Application Scope

On this page, you will learn about:

  1. The general context and scope of the Keychain Core system

  2. Delimiters of the system from its neighboring systems and users

  3. External interfaces shown from a business / domain perspective

Scope

The primary functionality of Keychain Core is to produce cipher text from application-level data, recover the original plaintext data, and to enable the user to define trust relationships to perform these data operations with multiple counter parties. The scope of Keychain Core is designed specifically to maximize the ease with which this Keychain functionality may be integrated into a wide range of existing applications and architectures.

Delimiters

  1. Keychain does not require a specific storage medium or location of the application-level plaintext and cipher text.

  2. Keychain Core does not store the application-level data in plaintext.

  3. Keychain Core does not archive cipher text, except when application-consensus functionality is turned on. Some Keychain solutions such as Keychain CAT provide cipher text archiving.

  4. Keychain Core does not require a specific choice of data transmission services (although an optional middleware service is typically made available to Keychain partners).

  5. Keychain Core does not interpret application-level data.

  6. Keychain Core does not modify application-level data with the exception of some developer-controlled localization functionality.

The above define the delimiters of responsibility between Keychain and external interfaces.

Business and domain-specific responsibilities that Keychain

Responsibility Description

Business logic

Based on the cryptographic validation of data done by Keychain, the Keychain partner utilizes their internal systems to route, process, interpret the application-level data

Data presentation

Partner applications present and format the data to the user. For example, a digitally signed document will be displayed by an external application for the user with some indication as to wether the signature is valid.

Data storage

Keychain partners may choose any data store for the destination of Keychain-secured data, whether it be a file, a server, a cloud bucket, or a database field.

User experience

The partner application renders Keychain state changes (such as data signature validity and the state of personas) in a user-friendly manner.

Branding

Partners may set their own branding in the end-user application, being that the Keychain SDK displays no application-level branding, with the exception of log file entries.

Semantic interpretation

Interpretation of the presence of digital signatures and their validity state is left to the partner. For example, a valid digital signature on a network message might be interpreted as receipt confirmation, whereas a valid signature on a corporate workflow form might be interpreted as binding approval by the user.

External Interfaces

External technical components that are supplied by the user:

  1. Hardware including volatile memory, persistent data storage, and general-purpose computational units, and optional hardware security modules

  2. Operating system with network, threading, domain-protection services

  3. Network connectivity

  4. Data storage