feat: Add Wallet Attestation request flow

italia · Mar 12, 2024 · da1c3af · da1c3af
1 parent df94850
commit da1c3af
Show file tree

Hide file tree

Showing 6 changed files with 388 additions and 216 deletions.
diff --git a/docs/en/defined-terms.rst b/docs/en/defined-terms.rst
@@ -39,10 +39,20 @@ Below are the description of acronyms and definitions which are useful for furth
      - All public and/or private entities, conforming to a technical profile and accredited by the Federation Authority, that provide citizens with an IT Wallet Instance.
    * - Wallet Attestation
      - Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance.
+   * - Wallet Attestation Request
+     - Format of the request sent by the Wallet Instance to the backend Wallet Provider to obtain a Wallet Attestation.
+   * - Wallet Secure Cryptographic Device
+     - Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and Strongbox.
    * - Credential Status Attestation
      - Verifiable Attestation proving that a related Digital Credential is not revoked.
-   * - Wallet Attestation Service
-     - Device manufacturer service that allows you to certify the authenticity of the mobile app (Wallet Instance).
+   * - Device Integrity Service
+     - Device manufacturer service that allows you to certify that the app instance (Wallet Instance) is intact and genuine and also allows you to certify that the private keys generated by the device are securely stored within the device's dedicated hardware. Please note that each manufacturer uses different terms to identify it.
+   * - Wallet Hardware Keys
+     - Pair of public and private keys generated by the Wallet Instance during app initialization. These keys remain valid throughout the entire lifespan of the Wallet Instance. Conceptually, the Wallet Hardware Keys serves as a personal device Master Key and, being part of the OS domain, cannot be used for signing any arbitrary payloads. The purpose of the Wallet Hardware Keys is to uniquely identify a Wallet Instance.
+   * - Wallet Hardware Key Tag
+     - Unique identifier of the Wallet Hardware Keys generated by the operating system and used to access the private key in the hardware.
+   * - Key Attestation
+     - Attestation signed by device OEM that gives you more confidence that the keys you use in your Wallet Instance are stored in a device's hardware-backed keystore
    * - Qualified Electronic Attestation of Attributes (QEAA)
      - A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes.
    * - Qualified Electronic Signature Provider
@@ -83,3 +93,5 @@ Acronyms
     - Application Programming Interface
   * - **LoA**
     - Level of Assurance
+  * - **WSCD**
+    - Wallet Secure Cryptographic Device