Data Register¶
This chapter comprises a register of all data that is exchanged between the components listed in the decomposition.
In the following table all data is listed with the following information:
- Name: Name of the data by which the data is referenced in the sequence diagrams.
- Processors: Which role or component processes the data
- Contains: What data is contained in complex data types
- Description: Short description of the purpose of the data
The name of data is made up of domain, purpose and type of the data, separated by an underscore:
- Domain: Acronym in lower case of a component or role from the decomposition that produces or controls the data, as
introduced above, e.g.
ppfor PID Provider. - Purpose: Description of the purpose or content of the data in one (maximum two) strings.
- Type: For complex data types the type results from purpose and does not have to be specified separately. Furthermore,
we differentiate:
- prvk - for a private key of asymmetric key pair
- pubk - for a public key of asymmetric key pair
- pop - for a proof of possession of a private key of asymmetric key pair
- symk - for a symmetric key
- id - for an identifier
- nonce - for a number used only once
With regard to data processing, we distinguish between:
- P - producer of the data
- L - long-term storage of the data
- LE - long-term storage of the data but encrypted
- LH - long-term storage of the data but hardware backed
- in case of the Wallet Instance, this is the local Hardware Key Store (HKS), e.g. TEE, Strongbox, Secure Enclave
- in case of Wallet Backend, PID Provider and optionally Relying Party, this is an Hardware Security Module (HSM) or HSM based Key Management System (KMS)
- S - short-term storage of the data for a specific transaction
| Name | User | WB | RWSCD | WI | HKS | PP | RP | PAP | MDVMP | Contains | Description |
|---|---|---|---|---|---|---|---|---|---|---|---|
| wb_mac_symk | - | P, L | - | - | - | - | - | - | - | Symmetric key to ensure integrity and authenticity of WB messages, i.e. used to authenticate the wb_auth_challenge with a MAC. | |
| wb_auth_challenge | - | P, S | - | S | - | - | - | - | - | Challenge containing a nonce and timestamp for ensuring freshness of requests towards WB, MACed with wb_mac_symk. | |
| wb_wi_id | - | P, L | - | LE, S | - | - | - | - | - | Universally unique identifier of a WI at the WB. | |
| wi_wb_auth_prvk | - | - | - | P, LH | - | - | - | - | Private key of asymmetric key pair for authenticating WI towards WB. | ||
| wi_wb_auth_pubk | - | L | - | S | P, LH | - | - | - | - | Public key of asymmetric key pair for authenticating WI towards WB. | |
| wi_wb_register_pop | - | S | - | P | - | - | - | - | - | wb_auth_challenge, wi_wb_auth_pubk | Proof of possession of wi_wb_auth_prvk for wallet registration process. |
| wi_wb_auth_pop | - | S | - | P | - | - | - | - | - | wb_auth_challenge | Proof of possession of wi_wb_auth_prvk for issuance of wallet attestation process. |
| wi_app_attest_challenge | - | S | - | P | - | - | - | S | - | Hash used as a challenge for ensuring freshness and session binding for PAP's app attestation. | |
| pap_app_attest | - | S | - | S | - | - | - | P, S | - | wi_app_attest_challenge | Attestation of PAP (Apple/Google) about the integrity of WI and UD. |
| wi_wia_prvk | - | - | - | - | P, LH | - | - | - | - | Private key of asymmetric key pair for authenticating wi_wia_pop. | |
| wi_wia_pubk | - | S | - | S | P, LH | - | - | - | - | Public key of asymmetric key pair for authenticating wi_wia_pop. | |
| wi_wia_pop | - | - | - | P, S | - | S | - | - | - | pp_wia_pop_nonce | Proof of possession of wi_wia_prvk, may include a challenge, e.g. from PID Provider. |
