Decomposition

This chapter documents the overarching roles and components of the architecture as well as their connections and interactions.

Roles

Name	Abbreviation	Description
User	USER	Entity that uses the Wallet. Natural person to whom the PID belongs.
PID Provider	PP	Entity that verifies the identity of the User, issues the PID to the User's Wallet and publishes information to let Relying Parties verify the validity of the PID.
eID Server	ES	Entity that verifies the eID Card of the User and provides the contained data groups to the PID Provider.
Wallet Provider	WP	Entity that provides the Wallet Solution.
Relying Party	RP	Entity that relies on the PID.
Platform Attestation Provider	PAP	Entity that provides platform attestations about the integrity of the User Device and the installed Wallet App.
Vulnerability Management Provider	VMP	Entity that provides information about vulnerabilities in mobile devices and cryptographic key stores.
Remote KMS Provider	RKP	Entity that provides a HSM-based remote key management solution as a service for the Remote WSCD.

Logical Components

Name	Description
Wallet Solution	The Wallet Provider's product, which encompasses the Wallet App, the Wallet Backend and the Remote WSCD.

Components

Name	Abbreviation	Description
User Device	UD	The mobile device of the User serves as the host for the Wallet Instance.
Wallet Instance	WI	The Wallet App installed on the User's Device.
Hardware-backed Key Store	HKS	A subcomponent of the user device that manages locally stored, hardware-backed cryptographic keys (e.g. TEE, Android StrongBox, iOS Secure Enclave).
Wallet Provider Backend	WB	The Backend of the Wallet Provider.
Remote Wallet Secure Cryptographic Device	RWSCD	A Wallet Secure Cryptographic Device (WSCD, as defined by the ARF) that the Wallet Instance accesses remotely.

Wallet Instance (WI) decomposition

Name	Description
Graphical User Interface	Primary Interface for the user to operate the app (WI).
EUDI Wallet Reference Implementation	Reference Implementation of the EUDI Wallet providing core functionality on OpenID4VC, SD-JWT, ISO mdoc, storage, WSCD interface and implementation for local WSCD.
AusweisApp SDK	SDK implementing the protocols and interfaces for reading the German eID card.
Wallet backend Client	Client for accessing Wallet Backend (WB) operations.
Remote WSCD Client	Client for accessing Remote WSCD (RWSCD) operations.

Wallet Provider Backend (WB) decomposition

Name	Description
Wallet Provider Backend API	API providing Wallet Provider Backend operations to the Wallet Instance.
Wallet Provider Backend Database	Database for storing Wallet instance accounts in the Wallet Provider Backend.
Hardware Security Module (HSM)	Hardware module for storing cryptographic keys used to sign Wallet Instance Attestations.
Vulnerability Management Client	Client for accessing the API of the Vulnerability Management Provider.

Remote Wallet Secure Cryptographic Device (RWSCD) decomposition

Name	Description
Remote WSCD API	API providing Remote WSCD operations to the Wallet Instance.
Remote WSCD Database	Database for storing Wallet Instance accounts in the Remote WSCD.
KMS Client	Client for accessing the KMS API to perform key-related operations.
Hardware Security Module (HSM)	Hardware module for storing cryptographic keys used to sign Wallet Trust Evidence.