CAPE Card Payments Terminal Management Message Usage Guide

Transcription

1 CAPE Card Payments Terminal Management Message Usage Guide Version September 2011

2 TABLE OF CONTENTS 1 Introduction Purpose of the Document Content of the Document References StatusReport (catm ) Message Usage Message Preparation Message Processing ManagementPlanReplacement (catm ) Message Usage Message Preparation Message Processing Execution of the Management Plan One-Time Call to the Maintenance Example Cyclic Call and Acquirer Parameters Download Examples Sequence of Parameters Downloads Example Error Handling during Management Plan Execution AcceptorConfigurationUpdate (catm ) Message Usage Message Processing Acquirer Protocol Parameters Configuration of Data Capture and Completion for Online Transactions Financial Capture Batch Transfer Completion Exchange Configuration of Data Capture and Completion for Offline Transactions Financial Capture Batch Transfer Completion Exchange Configuration of Reconciliation Other Acquirer Protocol Configuration Parameters BatchTransferContent MessageItem Host Communication Parameters Transport Protocol Parameters Download of Cryptographic keys Message Examples Presentation of the Example Partners Identification Page ii

3 5.1.2 POI Information Initial Management Plan in Use Periodic Contact to the TMS Host StatusReport Message ManagementPlanReplacement Message Download of the Acquirer Parameters StatusReport Message AcceptorConfigurationUpdate Message Maintenance Report StatusReport Message ManagementPlanReplacement Message Alternative Message Exchanges Message Exchange only Upload StatusReport ManagementPlanReplacement Processing of the ManagementPlanReplacement Excecution of the ManagementPlanReplacement File Transfer only Upload of a StatusReport Download of a ManagementPlanReplacement Processing of a ManagementPlanReplacement Execution of a ManagementPlanReplacement Message Exchange and File Transfer Error Handling CMS and Usage of Certificates POI Signatures Signatures Generation Signatures Verification TM Signatures TM Signatures Verification MTM Signatures Verification X.509 Certificates POI certificate TM certificate MTM certificate POI Certificate Example MTM Certificate Example TM Server Certificate Example Transport Protocol Services File Transfer Protocol The FTP Model FTP Client Components FTP Server Components Page iii

4 9.2 File Transfer Services Access Commands Login Sequence FTP Session Termination Directory Positioning FTP Transfer Parameter Commands Data Connection File Type Transfer Mode File Structure File Naming Conventions FTP Protocol Service Commands File Transfer Directory Management Figures Figure 1: Sequence of Message Exchanges Figure 2: TMS messages transferred as message exchanges Figure 3: TMS messages transferred as files Figure 4: TMS messages transferred as both messages and file Figure 5: CMS Data Protection in Terminal Management Protocol Messages Figure 6: The FTP Model Figure 7: FTP Server Directory Structure for TMS Page iv

5 1 Introduction 1.1 Purpose of the Document The present document describes how to use the messages of the EPAS Terminal Management Protocol described in the document "Card Payment Terminal Management, Message Definition Report" [CAPE ACQ MDR]. 1.2 Content of the Document Section 1: Introduction Section 1.1: Purpose of the Document Section 1.2: Content of the Document Section 1.3: References Section 2: StatusReport Section 2.1: Detailed content of the StatusReport and usage of message components. Section 2.2: POI processing for an outgoing StatusReport message. Section 2.3: Processing for an incoming StatusReport message. Section 3: ManagementPlanReplacement Section 3.1: Detailed content of the ManagementPlanReplacement message and usage of message components. Section 3.2: TM or MTM processing for an outgoing ManagementPlanReplacement message. Section 3.3: Processing for an incoming ManagementPlanReplacement message. Section 3.4: Rules for executing a management plan with typical examples. Section 3.5: Possible error conditions during the execution of message management plan and behaviour of the POI. Section 4: AcceptorConfigurationUpdate. Section 4.1: Detailed content of the AcceptorConfigurationUpdate message and usage of message components. Section 4.2: Processing for an incoming AcceptorConfigurationUpdate message. Section 4.3: Configuration parameters for the Acquirer protocol. Section 4.4: Configuration parameters for the Acquirer hosts. Section 5: Presentation of message examples. Section 6: Possible choices for a transport protocol. Section 7: Handling of error situations. Section 8: Cryptographic functions required to secure the content of a message. Section 9: Transport protocol services. 1 Introduction Page 5

6 1.3 References [CAPE ACQ MDR] [CAPE ACQ MUG] [CAPE TMS MDR] [EPAS RTP] ISO 20022, Card Payment Exchanges, Message Definition Report, Edition November 2010 (Acceptor to Acquirer) CAPE, Card Payments, Message Usage Guide, Version 1.0, Edition September 2011 ISO 20022, Card Payment - Terminal Management, Message Definition Report, Edition May 2011 Sale to POI Protocol Specifications, Retailer Protocols Working Group, EPASOrg, Version 1.0, Introduction Page 6

7 2 StatusReport (catm ) 2.1 Message Usage StatusReport is a request message sent by a POI to a TM or a MTM. A POI System initiates a Terminal Management System (TMS) message exchange (StatusReport request and ManagementPlanReplacement response messages) in three different ways: Manually. The Acceptor initiates a terminal management session manually by using a maintenance command of the POI. The Acceptor selects a terminal manager in the maintenance menu of the POI system. The address of the TMS is predefined in the POI system. In response to a message. The Acquirer Host sends a TMSTrigger in response to a received message. The POI analyses the TMSContactLevel and TMSContactDateTime and reacts accordingly. The TMSIdentification contains the name of the TMS using the POI configuration. After a certain time. The POI starts the message exchange according to a timing condition of a TMS action defined in the management plan is met. The StatusReport message contains information about: the installed parameter versions of the POI, the POI components already installed or activated, the log of Event with the results of the TMS actions performed since the last status report (usually these are local actions e.g. activation of data sets or a restart of the POI application), the report also contains the initiation trigger. StatusReport Mult. Rule Usage Header [1..1] DownloadTransfer [1..1] False FormatVersion [1..1] Version supported by the Initiating Party. Current version is "1.0". Format: MM.mm where MM is the Major version (leading zeros may be removed) and mm the minor version (trailing zeros may be removed). ExchangeIdentification [1..1] Unique identifier set by the InitiatingParty. Used to detect possible duplications of a transfer for a period of time. Used to link a StatusReport request message with the related response message. CreationDateTime [1..1] Date and time of the file or messages creation. Time accuracy has to be at least tenth of a second. InitiatingParty [1..1] Identification of the initiator of the message exchange or the file transfer. Content is bilaterally agreed between InitiatingParty and RecipientParty. Identification [1..1] Unambiguous identification of the Initiator of the file or the message by the recipient. Value is bilaterally agreed between InitiatingParty and RecipientParty. Type [0..1] Default: "OriginatingPOI" Issuer [0..1] Appli The party assigning the Identification. ShortName [0..1] Appli In case of a digital signature, this element is contains the identification of the InitiatingParty certificate (Subject). RecipientParty [0..1] Appli Identification of the recipient of the message exchange or the file transfer. Structure and content is bilaterally agreed between InitiatingParty and RecipientParty. Identification [1..1] Type [0..1] Type of RecipientParty 2 StatusReport (catm ) Page 7

