194/2009 Sb.



DECREE



of 23 December 2003. June 2009



on the determination of the details of the use and operation of the information system

data boxes



422/2010: Sb.



Ministry of the Interior shall establish in accordance with § 9 para. 3 and 4, section 20 (2). 3 and § 21

Act No. 300/2008 Coll., on electronic acts and authorized

convert documents, as amended by Act No. 190/2009 Coll.:



§ 1



The formalities of access data to log on to a mailbox



(1) the credentials for logging on to the mailbox data consists of

the user name and password.



(2) the user name is unique for each person.



(3) the user name is a string at least 6 and no more than 12 characters resulting from the

automated generating.



(4) the security password is a string of at least 8 and no more than 32 characters. Always

It is a combination of letters, numbers, and special characters.



(5) the acceptable characters for the creation of a user name and security

passwords are listed in annex 1 to this notice.



(6) the security password must be the same as the user name,

which make up the access data.



§ 2



Electronic resources for logging on to a mailbox



(1) for logging on to a mailbox, you can use the electronic

resource, which is a cryptographic device



and) containing the private cryptographic key and public cryptographic

key are created and used by using one of the algorithms

referred to in point I of Annex No. 2 to this Decree,



(b)) that contains the certificate used to authenticate the user (hereinafter referred to as

"an authentication certificate"), that is created and used with the use

some of the hash functions referred to in point II of annex 2 to this

the decree and with the use of algorithms based on subparagraph (a)),



(c)) that allows create, save, and use private cryptographic

the key, and the public cryptographic key and authentication certificate

the format of the technical standards referred to in point (III) (a). and annex No.)

2 to this Decree; authentication certificate contains



1. the data which identify the person who logs in to the

information system data



2. the trade name or name of the provider of certification services, which

authentication certificate issued, in the case of a legal person, or

the name or names, last names, or distinctive addition, if

is a natural person, and the State in which the provider of certification

the service is established,



3. the number of the certificate for the authentication provider's unique

certification services and



4. information on the beginning and end of validity of the authentication certificate



(d) the date of the transfer) private cryptographic keys in accordance with point (a)

and from this electronic resource),



(e)) to support the use of any of the algorithms listed in point (I)

Annex No. 2 to this Decree, and some of the hash functions listed in

point II of annex 2 to this Decree,



(f) the use of which is subject to) by entering the security code (PIN) and



(g)) for which there is no known increased risk to traffic information

system data boxes.



(2) Authentication certificate referred to in paragraph 1 (b). (b)) issues

an accredited certification service provider.



§ 3



The technical conditions and security policies for access to a mailbox



(1) logs on if the person is authorized to access the data boxes

through the electronic resource according to § 2, the administrator

information system data boxes will not allow a login without

the current user name and password under section 1.

If a person entitled to access to the data box to sign in

electronic means referred to in § 2, the administrator of the information system

data boxes will not allow this person access only login

the information referred to in paragraph 1.



(2) if the Clipboard when you sign in to the data through

access data according to § 1 for the fifth consecutive misspelled

specified security password, the administrator of the information system data

mailboxes will not let log on to the data through the Clipboard

the same user name for 1 hour from the time of the fifth

They mistype a password. Information System Manager

data boxes at the same time send to the e-mail address of the selected

the person to whom the data box is established, or by an administrator,

a statement that you try to log on to the mailbox by unauthorized data

and that is the person authorized to access the data box recommends that

made the change without delay security password. The first sentence and the second is

not apply, log on if the person is entitled to access to the data

the Clipboard through the electronic resource in accordance with § 2.



(3) If a person does not entitled to access to the data box, which

the data box is recorded, in a mailbox there is no operation for a period of

30 minutes, the administrator of the information system data boxes from this person

data mailbox logs off. The first sentence shall not apply to the data

the Clipboard is accessed through the electronic filing system

services or other electronic applications with the use of the system

the certificate.



(4) the administrator of the information system data boxes allows the person

authorized to access the data box at any time to change the security

the password. Change security password can be done in a manner allowing

remote access.



(5) log on to the mailbox by means of electronic data

a resource based on § 2 shall be governed by the principles set out in the security

certificate policy, certification services provider shall, in

accordance with the standard set out in point III (a). (b)) of annex 2 to this

the decree and exposes the way it allowing remote access.



§ 4



Permissible formats data messages delivered to the data boxes



Permissible formats data messages delivered to the data boxes are

set out in annex 3 to this notice.



§ 5



The maximum size of the payload of the message delivered to the data boxes



The maximum size of the payload of the message delivered to the data box shall be 10

MB.



§ 6



Time saving data messages in a mailbox



(1) the period of storage of a data message in a mailbox is 90 days from the date

When the data box, the person who has signed up with regard to the

the scope of their permissions to the document contained in the data message access.

If a data message to the data box delivered in a manner pursuant to § 18a

the law on electronic acts and authorized the conversion of documents, the time

saving data messages in a mailbox is 90 days from the date of delivery.



