Develop Secure Encrypted Supplemental Question Type
Problem Statement or Business Need
Colleges have requested a more secure type of supplemental question that can be used for sensitive information that requires encryption in transit and at rest, such as a temporary password.
Proposed Solution
Develop a new, secure supplemental question Type - which would be encrypted in our DB - and uses a regular expression and accept a validation.
- Colleges may use as a temporary password field (student input)
- Data would be encrypted in our DB (during transit and at rest)
- Uses a regular expression (accepts a validation)
Requirements Summary
# | Description |
---|---|
1 |
|
Change Specifications
The following example specifies a new EncryptedText type supplemental question type.
This regular expression rule in this example specifies a 6 to 20 characters string with at least one digit, one upper case letter, one lower case letter and one special symbol (“@#$%”).
Input and output on the screen will be masked via asterisk "*" characters
The reenter attribute specifies that the encrypted field will displayed twice and will require the same entry in both fields
<EncryptedText id=
"2"
required=
"true"
reenter=
true
" maxLength="
20
" regex="
((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{
6
,
20
})">
<Label>Temporary Password</Label>
</EncryptedText>
Encrypted Supplemental questions will leverage the same encryption scheme used for Social Security Numbers
Within the Apply application, encrypted questions will be encrypted in the database and at rest using the same encryption keys used for Social Security Numbers.
When a colleges requests the encrypted answer as part of thier dowload format, the encrypted text will be decrypted just prior to download and sent to the download client over a SSL encrypted channel.
The value will be written to the colleges download file in plain text.
Changes to Data Download File
This approved change request resulted in five new optional supplemental question data fields which can be used in the CCCApply Standard Application and/or the International Application. These fields are downloadable and can be added to the college download file as described below.
New Optional Downloadable Supplemental Question Data Fields:
<supp_secret_01>
<supp_secret_02>
<supp_secret_03>
<supp_secret_04>
<supp_secret_05>
Actions Required by college:
To download the new secure supplemental question data fields, you must first update to the latest version of the Download Client Jar File. see NOTES box below for details.
To ensure the new data fields will download in the correct format, refer to the Working with Supplemental Questions User Guide, as well as the Download Client User Guide.
Thiese data fields have been added to the Supplemental Questions table.
Maintain a map of all custom supplemental questions and corresponding data fields to their generic data field names to keep track of which data fields align to supplemental questions.
Map the new supplemental questions fields to your student information system as required.
Update Your Download File
Step 1: To absorb the new encrypted Supplemental Question data fields in your downloads, you must first update to the latest version of the Download Client jar file. Information and instructions can be found in the CCCApply Download Client User Guide.
Step 2: Modify your existing Download Format XML file to include new data fields shown above.
Step 3: The new encrypted supplemental question type data fields can only be used in the Supplemental Questions XML file as custom supplemental questions. Refer to the Working with Supplemental Questions User Guide for details.
NOTE: We recommend you test these changes in the PILOT environment before the Production release. Reference the Download Client User Guide for details.
Supporting Documentation
Below is additional documentation (i.e., CCCCO legal opinions, residency and/or education code citations, legislation citations, supplemental information, etc.) to be referenced in support of this change request.
Descripton | File or Link | Type |
---|---|---|
User Guide | Working with Supplemental Questions User Guide v.2016.1 | Click on hyperlink to download PDF |
User Guide | Download Client User Guide v.2016.1 | Click on hyperlink to download PDF |