8 StatusReport Mult. Rule Usage Issuer [0..1] Appli ShortName [0..1] Appli StatusReport Allowed values: "MasterTerminalManager", "TerminalManager" StatusReport message body. POIIdentification [1..1] Identification of the POI terminal or POI system sending the message. Identification [1..1] Type [0..1] Default and allowed value "OriginatingPOI" Issuer [0..1] Appli Allowed values: "MasterTerminalManager", "TerminalManager", "Merchant", "Acquirer" and "IntermediaryAgent" ShortName [0..1] Appli Name of the POI assigned by the TMS. TerminalManager- Identification [0..1] Identification [1..1] Appli Type [0..1] Allowed values: "MasterTerminalManager" or "TerminalManager". Issuer [0..1] Appli "MasterTerminalManager" or "TerminalManager" ShortName [0..1] Appli Name of the TMS assigned by the MTM or TM. DataSet [1..n] Identification [1..1] Identification of the Data set (class of file) Name [0..1] Name of the status report; not used Type [1..1] Allowed value: "StatusReport" Version [0..1] Version of the status report; not used CreationDateTime [0..1] Date and time of the creation of the status report. Time accuracy has to be at least in seconds. SequenceCounter [0..1] not used Content [1..1] POICapabilities [0..1] Present if it contains any data Only present if DataSetRequired equal to "ManagementPlan" CardReading- Capabilities Cardholder- Verification- Capabilities [0..n] Appli Capabilities defining the physical components of the POI. Excluded values: "AccountData", "Physical" [0..n] Appli Not supported OnlineCapabilities [0..1] Appli Capability of the POI is capable to go on-line and store the transaction. DisplayCapabilities [0..2] Appli Display capabilities of the POI on both Merchant and Customer interfaces. DisplayType [1..1] Appli Knowledge of what the POI is able to display on the Merchant and Cardholder interfaces. NumberOfLines [1..1] Appli LineWidth [1..1] Appli PrintLineWidth [0..1] Appli POIComponent [0..n] Appli Used to inform the TMS about: - the hardware components of the POI. - the software components of the POI. - the installed version of the parameters, (POIComponentType set to "AcquirerParameters" and VersionNumber containing the global version of all installed parameters). POIComponent- Type Manufacturer- Identification [1..1] Appli The value "AcquirerParameters" is used to inform the TMS about the global version of AcquirerProtocolParameters, HostCommunicationParameters and ApplicationParameters which are sent in the AcquirerConfigurationUpdate message. [0..1] Appli Identification of the POI component provider. If the POI has to inform the TMS about the parameters specific to an acquirer, this element contains the acquirer identification (value of the AcquirerIdentification data element in the AcquirerConfigurationUpdate message). Model [0..1] Appli Product name of the POI component. VersionNumber [0..1] Appli For the POIComponentType AcquirerParameters this element contains the version of the installed data set with the format YYYYMMDDhhmmss. This version number is acquirer specific and corresponds to the ParametersVersion in 2 StatusReport (catm ) Page 8

9 StatusReport Mult. Rule Usage SerialNumber [0..1] Appli the Acquirer protocol messages. ApprovalNumber [0..n] Appli More than one approval number possible (when assigned by different bodies). Certification body to be provided (e.g. at the beginning of the ApprovalNumber). AttendanceContext [0..1] Appli Attended: an attendant is present and can survey the financial transaction (face to face). SemiAttended: one attendant present for several POIs. Unattended: an attendant is not present POIDateTime [1..1] Appli Information used by the TMS to detect a discrepancy of the real time clock used in the POI terminal DataSetRequired [0..1] Absent if the StatusReport is sent by file. If the StatusReport is sent by message, it contains the data elements and the values of the related Action.DataSetIdentification requesting the transfer of data set. Name [0..1] Action.DataSetIdentification.Name of the related management plan action, if present. Type [1..1] Action.DataSetIdentification.Type of the of the related action of the management plan : "ManagementPlan": ManagementPlanReplacement message is requested by the StatusReport message. "AcquirerParameters": an AcceptorConfigurationUpdate message containing all the configuration parameters is requested by the StatusReport message. "ApplicationParameters": an AcceptorConfigurationUpdate message containing only the application parameters is requested by the StatusReport message. Version [0..1] Action.DataSetIdentification.Version of the related management plan action, if present. CreationDateTime [0..1] Action.DataSetIdentification.CreationDateTime of the related management plan action, if present. Event [0..n] List of all completed TMS actions of the Management Plan which have been performed since the last StatusReport message, receiving in response a valid ManagementPlanReplacement message. Events have to be listed in chronological order (by increasing time). TimeStamp [1..1] Contains the POI processing time of the event. Time accuracy has to be at least in seconds. Result [1..1] Result of the performed action. Only the result of the last process retry is present. Allowed values: "ConnectionError": Unable to connect to the TMS host to perform the download/upload (i.e. to send the StatusReport message). "FormatError": ManagementPlanReplacement or AcceptorConfigurationUpdate message has a wrong XML format. "InvalidContent": Content of the ManagementPlanReplacement or AcceptorConfigurationUpdate message is invalid. "MissingFile": Data set to be upload/download is missing. "NotSupported": Action is not supported. "MemoryOverflow": Memory to store the data set is exceeded. "SignatureError": ManagementPlanReplacement or AcceptorConfigurationUpdate message has a wrong digital signature or a wrong MAC. "Success": Action was successfully performed. "SyntaxError": ManagementPlanReplacement or AcceptorConfigurationUpdate message has a wrong syntax. "Timeout": Timeout expired before receiving a complete ManagementPlanReplacement or AcceptorConfigurationUpdate message. "UnknownData": DataSetIdentification in the Action invalid or unknown. "UnknownKeyReference": Cryptographic key used for the data signature or the MAC is invalid. Action- Identification [1..1] Copy of the Action of the management plan for which the outcome is notified in the current Event. ActionType [1..1] See ManagementPlanReplacement DataSet- Identification [0..1] See ManagementPlanReplacement Name [0..1] See ManagementPlanReplacement Type [1..1] See ManagementPlanReplacement 2 StatusReport (catm ) Page 9

10 StatusReport Mult. Rule Usage Version [0..1] See ManagementPlanReplacement Creation- DateTime AdditionalError- Information [0..1] See ManagementPlanReplacement [0..1] Complete the Result, giving details on the error (e.g. number of retries). Errors [0..1] Manufacturer specific log file for errors (e.g. card reader errors) SecurityTrailer [1..1] Digital signature or MAC of the message body StatusReport, including the delimiters (start and end tag for XML encoding). 2 StatusReport (catm ) Page 10

11 2.2 Message Preparation This section outlines the processing of a POI prior to sending a StatusReport message to a Terminal Manager. 1. The StatusReport message body contains: a. Identification of POIIdentification populated with the identifier of the POI for the TM or MTM (This identifier may also be used in the certificate of the POI.), b. Identification of TerminalManagerIdentification populated with the identifier of the TM or MTM, if available, c. a data set with Identification containing the Type "StatusReport" and CreationDateTime of the report filled with the local time stamp, d. VersionNumber used for summarising the current status of the POI components and capabilities. The version number could be updated if the status of the POI is changed e.g. by an update of the acquirer parameters. An update of the log of Event or Errors does not influence the version of the status report. e. POICapabilities filled with the installed capabilities (e.g. card readers). This component is only present if DataSetRequired equal to "ManagementPlan". f. POIComponent filled with the installed parameter or software. If the POI contains a configuration for several acquirers, the POIComponent structure is related to the acquirer identified by POIComponent.ManufacturerIdentification. g. the sequence of Event containing the result of the performed TMS actions since the last report that has been successfully transferred to the TM or the MTM (the action results have to be stored by the POI until they have been successfully sent to the TM or MTM). h. the POI vendor specific error description in the data element Errors. SequenceCounter is not used. 2. The POI generates a security trailer for the StatusReport message. The trailer contains either: a. the signature of the message body using the secret key PR POI_AUTH as described in section 8.1 or b. the MAC as described in chapter 8 of [CAPE ACQ MUG]. 3. The POI builds the header of the message: a. DownloadTransfer: set to False. b. FormatVersion: Version supported by the POI. Current version: "1.0" (assigned by EPASOrg). c. ExchangeIdentifier: unique identifier per partner and per pair of messages. Used to assign a response to a request message and to identify duplicate messages. A cyclic counter incremented by one for each new message. d. CreationDateTime: date and time of the creation of the message. Time accuracy at least a tenth of a second. 4. The POI establishes a connection to the TM or MTM and sends the request message as specified in chapter 7 of [CAPE ACQ MUG]. 5. The POI waits for the response message. In case of no response, an error is stored in the log of Event with the Result "Timeout". 2 StatusReport (catm ) Page 11

