Discovery and Pairing

How nodes find and trust each other

Discovery and Pairing

How OctoMY™ nodes find each other and establish trust relationships.

Did You Know?

The separation between discovery and pairing was inspired by Bluetooth's design, but taken further. In OctoMY™, discovering a node is purely technical - it just means "I can see you exist." The human decision of whether to trust that node is completely separate, and can be changed at any time without re-discovery.

Two separate processes

Discovery and pairing are intentionally separate:

Process Type Purpose
Discovery Automatic Find nodes, exchange cryptographic identities
Pairing Manual User assigns trust levels to discovered nodes

This separation means:

  • Discovered nodes remain discovered regardless of trust status
  • Users can trust/distrust/re-trust nodes freely
  • Discovery records persist until explicitly removed

Discovery

Discovery is the automatic process of finding nodes and establishing secure identity verification.

Step 1: Establish physical proximity

Nodes prove physical proximity through one of these methods (in order of security):

Method Security Description
NFC Highest Near-field requires touching devices
QR Code High Camera scan implies visual contact
Bluetooth Medium Short range implies nearby
Zoo/GPS Low GPS coordinates with expiring signatures
LAN Lowest Same network gateway

Step 2: Exchange identities

Once proximity is established:

Discovery Key Exchange

Step 3: Verify identities

Challenge/response proves each node controls its private key:

Discovery Challenge Response

Step 4: Display identicons

Both nodes display their identicons (visual representations of cryptographic identity) for user verification.

Identicons Display

Pairing

Pairing is the manual process where users assign trust to discovered nodes.

The user's role

After discovery, the user must:

  1. Verify identity - Compare identicons on both devices
  2. Assess trustworthiness - Is this the expected node?
  3. Assign trust level - Choose appropriate permissions

Trust assignment

Discovered Node: "Blue Spark"
Identicon: [████░██]

Select trust level:
  ○ Block      - No communication
  ○ Ignore     - Silently discard
  ○ Meet       - Discovery only
  ○ Handshake  - Can establish sessions
  ● Trust      - Normal operation
  ○ Depend     - Full trust

Trust properties

  • Asymmetric - A trusting B doesn't mean B trusts A
  • Per-node - Each relationship is independent
  • Changeable - Trust can be adjusted anytime
  • Logged - Changes create audit trail

Discovery methods in detail

NFC discovery

Strongest security guarantee through physical contact:

  1. Devices touch (NFC range ~4cm)
  2. Keys exchanged via NFC
  3. Full identity verification
  4. User confirms on both devices

QR code discovery

Camera-based discovery with visual confirmation:

  1. Node A displays QR code containing public key
  2. Node B scans with camera
  3. Node B sends its key via network
  4. Challenge/response verification
  5. Both users verify identicons

Bluetooth discovery

Proximity through radio range:

  1. Both nodes enable Bluetooth discovery
  2. Keys exchanged over Bluetooth
  3. Challenge/response verification
  4. Users verify identicons

Zoo discovery

For nodes not on the same network:

  1. Both nodes register with Zoo service
  2. GPS coordinates exchanged (with expiry)
  3. Zoo facilitates key exchange
  4. Users verify through separate channel

LAN discovery

For nodes on the same local network:

  1. UDP broadcast announces presence
  2. Nodes respond with public keys
  3. Challenge/response verification
  4. Users verify identicons

Security considerations

Why separate discovery and pairing?

  • Discovery is technical - Proves cryptographic identity
  • Pairing is human - User decides trust level
  • Separation prevents automation - Trust requires human judgment

Multi-factor options

For additional security:

  • SMS verification code
  • Email confirmation
  • Shared secret entry
  • Physical token exchange

Removing discovery records

Removing discovery records is an advanced operation:

  • Typically only needed for debugging
  • Node will need to be re-discovered
  • Useful if keys are compromised

Common scenarios

Pairing a new robot

  1. Start Agent on robot, Remote on phone
  2. Both on same WiFi → LAN discovery finds them
  3. Verify identicons match on both screens
  4. Set trust to "Trust" on both devices
  5. Robot and controller are paired

Adding a second controller

  1. New Remote discovers existing Agent
  2. Existing operator verifies new Remote's identity
  3. Agent operator grants trust to new Remote
  4. New Remote can now control Agent

Revoking access

  1. Open paired node in address book
  2. Change trust level to "Block"
  3. Node can no longer communicate
  4. Can be re-trusted later if needed
In this section
Topics
explanation concepts discovery pairing security
See also