Your SlideShare is downloading. ×
Ata Etx Delivery System Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ata Etx Delivery System Presentation

581

Published on

ATA ETX Delivery System Introduction

ATA ETX Delivery System Introduction

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
581
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • ETX is the core test administration, delivery and management platform that works to support various services throughout the test delivery process. It is an internet-based platform shared by all parties in the testing process including sponsors, candidates, test service providers and related training organizations. Different parties may access their corresponding modules in ETX in a secure way to process and manage information.
  • Our systems deploys 128-bit symmetric encryption process, meaning that the decryption key from the ‘decryptor’ has to be identical to the encryption key on the ‘encryptor’ hand before the exam data can be reverted back to meaningful information. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms, meaning that they won’t be easily obtained by hackers. During most security breach attempts, certain information about the data would have to be obtained before an attack is possible and to increase the success rate of attack. Such information collection would have to be obtained gradually from static keys/passwords being used repeatedly for a period of time. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms. While the 128bit key are all generated via the UUID technology that guaranteed to be unique and thus raising the bar of the system security.
  • To ensure that the tests are being administered in a fair, objective and legally defensible manner, ETX is capable of randomly picking items from the item bank in constructing individual test forms for each candidate to avoid cheating during the test. Thus exam items will not be the same for each candidate. Even if the candidates sitting next to each other have the same item, the choices for item would be arranged differently. Standardized test item types are all stored in centralized application servers and will only be downloaded dynamically before actual test time.
  • National Registered Proprietary Storage Technology ATA has developed and registered under the Chinese Government a proprietary storage core system TTDS ( TRANSFORMATION and TRANSPOSITION of DATA STORAGE ) . The essence of the technology is to integrate hardware elements and variance in determining the format and offset distortion of the storage information. Such algorithm was handled by computer drivers at a very low level to ensure that it cannot be revealed. Information processed via our TTDS technology would possess an immune system to protect from external attack. Since our system does not run through the computer’s main data bus; any intruder would have to trail upon security key of as long as 2Kbytes in order to match the key which may lead to impractical amount of effort and time to achieve.
  • This is a methodology used in item bank management to ensure that only authenticated users can have access to any part of the item bank. Finger-print sampling refers to legally extracting partial data string from the encrypted item pack and to store them as a separate encrypted file in the test sponsor. The main exam pack would be unable to be opened unless the finger-print sampling algorithm is also obtained before all missing data can be re-located back in place.
  • Transcript

