Server Signing Processes: Key Pair Generation

Nr.

Step

Components

Description

4 Key Pair Generation

4.1 User Authentication

4.1.1

The User requests the SSSrv/UI for Key Pair Generation.

User, SSSrv

/UI

requestGenerationOfKeyPair

4.1.2

The SSSrv/UI performs checks on the request for Key Pair Generation.

SSSrv/UI

checkGenerationOfKeyPair

4.1.3

The authentication of the User is performed.

User, SSSrv

/UI, IdP

doingAuthenticationUser

(11 doingAuthenticationPrivUser |

61 doingAuthenticationSigner)

Sub process according used means of identifications = Username/Password. Result is the ID Token for the User which signalize that the authentication is performed successfully.

4.1.4

The SSSrv/UI responses the User to confirm the authentication by transmitting the signed ID Token.

SSSrv/UI, User

confirmAuthentication

4.2 Signer Selection (optional)

4.2.1

The Privileged User requests the list of Signer from the SSSrv/UI.

User, SSSrv

/UI

requestListOfSigner

4.2.2

The SSSrv/UI performs checks on the request for the list of Signer.

SSSrv/UI

checkRequestListOfSigner

4.2.3

The SSSrv/UI requests the SSA for the list of Signer.

SSSrv/UI, SSA

requestListOfSigner

4.2.4

The SSA checks the request for the Signer list.

SSA

checkRequestListOfSigner

4.2.5

The SSA requests the list of Signer.

SSA

requestListOfSigner

4.2.6

The SSA delivers the Signer list to the SSSrv/UI.

SSA, SSSrv

/UI

returnListOfSigner

4.2.7

The SSSrv/UI delivers the Signer list to the Privileged User.

SSSrv/UI, User

deliverListOfSigner

4.2.8

The Privileged User selects the Signer.

User

selectSigner

4.4.1

The SAM generates a certificate request based on the generated key material.

SAM

generateCertificateRequest

4.4.2

The SAM requests the SCDev to sign the supplied DTBS/R.

SAM, SCDev

requestSigningOfDTBSR

4.4.3

The SCDev signs the supplied DTBS/R.

SCDev

signDTBSR

4.4.4

The SCDev responses the SAM confirming the signing of the DTBS

/R by returning the signed DTBS/R.

SCDev, SAM

confirmSigningOfDTBSR

4.4.5

The SAM confirms the creation of a key pair to the SSA.

SAM, SSA

confirmGenerationOfKeyPair

4.4.6

The SSA requests the issuance of a X.509 certificate based on the certificate at the CA.

SSA, CA

requestIssuanceOfCertificate

4.4.7

The CA performs checks on the request for issuing a certificate.

CA

checkRequest IssuanceOfCertificate

4.4.8

The CA issues the requested Certificate.

CA

issueCertificate

4.4.9

The CA responds the SSA to confirm the issuance of the certificate by handing over the issued certificate to the SSA.

CA, SSA

confirmIssuanceOfCertificate

4.4.10

The SSA requests the publication of the issued certificate at the CA.

SSA, CA

requestPublicationOfCertificate

4.4.11

The CA performs checks on the request for publishing a certificate.

CA

checkRequest PublicationOfCertificate

4.4.12

The CA publish the provided Certificate.

CA

publishCertificate

4.4.13

The CA respond the SSA to confirm the publication of the certificate.

CA, SSA

confirmPublicationeOfCertificate

4.4.14

The SSA checks the validity of the certificate.

SSA

checkValidityOfCertifcate

4.4.15

The SSA requests the KM to store the certificate for the specified User.

SSA, KM

requestStorageOfCertificate

4.4.16

The KM checks the request for the storage of the certificate.

KM

checkRequestStorageOfCertificate

4.4.17

The KM stores the certificate for the specified User.

KM

storeCertificate

4.4.18

The KM responds to the SSA to confirm the storage of the certificate.

KM, SSA

confirmStorageOfCertificate

4.4.19

The SSA responses to the SAK/OS to confirm the registration of the user.

SSA, SSSrv

/UI

confirmRegistrationOfUser

4.3 Signer Key Pair Generation

4.3.1

The User requests the SSSrv/UI to generate new key pair.

SSA, SSSrv

/UI

requestGenerationOfKeyPair

4.3.2

The SSSrv/UI checks the request for generating a new key pair.

SSSrv/UI

checkRequest GenerationOfKeyPair

4.3.3

The SSSrv/UI requests the SSA to generate new key pair.

SSA, SSA

requestGenerationOfKeyPair

4.3.4

The SSA checks the request for generating a new key pair.

SSA

checkRequest GenerationOfKeyPair

4.3.5

The SSA requests the SAM to generate new key pair.

SSA, SAM

requestGenerationOfKeyPair

4.3.6

The SAM checks the request for generating a new key pair.

SAM

checkRequest GenerationOfKeyPair

4.3.7

The SAM requests the SCDev to generate new key pair.

SAM, SCDev

requestGenerationOfKeyPair

4.3.8

The SCDev creates a new key pair.

SCDev

createKeyPair

4.3.9

The SCDev confirms the creation of key pair by returning KeyID and the Public Key to the SAM.

SCDev, SAM

confirmCreationOfKeyPair

4.3.10

The SAM generates the Wrapped Key based on the generated key material and its properties.

SAM

generateWrappedKey

4.3.11

The SAM requests the KM for the storage of Wrapped Key.

SAM, KM

requestStorage OfWrappedKey

4.3.12

The KM performs checks on the request to store Wrapped Key.

KM

checkRequestStorage OfWrappedKey

4.3.13

The KM stores Wrapped Key including a user mapping.

KM

storeWrappedKey

4.3.14

The KM responds to the SAM confirming the storage of Wrapped Key.

KM, SAM

confirmStorage OfWrappedKey

4.3.15

The SAM requests the KM to register the public key of the generated key pair.

SAM, KM

requestRegistrationOfPublicKey

4.3.16

The KM checks the request for registration of the public key of the generated key pair

KM

checkRequestRegistrationOfPublicKey

4.3.17

The KM stores the registers the public key of the generated key pair

KM

registerPublicKey

4.3.18

The KM responds to the SAM confirming the registration of the public key of the generated key pair.

KM, SAM

confirmRegistrationOfPublicKey

4.4 Signer Certificate Issuance

4.4.20

The SSA responses to the SAK/OS to confirm the registration of the user.

SSSrv/UI, User

confirmRegistrationOfUser