Service Description
This document describes the usage of Chess Cards for the authentication of documents (Complaints, Complaint Amendments or Responses) filed on the UDRP on-line platform.
| I. Registration of a user on the on-line platform (without regard to the subsequent use of a Chess Card) | ||
|---|---|---|
User | On-line platform | |
| 1 | Access to http://www.adr.eu/ | |
| 2 | Complete Registration Form including:
| SSL communication initiated (https are used for security reasons to protect personal data contained in the registration form). |
| 3 | User account opened | |
| 4 | It is now possible to log on the platform using a:
| |
| II. Use of a Chess Card to authenticate electronic Complaints, Complaint Amendments or Responses (using Secure Authentication) (Description of the Secure Authentication process is included in Annex 1 below) | ||
User | On-line Platform | |
| 1 | User logs on the platform using a Username and Password | SSL communication initiated |
| 2 | User opts for the authentication by a Chess Card. | |
| 3 | User reviews on the on-line platform the the Chess Card Terms of Use and this specification. | The Chess Card Terms of Use and this Service Description will be available on the on-line platform. |
| 4 | User will confirm by double-clicking on the applicable form that he wishes to obtain his Chess Card. | |
| 5 | The Czech Arbitration Court generates and prints the User's Chess Card; its copy is attached to the User's Account of the on-line platform. | |
| 6 | The Czech Arbitration Court mails the Chess Card by registered mail with advise of delivery (which requires a hand-written signature from the recipient) to the User's address, indicated on the Registration Form. | |
| 7 | If the letter addressed to the User is returned as undelivered, the Chess Card is destroyed together with its copy attached to the User's Account on the platform (and the Chess Card cannot be used again). | |
| III. Filing Complaint and/or Response only electronically using Chess Cards | ||
User | On-line Platform | |
| 1 | Log on the on-line platform using a Username and Password | SSL communication initiated |
| 2 | User files documents in different formats (PDF, jpg etc.) to the on-line platform). | |
| 3 | Platform generates a hash function of the filed documents (SHA-1/SHA-2). The documents are locked on the on-line platform. | |
| 4 | User verifies the integrity of the documents filed by reviewing the contents of the documents contained in the electronic case file on the platform. | |
| 5 | Platform generates a User Authentication Request (4 fields of the Chess Card selected at random). In addition, the form requests the user to confirm that the content of the documents that are locked in the electronic case file on the platform corresponds with the documents filed by the User. | |
| 6 | User responds to the User Authentication Request by filing the contents of the 4 selected fields of his Chess Card on the platform | |
| If the User's response to the User Authentication Request is incorrect, new User Authentication Request is generated with 4 new fields of the Chess Card to file. The User has 5 attempts to authenticate his Chess Card, after which the platform terminates the Chess Card activation and recommends the User to start the activation process again. User is advised by email to change his Password. | ||
| 7 | If the User's response is correct, his Chess Card is validated. | |
| 8 | Case Administrator confirms on the on-line platform that the CAC received the filed documents in an electronic form. | |
Annex 1
STRONG AUTHENTICATION
Definition:
"Secure Authentication means a method of authenticating electronic communications and/or documents filed in electronic form via the on-line platform of the Provider. It is a secure process which not only establishes the identity of the Party (or its authorized representative) communicating and/or filing documents via the Provider's on-line platform but also provides strong evidence that the integrity of the communications or documents sent has been preserved and that the Party approves of and intends to be bound by its content."
Concept
The following is a specification of the Strong Authentication process.
Strong Authentication (of two factors)
A two-factor method of Strong Authentication will be applied. The two factors are 1) the knowledge of a password (something known, the single factor) and 2) providing the correct answer to a question (which is possible to do only when possessing a shared secret- the grid or "Chess Card", the second factor).
This allows for a good balance between security and usability.
An example of the grid is shown below:
The format of the grid (or Chess Card) is very flexible. Its contents could be numeric, alphanumeric, etc. What is important is that each user has a unique, randomly generated grid that he will use for the second factor of authentication.
The authentication question is associated with the specific user account, based on the first step of authentication - username and password.
In the example above, the user is called upon by the on-line platform to supply the correct answer using certain grid coordinates - for example b5, c3, d3 and g1. The user would respond with the grid cell contents that correspond to the coordinates asked. In this example, the user would enter the grid locations for location b5, c3, d3 and g1. - "R", "2", "J", and "Z". For each subsequent login, a different random quiz would be generated and the user would be prompted for the appropriate response. Thus, the user has a second factor for authentication with a one-time challenge and response mechanism, designed to be resistant to fraudulent impersonation.
The application of the Strong Authentication method contains other process mechanisms safeguarding the security of the system.
Namely:
- A trustworthy handover of the Chess Card and the initialization password. An interested Party will receive his username when registering on-line. Then, his Chess Card and initialization password will be sent separately (by registered mail or express courier, with confirmation of delivery) to the addresses he indicated during his on-line registration.
- Once the Party logs in for the first time, his card is initialized. Then, he requests a password for further logins, using Strong Authentication; the new login password is sent to him via the on-line platform.
- It is possible to change a Party's data (including the login password) only after Strong Authentication; the new login password is sent to him via the on-line platform.
- The card will have an expiration date after which it is no longer valid.
- If the card is lost or damaged, or if there is the suspicion that it has been or will be copied, the Party is obligated to inform the CAC of the matter immediately, whereupon the card is blocked and a new card will be sent to him. Access to the account will be possible only after initializing the new card.
Supplemental Processes
Under the Strong Authentication process, additional measures will be implemented helping to ensure all the properties demanded for Secure Authentication.
1) Familiarization/request
The Party is demonstrably familiarized with the whole process of Strong Authentication and the conditions of its application.
2) Acceptance (INTEGRITY)
The documents filed electronically through the Strong Authentication will be posted on the on-line platform, together with their hash function. The receipt by the CAC of every document filed by a Party using Strong Authentication will be automatically acknowledged by e-mail (i.e., a communication channel other than the on-line platform), requesting the Party to check his documents stored on the on-line platform and to confirm, using Strong Authentication through the on-line platform, whether:
- the documents stored conforms fully with those he submitted (verification of integrity);
- he approves of the contents of the document; and
- he intends to be bound by the document.
If the Party does not submit his verification within 48 hours of notification, the electronic submission will be considered as withdrawn and nullified.
3) SSL Communication
(IDENTIFICATION + IRRECUSABLE OPERATION + CONFIDENCE)
After the Party logs in to the on-line platform (in accordance with the steps described above), all communication will take place with the aid of SSL.