Skip to content

Mobile Wallet Nomenclature

Jump to bottom
Weiwu Zhang edited this page Dec 10, 2019 · 2 revisions

Authentication/Verification/Keystore

Difference between PIN and Passcode

PIN refers to the one configured at the OS level and entered to unlock the device. i.e. entry and management of the PIN is done by the OS. Face ID and Touch ID (and Android analogues) are the biometric equivalents.

Passcode refers to the numeric string that is managed by the app itself.

Green Bar (for Wallet Security Level)

Wallet security level is classified and displayed with a color bar in the app:

  • Red bar - not backed up yet
  • Orange bar - backed up, but not "locked"
  • Green bar - backed up and "locked"

Wallet keys can be protected by the OS, so that it's only accessible after the OS has checked for user-presence. This means that the OS has locked the key when it was created and requires biometrics (or OS PIN) to unlock the key to reveal it to the user for back up or to sign a transaction/message.

To prevent ambiguity, we refer to the wallet as having achieved "green bar" status rather than the following terms which have varying meanings under different contexts, locked, auth-locked, requires user-presence.

Android Specific

auth-locked vs auth-unlocked

These refer to key status which affect the UX when using keys to sign. An auth-locked key requires a User-presence event (In Technical Android terms, a User Authentication event) such as a system PIN, swipe pattern, fingerprint or face unlock to have taken place within 30 seconds of key usage. The app will handle prompting the user to supply those events. An auth-unlocked key only requires the user to have opened the app to use the key.

Technical details

An auth-locked key is created with the .setUserAuthenticationRequired(true) flag set. When the app uses the key created in this fashion to encrypt the HD Wallet seed phrase the Android Keystore requires the user to provide a User-presence event. Subsequently, each time the app needs to regenerate the HD Wallet private key for signing, the Android Keystore requires a User-presence event to have occurred before it will decrypt the seed phrase which it needs to build the HD Wallet. If the key is built with .setUserAuthenticationRequired(false) there is no such requirement to provide this event before usage.

The Android Keystore requires the device to have an active screenlock setup to successfully create a key with .setUserAuthenticationRequired(true)

Further, the Keystore will destroy any keys created with .setUserAuthenticationRequired(true) if the screenlock is removed.

Clone this wiki locally