The permission structure for individual accounts in a Tonomy network is hierarchically organised as follows:

• Recovery Layer: This topmost layer consists of keys linked to the user's configured recovery mechanisms. These could be account delegations to trusted contacts for social recovery, keys derived from secret questions or hardware devices.

  • Passphrase: The primary account access key, generated using the secure Argon2 key derivation algorithm from a set of six randomly chosen, easily memorable words.

  • Biometrics: A securely generated key uniquely associated with the user's biometric challenge.

  • PIN: A securely generated key uniquely associated with the user's PIN challenge.

  • Liveness: An account delegation to the identity verification bridge enabling liveness checks.

  • Email and SMS OTP: An account delegation to the accounts service, facilitating email and SMS one-time password (OTP) verification.

  • Local: A securely generated key without an associated challenge, utilised for peer-to-peer messaging and challenge-less signatures.

On iOS and Android devices, all these private keys are stored within a secure hardware enclave.

As detailed in the respective section, a private key is randomly generated in the browser's storage during the single sign-on process. Upon user consent for login, the corresponding public key is added to the blockchain as a separate permission, defining the security scope of the key and its application-specific associations.