Develop Secure Encrypted Supplemental Question Type

Owned by Patricia Donohue
Last updated: Apr 01, 2016
3 min read
Request No.2015-31
RequesterDavid Barnett, Kern CCD
Release Date5.2.1 July 17, 2015
Application(s)CCCApply Standard Application
International Application 
Environment(s)Pilot / Production
Documentation

Download Client User Guide
Working with Supplemental Questions User Guide 

Change to Download FileYes
Change to Residency LogicNo

 

 

Problem Statement or Business Need

Colleges have requested a more secure type of supplemental question that can be used for sensitive information that requires encryption in transit and at rest, such as a temporary password.

Proposed Solution

Develop a new, secure supplemental question Type - which would be encrypted in our DB - and uses a regular expression and accept a validation.   

  1. Colleges may use as a temporary password field (student input) 
  2. Data would be encrypted in our DB (during transit and at rest)
  3. Uses a regular expression (accepts a validation) 

Requirements Summary

#Description
1
  • Ensure there is a new supplemental question type in the Apply application for a temporary password.
  • Ensure the field is an open text field so students can type in text.
  • Ensure the temporary password requirements are being met: 6 to 20 characters string with at least one digit, one upper case letter, one lower case letter and one special symbol (“@#$%”)
  • Ensure the initial password is masked via asterisk "*" characters
  • Ensure there is a second confirmation field that matches the first layout field and regular expression rules
  • Ensure the second confirmation password is masked via asterisk "*" characters

Change Specifications

The following example specifies a new EncryptedText type supplemental question type.

This regular expression rule in this example specifies a 6 to 20 characters string with at least one digit, one upper case letter, one lower case letter and one special symbol (“@#$%”). 

Input and output on the screen will be masked via asterisk "*" characters

The reenter attribute specifies that the encrypted field will displayed twice and will require the same entry in both fields

 

<EncryptedText id="2" required="true" reenter=true" maxLength="20" regex="((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})">
            <Label>Temporary Password</Label>
</EncryptedText>

 

Encrypted Supplemental questions will leverage the same encryption scheme used for Social Security Numbers

Within the Apply application, encrypted questions will be encrypted in the database and at rest using the same encryption keys used for Social Security Numbers.

When a colleges requests the encrypted answer as part of thier dowload format, the encrypted text will be decrypted just prior to download and sent to the download client over a SSL encrypted channel.

The value will be written to the colleges download file in plain text.

 

 

Top

Changes to Data Download File

This approved change request resulted in five new optional supplemental question data fields which can be used in the CCCApply Standard Application and/or the International Application. These fields are downloadable and can be added to the college download file as described below.   

New Optional Downloadable Supplemental Question Data Fields:  

<supp_secret_01>
<supp_secret_02>
<supp_secret_03>
<supp_secret_04>
<supp_secret_05> 

 

Actions Required by college:  

  1. To download the new secure supplemental question data fields, you must first update to the latest version of the Download Client Jar File. see NOTES box below for details.

  2. To ensure the new data fields will download in the correct format, refer to the Working with Supplemental Questions User Guide, as well as the Download Client User Guide.  

  3. Thiese data fields have been added to the Supplemental Questions table.

  4. Maintain a map of all custom supplemental questions and corresponding data fields to their generic data field names to keep track of which data fields align to supplemental questions.

  5. Map the new supplemental questions fields to your student information system as required.


 

Update Your Download File

Step 1: To absorb the new encrypted Supplemental Question data fields in your downloads, you must first update to the latest version of the Download Client jar file. Information and instructions can be found in the CCCApply Download Client User Guide.

Step 2: Modify your existing Download Format XML file to include new data fields shown above.

Step 3: The new encrypted supplemental question type data fields can only be used in the Supplemental Questions XML file as custom supplemental questions. Refer to the Working with Supplemental Questions User Guide for details.

NOTE: We recommend you test these changes in the PILOT environment before the Production release. Reference the Download Client User Guide for details.

 


Changes to Logic

There are no changes to the residency logic as a result of this change request.

 

Top

Supporting Documentation 

Below is additional documentation (i.e., CCCCO legal opinions, residency and/or education code citations, legislation citations, supplemental information, etc.) to be referenced in support of this change request. 

 

DescriptonFile or LinkType
User GuideWorking with Supplemental Questions User Guide v.2016.1Click on hyperlink to download PDF
User GuideDownload Client User Guide v.2016.1Click on hyperlink to download PDF