diff --git a/Use-Cases.md b/Use-Cases.md index 6f46212..705dfd9 100644 --- a/Use-Cases.md +++ b/Use-Cases.md @@ -14,9 +14,9 @@ User 3. The system checks the length of the entered CAN to make sure that its length equals 6. **Extensions:** -    3. The length of the CAN entered by the user is not 6. -        a. The action of the next button is cancelled. -        b. The user is allowed to change the entered CAN. + 3. The length of the CAN entered by the user is not 6. +  a. The action of the next button is cancelled. +  b. The user is allowed to change the entered CAN. **Related tasks** * [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37) @@ -26,21 +26,21 @@ User # **Use Case #2** **Use Case Title:** -Entering PIN 1 of the ID card +Entering PIN1 of the ID card **Preconditions:** The authentication application is running on the phone. -The UI layout that asks the user for PIN 1 input is active. +The UI layout that asks the user for PIN1 input is active. **Primary actor:** User **Main success scenario:** -1. The application asks the user to insert a valid PIN 1. -2. The user enters PIN 1 into the allocated input field and then clicks on the “next” button. -3. The system checks the length of the entered PIN 1 to make sure that its length is an integer in the range [4, 12]. +1. The application asks the user to insert a valid PIN1. +2. The user enters PIN1 into the allocated input field and then clicks on the “next” button. +3. The system checks the length of the entered PIN1 to make sure that its length is an integer in the range [4, 12]. **Extensions:** -    3. The length of the PIN 1 that the user entered in the input field is not an integer in the range [4, 12]. -        a. The action triggered by the next button is cancelled. -        b. The user is allowed to change the entered PIN 1. + 3. The length of the PIN1 that the user entered in the input field is not an integer in the range [4, 12]. +  a. The action triggered by the next button is cancelled. +  b. The user is allowed to change the entered PIN1. **Related tasks** * [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37) @@ -49,21 +49,21 @@ User # **Use Case #3** **Use Case Title:** -Entering PIN 2 of the ID card +Entering PIN2 of the ID card **Preconditions:** The authentication application is running on the phone. -The UI layout that asks the user for PIN 2 input is active. +The UI layout that asks the user for PIN2 input is active. **Primary actor:** User **Main success scenario:** -1. The application asks the user to insert a valid PIN 2. -2. The user enters PIN 2 into the allocated input field and then clicks on the “next” button. -3. The system checks the length of the entered PIN 2 to make sure that its length is an integer in the range [5, 12]. +1. The application asks the user to insert a valid PIN2. +2. The user enters PIN2 into the allocated input field and then clicks on the “next” button. +3. The system checks the length of the entered PIN2 to make sure that its length is an integer in the range [5, 12]. **Extensions:** -    3. The length of the PIN 2 that the user entered in the input field is not an integer in the range [5, 12]. -        a. The action triggered by the next button is cancelled. -        b. The user is allowed to change the entered PIN 2. + 3. The length of the PIN2 that the user entered in the input field is not an integer in the range [5, 12]. +  a. The action triggered by the next button is cancelled. +  b. The user is allowed to change the entered PIN2. **Related tasks** * [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37) @@ -113,13 +113,13 @@ User 8. The application displays the retrieved information to the user in a formatted way. **Extensions:** -    4. The user fails to put the ID card against the smartphone in the 90 second time window. -        a. The process is cancelled and the user is returned to the home screen of the application. -    5a. The CAN provided by the user does not match the CAN on the ID card. -        a. The application fails to establish a secure connection with the ID card over the NFC connection. -        b. The application notifies the user that the CAN provided was not valid and the user is returned to the home screen. -    5b. The ID card is moved away from the smartphone NFC range before the information exchange between the smartphone and the ID card is completed. -        a. The application notifies the user that the connection to the ID card was lost and the user is returned to the home screen. + 4. The user fails to put the ID card against the smartphone in the 90 second time window. +  a. The process is cancelled and the user is returned to the home screen of the application. + 5a. The CAN provided by the user does not match the CAN on the ID card. +  a. The application fails to establish a secure connection with the ID card over the NFC connection. +  b. The application notifies the user that the CAN provided was not valid and the user is returned to the home screen. + 5b. The ID card is moved away from the smartphone NFC range before the information exchange between the smartphone and the ID card is completed. +  a. The application notifies the user that the connection to the ID card was lost and the user is returned to the home screen. **Related tasks** * [MOB-10](https://tvp-mobile-authentication.atlassian.net/browse/MOB-10) @@ -133,31 +133,31 @@ User # **Use Case #6** **Use Case Title:** -Using biometric authentication to enter PIN 1 during the authentication process -_NB! Biometric authentication does not replace the need to use PIN 1 for the authentication process, but it is a convenience feature that makes entering PIN 1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication._ +Using biometric authentication to enter PIN1 during the authentication process +_NB! Biometric authentication does not replace the need to use PIN1 for the authentication process, but it is a convenience feature that makes entering PIN1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication._ **Preconditions:** The user’s phone has a fingerprint sensor. The user has given the application permissions to use this feature. The user has enabled biometric authentication in the application’s settings menu before the start of the authentication process. -The user has saved a valid PIN 1 to the biometric authentication method. +The user has saved a valid PIN1 to the biometric authentication method. **Primary actor:** User **Main success scenario:** -1. The user is shown a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN 1 is needed during the authentication process. +1. The user is shown a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN1 is needed during the authentication process. 2. The user touches a fingerprint sensor on the smartphone. -3. The fingerprint is detected and the application enters PIN 1 for the user automatically. +3. The fingerprint is detected and the application enters PIN1 for the user automatically. **Extensions:** -    1. The system is unable to access the smartphone's biometric authentication functionality. -        a. The application notifies the user that biometric authentication is currently unavailable. -        b. The user is asked to enter PIN 1 manually (includes Use Case #2). -    2. The biometric authentication functionality does not accept the fingerprint provided by the user. -        a. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint. -        b. The user is asked to enter PIN 1 manually (includes Use Case #2). -    3. The PIN 1 saved to the biometric authentication method is not valid. -        a. The system is not able to retrieve information from the ID card with an invalid PIN 1. -        b. The user is notified that the PIN 1 entered was not valid and the authentication process is cancelled. -        c. The biometric authentication mode is automatically turned off by the application in the settings menu until a new PIN 1 is saved to this feature in order to avoid future use of this feature with an invalid PIN 1. + 1. The system is unable to access the smartphone's biometric authentication functionality. +  a. The application notifies the user that biometric authentication is currently unavailable. +  b. The user is asked to enter PIN1 manually (includes Use Case #2). + 2. The biometric authentication functionality does not accept the fingerprint provided by the user. +  a. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint. +  b. The user is asked to enter PIN1 manually (includes Use Case #2). + 3. The PIN1 saved to the biometric authentication method is not valid. +  a. The system is not able to retrieve information from the ID card with an invalid PIN1. +  b. The user is notified that the PIN1 entered was not valid and the authentication process is cancelled. +  c. The biometric authentication mode is automatically turned off by the application in the settings menu until a new PIN1 is saved to this feature in order to avoid future use of this feature with an invalid PIN1. **Related tasks** * [MOB-28](https://tvp-mobile-authentication.atlassian.net/browse/MOB-28) @@ -174,13 +174,13 @@ The information has already been retrieved from the ID card. **Primary actor:** The authentication application **Main success scenario:** -1. The information that has been retrieved from the ID card is used to create a JWT. +1. The information that has been retrieved from the ID card is used to create a JWT. 2. The application sends the JWT to a mobile application or a website that started the authentication application with an intent at the beginning. 3. The authentication application closes itself. **Extensions:** -    3. The authentication application fails to close itself automatically. -        a. The user closes the application manually. + 3. The authentication application fails to close itself automatically. +  a. The user closes the application manually. **Related tasks** * [MOB-27](https://tvp-mobile-authentication.atlassian.net/browse/MOB-27) @@ -192,38 +192,37 @@ The authentication application Using the authentication application to log into a website **Preconditions:** The user has the authentication application installed on the mobile phone. -The NFC technology is enabled on the user’s smartphone and the user has given the authentication application the permission to use the NFC adapter. -The user has a valid ID card with NFC interface. -The website login process supports the authentication application. +NFC technology is enabled on the user’s smartphone and the user has given the authentication application the permission to use the NFC adapter. +The user has a valid ID card with an NFC interface. +A website that supports logging in with the authentication application is active in the device’s web browser. **Primary actor:** User **Main success scenario:** -1. The user has a website that supports logging in with the authentication application open on the smartphone’s mobile browser. -2. The user selects the authentication application option as a method for logging in. -3. The website starts the authentication application with an intent. -4. