after authentication by password, a request for device authorization token can be sent to sever. and the server issue a token and bind the device with the token, also, the server returns the key which is used to content encryption to client.
after that, device can log into the server with {device token, device id, key}.
at stage 2, all the encryption/decryption can be done on the client side instead of server side, so that it's more security for clients content.
as the key is also kept at the client side, a reset to main key can be supported. after environment check, the client send the {NewKey, Encrypt(key, NewKey)} to the server. also , the server clear all the device tokens to require re-login
after authentication by password, a request for device authorization token can be sent to sever. and the server issue a token and bind the device with the token, also, the server returns the key which is used to content encryption to client.
after that, device can log into the server with {device token, device id, key}.
at stage 2, all the encryption/decryption can be done on the client side instead of server side, so that it's more security for clients content.
as the key is also kept at the client side, a reset to main key can be supported. after environment check, the client send the {NewKey, Encrypt(key, NewKey)} to the server. also , the server clear all the device tokens to require re-login