Pin validation is comprised of two steps, first of the local pin validation (when configuring the wallet) to prevent users from selecting a trivial pin. Secondly the remote pin validation, where the user provided pin is compared with the previously registerd pin by the wallet_provider.
This diagram illustrates the local validation that happens when the user configures a new pin, to make sure the user does not select a trivial pin like 000000.
sequenceDiagram
%% Force ordering by explicitly setting up participants
actor user
participant platform
participant wallet_app
participant wallet_core
participant wallet_provider
title Local Pin Validation [3.1]
user->>wallet_app: enter new pin
activate user
wallet_app->>wallet_core: validate pin
alt pin invalid
wallet_core-->>wallet_app: pin error
Note over wallet_core,wallet_app: TooFewUniqueDigits,<br/>SequentialDigits, Other
wallet_app->>user: render error & request new pin
else pin valid
wallet_core-->>wallet_app: pin success
wallet_app->>user: render success
end
deactivate user
This diagram illustrates the remote validation, this occurs when the user has already configured her wallet and is e.g. trying to log in to the app.
sequenceDiagram
%% Force ordering by explicitly setting up participants
actor user
participant platform
participant wallet_app
participant wallet_core
participant wallet_provider
title Remote Pin Validation [3.2]
user->>wallet_app: enter existing pin
activate user
wallet_app->>wallet_core: unlock(pin)
wallet_core->>wallet_core: getRegistration()
alt no registration
wallet_core-->>wallet_app: NotRegistered
wallet_app->>user: show not registered
end
par sign challenge request
wallet_core->>wallet_core: createChallenge(incrementAndStore(sequenceNumber))
wallet_core->>platform: sign(challengeRequest)
platform->>platform: signWithHwKey(challengeRequest)
platform-->>wallet_core: signedChallengeRequest
end
wallet_core->>wallet_provider: requestChallenge(signedChallengeRequest)
opt server error
wallet_provider-->>wallet_core: server error
wallet_core-->>wallet_app: error
wallet_app->>user: show server error
end
wallet_provider-->>wallet_core: challenge
par sign instruction
wallet_core->>wallet_core: signWithPinKey(pin, challenge, incrementAndStore(sequenceNumber))
wallet_core->>platform: sign(pinSignedInstruction)
platform->>platform: signWithHwKey(pinSignedInstruction)
platform-->>wallet_core: doubleSignedInstruction
end
wallet_core->>wallet_provider: instruction(doubleSignedInstruction)
opt server error
Note over wallet_provider,user: same as server error above
end
wallet_provider-->>wallet_core: result
alt error
wallet_core-->>wallet_app: pin error
Note over wallet_core,wallet_app: IncorrectPin,<br/>Timeout, Blocked
wallet_app->>user: render error & request new pin
else success
wallet_core-->>wallet_app: success
wallet_app->>user: render unlocked
end
deactivate user