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application. -5. The authentication application asks the user to enter the PIN 1 of the ID card (includes Use Case #3). -6. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window. -7. The user puts the ID card against the smartphone. -8. The authentication application uses the provided CAN to establish a secure connection (PACE) with an ID card and PIN 1 to retrieve protected information from the ID Card. -9. The information retrieved from the ID card is used to generate a JWT that is delivered to the website that started the authentication application in step 1. +1. The user selects the authentication application option as a method for logging in. +2. The website starts the authentication application with an intent. +3. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application. +4. The authentication application asks the user to enter the PIN1 of the ID card (includes Use Case #3). +5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window. +6. The user puts the ID card against the smartphone. +7. The authentication application uses the provided CAN to establish a secure connection (PACE) with an ID card and PIN1 to retrieve protected information from the ID Card. +8. The information retrieved from the ID card is used to generate a JWT that is delivered to the website that started the authentication application in step 1. **Extensions:** -    3. The authentication application is not found. -        a. The website informs the user that the login process failed as the application could not be found. -    7. The user fails to put the ID card against the smartphone in the 90 second time window. -        a. The application cancels the authentication process. -        b. The user is directed back to the website. -    8a. The connection between the smartphone and the ID card is lost during the information exchange. -        a. The authentication application cancels the authentication process and the user is directed back to the website. -    8b. The CAN provided by the user did not match the CAN of the ID card. -        a. The application fails to establish a secure connection with the ID card via the NFC. -        b. The user is notified that the CAN provided was incorrect. -        c. The authentication process is cancelled and the user is directed back to the website without a result. -    8c. The PIN 1 provided by the user is not valid. -        a. The application fails to retrieve information protected by PIN 1 from the ID card. -        b. The user is notified that the provided PIN 1 was not correct. -        c. The authentication process is canceled and the user is directed back to the website without a result. + 2. The authentication application is not found. +  a. The website informs the user that the login process failed as the application could not be found. + 6. The user fails to put the ID card against the smartphone in the 90 second time window. +  a. The application cancels the authentication process. +  b. The user is directed back to the website. + 7a. The information exchange between the smartphone and ID card fails. +  a. The authentication application cancels the authentication process and the user is directed back to the website. + 7b. The CAN provided by the user did not match the CAN of the ID card. +  a. The application fails to establish a secure connection with the ID card via the NFC. +  b. The user is notified that the CAN provided was incorrect. +  c. The authentication process is cancelled and the user is directed back to the website without a result. + 7c. The PIN1 provided by the user is not valid. +  a. The application fails to retrieve information protected by PIN1 from the ID card. +  b. The user is notified that the provided PIN1 was not correct. +  c. The authentication process is canceled and the user is directed back to the website without a result. **Related tasks** * [MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16) @@ -245,7 +244,7 @@ User **Use Case Title:** Using the authentication application to give a signature on a website **Preconditions:** -The user has been already authenticated to the website using the authentication application and is currently logged in. +The user is logged in to a website using the authentication application. The website supports the signature process of the authentication application. **Primary actor:** User @@ -253,27 +252,27 @@ User 1. The user starts a process that requires a signature on a website. 2. The website launches the authentication application with an intent. 3. The application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application. -4. The application asks the user to enter a valid PIN 2 (includes Use Case #2). -5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window. +4. The application asks the user to enter a valid PIN2 (includes Use Case #2). +5. The application asks the user to put the ID card against the smartphone in the 90 second time window. 