3.2 Cryptographic User Identity

The cryptographic identity of a Zoom user consists of two components. The first component is a set of human-readable identifiers unique to each user and the account they belong to. This allows users to be identified by displaying their email addresses and information about their Zoom accounts to other users. Second, each user’s identity includes the set of devices (and their cryptographic keys) controlled by that user. We describe a device model that lets us reason about how a user’s devices and keys change over time, and helps us formalize the concept of trust between devices. The device model allows a user’s devices to communicate amongst themselves in addition to securely communicating with other users. When a device, logged in for a given user, is first used for a feature requiring cryptography identity, it automatically generates encryption and signing key pairs, a process called provisioning. These device key pairs will then be used to negotiate additional encryption key pairs shared between the users’ devices.

The components of a user’s identity can change over time, and it is important to keep track of these changes so that they are auditable. For this purpose, we introduce a data structure called a signed hashchain, or sighchain.

Finally, the device model is reflected in the user interface. Users are notified when new devices are added to their account.

Previous3.1 Non-Cryptographic Identity at ZoomNext3.3 Displaying Identity

Last updated 3 months ago

Previous3.1 Non-Cryptographic Identity at Zoom Next3.3 Displaying Identity