15C/ Discussion: Best Practice & Architecture for Cloud Enterprise Wallet

From IIW

Discussion: Best Practice & Architecture for Cloud Enterprise Wallet


Session Convener: Azeem Ahamed

Notes-taker(s): Markus Sabadello

Tags / links to resources / technology discussed, related to this session:

Cloud Wallet, Enterprise Wallet, Security


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

How can cloud wallets be secured, that store users' private keys?


Topics:

  • Private keys could be encrypted twice - once with a key the server holds, and with a key the client holds
  • Maybe a signature generated by FIDO/WebAuthn could serve as a seed for a client key that gets re-generated every time on the server
  • Where/how do keys get generated and stored?
  • How can keys be imported/exported?
  • Use of key derivation functions
  • Hierarchical deterministic keys (HD keys).. Keys can be less privileged than master keys


See image(s) for these notes in the IIWXXXIV Book of Proceedings here:

https://internetidentityworkshop.com/past-workshops/