6. The user puts the ID card against the smartphone. -7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN 2 to retrieve protected information from the card. +7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN2 to retrieve protected information from the card. 8. The retrieved information is used to generate a JWT for signature that is then delivered to the website that launched the application. **Extensions:** -    2. The authentication application is not found. -        a. The website informs the user that the process of giving a signature has failed. -    6. The user fails to put the ID card against the smartphone in the 90 second time window. -        a. The authentication process is cancelled. -        b. The user is directed back to the website without a result. -    7a. The CAN provided by the user does not match the CAN of the ID card. -        a. The application fails to establish a secure connection with an ID card. -        b. The process is canceled and the user is returned to the website without a result. -    7b. The PIN 2 provided by the user is not valid. -        a. The application fails to retrieve necessary information from the ID card. -        b. The process is canceled and the user is returned to the website without a result. -    7c. The NFC connection between the ID card and the smartphone is lost during the communication. -        a. The application fails to retrieve information from the ID card. -        b. The process is canceled and the user is returned to the website without a result. + 2. The authentication application is not found. +  a. The website informs the user that the process of giving a signature has failed. + 6. The user fails to put the ID card against the smartphone in the 90 second time window. +  a. The authentication process is cancelled. +  b. The user is directed back to the website without a result. + 7a. The CAN provided by the user does not match the CAN of the ID card. +  a. The application fails to establish a secure connection with an ID card. +  b. The process is canceled and the user is returned to the website without a result. + 7b. The PIN2 provided by the user is not valid. +  a. The application fails to retrieve necessary information from the ID card. +  b. The process is canceled and the user is returned to the website without a result. + 7c. The NFC connection between the ID card and the smartphone is lost during the communication. +  a. The application fails to retrieve information from the ID card. +  b. The process is canceled and the user is returned to the website without a result. **Related tasks** * [MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16) @@ -296,8 +295,8 @@ User Using the authentication application to log into a mobile application running on the same smartphone. **Preconditions:** The user has the authentication application installed on the smartphone. -The NFC is enabled on the user’s smartphone and the user has given the authentication application the permission to use it. -The user has a valid ID card with NFC interface. +NFC is enabled on the user’s smartphone and the user has given the authentication application the permission to use it. +The user has a valid ID card with an NFC interface. The target mobile application’s login process supports the authentication application. **Primary actor:** User @@ -306,29 +305,29 @@ User 2. The user selects the authentication application as a means for logging in. 3. The mobile application starts the authentication application with an startActivityForResult intent. 4. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application. -5. The authentication application asks the user to enter the PIN 1 of the ID card (includes Use Case #2). +5. The authentication application asks the user to enter the PIN1 of the ID card (includes Use Case #2). 6. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window. 7. The user puts the ID card against the smartphone. -8. The authentication application uses the provided CAN to establish a secure connection with an ID card and PIN 1 to retrieve protected information from the ID Card. +8. The authentication application uses the provided CAN to establish a secure connection with an ID card and PIN1 to retrieve protected information from the ID Card. 9. The information retrieved from the ID card is used to generate a JWT and it is returned to the initial application that started the startActivityForResult intent with an OK message. **Extensions:** -    3. The authentication application is not found. -        a. The target application informs the user that the authentication process has failed. -    7. The user fails to put the ID card against the smartphone in the 90 second time window. -        a. The authentication process is canceled. -        b. The user is returned to the initial application without a result. -    8a. The connection between the smartphone and the ID card is lost. -        a. The authentication application cancels the authentication process. -        b. The user is returned to the initial application that started without a result. -    8b. The CAN provided by the user does not match the CAN of the ID card. -        a. The application fails to establish a secure connection with the ID card via the NFC. -        b. The user is notified that the CAN