194/2009 Sb.
DECREE
of 23 December 2003. June 2009
on the determination of the details of the use and operation of the information system
data boxes
422/2010: Sb.
Ministry of the Interior shall establish in accordance with § 9 para. 3 and 4, section 20 (2). 3 and § 21
Act No. 300/2008 Coll., on electronic acts and authorized
convert documents, as amended by Act No. 190/2009 Coll.:
§ 1
The formalities of access data to log on to a mailbox
(1) the credentials for logging on to the mailbox data consists of
the user name and password.
(2) the user name is unique for each person.
(3) the user name is a string at least 6 and no more than 12 characters resulting from the
automated generating.
(4) the security password is a string of at least 8 and no more than 32 characters. Always
It is a combination of letters, numbers, and special characters.
(5) the acceptable characters for the creation of a user name and security
passwords are listed in annex 1 to this notice.
(6) the security password must be the same as the user name,
which make up the access data.
§ 2
Electronic resources for logging on to a mailbox
(1) for logging on to a mailbox, you can use the electronic
resource, which is a cryptographic device
and) containing the private cryptographic key and public cryptographic
key are created and used by using one of the algorithms
referred to in point I of Annex No. 2 to this Decree,
(b)) that contains the certificate used to authenticate the user (hereinafter referred to as
"an authentication certificate"), that is created and used with the use
some of the hash functions referred to in point II of annex 2 to this
the decree and with the use of algorithms based on subparagraph (a)),
(c)) that allows create, save, and use private cryptographic
the key, and the public cryptographic key and authentication certificate
the format of the technical standards referred to in point (III) (a). and annex No.)
2 to this Decree; authentication certificate contains
1. the data which identify the person who logs in to the
information system data
2. the trade name or name of the provider of certification services, which
authentication certificate issued, in the case of a legal person, or
the name or names, last names, or distinctive addition, if
is a natural person, and the State in which the provider of certification
the service is established,
3. the number of the certificate for the authentication provider's unique
certification services and
4. information on the beginning and end of validity of the authentication certificate
(d) the date of the transfer) private cryptographic keys in accordance with point (a)
and from this electronic resource),
(e)) to support the use of any of the algorithms listed in point (I)
Annex No. 2 to this Decree, and some of the hash functions listed in
point II of annex 2 to this Decree,
(f) the use of which is subject to) by entering the security code (PIN) and
(g)) for which there is no known increased risk to traffic information
system data boxes.
(2) Authentication certificate referred to in paragraph 1 (b). (b)) issues
an accredited certification service provider.
§ 3
The technical conditions and security policies for access to a mailbox
(1) logs on if the person is authorized to access the data boxes
through the electronic resource according to § 2, the administrator
information system data boxes will not allow a login without
the current user name and password under section 1.
If a person entitled to access to the data box to sign in
electronic means referred to in § 2, the administrator of the information system
data boxes will not allow this person access only login
the information referred to in paragraph 1.
(2) if the Clipboard when you sign in to the data through
access data according to § 1 for the fifth consecutive misspelled
specified security password, the administrator of the information system data
mailboxes will not let log on to the data through the Clipboard
the same user name for 1 hour from the time of the fifth
They mistype a password. Information System Manager
data boxes at the same time send to the e-mail address of the selected
the person to whom the data box is established, or by an administrator,
a statement that you try to log on to the mailbox by unauthorized data
and that is the person authorized to access the data box recommends that
made the change without delay security password. The first sentence and the second is
not apply, log on if the person is entitled to access to the data
the Clipboard through the electronic resource in accordance with § 2.
(3) If a person does not entitled to access to the data box, which
the data box is recorded, in a mailbox there is no operation for a period of
30 minutes, the administrator of the information system data boxes from this person
data mailbox logs off. The first sentence shall not apply to the data
the Clipboard is accessed through the electronic filing system
services or other electronic applications with the use of the system
the certificate.
(4) the administrator of the information system data boxes allows the person
authorized to access the data box at any time to change the security
the password. Change security password can be done in a manner allowing
remote access.
(5) log on to the mailbox by means of electronic data
a resource based on § 2 shall be governed by the principles set out in the security
certificate policy, certification services provider shall, in
accordance with the standard set out in point III (a). (b)) of annex 2 to this
the decree and exposes the way it allowing remote access.
§ 4
Permissible formats data messages delivered to the data boxes
Permissible formats data messages delivered to the data boxes are
set out in annex 3 to this notice.
§ 5
The maximum size of the payload of the message delivered to the data boxes
The maximum size of the payload of the message delivered to the data box shall be 10
MB.
§ 6
Time saving data messages in a mailbox
(1) the period of storage of a data message in a mailbox is 90 days from the date
When the data box, the person who has signed up with regard to the
the scope of their permissions to the document contained in the data message access.
If a data message to the data box delivered in a manner pursuant to § 18a
the law on electronic acts and authorized the conversion of documents, the time
saving data messages in a mailbox is 90 days from the date of delivery.
