ETX is the core test administration, delivery and management platform that works to support various services throughout the test delivery process. It is an internet-based platform shared by all parties in the testing process including sponsors, candidates, test service providers and related training organizations. Different parties may access their corresponding modules in ETX in a secure way to process and manage information.
Our systems deploys 128-bit symmetric encryption process, meaning that the decryption key from the ‘decryptor’ has to be identical to the encryption key on the ‘encryptor’ hand before the exam data can be reverted back to meaningful information. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms, meaning that they won’t be easily obtained by hackers. During most security breach attempts, certain information about the data would have to be obtained before an attack is possible and to increase the success rate of attack. Such information collection would have to be obtained gradually from static keys/passwords being used repeatedly for a period of time. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms. While the 128bit key are all generated via the UUID technology that guaranteed to be unique and thus raising the bar of the system security.
To ensure that the tests are being administered in a fair, objective and legally defensible manner, ETX is capable of randomly picking items from the item bank in constructing individual test forms for each candidate to avoid cheating during the test. Thus exam items will not be the same for each candidate. Even if the candidates sitting next to each other have the same item, the choices for item would be arranged differently. Standardized test item types are all stored in centralized application servers and will only be downloaded dynamically before actual test time.
National Registered Proprietary Storage Technology ATA has developed and registered under the Chinese Government a proprietary storage core system TTDS （ TRANSFORMATION and TRANSPOSITION of DATA STORAGE ） . The essence of the technology is to integrate hardware elements and variance in determining the format and offset distortion of the storage information. Such algorithm was handled by computer drivers at a very low level to ensure that it cannot be revealed. Information processed via our TTDS technology would possess an immune system to protect from external attack. Since our system does not run through the computer’s main data bus; any intruder would have to trail upon security key of as long as 2Kbytes in order to match the key which may lead to impractical amount of effort and time to achieve.
This is a methodology used in item bank management to ensure that only authenticated users can have access to any part of the item bank. Finger-print sampling refers to legally extracting partial data string from the encrypted item pack and to store them as a separate encrypted file in the test sponsor. The main exam pack would be unable to be opened unless the finger-print sampling algorithm is also obtained before all missing data can be re-located back in place.
ATA Test Delivery Systems The largest provider of professional testing and related services in China
ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam Systems 1 3 3
manages test items according to attributes such as exam title, knowledge points, item type, etc.
Allows randomized item selection
Exam packaging: support both manual test form packing and automatic test form packing
Test form management and test form validation
Support parallel item building and exam packaging by multiple users
role-based access control for system administrator, item editor, exam packing personnel, data validation personnel, data publishing personnel and so on to ensure security and confidentiality of test items.
Full range of test delivery arrangements, 5 different kinds of testing scenarios provide a truly collaborative approach to customize solutions for our test partners and their clients
Large Scale Unified Test Mode
Walk-in Test Mode
Training & Assessment Mode
Online Test Mode
Architecture of ATA iBT Browser with Plug-in Browser with Flash Standard Browser Different test client for different projects Exam Data via Internet 128-bit Proprietary Encryption Test Client Test Client Test Client Common Unified Server Management Console
Sponsors are all concerned with the security and confidentiality of their test item banks and forms, the followings are processes or stages that might create common concerns:
On-site /Process On-site System Security Process Management Party/scope Test administrations Cheating Test forms management Authentication process False Identity Item bank storage and management Items Development Items leakage Process Security Issues
Security built throughout the process 128-bit symmetric encryption deployed throughout operation processes from pre-test, test delivery and post-test stages Online Off-line Online Secured ETX Test Delivery System Pre Test Testing Post Test
Throughout the process of Items creation, items management/storage, pre- and post-test data processing, transmission and test result publications, the following four domains of secured technologies are deployed:
Security During Data Transfer Technologies to ensure secured delivery of test Test form Scrambled data packs Test info ******* encrypted Candidate data Data compile ****** encrypted Candidates input password Proctor Pwd Test form Time-related hardware key 1 2 3 4 Terminal Admin. Station Time Encryption Pre Test Testing Post Test
Secured Data Transmission Flowchart Shredder Test Taker Password Test Admin. Station Test Station Exam Starts Form/ Items 数 据 信 息 报 名 信 息 时 间 信 息 Pre Test Testing Post Test Authorization
Security During Test Photo- demographics On site photo-identity verification Onsite Photo taking Candidates arriving 登录 Pre Test Testing Post Test
Test item on stations destroyed automatically at the end of test
Item banks stored on local server will be re-encrypted to their respective states before the next test session.
Security of the test data
Every examinee’s test result is stored using 128bit encryption
Backups are made on both the test computer and the test server in order to ensure that the data will not be changed or lost.
Auto Log & Alert system
a dedicated file processing engine (AFE) acts like a guard to authenticate all file access requests. If it is a legal request, it returns correct result. In the event of an illegal activity, such as modifying or decrypting item bank, is detected, AFE can quarantine, destroy and warn about the offending actions