provided was incorrect. -        c. The authentication process is canceled and the user is directed back to the initial application without a result. -    8c. The PIN 1 provided by the user is not valid. -        a. The application fails to retrieve information protected by PIN 1 from the ID card. -        b. The user is notified that the provided PIN 1 was not correct. -        c. The authentication process is canceled and the user is returned to the initial application without a result. + 3. The authentication application is not found. +  a. The target application informs the user that the authentication process has failed. + 7. The user fails to put the ID card against the smartphone in the 90 second time window. +  a. The authentication process is canceled. +  b. The user is returned to the initial application without a result. + 8a. The connection between the smartphone and the ID card is lost. +  a. The authentication application cancels the authentication process. +  b. The user is returned to the initial application that started without a result. + 8b. The CAN provided by the user does not match the CAN of the ID card. +  a. The application fails to establish a secure connection with the ID card via the NFC. +  b. The user is notified that the CAN provided was incorrect. +  c. The authentication process is canceled and the user is directed back to the initial application without a result. + 8c. The PIN1 provided by the user is not valid. +  a. The application fails to retrieve information protected by PIN1 from the ID card. +  b. The user is notified that the provided PIN1 was not correct. +  c. The authentication process is canceled and the user is returned to the initial application without a result. **Related tasks** * [MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16) @@ -349,7 +348,6 @@ User **Use Case Title:** Using the authentication application to give a signature on a mobile application **Preconditions:** -The user has been already authenticated to the mobile application using the authentication application and is currently logged in. The mobile application supports the signature process of the authentication application. **Primary actor:** User @@ -357,27 +355,24 @@ User 1. The user starts a process that requires a signature on the mobile application. 2. The mobile application starts the authentication application with an startActivityForResult intent. 3. The authentication application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application. -4. The authentication application asks the user to enter a valid PIN 2 (includes Use Case #3). +4. The authentication application asks the user to enter a valid PIN2 (includes Use Case #3). 5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window. 6. The user puts the ID card against the smartphone. -7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN 2 to retrieve protected information from the card. +7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN2 to retrieve protected information from the card. 8. The information retrieved from the ID card is used to generate a JWT for signature and it is returned to the application that started the startActivityForResult intent with an OK message. **Extensions:** -    2. The authentication application is not found. -        a. The initial application informs the user that the process of giving a signature has failed. -    6. The user fails to put the ID card against the smart phone in the provided 90 second time window. -        a. The signature process is cancelled. -        b. The user is returned to the initial application without a result. -    7a. The CAN provided by the user does not match the CAN of the ID card. -        a. The application fails to establish a secure connection with an ID card. -        b. The process is canceled and the user is returned to the initial application without a result. -    7b. The PIN 2 provided by the user is not valid. -        a. The application fails to retrieve necessary information from the ID card. -        b. The process is canceled and the user is returned to the initial application without a result. -    7c. The NFC connection between the ID card and the smartphone is lost during the communication. -        a. The application fails to retrieve information from the ID card. -        b. The process is canceled and the user is returned to the initial application without a result. + 2. The authentication application is not found. +  a. The initial application informs the user that the process of giving a signature has failed. + 6. The user fails to put the ID card against the smart phone in the provided 90 second time window. +  a. The signature process is cancelled. +  b. The user is returned to the initial application without a result. + 7a. The PIN2 provided by the user is not valid. +  a. The application fails to retrieve necessary information from the ID card. +  b. The process is canceled and the user is returned to the initial application without a result. + 7b. The NFC connection between the ID card and the smartphone is lost during the communication. +  a. The application fails to retrieve information from the ID card. +  b. The process is canceled and the user is returned to the initial application without a result. **Related tasks** * [MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16)