PROCEDURE FOR UPDATING LISTS THROUGH WEB INTERFACE



Similar documents
Network Security Essentials Chapter 5

Savitribai Phule Pune University

Experian Secure Transport Service

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CERTIFICATION PRACTICE STATEMENT UPDATE

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Chapter 7 Transport-Level Security

Configuring Secure Socket Layer HTTP

Chapter 17. Transport-Level Security

Using etoken for SSL Web Authentication. SSL V3.0 Overview

AS DNB banka. DNB Link specification (B2B functional description)

OPENID AUTHENTICATION SECURITY

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Dashlane Security Whitepaper

Chapter 6 Electronic Mail Security

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

mod_ssl Cryptographic Techniques

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Vulnerabilità dei protocolli SSL/TLS

Communication Systems SSL

Rocket UniVerse. Security Features. Version April 2014 UNV-1123-SECU-1

Accessing your Exchange Mailbox using an Internet Browser

KAZAKHSTAN STOCK EXCHANGE

Transport Level Security

Chapter 4 Virtual Private Networking

Electronic Mail Security

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

UC Irvine Health Secure Mail Message Center

Certificate Policy and Certification Practice Statement

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Transport Layer Security Protocols

Security Policy. Security Policy.

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

SHARPCLOUD SECURITY STATEMENT

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Is your data safe out there? -A white Paper on Online Security

Criteria for web application security check. Version

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Certificate Policy for. SSL Client & S/MIME Certificates

Network Security Essentials Chapter 7

vrealize Air Compliance OVA Installation and Deployment Guide

CUNY TUMBLEWEED (SECURE TRANSPORT) USER GUIDE

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Trenitalia S.p.A. REGULATIONS FOR ACCESSING THE PURCHASING PORTAL OF TRENITALIA

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Remote Access End User Reference Guide for SHC Portal Access

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Manual. Netumo NETUMO HELP MANUAL Copyright Netumo 2014 All Rights Reserved

DRAFT Standard Statement Encryption

JPMorgan Chase Treasury Workstation. Certification Setup Guide Version 2.0

PGP from: Cryptography and Network Security

Overview. SSL Cryptography Overview CHAPTER 1

Cryptography and Network Security Chapter 15

Instructions on registering in the Portal

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Communication Security for Applications

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

General tips for increasing the security of using First Investment Bank's internet banking

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

SECURE FILE TRANSFER PROTOCOL. Instructions for uploading Quarterly Wage Files

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Cryptography and Network Security

Two Factor Authentication in SonicOS

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

HKUST CA. Certification Practice Statement

Gandi CA Certification Practice Statement

Network Management Card Security Implementation

New Online Banking Guide for FIRST time Login

isupplygw Site Login Troubleshooting

SIX Trade Repository AG

User Guide. The AMF's File Transfer Service (FTS)

Portal Recipient Guide

FORM TO REQUEST THE UPDATE OF THE SUBSCRIPTION APPLICATION FOR THE REGISTRO PUBBLICO DELLE OPPOSIZIONI, SUBMITTED BY THE OPERATORS (NATURAL PERSONS)

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

ADFS Integration Guidelines

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

How to Obtain an APNs Certificate for CA MDM

Sophos Mobile Control Installation guide. Product version: 3.5

VMware Identity Manager Connector Installation and Configuration

Credit Card Security

ICE Trade Vault. Public User & Technology Guide June 6, 2014

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

ipayment Gateway API (IPG API)

Configuring SSL Termination

Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

HTTPS is Fast and Hassle-free with CloudFlare

Security. Learning Objectives. This module will help you...

Microsoft Trusted Root Certificate: Program Requirements

Web Security. Mahalingam Ramkumar

PowerChute TM Network Shutdown Security Features & Deployment

SAML-Based SSO Solution

Transcription:

