Table of Contents - APTAStandards.com

More documents

Recommendations

Info

For example, the element could be further defined to represent some of the transit industry related services as follows: • CARDSRV= Card services (e.g. Autoload, Balance Protection) • CIDPRMT= Device Parameter Services (e.g. Display and Audio Configuration) • CIDAPPL = Transit Application Services (e.g. Business end-of-day) Each Service aggregate above needs to be further defined for structure and content for the sub-services available underneath them. Exhibit 4.3-8 below provides an example of possible elements in the card services (CARDSRV) aggregate. Exhibit 4.3-8 CARDSV Aggregate Elements TYPE = “Threshold” THRESHVAL= “10.00” LOADAMNT=”20.0 0” 4.3.6 Message Sequences OFX is a client-server system where an end-user uses a client application to communicate with a server at a financial institution. The form of communication is requests from the client to the server and responses from the server back to the client. One or more requests can be batched in a single file. 4.3.7 Security Requirements The main goals of OFX security are privacy, authentication and integrity. OFX utilizes encryption to maintain privacy, certificates to identify and authenticate servers, and a cryptographic hash to assist integrity verification. With OFX, security is applied at two different levels in the message exchange process, channel level and application level. The channel level security refers to the lower level security that is implemented in the communication layer, whereas the application level security is independent of the underlying communication protocol and aimed at protecting the data at the user level, just like password protecting word-processing documents. Exhibit 4.3-9 illustrates how these two level security schemes are applied. Page 38
CLIENT Exhibit 4.3-9 OFX Security Schemes The password is encrypted by both the client application and the Secure Socket Layer (SSL) protocol. The web server removes the SSL encryption and forwards the encrypted password and the plaintext OFX data. The channel level security is sufficient for most transit related messages, provided that the network architecture is adequately secure. However, the application level password encryption can allow a higher level of security when desired. 4.3.8 Timing & Routing OFX does not provide any timing and routing requirements. 4.3.9 Usability SSL ENCRYPTION OFX DATA OFX DATA WEB OFX SERVER SERVER Encrypted Encrypted Password Password The OFX board maintains the OFX specification with members from a wide industry base. Membership to OFX is free and the process required for joining the organization, depending on the work group, typically involves an informal request. There are no royalties for adapting the specification to transit. Furthermore, OFX does not require any fees for making changes and/or additions to the specification for members. Typically, it takes about six months to process and finalize a change, such as adding 10 new data elements (aggregates). The process is estimated to take somewhere between 9-12 months to add a new scheme such as transit fare collection. This process assumes the design and development work is completed by APTA. This data was obtained through phone interviews and/or email correspondence. The information is accurate as of July 2004. If APTA is interested in using any parts of the specification, formal notification and/or negotiations are necessary. Page 39
Page 1 and 2: SMART CARD STANDARDS AND SPECIFICAT
Page 3 and 4: 4.4.7 Security Requirements........
Page 5 and 6: Document History Revision Reason Fo
Page 7 and 8: Acronym List UTFS Universal Transit
Page 9 and 10: technology to achieve interoperabil
Page 11 and 12: This report encompasse s the review
Page 13 and 14: Identify S m art Card Indust ry S t
Page 15 and 16: The standards and specifications th
Page 17 and 18: These standards and specifications
Page 19 and 20: Although there is no “one-to-one
Page 21 and 22: 4.1.4.2 Card Management Data The st
Page 23 and 24: with ISO/IEC 7816-6, there is no re
Page 25 and 26: these messages constitutes a file.
Page 27 and 28: Phone interviews and/or email corre
Page 29 and 30: The ITSO message body consists of i
Page 31 and 32: Exhibit 4.2-2 Product Types Type Co
Page 33 and 34: Capability Values or RFU Product Pr
Page 35 and 36: opted to contract these services ou
Page 37 and 38: e given careful consideration for a
Page 39 and 40: - Transaction date and time - Trans
Page 41: cardholder related data as in the c
Page 45 and 46: may well be eliminated if, and when
Page 47 and 48: Exhibit 4.4-4 Condition Dialogue St
Page 49 and 50: 4.4.7 Security Requirements The Mes
Page 51 and 52: Application Retailer Product Retail
Page 53 and 54: Exhibit 4.6-1 CID Edge Interface Me
Page 55 and 56: 4.6.8 Timing and Routing The CID Ed
Page 57 and 58: 4.7.4.1 Transaction Data The “Far
Page 59 and 60: 4.7.4.3 System and Device Data The
Page 61 and 62: Following the authentication proces
Page 63 and 64: Data” transaction messages propos
Page 65 and 66: Field Name Description reading the
Page 67 and 68: 4.8-7 Product Transactions Usage Me
Page 69 and 70: 4.8.4.5 Peer-to-Peer Clearing and S
Page 71 and 72: standard does not mandate the compl
Page 73 and 74: Item Number Exhibit 4.9-2 Part 1 Fi
Page 75 and 76: 4.9.4.2 PICC Scheme Control Message
Page 77 and 78: • Registration • Negative List
Page 79 and 80: 5.0 FINDINGS This section presents
Page 81 and 82: Exhibit 5-2 illustrates the relevan
Page 83 and 84: Required. This set of specification
Page 85 and 86: Project/Specification/Standard Spon
Page 87 and 88: APPENDIX B COMPLETED CRITERIA FORMS
Page 89 and 90: ISO/IEC 8583 Criteria Transaction D
Page 91 and 92: TRANSLINK ® Criteria Transaction D
Page 93 and 94:
RIS PART 4 Criteria Transaction Dat
Page 95 and 96:
ITSO DATA ELEMENTS Message Type Dat
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Amount Net Reconciliation Receiving
Page 103 and 104:
TRANSLINK Message Type Data Element
Page 105 and 106:
Autoload non-purse counter remote l
Page 107 and 108:
card status failure reason Business
Page 109 and 110:
RIS PART 4: FOR A LIST OF DATA OBJE
show all

Table of Contents - APTAStandards.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?