Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Participant</strong> <strong>Technical</strong> <strong>Reference</strong> <strong>Manual</strong><br />
2. <strong>Participant</strong> Workstation, Network & Security<br />
106 The ABB provided software coding for PKI for the Internet Explorer 6.X and 7.0<br />
browser and updated MIM IDK the software coding for PKI is based on the<br />
Entrust/Java Toolkit, 7.2 as supplied by Entrust. The digital certificates provided by the<br />
Certification Authority are X.509 version 3 certificates. The certificates and software in<br />
combination provide for:<br />
Confidentiality – The encrypted transmission of messages and proprietary<br />
information;<br />
Access Control – Allowing access to information based on a given set of rules;<br />
Authentication – The verification of the identity of a person or process sending and<br />
receiving a message and information;<br />
Data Integrity – Verification that a message sent is the message received and has<br />
not been altered in transit etc. from that sent; and<br />
Non-Repudiation (Digital Signatures) – A sender shall not be able to deny later that<br />
he sent a message.<br />
107 The Entrust provided TruePass software for the Portal PKI is a java based package that<br />
provides:<br />
Confidentiality – The encrypted transmission of messages and proprietary<br />
information;<br />
Access Control – Allowing access to information based on a given set of rules;<br />
Authentication – The verification of the identity of a person or process sending and<br />
receiving a message and information;<br />
Data Integrity – Verification that a message sent is the message received and has<br />
not been altered in transit etc. from that sent; and<br />
Non-Repudiation (Digital Signatures) – A sender shall not be able to deny later that<br />
he sent a message.<br />
2.3.2 Certificates & Keys<br />
108 Each certificate will be registered to an individual person or custodian<br />
(Individual Subscriber, Application Subscriber).<br />
109 For the Individual Subscriber, two types of certificates will be generated. These include<br />
a „verification‟ or „signing‟ certificate (associated with the private signing key) and an<br />
„encryption‟ certificate (associated with the private decryption key). Each type of<br />
certificate has a private and public key associated with it. Individuals using the MPI<br />
web browser interface will use these certificates and keys in the two file formats (EPF<br />
and P12) while the Portal and MPI API use just one format (EPF). The verification and<br />
encryption certificates are encapsulated within an Entrust Profile File (EPF file<br />
extension) which is presented by the user along with the user generated password for<br />
the EPF file when prompted by the MPI applet login or the Portal‟s TruePass applet<br />
login. The verification certificate and signing key is also encapsulated within a<br />
PKCS#12 format file (P12 file extension) for the MPI. The P12 certificate content must<br />
be imported into the browser certificate database for the appropriate browser user<br />
profile prior to attempting any login to the <strong>IESO</strong> MPI secure web servers. The<br />
password chosen by the user at the time of creation of the EPF and P12 files must be<br />
used to import the P12 file contents into the browser (this is not required for using the<br />
imported certificates within the browser).<br />
Issue 21.1 – March 15, 2010 - estimated Public 39