arti/Estonian-ID-card-mobile-authenticator-POC
1
0
Fork 0
mirror of https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git synced 2024-11-22 13:51:00 +02:00
Code Packages Releases Wiki Activity

Clarifiyed use cases

Henrik Lepson 2021-12-06 18:46:29 +02:00
parent e292a15590
commit f9323a6b5a
1 changed files with 117 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

231
Use-Cases.md

@ -90,13 +90,14 @@ Save CAN of the ID card on the phone
**Preconditions:**
The mobile authentication application is installed on the users smartphone.
The application is allowed to store information on the users smartphone.
The CAN is not saved at the start.
**Primary actor:**
User
**Main success scenario:**
1. The user opens the settings menu from the home screen of the application.
2. The user chooses the option to save the CAN of the ID card.
3. The application asks the user to enter a CAN (includes Use Case #1).
4. The application notifies the user that the CAN has been saved to the application and displays it to the user.
4. The application notifies the user that the CAN has been saved to the application and displays it to the user in the settings menu.
**Extensions:**
None
@ -159,42 +160,42 @@ User
* [Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)
# **~~Use Case #6~~ NOT GOING TO IMPLEMENTED**
**Use Case Title:**
Use biometric authentication to enter PIN1 during the authentication process
_NB! Biometric authentication does not replace the need to use PIN1 for the authentication process, but it is a convenience feature that makes entering PIN1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication._
**Preconditions:**
The users phone has a fingerprint sensor.
The user has given the application permissions to use this feature.
The user has enabled biometric authentication in the applications settings menu before the start of the authentication process.
The user has saved a valid PIN1 to the biometric authentication method.
**Primary actor:**
User
**Main success scenario:**
1. The system displays a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN1 is needed during the authentication process.
2. The user touches a fingerprint sensor on the smartphone.
3. The system detects the fingerprint.
4. The application enters PIN1 for the user automatically.
# **~~Use Case #6~~**
**~~Use Case Title:~~**
~~Use biometric authentication to enter PIN1 during the authentication process~~
~~_NB! Biometric authentication does not replace the need to use PIN1 for the authentication process, but it is a convenience feature that makes entering PIN1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication._~~
**~~Preconditions:~~**
~~The users phone has a fingerprint sensor.~~
~~The user has given the application permissions to use this feature.~~
~~The user has enabled biometric authentication in the applications settings menu before the start of the authentication process.~~
~~The user has saved a valid PIN1 to the biometric authentication method.~~
**~~Primary actor:~~**
~~User~~
**~~Main success scenario:~~**
~~1. The system displays a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN1 is needed during the authentication process.~~
~~2. The user touches a fingerprint sensor on the smartphone.~~
~~3. The system detects the fingerprint.~~
~~4. The application enters PIN1 for the user automatically.~~
**Extensions:**
 1. The system is unable to access the smartphone's biometric authentication functionality.
  a. The application notifies the user that biometric authentication is currently unavailable.
  b. The application asks the user to enter PIN1 manually (includes Use Case #2).
 3. The biometric authentication functionality does not accept the fingerprint provided by the user.
  a. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint.
  b. The application asks the user to enter PIN1 manually (includes Use Case #2).
 4. The PIN1 saved to the biometric authentication method is not valid.
  a. The system is not able to retrieve information from the ID card with an invalid PIN1.
  b. The application notifies the user that the PIN1 entered was not valid and cancels the authentication process.
  c. The application turns off biometric authentication mode until a new PIN1 is saved to this feature in the settings menu in order to avoid future use of this feature with an invalid PIN1.
**~~Extensions:~~**
~~ 1. The system is unable to access the smartphone's biometric authentication functionality.~~
~~  a. The application notifies the user that biometric authentication is currently unavailable.~~
~~  b. The application asks the user to enter PIN1 manually (includes Use Case #2).~~
~~ 3. The biometric authentication functionality does not accept the fingerprint provided by the user.~~
~~  a. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint.~~
~~  b. The application asks the user to enter PIN1 manually (includes Use Case #2).~~
~~ 4. The PIN1 saved to the biometric authentication method is not valid.~~
~~  a. The system is not able to retrieve information from the ID card with an invalid PIN1.~~
~~  b. The application notifies the user that the PIN1 entered was not valid and cancels the authentication process.~~
~~  c. The application turns off biometric authentication mode until a new PIN1 is saved to this feature in the settings menu in order to avoid future use of this feature with an invalid PIN1.~~
**Related tasks:**
[MOB-28](https://tvp-mobile-authentication.atlassian.net/browse/MOB-28), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-38](https://tvp-mobile-authentication.atlassian.net/browse/MOB-38), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)
~~**Related tasks:**~~
~~[MOB-28](https://tvp-mobile-authentication.atlassian.net/browse/MOB-28), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-38](https://tvp-mobile-authentication.atlassian.net/browse/MOB-38), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)~~
**Related mockups:**
* [When CAN hasn't been entered yet](https://i.imgur.com/5KgWrki.png)
* [View for adding CAN](https://imgur.com/MHyr2Br)
* [When added CAN is invalid](https://imgur.com/kRBBhv8)
~~**Related mockups:**~~
* ~~[When CAN hasn't been entered yet](https://i.imgur.com/5KgWrki.png)~~
* ~~[View for adding CAN](https://imgur.com/MHyr2Br)~~
* ~~[When added CAN is invalid](https://imgur.com/kRBBhv8)~~
# **Use Case #7**
**Use Case Title:**
@ -235,7 +236,7 @@ User
1. The user selects the authentication application option as a method for logging in.
2. The website starts the authentication application with an intent.
3. The application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
4. The application asks the user to enter the PIN1 of the ID card (includes Use Case #3).
4. The application asks the user to enter the PIN1 of the ID card (includes Use Case #3) if it is not saved to the application.
5. The application asks the user to put the ID card against the smartphone in the 90 second time window.
6. The user puts the ID card against the smartphone.
7. The application uses the provided CAN to establish a secure connection (PACE) with an ID card and PIN1 to retrieve protected information from the ID Card.
@ -269,49 +270,49 @@ User
* [Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)
# **Use Case #9**
**Use Case Title:**
Use the authentication application to give a signature on a website
**Preconditions:**
The user is logged in to a website using the authentication application.
The website supports the signature process of the authentication application.
**Primary actor:**
User
**Main success scenario:**
1. The user starts a process that requires a signature on a website.
2. The website launches the authentication application with an intent.
3. The application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
4. The application asks the user to enter a valid PIN2 (includes Use Case #2).
5. The application asks the user to put the ID card against the smartphone in the 90 second time window.
6. The user puts the ID card against the smartphone.
7. The application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.
8. The application uses the retrieved information to generate a JWT for signature and delivers it to the website that launched the application.
# **~~Use Case #9~~**
**~~Use Case Title:~~**
~~Use the authentication application to give a signature on a website~~
~~**Preconditions:**~~
~~The user is logged in to a website using the authentication application.~~
~~The website supports the signature process of the authentication application.~~
~~**Primary actor:**~~
~~User~~
~~**Main success scenario:**~~
~~1. The user starts a process that requires a signature on a website.~~
~~2. The website launches the authentication application with an intent.~~
~~3. The application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.~~
~~4. The application asks the user to enter a valid PIN2 (includes Use Case #2).~~
~~5. The application asks the user to put the ID card against the smartphone in the 90 second time window.~~
~~6. The user puts the ID card against the smartphone.~~
~~7. The application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.~~
~~8. The application uses the retrieved information to generate a JWT for signature and delivers it to the website that launched the application.~~
**Extensions:**
 2. The authentication application is not found.
  a. The website informs the user that the process of giving a signature has failed.
