SID-DATA-10 — Wallet Backup Security
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Data Protection Controls |
Description
Wallet backup and credential transfer between wallet instances:
(1) Backups SHALL be encrypted with keys accessible only to the legitimate wallet user — not to the wallet provider or cloud storage provider. (2) Sensitive and critical assets (private keys, WSCA credentials, device-bound secrets) SHALL NOT be included in backups. (3) Transaction/audit logs SHALL be included in backups to preserve the user's activity record. (4) Backup format SHALL support credential metadata and non-device-bound attestation transfer to a new wallet instance. (5) Backup integrity SHALL be cryptographically verified on restore.
Not yet implemented — no backup mechanism exists. Design must account for device-bound vs transferable credential separation.
Components
Framework Requirements
FitCEM Wallet Instance: FIT-DS-14, FIT-DS-15
ISO 27001 Annex A: A.8.10