Include other wscd technologies

italia · Mar 25, 2024 · c19cebf · c19cebf
1 parent 7aae53b
commit c19cebf
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/docs/en/defined-terms.rst b/docs/en/defined-terms.rst
@@ -38,7 +38,7 @@ Below are the description of acronyms and definitions which are useful for furth
    * - Wallet Attestation
      - Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance.
    * - Wallet Secure Cryptographic Device
-     - Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and Strongbox.
+     - Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. A WSCD MAY implement an association proof in different ways. This largely depends on the implementation of the WSCD for example: remote HSM, external smart card, internal UICC, internal native cryptographic hardware, such as the iOS Secure Enclave or the Android Hardware Backed Keystore or StrongBox
    * - Credential Status Attestation
      - Verifiable Attestation proving that a related Digital Credential is not revoked.
    * - Device Integrity Service

diff --git a/docs/en/wallet-attestation.rst b/docs/en/wallet-attestation.rst
@@ -25,11 +25,13 @@ The following requirements for the Wallet Attestation are met:
 - The Wallet Attestation MUST NOT contain any information that can be used to directly reference the User.
 - The Wallet Instances MUST secure a Wallet Attestation as a prerequisite for transitioning to the Operational state, as defined by `ARF`_.
 - The private keys MUST be generated and stored in the WSCD following different approaches:
-  - internal
-  - external
+
+  - **Internal WSCD**: The WSCD here is solely based on the native cryptographic hardware of the User device, for instance the (iOS) Secure Enclave or the (Android) Hardware Backed Keystore or Strongbox.
+  - **External WSCD**: The WSCD here is based on a remote Hardware Security Module (HSM) hosted by (or on behalf of) the Wallet Provider or is a chip external to the User device, e.g., a smart card based on GlobalPlatform, and supporting JavaCard.
+  - **Hybrid WSCD**: The WSCD here is based on a dedicated, internal chip integrated in the User device, e.g. an eUICC based on GlobalPlatform, and supporting JavaCard.
 
 .. warning::
-  The implementation profile specification, that will be given below, MUST support only the Internal WSCD. Future versions of this specification MAY include other approaches depending on the AAL required.
+  The implementation profile specification, that will be given below, MUST support only the **Internal WSCD**. Future versions of this specification MAY include other approaches depending on the `AAL` required.
 
 Static Component View
 ---------------------