Use Cases - TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC GitHub Wiki
NB! Use cases #1, #2 and #3 are only used in the include relationships with other use cases. These three use cases are not independent, but are duplicated in most of the other use cases so extracting them was necessary to avoid repetition, keep the use cases as concise as possible and improve readability.
Use Case #1
Use Case Title:
Enter CAN (Card Authentication Number) of the ID card
Preconditions:
The authentication application is running on the phone.
The UI layout that asks the user for CAN is active.
Primary actor:
User
Main success scenario:
- The application asks the user to insert a valid CAN.
- The user enters CAN into the provided input field.
- The system checks if the length of the entered CAN is 6.
- The CAN is automatically saved.
Extensions:
No extensions
Related tasks:
MOB-37, MOB-39, MOB-40
Related mockups:
- Asking for PIN 1
- Asking for PIN 2
- When CAN hasn't been entered yet
- View for adding CAN
- When added CAN is invalid
- The default view
- View for displaying public info
Use Case #2
Use Case Title:
Enter PIN1 of the ID card
Preconditions:
The authentication application is running on the phone.
The UI layout that asks the user for PIN1 input is active.
Primary actor:
User
Main success scenario:
- The application asks the user to insert a valid PIN1.
- The user enters PIN1 into the allocated input field and then clicks on the βcontinueβ button.
- The system checks the length of the entered PIN1 to make sure that its length is an integer in the range [4, 12].
Extensions:
β3. The length of the PIN1 that the user entered in the input field is not an integer in the range [4, 12].
ββa. The system cancels the action triggered by the "continue" button so that the user can change the entered PIN1.
Related mockups:
Use Case #3
Use Case Title:
Enter PIN2 of the ID card
Preconditions:
The authentication application is running on the phone.
The UI layout that asks the user for PIN2 input is active.
Primary actor:
User
Main success scenario:
- The application asks the user to insert a valid PIN2.
- The user enters PIN2 into the allocated input field and then clicks on the βnextβ button.
- The system checks the length of the entered PIN2 to make sure that its length is an integer in the range [5, 12].
Extensions:
β3. The length of the PIN2 that the user entered in the input field is not an integer in the range [5, 12].
ββa. The system cancels the action triggered by the next button so the user can change the entered PIN2.
Related mockups:
Use Case #4
Use Case Title:
Save CAN of the ID card on the phone
Preconditions:
The mobile authentication application is installed on the userβs smartphone.
The application is allowed to store information on the userβs smartphone.
The CAN is not saved at the start.
Primary actor:
User
Main success scenario:
- The user opens the settings menu from the home screen of the application.
- The user chooses the option to save the CAN of the ID card.
- The application asks the user to enter a CAN (includes Use Case #1).
- The application notifies the user that the CAN has been saved to the application and displays it to the user in the settings menu.
Extensions:
None
Related tasks:
MOB-37, MOB-38, MOB-40, MOB-52, MOB-53
Related mockups:
- Asking for PIN 1
- Asking for PIN 2
- When CAN hasn't been entered yet
- View for adding CAN
- When added CAN is invalid
- The default view
- View for displaying public info
Use Case #5
Use Case Title:
Display the public information of the ID card in the authentication application
Preconditions:
The mobile authentication application is installed on the userβs smartphone.
The smartphone has NFC capability and it is enabled and the user has given the application the permission to use the smartphone's NFC adapter.
The user has a valid Estonian ID-card with NFC interface.
Primary actor:
User
Main success scenario:
- The application asks the user to save the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
- The application tells the user to touch the smartphone with the ID card.
- The user puts the ID card against the smartphone.
- The application notifies the user that the ID-card has been detected and establishes a PACE connection with the ID card using the CAN provided by the user previously in the step 1.
- The application retrieves from the card: first name, last name, national identification number, expiration date, citizenship and sex of the card owner.
- The application notifies the user that reading the information from the ID card is completed.
- The application displays the retrieved information to the user in a formatted way.
Extensions:
β3. The user fails to put the ID card against the smartphone.
ββa. The system keeps waiting for the card as long as the application is active.
β4a. The CAN provided by the user does not match the CAN on the ID card.
ββa. The application fails to establish a secure connection with the ID card over the NFC connection.
ββb. The application notifies the user that the CAN provided was not valid and returns the user to the home screen.
