Key Generation

Wepin allows for the creation of wallets based on the Web2 signup and login experience through the authentication providers. After signing up through the authentication provider, a token for key management is exchanged with Amazon Web Services (AWS), and then a request for key generation is made to the Wepin server. At this point, the PIN number set is crucial information used for encrypting the private key managed in the wallet. (The PIN number is encrypted and then sent to the Wepin server, so it is not exposed.) When the Wepin server receives a request for wallet creation, it requests AWS KMS to generate a random value, and with this random value, the user's private key is generated. Since the generated private key is confidential information, it is encrypted based on the user's PIN and then securely stored in the cloud in an encrypted state.

The operations performed during the key generation process are executed within a Trusted Execution Environment (TEE), making them inaccessible to the Wepin server. The entire process of generating and deriving keys using a random value takes place within the TEE.