 4. The user fails to put the ID card against the smartphone in the 90 second time window.
  a. The application cancels the authentication process.
  b. The application directs the user back to the website along with a corresponding response.
 7a. The CAN provided by the user does not match the CAN of the ID card.
  a. The application fails to establish a secure connection with an ID card.
  b. The application cancels the process and returns the user to the website along with a corresponding response.
 7b. The PIN2 provided by the user is not valid.
  a. The application fails to retrieve necessary information from the ID card.
  b. The application cancels the process and returns the user to the website along with a corresponding response.
 7c. The NFC connection between the ID card and the smartphone is lost during the communication.
  a. The application fails to retrieve information from the ID card.
  b. The application cancels the process and returns the user to the website along with a corresponding response.
~~**Extensions:**~~
~~ 2. The authentication application is not found.~~
~~  a. The website informs the user that the process of giving a signature has failed.~~
~~ 4. The user fails to put the ID card against the smartphone in the 90 second time window.~~
~~  a. The application cancels the authentication process.~~
~~  b. The application directs the user back to the website along with a corresponding response.~~
~~ 7a. The CAN provided by the user does not match the CAN of the ID card.~~
~~  a. The application fails to establish a secure connection with an ID card.~~
~~  b. The application cancels the process and returns the user to the website along with a corresponding response.~~
~~ 7b. The PIN2 provided by the user is not valid.~~
~~  a. The application fails to retrieve necessary information from the ID card.~~
~~  b. The application cancels the process and returns the user to the website along with a corresponding response.~~
~~ 7c. The NFC connection between the ID card and the smartphone is lost during the communication.~~
~~  a. The application fails to retrieve information from the ID card.~~
~~  b. The application cancels the process and returns the user to the website along with a corresponding response.~~
**Related tasks:**
[MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16), [MOB-18](https://tvp-mobile-authentication.atlassian.net/browse/MOB-18), [MOB-22](https://tvp-mobile-authentication.atlassian.net/browse/MOB-22), [MOB-23](https://tvp-mobile-authentication.atlassian.net/browse/MOB-23), [MOB-25](https://tvp-mobile-authentication.atlassian.net/browse/MOB-25), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-40](https://tvp-mobile-authentication.atlassian.net/browse/MOB-40), [MOB-42](https://tvp-mobile-authentication.atlassian.net/browse/MOB-42), [MOB-43](https://tvp-mobile-authentication.atlassian.net/browse/MOB-43), [MOB-44](https://tvp-mobile-authentication.atlassian.net/browse/MOB-44), [MOB-45](https://tvp-mobile-authentication.atlassian.net/browse/MOB-45), [MOB-50](https://tvp-mobile-authentication.atlassian.net/browse/MOB-50), [MOB-52](https://tvp-mobile-authentication.atlassian.net/browse/MOB-52), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)
~~**Related tasks:**~~
~~[MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16), [MOB-18](https://tvp-mobile-authentication.atlassian.net/browse/MOB-18), [MOB-22](https://tvp-mobile-authentication.atlassian.net/browse/MOB-22), [MOB-23](https://tvp-mobile-authentication.atlassian.net/browse/MOB-23), [MOB-25](https://tvp-mobile-authentication.atlassian.net/browse/MOB-25), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-40](https://tvp-mobile-authentication.atlassian.net/browse/MOB-40), [MOB-42](https://tvp-mobile-authentication.atlassian.net/browse/MOB-42), [MOB-43](https://tvp-mobile-authentication.atlassian.net/browse/MOB-43), [MOB-44](https://tvp-mobile-authentication.atlassian.net/browse/MOB-44), [MOB-45](https://tvp-mobile-authentication.atlassian.net/browse/MOB-45), [MOB-50](https://tvp-mobile-authentication.atlassian.net/browse/MOB-50), [MOB-52](https://tvp-mobile-authentication.atlassian.net/browse/MOB-52), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)~~
**Related mockups:**
* [Asking for PIN 1](https://i.imgur.com/Z5DIeiO.png)
* [Asking for PIN 2](https://i.imgur.com/tXmu1P0.png)
* [The default view](https://i.imgur.com/wC2yOsk.png)
* [View for displaying public info](https://i.imgur.com/WqX4pmH.png)
* [Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)
