Profiles and Keys: Overview

TABLE OF CONTENTS

 

Atakama Profile

An Atakama Profile is a set of unique devices belonging to an individual user. Each Atakama user will have an Atakama Profile. It is the first thing a user will configure when installing Atakama.

 

Atakama is a decentralized system that does not rely on centralized servers, user credentials, or any other form of user identity. Instead, a set of unique devices use individual Keys and a consensus mechanism to securely perform cryptographic actions (e.g., file decryption) referred to as a MofNop. The Atakama Profile (i.e., set of unique devices) controls the Keys and enables Atakama's cryptographic systems to operate. The Atakama Profile is secured by the Keys that work together to enable a MofNop (i.e., Atakama's threshold security system). 

 

An Atakama Profile is basically the glue that binds a group of Keys and the user who controls the KeysAs a decentralized system that does not leverage any identity management system, the Atakama Profile is the closest thing in Atakama to a user's "identity".

 

 

Profile Name

Atakama users choose a Profile Name during First-Time Setup. The name helps identify the owner of an Atakama Profile when interacting with other Atakama users. The Profile Name can also help distinguish devices when a user has installed Atakama on multiple computers controlled by that same user.

 

 

Profile ID

The Profile ID is a unique identifier for every Atakama Profile. The Profile ID consists of four words that are cryptographically connected to the Atakama Profile. The Profile ID never changes.

 

The Profile ID is used to verify other Atakama users prior to approving those users to access Atakama-encrypted files in a shared location (e.g., Dropbox folder).

 

 

Profile Keys

Profile Keys cryptographically secure an Atakama Profile. The Profile Keys for each Atakama Profile are distributed across that user's physical devices (e.g., computer and smartphone). Whenever Atakama users attempt an action, such as file decryption, the Profile Keys must come together for the action to complete (i.e, MofNop).

 

Profile Keys are not permanent and can change over time. They can be added, removed, and replaced. All Profile Key additions and removals are performed as MofNop.

 

Examples:

Profile Key addition - A user adds a device (e.g., tablet) to their existing Atakama ProfileAdding this device adds a Profile Key to the user's Atakama Profile, which results in added protection (i.e., greater assurance the user will be able to access their Atakama-encrypted data) in the event one of the other existing devices comprising that user's Atakama Profile is lost or becomes inoperable.

 

Profile Key removal - In the event a device that is part of an existing Atakama Profile is lost or becomes inoperable, the user can remove that device, and the corresponding Profile Key on that device, from their Atakama Profile.

 

 

Keys

Atakama's cryptographic security system relies on key distribution. The Profile Keys for each Atakama Profile are distributed across that user's physical devices (e.g., computer and smartphone). Whenever Atakama users attempt an action such as file decryption (i.e., MofNop), the Profile Keys must come together for the action to complete. For the action to complete, Atakama requires a threshold number of keys. The minimum threshold can never be less than two keys, with each key contributing toward the minimum. This is referred to as the Security Threshold, which is necessary to approve a MofNop.

 

Every Key has a Key ID -- a unique identifier consisting of four words -- that is cryptographically bound to the key. The Key ID is necessary as verification when modifications are made to Profile Keys.

 

Keys can take two forms, Key on Device and Key on Paper.

 

Key on Device

Every device running Atakama is assigned a unique cryptographic key that is bound to the device. Keys on computers running Windows are stored in the AppData/Local/AppKeys folder using Data Protection API. Keys on computers using Mac and Linux are stored in the "local keychain". Keys on mobile devices are stored on the device's secure element.

 

Personal Device

A device owned by the Atakama user. Personal devices are prioritized and displayed first in the Atakama Profile on the Atakama mobile and desktop applications. 

 

Trustee Devices

A trustee device is owned by someone the Atakama user trusts (e.g., friend, family member, colleague). Atakama users can add trustee devices to their Atakama Profile as backups to protect against situations when a personal device is ever lost or becomes inoperable.

 

Key on Paper

In addition to using trustee devices, Atakama users have the option of creating Key on Paper for recovery purposes to protect against situations when a personal device or trustee device is ever lost or becomes inoperable. A Key on Paper is a set of words that corresponds to a cryptographic key. These words can be loaded into a device running AtakamaKey on Paper cannot be used to approve a MofNop, but can be used to replace the key on a lost or inoperable personal device.

 

 

Related Concepts

How to find an Atakama Profile ID

  • Quicklook

  • Keys tab in Control Center

  • Mobile App

These keys cannot be used to approve files, however, they can be used during a recovery event.

 

During a recovery event, a key on paper can be loaded into a device giving it temporary ownership of the key which was previously stored on paper. This can then be used to generate a new key on the device which can approve files. 




Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.