Home

Staff can log in using their Index Number and e-PAS password, and non-staff can use the generic login/password: iaol/guest.

Further descriptive data of the surveys treated in experimental way are reported below: Mail Fax Mail server Directory Scanner Verifier Reader Database Image Storage Fax Server Directory img Control Center Web Server cgi/ASP Designer CES/AC.71/2004/7 page 4 Survey on retail sales Frequency Monthly Number of forms 2 Number of form pages 3 Respondents Commerce branch enterprises (small, medium and large enterprises) Theoretic number of respondents 2,700 Technologies for data collection Mail, Web, Fax-server Channels used by the respondents: Web: 4% Mail: 21.2% Fax: 74.8% Monitoring of returned data Yes Security procedures Access control (User-id and password) Survey on Telecommunications Frequency Annual Number of forms 3 Number of form pages 3 Respondents Telecommunications enterprises Theoretic number of respondents 534 Technologies for data collection Mail, Web, E-mail, Fax-server, Fax Channels used by the respondents Web 10% Fax and Fax – server 90% Monitoring of returned data Yes Security procedures Access control (User-id and password) Survey on employment, working time and salary Frequency Monthly Number of forms 2 Number of form pages 3 Respondents Large enterprises (more than 500 employees) Theoretic number of respondents 1,500 Technologies for data capturing Mail, Web, E-mail, Fax-server, Fax Channels used by the respondents Web 10% Fax and Fax – server 90% Monitoring of returned data Yes Security procedures Access control (User-id and password) Survey on vacancies and worked hours Frequency Quarterly Number of forms 1 Number of form pages 4 Respondents Commerce branch enterprises (small-medium-large enterprises) Theoretic number of respondents 8,000 Technologies for data capturing Mail, Web, E-mail., Fax-server, Fax Channels used by the respondents Web 10% Fax and Fax – server 90% Monitoring of returned data Yes Security procedures Access control (User-id and password); SSL CES/AC.71/2004/7 page 5 IV. (...) The Control Center allows system administrators to: § view work in process and overall system performance; § view and monitor operator performance and throughput in real time; § make changes to system-wide and operator/workstation settings; § control the priority of work and escalate specific batches for immediate processing; § maintain system security, assigning operator logins and passwords; § configure alerts that will highlight specific throughput or processing issues for immediate attention; § generate extensive reports on system and operator performance; CES/AC.71/2004/7 page 8 § alert notification via email, command line execution, and/or NT event log .

The most common implementation of authentication is the use of passwords and the most common form of security breach is the compromising of these passwords. Using strong authentication and electronic identity cards or single-use password devices are some of the steps that can be used to prevent unauthorised access to sensitive information. (...) The respondents at organisations or enterprises use passwords as authentication. SSL is activated through a certificate that is installed on our web server.

With respect to article 1, definitions, a number of suggestions were made, including the following: (a) In the definition of the term “address”: (i) it might be better to require a physical address for the grantor and a post office box or e-mail for the secured creditor; (ii) reference should be made to “postal” rather than “zip” code; and (iii) the fact should be taken into account that, in some States, address might be reflected in more general terms (for example, town or island rather than street address); (b) In the definition of the term “amendment”: (i) it should be clarified by listing examples of amendments; (ii) the definition should be aligned with articles 27 and 28; and (iii) it should be clarified whether the term meant a notification, the information changed or the result of the change of the information; (c) With respect to the meaning of the terms “security right” and “movable asset” in the definition of the term “law”, it was noted that those terms did not need to be defined as they were explained either in the terminology or in the recommendations of the Guide; (d) In the definition of the term “notice”, reference should be made to recommendations 72-75; (e) In the definition of the term “password”, the word “confidential” should be deleted since, even if there was a breach of confidentiality, the password would still be a password (the matter could be dealt by way of a provision that that the password should be kept confidential); (f) Consideration might be given to combining the definitions of the terms “registration” and “registry record”; (g) The definitions of the terms “official search logic”, “registry”, “registry services” and “registry system” should be deleted as the meaning of those terms was self-evident; (h) The terms “serial number” and “serial number assets”, which were said to be overly restrictive, should be considered only if the Working Group decided that the articles in which those terms appeared should be retained; and (i) The definition of the term “user identification”, which was not clear as to whether it meant only a registrant or also a searcher, should be considered in the context of the articles in which that term was used. (...) (c)); 18 V.11-82575 A/CN.9/719 (c) A distinction between occasional users and frequent users was only applicable to registrants and accordingly, paragraph 2 should be recast to clarify that it applied to frequent registrants only; (d) A user identification and password could be assigned to registrants that needed such arrangements but were not necessary for searchers; and (e) Assigning a user identification and password should not be presented as the only method for granting access to registry services as other methods were presently available or might become available in the future. 55. With respect to article 9, it was stated that the registry should be able to rely on the fact that the user identification and password were properly used and the registrant was their rightful owner.

