mirror of
https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git
synced 2024-11-22 22:00:59 +02:00
More use cases added as part of iteration 2
parent
453770a7d0
commit
8f50370d48
315
Use-Cases.md
315
Use-Cases.md
@ -1,58 +1,293 @@
|
|||||||
**Use Case #1**
|
_NB! Use cases #1, #2 and #3 are only used in the include relationships with other use cases. These three use cases are not independent, but are duplicated in most of the other use cases so extracting them was necessary to avoid repetition, keep the use cases as concise as possible and improve readability._
|
||||||
|
|
||||||
|
**Use Case #1**
|
||||||
**Use Case Title:**
|
**Use Case Title:**
|
||||||
User authentication for the test website.
|
Entering CAN (Card Authentication Number) of the ID card
|
||||||
**Preconditions:**
|
**Preconditions:**
|
||||||
The user has the authentication mobile application installed on his/her smartphone.
|
The authentication application is running on the phone.
|
||||||
The user’s phone supports NFC technology.
|
The UI layout that asks the user for CAN is active.
|
||||||
The user has given the application permissions that it requires, so that the application can use NFC technology and communicate with the web service.
|
|
||||||
The user has an ID-card with NFC interface.
|
|
||||||
**Primary actor:**
|
**Primary actor:**
|
||||||
User
|
User
|
||||||
**Main success scenario:**
|
**Main success scenario:**
|
||||||
1. The user starts a login process on the website and selects the mobile authentication application option.
|
1. The application asks the user to insert a valid CAN.
|
||||||
2. The website launches the authentication application on the user’s smartphone.
|
2. The user enters CAN into the provided input field and then clicks on the “next” button.
|
||||||
3. The user places the ID-card against the mobile phone (near the NFC chip of the mobile). (Use Case #2)
|
3. The system checks the length of the entered CAN to make sure that its length equals 6.
|
||||||
4. The application asks the user to enter a valid PIN.
|
|
||||||
5. The application generates a web-eID compatible JWT.
|
|
||||||
6. The token is delivered to the website that started the authentication process.
|
|
||||||
7. The user is logged into the website.
|
|
||||||
|
|
||||||
**Extensions:**
|
**Extensions:**
|
||||||
1. The authentication application is not found.
|
3. The length of the CAN entered by the user is not 6.
|
||||||
a. The website informs the user that the login process failed.
|
a. The action of the next button is cancelled.
|
||||||
3. The connection between ID-card and smartphone is not established.
|
b. The user is allowed to change the entered CAN.
|
||||||
a. The application cancels the authentication process.
|
|
||||||
b. The user is directed back to the website.
|
|
||||||
4. The user enters an invalid PIN.
|
|
||||||
a. Max retries are not exceeded - The user is asked to enter the PIN again.
|
|
||||||
b. Max retries are exceeded - ID-card authentication feature will be disabled. Application notifies the user.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
**Use Case #2**
|
**Use Case #2**
|
||||||
|
|
||||||
**Use Case Title:**
|
**Use Case Title:**
|
||||||
Detecting a nearby ID-card.
|
Entering PIN 1 of the ID card
|
||||||
**Preconditions:**
|
**Preconditions:**
|
||||||
The mobile authentication app is active.
|
The authentication application is running on the phone.
|
||||||
The user has an ID-card with NFC interface.
|
The UI layout that asks the user for PIN 1 input is active.
|
||||||
The ID-card is currently not in the range of the mobile NFC chip.
|
|
||||||
**Primary actor:**
|
**Primary actor:**
|
||||||
User
|
User
|
||||||
**Main success scenario:**
|
**Main success scenario:**
|
||||||
1. The authentication app notifies the user that the ID-card is currently not being detected.
|
1. The application asks the user to insert a valid PIN 1.
|
||||||
2. The user puts the ID-card against the NFC chip of the smartphone.
|
2. The user enters PIN 1 into the allocated input field and then clicks on the “next” button.
|
||||||
3. The app notifies the user that the ID-card has been detected.
|
3. The system checks the length of the entered PIN 1 to make sure that its length is an integer in the range [4, 12].
|
||||||
|
|
||||||
**Extensions:**
|
**Extensions:**
|
||||||
2a. The user fails to put the ID-card against the NFC chip.
