2.5.6.1 Data Origin Authentication (Signing)
The Data Origin Authentication (signing) use case describes how a client application builds signed application data, how a server application verifies the signature of the signed application data, and vice versa.
Figure 27: Data origin authentication (signing)
Goal: To exchange application protocol messages between a client application and a server application and to guarantee that unauthorized actors cannot modify them. The receiver processes messages in the same order as they were sent.
Context of Use: The client and server application have to exchange signed application data with each other.
Direct Actor: The client or the server application, depending on the initiator of the use case.
Primary Actor: The client application or the server application.
Supporting Actors: The server application or the client application.
Preconditions:
The client and server application can communicate with each other.
The identity of the client application is proven to the server application, or the identity of the server application is proven to the client application, or the identities of the client application and the server application are proven to each other.
The Authentication Client and the Authentication Server have agreed on a signature algorithm method and a secret key.
Minimal Guarantee: When the verification of the signed application data fails, the client or server application receives an error message that indicates the reason for the failure.
Success Guarantees: Application protocol messages are exchanged between a client application and a server application, and unauthorized actors cannot modify the messages.
Trigger: The client application and the server application have to exchange signed application data with each other to prevent message tampering in transit.
Main Success Scenario:
The client application requests the Authentication Client to compute the signature for the application data, and the Authentication Client creates a signature of the application data by using an agreed-on secret key and algorithm. The client application attaches the signature to the application data and sends both to the server application.
The server application requests the Authentication Server to verify the signature, and the Authentication Server verifies the signature of the application data by using an agreed-on secret key and algorithm. If the verification succeeds, the server application interprets the application data.
The server application requests the Authentication Server to create the signature, and the Authentication Server creates a signature of the application data by using an agreed-on secret key and algorithm. The server application attaches the signature to the application data and sends both to the client application.
The client application requests the Authentication Client to verify the signature, and the Authentication Client verifies the signature of the application data by using an agreed-on secret key and algorithm. If the verification succeeds, the client application interprets the application data.
Postconditions: The client application and the server application can exchange the signed application data with each other, and both the client application and the server application interpret the application data based on their implementations.