The Key Pair Deletion process is divided into the following sections:
-
User Authentication
-
Signer Selection (optional)
-
Signing Key Selection
-
Signing Key Pair Deletion
The Key Pair Deletion process corresponds to the usage scenario (US5) Key Pair Deletion and the operation Signer_Key_Pair_Generation assigned to the SAM.
Figure 11: Sequence diagram of the Key Pair Deletion process
|
Nr. |
Step |
Components |
Description |
|
5 Key Pair Deletion |
|||
|
5.1 User Authentication |
|||
|
5.1.1 |
The User requests the Signer Key Pair Deletion at the SSSrv/UI. |
User, SSSrv /UI |
requestSignerKeyPairDeletion |
|
5.1.2 |
The SSSrv/UI performs checks on the request for Signer Maintenance. |
SSSrv/UI |
checkRequest SignerKeyPairDeletion |
|
5.1.3 |
The authentication of the User is performed. |
User, SSSrv /UI, IdP |
doingAuthenticationUser (11 doingAuthenticationPrivUser | 61 doingAuthenticationSigner) Sub process according to the used means of identification. Result is the ID Token for the User which signalize that the authentication is performed successfully. |
|
5.1.4 |
The SSSrv/UI responses the User to confirm the authentication by transmitting the signed ID Token. |
SSSrv/UI, User |
confirmAuthentication |
|
5.2 Signer Selection (optional) |
|||
|
5.2.1 |
The Privileged User requests the list of Signer from the SSSrv/UI. |
User, SSSrv /UI |
requestListOfSigner |
|
5.2.2 |
The SSSrv/UI performs checks on the request for the list of Signer. |
SSSrv/UI |
checkRequestListOfSigner |
|
5.2.3 |
The SSSrv/UI requests the SSA for the list of Signer. |
SSSrv/UI, SSA |
requestListOfSigner |
|
5.2.4 |
The SSA checks the request for the Signer list. |
SSA |
checkRequestListOfSigner |
|
5.2.5 |
The SSA requests the list of Signer. |
SSA |
requestListOfSigner |
|
5.2.6 |
The SSA delivers the Signer list to the SSSrv/UI. |
SSA, SSSrv /UI |
returnListOfSigner |
|
5.2.7 |
The SSSrv/UI delivers the Signer list to the Privileged User. |
SSSrv/UI, User |
deliverListOfSigner |
|
5.2.8 |
The Privileged User selects the Signer. |
User |
selectSigner |
|
5.3 Signing Key Selection |
|||
|
5.3.1 (optional) |
The User requests the list of KeyIDs and assigned certificates corresponding to the ID Token from the SSSrv/UI. |
User, SSSrv /UI |
requestListOfKeyIDsCerts |
|
5.3.2 (optional) |
The SSSrv/UI performs checks on the request for the list of KeyIDs and assigned certificates. |
SSSrv/UI |
checkRequest ListOfKeyIDsCerts |
|
5.3.3 (optional) |
The SSSrv/UI requests the KM for the KeyID list matching the transferred ID Token. |
SSSrv/UI, KM |
requestListOfKeyIDsCerts |
|
5.3.4 (optional) |
The KM checks the request for the list. |
KM |
checkRequest ListOfKeyIDsCerts |
|
5.3.5 (optional) |
The KM returns the KeyID list including corresponding certificate information to the SSSrv/UI. |
KM, SSSrv /UI |
returnListOfKeyIDsCerts |
|
5.3.6 (optional) |
The SSSRV/UI delivers the identified KeyIDs and related certificates to the User. |
SSSrv/UI, User |
deliverListOfKeyIDsCerts |
|
5.3.7 |
The User selects the certificate and thus the associated KeyID to be deleted. |
User |
selectKeyIDByCertificate |
|
5.4 Signing Key Pair Deletion |
|||
|
5.4.1 |
The User requests the deletion of the Signing Key at the SSSrv/UI. |
User, SSSrv /UI |
requestDeletion OfSigningKeyPair |
|
5.4.2 |
The SSSrv/UI checks the request for the deletion of the Signing Key. |
SSSrv/UI |
checkRequestDeletion OfSigningKeyPair |
|
5.4.3 |
The SSSrv/UI requests the deletion of the Signing Key at the SSA. |
SSSrv/UI, SSA |
requestDeletion OfSigningKeyPair |
|
5.4.4 |
The SSA checks the request for the deletion of the Signing Key. |
SSA |
checkRequestDeletion OfSigningKeyPair |
|
5.4.5 |
The SSA requests the deletion of the Signing Key at the SAM. |
SSA, SAM |
requestDeletion OfSigningKeyPair |
|
5.4.6 |
The SAM checks the request for the deletion of the Signing Key. |
SAM |
checkRequestDeletion OfSigningKeyPair |
|
5.4.7 |
The SAM requests the deletion of the Wrapped Key at the KM. |
SAM, KM |
requestDeletion OfWrappedKey |
|
5.4.8 |
The KM checks the request for the deletion of the Wrapped. |
KM |
checkRequestDeletion OfWrappedKey |
|
5.4.9 |
The KM deletes the Wrapped Key. |
KM |
deleteWrappedKey |
|
5.4.10 |
The KM deletes the KeyID certificate. |
KM |
deleteKeyIDCert |
|
5.4.11 |
The UM responses the SAM to confirm the deletion of the Wrapped Key. |
KM, SAM |
confirmDeletionOfWrappedKey |
|
5.4.12 |
The SAM responses the SSA confirming the deletion of the Signing Key Pair. |
SAM, SSA |
confirmDeletion OfSigningKeyPair |
|
5.4.13 |
The SSA responses the SSSrv/UI confirming the deletion of the Signing Key Pair. |
SSA, SSSrv /UI |
confirmDeletion OfSigningKeyPair |
|
5.4.14 |
The SSSrv/UI responses the User confirming the deletion of the Signing Key Pair. |
SSSrv/UI, User |
confirmDeletion OfSigningKeyPair |
Table 11: Step-by-step description of the process Key Pair Deletion