|
3. The length of the PIN 1 that the user entered in the input field is not an integer in the range [4, 12].
|
||||||
a. The app keeps waiting for the user (timeout will be decided in the future).
|
a. The action triggered by the next button is cancelled.
|
||||||
b. The user puts the ID-card against the NFC chip.
|
b. The user is allowed to change the entered PIN 1.
|
||||||
c. The authentication process continues.
|
|
||||||
2b. The user closes the app.
|
**Use Case #3**
|
||||||
a. The authentication process is cancelled.
|
**Use Case Title:**
|
||||||
3. The user uses an invalid or expired ID-card
|
Entering PIN 2 of the ID card
|
||||||
a. The app notifies the user that the ID-card is not valid.
|
**Preconditions:**
|
||||||
b. The app keeps waiting for the user.
|
The authentication application is running on the phone.
|
||||||
|
The UI layout that asks the user for PIN 2 input is active.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The application asks the user to insert a valid PIN 2.
|
||||||
|
2. The user enters PIN 2 into the allocated input field and then clicks on the “next” button.
|
||||||
|
3. The system checks the length of the entered PIN 2 to make sure that its length is an integer in the range [5, 12].
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
3. The length of the PIN 2 that the user entered in the input field is not an integer in the range [5, 12].
|
||||||
|
a. The action triggered by the next button is cancelled.
|
||||||
|
b. The user is allowed to change the entered PIN 2.
|
||||||
|
|
||||||
|
**Use Case #4**
|
||||||
|
**Use Case Title:**
|
||||||
|
Saving the CAN number of the ID card on the phone
|
||||||
|
**Preconditions:**
|
||||||
|
The mobile authentication application is installed on the user’s smartphone.
|
||||||
|
The application is allowed to store information on the user’s smartphone.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user opens the settings menu from the home screen of the application.
|
||||||
|
2. The user chooses the option to save the CAN number of the ID card.
|
||||||
|
3. The user is asked to enter a CAN number (includes Use Case #1).
|
||||||
|
4. The application notifies the user that the CAN number has been saved to the application and displays it to the user.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
None
|
||||||
|
|
||||||
|
**Use Case #5**
|
||||||
|
**Use Case Title:**
|
||||||
|
Displaying the public information of the ID card in the authentication application
|
||||||
|
**Preconditions:**
|
||||||
|
The mobile authentication application is installed on the user’s smartphone.
|
||||||
|
The smartphone has NFC capability and it is enabled and the user has given the application the permission to use the smartphone's NFC adapter.
|
||||||
|
The user has a valid Estonian ID-card with NFC interface.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user clicks the “begin” button on the home screen of the authentication application to start the process.
|
||||||
|
2. The application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
|
||||||
|
3. The application tells the user to touch the smartphone with the ID card in the given 90 second time window.
|
||||||
|
4. The user puts the ID card against the smartphone.
|
||||||
|
5. The application notifies the user that the ID-card has been detected and establishes a PACE connection with the ID card using the CAN provided by the user previously in the step 2.
|
||||||
|
6. The application retrieves the first name, the last name and the national identification number of the ID card owner from the ID card.
|
||||||
|
7. The application notifies the user that reading the information from the ID card is completed.
|
||||||
|
8. The application displays the retrieved information to the user in a formatted way.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
4. The user fails to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
a. The process is cancelled and the user is returned to the home screen of the application.
|
||||||
|
5a. The CAN provided by the user does not match the CAN number on the ID card.
|
||||||
|
a. The application fails to establish a secure connection with the ID card over the NFC connection.
|
||||||
|
b. The application notifies the user that the CAN provided was not valid and the user is returned to the home screen.
