Presented by Matt Leopard - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Presented by Matt Leopard

Description:

Central Data Exchange and The Cross-Media Electronic Reporting and Recordkeeping ... What Is Central Data Exchange? 4. CDX Features: ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 19
Provided by: OPPE
Category:

less

Transcript and Presenter's Notes

Title: Presented by Matt Leopard


1
Central Data Exchange and The Cross-Media
Electronic Reporting and Recordkeeping Rule
(CROMERRR)
Office of Environmental Information USEPA
  • Presented by Matt Leopard
  • Presented to NGA State-EPA Forum at Charleston,
    SC
  • January 9, 2001

2
Todays Topics
  • CDX (Brief Overview)
  • CDX Approach to Addressing CROMERRR
  • Discussion

3
What Is Central Data Exchange?
4
CDX Features
  • Multiple Submission Venues -gt One Submission
    Point
  • Supports Mass Customization
  • Flexibility of submission formats (Web, XML, EDI)
  • Tailors submissions to specific customer
  • Uniformity Across Functions
  • registration, receipt, archiving, distribution,
    customer services, security
  • Leverages
  • Widely-accepted PKI approach
  • Open Standards (XML, EDI)

5
Central Data Exchange
  • Supported
  • EPA reports that
  • Require signature
  • Do not require signature
  • Can accept HTML, XML, Flat and EDI files that
    EPA has endorsed
  • Currently supporting TRI, Air emission inventory,
    PCS/IDEF and drinking water exchanges, retooling
    CDX exchange process for DMRs
  • Eventually expand ER across all EPA collections
  • Not Supported
  • Multiple Digital Signature Software Solutions
  • HTML, XML, EDI, or flat file formats not accepted
    by EPA
  • EPA Confidential Business Information (not yet)
  • Encryption Software Solutions (not yet)
  • CBI Applications not currently supported (these
    may include certain FIFRA, TSCA, Acid Rain and
    other reports)

6
CDX Processes
  • Registration
  • CDX registration
  • Certificate Authority registration
  • Routine Submission of Forms
  • Renewal

7
Registration
8
(No Transcript)
9
Renewal Process
  • Requires users of the system to renew w. CDX
    every two years
  • Must sign agreement with CDX that
  • have not in any way compromised or delegated
    access to private key
  • no other evidence that any of these items
    (password, desktop software, account) have been
    compromised
  • Must also verify certificate with EPAs CA

10
CDX Approach to Key Issues
  • David Schwarz, USEPA

11
How is Submitter Identified?
  • Key Features
  • Registration uses Two-pronged approach
  • In-house Pre-screening by EPA through
    Registration Process
  • EPA independent identity proofing of individual
    by Certificate Authority (CA)
  • Requires Wet-Ink signature on Signature
    Agreement and Renewal Agreements
  • During routine submission
  • CDX user identified by account password issued by
    CDX
  • Digitally signed submissions verified by EPAs
    CA

12
How is the Signature Bound to the Submission?
  • Key Features
  • Data for signature is posted to users CDX web
    account in human readable web form regardless
    of original format of data received (XML, EDI,
    flat).
  • When user is ready to sign form, must
  • Agree to Truth and Accuracy Statement pop-up
  • Digital signature is applied to format and
    content of web form viewed
  • Signed data stream is transmitted through an
    encrypted SSL session.

13
How is the Signature Protected Against
Unauthorized Use?
  • Features
  • Signature can only be generated by
  • accessing CDX account on EPAs system
  • accessing private key on the users desktop
    system
  • accessing CDX software on users desktop
  • Software, private key cannot be shared with
    network or copied to another system
  • Web of out-of-band exchanges (acknowledgments,
    copy of records, etc.) provide means of detecting
    compromise

14
How is the signer made aware of the commitment he
is bound to?
  • Initial Wet Ink Signature Agreement
  • Reminders during use of system
  • Upon logging onto/off users CDX account
  • Upon invoking digital signature
  • Through receipt of acknowledgements, copy of
    records
  • Must renew agreement every two years

15
How is data protected in transit? In storage?
  • Digitally signed data are submitted to EPA
    through SSL session with CDX
  • Password authentication, integrity checking and
    signature verification performed at CDX
  • Four-step archiving process captures Snapshot
    of signed data as it is received, authenticated,
    translated and presented back to user as copy of
    record.

16
The Copy of Record
  • What is it?
  • electronic document as it was signed
  • the verified digital signature affixed
  • the date and time of receipt
  • and EPAs digital signature of the entire content
  • Admissibility of Copy of Record
  • Must demonstrate authenticity of record and
    source
  • Must also consider evidentiary weight of COR

17
Copy of Record
  • Features
  • Copy of record signed by EPA and provided back
    to users private account
  • Application of EPAs digital signature prevents
    argument that data was altered
  • Centralized archiving and audit management
    functions ensure consistent process across
    submissions
  • Four-step archiving process ensures detailed
    historical record of document at each stage of
    CDX process

18
Questions?
Write a Comment
User Comments (0)
About PowerShow.com