~~**Related mockups:**~~
* ~~[Asking for PIN 1](https://i.imgur.com/Z5DIeiO.png)~~
* ~~[Asking for PIN 2](https://i.imgur.com/tXmu1P0.png)~~
* ~~[The default view](https://i.imgur.com/wC2yOsk.png)~~
* ~~[View for displaying public info](https://i.imgur.com/WqX4pmH.png)~~
* ~~[Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)~~
# **Use Case #10**
@ -329,7 +330,7 @@ User
2. The user selects the authentication application as a means for logging in.
3. The mobile application starts the authentication application with an startActivityForResult intent.
4. The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
5. The authentication application asks the user to enter the PIN1 of the ID card (includes Use Case #2).
5. The authentication application asks the user to enter the PIN1 of the ID card (includes Use Case #2) if it is not saved to the application.
6. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
7. The user puts the ID card against the smartphone.
8. The authentication application uses the provided CAN to establish a secure connection with an ID card and PIN1 to retrieve protected information from the ID Card.
@ -363,45 +364,45 @@ User
* [Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)
# **Use Case #11**
**Use Case Title:**
Use the authentication application to give a signature on a mobile application
**Preconditions:**
The mobile application supports the signature process of the authentication application.
**Primary actor:**
User
**Main success scenario:**
1. The user starts a process that requires a signature on the mobile application.
2. The mobile application starts the authentication application with an startActivityForResult intent.
3. The authentication application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
4. The authentication application asks the user to enter a valid PIN2 (includes Use Case #3).
5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
6. The user puts the ID card against the smartphone.
7. The authentication application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.
8. The application uses the information retrieved from the ID card to generate a JWT for signature and returns it along with an OK message to the application that started the startActivityForResult intent.
# **~~Use Case #11~~**
~~**Use Case Title:**~~
~~Use the authentication application to give a signature on a mobile application~~
~~**Preconditions:**~~
~~The mobile application supports the signature process of the authentication application.~~
~~**Primary actor:**~~
~~User~~
~~**Main success scenario:**~~
~~1. The user starts a process that requires a signature on the mobile application.~~
~~2. The mobile application starts the authentication application with an startActivityForResult intent.~~
~~3. The authentication application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.~~
~~4. The authentication application asks the user to enter a valid PIN2 (includes Use Case #3).~~
~~5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.~~
~~6. The user puts the ID card against the smartphone.~~
~~7. The authentication application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.~~
~~8. The application uses the information retrieved from the ID card to generate a JWT for signature and returns it along with an OK message to the application that started the startActivityForResult intent.~~
**Extensions:**
 2. The authentication application is not found.
  a. The initial application informs the user that the process of giving a signature has failed.
 6. The user fails to put the ID card against the smart phone in the provided 90 second time window.
  a. The authentication application cancels the signature process.
  b. The application returns the user to the initial application along with a corresponding response.
 7a. The CAN provided by the user does not match the CAN of the ID card.
  a. The system fails to establish a secure connection with the ID card via NFC.
  b. The authentication application notifies the user that the CAN provided was incorrect.
 7b. The PIN2 provided by the user is not valid.
  a. The application fails to retrieve necessary information from the ID card.
  b. The application cancels the process and returns the user to the initial application along with a corresponding response.
 7c. The NFC connection between the ID card and the smartphone is lost during the communication.
  a. The application fails to retrieve information from the ID card.
  b. The application cancels the process and returns the user to the initial application along with a corresponding response.