    • 1. ATA Test Delivery Systems The largest provider of professional testing and related services in China
    • 2. ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam Systems 1 3 3
    • 3. Standardized Delivery/Management Platform ETX Exam Delivery Platform Subject Matter Experts Data Analysts Test Centers Qualification Owners Students/ Candidates Education Institutes
    • 4. ETX – A Collaborative Exam Information Management System
      • Integrated test delivery and Information Management system
      • Scalable and customizable
      • Exam-packaging subsystem
      • Website registration subsystem
      • Test delivery
      • Central database for exam result analysis
    • 5. Exam-packaging subsystem
      • Exam content management and exam form building
      • manages test items according to attributes such as exam title, knowledge points, item type, etc.
      • Allows randomized item selection
      • Exam packaging: support both manual test form packing and automatic test form packing
      • Test form management and test form validation
      • Support parallel item building and exam packaging by multiple users
      • role-based access control for system administrator, item editor, exam packing personnel, data validation personnel, data publishing personnel and so on to ensure security and confidentiality of test items.
    • 6. Website Registration Subsystem
      • Candidate user module
        • Test registration, exam permit printing, test score enquiry, fee payment
      • Organization user module
        • Batch registration, information management)
      • Test registration site user module
        • Walk-in OTC test registration, exam permit printing and scheduling
      • Back-end test administration system
        • For sponsors and test administration organization to manage and control test information
    • 7. ETX Test registration Demo
      • Live Demo of online registration and inquiries
    • 8. High Quality Test Delivery Services
      • Full range of test delivery arrangements, 5 different kinds of testing scenarios provide a truly collaborative approach to customize solutions for our test partners and their clients
          • Large Scale Unified Test Mode
          • Certification Mode
          • Walk-in Test Mode
          • Training & Assessment Mode
          • Online Test Mode
    • 9. Architecture of ATA iBT Browser with Plug-in Browser with Flash Standard Browser Different test client for different projects Exam Data via Internet 128-bit Proprietary Encryption Test Client Test Client Test Client Common Unified Server Management Console
    • 10. Unified Server
      • Single set of server to serve different kind of client
      • All data stored on the server at secured locations
      • Supports “Drop-and-recover” during exam
    • 11. Client Terminals
      • Pure Web Browser Client
        • Zero footprint for client PC before and after testing
        • Supports standard item types
      • Browser Client with Flash
        • Supports more item types such as drag-drop
      • Browser Client with Plug-in
        • Supports more item types such as simulation
    • 12. ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam System 1 3 3
    • 13. ETX - Secured Delivery Solution
      • Sponsors are all concerned with the security and confidentiality of their test item banks and forms, the followings are processes or stages that might create common concerns:
      On-site /Process On-site System Security Process Management Party/scope Test administrations Cheating Test forms management Authentication process False Identity Item bank storage and management Items Development Items leakage Process Security Issues
    • 14. Security built throughout the process 128-bit symmetric encryption deployed throughout operation processes from pre-test, test delivery and post-test stages Online Off-line Online Secured ETX Test Delivery System Pre Test Testing Post Test
    • 15.
      • Throughout the process of Items creation, items management/storage, pre- and post-test data processing, transmission and test result publications, the following four domains of secured technologies are deployed:
        • Items finger-print technologies
        • Items encryption topology
        • Time-based encryption technologies
        • Items usage ‘Log & Alert’ technologies
      ETX - Secured Delivery Solution
    • 16.
      • Items Creation, Conversion and Authoring
      • All ATA staff/personnel have signed a legal binding Non-Disclosure Agreement which held them with legal responsibilities to protect information they are working on;
      • Separation of teams who work with test contents, no individuals would have access to and/or able to associate their works on hand with any particular test titles or the entire item bank
      • Role-based Security Control (Access Level)
      Security in the Pre-Test Stage Pre Test Testing Post Test
    • 17. Security in the Pre-Test Stage
      • Form Assembly
      • Randomized items packaging from item bank based on blueprint of exam
      • Standardized test item types are stored in centralized application servers, and will only be downloaded dynamically before actual test time.
      • Items being downloaded the application server will compose the test form ‘live’ according to the ‘blue-print’ of the exam provided on the server
      Pre Test Testing Post Test
    • 18.
      • Item Bank Management
      • Item Finger-print Sampling
      • Secondary Security Key
      • National Registered Proprietary Storage Technology ( TTDS- TRANSFORMATION and TRANSPOSITION of DATA STORAGE)
      Security in the Pre-Test Stage Pre Test Testing Post Test
    • 19. Item Fingerprint Sampling
      • This ensures that only authenticated users can have access to any part of the item bank
      • Finger-print sampling refers to legally extracting partial data string from the encrypted item pack and to store them as a separate encrypted file
      • The main exam pack would be unable to be decrypted unless the finger-print sampling algorithm is also obtained before all missing data can be re-located back in place.
      Pre Test Testing Post Test
    • 20. Security During Test
      • Online-offline-online testing mode
      • Item encryption topology
      • Time-based encryption technology
      Pre Test Testing Post Test
    • 21. Security During Data Transfer Technologies to ensure secured delivery of test Test form Scrambled data packs Test info ******* encrypted Candidate data Data compile ****** encrypted Candidates input password Proctor Pwd Test form Time-related hardware key 1 2 3 4 Terminal Admin. Station Time Encryption Pre Test Testing Post Test
    • 22. Secured Data Transmission Flowchart Shredder Test Taker Password Test Admin. Station Test Station Exam Starts Form/ Items 数 据 信 息 报 名 信 息 时 间 信 息 Pre Test Testing Post Test Authorization
    • 23. Security During Test Photo- demographics On site photo-identity verification Onsite Photo taking Candidates arriving 登录 Pre Test Testing Post Test
    • 24. Security During Test
      • randomized item display
      • randomized sequence of choices
      • Single item displayed on screen at a time
      Pre Test Testing Post Test
    • 25. Post test Security Methods
      • Security of item bank
        • Test item on stations destroyed automatically at the end of test
        • Item banks stored on local server will be re-encrypted to their respective states before the next test session.
      • Security of the test data
        • Every examinee’s test result is stored using 128bit encryption
        • Backups are made on both the test computer and the test server in order to ensure that the data will not be changed or lost.
      • Auto Log & Alert system
        • a dedicated file processing engine (AFE) acts like a guard to authenticate all file access requests. If it is a legal request, it returns correct result. In the event of an illegal activity, such as modifying or decrypting item bank, is detected, AFE can quarantine, destroy and warn about the offending actions
      Pre Test Testing Post Test
    • 26. Post test Security Methods
      • Monitoring and Logs
        • ETX provides monitoring and log functions to effectively monitor and record the system activities in a timely manner. These records can be used as proof of non-repudiation.
      • Network isolation
        • System server goes through firewall, router, router modem, a dedicated DDN line to the internet to ensure protection from online attacks.
      Pre Test Testing Post Test
    • 27. ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam System 1 3 3
    • 28. ETX Delivery in Action
      • Video Clips on Banking Exam on Nov 1-2 2008
    • 29. Thank You !

    ×