Here we provide an example of how the user fills the questionnaire to obtain protocol (
2). Notice that the sequence of the reported questions only represent a specific path in the interpretation tree.
1.
What is your 1st operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated
-
(a) Where are the secret credentials stored?
-

On a physical support (e.g., a piece of paper)
-

Nowhere, I remember them
2.
What is your 2nd operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated
-
(a) Is the device personal? Can you use others’ devices?
-

Yes, it is personal
-

No, they are all exchangeable
-
(b) Among the followings, what do you need to use the device?
-

I must insert a secret code/pin
-

I must scan a part of my body (e.g., my fingerprint)
-

Nothing
-
(c) Is your device connected to something?
-

Yes, to my PC (e.g., through a USB cable)
-

Yes, to the internet (e.g., through the WiFi)
-

No, it is isolated
-
(d) Does it read some sort of input code?
-

Yes, it scans an optic code (e.g., barcode or QR code)
-

Yes, I personally digit it (e.g., a code displayed on a website)
-

No
-
(e) Does it recap the ongoing operation and ask for your confirmation?
-

Yes (e.g., “Your are paying
x$ to
y. Confirm?”)
-

No
-
(f) Does it return some code that you have to copy somewhere?
-

Yes
-

No
3.
What is your 3rd operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated.
What is your 1st operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated
-
(a) Where are the secret credentials stored?
-

On a physical support (e.g., a piece of paper)
-

Nowhere, I remember them

I insert some secret credentials (e.g., a password on a website)

I use a device (e.g., a card reader)

I use a software (e.g., an app on my smartphone)

I send/receive something on my mobile phone (e.g., an SMS)

None, I am authenticated
(a) Where are the secret credentials stored?
-

On a physical support (e.g., a piece of paper)
-

Nowhere, I remember them

On a physical support (e.g., a piece of paper)

Nowhere, I remember them
What is your 2nd operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated
-
(a) Is the device personal? Can you use others’ devices?
-

Yes, it is personal
-

No, they are all exchangeable
-
(b) Among the followings, what do you need to use the device?
-

I must insert a secret code/pin
-

I must scan a part of my body (e.g., my fingerprint)
-

Nothing
-
(c) Is your device connected to something?
-

Yes, to my PC (e.g., through a USB cable)
-

Yes, to the internet (e.g., through the WiFi)
-

No, it is isolated
-
(d) Does it read some sort of input code?
-

Yes, it scans an optic code (e.g., barcode or QR code)
-

Yes, I personally digit it (e.g., a code displayed on a website)
-

No
-
(e) Does it recap the ongoing operation and ask for your confirmation?
-

Yes (e.g., “Your are paying
x$ to
y. Confirm?”)
-

No
-
(f) Does it return some code that you have to copy somewhere?
-

Yes
-

No

I insert some secret credentials (e.g., a password on a website)

I use a device (e.g., a card reader)

I use a software (e.g., an app on my smartphone)

I send/receive something on my mobile phone (e.g., an SMS)

None, I am authenticated
(a) Is the device personal? Can you use others’ devices?
-

Yes, it is personal
-

No, they are all exchangeable

Yes, it is personal

No, they are all exchangeable
(b) Among the followings, what do you need to use the device?
-

I must insert a secret code/pin
-

I must scan a part of my body (e.g., my fingerprint)
-

Nothing

I must insert a secret code/pin

I must scan a part of my body (e.g., my fingerprint)

Nothing
(c) Is your device connected to something?
-

Yes, to my PC (e.g., through a USB cable)
-

Yes, to the internet (e.g., through the WiFi)
-

No, it is isolated

Yes, to my PC (e.g., through a USB cable)

Yes, to the internet (e.g., through the WiFi)

No, it is isolated
(d) Does it read some sort of input code?
-

Yes, it scans an optic code (e.g., barcode or QR code)
-

Yes, I personally digit it (e.g., a code displayed on a website)
-

No

Yes, it scans an optic code (e.g., barcode or QR code)

Yes, I personally digit it (e.g., a code displayed on a website)

No
(e) Does it recap the ongoing operation and ask for your confirmation?
-

Yes (e.g., “Your are paying
x$ to
y. Confirm?”)
-

No

Yes (e.g., “Your are paying
x$ to
y. Confirm?”)

No
(f) Does it return some code that you have to copy somewhere?
-

Yes
-

No

Yes

No
What is your 3rd operation?
-

I insert some secret credentials (e.g., a password on a website)
-

I use a device (e.g., a card reader)
-

I use a software (e.g., an app on my smartphone)
-

I send/receive something on my mobile phone (e.g., an SMS)
-

None, I am authenticated.

I insert some secret credentials (e.g., a password on a website)

I use a device (e.g., a card reader)

I use a software (e.g., an app on my smartphone)

I send/receive something on my mobile phone (e.g., an SMS)

None, I am authenticated.