| wb_wia | - | P, S | - | S | - | S | - | - | - | wi_wia_pubk, wb_client_id | Short lived Wallet Instance Attestation (WIA), only used once, signed by wb_wia_auth_prvk. |
| wb_wia_auth_prvk | - | P, LH | - | - | - | - | - | - | - | Private key of asymmetric key pair to ensure integrity and authenticity of Wallet Instance Attestations towards Issuers and Relying Parties. | |
| wb_wia_auth_pubk | - | P, LH | - | - | - | L | - | - | - | Public key of asymmetric key pair to ensure integrity and authenticity of Wallet Instance Attestations towards Issuers. | |
| rwscd_mac_symk | - | - | P, L | - | - | - | - | - | - | Symmetric key to ensure integrity and authenticity of RWSCD messages, i.e. used to authenticate the rwscd_auth_challenge with a MAC. | |
| rwscd_auth_challenge | - | - | P, S | S | - | - | - | - | - | Challenge containing a nonce and timestamp for ensuring freshness of requests towards RWSCD, MACed with rwscd_mac_symk. | |
| wi_rwscd_auth_prvk | - | - | - | - | P, LH | - | - | - | - | Private key of asymmetric key pair for authenticating the User towards the RWSCD. Possession factor of user's MFA to approve presentations of credentials bound to the RWSCD. | |
| wi_rwscd_auth_pubk | - | - | L | S | P, LH | - | - | - | - | Public key of asymmetric key pair for authenticating the User towards the RWSCD. | |
| rasp_instance_id | - | - | L | L | - | - | - | - | P, L | Universally unique identifier of a WI at the RASP. | |
| wi_rwscd_register_pop | - | - | S | P, S | - | - | - | - | - | rwscd_auth_challenge, wi_rwscd_auth_pubk, wi_rwscd_pin_pubk | Proof of possession of wi_rwscd_auth_prvk and wi_rwscd_pin_prvk authenticating the request towards the RWSCD for the process of Remote WSCD registration. |
| wi_rwscd_auth_pop | - | - | S | P, S | - | - | - | - | - | rwscd_auth_challenge, wi_rwscd_operation_request | Proof of possession of wi_rwscd_auth_prvk and wi_rwscd_pin_prvk authenticating the request towards the RWSCD for the process of Remote WSCD operation. |
| user_rwscd_pin | P,L | - | - | S | - | - | - | - | - | Knowledge factor of user's MFA to approve presentations of credentials bound to the RWSCD. | |
| wi_rwscd_pin_salt | - | - | - | P, L | - | - | - | - | - | Cryptographic key used as salt for deriving wi_rwscd_pin_prvk and wi_rwscd_pin_pubk based on user_rwscd_pin entered by the user. | |
| wi_rwscd_pin_prvk | - | - | - | P, S | - | - | - | - | - | Private key of asymmetric key pair for authenticating the user’s user_rwscd_pin to the RWSCD. | |
| wi_rwscd_pin_pubk | - | - | L | P, S | - | - | - | - | - | Public key of asymmetric key pair for authenticating the user’s user_rwscd_pin to the RWSCD. | |
| rwscd_account_id | - | - | P, L | LE, S | - | - | - | - | - | Universally unique identifier of a WI at the RWSCD. | |
| rwscd_pin_retry_counter | S | - | P, L | - | - | - | - | - | - | Retry Counter for the user_rwscd_pin, managed by the Remote WSCD. | |
| wi_rwscd_operation_request | - | - | S | P, S | - | - | - | - | - | An operation that is requested by the WI to be performed by the RWSCD, e.g. to create keys or sign data. | |
| rwscd_operation_result | - | - | P, S | S | - | - | - | - | - | The result of the operation created by the RWSCD with the help of the Remote KMS Provider that was requested by the WI. | |
| rwscd_key_id | - | - | P, L | L | - | - | - | - | - | Unique identifier of a cryptographic key (pair) at the RWSCD. | |
| pp_meta_data | - | - | - | S | - | P, L | - | - | - | Public configuration and metadata of the PP. | |
| pp_wia_pop_nonce | - | - | - | S | - | P, S | - | - | - | Challenge provided by PP to be used by WI for the WIA proof of possession. | |
