Detailed user flows and technical implementations for QuantumPass user management features. These flows maintain the zero-credential architecture while solving practical problems like device loss and access sharing without compromising security.
User installs QuantumPass app and completes initial device setup.
App uses react-native-biometrics to generate device-bound Ed25519 key pair in TEE/Secure Enclave.
Private keys are created and stored in hardware security modules, never exposed to the application.
Device verifies its security capabilities and integrity.
App performs hardware attestation using device attestation APIs to verify TEE/Secure Enclave integrity.
Ensures device meets security requirements and has not been tampered with or compromised.
User registers their biometrics (fingerprint/face) with the app.
Leverages react-native-biometrics to register and verify biometric credentials.
Biometric templates stored securely in device hardware, never transmitted to servers.
User provides basic information to create their QuantumPass account.
Creates anonymized user profile with zero PII using derived identifiers.
No username/password combination created - authentication is hardware-bound and zero-credential.
User configures recovery methods for account access backup.
Presents recovery options (backup device, trusted contacts, recovery codes) with security ratings.
Multiple recovery paths with different security properties give users flexibility without compromising security.
User connects their QuantumPass identity with service provider accounts.
Creates secure OAuth 2.0-style authorization flows with scoped access tokens.
Zero-knowledge proofs used to verify identity without revealing credentials.
User registers additional devices with secure device pairing.
QR code-based secure pairing using cryptographically signed device authorization.
Each device maintains independent hardware-bound keys with mutual authentication.
This implementation uses react-native-biometrics for hardware-backed biometric authentication and secure key storage in the device's TEE/Secure Enclave. All security-critical operations leverage hardware security modules to ensure private keys never leave secure hardware.
All authentication flows maintain QuantumPass's zero-credential model - no passwords or traditional credentials exist at any point.
Private keys are generated and stored in device secure hardware (TEE/Secure Enclave) and never exposed, even during device backup or recovery.