12 2.3 Message Processing 1. The TM or the MTM examines the syntax and contents of the message header and checks whether: a. the identifier present in the message element InitiatingParty.Identification is valid 1. b. the version in FormatVersion is supported. If not, the TMS responds with a message containing the Header.FormatVersion it supports. 2. The SecurityTrailer is verified: a. Should the SecurityTrailer contains a digital signature: i. the Common Name of the Subject is checked against the message element Identification of POIIdentification ii. the digital signature is validated using the certificate PU POI_AUTH, according to the section b. Should the SecurityTrailer contains a message authentication: i. the MAC of the message is validated (see section 8 of [CAPE ACQ MUG]). The message is discarded in case of an invalid digital signature or MAC. 3. The TMS verifies the contents of the status report, prepares and sends either a ManagementPlanReplacement or an AccetorParameterUpdate message. 1 For the first contact to the TM in the life cycle of the POI, the TM may use POIIdentification of the StatusReport message to register the POI and send back a first management plan to the POI. 2 StatusReport (catm ) Page 12

13 3 ManagementPlanReplacement (catm ) 3.1 Message Usage ManagementPlanReplacement is a response message sent by a TM or a MTM to a POI. It contains information about the: TMS actions to be performed by the POI, TMS systems to be connected and the corresponding communication parameters, error actions in case of unsuccessful TMS actions. The message contains the management plan replacing a previous one. ManagementPlanReplacement Mult. Rule Usage Header [1..1] DownloadTransfer [1..1] True FormatVersion [1..1] See StatusReport ExchangeIdentification [1..1] See StatusReport. Used to link a ManagementPlanReplacement response message to a StatusRequest message. Unique identifier set by the InitiatingParty to assign a ManagementReplacement response message to the StatusReport request message, or to detect duplication of ManagementReplacement file transfer. CreationDateTime [1..1] See StatusReport InitiatingParty [1..1] See StatusReport Identification [1..1] See StatusReport Type [0..1] In case of message exchange the allowed value is "OriginatingPOI". In case of file transfer; allowed values are: "TerminalManager" or "MasterTerminalManager". Issuer [0..1] Appli See StatusReport ShortName [0..1] Appli In case of digital signature, contains the identification of the TM or MTM certificate (Subject). RecipientParty [0..1] Appli See StatusReport Identification [1..1] See StatusReport Type [0..1] Message exchange: allowed values are "MasterTerminalManager" and "TerminalManager". File transfer: "OriginatingPOI " Issuer [0..1] See StatusReport ShortName [0..1] Appli In case of digital signature and message exchange, this element contains the identification of the POI certificate (Subject). ManagementPlan [1..1] ManagementPlanReplacement message body. POIIdentification [0..1] Appli Identification of a POI terminal, system or group of terminals. For a message exchange, this is a copy of the request related data element. Identification [1..1] Part of the TMS/Acquirer/IntermediaryAgent or Merchant configuration. Type [0..1] Default "OriginatingPOI" Allowed value: OriginatingPOI Issuer [0..1] Appli Allowed values: "MasterTerminalManager, "TerminalManager", "Merchant", "Acquirer" and "IntermediaryAgent" 3 ManagementPlanReplacement (catm ) Page 13

14 ManagementPlanReplacement Mult. Rule Usage ShortName [0..1] Appli Name of the POI assigned by the TMS. TerminalManagerIdentification [1..1] Identification [1..1] Appli See StatusReport Type [0..1] See StatusReport Issuer [0..1] Appli Allowed values: "Acceptor", "Acquirer", "Merchant", "MasterTerminalManager" or "TerminalManager" ShortName [0..1] Appli See StatusReport DataSet [1..n] The data set contains a management plan Identification [1..1] Identification of the management plan. Name [0..1] Name of the management plan Type [1..1] Allowed value: "ManagementPlan". Version [0..1] Version of the management plan, with the format YYYYMMDDhhmmss. CreationDateTime [0..1] Date and time of the management plan. Time accuracy has to be at least in seconds. Checked by the POI to assess whether the management plan needs to be replaced or not. SequenceCounter [0..1] Not used Content [0..1] Contents of the management plan. The absence of Content means that current management plan needs not to be replaced. Action [1..n] List of TMS actions associated to the management plan to be performed by the POI. Type [1..1] Allowed values: "Delete", "Restart", "Download", "Upload" Address [0..1] Address of the TMS to be contacted for this specific TMS action PrimaryAddress [1..1] PrimaryPortNumber [1..1] SecondaryAddress [0..1] Secondary- PortNumber [0..1] UserName [0..1] Username for identification of the POI e.g. to login into a server AccessCode [0..1] Password for authentication of the POI e.g. to login into a server ClientCertificate [0..1] Certificate to authenticate the POI. DataSetIdentification [0..1] Identification of the data set associated to the action. Mandatory for Action.Type "Delete" and "Download", Absent for Action.Type "Restart". Name [0..1] Name of the data set to associated to the action. Type [1..1] Type of the data set to be processed by the POI (Action.Type values "Delete" or "Download"): "StatusReport": if a status report has to be sent alone without requesting any data set (DataSetRequierd empty and Action.Type = "Upload") "ManagementPlan": if management plan has to be replaced by a new one to download (Action.Type = "Download") "AcquirerParameters": If all the configuration parameters have to be deleted (Action.Type = "Delete") or replaced (Action.Type = "Download"). "ApplicationParameters": If only the application parameters have to be deleted (Action.Type = "Delete") or replaced (Action.Type = "Download"). Version [0..1] Version of the data set to be deleted or downloaded by the POI CreationDateTime [0..1] Date time of creation of the data set. Trigger [1..1] Allowed values: "DateTime": the action is triggered by the information contained in the Action.TimeCondition data structure "HostEvent": the host sends a Trigger in the EPAS Acquirer protocol. "Manual": An operator has to use an administrative command on the POI to contact the related TM, in order to not interrupt the flow of transactions. 3 ManagementPlanReplacement (catm ) Page 14

