Overview of CSOS functionality

With digital certificates issued by DEA, a user can sign controlled substance orders before Activator sends the orders to partners. Orders more than one day in the future from today’s date are rejected and can be found in Tracker in a Failed state. Orders are signed with the user's private key corresponding to the user's public-private key pair in the certificate. Once signed, the user’s certificate, containing the public key only, is transmitted with the order.

For users who receive signed controlled substance orders from partners, Activator validates the orders as authentic and unaltered.

When Activator validates the signature of received orders, it checks the signer's certificate against a DEA list to make sure the certificate has not been revoked. This is done using a certificate revocation list (CRL). The CRL is issued and updated by the DEA. Activator has the ability to retrieve the CRL over the Internet.

After authenticating the received order, Activator makes a back-up copy of the order and the public key and certificate. The default behavior of Activator is to back up received messages, but make sure backing up is enabled for the delivery exchange for receiving messages from partners to ensure CSOS compliance.

Before configuring Activator to handle CSOS orders, your organization must comply with the DEA’s rules for CSOS participants, including obtaining a digital signing certificate from the DEA. For DEA information about CSOS, go to http://www.deaecom.gov/qanda.html .

Security

CSOS extends the FIPS standard (see FIPS compliance) and installs a separate set of security libraries in the following directory:

<INSTALL_DIR>/corelib

CSOS relies on digital certificates using secure hash algorithm (SHA) technology to ensure order security, which includes the SHA-1 and SHA-256 standards. Beginning in 2014, the DEA will require that orders are signed with SHA-256 certificates. To support your organization during the transition period, Axway CSOS enables you to use SHA-1 or SHA-256. Be sure your trading partners are using the same standard.

Related topics

Related Links