ββc. The application deletes the saved CAN.
β4b. The ID card is moved away from the smartphone NFC range before the information exchange between the smartphone and the ID card is completed.
ββa. The application notifies the user that the connection to the ID card was lost and gives user the option to try again.
Related tasks:
MOB-10, MOB-16, MOB-18, MOB-37, MOB-39, MOB-40, MOB-52, MOB-53
Related mockups:
- Asking for PIN 1
- Asking for PIN 1 when PIN is inserted
- Asking for PIN 2
- Asking for PIN 2 when PIN is inserted
- When user inserts an invalid PIN
- When CAN hasn't been entered yet
- View for adding CAN
- When added CAN is invalid
- The default view
- View for displaying public info
- Error when NFC isn't active on the phone or when NFC rights aren't given for the app
Use Case #6
Use Case Title:
Use biometric authentication to enter PIN1 during the authentication process
NB! Biometric authentication does not replace the need to use PIN1 for the authentication process, but it is a convenience feature that makes entering PIN1 faster as it is done automatically when fingerprint is used, thus saving the user a few seconds of time each time they use the application for authentication.
Preconditions:
The userβs phone has a fingerprint sensor.
The user has given the application permissions to use this feature.
The user has enabled biometric authentication in the applicationβs settings menu before the start of the authentication process.
The user has saved a valid PIN1 to the biometric authentication method.
Primary actor:
User
Main success scenario:
1. The system displays a biometric authentication dialog that asks the user to touch a fingerprint sensor on the smartphone when PIN1 is needed during the authentication process.
2. The user touches a fingerprint sensor on the smartphone.
3. The system detects the fingerprint.
4. The application enters PIN1 for the user automatically.
Extensions:
β1. The system is unable to access the smartphone's biometric authentication functionality.
ββa. The application notifies the user that biometric authentication is currently unavailable.
ββb. The application asks the user to enter PIN1 manually (includes Use Case #2).
β3. The biometric authentication functionality does not accept the fingerprint provided by the user.
ββa. The application notifies the user that biometric authentication has failed because the provided fingerprint does not match the expected fingerprint.
ββb. The application asks the user to enter PIN1 manually (includes Use Case #2).
β4. The PIN1 saved to the biometric authentication method is not valid.
ββa. The system is not able to retrieve information from the ID card with an invalid PIN1.
ββb. The application notifies the user that the PIN1 entered was not valid and cancels the authentication process.
ββc. The application turns off biometric authentication mode until a new PIN1 is saved to this feature in the settings menu in order to avoid future use of this feature with an invalid PIN1.
Related tasks:
MOB-28, MOB-37, MOB-38, MOB-53
Related mockups:
Use Case #7
Use Case Title:
Application automatically closes itself at the end of the authentication process
Preconditions:
The authentication application has been started by an intent coming from a different application or a website opened in the mobile browser on the same smartphone.
The information has already been retrieved from the ID card.
Primary actor:
The authentication application
Main success scenario:
- The system uses information retrieved from the ID card to create a JWT.
- The application sends the JWT to a mobile application or website that initially started the authentication application with an intent.
- The authentication application closes itself.
Extensions:
β3. The authentication application fails to close itself automatically.
ββa. The user closes the application manually.
Related mockups:
Use Case #8
Use Case Title:
Use the authentication application to log into a website
Preconditions:
The user has the authentication application installed on the mobile phone.
NFC technology is enabled on the userβs smartphone and the user has given the authentication application the permission to use the NFC adapter.
The user has a valid ID card with an NFC interface.
A website that supports logging in with the authentication application is active in the deviceβs web browser.
Primary actor:
User
Main success scenario:
- The user selects the authentication application option as a method for logging in.
- The website starts the authentication application with an intent.
- The application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
- The application asks the user to enter the PIN1 of the ID card (includes Use Case #3) if it is not saved to the application.
- The application asks the user to put the ID card against the smartphone in the 90 second time window.
- The user puts the ID card against the smartphone.
- The application uses the provided CAN to establish a secure connection (PACE) with an ID card and PIN1 to retrieve protected information from the ID Card.
- The application uses information retrieved from the ID card to generate a JWT and delivers it to the website that started the authentication application in step 1.
Extensions:
β2. The authentication application is not found.