15 ManagementPlanReplacement Mult. Rule Usage "SaleEvent": the sale system of the acceptor, driving the POI system, sends an event to trigger maintenance actions during an appropriate period. AdditionalProcess [0..1] Process to perform before or after the TMS action, allowed values are: "Reconciliation": the POI has to perform reconciliation before the action. "ManualConfirmation": the POI has to ask a confirmation to the cashier before starting the action. "Restart": the POI has to restart the application after the successful completion of the action. TimeCondition [0..1] Mandatory for Action.Trigger "DateTime", Absent for Action.Trigger "HostEvent", "Manual", "SaleEvent" WaitingTime [0..1] Present if StartTime is absent. Time to wait after the termination of the previous action. Format: MMDDhhmmss, leading zeros could be omitted. StartTime [0..1] Present if WaitingTime is absent. Date and time when the action must be started. EndTime [0..1] Date and time after which the action couldn't be started and performed. Period [0..1] Time period for a cyclic action, absent otherwise. MaximumNumber [0..1] Maximum number of cycles for a cyclic action. If the value is 0, the number of cycles is limitless. If this data element is absent, the number of cycles is limitless or this is a one-time action. ReTry [0..1] Condition of a retry if the action is not successfully completed. Delay [1..1] Time period to wait after the last attempt in MMDDhhmm, leading zeros could be omitted. MaximumNumber [0..1] LastReTryTime [0..1] N/A Maximum number of retries. If this data element is absent or equal to 0, only one retry is allowed. ErrorAction [0..n] Processing to be performed after the last action retry fails. ActionResult [1..n] Result of the last retry of the action. All values are allowed at the exception of "Success". ActionToProcess [1..1] Processing to be performed for the results defined by ActionResult, allowed values: "SendStatusReport": a StatusReport message is sent to the TM or MTM reporting the result and requesting a ManagementPlan. If the error occurs during a sequence of actions the sequence is stopped and the report sent. (Note: Instead of "IgnoreError" the rule 5.8 will be applied.) SecurityTrailer [1..1] Digital signature or MAC of the message body ManagementPlan, including the delimiters (start and end tags if XML encoding). 3 ManagementPlanReplacement (catm ) Page 15

16 3.2 Message Preparation The TM or MTM sends back a ManagementPlanReplacement as a response to a StatusReport when one of the following conditions is verified: DataSetRequired is absent in the StatusReport message or DataSetRequired is present in the StatusReport message and DataSetRequired.Type has the value "ManagementPlan" Should the TM or MTM intend to perform a series of new actions or instruct the POI to execute a new management plan, a ManagementPlanReplacement is sent as a response to a StatusReport with a set of new actions detailed in ManagementPlan.Content. When the TM or MTM has no intention to modify the current management plan or change the current list of actions, a ManagementPlanReplacement message is sent back as a response to a StatusReport without ManagementPlan.Content. The current list of actions remains unchanged. 3.3 Message Processing The following steps are performed by the POI when receiving a ManagementPlanReplacement as a response to a StatusReport. 1. The POI checks the Header of the received message The POI stores the Identification of InitiatingParty If DownloadTransfer is set to "False", the action is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value "DownloadTransfer" FormatVersion should have a version that is supported. If the format cannot be supported the message is discarded. The action is stored in the log of Event with the specific Result "InvalidContent" and AdditionalErrorInformation containing the wrong message element as "FormatVersion ExchangeIdentifier should have the same value as in StatusReport. If not, the action is stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value "ExchangeIdentifier" CreationDateTime is stored if required. 2. The POI checks the signature of the received message as described in section 8.2 by using the public key contained in the certificate that is present in the security trailer or already defined in the configuration data of the POI. For each terminal manager there is a separate certificate: - certpr MTM_CA (PU MTM_AUTH ) if the message was received from the MTM or - certpr MTM_CA (PU TM_AUTH ) if the message was received from the TM. If the verification of the signature fails, the error is logged in Event with Result containing "SignatureError" and AdditionalErrorInformation the text value "SecurityTrailer". 3. The POI checks whether the information in the Certificate Subject correspond to the TerminalManagerIdentification of the message body. If not, the action is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value "Signer.SignerIdentification". 4. The POI checks whether Type of Identification corresponds to "ManagementPlan". If not, the error is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value "DataSet.Identification.Type". 5. The POI checks the completeness, syntax and contents of each action definition present in the received ManagementPlan. In case of an error, the whole management plan is ignored. The list of Action of the previous management plan remains valid. The error is then logged in Event. 3 ManagementPlanReplacement (catm ) Page 16

17 5.1. The actions are analysed whether the actions are correctly defined. The mandatory data elements have to be present (see ERR3, section 7). All existing data elements have to be correctly formatted (ERR2, section 7) If an enumeration value of data elements contained in action is unknown, the action is added to the event log with Result containing "NotSupported" and AdditionalErrorInformation containing the message component or element If the message element Address is not present in the received Action, the POI uses the currently defined address of the TMS (e.g. manually entered at the POI by the user or issued in TMSIdentification of TMSTrigger sent by the acquirer host or intermediary agent in an acquirer protocol response message) Type or Name in DataSetIdentification is used to identify the category of data to be uploaded, downloaded or deleted: For the action "Upload", DataSetIdentification.Type is present with the value "StatusReport". All other elements of DataSetIdentification are missing or ignored For the action Download management plan, only DataSetIdentification.Type is present containing the value ManagementPlan. All other elements are missing in this component respectively ignored For the action Download acceptor parameters, DataSetIdentification.Type and DataSetIdentification.Name have to be present containing the values ApplicationParameters, AcquirerParameters, MerchantParameters or VendorParameters and the name of the file to be downloaded from the FTP server. All other elements may be missing in this component. If Version is present, the POI will download only this version of the acceptor parameters For the action Delete, DataSetIdentification.Type and DataSetIdentification.Name have to be present containing the value ApplicationParameters or AcquirerParameters. If Type contains the value ApplicationParameters, the parameters contained in Content.ApplicationParameters are deleted. If Type contains the value AcquirerParameters, all parameters contained in Content are deleted If the value of DataSetIdentification.Type is unknown for this POI, the action is ignored. This action is logged in Event and Result contains the value "NotSupported" and AdditionalErrorInformation, the wrong message element "Action.DataSetIdentification.Type" If Trigger is present, the possible types of events are stored that can initiate the current action. If the value is unknown, the action will be ignored. This action is logged in Event with Result containing "NotSupported" and AdditionalErrorInformation the text value "Action.Trigger" If AdditionalProcess is present, this pre-condition is stored for the current action. If the value is unknown, the error is logged in Event with Result containing "NotSupported" and AdditionalErrorInformation containing the wrong message element "Action.AdditionalProcess"; Action will be ignored If TimeCondition is present, its content is checked to determine whether the data element StartTime or WaitingTime are present and correctly formatted. If the format of a timing parameter in TimeCondition is not correct according to the ISODateTime format or the value of StartTime or EndTime is wrong (e.g. dd > 31; mm-dd = 02-30), the complete management plan is discarded and an error added in the log of Event with Result containing "FormatError". If the StartTime or the complete TimeCondition is missing for the first action of the management plan the StartTime of this action is set to the current date and time. If StartTime and WaitingTime or the complete TimeCondition are missing for a following action the WaitingTime is set to 0. Subsequently all other present data elements are checked and stored The error actions to be performed are stored with the related action. If there is no ErrorAction defined for the TMS action or the enumeration value of the ErrorAction not known, any error on the execution of the action will be ignored. 3 ManagementPlanReplacement (catm ) Page 17

18 Note: The sending of the StatusReport will be the normal reaction in case of an error. The ActionToProcess "SendStatusReport" (Upload StatusReport immediately without executing next actions) will be the recommended error action type to be processed. 6. The downloaded management plan replaces all actions defined by the MTM or the specific TM. 7. The POI erases the contents of the existing log of Event. 8. Subsequently, the POI starts the execution of the management plan (see section 3.4). 3.4 Execution of the Management Plan The following rules are defined for the execution of the management plan: MNG1: There is one management plan per MTM and one per TM. Each management plan is processed separately. A sequence of actions is defined as a list of actions with the first action containing a StartTime and each following actions a WaitingTime. MNG2: MNG3: MNG4: MNG5: MNG6: MNG7: MNG8: An action including the retries has to be finished before starting another action. So it is not possible to execute two actions in parallel. A sequence of actions has to be finished before starting a subsequent action of the management plan. If an action of a sequence contains a Period, this action and possible following actions of the sequence (defined with a WaitingTime) are executed periodically. Otherwise the action is executed only once. The management plan may contain only one sequence with a period. A sequence may contain only one action with a period. If a StartTime is passed the action has to be executed if the previous action is finished. If several actions of the management plan contain a StartTime these actions have to be listed in chronological order. For message exchange, the StatusReport upload is not listed in the management plan as a specific action. The StatusReport is always sent as requested for the DataSetRequired "ManagementPlan", "AcquirerParameters" etc. TMS actions are executed sequentially according to StartTime. 1. The timing conditions of each TMS action are analysed: a. If StartTime has expired, the action will be started if the other conditions defined in the element AdditionalProcess are met. b. If no StartTime is reached, the execution of the management plan is finished. 2. If TimeCondition of the started action contains Period, the new StartTime is calculated and stored in the management plan. If Period is missing or the action is not part of a sequence, the action will not be executed anymore. 3. After execution of an action the next action is analysed. The next action is executed a. if the StartTime is passed or b. if the WaitingTime is reached. 3 ManagementPlanReplacement (catm ) Page 18

19 3.4.1 One-Time Call to the Maintenance Example In the following management plan example, the POI performs only one message exchange for the StatusReport upload and ManagementPlanReplacement download when the StartTime T0 is reached. StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type T0 - - Download - ManagementPlan Identification in DataSetRequired of StatusReport is set to "ManagementPlan" Cyclic Call and Acquirer Parameters Download Examples The first example describes a cyclic call to the maintenance. StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type T0 - Cycle1 Download - ManagementPlan The first call is started when StartTime T0 is reached. The POI sends a StatusReport message containing DataSetRequired with the same value than DataSetIdentification of the action. The TM or the MTM sends back a ManagementPlanReplacement message. The following calls are performed periodically using Period defined by "Cycle1", with the same exchange of messages. The next example presents a sequence of actions with the download of Acquirer parameters followed by a cyclic call. The management plan is processed in the following way: When StartTime T1 is reached, a StatusReport message is sent to request AcquirerParameters. The TM or MTM sends back an AcceptorConfigurationUpdate message containing the whole set of acquirer parameters. The Restart the POI application with the installed parameters is initiated by the AdditionalProcess. After the waiting time D2, a StatusReport message is sent to request a new management plan. Repeat the last action periodically using Period defined by "Cycle2". StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type T1 - - Download - AcquirerParameters - D2 Cycle2 Download - ManagementPlan 3 ManagementPlanReplacement (catm ) Page 19

20 3.4.3 Sequence of Parameters Downloads Example According to the following example the POI performs the sequence of actions: Delete all acquirer parameters installed for the POI application if the StartTime T0 is reached. Repeat this action after the time period of T0+Cycle1, T0+Cycle1+Cycle1 etc. Download the AcceptorConfigurationUpdate, if the action before is finished with a WaitingTime of D1. Repeat this action accordingly to the first action. Download the AcceptorConfigurationUpdate, if the action before is finished with a WaitingTime of D2. Repeat this action accordingly to the first action. Restart the POI application with the already installed parameters or install parameters during the restart if the action before is finished with a WaitingTime =0. Repeat this action accordingly to the previous action. This function may also be realised with AdditionalProcess equal to Restart in the previous action. Upload StatusReport if the action before is finished with a WaitingTime of D4 as request message. The response message contains the new management plan. StartTime WaitingTime Period Type DataSetIdentification.Nam e DataSetIdentification.Type T0 - Cycle1 Delete - AcquirerParameters D1 - Download - AcquirerParameters - D2 - Download - ApplicationParameters Restart D4 - Download - ManagementPlan 3.5 Error Handling during Management Plan Execution The management plan is executed action by action. If an action has been performed successfully, it is added in the log of Event with Result containing the value "Success" and if no Period is defined to repeat this action the action is not performed anymore. The management plan may contain for each TMS action a list of ErrorAction. If no ErrorAction is defined, all errors during the processing of this action will be ignored by the POI. By using ActionResult, the TMS may define which reaction has to be performed for one specific error type or a range of error types. The following subset of the reactions has to be supported as defined in ActionToProcess: "IgnoreError": Log the result of the action with the related error and execute the next action if applicable. "SendStatusReport": Log the result of the action with the related error and upload a StatusReport immediately, without executing next actions There are several error conditions possible during the execution of a Management plan. 1. If the file to be downloaded does not exist in the file directory, the action is added to the event log with Result containing "MissingFile". 2. If the POI is unable to connect to the TMS for a specific action, the action is added to the event log with Result containing "ConnectionError" and AdditionalErrorInformation containing the number of retries. 3. If the communication is terminated during an action, the action is added to the event log with Result containing "ConnectionError" and AdditionalErrorInformation containing the text value "Communication terminated". 3 ManagementPlanReplacement (catm ) Page 20

21 4. If the POI is unable to download a file from the TMS since the TMS is not available for a connection, the action is added to the event log with Result containing "AccessDenied" and AdditionalErrorInformation containing the text value "File". 3 ManagementPlanReplacement (catm ) Page 21

22 4 AcceptorConfigurationUpdate (catm ) 4.1 Message Usage The AcceptorConfigurationUpdate message contains the following information: AcceptorConfigurationUpdate Mult. Rule Usage Header [1..1] DownloadTransfer [1..1] True FormatVersion [1..1] See StatusReport ExchangeIdentification [1..1] Unique identifier for the InitiatingParty to detect duplication of the AcceptorConfigurationUpadet file transfer, or to assign a AcceptorConfigurationUpadet response message to the StatusReport request message. Cyclic counter that increments by one with each new transfer between the InitiatingParty and the RecipientParty. CreationDateTime [1..1] See StatusReport InitiatingParty [1..1] See StatusReport Identification [1..1] See StatusReport Type [0..1] See ManagementReplacement Issuer [0..1] Appli See StatusReport ShortName [0..1] Appli See ManagementReplacement RecipientParty [0..1] Appli See StatusReport Identification [1..1] See StatusReport Type [0..1] See ManagementReplacement Issuer [0..1] Appli See StatusReport ShortName [0..1] Appli See ManagementReplacement AcceptorConfiguration [1..1] AcceptorConfigurationUpdate message body POIIdentification [0..1] See ManagementReplacement Identification [1..1] See ManagementReplacement Type [0..1] Default "OriginatingPOI"I Issuer [0..1] Appli See ManagementReplacement ShortName [0..1] Appli See ManagementReplacement TerminalManagerIdentification [1..1] Identification [1..1] See StatusReport Type [0..1] Appli See StatusReport Issuer [0..1] Appli See ManagementReplacement ShortName [0..1] Appli See ManagementReplacement DataSet [1..n] The POI has to process several data sets, if present. Identification [1..1] Identification of the data set Name [0..1] Name of the data set Type [1..1] Allowed values: "AcquirerParameters": AcquirerProtocolParameters, HostCommunicationParameters, ApplicationParameters and MerchantParameters are present if they need to be created or replaced. "ApplicationParameters" if only ApplicationParameters is present. Version [0..1] Version of the parameters, with the value as used in Acquirer.ParametersVersion in the acquirer protocol messages removing the characters T, - and : (format YYYYMMDDhhmmss). CreationDateTime [0..1] Date and time of the creation of the acceptor parameters. Time accuracy has to be in seconds. SequenceCounter [0..1] 4 AcceptorConfigurationUpdate (catm ) Page 22

23 AcceptorConfigurationUpdate Mult. Rule Usage Content [1..1] AcquirerProtocolParameters [0..n] Acquirer protocol parameters defined per set of POI applications AcquirerIdentification [1..n] Identification of the acquirer the acquirer protocol parameters are valid for Identification [1..1] Type [0..1] Appli Issuer [0..1] Appli ShortName [0..1] Appli ApplicationIdentification [0..n] Identification of the applications the acquirer protocol parameters are valid for. Host [0..n] Repartition of messages per acquirer host. At least one host has to be present. For a terminal with online capabilities the HostIdentification including the HostCommunicationParameters have to be installed once. HostIdentification [1..1] Identification of the host in the sequence of HostCommunicationParameters. MessageToSend [1..*] List of MessageFunction to be sent to the host (the message "DiagnosticRequest" has to be accepted by all hosts, even if not present in this list). Allowed values: "AuthorisationRequest": Request for authorisation without financial capture. "BatchTransfer": Transfer the financial data as a collection of transction. "CancellationRequest": Request for cancellation. "CancellationAdvice": Advice for cancellation. "CompletionAdvice": Advice for completion without financial capture. "DiagnosticRequest": Request for diagnostic. "FinancialAuthorisationRequest": Request for authorisation with financial capture. "FinancialCompletionAdvice": Advice for completion with financial capture. "FinancialReversalAdvice": Advice for reversal with financial capture. "ReconciliationRequest": Request for reconciliation. "ReversalAdvice": Advice for reversal without financial capture. OnlineTransaction [0..1] Configuration for data capture and completion procedure of online authorised transactions FinancialCapture [1..1] Definition of capture mechanism for online authorised transactions, allowed values: "Authorisation": financial capture performed with an authorisation exchange. "Completion": financial capture performed with a completion exchange. "Batch": financial capture performed by batch transfer. "None": financial capture not performed by the acquirer protocol. BatchTransfer [0..1] Configuration of the batch transfer as capture mechanism of online transaction in case of FinancialCapture is equal to "Batch", optional in this case, otherwise the structure must be absent. If FinancialCapture is equal to "Batch" and the structure is absent, The data structure OffLineTransactionBatchTransfer must be present and the its content apply for online authorisation transactions ExchangePolicy [1..n] The following policies for the capture procedure by Batch Transfer are allowed: "Cyclic": Batch sent periodically according to TimeCondition, "NumberLimit": Batch sent when the number of non-captured online authorised transaction reaches MaximumNumber, as well as "TotalLimit": Batch sent when the total amount of non-captured online authorised transaction reaches MaximumAmount. and all combinations of these policies. MaximumNumber [0..1] Maximum number of online transactions used as trigger for batch transfer. Mandatory if ExchangePolicy = "NumberLimit", otherwise absent. MaximumAmount [0..1] Maximum amount used as trigger for batch transfer. Mandatory if ExchangePolicy = "TotalLimit", otherwise absent. Sum of the amount 4 AcceptorConfigurationUpdate (catm ) Page 23

24 AcceptorConfigurationUpdate Mult. Rule Usage of all online transactions (debit and credit). TimeCondition [0..1] Mandatory if ExchangePolicy = "Cyclic", otherwise absent. WaitingTime [0..1] N/A StartTime [0..1] Batch transfer start date and time EndTime [0..1] Date and time to finish the Batch transfer. Period [0..1] Period of the cyclic batch transfer. Format: MMDDhhmmss; leading zeros omitted. Maximum- Number [0..1] N/A ReTry [0..1] Retry after a failed batch transfer Delay [1..1] Time between two successive attempts after a failed batch transfer. Format: MMDDhhmmss; leading zeros omitted. Maximum- Number LastReTry- Time [0..1] Maximum number of attempts. [0..1] N/A CompletionExchange [0..1] Configuration of the completion exchange. Mandatory if FinancialCapture equals to "Completion", otherwise optional. If the structure is absent, ExchangePolicy of CompletionExchange is considered to have the value "OnDemand". ExchangePolicy [1..n] Policies for a completion exchange. Allowed values are: "AsGroup": All completion messages are sent as a series of messages if the trigger in TimeCondition is met. "Immediately": Exchange starts after the online transaction "NumberLimit": Exchange starts after a fixed number of online transactions is reached. MaximumNumber must be present otherwise the exchange starts immediately. "OnDemand": Exchange only occurs when CompletionRequired in the AcceptorAuthorisationResponse message is set to "True". This value is allowed only if FinancialCapture is different from "Completion". "TotalLimit": Exchange starts as a group of transactions after the online transaction totals exceed a certain amount limit. MaximumAmount must be present otherwise the exchange starts immediately. Each combination of "AsGroup", "NumberLimit" and "TotalLimit" is allowed. MaximumNumber [0..1] Maximum number of online transactions used as trigger for completions sent as group of messages. Mandatory if ExchangePolicy = "NumberLimit", otherwise absent. MaximumAmount [0..1] Maximum amount used as trigger for completions sent as group of messages. Mandatory if ExchangePolicy = "TotalLimit", otherwise absent. Sum of the amount of all online transactions (debit and credit). TimeCondition [0..1] Mandatory if ExchangePolicy = "AsGroup", otherwise absent. WaitingTime [0..1] N/A StartTime [0..1] Start time for sending groups of completion messages. EndTime [0..1] Time to finish the Completion Exchange Period [0..1] Period of time for groups of completion messages. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number [0..1] N/A ReTry [0..1] Definition of retransmissions for completion exchange Delay [1..1] Time period to wait between two successive attempts if the completion sending failed. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number LastReTry- Time [0..1] Maximum number of retransmissions [0..1] Time limit to start a retry. 4 AcceptorConfigurationUpdate (catm ) Page 24

