- Make your authorised transfer
sequenceDiagram autonumber participant PW as Primary wallet participant Client as 2FA client participant DApp as Automata 2FA Guru participant Geode as 2FA Guru Geode participant Contract as Target contract note over PW, DApp: Make authorised transfer PW->>DApp: Attempt to transfer 2FA protected assets DApp-->>PW: Request 2FA code and recipient address PW->>Client: Acquire a valid 2FA code Client-->>PW: 6-digit 2FA code PW->>DApp: Input the valid 2FA code and recipient address DApp->>Geode: Ask for the validation alt note over Geode: Validation succeeded Geode-->>DApp: Return a signature based on the actual transaction DApp-->>PW: Metamask signature PW->>DApp: Make authorised transfer DApp->>Contract: Make authorised transfer else note over Geode: Validation failed Geode-->>DApp: Return a validation error DApp-->>PW: Request declined end
- Recover your 2FA client
sequenceDiagram autonumber participant RW as Recovery Wallet participant Client as 2FA client participant DApp as Automata 2FA Guru participant Geode as 2FA Guru Geode participant Contract as 2FA authentication contract RW->>DApp: Attempt to recover your 2FA client for your primary wallet DApp->>Geode: Ask for the validation Geode->>Contract: Check the binding relationship alt note over Geode: Validation succeeded Geode-->>DApp: Return a new generated secret DApp-->>Client: Scan the QR code to set up Client->>DApp: Input a 6-digit 2FA code DApp->>Geode: Confirm reset alt note over Geode: Validation succeeded Geode->>DApp: Reset succeeded else note over Geode: Validation failed Geode->>DApp: Return a validation error end else note over Geode: Validation failed Geode-->>DApp: Request declined end
- Primary wallet:
The wallet where users store and control their assets.
- Recovery wallet:
Used for identifying users' roles and resetting the 2FA device. The relationship between the primary wallet and the recovery wallet is saved on-chain after binding.
- 2FA client:
The device which provides the TOTP(Time-based one-time password).
The dApp hosted by the Automata team. It contains the 2FA management and wallet assets control panels. Users can sign up for 2FA and find the 2FA protected dApps in the management panel. They can also make authorised transfers under the wallet assets control panel.
- 2FA Guru Geode:
The 2FA middleware which is built upon the Intel SGX. With the provision of a secure, fully-shielded enclave, the platform connects seamlessly with dApps to provide support for 2FA verification on public blockchains. It's responsible for the 2FA secret generation, storage and authentication. Attackers cannot predict or calculate the valid signature outside the enclave, and its storage is encrypted internally and attackers are unable to view anything even if they managed to steal data.
Even though the assets are safe under the 2FA protection, it's still possible for attackers to steal the TOTP by using a phishing attack. To prevent this, we use an anti-phishing feature where our 2FA middleware can analyse the original domain and detect whether it's coming from the phishing domains or links by using daily updated phishing blacklists. If a malicious domain is detected, the geode will not provide a signature to keep users' assets safe. To uphold high security standards, we also support a custom domain whitelist for a specified dApp.