or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeAries RFC 0xxx: Device Binding 0.1
Summary
Describe a standard way for issuers and holders to perform a device binding preliminary to the issuance process.
Motivation
Device Binding is a building block for the wallet security that enables a high level in the differential credential security model by anchoring a hardware-generated public key to the credential. This hardware-generated key might originate from TEE, SecureEnclave, Secure Elements or TPMs. Device binding is always to be understood as an optional feature for improved wallet security. Device binding is intended to fulfill higher requirements for regulated use cases.
Tutorial
This protocol provides an implementable process for the specification and guidance provided by the DIF Wallet Security working group and its device binding work item.
Roles
There are two roles in this protocol: the Issuer requesting and validating the device binding and the Holder generating and providing the hardware-backed key and additional meta information. The control flow is stateless.
Messages
This protocol defines two messages:
Device Binding Request
The device binding interaction begins with the Issuer sending a request with the following schema:
Description:
@type: DIDComm protocol identifier@id: Identifier of the messagecomment: Human readable commentrequests: Array of device binding requestsrequests.acceptedKeyStorage: Ordered list of references to key store mechanisms accepted and preferred by the issuerDevice Binding Response
The Holder can process the device binding request and repond with the following schema:
todo: define attachments for iOS and SecureElement
The usage and further processing of the hardware-backed key material might differentiate. The following are suggestions:
did:key:<multibasekey>in theproof.verificationMethodattributedid:key:<multibasekey>in a standardized attribute with namehardwareDidThe latter can be proven together with a Present Proof v1/2 with the following complementary DIDComm messages:
Device Binding Proof Request
Device Binding Proof Response
Implementations
The following lists the implementations (if any) of this RFC. Please do a pull
request to add your implementation. If the implementation is open source,
include a link to the repo or to the implementation within the repo. Please be
consistent in the "Name" field so that a mechanical processing of the RFCs can
generate a list of all RFCs supported by an Aries implementation.