25 AcceptorConfigurationUpdate Mult. Rule Usage OfflineTransaction [0..1] Configuration for data capture and completion procedure of offline authorised transactions FinancialCapture [1..1] Definition of capture mechanism for offline authorised transactions, allowed values: "Completion": financial capture performed as part of the completion exchange. "Batch": financial capture performed by batch transfer. "None": financial capture not performed by the acquirer protocol. BatchTransfer [0..1] Configuration of the batch transfer as capture mechanism of offlineauthorised transaction in case of FinancialCapture is equal to "Batch", optional in this case; otherwise the structure must be absent. If FinancialCapture is equal to "Batch" and the structure is absent, OnLineTransaction.BatchTransfer must be present and the content applies also for offline authorised transactions. The MaximumNumber and/or MaximumAmount defined in OnlineTransaction are defining then the sum of the totals or transaction performed online and offline. ExchangePolicy [1..n] Policy for a financial capture procedure by batch: "Cyclic": Batch sent periodically according to TimeCondition "NumberLimit": Batch starts after a fixed number of offline noncaptured authorised transactions reaches MaximumNumber. "TotalLimit": Batch starts after the total amount of offline noncaptured authorised transactions reaches MaximumAmount. Each combination of "Cyclic", "NumberLimit" and "TotalLimit" is allowed. MaximumNumber [0..1] Maximum number of offline transactions for batch transfers. Mandatory if ExchangePolicy = "NumberLimit", otherwise absent. MaximumAmount [0..1] Maximum amount for batch transfers. Mandatory if ExchangePolicy = "TotalLimit", otherwise absent. Sum of the amount of all offline transactions (debit and credit). TimeCondition [0..1] Mandatory if ExchangePolicy = "Cyclic", otherwise absent. WaitingTime [0..1] N/A StartTime [0..1] Start time of the batch transfer. Format: MMDDhhmmss, leading zeros could be omitted. EndTime [0..1] Time to finish the Batch Transfer Period [0..1] Period of time for the cyclic batch transfer. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number [0..1] N/A ReTry [0..1] Retry after a failed batch transfer Delay [1..1] Time to wait between two successive attempts after a failed batch transfer. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number LastReTry- Time [0..1] Maximum number of attempts. [0..1] N/A CompletionExchange [0..1] Configuration of the completion message exchange. Mandatory if FinancialCapture is equal to "Completion", otherwise optional. If the structure is absent, the ExchangePolicy of CompletionExchange is considered to have the value "None". ExchangePolicy [1..n] Policies for a completion exchange. Allowed values are: "None": Completion is never sent to the acquirer. This value is allowed only if FinancialCapture is different from "Completion". "Immediately": Exchange starts after the offline transaction "AsGroup": All completion messages are sent as a series of messages if the trigger in TimeCondition is met. "AsSoonAsPossible": Exchange starts when the communication resources become available (e.g. for the next online transaction if the connection with the acquirer is down). "NumberLimit": Exchange starts after a fixed number of offline transactions is reached. MaximumNumber must be present otherwise the exchange starts immediately. "TotalLimit": Exchange starts as a group of transactions after the 4 AcceptorConfigurationUpdate (catm ) Page 25

26 AcceptorConfigurationUpdate Mult. Rule Usage offline transaction totals exceed a certain amount limit. MaximumAmount must be present otherwise the exchange starts immediately. Each combination of "AsGroup", "NumberLimit" and "TotalLimit" is allowed. MaximumNumber [0..1] Maximum number of offline transactions to be reached before completion messages are sent as a group of messages. Mandatory if ExchangePolicy = "NumberLimit", otherwise absent. MaximumAmount [0..1] Maximum amount of offline transactions (sum of the totals for debit and credit transactions) to be reached before completion messages are sent as a group of messages. Mandatory if ExchangePolicy = "TotalLimit", otherwise absent. TimeCondition [0..1] Mandatory if ExchangePolicy = "AsGroup", otherwise absent. WaitingTime [0..1] N/A StartTime [0..1] Start time for sending the group of completion messages. EndTime [0..1] Time to finish the Completion Exchange Period [0..1] Period for an exchange of messages by group. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number [0..1] N/A ReTry [0..1] Definition of retransmissions for completion exchange. Delay [1..1] Time period between two successive attempts if the completion sending has failed. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number LastReTry- Time [0..1] Maximum number of retries. [0..1] N/A ReconciliationExchange [0..1] Configuration of reconciliation exchange. If the structure is absent, the ExchangePolicy of ReconciliationExchange is considered to have the value "None". ExchangePolicy [1..n] Policies for the reconciliation exchange, allowed values: Cyclic": Reconciliation is exchanged periodically according to the TimeCondition. "None": Reconciliation is never exchanged. "NumberLimit": Reconciliation is exchanged after a fixed number of transactions. The element MaximumNumber must be present to define the maximum number otherwise the message exchange is started immediately. "TotalLimit": Reconciliation is exchanged if the total amount of transactions exceeds a limit of amount the completions are sent as group. The message element MaximumAmount must be present the reconciliation is not performed. Each combination of "Cyclic", "NumberLimit" and "TotalLimit" is allowed. MaximumNumber [0..1] Maximum number of all transactions (debit and credit) as trigger for reconciliation. Mandatory if ExchangePolicy = "NumberLimit", otherwise absent. MaximumAmount [0..1] Maximum amount of all transactions (debit and credit) as trigger for reconciliation. Mandatory if ExchangePolicy = "TotalLimit", otherwise absent. TimeCondition [0..1] Timing conditions for reconciliation exchange. Mandatory if ExchangePolicy = "Cyclic", otherwise absent. WaitingTime [0..1] N/A StartTime [0..1] Start of first reconciliation exchange EndTime [0..1] Time to finish the Reconciliation Period [0..1] Period of the reconciliation. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number [0..1] N/A ReTry [0..1] Definition of retransmissions for reconciliation exchange. 4 AcceptorConfigurationUpdate (catm ) Page 26

27 AcceptorConfigurationUpdate Mult. Rule Usage Delay [1..1] Time period to wait between two successive attempts if the reconciliation sending has failed. Format: MMDDhhmmss, leading zeros could be omitted. Maximum- Number Last- ReTry- Time [0..1] Maximum number of retries. [0..1] N/A ReconciliationByAcquirer [0..1] Indicator whether reconciliation period will be defined by the acquirer. In this case the acquirer protocol response message will contain the ReconciliationIdentifier. TotalsPerCurrency [0..1] Indicator whether reconciliation totals have to be calculated per currency. BatchTransferContent [0..n] Types of transaction to be present in batch transfer, a combination of one or several following values: "Declined": Declined transactions must be included in the batch. "DebitCredit": Debit and credit transactions must be included in the batch. "Failed": Failed transactions must be included in the batch. This data element is also used to require a Completion exchange for declined or failed transactions (see [CAPE ACQ MUG]). MessageItem [0..n] List of message elements and components to be present in the acquirer protocol (see section 4.3). ItemIdentification [1..1] Identification of the message element present in one or several messages of the acquirer protocol. This is an absolute path (i.e. starting by the message envelope) or a relative path to the message element with the XML tags separated by the character '/' (e.g. the absolute path /AccptrAuthstnReq/Hdr/RcptPty and the relative path Envt/POI/Id/Id). Condition [1..1] Condition of presence of the related message element, allowed values: "NotSupported": Message item must be absent. "Mandatory": Message item must be present. "ConfiguredValue": Message item must be present with the content of Value. The message item couldn't be a structure. "DefaultValue": If the message item is absent, it is considered to have the content of Value. The message item couldn't be a structure. "AllowedValues": Message item is present with the content of one of Values. The message item couldn't be a structure. "IfAvailable": Message item has to be present if the data is available in the application. "Copy": Message item is present if it was present in a previous related message with the same value. Value [0..n] Value to be used for the related message element. Must be absent for the values "NotSupported", "Mandatory", "IfAvailable" and "Copy" of Condition. Mandatory but not repeated for the values "ConfiguredValue" and "DefaultValue" of Condition. Mandatory with possible repetitions for the value "AllowedValue" of Condition. ProtectCardData [1..1] "True": Acquirer protocol messages must protect sensitive card data using the ProtectedCardData alternative. "False": Acquirer protocol messages do not protect sensitive card data using the PlainCardData alternative. MerchantParameters [0..n] Configuration parameters under the responsibility of the merchant. ApplicationParameters [0..n] Application configuration parameters defined per ApplicationIdentification. ApplicationIdentification [1..1] Identification of the application defined by the TMS, vendor, merchant or acquirer (e.g. used for message element POIComponent.Model) Version [1..1] Version of the application parameters (e.g. used for message element POIComponent.VersionNumber) Parameters [0..n] Contents of the parameters. If this data element is absent, EncryptedParameters must be present. 4 AcceptorConfigurationUpdate (catm ) Page 27

