Difference between revisions of "Verified Wallet"

From MgmtWiki
Jump to: navigation, search
(Requirements)
(Requirements)
Line 23: Line 23:
 
# Trusted Service Provider
 
# Trusted Service Provider
 
===Requirements===
 
===Requirements===
These are the requirements that a wallet [[Software Assessment Criteria]] should ensure.
+
These are the requirements that a wallet [[Software Assessment Criteria]] MUST ensure.
 
# Store in protected storage a user credential that can be used to authenticate the holder to a service provider.
 
# Store in protected storage a user credential that can be used to authenticate the holder to a service provider.
 +
# Bind the wallet to one (or more) Trust Authorities.
 +
# Validate any service provider to be sure that it is trusted by the
  
 
==References==
 
==References==

Revision as of 08:33, 21 September 2021

Full Title or Meme

A Verified Wallet is a piece of software that can be installed on a mobile computing device with a Secure Enclave that an App Assessor has determined to meet the Software Assessment Criteria for protecting user data both on-site and in-flight.

Context

Existing Regulations

The FTC issued the Health Breach Notification Rule, on 2009-08-17 which requires vendors of personal health records and related entities to notify consumers, the FTC, and, in some cases, the media when that data is disclosed or acquired without the consumers’ authorization. Over a decade later, health apps and other connected devices that collect personal health data are not only mainstream—and have increased in use during the pandemic—but are targets ripe for scammers and other cyber hacks. Yet, there are still too few privacy protections for these apps.

Solutions

A set of Software Assessment Criteria that can be tested to verify that a wallet can be installed on a mobile device so that user's perusal data (Healthcare or other) will be protected from disclosure.

Terminology

  1. Subject
  2. Holder
  3. Trust Authority
  4. Trusted Service Provider

Requirements

These are the requirements that a wallet Software Assessment Criteria MUST ensure.

  1. Store in protected storage a user credential that can be used to authenticate the holder to a service provider.
  2. Bind the wallet to one (or more) Trust Authorities.
  3. Validate any service provider to be sure that it is trusted by the

References