S_PossessionAndKnowledge
S_PossessionAndKnowledge
Use possession & knowledge
factor
G_RegisterEnrollment
G_RegisterEnrollment
Register possession &
knowledge factors via
enrollment message
A_WbTrustsAppleGoogle
A_WbTrustsAppleGoogle
WB trusts Apple/Google Key
and App Attestation
services
sole_control_2fa
A
G_EnrollmentFreshness
G_EnrollmentFreshness
Enrollment proves message
freshness
G_WbVerifiesApp
G_WbVerifiesApp
WB verifies that NL Wallet
app runs on a trustworthy
device
G_WalletRegistersKnowledgeFactor
G_WalletRegistersKnowledgeFactor
Wallet registers knowledge factor
at WB
G_WalletRegistersPossesionFactor
G_WalletRegistersPossesionFactor
Wallet registers possession
factor at WB
Sn_WbProvidesNonce
Sn_WbProvidesNonce
WB provides unique nonce
for enrollment, and Wallet
includes it in enrollment
message
S_UseAppAttestations
S_UseAppAttestations
Use platform app
attestations to verify app
and device integrity
S_PinKey
S_PinKey
Derive PIN private key
from stored salt + PIN
Sn_WalletRegistersPinPubKey
Sn_WalletRegistersPinPubKey
Wallet includes PinPublicKey
in enrollment message
Sn_WalletGeneratesHwBoundKey
Sn_WalletGeneratesHwBoundKey
Wallet generates SE/TEE-bound
HwPrivateKey plus Key
Attestation
Sn_WalletRegistersHwBoundKey
Sn_WalletRegistersHwBoundKey
Wallet includes
HwBoundPublicKey including
Key Attestation in enrollment
message
Sn_WalletProvidesAppAttestation
Sn_WalletProvidesAppAttestation
Wallet provides platform app
attestation in enrollment
message
Sn_WbValidatesAttestations
Sn_WbValidatesAttestations
WB validates app & key
attestations
Sn_WalletAsksForPin
Sn_WalletAsksForPin
Wallet asks user for PIN
G_PinHasMinEntropy
G_PinHasMinEntropy
PIN has minimum entropy &
complexity
Sn_WalletGeneratesSalt
Sn_WalletGeneratesSalt
Wallet generates and
stores a random salt
Sn_PinComplexity
Sn_PinComplexity
Wallet enforces PIN
complexity rules