PROCEDURE FOR UPDATING LISTS THROUGH WEB INTERFACE Prerequisites In order to be able to follow the steps of the present procedure: the Operator (hereafter OP) must have presented the application to the Administrator of Registro Pubblico delle Opposizioni (hereafter ARPO) and must have completed the relevant procedure the person in charge of submission of telephone number lists for verification (also referred to as technical profile) must have a personal digital certificate issued by a recognised certification authority (see Appendix A for recognised certificates) stating the same information recorded in the application (email address, name and surname) the person in charge of submission of telephone number lists must be in possession of the password (formed by the two password portions transmitted by the OP and the ARPO during the application submission procedure each password portion is 6 characters long). Procedure Step 1 Https connection The OP runs an HTTPS connection to the restricted area on the ARPO website (URL https://operatori.registrodelleopposizioni.it/operatori/area-riservata). When connecting to the system, a client authentication process is actuated using a recognised certificate (see Appendix A for recognised certificates). At the same time a web server authentication process is actuated using a digital certificate issued by Terena SSL CA, that is recognized under the certificate authority Comodo CA by the main browsers on the market (see Addendum A for the list of supported browsers). The web server certificate is provided by the ARPO, whereas the certificate for the client authentication must be purchased by the OP. The integrity and privacy of the data exchanged during this procedure will be ensured through cryptographic algorithms (see Addendum A for the list of cryptographic algorithms) supported by the currently available versions of the above-mentioned browsers. Step 2 Login After selecting technical in the field user profile, the OP enters email address and password of the person in charge of the lists transmission. 1 di 6

Step 3 Lists transmission The OP sends the file of the list to be updated (fixed format) through web form, the POST method of the HTTP protocol is employed. File name of transmitted files (including zipped files) can be 100 characters long as a maximum (including the extension), must start with a lowercase letter and can include numbers, uppercase letters, lowercase letters and the following special characters., -, _. Not complying with these conditions can result in a failure of the procedure and in an error notification by email. The transmitted file must be a compressed archive (through the deflate algorithm (IETF RFC1951)) formed by a single ASCII-only text file containing sequences of decimal numbers separated by sequences of characters corresponding to the carriage return and the line feed. The text file must not contain any other character apart from the required ones. Step 4 Timestamp The ARPO records the timestamp of the file received (automatic timestamp). This auto timestamp consists of the ARPO s electronic signature of a file containing at least the time and fingerprint (hash function) of the request. Step 5 Confirmation of request review The ARPO confirms by email or certified email that the request has been reviewed (notification comes from the ARPO email address liste.rpo@fub.it or from the certified email address registrodelleopposizioni@postecert.it). Notification contains timestamp as per step 4 (with t0 timestamp generated by the ARPO) and reminds the maximum delay of the ARPO for the reply (t0+24 hours). The email notification will be electronically signed by the ARPO using the PKCS7 format. The ARPO may sign notifications using a digital individual certificate issued by Trust Italia in case of problems in using the remote digital signature with automatic procedure. Step 6 Request processing The ARPO processes the request within 24 hours. If the request cannot be fulfilled, the ARPO sends a digitally signed email notification to the OP. The ARPO may sign notifications using a digital individual certificate issued by Trust Italia in case of problems in using the remote digital signature with automatic procedure. Step 7 Temporary link release The ARPO releases the following temporary files in the OP s restricted area on the website: A. Compressed archive through the deflate algorithm (IETF RFC1951) containing: 2 di 6

Updated list in the specified format: ASCII-only text file containing telephone numbers separated by the ASCII codes 0x0D and 0x0A. Text file containing at least - request fingerprint - quantity of telephone numbers in the request - credit balance - timestamp B. the signature of the compressed archive as per entry A The telephone numbers contained in the updated list can be used only if present in the latest public telephone directories. Step 8 Notification of the temporary link release The ARPO sends a digitally signed email or certified email message to the OP containing summary data regarding the update operation of the submitted list (date and time of processing, result of the operation, the name of the returned file and the fingerprint of the file itself, remaining credit after the update operation). The ARPO may sign notifications using a digital individual certificate issued by Trust Italia in case of problems in using the remote digital signature with automatic procedure.. 3 di 6

