SID-AUTH-05 — Wallet Unlock, Lockout, and PIN Security
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Authentication Controls |
Description
Wallet-level authentication and lockout controls separate from device unlock:
(1) Wallet instance implements its own unlock mechanism (PIN and/or biometric) independent of device-level access control. SHALL NOT rely solely on device unlock. (2) Deactivation after 5 consecutive failed unlock attempts in a controlled manner. (3) Local retry counter protected against reset attempts — detects brute-forcing or circumvention and deactivates wallet on detection. (4) When remote PIN validation (R2PS OPAQUE) is unavailable, limit the capability to present attestations. (5) PIN codes: guide user to select strong PINs; reject easily guessed PINs; mask PIN input; WSCA PINs SHALL have at least 6 digits; WSCA PINs SHALL NOT be stored on device; prevent PIN reuse on change.
R2PS OPAQUE provides server-side PIN validation with attempt counters. Local FIDO rawSign relies on authenticator-internal user verification. Wallet-level PIN currently exists but lockout and deactivation mechanisms are not implemented.
Components
- Wallet Frontend
- Wallet Backend (Go)
- R2PS Client
Source References
Framework Requirements
EUDI Security Requirements: WUH-8.3.1-Sec-01, WUH-8.3.1-Sec-02
FitCEM Wallet Instance: FIT-DS-13, FIT-AU-04, FIT-AU-05, FIT-AU-06, FIT-AU-09, FIT-AU-10