Every entity that engages in digital transactions could set up its own system to identify and authenticate each of its business partners (as many businesses currently do through the use of individual registration processes coupled with a username and password system), but this is increasingly proving expensive and inadequate, producing challenges to scaling the system to broader populations. Moreover, the increasing need for cross-organization collaboration, concerns about security, and the problem of user password management suggest that the traditional company- issued or vendor-issued username and password approach is no longer adequate. 10. (...) For example, a business would identify an employee, and issue him a username and password so he could access the company’s network.

For example, entering a secret password that is associated with a username is assumed to authenticate that the individual entering the secret password is the person to whom the username was issued. (...) An active authenticator is usually something the subject knows (such as a secret password), something the subject has (such as a smartcard), or something the subject is (such as a photo or other biometric information), an d is used to tie the subject to an identity credential. For example, a password functions as an authenticator for a username, a picture functions as an authenticator for a passport or driver’s license.

The assessment was conducted on the five models described in paragraphs 4 to 7 of the Note of the Secretariat (A/CN.9/1081), namely (i) a dedicated page on the UNCITRAL website which could be used to post materials submitted by States; (ii) the posting of materials on existing password-protected pages, hosted on an external website; (iii) a new information repository system modelled after the existing Transparency Registry and the CLOUT system; (iv) an entirely new web-based system for the purpose of exchanging materials among States; and (v) round -table sessions or virtual panel series organized by the secretariat using a collaboration platform. __________________ 18 Official Records of the General Assembly, Seventy-fifth Session, Supplement No. 17 (A/75/17, part two). 19 See A/CN.9/1091, report under preparation. 20 See the report of Working Group II (Dispute Settlement) on the work of its seventy -second session (Vienna, 21–25 September 2020) (A/CN.9/1043), para. 95. 21 See report of Working Group II (Dispute Settlement) on the work of its seventy -third session (New York (online), 22–26 March 2021) (A/CN.9/1049), para. 69. 22 See resolution 76/117 of 17 December 2021 on the rule of law at the national and international levels, para. 2. (...) The second model, using a dedicated password-protected page hosted on an external website to post materials submitted by States, is as efficient as the first model. (...) A /C N .9 /1 1 1 9 1 0 /1 1 V .2 2 -0 2 6 1 8 Annex Systems and Software Quality Requirements and Evaluation (ISO/IEC 25010:2011(en), Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models) A dedicated page on the UNCITRAL website which could be used to post (password-protected) materials submitted by States A dedicated password-protected page hosted on an external website which could be used to post materials submitted by States A new information repository system modelled on the existing Transparency Registry and the CLOUT system A new web-based system A collaboration platform Examples www.uncitral.un.org www.unodc.org/missions/en/uncitral/i nformation.html www.uncitral.org/transparency- registry/registry/index.jspx (Transparency Registry) www.uncitral.org/clout/ (CLOUT Document Database) • SparkBlue: SparkBlue is UNDP's digital platform for online engagement allowing its staff to collaborate across the international development landscape • Microsoft Teams Analysis Para. 5, A/CN.9/1081 (regarding an open website option) Para. 5, A/CN.9/1081 Para. 6, A/CN.9/1081 F u n c ti o n a l su it a b il it y Degree to which a product or system provides functions that meet stated and implied needs Low Low Medium High High • No real time interaction • Basic functionality • No real time interaction • Basic functionality • No real time interaction • Limited functionality • Real time interaction • Advanced functionality • Real time interaction • Advanced functionality P e r fo r m a n c e e ff ic ie n c y Performance relative to the amount of resources used High High Low Low Medium • No development costs • No licensing fees • No maintenance costs • No additional human resource implications • No development costs • No licensing fees • No maintenance costs • No additional human resource implications • Significant development costs • Licensing fees • Maintenance costs • Additional human resource implications • Significant development costs • Licensing fees • Maintenance costs • Additional human resource implications • No Development costs • Licensing