German implementation of eIDAS will require an Apple/Google account to function
17 hours ago
- #authentication assurance
- #vulnerability management
- #mobile security
- The Wallet Unit uses public/private key pairs to bind authentication means to identification methods like the PID, ensuring security against high-attack-potential threats, as required for assurance level high under EU regulations.
- Authentication means assure protection against key store duplication/tampering and secure user authentication mechanisms, with the former achievable via HSM-based RWSCD and the latter dependent on mobile device security, involving a possession factor (HKS) and a knowledge factor.
- Mobile Device Vulnerability Management (MDVM) monitors vulnerabilities in HKS and OS to reduce exploitation risks, preventing key use if vulnerabilities compromising authentication are identified, ensuring continued validity of the Wallet Bank's confirmation to the Payment Provider.
- MDVM functions include verifying device/app security posture, identifying device class, verifying vulnerabilities for device classes, and deciding on device/app usage based on security and vulnerability information.
- Collected signals from sources like KeyAttestation, PlayIntegrity, iOS DC Device Check, LPADB, DCVDB, and RASP address threats such as rooting, app tampering, emulation, and replay attacks, with details on specific signals, enforcement, and mitigations for Android and iOS platforms.