Created: | 06.02.2018 09:58:03 |
Modified: | 07.02.2018 18:47:38 |
![]() |
|
![]() |
Element | Message |
«block» Identity Management Client | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Registration Server | verifySignature |
![]()
Type: Sequence Synchronous Call
The RS verifies the signature against his stored userCertificate, to make sure the signature is valid. |
|
«block» Registration Server | sign |
![]()
Type: Sequence Synchronous Call
The Registration Server signs the certificate, to verify that he knows the corresponding long-term certificate. |
|
«block» Registration Server | sign |
![]()
Type: Sequence Synchronous Call
If the signature of the user could be verified, the RS signs the certificate with his private key. |
|
«block» Identity Management Client | |
![]()
Type: Sequence Synchronous Call
|
Element | Message |
«block» Registration Server | verifySignature |
![]()
Type: Sequence Synchronous Call
The RS verifies the signature against his stored userCertificate, to make sure the signature is valid. |
|
«block» x.509 Root Certification Authority | sign(RR-certificate) |
![]()
Type: Sequence Asynchronous Call
|
|
«block» Identity Management Client | csr |
![]()
Type: Sequence Synchronous Call
The IMC start a certificate signature request (CSR) with the serviceCertificate. It also provides the signature, as a proof that he owns the private key of the userCertificate. The IMC does not sign the serviceCertificate, as this would link it directly with its userCertificate and would destroy the pseudonym. |
|
«block» Registration Server | sign |
![]()
Type: Sequence Synchronous Call
The Registration Server signs the certificate, to verify that he knows the corresponding long-term certificate. |
|
«block» Registration Server | sign |
![]()
Type: Sequence Synchronous Call
If the signature of the user could be verified, the RS signs the certificate with his private key. |
|
«block» Identity Management Client | register |
![]()
Type: Sequence Synchronous Call
The IM-C registers itself on one or more Registration Servers with the use of its Long-term Certificate. Based on this certificate, the server has a possibility to tie pseudonymous certificates to the real identity of the user. |
|
«block» Identity Management Client | register |
![]()
Type: Sequence Synchronous Call
The user registers with his certificate at the Registration Server. In this step, he might also provide additional registration information, which is dependend of the registration server, like payment information. The userID is only unique to the RS and is used to manage the users. It might as well be derived from the certificate, e.g. by using the certificate fingerprint. |
|
«block» Identity Management Client | requestSignature |
![]()
Type: Sequence Synchronous Call
The IM-C sends the pseudonymous certificate together with a signature to the Registration Server. By doing this signature, IM-C proves, that he has the private key associated with the long-term certificate. Therefore, the Registration server knows, that IM-C is the right user. |
Property | Value |
_defaultDiagramType: | SysML1.4::InternalBlock |
Object | Type | Connection | Direction | Notes |
«block» x.509 Root Certification Authority | Block | Dependency | From | By providing a signed certificate to the RS, the Root-CA proofs to other entities, that they can trust this specific RS. |