15C/ Discussion: Best Practice & Architecture for Cloud Enterprise Wallet
From IIW
Discussion: Best Practice & Architecture for Cloud Enterprise Wallet
Session Convener: Azeem Ahamed
Notes-taker(s): Markus Sabadello
Tags / links to resources / technology discussed, related to this session:
Cloud Wallet, Enterprise Wallet, Security
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
How can cloud wallets be secured, that store users' private keys?
Topics:
- Private keys could be encrypted twice - once with a key the server holds, and with a key the client holds
- Maybe a signature generated by FIDO/WebAuthn could serve as a seed for a client key that gets re-generated every time on the server
- Where/how do keys get generated and stored?
- How can keys be imported/exported?
- Use of key derivation functions
- Hierarchical deterministic keys (HD keys).. Keys can be less privileged than master keys
See image(s) for these notes in the IIWXXXIV Book of Proceedings here: