New Encrypted Supplemental Question Downloadable Text Field

Owned by Patricia Donohue
Last updated: Feb 18, 2016
3 min read
Request No.2015-08
RequesterDavid Barnett
Kern County CCD 
Target release5.2.1 July 2015
Application(s)Standard Application
BOG Fee Waiver Application
International Application 
Environment(s)Pilot / Production
Documentation

User Guide:
Working with Supplemental Questions Guide 

Change to Download FileOptional
Change to Residency LogicNo

 

 

Problem Statement or Business Need

College requested the ability to implement a secure, encrypted supplemental question in the Standard Application. Currently, all college-defined supplemental questions are non-encypted (in transit, at rest, and when stored); this makes it a security risk to request and collect certain personal information from students in the application. For example, if the college wanted to set up a text question that required the student to enter a password alternative, or provide financial information, the data would not be secure in the download file, as well as the Report Center for all staff to see. In order to collect private information, CCCApply should develop a type of supplemental question that is encrypted and secured during data collection, data storage, and reporting. 

Proposed Solution

A new, secure EncryptedText supplemental question type was developed to give colleges the ability to collect passwords and other sensitive data via supplemental question (text input field only). Data collected would be encrypted during transit and at rest. Technical specifications: 

 

Requirements Summary

#Description
1New supplemental question type should leverages the same encryption schema as used for Social Security Numbers and password fields
2Data must be encrypted during transit (in-progress database to submitted application database to download file) and at rest (stored)
3Field must have the ability to use a regular express (regex) and accept a validation
4The encrypted text should be decrypted just prior to download and sent to download client over an SSL encrypted channel
5The value should be written to the college download file in plain text

Change Specifications

Develop a data field leveraging the same encryption schema used for Social Security Numbers and password fields

Ensure data is encrypted in transit and at rest

Ensure data field can read regex and accept validation

Ensure data text is encrypted prior to download 

Send encrypted data to Download Client over secure SSL channel

Ensure data values can be downloaded in plain text


Top

Changes to Data Download File

Implementation of the encrypted, secure supplemental question text field is optional.  To implement the ability to add a secure, encrypted supplemental question (text input type only), the college would need to update their Download Client transfer client jar file to the latest version.  In addition, the college would design the question and data field using XML and add the new field to their current download Format file. If the college determines that the supplemental question should be a required field on their application, they must configure error validation logic, and the client (student) error message(s), clearly to ensure the student understands which field is required and that the focus is put on the field after the student closes (clicks OK) to the error message pop-up modal.

Update Download Client Jar Files

To add an EncryptedText supplemental question type to your download file, you must update your download format with the latest version of the Download Client jar files. Information and instructions can be found in the CCCApply Download Client User Guide.

 

For more information and instructions on creating supplemental questions, please see the Working with Supplemental Questions User Guide (Note: Clicking the link automatically starts the PDF download).

Changes to Logic

There are no changes to the residency logic as a result of this change request.  However, colleges that implement a required secure supplemental question must ensure that field error validation logic is accurate and documented correctlyl. (This new data field is optional.) 

 

Top

Supporting Documentation 

Below is additional documentation (i.e., CCCCO legal opinions, residency and/or education code citations, legislation citations, supplemental information, etc.) to be referenced in support of this change request. 

DescriptionFile or Link
Working with Supplemental Questions User Guidehttps://cccnext.jira.com/wiki/download/attachments/67043584/WorkingWithSupplementalQuestions.pdf?version=3&modificationDate=1432856615153&api=v2