From bc56cd40a47ac10fee0780393a50bf3f847abe2d Mon Sep 17 00:00:00 2001 From: ascheibal Date: Thu, 28 May 2020 23:33:42 +0200 Subject: [PATCH] upd (#36) --- docs/architecture-overview.md | 54 +++-------------------------------- 1 file changed, 4 insertions(+), 50 deletions(-) diff --git a/docs/architecture-overview.md b/docs/architecture-overview.md index 4b9af4e..0c7a64e 100644 --- a/docs/architecture-overview.md +++ b/docs/architecture-overview.md @@ -18,7 +18,7 @@ The primary scope of the component is to provide the verification server with in The Test Result Server provides test results of SARS-CoV-2 tests in a pseudonymized form to only the verification server as it requests such information. -![Overview Architecture](cwa-testresult-server.png) +![Overview Architecture](cwa-testresult-server.png) Figure 1: Components Testresult Server - The Corona-Warn-App is a system which requests test result status and obtains proofs. @@ -40,7 +40,7 @@ Proof is represented by a Transaction Authorization Number (TAN), which is not b # Software Design ## Privacy Constraints -The Test Result Server handles pseudonymised health data, this data needs a high level of protection. This is the reason why this component, although it does simple [CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) operations is put in an own component. +The Test Result Server handles pseudonymised health data, this data needs a high level of protection. This is the reason why this component, although it does simple [CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) operations is put in a separate component. The data is protected by several measures. ### Measures @@ -62,58 +62,12 @@ Primary key or pseudonymous data must not be part of a logging statement, the on All Logging level is kept to INFO except in case of abusement. Logfiles are kept for 30 days. -## Important Assumptions - -- Diagnosis Keys upload and TAN verification is executed only a defined number of times per user and test -- The whole process of verification and upload is pseudonym not anonym -- Only one single mobile device can access the test result via GUID and only this single one device is able to upload Diagnosis Keys - - ## Actors - **User/Patient**: Person, who is tested for SARS-CoV-2, is equipped with a smartphone, Corona Warn App installed - **Test Center**: Facility where the user can donate a probe to be tested for SARS-CoV-2, such as hospitals or practicing doctors - **Lab**: Facility which tests the probe of the user and produces a trusted test result on SARS-CoV-2. - **Verification Server**: Software service which proves that a user, who is taking part in the Corona Warn App and who is willing to file his Diagnosis Keys, has been really tested positive by an established authority -- **Lab Server**: Software service, that imports the test results provided by the Labs and stores them for further use. -- **Corona Warn App Backend**: Software service, which collects the Diagnosis Keys of users, proves them to be valid, i.e. they are really from an infected person and transmits them to other users who have been exposed to the user during last two weeks. -- **Hotline User**: user with the role “c19hotline” -- **Health Authority User**: user with the role “c19healthauthority” - -## Big Picture - User Journeys - -### User Journey TAN Verification based on integrated Laboratories - -![User Journey TAN Verification based on integrated Laboratories](https://github.com/corona-warn-app/cwa-documentation/raw/master/images/solution_architecture/figure_3.svg?sanitize=true ) - - -Steps: -1. Scan the QR Code from the document provided by the test center/doctor -[You can use numbers for reference-style link definitions][1] defined in User Story E07.01 – Scan QR Code with mobile App -1. Create a long term Registration Token -- implemented in Use Case Create Registration Token -3. Generate Registration Token -4. Store Registration Token in mobile App -5. Polling for result, at a regular interval the mobile app uses the Registration Token to request the result of the test -- defined in User Story E07.02 – Notify user if a test result is available -- partly implemented in Use Case Get Test Result -6. The Lab Server is requested whether a result is available, for interface definition see [Lab Server API] -7. The Lab Server is returning the Test result, if no test is available a result with state “pending” is returned -8. The result is returned to the mobile App -9. The mobile app will request a TAN if a positive test result becomes available -- defined in User Story E07.04 Upload my Diagnosis Keys -- implemented in Use Case Create TAN -10. A TAN is generated by the Verification Server and the TAN is stored hashed at the Verification Server -11. The TAN is delivered to the mobile App -12. The App obtains the Diagnosis Keys and sends them together with the TAN string to the Corona Warn App Backend -- defined in User Story E07.04 Upload my Diagnosis Keys -13. The Corona Warn App Backend verifies the upload request, by verifying the TAN at the Verification Server, to avoid false positive warnings and duplicate warnings. -defined in User Story E06.01 – Avoid false positive reports -14. The Verification Server verifies the TAN and returns the result of the verification -- implemented in Use Case Verify TAN -15. The result is returned to the Corona-Warn-App Backend -16. The Corona-Warn-App Backend processes the Diagnosis Keys. - -Subsequent Diagnosis Keys upload will repeat the steps 9. until 16. +- **Testresult Server**: Software service, that imports the test results provided by the Labs and stores them for further use. ## Supported User Stories @@ -197,7 +151,7 @@ All data is deleted after 14 days. |Role| Authentication |Comment| | ------------- |:-------------:| -----:| -|GW to connected Labors (/lab/result Endpoint) | TLS Client Certificate, 2nd factor IP Range | Endpoint is exposed to an other securiy zone +|GW to connected Labs (/lab/result Endpoint) | TLS Client Certificate, 2nd factor IP Range | Endpoint is exposed to an other securiy zone |cwa-verification-server| Signed JWT, verification of signature | ## Threat Model