Wallet
The first two things a new user has to do before being able to use NextGraph, is to create a Wallet and select a Broker (and register with it).
About the broker, we described in the previous chapter about encryption, what a broker is.
You’ve heard of Wallets in the world of cryptocurrencies or in order to store new digital official identification documents.
A digital wallet is always used when we need to store some private encryption keys of the user. Those keys are too long and to hard to remember, so we store them in the wallet. Also, they can be many. But then, the Wallet has to be secure, and opening it needs to be protected by some password or something else that prevents unauthorized access. A wallet is also “local-first” by default, because it is something you keep on your device, and works without internet. Unlike SSO (single sign on) or OIDC that require a central server that stores users and credentials, a Wallet is much more decentralized and fits very well the needs of NextGraph.
We have designed a new wallet specially for our needs, and we have innovative features to show you!
A wallet should be unique to a physical human being. We cannot strictly enforce that, but we would like this rule to be respected, in order to simplify a bit the use cases. So we recommend each person to create only one Wallet for themselves.
Inside a Wallet, many Identities can coexist. A physical individual can create several identities for themselves inside the same wallet. By default, when the Wallet is created, a Personal identity is also created within it. That’s the default identity. Then, the individual can add more identities, that will be untraceable back to the wallet, meaning that each identity is unique and has no link to the wallet or to other identities within it. When interacting with other Users, if distinct Identities are used, there will be no way to correlate those distinct Identities, even if they are stored in the same Wallet. By example, one can use the default Personal identity for friends and family, but then create another identity for their professional interactions. it will be impossible for their coworker or boss to find out what is their personal identity, and vis versa. the number of additional identities is unlimited. They are stored in the wallet and just grows the size of the wallet. This feature guarantees total anonymity and separation of Identities. In NextGraph terminology, an Identity is the same as a User.
Then we also have the concept of an Organization.
An Organization is another type of Identity. It has the same content as a Personal Identity. But in addition, it has member Users, which are Individual Identities that have been associated with the Organization, in a similar way as with email addresses at individual@organization .
An Organization can also have sub-organization, in a hierarchical manner. as in organization/sub-organization .
An Organization has Owners, and the ownership can be transferred to other Identities, while this is not the case for Individual Identities that cannot be transferred.
Import and export
The wallet, once created on the first device where the user starts using NextGraph, stays there, on the device.
It is then possible to transfer this wallet to other devices that the user wants to use and login with.
This transfer (also called import and export of the wallet) can be done in 3 ways :
-
by scanning a QR-code that is displayed on one or the other device (depending on which device has a camera)
-
if no camera in any of the 2 devices, then we can use a TextCode, that needs to be passed from one device to another with existing means of transfer (like a messenger app)
-
if not applicable (user doesn’t want to use another messenger app), or if there is no internet, then the wallet can be transferred with a file. The file needs to be passed to the other device via USB key or USB cable connected to a mobile, by example. It is not recommended to upload the wallet file into a cloud service, as this could seriously compromise your security.
Once the wallet has arrived on a new device, everything works the same in the new device, and all the data is synced between those devices, transparently.
Pazzle and mnemonic
In order to protect your wallet from unauthorized access, we have decided not to use a password, because that would be too risky. We know very well that users do not choose secure password by themselves, because they need to remember such password, so it has to be simple.
The other opposite behaviour is to create a very secure password with a password generator, by example, and then store this very complex password in a password/keys manager. This is another problem, as it just transfers the security of the whole system to that “password manager” that we know have been found insecure so many times. the question of the transfer of such complex password from one device to another is another problem… and we wouldn’t have solved anything if we were to use passwords.
So.. here comes the Pazzle.
It is a contraction of Puzzle+password. Which means that it is like a puzzle that you need to reconstruct every time you want to login. And it is secure and randomly generated by us (and we do not let the user choose it).
The pazzle is composed of 9 images, that you will most likely remember after several tries.
It is also important to memorize the order of all the images (which ones come first). This is a bit harder to remember, but a simple way to deal with it is to tell yourself a small story that links all the images one to the next. Like: the elephant eats a banana and takes a plane to go play basketball with a fish, that eats blueberries under a palm tree …etc. The story is your pazzle, and you will not be able to choose it, but the way you tell it to yourself, is your own creativity ;)
Until you remember the pazzle, you can write it down on a piece of paper. And we guarantee you that after few logins, you will know it by heart very well.
There is also a mnemonic “passphrase” that is an alternative way to login into your wallet. This is a more classical way (similar to a long password). And people using a cryptocurrency wallet must be used to those (called BIP39). But as everybody knows, those passphrases are not easy to memorize.
We propose this option for those we have special needs (like programmers that need to enter in the wallet very quickly).
In general, we encourage you to use the pazzle instead. in the future, we will also implement the option to login with physical dongle/key that has been paired with the wallet.
The mnemonic can also be seen as a recovery passphrase. But be very careful where you save it. Anybody that finds your mnemonic or pazzle, and also has a hold on the wallet file or on a device that has the wallet already imported, can surely enter your account and read/write all your data.
So the best is not to store those things on your device/computer/phone, but instead, to keep them offline, in a paper form.
We also help you with that by providing a Recovery PDF file that contains all the information of your wallet, in a PDF form that you can print, and keep somewhere in your drawer or in a secret place.
In any case, we at NextGraph cannot see your pazzle, mnemonic, or wallet file, as it always stays local. And we never see it passing (except when you transfer using QRcode or TextCode, but in those cases, it is re-encrypted again and only kept on our server for 5 minutes).
Now that you created your wallet and that you entered for the first time into the App, let’s discover together what this App contains and how it is organized.