Digital Wallets 101
As paper documentation and physical transactions move online, organizations, governments and individuals need a place to store sensitive digital information related to their identity, finances, and certifications. The term “digital wallet” has grown primarily out of the need to describe digital payment platforms such as Apple Pay or Google Pay. With the adoption of cryptocurrency, the concept has expanded to support currencies and credentials related to public key cryptography.
The term “digital wallet” may not directly map to a logical place to store business documents, so you may see the term “vault” of secure data store used to describe similar functionality in an enterprise setting.
Digital wallets store data that is used to offer the wallet controller a set of related capabilities. For example, an Apple or Google Wallet stores data related to making payments in USD, but a Coinbase wallet — or vault — stores references to key material used to transfer cryptocurrency and tokens. Alternatively, a digital wallet can store a mobile drivers license which gives the wallet holder an ability to present identification credentials. There are two general categories of wallet content: credentials which are cryptographically-verified data and keys which are used to create credentials or prove control of credentials.
Keys can come in two forms. Extractable keys are portable but less secure. Unextractable keys are references to keys where the key can be used, but not moved. A common example of an unextractable key is a device-bound key in iOS or a hardware-bound remote key in an enterprise key management system (KMS). Wallets store keys or references to keys in order to present credentials or transfer currency.
Wallet content is always encrypted at rest and in transit, however, in order to provide a good user experience, most users are required to trust a wallet application to prompt them whenever a key is used for a purpose and not to use their wallet content in any way without their consent. This is similar to granting a child the ability to take $10 out of your wallet to pay for ice cream or asking them to bring you your drivers license so you can pay for alcohol delivery at the door. Any person or system with access to wallet content has great power, and with it, great responsibility. Such systems are often described as “fiduciary” or “custodial” when that trust is placed in an agent as represented by software or a business.
Transmute offers a managed wallet experience and our systems have the ability to act on behalf of our customers only when approved directly by them. We take the responsibility of managing your wallet seriously and privacy and security are paramount to our ideal wallet user experience.