2.5.6.2 Data Confidentiality (Sealing)

The Data Confidentiality (sealing) use case describes how client and server applications securely exchange their application data with each other.

Figure 28: Data confidentiality (sealing) use case

Goal: To exchange application data securely so that no unauthorized actor can learn or alter its contents (confidentiality and data origin guarantee). The receiver processes messages in the same order as they were sent.

Context of Use: The client and the server application have to securely exchange application data with each other.

Direct Actor: The client application or the server application, depending on the initiator of the use case.

Primary Actor: The client application, the server application, or the user.

Supporting Actors: The server application or the client application.

Preconditions:

• The first two preconditions of section 2.5.6.1.

• The authentication client and the authentication server have agreed on an encryption algorithm method and a secret key.

Minimal Guarantees: When the secure exchange of the application data fails, the client or server application receives an error message that indicates the reason for the failure.

Success Guarantee: The client and server applications can securely exchange the application data with each other.

Trigger: The user has to access a protected resource or a service on the server computer and to present sensitive information to the server.

Main Success Scenario:

1. The client application requests the authentication client to build an encrypted message. The authentication client builds the encrypted application data by using the agreed-on encryption method and a secret key and returns the encrypted message to the client application. The client application sends the encrypted application data to the server application.

2. The server application requests the authentication server to decrypt the received application data from the client application by using an agreed-on decryption method and a secret key. If the decryption succeeds, the authentication server returns the application message to the server application, which interprets the application data and responds with success to the client application.

3. The server application requests the authentication server to build an encrypted message. The authentication server builds the encrypted application data by using an agreed-on encryption method and a secret key and returns the encrypted message to the server application. The server application sends the encrypted application data to the client application.

4. The client application requests the authentication client to decrypt the received application data from the server application by using an agreed-on decryption method and a secret key. If the decryption succeeds, the authentication client returns a decrypted application message to the client application. The client application interprets the application data and responds with success to the server application.

Post-conditions: The client and the server application can exchange the application data securely, and both the client and the server application interpret the application data in an implementation-specific way.