PROCEDURE FOR THE LISTS UPDATE THROUGH CERTIFIED EMAIL AND DIGITAL SIGNATURE Prerequisites In order to be able to follow the steps of the present procedure: The OP must have presented the application to the ARPO and must have completed the relevant procedure; The person in charge of the lists transmission must be provided with a certified email address and this certified email address must have been recorded at the time of the application submission; The person in charge of the lists transmission must also be provided with a personal digital signature with legal validity; Procedure Step 1 List update request The OP sends to the ARPO the file of the list to be updated (from the certified email of the technical manager in charge of the lists transmission recorded at the time of registration to registrodelleopposizioni@postecert.it). The transmitted file must be a compressed archive (through the deflate algorithm (IETF RFC1951)) formed by an ASCII text file containing strings of numbers separated by the characters sequences 0x0D and 0x0A corresponding to the carriage return and the line feed and digitally signed through the PKCS7 format. File name of transmitted files (including zipped ones or PKCS7 files) can be 40 characters long as a maximum (including the extension), must start with a lowercase letter and can include numbers, uppercase letters, lowercase letters and the following special characters., -, _. Not complying with conditions can result in a failure of the procedure and in an error notification by email. The digital certificate used to sign the compressed file containing the list must be valid (it must not be expired or revoked) at the moment when the certified e-mail message is sent. Each certified email message (PEC) must contain only one list to update. If there are more PKCS7 files attached to the PEC message, the system will generate an error message such as the PEC message contains more than one attachment impossible to process. If other files are attached, in addition to the PKCS7 file containing the list (but not PKCS7 files) the system will process only the digitally signed PKCS7 file. Step 2 Request processing The ARPO processes the request within 24 hours. If the request cannot be fulfilled, the ARPO sends a certified email notification (from registrodelleopposizioni@postecert.it) to the OP, stating the detected problem (e.g. the OP has run out of credit, there is a technical problem, the certified email has not been enabled, etc.) 4 di 6

N.B.: The ARPO and the OP both agree that the proof of delivery corresponds to all intents and purposes to the receipt by the addressee. Step 3 Updated list return The OP receives by certified email (from registrodelleopposizioni@postecert.it) the updated list (ASCII text file containing strings of numbers separated by the characters sequences 0x0D and 0x0A corresponding to the carriage return and the line feed ) plus a text file containing some of the details of the request and the indication of the credit balance inside an archive compressed through the deflate algorithm (IETF RFC1951). The above-mentioned archive is electronically signed through the PKCS7 format. The ARPO may sign notifications using a digital individual certificate issued by Trust Italia in case of problems in using the remote digital signature with automatic procedure. The telephone numbers contained in the updated list can be used only if present in the latest public telephone directories. 5 di 6

Addendum A Certifying bodies and recognised certificates of authentication during access to the secure area Trust Italia S.p.A. Class 2 individual certificates: /C=IT/O=Trust Italia S.p.A./OU=VeriSign Trust Network/OU=Terms of use at https://www.trustitalia.it/rpa (c)10/cn=trust Italia Class 2 Consumer Individual Subscriber CA - G2 Infocert SpA: /C=IT/O=INFOCERT SPA/serialNumber=07945211006/OU=Ente Certificatore/CN=InfoCert Servizi di Certificazione /C=IT/O=INFOCERT SPA/OU=Ente Certificatore/serialNumber=07945211006/CN=InfoCert Servizi di Certificazione 2 ArubaPEC S.p.A. /C=IT/O=ArubaPEC S.p.A./OU=Certification Authority/CN=ArubaPEC S.p.A. NG CA 1 /C=IT/O=ArubaPEC S.p.A./OU=Certification AuthorityC/CN=ArubaPEC S.p.A. NG CA 3 /C=IT/O=ArubaPEC S.p.A./OU=Certification AuthorityB/CN=ArubaPEC S.p.A. NG CA 2 List of supported Browsers The following browsers are supported by the web application: - Internet Explorer 7+, - Mozilla Firefox 3.6+, - Google Chrome 8.0+, - Safari, - Opera Please install the latest security updates for the operating system in use in order to avoid malfunctions when logging in. List of supported cryptographic algorithms The system supports at least the following cryptographic algorithms: Name Protocol Key exchange Authentication Cypher MAC DES-CBC3-SHA SSLv3 RSA RSA 3DES(168) SHA1 IDEA-CBC-SHA SSLv3 RSA RSA IDEA(128) SHA1 RC4-SHA SSLv3 RSA RSA RC4(128) SHA1 RC4-MD5 SSLv3 RSA RSA RC4(128) MD5 EDH-RSA-DES-CBC3-SHA SSLv3 DH RSA 3DES(168) SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 DH DSS 3DES(168) SHA1 The original of this document, written in Italian, is the only official version. Any translations are provided solely for the convenience of the user / operator and have no legal significance 6 di 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information