Direct From The Source Tuf
How Easy Connect Works
John Thekkethala, program Manager
Remote Assistance Team
The new Easy Connect feature simplifies Remote assistance by enabling a direct p2p transfer of the Remote assistance invitation using pNRp. When the User starts Remote assistance and selects Invite Someone You Trust To Help You and then Use Easy Connect, a Remote assistance invitation is created, encrypted, and published as a payload on a node in the pNRp cloud. This invitation will be retrieved by the Helper from the pNRp cloud and the information is used to establish a Remote assistance connection to the User.
When the invitation is created, a 12-character alphanumeric password is generated automatically and is displayed in the Tell Your Helper The Easy Connect password dialog box. The first time the User uses any particular Helper, the password must be relayed OOB to the Helper before the Helper can connect to the User's computer. The password is case insensitive and avoids characters and numbers that could look similar (such as I and 1, 5 and S, and 0 and O).
after the pNRp node has been created in the pNRp cloud, the User's computer waits for an incoming connection from the Helper's computer. This node will exist for 30 minutes before expiring and invalidating the invitation.
The Helper starts Remote assistance, selects Help Someone Who Has Invited You and then Use Easy Connect, and enters the password relayed OOB from the User. The Helper's computer uses the password to locate the pNRp node containing the User's invitation, grabs the payload (that is, the invitation), and decrypts it. Remote assistance uses the invitation to connect to the User's computer. Of course, after the Remote assistance connection has been established, the User must still provide explicit consent before his desktop is remoted.
When a Remote assistance session has been established using Easy Connect, the User and the Helper become trusted contacts of each other. The Remote assistance history store on each computer is used to maintain a list of records of trusted contacts that were established using Easy Connect. These records contain the following information for each trusted contact:
■ Computer name
■ User graphic (associated with the user logon account)
■ Date and time of connection
■ Public key of the connected user
Each history record identifies a specific user on a specific computer. a record is created only if each side of the connection has positive confirmation that the other side has received the user's entire contact info. Note that the Remote Assistance contact history does not include the user's role (User or Expert). This means that when trust is established between two user/computer pairs, either one of them may take the role of User and ask the other for assistance.
The next time the User tries to solicit assistance from the same Helper using Easy Connect, the User simply starts Remote Assistance and selects the Helper from the User's Remote Assistance contact list—no password is needed because the Helper is already trusted by the user. The Remote Assistance ticket is exchanged using Secure PNRP. All the User needs to do is notify the Helper that assistance is requested, and this can be done by telephone, IM, or any other OOB method.
After the User has notified the Helper that assistance is requested, the Helper starts Remote Assistance and selects the contact of the user. The Helper's computer uses Secure PNRP to retrieve the Remote Assistance invitation and the Remote Assistance session with the User is established without any password needing to be entered by the Helper.
Post a comment