|
||||||
|
5b. The ID card is moved away from the smartphone NFC range before the information exchange between the smartphone and the ID card is completed.
|
||||||
|
a. The application notifies the user that the connection to the ID card was lost and the user is returned to the home screen.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
**Use Case #6**
|
||||||
|
**Use Case Title:**
|
||||||
|
Using biometric authentication to enter PIN 1 during the authentication process
|
||||||
|
_NB! Biometric authentication does not replace the need to use PIN 1 for the authentication process, but it is a convenience feature that makes entering PIN 1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication._
|
||||||
|
**Preconditions:**
|
||||||
|
The user’s phone has a fingerprint sensor.
|
||||||
|
The user has given the application permissions to use this feature.
|
||||||
|
The user has enabled biometric authentication in the application’s settings menu before the start of the authentication process.
|
||||||
|
The user has saved a valid PIN 1 to the biometric authentication method.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user is shown a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN 1 is needed during the authentication process.
|
||||||
|
2. The user touches a fingerprint sensor on the smartphone.
|
||||||
|
3. The fingerprint is detected and the application enters PIN 1 for the user automatically.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
1. The system is unable to access the smartphone's biometric authentication functionality.
|
||||||
|
a. The application notifies the user that biometric authentication is currently unavailable.
|
||||||
|
b. The user is asked to enter PIN 1 manually (includes Use Case #2).
|
||||||
|
2. The biometric authentication functionality does not accept the fingerprint provided by the user.
|
||||||
|
a. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint.
|
||||||
|
b. The user is asked to enter PIN 1 manually (includes Use Case #2).
|
||||||
|
3. The PIN 1 saved to the biometric authentication method is not valid.
|
||||||
|
a. The system is not able to retrieve information from the ID card with an invalid PIN 1.
|
||||||
|
b. The user is notified that the PIN 1 entered was not valid and the authentication process is cancelled.
|
||||||
|
c. The biometric authentication mode is automatically turned off by the application in the settings menu until a new PIN 1 is saved to this feature in order to avoid future use of this feature with an invalid PIN 1.
|
||||||
|
|
||||||
|
**Use Case #7**
|
||||||
|
**Use Case Title:**
|
||||||
|
Application automatically closes itself at the end of the authentication process
|
||||||
|
**Preconditions:**
|
||||||
|
The authentication application has been started by an intent coming from a different application or a website opened in the mobile browser on the same smartphone.
|
||||||
|
The information has already been retrieved from the ID card.
|
||||||
|
**Primary actor:**
|
||||||
|
The authentication application
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The information that has been retrieved from the ID card is used to create a JWT.
|
||||||
|
2. The application sends the JWT to a mobile application or a website that started the authentication application with an intent at the beginning.
|
||||||
|
3. The authentication application closes itself.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
3. The authentication application fails to close itself automatically.
|
||||||
|
a. The user closes the application manually.
|
||||||
|
|
||||||
|
**Use Case #8**
|
||||||
|
**Use Case Title:**
|
||||||
|
Using the authentication application to log into a website
|
||||||
|
**Preconditions:**
|
||||||
|
The user has the authentication application installed on the mobile phone.
|
||||||
|
The NFC technology is enabled on the user’s smartphone and the user has given the authentication application the permission to use the NFC adapter.
|
||||||
|
The user has a valid ID card with NFC interface.
|
||||||
|
The website login process supports the authentication application.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user has a website that supports logging in with the authentication application open on the smartphone’s mobile browser.
|
||||||
|
2. The user selects the authentication application option as a method for logging in.
|
||||||
|
3. The website starts the authentication application with an intent.
|
||||||
|
4. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
|
||||||
|
5. The authentication application asks the user to enter the PIN 1 of the ID card (includes Use Case #3).
|
||||||
|
6. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
7. The user puts the ID card against the smartphone.
|
||||||
|
8. The authentication application uses the provided CAN to establish a secure connection (PACE) with an ID card and PIN 1 to retrieve protected information from the ID Card.