| wi_pkce_code_verifier | - | - | - | P, S | - | S | - | - | - | Nonce to ensure secure binding between Authorization and Token Request. | |
| wi_pkce_code_challenge | - | - | - | P, S | - | S | - | - | - | Hash of the PKCE Code Verifier acting as a challenge to ensure secure binding between Authorization and Token Request. | |
| wb_client_id | - | P, L | - | L | - | S | - | - | - | OAuth client identifier that represents the Wallet Solution. | |
| pp_par_request_uri | - | - | - | S | - | P, S | - | - | - | URL linking to the PP and an associated issuance session from the Pushed Authorization Request as part of the OpenID4VCI protocol. | |
| es_tc_token | - | - | - | S | - | P, S | - | - | - | pp_refresh_url | Token used to transmit the information required to establish a trustworthy channel between the WI and the eID-Server. |
| pp_refresh_url | - | - | - | S | - | P, S | - | - | - | URL linking to the PP and an associated issuance session from the German eID protocol. | |
| user_eid_pin | P, L | - | - | - | - | - | - | - | - | Knowledge factor of user's German eID Card to authorize presentation of eID data. | |
| es_eid_data | L | - | - | - | - | S | S | - | - | The eID data read by the eID-Server from the eID Card containing the user's personal attributes. The data is actually stored in the user's eID card. | |
| pp_authorization_code | - | - | - | S | - | P, S | - | - | - | Token issued by the PP after successful authorization phase. | |
| wi_fake_dpop | - | - | - | P, S | - | S | - | - | - | Proof of possession of a local key, only used to receive a pp_rt_dpop_nonce from PP (protocol-related necessity). | |
| pp_rt_dpop_nonce | - | - | - | S | - | P, S | - | - | - | Challenge provided by PP to be used by WI for the DPoP proof of possession for access/refresh tokens. | |
| rwscd_rt_prvk | - | - | P, LH | - | - | - | - | - | - | Private key of asymmetric key pair for securing access/refresh tokens. | |
| rwscd_rt_pubk | - | - | P, LH | S | - | S | - | - | - | Public key of asymmetric key pair for securing access/refresh tokens. | |
| rwscd_rt_wte | - | - | P, L | S | - | L | - | - | - | pp_rt_dpop_nonce, rwscd_rt_pubk | Long-lived Wallet Trust Evidence for issuing the refresh token, only used once, signed by rwscd_wte_auth_prvk. |
| rwscd_wte_auth_prvk | - | - | P, LH | - | - | - | - | - | - | Private key of asymmetric key pair for issuance of WTEs securing its integrity and authenticity. | |
| rwscd_wte_auth_pubk | - | - | P, LH | - | - | L | - | - | - | Public key of asymmetric key pair for issuance of WTEs securing its integrity and authenticity. | |
| wi_rt_dpop | - | - | - | P, S | - | S | - | - | - | pp_rt_dpop_nonce, rwscd_rt_pubk | Proof of possession of rwscd_rt_prvk authenticating the access/refresh token towards the PP. |
| pp_access_token | - | - | - | S | - | P, S | - | - | - | Token issued by the PP that authorizes issuance of PID credentials. | |
| pp_refresh_token | - | - | - | LE | - | P, S | - | - | - | es_eid_data | Token issued by the PP that authorizes issuance of new access tokens. |
| pp_c_nonce | - | - | S | S | - | P, S | - | - | - | Challenge provided by PP to be used by WI and its RWSCD for freshness of rwscd_pid_device_wte and the contained rwscd_pid_device_pubk[]. | |
| rwscd_pid_device_prvk | - | - | P, LH | - | - | - | - | - | - | Private key of asymmetric key pair for securing presentations of pp_pid_credential. | |
| rwscd_pid_device_pubk | - | - | P, LH | LE | - | S | - | - | - | Public key of asymmetric key pair for securing presentations of pp_pid_credential. | |
| rwscd_pid_device_wte | - | - | P | S | - | L | - | - | - | pp_c_nonce, rwscd_pid_device_pubk | Long-lived Wallet Trust Evidence for issuing PID credentials, only used once, signed by rwscd_wte_auth_prvk. |
