Difference between revisions of "App Instance Security"
From MgmtWiki
(→References) |
(→References) |
||
| Line 13: | Line 13: | ||
==References== | ==References== | ||
| + | * See the wiki page on [[Wallet Instance Attestation]] | ||
[[Category: Security]] | [[Category: Security]] | ||
Latest revision as of 17:45, 28 October 2024
Full Title or Meme
Description of the measures that can be taken to secure an application that has access to keys protected by a device's operating system with Threat Model issues.
Context
Problems
- How can we be sure that the app is who it says it is?
- How can we be sure that the hardware protection is secure and is used by the app?
Solutions
Native apps that want to be able to attest to their access to a secure place to store an instance ID and key will immediately forward a CSR and acquire a key certificate prior to performing any secure operation.
References
- See the wiki page on Wallet Instance Attestation
