Mobile Hand-off: "Temporary Drive" (Secure Blind Drop)

This workflow implements a Temporary Drive pattern. This is designed for high-security environments where the mobile device (Customer's phone or Staff's BYOD) is untrusted or the communication channel (QR code) might be intercepted.

Core Security Principles

1. Write-Only Access (Blind Drop): The scanning device (Mobile) gets a token that allows putting files into the bucket but strictly denies listing or reading files. Even if the user uploads a file, they cannot download it back.
2. Origin Tagging: All files are tagged with origin: handoff. This allows the system to distinguish between files uploaded via the main app (trusted) and files from the temporary drive (potentially untrusted/needs sanitization).
3. Authenticated Read: Only the Desktop client (Staff), which holds a valid authenticated session, can see the files appearing in real-time.

Sequence Diagram

Usage Flow

1. Staff initiates "Requests Files" on Desktop.
2. System generates a unique HandoffSession and QR code.
3. Staff/Customer scans QR with Mobile.
4. Mobile sees a simple upload screen ("Drop files here"). No historical data is shown.
5. User uploads files.
6. Desktop updates in real-time as files arrive. Staff reviews and "Accepts" them into the permanent record.