Meeting the Challenges of Securing the EUDI Wallet with a High Level of Assurance: an Overview of Deployment Solutions.

In the next three years, the twenty seven states of the European Union (EU) will have to finalize the implementing acts for the eIDAS2 regulation and issue digital identity wallets to their citizens. Although the Architecture Reference Framework (ARF) defined by the EU expert group has clearly identified mandatory standards for several parts of the wallet, such as the credentials formats, or the verification or presentation protocols, it has not mandated standards on how to secure of the wallet credentials, sensitive data and key materials.
The ARF has identified use cases requiring a high level of assurance (LoA) in terms of security, such as the provisioning of the Personal Identification Data (PID) or the use of qualified signature, as well as possible means to ensure this high LoA: with secure elements embedded into the mobile device, with external electronic identity documents accessed by communication channels such as Near Field Communication (NFC), or with the use of remote Hardware Security Modules.
Today, the vast majority of mobile devices are embedding secure elements and trusted execution environments that already provide certified high level of security for several use cases such as secure connectivity, payment, ticketing, or digital keys. These secure elements are deployed on billions of mobile devices, and are based on recognized standards such GlobalPlatform Secure Element or Trusted Execution Environment specifications.
This presentation will give an overview of the different security standards and technologies available in mobile devices, and how they can be applied for securing digital identity wallets. Besides the secure storage and secure execution environment aspects, this presentation will also address secure provisioning of wallet applications, credentials and sensitive data, as well as their security certification. It will bridge the gap between the high level requirements of security and the possible deployment scenarios that will enable digital identity wallet to enjoy the same level of security as existing proven and largely deployed solutions.