ПРАВИЛНИК Untitled Document
Enclosure 19 (E19) – Procedure for Authorization of the Investment Intermediaries in the Communication System of CD AD through Smart Cards and Digital Certificates, Encrypting and File Signing  

1. The purpose of the present technology is to provide signing with electronic signature to the electronic documents received from the investment intermediaries. CD AD signs with e-signature of its own the documents generated by it. The transferred data are encrypted. The main advantages are:

· New level is reached regarding the security and protection of information exchanged between II and CD AD;

· The possibilities to control the inflows of information increase significantly; · Providing paper bearers of the documents is no more necessary;

· For the purposes of control, all paper documents will be stored with the investment intermediary, whereas CD AD will have the right to check if those comply with the electronic messages.

2. Requirements for the investment intermediaries: The investment intermediaries should have at their disposal a digital certificate under Standard Х.509 v3 issued by Central Depository AD. The certificate is personal for each employee communicating with the CD AD system. The certificate shall be stored on a smart card. A smart card reader must be available, which is installed on the PC from which the data will be prepared and forwarded to CDAD. Central Depository AD shall provide to all investment intermediaries program modules for encrypting, decrypting, signing and checking the signature on the files for communication between CD AD and the intermediaries. The investment intermediaries should have at their disposal CDAD’s public key for data encryption. It is available on CDAD’s webpage and is recorded on the smart card as well.

3. Requirements for the PC configuration the investor intermediary must have in order to communicate with CDAD: The PC system must have operating system · MS Windows NT 4.0 Service Pack 4 or higher, or

· MS Windows 2000, or

· MS Windows XP

3.1. A smart card reader - it is provided by CD AD

3.2. A smart card with a certificate – it is provided by CD AD 4. Issuance of the certificate: The certificate shall be issued by CD AD under the following procedure: · An application (sample provided by the CDAD) shall be filed for certificate issuance, to which a copy shall be enclosed of the ID card of the person for whom the certificate is issued;

· The application shall be processed with CDAD, by way of comparing with the data already available and the data from the person’s ID card and the application;

· A certificate shall be issued which is signed by the CDAD certificate in accordance with the CDAD internal procedure;

· The certificate is recorded on a smart card;

· The smart card shall be handed over to the individual IN PERSON, in a sealed envelope, in exchange of a signature and ID card shown. In the envelope are the access code of the card and the directions for use thereof.

5. Signing and encrypting the file: The file which is used to complete this procedure must be prepared for sending in accordance with all CDAD regulations /compressed with ZIP, uncompressed with extension “.ISO”, etc/. The file shall be processed by way of executing commands in the following order: Ш CRYPTSIGN -i/Input file/ -o/Output файл/ -s< Signing person’s certificate identifier>-r/Receiver’s certificate identifier/ -v -c Example: CRYPTSIGN -ozacdad.crp –s “Broker” –r “Depository” The file named shall be crypted and signed with the Broker 1’s certificate for the Depository. A file named zacdad.crp is received which shall be sent to CDAD under the standard procedure. The procedure sends back Result 0, if the operation was terminated successfully; otherwise it sends back Error Code.

6. Decrypting and checking the file signature. To complete this procedure, the outcome file shall be downloaded from the CDAD’s communication server. The file shall be decrypted and checked by way of executing commands in the following order: Ш DECRYPTSIGN -i/Input file/ -o/Output file/ Example: DECRYPTSIGN -iotcdad.crp The file named otcdad.crp shall be decrypted and the signature shall be checked with the CDAD certificate. A file named otcdad.ZIP is received. The procedure sends back Result 0, if the operation was terminated successfully; otherwise it sends back Error Code.

7. CDAD proceedings After the file has been received at the CD AD, it shall be decrypted and the signature shall be checked. In case the signature and the file are valid, the latter shall be processed. The results of the processing shall be encrypted with the intermediaries’ certificate and shall be signed by CDAD. The results, signed and encrypted, shall be uploaded to the CDAD’s communication server to the intermediaries’ mailboxes. The intermediary is not obligated to provide a paper bearer to the CDAD. The intermediary is obligated to store in his/her archive all paper bearer, including the Order for Transfer form. CDAD has the right to check the intermediary for availability of the paper bearers related to the operations performed by him/her. CDAD has the right to request, at all times, from the investment intermediary the paper bearers of the submitted data, as well as those of the primary documents under all transactions.