IM-C : Public <<block>> Block
Created: 06.02.2018 10:10:12
Modified: 08.02.2018 16:54:46
Project:
Advanced:
The Identity Management Client is a functional entity which handles the identity management on an architectural element. <br/><br/>It processes the real and pseudonymous identities and provides other blocks with access to the identities they need. In parallel, it blocks unauthorized access to identities.<br/><br/>
Element Message
«block» Identity Management Client generateKeyPair
Details:
Type: Sequence Synchronous Call
The IM-C generates a new, unique key pair and certificate to be used as pseudonym for the requesting service, in this case GeoMessaging.
«block» Identity Management Client generateServiceCertificate
Details:
Type: Sequence Synchronous Call
The IMC generates a pseudonymous serviceCertificate for every service its owning entity wants to use. The serviceCertificate does not contain any information which can be used to identify the user or the service for which it has been created.
«block» Generic Application Specific Support  
Details:
Type: Sequence Synchronous Call
 
User  
Details:
Type: Sequence Synchronous Call
 
«block» Identity Management Client generateCertificate
Details:
Type: Sequence Synchronous Call
generate a key pair and a certificate for the user.
«block» x.509 Enrolment Authority csr
Details:
Type: Sequence Synchronous Call
Send a certificate signing request (CSR) to the EA.
«block» Registration Server csr
Details:
Type: Sequence Synchronous Call
The IMC start a certificate signature request (CSR) with the serviceCertificate. It also provides the signature, as a proof that he owns the private key of the userCertificate. The IMC does not sign the serviceCertificate, as this would link it directly with its userCertificate and would destroy the pseudonym.
«block» Registration Server register
Details:
Type: Sequence Synchronous Call
The IM-C registers itself on one or more Registration Servers with the use of its Long-term Certificate. Based on this certificate, the server has a possibility to tie pseudonymous certificates to the real identity of the user.
«block» Registration Server register
Details:
Type: Sequence Synchronous Call
The user registers with his certificate at the Registration Server. In this step, he might also provide additional registration information, which is dependend of the registration server, like payment information. The userID is only unique to the RS and is used to manage the users. It might as well be derived from the certificate, e.g. by using the certificate fingerprint.
«block» GeoMessaging Client  
Details:
Type: Sequence Synchronous Call
The IM-C returns the pseudonymous certificate for use with the service to the geomessaging client.
«block» Identity Management Client createSignature
Details:
Type: Sequence Synchronous Call
The IMC creates a signature of the serviceCertificate, by using the private key associated with his userCertificate. (see Initial User Registration for details).
«block» Registration Server requestSignature
Details:
Type: Sequence Synchronous Call
The IM-C sends the pseudonymous certificate together with a signature to the Registration Server. By doing this signature, IM-C proves, that he has the private key associated with the long-term certificate. Therefore, the Registration server knows, that IM-C is the right user.
«block» Identity Management Client sign
Details:
Type: Sequence Synchronous Call
The IM-C creates a signature for the pseudonymous certificate with its private key, so the Registration Server knows it is legit. It does NOT sign the certificate itself, as this would provide a possibility to track/analyse various pseudonymous certificates, as other entities could identify, that various pseudonyms have been signed by the same private key!
Element Message
«block» Registration Server  
Details:
Type: Sequence Synchronous Call
 
«block» Identity Management Client generateKeyPair
Details:
Type: Sequence Synchronous Call
The IM-C generates a new, unique key pair and certificate to be used as pseudonym for the requesting service, in this case GeoMessaging.
«block» Generic Application Specific Support requestServiceCertificate
Details:
Type: Sequence Synchronous Call
The service client part requests a pseudonym by the IMC. This pseudonym is used exactly once for each service instance and is not shared between services.
User initiateRegistration
Details:
Type: Sequence Synchronous Call
The user initiates the registration with a specific Registration Server, e.g. by selecting it out of a list of possible Registration Servers.
«block» GeoMessaging Client requestPseudonym
Details:
Type: Sequence Synchronous Call
If the GeoMessaging-Client decides to use a new GeoMessaging Service Provider, it requests a new pseudonym for this service. The IM-Client will track various services, to make sure the same pseudonym for every service is used, but no pseudonym is used for multiple services.
«block» Registration Server  
Details:
Type: Sequence Synchronous Call
 
«block» Identity Management Client generateServiceCertificate
Details:
Type: Sequence Synchronous Call
The IMC generates a pseudonymous serviceCertificate for every service its owning entity wants to use. The serviceCertificate does not contain any information which can be used to identify the user or the service for which it has been created.
«block» Registration Server  
Details:
Type: Sequence Synchronous Call
 
«block» Identity Management Client generateCertificate
Details:
Type: Sequence Synchronous Call
generate a key pair and a certificate for the user.
«block» x.509 Enrolment Authority  
Details:
Type: Sequence Synchronous Call
 
«block» Registration Server  
Details:
Type: Sequence Synchronous Call
 
«block» Identity Management Client createSignature
Details:
Type: Sequence Synchronous Call
The IMC creates a signature of the serviceCertificate, by using the private key associated with his userCertificate. (see Initial User Registration for details).
«block» Identity Management Client sign
Details:
Type: Sequence Synchronous Call
The IM-C creates a signature for the pseudonymous certificate with its private key, so the Registration Server knows it is legit. It does NOT sign the certificate itself, as this would provide a possibility to track/analyse various pseudonymous certificates, as other entities could identify, that various pseudonyms have been signed by the same private key!
Property Value
_defaultDiagramType: SysML1.4::InternalBlock
Object Type Connection Direction Notes
«block» RSU Identity Management Client Block Generalization From  
«block» VRU Identity Management Client Block Generalization From  
«block» Traveller Identity Management Client Block Generalization From  
«block» GeoMessaging Client Block Information Flow To The IM-C provides pseudonymous certificates for the GEOM-C to use GeoMessaging Services.
«block» Vehicle Identity Management Client Block Generalization From