~~**Extensions:**~~
~~ 2. The authentication application is not found.~~
~~  a. The initial application informs the user that the process of giving a signature has failed.~~
~~ 6. The user fails to put the ID card against the smart phone in the provided 90 second time window.~~
~~  a. The authentication application cancels the signature process.~~
~~  b. The application returns the user to the initial application along with a corresponding response.~~
~~ 7a. The CAN provided by the user does not match the CAN of the ID card.~~
~~  a. The system fails to establish a secure connection with the ID card via NFC.~~
~~  b. The authentication application notifies the user that the CAN provided was incorrect.~~
~~ 7b. The PIN2 provided by the user is not valid.~~
~~  a. The application fails to retrieve necessary information from the ID card.~~
~~  b. The application cancels the process and returns the user to the initial application along with a corresponding response.~~
~~ 7c. The NFC connection between the ID card and the smartphone is lost during the communication.~~
~~  a. The application fails to retrieve information from the ID card.~~
~~  b. The application cancels the process and returns the user to the initial application along with a corresponding response.~~
**Related tasks:**
[MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16), [MOB-18](https://tvp-mobile-authentication.atlassian.net/browse/MOB-18), [MOB-22](https://tvp-mobile-authentication.atlassian.net/browse/MOB-22), [MOB-23](https://tvp-mobile-authentication.atlassian.net/browse/MOB-23), [MOB-25](https://tvp-mobile-authentication.atlassian.net/browse/MOB-25), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-40](https://tvp-mobile-authentication.atlassian.net/browse/MOB-40), [MOB-41](https://tvp-mobile-authentication.atlassian.net/browse/MOB-41), [MOB-43](https://tvp-mobile-authentication.atlassian.net/browse/MOB-43), [MOB-44](https://tvp-mobile-authentication.atlassian.net/browse/MOB-44), [MOB-50](https://tvp-mobile-authentication.atlassian.net/browse/MOB-50), [MOB-52](https://tvp-mobile-authentication.atlassian.net/browse/MOB-52), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)
~~**Related tasks:**~~
~~[MOB-16](https://tvp-mobile-authentication.atlassian.net/browse/MOB-16), [MOB-18](https://tvp-mobile-authentication.atlassian.net/browse/MOB-18), [MOB-22](https://tvp-mobile-authentication.atlassian.net/browse/MOB-22), [MOB-23](https://tvp-mobile-authentication.atlassian.net/browse/MOB-23), [MOB-25](https://tvp-mobile-authentication.atlassian.net/browse/MOB-25), [MOB-37](https://tvp-mobile-authentication.atlassian.net/browse/MOB-37), [MOB-40](https://tvp-mobile-authentication.atlassian.net/browse/MOB-40), [MOB-41](https://tvp-mobile-authentication.atlassian.net/browse/MOB-41), [MOB-43](https://tvp-mobile-authentication.atlassian.net/browse/MOB-43), [MOB-44](https://tvp-mobile-authentication.atlassian.net/browse/MOB-44), [MOB-50](https://tvp-mobile-authentication.atlassian.net/browse/MOB-50), [MOB-52](https://tvp-mobile-authentication.atlassian.net/browse/MOB-52), [MOB-53](https://tvp-mobile-authentication.atlassian.net/browse/MOB-53)~~
**Related mockups:**
* [Asking for PIN 1](https://i.imgur.com/Z5DIeiO.png)
* [Asking for PIN 2](https://i.imgur.com/tXmu1P0.png)
* [The default view](https://i.imgur.com/wC2yOsk.png)
* [View for displaying public info](https://i.imgur.com/WqX4pmH.png)
* [Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)
~~**Related mockups:**~~
* ~~[Asking for PIN 1](https://i.imgur.com/Z5DIeiO.png)~~
* ~~[Asking for PIN 2](https://i.imgur.com/tXmu1P0.png)~~
* ~~[The default view](https://i.imgur.com/wC2yOsk.png)~~
* ~~[View for displaying public info](https://i.imgur.com/WqX4pmH.png)~~
* ~~[Error when NFC isn't active on the phone or when NFC rights aren't given for the app](https://i.imgur.com/nizDiXG.png)~~