Created: | 06.02.2018 10:10:12 |
Modified: | 08.02.2018 16:54:46 |
![]() |
|
![]() |
Element | Message |
User | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | generateKeyPair |
![]()
Type: Sequence Synchronous Call
The IM-C generates a new, unique key pair and certificate to be used as pseudonym for the requesting service, in this case GeoMessaging. |
|
«block» Identity Management Client | sign |
![]()
Type: Sequence Synchronous Call
The IM-C creates a signature for the pseudonymous certificate with its private key, so the Registration Server knows it is legit. It does NOT sign the certificate itself, as this would provide a possibility to track/analyse various pseudonymous certificates, as other entities could identify, that various pseudonyms have been signed by the same private key! |
|
«block» Registration Server | requestSignature |
![]()
Type: Sequence Synchronous Call
The IM-C sends the pseudonymous certificate together with a signature to the Registration Server. By doing this signature, IM-C proves, that he has the private key associated with the long-term certificate. Therefore, the Registration server knows, that IM-C is the right user. |
|
«block» Identity Management Client | createSignature |
![]()
Type: Sequence Synchronous Call
The IMC creates a signature of the serviceCertificate, by using the private key associated with his userCertificate. (see Initial User Registration for details). |
|
«block» Identity Management Client | generateCertificate |
![]()
Type: Sequence Synchronous Call
generate a key pair and a certificate for the user. |
|
«block» Registration Server | register |
![]()
Type: Sequence Synchronous Call
The user registers with his certificate at the Registration Server. In this step, he might also provide additional registration information, which is dependend of the registration server, like payment information. The userID is only unique to the RS and is used to manage the users. It might as well be derived from the certificate, e.g. by using the certificate fingerprint. |
|
«block» Generic Application Specific Support | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | generateServiceCertificate |
![]()
Type: Sequence Synchronous Call
The IMC generates a pseudonymous serviceCertificate for every service its owning entity wants to use. The serviceCertificate does not contain any information which can be used to identify the user or the service for which it has been created. |
|
«block» x.509 Enrolment Authority | csr |
![]()
Type: Sequence Synchronous Call
Send a certificate signing request (CSR) to the EA. |
|
«block» Registration Server | register |
![]()
Type: Sequence Synchronous Call
The IM-C registers itself on one or more Registration Servers with the use of its Long-term Certificate. Based on this certificate, the server has a possibility to tie pseudonymous certificates to the real identity of the user. |
|
«block» GeoMessaging Client | |
![]()
Type: Sequence Synchronous Call
The IM-C returns the pseudonymous certificate for use with the service to the geomessaging client. |
|
«block» Registration Server | csr |
![]()
Type: Sequence Synchronous Call
The IMC start a certificate signature request (CSR) with the serviceCertificate. It also provides the signature, as a proof that he owns the private key of the userCertificate. The IMC does not sign the serviceCertificate, as this would link it directly with its userCertificate and would destroy the pseudonym. |
Element | Message |
User | initiateRegistration |
![]()
Type: Sequence Synchronous Call
The user initiates the registration with a specific Registration Server, e.g. by selecting it out of a list of possible Registration Servers. |
|
«block» GeoMessaging Client | requestPseudonym |
![]()
Type: Sequence Synchronous Call
If the GeoMessaging-Client decides to use a new GeoMessaging Service Provider, it requests a new pseudonym for this service. The IM-Client will track various services, to make sure the same pseudonym for every service is used, but no pseudonym is used for multiple services. |
|
«block» Registration Server | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | generateKeyPair |
![]()
Type: Sequence Synchronous Call
The IM-C generates a new, unique key pair and certificate to be used as pseudonym for the requesting service, in this case GeoMessaging. |
|
«block» Identity Management Client | sign |
![]()
Type: Sequence Synchronous Call
The IM-C creates a signature for the pseudonymous certificate with its private key, so the Registration Server knows it is legit. It does NOT sign the certificate itself, as this would provide a possibility to track/analyse various pseudonymous certificates, as other entities could identify, that various pseudonyms have been signed by the same private key! |
|
«block» Registration Server | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | createSignature |
![]()
Type: Sequence Synchronous Call
The IMC creates a signature of the serviceCertificate, by using the private key associated with his userCertificate. (see Initial User Registration for details). |
|
«block» Identity Management Client | generateCertificate |
![]()
Type: Sequence Synchronous Call
generate a key pair and a certificate for the user. |
|
«block» Registration Server | |
![]()
Type: Sequence Synchronous Call
|
|
«block» x.509 Enrolment Authority | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Registration Server | |
![]()
Type: Sequence Synchronous Call
|
|
«block» Identity Management Client | generateServiceCertificate |
![]()
Type: Sequence Synchronous Call
The IMC generates a pseudonymous serviceCertificate for every service its owning entity wants to use. The serviceCertificate does not contain any information which can be used to identify the user or the service for which it has been created. |
|
«block» Generic Application Specific Support | requestServiceCertificate |
![]()
Type: Sequence Synchronous Call
The service client part requests a pseudonym by the IMC. This pseudonym is used exactly once for each service instance and is not shared between services. |
Property | Value |
_defaultDiagramType: | SysML1.4::InternalBlock |
Object | Type | Connection | Direction | Notes |
«block» GeoMessaging Client | Block | Information Flow | To | The IM-C provides pseudonymous certificates for the GEOM-C to use GeoMessaging Services. |
«block» Vehicle Identity Management Client | Block | Generalization | From | |
«block» VRU Identity Management Client | Block | Generalization | From | |
«block» Traveller Identity Management Client | Block | Generalization | From | |
«block» RSU Identity Management Client | Block | Generalization | From |