Alert EnterpriseWiki

Wavelynx — credential key lifecycle

How a per-credential symmetric key moves from Wavelynx's HSM-rooted master keys all the way to a wrapped envelope on the user's device. The diversified plaintext per-credential key never leaves the secure server boundary and is never persisted — regenerated on demand from the master key via the same deterministic diversification function.

7 stages
Loading state graph…
Source
  • src/wallet-api-data-flow-architecture-v1.0.12.pdf §4 Credential key lifecycle and diversification
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.