fees • Maintenance costs • Additional human resource implications C o m p a ti b il it y Degree to which a system can exchange information with other systems and/or perform its required functions High Low Medium Medium High • Up-to-date content management system with interfaces • Legacy content management system • Tailor-made content management system • Customizable as required • Tailor-made content management system • Customizable as required • Up-to-date collaboration system with interfaces U sa b il it y Degree to which a product or system can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction High Low Medium Medium High • User-friendly • Responsive Design • Out of date user-interface • No responsive design • Tailor-made usability • Customizable as required • Tailor-made usability • Customizable as required • User-friendly • Responsive design A /C N .9 /1 1 1 9 V .2 2 -0 2 6 1 8 1 1 /1 1 A dedicated page on the UNCITRAL website which could be used to post (password-protected) materials submitted by States A dedicated password-protected page hosted on an external website which could be used to post materials submitted by States A new information repository system modelled on the existing Transparency Registry and the CLOUT system A new web-based system A collaboration platform R e li a b il it y Degree to which a system performs specified functions under specified conditions for a specified period of time High Low Medium Medium High • Maintained by IT specialists • Regular updates • Support • Legacy system phasing out • No updates • No support • Maintained by IT specialists • Updates on request • Limited support • Maintained by IT specialists • Updates on request • Limited support • Maintained by IT specialists • Regular software updates • Support S e c u r it y Degree to which a system protects information and data so that persons or systems have the degree of data access appropriate to their types and levels of authorization Low Low Low Medium High • No access-control • No security and compliance capabilities • Not suitable for sensitive or highly confidential data • Simple access control • No security and compliance capabilities • Not suitable for sensitive or highly confidential data • Simple access control • Basic security and compliance capabilities • Not suitable for sensitive or highly confidential data • Advanced multi-user access control • Basic security and compliance capabilities • Suitable for sensitive or highly confidential data • Advanced multi-user access control • Advanced security and compliance capabilities • Suitable for sensitive or highly confidential data M a in ta in a b il it y Degree of effectiveness and efficiency with which a product or system can be modified by the intended maintainers High Low Medium Medium High • Basic training for maintenance required • Advanced training for maintenance required • Training for maintenance required • Training for maintenance required • Basic training for maintenance required P o r ta b il it y Degree of effectiveness and efficiency with which a system can be transferred from one software environment to another High Low Medium Medium High • Up-to-date proprietary system with broad support • Legacy system • Specialized tailor-made system based on modern technology • Specialized tailor-made system based on modern technology • Up-to-date proprietary system with broad support

The Registrar must assign a user identification number (user ID) and a password to a person referred to in paragraph 1 of this article, provided that: __________________ 11 See the Guide, recommendation 74. (...) A person who has been assigned a user ID and a password by the Registry and who has complied with these Regulations may have electronic access to the Registry to effect a registration, amendment or cancellation of a notice. Registration, amendment or cancellation of a notice effected using the assigned user ID and password is conclusively deemed to have been effected by the person to whom the user ID and password have been assigned by the Registry.

Possible problems in the breach of security of data in computer networks can be divided into three main categories: ¨ intentional breach of security – the theft of an inscription key, or tapping of a network connection; ¨ unauthorized data access - by logging in using a stolen or guessed password; ¨ denial of service – due to the breach of security system, users can not use a given or all services of the network or server. 4. The basic techniques already in use or planned to be used to ensure network security are: identification (users are identified through a password), authentication (verification of user’s identity), authorization and access control (assigning access rights to a user), protecting the confidentiality of information, data integrity (ensuring that the document was not modified during transfer) and digital signatures. 5.