Nice job! It looks like the security of the protocol depends on how good communication channels are protected ( I suppose You assumes protection by HTTPS or any other server authentication and channel encryption), otherwise, malicious actors may listen and/or spoof the protocol messages. My question is do You plan to use the Hive chain to hold information about the valid HAS servers and their public keys/certificates, or the system will depend on external certification entities ? I mean the App may ask the Hive Blockchain for a list of valid HAS servers and all the information required to establish a secure connection with them.
RE: Hive Authentication Services - Protocol description