{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,10]],"date-time":"2026-05-10T07:26:04Z","timestamp":1778397964502,"version":"3.51.4"},"reference-count":40,"publisher":"Springer Fachmedien Wiesbaden GmbH","issue":"2","license":[{"start":{"date-parts":[[2023,3,14]],"date-time":"2023-03-14T00:00:00Z","timestamp":1678752000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,3,14]],"date-time":"2023-03-14T00:00:00Z","timestamp":1678752000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Bundesministerium f\u00fcr Wirtschaft und Klimaschutz","award":["01MN21002K"],"award-info":[{"award-number":["01MN21002K"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["HMD"],"published-print":{"date-parts":[[2023,4]]},"abstract":"<jats:title>Zusammenfassung<\/jats:title><jats:p>Dezentrale Identit\u00e4ts\u00f6kosysteme bieten vielversprechende L\u00f6sungen f\u00fcr vielf\u00e4ltige Anwendungen in der Privatwirtschaft und \u00f6ffentlichen Verwaltung. Die Anwendungen haben dabei sehr unterschiedliche Bed\u00fcrfnisse und regulierte Umgebungen stellen hohe Sicherheitsanforderungen an die <jats:italic>wallet<\/jats:italic> und die von ihr verwalteten <jats:italic>credentials.<\/jats:italic> Gleichzeitig bietet der Smartphone-Markt ein fragmentiertes Feld an Sicherheitsl\u00f6sungen. Wir untersuchen die sicherheitstechnischen Voraussetzungen einer mobilen, nativen Wallet-Architektur f\u00fcr selbstbestimmte Nutzende und bewerten die vorhandenen sicherheitstechnischen L\u00f6sungsbausteine f\u00fcr hardwaregebundene Schl\u00fcsselspeicher, Biometrie sowie Gegebenheiten der Betriebssysteme Android und iOS. Die regulatorischen Anforderungen werden durch Ma\u00dfnahmen wie Ger\u00e4tebindung, Nutzerbindung sowie Authentisierung der <jats:italic>wallet<\/jats:italic> und der anfragenden Partei adressiert. Wir analysieren und bewerten die verschiedenen Varianten und Auspr\u00e4gungen und leiten daraus einen interoperablen und privatsph\u00e4reorientierten Prozess f\u00fcr die vertrauensw\u00fcrdige Ausstellung und Verifikation von Identit\u00e4tsnachweisen ab und beschreiben das zugrunde liegende Vertrauensmodell. Wir diskutieren die Vorteile und Nachteile des Systems und geben einen Ausblick auf die weiteren Entwicklungen der Wallet-Sicherheit.<\/jats:p>","DOI":"10.1365\/s40702-023-00954-4","type":"journal-article","created":{"date-parts":[[2023,3,23]],"date-time":"2023-03-23T11:03:06Z","timestamp":1679569386000},"page":"381-404","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Konzepte f\u00fcr sichere wallets in dezentralen Identit\u00e4ts\u00f6kosystemen","Concepts for Secure Wallets in Decentralized Identity Ecosystems"],"prefix":"10.1365","volume":"60","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2228-3155","authenticated-orcid":false,"given":"Paul","family":"Bastian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Micha","family":"Kraus","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00f6rg","family":"Fischer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"93","published-online":{"date-parts":[[2023,3,14]]},"reference":[{"key":"954_CR1","unstructured":"Apple (2021) Sicherheitszertifizierungen f\u00fcr den Secure Enclave-Prozessor (SEP). Apple Support. https:\/\/support.apple.com\/de-de\/guide\/sccc\/sccca7433eb89\/web. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR2","unstructured":"Apple (2022a) Devicecheck | apple developer documentation. https:\/\/developer.apple.com\/documentation\/devicecheck. Zugegriffen: 23. Sept. 2022"},{"key":"954_CR3","unstructured":"Apple (2022b) Protecting keys with the secure enclave | apple developer documentation. https:\/\/developer.apple.com\/documentation\/security\/certificate_key_and_trust_services\/keys\/protecting_keys_with_the_secure_enclave. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR4","unstructured":"Apple (2022c) Secure enclave. Apple support. https:\/\/support.apple.com\/de-de\/guide\/security\/sec59b0b31ff\/web. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR5","unstructured":"Bastian P (2022) Credential format comparison. https:\/\/www.linkedin.com\/posts\/idunion_credential-format-comparison-and-idunion-activity-7008024119598276609-0pS-\/. Zugegriffen: 6. Jan. 2023"},{"key":"954_CR7","volume-title":"Self-Sovereign Identity \u2013 Vertrauensbasis f\u00fcr selbstbestimmte Identit\u00e4tsnetzwerke","author":"P Bastian","year":"2021","unstructured":"Bastian\u00a0P, Kraus\u00a0M, Fischer\u00a0J, B\u00f6sch\u00a0C (2021) Self-Sovereign Identity \u2013 Vertrauensbasis f\u00fcr selbstbestimmte Identit\u00e4tsnetzwerke. 17. Deutscher IT-Sicherheitskongress des BSI."},{"key":"954_CR6","unstructured":"Bastian P, Terbu O, Joosten R, Rivai Z et\u00a0al (2023) Identifier binding: defining the core of holder binding. https:\/\/github.com\/WebOfTrustInfo\/rwot11-the-hague\/blob\/master\/final-documents\/identifier-binding.md. Zugegriffen: 6. Febr. 2023"},{"key":"954_CR8","doi-asserted-by":"publisher","first-page":"600","DOI":"10.1145\/1653662.1653734","volume-title":"Proceedings of the 16th ACM conference on Computer and communications security, CCS \u201909","author":"P Bichsel","year":"2009","unstructured":"Bichsel\u00a0P, Camenisch\u00a0J, Gro\u00df\u00a0T, Shoup\u00a0V (2009) Anonymous credentials on a\u00a0standard java card. In: Proceedings of the 16th ACM conference on Computer and communications security, CCS \u201909. Association for Computing Machinery, New York, S\u00a0600\u2013610 https:\/\/doi.org\/10.1145\/1653662.1653734"},{"key":"954_CR9","unstructured":"BMI (2021) Online-Ausweis kann bald im Smartphone gespeichert werden. Bundesministerium des Innern und f\u00fcr Heimat. https:\/\/www.bmi.bund.de\/SharedDocs\/pressemitteilungen\/DE\/2021\/09\/smart-eID-gesetz-in-kraft.html?nn=9390260. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR10","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-540-28628-8_3","volume-title":"Advances in cryptology\u2014CRYPTO 2004, lecture notes in computer science","author":"D Boneh","year":"2004","unstructured":"Boneh\u00a0D, Boyen\u00a0X, Shacham\u00a0H (2004) Short group signatures. In: Franklin\u00a0M (Hrsg) Advances in cryptology\u2014CRYPTO 2004, lecture notes in computer science. Springer, Berlin, Heidelberg, S\u00a041\u201355"},{"key":"954_CR11","unstructured":"BSI (2021) TR-03166 Technical Guideline for Biometric Authentication Components in Devices for Authentication. Federal Office for Information Security. https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TR03166\/BSI-TR-03166.html?nn=132646. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR12","unstructured":"BSI (2022a) TR-03107 Elektronische Identit\u00e4ten und Vertrauensdienste im E\u2011Government. Bundesamt f\u00fcr Sicherheit in der Informationstechnik. https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/Technische-Richtlinien\/TR-nach-Thema-sortiert\/tr03107\/tr-03107.html?nn=450536. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR13","unstructured":"BSI (2022b) TR-03147 Vertrauensniveaubewertung von Verfahren zur Identit\u00e4tspr\u00fcfung nat\u00fcrlicher Personen. Bundesamt f\u00fcr Sicherheit in der Informationstechnik. https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/Technische-Richtlinien\/TR-nach-Thema-sortiert\/tr03147\/identitaetspruefung.html?nn=130418. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-28628-8_4","volume-title":"Advances in Cryptology\u2014CRYPTO 2004","author":"J Camenisch","year":"2004","unstructured":"Camenisch\u00a0J, Lysyanskaya\u00a0A (2004) Signature schemes and anonymous credentials from bilinear maps. In: Franklin\u00a0M (Hrsg) Advances in Cryptology\u2014CRYPTO 2004. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg, S\u00a056\u201372"},{"key":"954_CR15","doi-asserted-by":"publisher","first-page":"1416","DOI":"10.1109\/SP40000.2020.00061","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"D Cerdeira","year":"2020","unstructured":"Cerdeira\u00a0D, Santos\u00a0N, Fonseca\u00a0P, Pinto\u00a0S (2020) Understanding the prevailing security vulnerabilities in trustzone-assisted TEE systems. In: 2020 IEEE Symposium on Security and Privacy (SP), S 1416\u20131432"},{"key":"954_CR16","volume-title":"Java card technology for smart cards: architecture and programmer\u2019s guide","author":"Z Chen","year":"2000","unstructured":"Chen\u00a0Z (2000) Java card technology for smart cards: architecture and programmer\u2019s guide. Addison-Wesley Professional"},{"key":"954_CR17","unstructured":"Curran S (2021) W3C VC Data Model Github Issue#789. GitHub. https:\/\/github.com\/w3c\/vc-data-model\/issues\/902. Zugegriffen: 6. Jan. 2023"},{"key":"954_CR18","volume-title":"AnonCreds specification","author":"S Curran","year":"2022","unstructured":"Curran\u00a0S, Yildiz\u00a0H, Curren\u00a0S (2022) AnonCreds specification. AnonCreds WG"},{"key":"954_CR19","unstructured":"European Commission (2022a) eIDAS Levels of Assurance. Digital. https:\/\/ec.europa.eu\/cefdigital\/wiki\/cefdigital\/wiki\/display\/CEFDIGITAL\/eIDAS+Levels+of+Assurance. Zugegriffen: 23. Sept. 2022"},{"key":"954_CR20","unstructured":"European Commission (2022b) eIDAS Regulation | Shaping Europe\u2019s digital future. https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/eidas-regulation. Zugegriffen: 23. Sept. 2022"},{"key":"954_CR21","unstructured":"European Commission (2022c) European Digital Identity Architecture and Reference Framework\u2014Outline | Shaping Europe\u2019s digital future. https:\/\/digital-strategy.ec.europa.eu\/en\/library\/european-digital-identity-architecture-and-reference-framework-outline. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR22","unstructured":"Gian (2020) Code execution achieved in the secure enclave chip. Yalu Jailbreak. https:\/\/yalujailbreak.net\/seprom-code-execution\/. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR23","unstructured":"Google (2021) Google online security blog: announcing the android ready SE alliance. https:\/\/security.googleblog.com\/2021\/03\/announcing-android-ready-se-alliance.html. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR24","unstructured":"Google (2022a) Android keystore system\u2014strongbox. Android developers. https:\/\/developer.android.com\/training\/articles\/keystore#HardwareSecurityModule. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR25","unstructured":"Google (2022b) Key and ID attestation. Android open source project. https:\/\/source.android.com\/docs\/security\/features\/keystore\/attestation. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR26","unstructured":"Google (2022c) Overview of the play integrity API | Google play. Android developers. https:\/\/developer.android.com\/google\/play\/integrity\/overview. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR27","unstructured":"Google (2022d) Safetynet attestation API. Android developers. https:\/\/developer.android.com\/training\/safetynet\/attestation. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR28","unstructured":"Google (2022e) Security enhancements in android 6.0. Android open source project. https:\/\/source.android.com\/docs\/security\/enhancements\/enhancements60. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR29","unstructured":"ISO\/IEC JTC 1\/SC 27 (2013) ISO\/IEC 29115:2013. ISO. https:\/\/www.iso.org\/cms\/render\/live\/en\/sites\/isoorg\/contents\/data\/standard\/04\/51\/45138.html. Gesehen 22. September 2022"},{"key":"954_CR30","unstructured":"ISO\/IEC JTC 1\/SC 27 (2021) ISO\/IEC 18013-5:2021. ISO. https:\/\/www.iso.org\/cms\/render\/live\/en\/sites\/isoorg\/contents\/data\/standard\/06\/90\/69084.html. Gesehen 22. September 2022"},{"key":"954_CR31","unstructured":"ISO\/IEC JTC 1\/SC 27 (2022) ISO\/IEC 18045:2022. ISO. https:\/\/www.iso.org\/cms\/render\/live\/en\/sites\/isoorg\/contents\/data\/standard\/07\/28\/72889.html. Gesehen 22. September 2022"},{"key":"954_CR32","volume-title":"Anonymous credentials with type-3 revocation","author":"D Khovratovich","year":"2018","unstructured":"Khovratovich\u00a0D, Lodder\u00a0M (2018) Anonymous credentials with type\u20113 revocation"},{"key":"954_CR33","unstructured":"Lissi (2022) Vertrauen im digitalen Raum. Medium. https:\/\/lissi-id.medium.com\/vertrauen-im-digitalen-raum-cc22a9fcbd0a. Zugegriffen: 6. Jan. 2023"},{"key":"954_CR34","volume-title":"BBS+ signatures 2020. W3C credentials community group","author":"T Looker","year":"2021","unstructured":"Looker\u00a0T, Steele\u00a0O (2021) BBS+ signatures 2020. W3C credentials community group"},{"key":"954_CR36","unstructured":"NIST (2020) NIST special publication 800-63\u20113. https:\/\/pages.nist.gov\/sp800-63-3.html. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR37","volume-title":"TEE exploitation-exploiting trusted Apps on Samsung\u2019s TEE","author":"E Sanfelix","year":"2019","unstructured":"Sanfelix\u00a0E (2019) TEE exploitation-exploiting trusted Apps on Samsung\u2019s TEE"},{"key":"954_CR38","volume-title":"Practical attacks against obfuscated ciphers","author":"E Sanfelix","year":"2015","unstructured":"Sanfelix\u00a0E, Mune\u00a0C, de Haas\u00a0J (2015) Practical attacks against obfuscated ciphers"},{"key":"954_CR35","unstructured":"Sporny M, Longley D, Chadwick D (2022) Verifiable credentials data model v1.1. https:\/\/www.w3.org\/TR\/vc-data-model\/. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR39","unstructured":"Str\u00fcker J et al (2021) Self-Sovereign Identity: Grundlagen, Anwendungen und Potenziale portabler digitaler Identit\u00e4ten. Sankt Augustin. https:\/\/www.fim-rc.de\/wp-content\/uploads\/2021\/06\/Fraunhofer-FIT_SSI_Whitepaper.pdf. Zugegriffen: 22. Sept. 2022"},{"key":"954_CR40","volume-title":"Verifiable Credentials Flavors Explained","author":"K Young","year":"2021","unstructured":"Young\u00a0K (2021) Verifiable Credentials Flavors Explained"}],"container-title":["HMD Praxis der Wirtschaftsinformatik"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00954-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1365\/s40702-023-00954-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00954-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,3,23]],"date-time":"2023-03-23T11:08:22Z","timestamp":1679569702000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1365\/s40702-023-00954-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,14]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,4]]}},"alternative-id":["954"],"URL":"https:\/\/doi.org\/10.1365\/s40702-023-00954-4","relation":{},"ISSN":["1436-3011","2198-2775"],"issn-type":[{"value":"1436-3011","type":"print"},{"value":"2198-2775","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,14]]},"assertion":[{"value":"25 September 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 February 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 March 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}