| pp_pid_credential | - | - | - | LE | - | P, S | - | - | - | rwscd_pid_device_pubk, pp_pid_auth_pubk, es_eid_data | Long-lived PID Credential, only used once, signed by pp_pid_auth_prvk. |
| pp_pid_auth_prvk | - | - | - | - | - | P, LH | - | - | - | Private key of asymmetric key pair for issuance of pp_pid_credential securing its integrity and authenticity. | |
| pp_pid_auth_pubk | - | - | - | - | - | P, LH | L | - | - | Public key of asymmetric key pair for issuance of pp_pid_credential securing its integrity and authenticity. | |
| rp_response_enc_prvk | - | - | - | - | - | - | P, S | - | - | Private key of asymmetric key pair for application-level encryption of PID presentation. | |
| rp_response_enc_pubk | - | - | - | S | - | - | P, S | - | - | Public key of asymmetric key pair for application-level encryption of PID presentation. | |
| rp_access_cert_priv | - | - | - | - | - | - | P,LH | - | - | Private key of asymmetric key pair for authenticating the RP. | |
| rp_access_cert_pub | - | - | - | - | - | - | P,LH | - | - | Public key of asymmetric key pair for authenticating the RP. | |
| rp_access_cert | - | - | - | S | - | - | L | - | - | Certificate for authenticating the identity of the RP. | |
| rp_registration_cert | - | - | - | S | - | - | L | - | - | rp_access_cert_pub | Certificate for authenticating the intended use of the RP. |
| rp_client_id | - | - | - | S | - | - | L | - | - | OAuth client identifier that represents the RP. | |
| rp_openid4vp_request | - | - | - | S | - | - | P, S | - | - | rp_access_cert, rp_access_cert, rp_dcql_query, rp_key_binding_nonce | OpenID4VP request signed by rp_access_cert_priv. |
| rp_cookie_id | - | - | - | S | - | - | P, S | - | - | HTTP cookie identifying the browser session. | |
| rp_openid4vp_state | - | - | - | S | - | - | P, S | - | - | Nonce identifying the OpenID4VP session. | |
| rp_dcql_query | - | - | - | S | - | - | P, S | - | - | JSON data structure provided by RP that defines the requested credentials. | |
| rp_key_binding_nonce | - | - | - | S | - | - | P, S | - | - | Challenge provided by RP for the keybinding proof of possession. | |
| rp_request_uri | - | - | - | S | - | - | P, S | - | - | URL linking to the rp_openid4vp_request. | |
| wi_key_binding_data | - | - | - | P, S | - | - | S | - | - | rp_key_binding_nonce, rp_client_id | JSON data structure used for key binding of pp_pid_credential. |
| wi_key_binding_data_hash | - | - | S | P, S | - | - | S | - | - | wi_key_binding_data | Hash of wi_key_binding_data. |
| rwscd_key_binding_signature | - | - | P, S | S | - | - | S | - | - | Signature of wi_key_binding_data using rwscd_pid_device_prvk. | |
| wi_pid_presentation | - | - | - | P, S | - | - | S | - | - | pp_pid_credential, wi_key_binding_data, rwscd_key_binding_signature | Presentation of pp_pid_credential with key binding. |
| wi_response_enc_prvk | - | - | - | P, S | - | - | - | - | - | Private key of asymmetric key pair for application-level encryption of PID presentation. | |
| wi_response_enc_pubk | - | - | - | P, S | - | - | S | - | - | Public key of asymmetric key pair for application-level encryption of PID presentation. | |
| wi_openid4vp_response | - | - | - | P, S | - | - | S | - | - | encrypted wi_pid_presentation,rp_openid4vp_state | OpenID4VP Response containing encrypted wi_pid_presentation. |
| rp_response_uri | - | - | - | S | - | - | P, L | - | - | URL provided by the RP for the Wallet to send wi_openid4vp_response to. | |
| rp_redirect_uri | - | - | - | S | - | - | P, S | - | - | URL provided by the RP for the Wallet to redirect into the browser session. |