ββa. The website informs the user that the login process failed as the application could not be found.
β6. The user fails to put the ID card against the smartphone in the 90 second time window.
ββa. The application cancels the authentication process.
ββb. The application directs the user back to the website.
β7a. The information exchange between the smartphone and ID card fails.
ββa. The application cancels the authentication process and directs the user back to the website.
β7b. The CAN provided by the user did not match the CAN of the ID card.
ββa. The application fails to establish a secure connection with the ID card via the NFC.
ββb. The application notifies the user that the provided CAN was incorrect.
ββc. The application cancels the authentication process and directs the user back to the website along with a corresponding response.
β7c. The PIN1 provided by the user is not valid.
ββa. The application fails to retrieve information protected by PIN1 from the ID card.
ββb. The application notifies the user that the provided PIN1 was not correct.
ββc. The application cancels the authentication process and directs the user back to the website along with a corresponding response.
Related tasks:
MOB-16, MOB-18, MOB-21, MOB-23, MOB-25, MOB-37, MOB-40, MOB-42, MOB-43, MOB-44, MOB-48, MOB-52, MOB-53
Related mockups:
- Asking for PIN 1
- Asking for PIN 2
- The default view
- View for displaying public info
- Error when NFC isn't active on the phone or when NFC rights aren't given for the app
Use Case #9
Use Case Title:
Use the authentication application to give a signature on a website
Preconditions:
The user is logged in to a website using the authentication application.
The website supports the signature process of the authentication application.
Primary actor:
User
Main success scenario:
1. The user starts a process that requires a signature on a website.
2. The website launches the authentication application with an intent.
3. The application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
4. The application asks the user to enter a valid PIN2 (includes Use Case #2).
5. The application asks the user to put the ID card against the smartphone in the 90 second time window.
6. The user puts the ID card against the smartphone.
7. The application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.
8. The application uses the retrieved information to generate a JWT for signature and delivers it to the website that launched the application.
Extensions:
β2. The authentication application is not found.
ββa. The website informs the user that the process of giving a signature has failed.
β4. The user fails to put the ID card against the smartphone in the 90 second time window.
ββa. The application cancels the authentication process.
ββb. The application directs the user back to the website along with a corresponding response.
β7a. The CAN provided by the user does not match the CAN of the ID card.
ββa. The application fails to establish a secure connection with an ID card.
ββb. The application cancels the process and returns the user to the website along with a corresponding response.
β7b. The PIN2 provided by the user is not valid.
ββa. The application fails to retrieve necessary information from the ID card.
ββb. The application cancels the process and returns the user to the website along with a corresponding response.
β7c. The NFC connection between the ID card and the smartphone is lost during the communication.
ββa. The application fails to retrieve information from the ID card.
ββb. The application cancels the process and returns the user to the website along with a corresponding response.
Related tasks:
MOB-16, MOB-18, MOB-22, MOB-23, MOB-25, MOB-37, MOB-40, MOB-42, MOB-43, MOB-44, MOB-45, MOB-50, MOB-52, MOB-53
Related mockups:
Asking for PIN 1Asking for PIN 2The default viewView for displaying public infoError when NFC isn't active on the phone or when NFC rights aren't given for the app
Use Case #10
Use Case Title:
Use the authentication application to log into a mobile application running on the same device.
Preconditions:
The user has the authentication application installed on the smartphone.
NFC is enabled on the userβs smartphone and the user has given the authentication application the permission to use it.
The user has a valid ID card with an NFC interface.
The target mobile applicationβs login process supports the authentication application.
Primary actor:
User
Main success scenario:
- The user has the application that supports logging in with the authentication application open on the smartphone.
- The user selects the authentication application as a means for logging in.
- The mobile application starts the authentication application with an startActivityForResult intent.
- The authentication application asks the user to enter the CAN of the ID card (includes Use Case #1) if it is not saved to the application.
- The authentication application asks the user to enter the PIN1 of the ID card (includes Use Case #2) if it is not saved to the application.
- The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
- The user puts the ID card against the smartphone.
- The authentication application uses the provided CAN to establish a secure connection with an ID card and PIN1 to retrieve protected information from the ID Card.
- The authentication application uses the information retrieved from the ID card to generate a JWT and returns it to the initial application that started the startActivityForResult intent with an OK message.
