Member as a Trusted Client.
  • Either the Session Member does not recognize the client-candidate as a Trusted Client.

If the client-candidate does not recognize several Session Members as being Trusted Clients, and/or if several Session Members do not recognize the client-candidate as a Trusted Client, several registration processes will be initiated, presented one after the other on the client-applicant.

If the Trusted Client registration process fails with at least one of the Session Members, the client-applicant will not be able to join the Cloud Session. However, he or she may request to join the Cloud Session again so that the necessary registration processes can be initiated once more.

The Trusted Client registration process is only offered during the connection to a Cloud Session, not when connecting to a Cloud Session Lobby.

Figure A: Trusted Client Registration Form

During the Trusted Customer registration process, the above form is automatically displayed on both clients.

The objective is to ensure the identity of the other client and then register him as a Trusted Client.

However, rather than engaging in tedious reciprocal validation of the equality of Client IDs and Public Keys ByteSync offers a simpler control system, based on a set of Security Words : users are only required to ensure that the Security Words displayed on both clients are identical.
The Security Words are a unique combination, specific to each registration process and based on the Public Keys of both clients.

The form looks like this:

  • The A.1 submission text differs for the client-applicant and for a Session Member.
  • The A.2 field displays the Client ID and Public Key of the current client.
  • Field A.3 displays the Client ID and Public Key of the client to be registered as a Trusted Client.
  • The text A.9 is displayed only if it is the client-applicant. It shows 2 digits i / C with i, index of the current Session Member to be registered, and C, total number of Session Members to be registered.
  • Area A.4 displays the Security Words, which must be ensured to be identical on each client. There are several possible methods for this:
    – Either by reading them out loud or by exchanging them in writing. The same method can be used here as was used to provide the Session ID and Session Password to the client-applicant.
    – Or, if you have Remote Desktop access to the other client, by copying the Security Words to the clipboard with button A.5 on one of the clients, then checking the contents of the clipboard on the other client with button A.8. A message will then indicate whether the check passed or failed.

Click REGISTER TRUSTED CLIENT once you have checked that the Security Words are identical on both clients and that you recognize the other client as a Trusted Client. Both clients must perform this operation to finalize the transaction.

Click REJECT CLIENT if you do not recognize the other customer as a Trusted Client. The Trusted Client registration process will fail if at least one of the clients clicks this button.

Consultation and management of Trusted Clients

Figure B: Consultation and management of Trusted Clients

Click on button B.1 to display the panel for consulting and managing Trusted Clients. This button is only visible when the client is authenticated to the ByteSync server.

The B.5 field displays the Client ID and Public Key of the current client.

Zone B4. displays the list of Trusted Clients of the current client, with for each :

  • Its Customer ID
  • Its Public Key
  • The date on which it was registered

The Delete button (B.3) is used to remove a client from the list of Trusted Clients. As this operation is not reciprocal, the same operation will have to be performed on the other client to remove the current client from the Trusted Clients list of this client. Once a customer is removed from the Trusted Clients list, a Trusted Client registration process will be initiated if the current client and that client try to participate in the same Cloud Session again.

The button RENEW ID, KEY PAIR AND REMOVE ALL TRUSTED CLIENTS (B.2) is used to reset the entire Trusted Clients system of the current client by assigning it a new Client ID, a new asymmetric Key Pair and clearing its list of Trusted Clients. Thus:

  • By changing the Client ID and Public Key, it will no longer be recognized by any other client as a Trusted Client.
  • By clearing its list of Trusted Clients list, it will no longer recognize any other client as a Trusted Client.
Previous Article

Application settings

Next Article

Session Profiles