(2) if the data box is accessed through the

the electronic filing system or other electronic service applications

using the system certificate, the period of storage of a data message in the data

mailbox is 90 days from the date on which the data boxes

accessed through an electronic filing system, a service, or

other electronic application system with the use of the certificate.



§ 7



Technical requirements the use of the data boxes



Manager information system, the data boxes will not accept to be sent

data report



and if) it is not an accepted format laid down by this Decree,



(b)) if its size exceeds the maximum size specified by the

the Decree, or



(c)) if it contains malicious code that can harm an information system

data boxes, the information contained in it or computer equipment holder

data boxes.



§ 8



How to create a data box ID



(1) the information System Manager creates the data boxes

the identifier of the data boxes in an automated way, using algorithms for

generate random numbers.



(2) the identifier of the data boxes for each data mailbox

unique.



§ 9



The effectiveness of the



This Decree shall enter into force on 1 January 2000. July, 2009.



Minister:



Ing. Pecina, MBA in r.



Annex 1



Acceptable characters for the creation of a user name and password

I. letters and numbers



-------------------------

The allowable ASCII code

character maximum

character

-------------------------

0 48

1 49

2 50

3 51

4 52

5 53

6 54

7 55

8 56

9 57

And 65

(B) 66

(C) 67

D 68

E 69

F 70

(G) 71

H 72

And 73

(J) 74

To 75

L 76

M 77

N 78

About 79

P 80

Q 81

R 82

With 83

T 84

At 85

In the 86

W 87

X 88

S 89

Of the 90

and 97

(b) 98

(c) 99

(d) 100

e 101

(f) 102

g 103

h 104

and 105

(j) 106

to 107

l 108

m 109

n 110

about 111

p 112

q 113

r 114

with 115

t 116

in 117

in 118

w 119

x 120

s 121

out of 122

-------------------------



II. Special characters



-------------------------

The allowable ASCII code

character maximum

character

-------------------------

! 33

# 35

$36

% 37

& 38

(40

) 41

* 42

+ 43

, 44

-45

. 46

: 58

= 61

? 63

@ 64

[91

] 93

_ 95

{123

| 124

} 125

~ 126

-------------------------



Annex 2




The list of algorithms, hash functions, standards and technical standards



I. Algorithms



and 2048-bit RSA) (RFC 3447)



(b)), DSA (FIPS PUB 186-2)



(c))-Fp ECDSA (ANSI X 9.62)



(d))-F2m ECDSA (ANSI X 9.62)



II. Hash functions



a) SHA-1 (FIPS 180-2)



b) SHA-2-256, 384, 512 bits (FIPS 180-2)



(c) the RIPEMD-160)



III. Standards and technical standards



a) ISO/IEC 9594-8 information technology-Open

systems-directory: the basic structure of a public key certificate, and

attribute certificate



ETSI TS 102 042 b)-Electronic Signatures and Infrastructures ' (ESI);

Policy requirements for certification authorities issuing public key

certificates 8



Annex 3



Permissible formats data messages delivered to the data boxes



(I).

Allowable formats data messages delivered to the data boxes are for

conditions referred to in points (II) and (III) formats



a) pdf (Portable Document Format)



b) PDF/A (the Portable Document Format for the long-term Archiving)



(c)), xml (Extensible Markup Language Document) ^ *



d) fo/zfo (602XML Filler paper)



e) html/htm (Hypertext Markup Language Document)



(f)), odt (Open Document Text)



g) ods (Open Document Spreadsheet)



h) odp (Open Document Presentation)



I) .txt (plain text)



j) rtf (Rich Text Format)



k) doc/docx (MS Word Document)



l)/WebPart .xls (MS Excel Spreadsheet)



m) ppt/pptx (MS PowerPoint Presentation)



n) jpg/jpeg/jfif (Joint Photographic Experts Group File Interchange

Format)



about), png (Portable Network Graphics)



p) tif/tiff (Tagged Image File Format)



q) gif (Graphics Interchange Format)



r) mpeg1/mpeg2 (Moving Picture Experts Group Phase 1/Phase 2)



with) wav (Waveform Audio Format)



t) mp2/mp3 (MPEG-1 Audio Layer 2/Layer 3)



u) isdoc/isdocx (Information System Document) version 5.2 and higher



in the edi (International) standard EDIFACT, ODETTE, EANCOM, and standards for

the electronic exchange of business documents-EDI)



w) dwg (AutoCAD DraWinG File Format) version 2007 and higher



x shp/dbf)/shx/prj/qix/sbn/sbx (ESRI Shapefile)



s) dgn (Bentley MicroStation Format) version of the V7 and V8



from gml/gfs)/xsd (Geography Markup Language Document)



II.

The formats listed in item (I) are allowable formats of data messages

data supplied to the Clipboard, if the appropriate file name extension. File

means the external character format of a data message, which allows you to

programming equipment, determine the type of the data file.



III.

Format referred to in point (I) (a). (c)) is permissible data message format

included in the data box, corresponds to the XSD to publicly available

schema published by the recipient of a data message.