|
||||||
|
9. The information retrieved from the ID card is used to generate a JWT that is delivered to the website that started the authentication application in step 1.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
3. The authentication application is not found.
|
||||||
|
a. The website informs the user that the login process failed as the application could not be found.
|
||||||
|
7. The user fails to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
a. The application cancels the authentication process.
|
||||||
|
b. The user is directed back to the website.
|
||||||
|
8a. The connection between the smartphone and the ID card is lost during the information exchange.
|
||||||
|
a. The authentication application cancels the authentication process and the user is directed back to the website.
|
||||||
|
8b. The CAN provided by the user did not match the CAN of the ID card.
|
||||||
|
a. The application fails to establish a secure connection with the ID card via the NFC.
|
||||||
|
b. The user is notified that the CAN provided was incorrect.
|
||||||
|
c. The authentication process is cancelled and the user is directed back to the website without a result.
|
||||||
|
8c. The PIN 1 provided by the user is not valid.
|
||||||
|
a. The application fails to retrieve information protected by PIN 1 from the ID card.
|
||||||
|
b. The user is notified that the provided PIN 1 was not correct.
|
||||||
|
c. The authentication process is canceled and the user is directed back to the website without a result.
|
||||||
|
|
||||||
|
**Use Case #9**
|
||||||
|
**Use Case Title:**
|
||||||
|
Using the authentication application to give a signature on a website
|
||||||
|
**Preconditions:**
|
||||||
|
The user has been already authenticated to the website using the authentication application and is currently logged in.
|
||||||
|
The website supports the signature process of the authentication application.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user starts a process that requires a signature on a website.
|
||||||
|
2. The website launches the authentication application with an intent.
|
||||||
|
3. The application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
|
||||||
|
4. The application asks the user to enter a valid PIN 2 (includes Use Case #2).
|
||||||
|
5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
6. The user puts the ID card against the smartphone.
|
||||||
|
7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN 2 to retrieve protected information from the card.
|
||||||
|
8. The retrieved information is used to generate a JWT for signature that is then delivered to the website that launched the application.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
2. The authentication application is not found.
|
||||||
|
a. The website informs the user that the process of giving a signature has failed.
|
||||||
|
6. The user fails to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
a. The authentication process is cancelled.
|
||||||
|
b. The user is directed back to the website without a result.
|
||||||
|
7a. The CAN provided by the user does not match the CAN of the ID card.
|
||||||
|
a. The application fails to establish a secure connection with an ID card.
|
||||||
|
b. The process is canceled and the user is returned to the website without a result.
|
||||||
|
7b. The PIN 2 provided by the user is not valid.
|
||||||
|
a. The application fails to retrieve necessary information from the ID card.
|
||||||
|
b. The process is canceled and the user is returned to the website without a result.
|
||||||
|
7c. The NFC connection between the ID card and the smartphone is lost during the communication.
|
||||||
|
a. The application fails to retrieve information from the ID card.
|
||||||
|
b. The process is canceled and the user is returned to the website without a result.
|
||||||
|
|
||||||
|
**Use Case #10**
|
||||||
|
**Use Case Title:**
|
||||||
|
Using the authentication application to log into a mobile application running on the same smartphone.
|
||||||
|
**Preconditions:**
|
||||||
|
The user has the authentication application installed on the smartphone.
|
||||||
|
The NFC is enabled on the user’s smartphone and the user has given the authentication application the permission to use it.
|
||||||
|
The user has a valid ID card with NFC interface.
|
||||||
|
The target mobile application’s login process supports the authentication application.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user has the application that supports logging in with the authentication application open on the smartphone.
