SDTP (Safe Data Transfer Protocol) It is a kind of secure, privacy-protected and efficient data exchange method for different service providers (each of which manages different users) when transmitting data on the Internet.

SDTP is a set of rules for transferring data from the source address to the destination address, which controls the way the data is transferred.

SDTP (Safe Data Transfer Protocol) It is a kind of secure, privacy-protected and efficient data exchange method for different service providers (each of which manages different users) when transmitting data on the Internet.

Based on data security, privacy protection and the elimination of spam, Avanna, Psycho Zhang, Simon Yan, Jonne Mao proposed a new Internet data interaction mode protocol in February 2019, including mail delivery and other modes of data interaction. From the authentication of user information, the generation of information, to the complete arrival of the final data, all of them are implemented by zero-knowledge proof. It completely eliminates the possibility of the generation of spam and data being hacked or falsified by a hacker or service provider. Even after user data and communication data are maliciously stolen or intercepted, the data is still safe and protected for the user, and completely useless to the attacker.


Protocol

edit

SDTP supports the implementation of http and https. There are only 11 interfaces in total:

• Get session
• Create user authorization
• Get notification information
• Delete notification information
• Get data that arrives but not read
• Marked arrived data as read or deleted
• Get the download method of the arrived data information
• Request read access to arrived data information
• Send a data notification to the target
• Send data or data fragments to the target
• Send more data or data fragments to the target

SDTP Communication example

edit
Alice, a user belonging to the Gogo service provider, sends a message to the user Bob who belongs to the YaHo service provider.
①Alice submits the message content to Gogo's server for storage.
②Alice uses the signature authorization provided by Bob, and gives Bob a message on the YaHo server and notifies Bob.
③Bob gets his own notification message and knows that Alice has data to send to himself.
④Bob holds the signature authorization that Alice provides to him and goes to the Gogo server to get the information.
In the process of information transfer between Gogo and YaHo, only the data segments are stored, so no spam is generated. Moreover, Gogo and YaHo cannot know the content during the process of sending and receiving data information, thus ensuring the privacy of the user.

Implementation of SDTP

edit
Based on the combination of zero-knowledge proof and asymmetric encryption, a privacy-protected, secure, spam-free mail communication system is implemented. The implementation is open source on github (https://github.com/maikejonne), including server implementations and client-side demo.


SDTP is data secure

edit
Based on the zero-knowledge proof, the information sent or received by the user is discrete. Even if the user belongs to the same service provider, the data cannot be reorganized. Therefore, even if the service provider's disk is lost, it cannot provide normal and legitimate services. In this case, the data is also of no analytical value.

SDTP is privacy protected

edit
User authentication based on zero-knowledge proof. Because the service provider does not authenticate in the usual account-password mode, but verifies the signature provided by the user, the service provider does not have the user's account number and password, and thus no user data can be leaked. Unless the service provider asks the user for more, non-essential user privacy information.

SDTP is multi-centered

edit
When the SDTP communication data is attacked, for example, the service provider maliciously denies the service or the message is intercepted by the hacker, the track will be left and the user will be notified. The multi-centered service provider model ensures that the rights of users are not deprived. It is similar to the biller mechanism in Bitcoin, which unless all possible nodes do not accept a transaction for an address.

Document

edit


Category:Computer security