(2) if the data box is accessed through the
the electronic filing system or other electronic service applications
using the system certificate, the period of storage of a data message in the data
mailbox is 90 days from the date on which the data boxes
accessed through an electronic filing system, a service, or
other electronic application system with the use of the certificate.
§ 7
Technical requirements the use of the data boxes
Manager information system, the data boxes will not accept to be sent
data report
and if) it is not an accepted format laid down by this Decree,
(b)) if its size exceeds the maximum size specified by the
the Decree, or
(c)) if it contains malicious code that can harm an information system
data boxes, the information contained in it or computer equipment holder
data boxes.
§ 8
How to create a data box ID
(1) the information System Manager creates the data boxes
the identifier of the data boxes in an automated way, using algorithms for
generate random numbers.
(2) the identifier of the data boxes for each data mailbox
unique.
§ 9
The effectiveness of the
This Decree shall enter into force on 1 January 2000. July, 2009.
Minister:
Ing. Pecina, MBA in r.
Annex 1
Acceptable characters for the creation of a user name and password
I. letters and numbers
-------------------------
The allowable ASCII code
character maximum
character
-------------------------
0 48
1 49
2 50
3 51
4 52
5 53
6 54
7 55
8 56
9 57
And 65
(B) 66
(C) 67
D 68
E 69
F 70
(G) 71
H 72
And 73
(J) 74
To 75
L 76
M 77
N 78
About 79
P 80
Q 81
R 82
With 83
T 84
At 85
In the 86
W 87
X 88
S 89
Of the 90
and 97
(b) 98
(c) 99
(d) 100
e 101
(f) 102
g 103
h 104
and 105
(j) 106
to 107
l 108
m 109
n 110
about 111
p 112
q 113
r 114
with 115
t 116
in 117
in 118
w 119
x 120
s 121
out of 122
-------------------------
II. Special characters
-------------------------
The allowable ASCII code
character maximum
character
-------------------------
! 33
# 35
$36
% 37
& 38
(40
) 41
* 42
+ 43
, 44
-45
. 46
: 58
= 61
? 63
@ 64
[91
] 93
_ 95
{123
| 124
} 125
~ 126
-------------------------
Annex 2
The list of algorithms, hash functions, standards and technical standards
I. Algorithms
and 2048-bit RSA) (RFC 3447)
(b)), DSA (FIPS PUB 186-2)
(c))-Fp ECDSA (ANSI X 9.62)
(d))-F2m ECDSA (ANSI X 9.62)
II. Hash functions
a) SHA-1 (FIPS 180-2)
b) SHA-2-256, 384, 512 bits (FIPS 180-2)
(c) the RIPEMD-160)
III. Standards and technical standards
a) ISO/IEC 9594-8 information technology-Open
systems-directory: the basic structure of a public key certificate, and
attribute certificate
ETSI TS 102 042 b)-Electronic Signatures and Infrastructures ' (ESI);
Policy requirements for certification authorities issuing public key
certificates 8
Annex 3
Permissible formats data messages delivered to the data boxes
(I).
Allowable formats data messages delivered to the data boxes are for
conditions referred to in points (II) and (III) formats
a) pdf (Portable Document Format)
b) PDF/A (the Portable Document Format for the long-term Archiving)
(c)), xml (Extensible Markup Language Document) ^ *
d) fo/zfo (602XML Filler paper)
e) html/htm (Hypertext Markup Language Document)
(f)), odt (Open Document Text)
g) ods (Open Document Spreadsheet)
h) odp (Open Document Presentation)
I) .txt (plain text)
j) rtf (Rich Text Format)
k) doc/docx (MS Word Document)
l)/WebPart .xls (MS Excel Spreadsheet)
m) ppt/pptx (MS PowerPoint Presentation)
n) jpg/jpeg/jfif (Joint Photographic Experts Group File Interchange
Format)
about), png (Portable Network Graphics)
p) tif/tiff (Tagged Image File Format)
q) gif (Graphics Interchange Format)
r) mpeg1/mpeg2 (Moving Picture Experts Group Phase 1/Phase 2)
with) wav (Waveform Audio Format)
t) mp2/mp3 (MPEG-1 Audio Layer 2/Layer 3)
u) isdoc/isdocx (Information System Document) version 5.2 and higher
in the edi (International) standard EDIFACT, ODETTE, EANCOM, and standards for
the electronic exchange of business documents-EDI)
w) dwg (AutoCAD DraWinG File Format) version 2007 and higher
x shp/dbf)/shx/prj/qix/sbn/sbx (ESRI Shapefile)
s) dgn (Bentley MicroStation Format) version of the V7 and V8
from gml/gfs)/xsd (Geography Markup Language Document)
II.
The formats listed in item (I) are allowable formats of data messages
data supplied to the Clipboard, if the appropriate file name extension. File
means the external character format of a data message, which allows you to
programming equipment, determine the type of the data file.
III.
Format referred to in point (I) (a). (c)) is permissible data message format
included in the data box, corresponds to the XSD to publicly available
schema published by the recipient of a data message.