Extensions:
β3. The authentication application is not found.
ββa. The target application informs the user that the authentication process has failed.
β7. The user fails to put the ID card against the smartphone in the 90 second time window.
ββa. The authentication application cancels the authentication process.
ββb. The application returns the user to the initial application along with a corresponding response.
β8a. The connection between the smartphone and the ID card is lost.
ββa. The authentication application cancels the authentication process and returns the user to the initial application along with a corresponding response.
β8b. The CAN provided by the user does not match the CAN of the ID card.
ββa. The authentication application fails to establish a secure connection with the ID card via the NFC.
ββb. The application notifies the user that the CAN provided was incorrect.
ββc. The application cancels the authentication process and returns the user back to the initial application along with a corresponding response.
β8c. The PIN1 provided by the user is not valid.
ββa. The authentication application fails to retrieve information protected by PIN1 from the ID card.
ββb. The application notifies the user that the provided PIN1 was incorrect.
ββc. The application cancels the authentication process and returns the user back to the initial application along with a corresponding response.
Related tasks:
MOB-16, MOB-18, MOB-21, MOB-23, MOB-25, MOB-37, MOB-40, MOB-41, MOB-43, MOB-44, MOB-48, MOB-52, MOB-53
Related mockups:
- Asking for PIN 1
- Asking for PIN 2
- The default view
- View for displaying public info
- Error when NFC isn't active on the phone or when NFC rights aren't given for the app
Use Case #11
Use Case Title:
Use the authentication application to give a signature on a mobile application
Preconditions:
The mobile application supports the signature process of the authentication application.
Primary actor:
User
Main success scenario:
1. The user starts a process that requires a signature on the mobile application.
2. The mobile application starts the authentication application with an startActivityForResult intent.
3. The authentication application asks the user to enter a valid CAN of the ID card (includes Use Case #1) if it is not saved to the application.
4. The authentication application asks the user to enter a valid PIN2 (includes Use Case #3).
5. The authentication application asks the user to put the ID card against the smartphone in the 90 second time window.
6. The user puts the ID card against the smartphone.
7. The authentication application uses the provided CAN to establish a secure connection with an ID card using NFC technology and then PIN2 to retrieve protected information from the card.
8. The application uses the information retrieved from the ID card to generate a JWT for signature and returns it along with an OK message to the application that started the startActivityForResult intent.
Extensions:
β2. The authentication application is not found.
ββa. The initial application informs the user that the process of giving a signature has failed.
β6. The user fails to put the ID card against the smart phone in the provided 90 second time window.
ββa. The authentication application cancels the signature process.
ββb. The application returns the user to the initial application along with a corresponding response.
β7a. The CAN provided by the user does not match the CAN of the ID card.
ββa. The system fails to establish a secure connection with the ID card via NFC.
ββb. The authentication application notifies the user that the CAN provided was incorrect.
β7b. The PIN2 provided by the user is not valid.
ββa. The application fails to retrieve necessary information from the ID card.
ββb. The application cancels the process and returns the user to the initial application along with a corresponding response.
β7c. The NFC connection between the ID card and the smartphone is lost during the communication.
ββa. The application fails to retrieve information from the ID card.
ββb. The application cancels the process and returns the user to the initial application along with a corresponding response.
Related tasks:
MOB-16, MOB-18, MOB-22, MOB-23, MOB-25, MOB-37, MOB-40, MOB-41, MOB-43, MOB-44, MOB-50, MOB-52, MOB-53
Related mockups:
Asking for PIN 1Asking for PIN 2The default viewView for displaying public infoError when NFC isn't active on the phone or when NFC rights aren't given for the app
Use Case #12 (new)
Use Case Title:
Save PIN 1 of the ID card on the phone
Preconditions:
The mobile authentication application is installed on the userβs smartphone.
The application is allowed to store information on the userβs smartphone.
The PIN 1 is not saved at the start.
Primary actor:
User
Main success scenario:
- The user opens the settings menu from the home screen of the application.
- The user chooses the option to save the PIN 1 of the ID card.
- The application asks the user to enter a PIN 1 (includes Use Case #2).
- The application notifies the user that the PIN 1 has been saved to the application and displays it to the user in the settings menu.
Extensions:
None
The use case was previously missing as the user story for this functionality was missing as well.