|
||||||
|
2. The user selects the authentication application as a means for logging in.
|
||||||
|
3. The mobile application starts the authentication application with an startActivityForResult intent.
|
||||||
|
4. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
|
||||||
|
5. The authentication application asks the user to enter the PIN 1 of the ID card (includes Use Case #2).
|
||||||
|
6. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
7. The user puts the ID card against the smartphone.
|
||||||
|
8. The authentication application uses the provided CAN to establish a secure connection with an ID card and PIN 1 to retrieve protected information from the ID Card.
|
||||||
|
9. The information retrieved from the ID card is used to generate a JWT and it is returned to the initial application that started the startActivityForResult intent with an OK message.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
3. The authentication application is not found.
|
||||||
|
a. The target application informs the user that the authentication process has failed.
|
||||||
|
7. The user fails to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
a. The authentication process is canceled.
|
||||||
|
b. The user is returned to the initial application without a result.
|
||||||
|
8a. The connection between the smartphone and the ID card is lost.
|
||||||
|
a. The authentication application cancels the authentication process.
|
||||||
|
b. The user is returned to the initial application that started without a result.
|
||||||
|
8b. The CAN provided by the user does not match the CAN of the ID card.
|
||||||
|
a. The application fails to establish a secure connection with the ID card via the NFC.
|
||||||
|
b. The user is notified that the CAN provided was incorrect.
|
||||||
|
c. The authentication process is canceled and the user is directed back to the initial application without a result.
|
||||||
|
8c. The PIN 1 provided by the user is not valid.
|
||||||
|
a. The application fails to retrieve information protected by PIN 1 from the ID card.
|
||||||
|
b. The user is notified that the provided PIN 1 was not correct.
|
||||||
|
c. The authentication process is canceled and the user is returned to the initial application without a result.
|
||||||
|
|
||||||
|
**Use Case #11**
|
||||||
|
**Use Case Title:**
|
||||||
|
Using the authentication application to give a signature on a mobile application
|
||||||
|
**Preconditions:**
|
||||||
|
The user has been already authenticated to the mobile application using the authentication application and is currently logged in.
|
||||||
|
The mobile application supports the signature process of the authentication application.
|
||||||
|
**Primary actor:**
|
||||||
|
User
|
||||||
|
**Main success scenario:**
|
||||||
|
1. The user starts a process that requires a signature on the mobile application.
|
||||||
|
2. The mobile application starts the authentication application with an startActivityForResult intent.
|
||||||
|
3. The authentication application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
|
||||||
|
4. The authentication application asks the user to enter a valid PIN 2 (includes Use Case #3).
|
||||||
|
5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
|
||||||
|
6. The user puts the ID card against the smartphone.
|
||||||
|
7. The application uses the provided CAN to establish a secure connection with an ID card using the NFC technology and then PIN 2 to retrieve protected information from the card.
|
||||||
|
8. The information retrieved from the ID card is used to generate a JWT for signature and it is returned to the application that started the startActivityForResult intent with an OK message.
|
||||||
|
|
||||||
|
**Extensions:**
|
||||||
|
2. The authentication application is not found.
|
||||||
|
a. The initial application informs the user that the process of giving a signature has failed.
|
||||||
|
6. The user fails to put the ID card against the smart phone in the provided 90 second time window.
|
||||||
|
a. The signature process is cancelled.
|
||||||
|
b. The user is returned to the initial application without a result.
|
||||||
|
7a. The CAN provided by the user does not match the CAN of the ID card.
|
||||||
|
a. The application fails to establish a secure connection with an ID card.
|
||||||
|
b. The process is canceled and the user is returned to the initial application without a result.
|
||||||
|
7b. The PIN 2 provided by the user is not valid.
|
||||||
|
a. The application fails to retrieve necessary information from the ID card.
|
||||||
|
b. The process is canceled and the user is returned to the initial application without a result.
|
||||||
|
7c. The NFC connection between the ID card and the smartphone is lost during the communication.
|
||||||
|
a. The application fails to retrieve information from the ID card.
|
||||||
|
b. The process is canceled and the user is returned to the initial application without a result.
|
||||||
|
Loading…
Reference in New Issue
Block a user