4.9 Reading Sensitive Data from the Server

Message sequence for reading sensitive data from the server

Figure 1: Message sequence for reading sensitive data from the server

The sequence of messages for reading sensitive data from the server is as follows:

  1. The client requests that the server open a node. The path location is "/mydata" and METADATA_PERMISSION_READ read access is requested.

  2. The server checks whether the "/mydata" node exists and whether the connecting user is granted read access, and then returns the handle to the client.

    Before the client sends a request to retrieve specific data from the "/mydata" location, the client will have to negotiate a secure session (that is, one that was not yet negotiated).

  3. The client performs phase 1 of the handshake. The client's key exchange key and signature key are generated, and public keys for both are sent to the server. private keys for both are stored by the client.

  4. The server receives the public keys from the client and retrieves, or generates or locates, its own server's key exchange key and signature key.

    The server also generates the server's session key. It encrypts the session key with the client's key exchange public key. The server's key exchange public key, the server's signature public key, and the encrypted server's session key are sent back to the client.

  5. The client receives the server's key exchange public key, the server's signature public key, and the encrypted server's session key. It decrypts the server's session key using the client's key exchange private key.

    The client's session key gets generated and is encrypted with the server's key exchange public key. In addition, the server's session key hash is generated based on the client's session key, the server's session key, and the HASH_TEXT_STRING_1 (see section 2.2.3) string constant. The encrypted client's session key and the server's session key hash are sent to the server.

  6. The server receives the encrypted client's session key as well as the server's session key hash from the client. It verifies the hash generated by the client to ensure that the client was able to decrypt the server's session key. The server generates the client's session key hash using the client's session key and the HASH_TEXT_STRING_2 (see section 2.2.3) string constant. The server then sends the client's session key hash to the client.

  7. The client receives the client's session key hash from the server. It verifies that the server owns the private key for the key exchange key pair and that it was able to decrypt the client's session keys.

    By this point in the sequence, the server and the client have exchanged the session keys that will be used to encrypt the sensitive data. Also, the signature keys have been exchanged that will be used for message integrity checks.

    The client calls the R_GetData method to retrieve the sensitive data.

  8. The server retrieves the requested data and determines whether the METADATA_SECURE secure flag is set. The server encrypts the data value requested, builds the IIS_CRYPTO_BLOB message, and sends the data to the client.

  9. The client checks the received data and determines whether the METADATA_SECURE secure flag is set. The client decrypts the data and verifies the signature.

    The client calls the CloseKey method to close the handle that was opened in step 2.

  10. The server closes the handle and responds with a success code to the client.