Table of Contents - APTAStandards.com

More documents

Recommendations

Info

4.2.6 Message Sequences The structure of data within messages is designed to support error-free transmission in that steps are taken to ensure that system is able to determine that losses may have occurred or data otherwise corrupted. A positive mechanism of acknowledgement is used to guarantee error-free transmission. The recipient of the message will return a positive or negative acknowledgement of the message to the sender. If the sender receives positive acknowledgement, the original message may be deleted, or it will be retained for re-transmission. Each data block includes a certificate to validate its contents as well as to sequence the data block within a set of data blocks. A header block, containing relevant summary information, precedes each set of data blocks in all messages. Data blocks holding different types of data may be mixed without restriction in messages. 4.2.7 Security Requirements The end-to-end “loss-less” transmission objective led to a design solution involving an ITSO specific SAM module (ISAM). All the components that are involved in the processing of data within the system (such as card reader devices and central systems) are required to carry ISAMs accredited by ITSO. Individual transaction and batch headers are also required to contain MAC fields. Each transmitted record/data block has a certificate associated with it. The certificate is an ISAM generated MAC of the transmission block data. All records transmitted must be sequence numbered. 4.2.8 Timing & Routing ITSO provides the following minimum suggested performance levels in processing back office transactions: • 98% of data should be received by the owner of data and processed against the IPA by 5:00 am on the day after the POST activity for that item • Remaining data should be received and processed within the following 24 hours Each HOPS must perform the following actions between midnight and 5:00 am: • Poll and collect batches from any POSTs directly under its control • Distribute not on-us transactions - Receive on-us transactions from other HOPS - Process the data 4.2.9 Usability The ITSO specification requires that a central body provide the core facilities of Security Management (provision of keys), Compliance Management, Certification Service and Registrar (to register the schemes and products for provision of security keys. ITSO has Page 30
opted to contract these services out in the UK and offered the Request For Proposals for these activities to be made available to APTA without charge if needed. ITSO representatives from UK offered two alternative scenarios for adoption of the specification. • APTA is allowed to use and modify the current ITSO specification in any way they desire to come up with their own specification based on ITSO. No licensing or memberships fees are required. Only the specification documents on the Internet will be available in this option, therefore APTA will have to 'reverse engineer' the SIM card Secure Application Module and the security key management service, if needed • A subset of ITSO can be formed in the US, which APTA can manage. There is no cost involved in this option. A USA implementation of ITSO under the APTA name would constitute a separate security domain and therefore all the keys would be different. APTA can therefore set its own rules. The ITSO rules will be made available to APTA to implement at will. APTA does not need to use the ITSO official name or logo. Setting up an APTA equivalent to ITSO can be done as soon as their membership groups are defined and the membership is elected. This process can take approximately three months. Putting in place the (few) full-time people, the contracts and the processes raises the time estimate to at least six months. The current suppliers to ITSO (ecebs for the ISAMs, Integri for Certifcation and Royal Bank of Scotland for Security Key Management) would all be willing to supply the sub-contract services at a fee, if necessary. 4.3 Open Financial Exchange (OFX) 4.3.1 Description of the Specification Open Financial Exchange is a specification for the electronic exchange of financial data between financial institutions, businesses and consumers via the Internet. Created by CheckFree, Intuit and Microsoft in early 1997, Open Financial Exchange supports a wide range of financial activities, including consumer and small business banking, consumer and small business bill payment, bill presentment and investments tracking (including stocks, bonds, mutual funds, and 401(k) account details). Since the 2000 release of the Version 2.0, OFX has become XML 1.0 compliant and has added 1098, 1099 and W2 tax form download capabilities. Open Financial Exchange (OFX) is a broad-based framework for exchanging financial data and instructions between customers and their financial institutions. It is based on open standards for data formatting (such as XML), connectivity (TCP/IP), and security (SSL). It defines the request and response messages used by each financial service as well as the common framework and infrastructure to support the communication of those messages. Page 31
Page 1 and 2: SMART CARD STANDARDS AND SPECIFICAT
Page 3 and 4: 4.4.7 Security Requirements........
Page 5 and 6: Document History Revision Reason Fo
Page 7 and 8: Acronym List UTFS Universal Transit
Page 9 and 10: technology to achieve interoperabil
Page 11 and 12: This report encompasse s the review
Page 13 and 14: Identify S m art Card Indust ry S t
Page 15 and 16: The standards and specifications th
Page 17 and 18: These standards and specifications
Page 19 and 20: Although there is no “one-to-one
Page 21 and 22: 4.1.4.2 Card Management Data The st
Page 23 and 24: with ISO/IEC 7816-6, there is no re
Page 25 and 26: these messages constitutes a file.
Page 27 and 28: Phone interviews and/or email corre
Page 29 and 30: The ITSO message body consists of i
Page 31 and 32: Exhibit 4.2-2 Product Types Type Co
Page 33: Capability Values or RFU Product Pr
Page 37 and 38: e given careful consideration for a
Page 39 and 40: - Transaction date and time - Trans
Page 41 and 42: cardholder related data as in the c
Page 43 and 44: CLIENT Exhibit 4.3-9 OFX Security S
Page 45 and 46: may well be eliminated if, and when
Page 47 and 48: Exhibit 4.4-4 Condition Dialogue St
Page 49 and 50: 4.4.7 Security Requirements The Mes
Page 51 and 52: Application Retailer Product Retail
Page 53 and 54: Exhibit 4.6-1 CID Edge Interface Me
Page 55 and 56: 4.6.8 Timing and Routing The CID Ed
Page 57 and 58: 4.7.4.1 Transaction Data The “Far
Page 59 and 60: 4.7.4.3 System and Device Data The
Page 61 and 62: Following the authentication proces
Page 63 and 64: Data” transaction messages propos
Page 65 and 66: Field Name Description reading the
Page 67 and 68: 4.8-7 Product Transactions Usage Me
Page 69 and 70: 4.8.4.5 Peer-to-Peer Clearing and S
Page 71 and 72: standard does not mandate the compl
Page 73 and 74: Item Number Exhibit 4.9-2 Part 1 Fi
Page 75 and 76: 4.9.4.2 PICC Scheme Control Message
Page 77 and 78: • Registration • Negative List
Page 79 and 80: 5.0 FINDINGS This section presents
Page 81 and 82: Exhibit 5-2 illustrates the relevan
Page 83 and 84: Required. This set of specification
Page 85 and 86:
Project/Specification/Standard Spon
Page 87 and 88:
APPENDIX B COMPLETED CRITERIA FORMS
Page 89 and 90:
ISO/IEC 8583 Criteria Transaction D
Page 91 and 92:
TRANSLINK ® Criteria Transaction D
Page 93 and 94:
RIS PART 4 Criteria Transaction Dat
Page 95 and 96:
ITSO DATA ELEMENTS Message Type Dat
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Amount Net Reconciliation Receiving
Page 103 and 104:
TRANSLINK Message Type Data Element
Page 105 and 106:
Autoload non-purse counter remote l
Page 107 and 108:
card status failure reason Business
Page 109 and 110:
RIS PART 4: FOR A LIST OF DATA OBJE
show all

Table of Contents - APTAStandards.com

Create successful ePaper yourself

Delete template?

Save as template?