28 AcceptorConfigurationUpdate Mult. Rule Usage EncryptedParameters [0..1] Sensitive parameters (sequence of Parameters including the envelopes) encrypted with a cryptographic key, using CMS ContentType "EnvelopedData". If this data element is absent, at least one occurrence of Parameters must be present. HostCommunication- Parameters [0..n] Configuration parameters related to the communication with an acquirer host. HostIdentification [1..1] Identification of the host operated by the acquirer or intermediate agent. Address [0..1] Network parameters of the host PrimaryAddress [1..1] PrimaryPortNumber [1..1] SecondaryAddress [0..1] SecondaryPortNumber [0..1] UserName [0..1] Username for identification of the POI e.g. to login into a server for the file transfer protocol. AccessCode [0..1] Password for authentication of the POI e.g. to login into a server for the file transfer protocol. ClientCertificate [0..1] Certificate to be presented to the server for authentication. Key [0..n] Cryptographic key to be used for message element protection (see section 4.4) Identification [1..1] Identification or name of the cryptographic key used as KEKIdentification.KeyIdentification in acquirer protocol message CMS structures. AdditionalIdentification [0..1] Identification used for key derivation present in the element KEKIdentification.DerivationIdentification in acquirer protocol message CMS structures. Version [1..1] Version of the cryptographic key used as KEKIdentification.KeyVersion in acquirer protocol message CMS structures. Type [0..1] Type of cryptographic key, allowed values: "DES": Data encryption standard. "RSA": Rivest, Shamir and Adleman. Function [1..n] Functions of cryptographic key, allowed values: "Decryption": Key used for decryption. "DataDecryption": Key used for decrypting data. "DataEncryption": Key used for encrypting data. "Encryption": Key used for encryption. "KeyDerivation": Key used for deriving other keys. "KeyGeneration": Key used to generate other keys. "KeyImport": Key used to import other keys. "KeyExport": Key used to export other keys. "MessageAuthenticationCodeGeneration": Key used to generate message authentication codes (MAC) ActivationDate [0..1] Date and time on which the cryptographic key must be activated. DeactivationDate [0..1] Date and time after which the cryptographic cannot have an active usage. KeyValue [1..1] Encrypted value of the key present as CMS structure EnvelopedData SecurityTrailer [1..1] Digital signature or MAC of the message body AcceptorConfiguration, including the delimiters (start and end tags if XML encoding). 4 AcceptorConfigurationUpdate (catm ) Page 28

29 4.2 Message Processing The POI System processes the download of the message AcceptorConfigurationUpdate in the following ways: 1. The POI checks the signature of the received message (see sections 8.2 and 8.2.2). If the signature or the MAC verification fails, the error is stored in the log of Event with Result containing "SignatureError". The downloaded file is then deleted from the internal memory of the POI. 2. The POI checks whether the dataset category present in Type of Identification corresponds to the type of file name (e.g. AcquirerParameters). If Type does not correspond to Identification, the error is stored in the log of Event with the Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "Identification.Type". The downloaded file is then deleted from the internal memory of the POI. 3. The POI checks CreationDateTime of AcceptorConfigurationUpdate. The POI will only accept the same version or a more recent one. Note: The reload of a previous version of a parameter file may be implemented by resigning the file with a new CreationDateTime. 4. The structure Content is analysed. a. The content of AcquirerProtocolParameters is described in Section 4.3. b. The content of ApplicationParameters is used to update the data basis for the payment application. If present, ApplicationParameters contain ApplicationIdentification, the Version of the application and Parameters. The content of Parameters is application specific. c. The content of MerchantParameters is used to update the configuration parameters of the POI related to the merchant. The internal structure of the MerchantParameters is application specific. d. The HostCommunicationParameters determines an Address (NetworkParameters) for each HostIdentification as described in Section If the POI does not approve the content of one file containing the AcquirerProtocolParameters, MerchantParameters, HostConfiguration and/or HostCommunicationParameters, the POI will log the error in Event with Result containing "InvalidContent". AdditionalErrorInformation indicates the position of the error as a text value. The file is then deleted from the internal memory. 6. If the content is correct, the POI replaces the existing parameters by installing and activating the downloaded parameters. 4 AcceptorConfigurationUpdate (catm ) Page 29

30 4.3 Acquirer Protocol Parameters AcquirerProtocolParameters may refer to one or more acquirers identified by AcquirerIdentification (acquirer protocol parameters). This set of parameters may also be used for one or a set of POI applications identified by ApplicationIdentification Configuration of Data Capture and Completion for Online Transactions OnlineTransaction is used for financial data capture, batch transfer and completion exchange configuration Financial Capture FinancialCapture may have one of the following values for online transactions: Value Authorisation Batch Completion None Usage Data capture is part of an authorisation exchange. TransactionCapture is set to True in the related AcceptorAuthorisationRequest message. Data capture is part of a batch transfer. Data capture is part of a completion exchange. TransactionCapture is set to True in the related AcceptorCompletionAdvice message. No financial capture or done by other means. If FinancialCapture contains another value than the values listed above, the complete DataSet will be ignored and the action is stored in the log of Event with Result populated with "InvalidContent" and AdditionalErrorInformation containing the text value "OnlineTransaction.FinancialCapture". The value of FinancialCapture before update will be used then if present Batch Transfer Should OnlineTransactions.FinancialCapture be equal to "Batch"; BatchTransfer determines the behaviour of the POI for capturing online transactions using ExchangePolicy, MaximumNumber, MaximumAmount and/or TimeCondition. For all other values of OnlineTransactions.FinancialCapture, the content of BatchTransfer is ignored, if present. Should OnlineTransactions.FinancialCapture be equal to "Batch" and BatchTransfer is missing; the configuration of the offline transactions will be used, if present. If both batch transfer configurations are missing, an error is stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "OnlineTransactions.BatchTransfer". If ExchangePolicy contains a value different from "Cyclic", "NumberLimit" or "TotalLimit"; the complete DataSet is ignored and an error stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "OnlineTransactions.BatchTransfer.ExchangePolicy". If several elements ExchangePolicy are present, the POI has to analyse all configured timing conditions and limits for the start of the batch transfer. ExchangePolicy with "Cyclic" value If ExchangePolicy has the value "Cyclic"; StartTime and Period in TimeCondition are used to define the timing of the cyclic batch transfer. The configuration of BatchTransfer contains an error if one of these elements is missing. The complete DataSet will be ignored and an error stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "BatchTransfer.TimeCondition". ReTry in the structure TimeCondition is present to define the maximum number and the delay for retries for the batch transfers in case of communication errors. The element EndTime may be used to stop the process of this cyclic batch transfer. 4 AcceptorConfigurationUpdate (catm ) Page 30

31 MaximumNumber, MaximumAmount and all other elements of TimeCondition will be ignored if these are not used by the present exchange policies. ExchangePolicy with "NumberLimit" value If ExchangePolicy has the value "NumberLimit", MaximumNumber must be present. If this element is missing the configuration of the BatchTransfer contains an error. The complete DataSet will be ignored and the error stored in the log of Event with the Result "InvalidContent" with the AdditionalErrorInformation "BatchTransfer.MaximumNumber". ExchangePolicy with "TotalLimit" value If ExchangePolicy has the value "TotalLimit", MaximumAmount must be present. If this element is missing the configuration of the BatchTransfer contains an error. The complete DataSet will be ignored and the error stored in the log of Event with the Result "InvalidContent" with the AdditionalErrorInformation "BatchTransfer.MaximumAmount" Completion Exchange CompletionExchange defines the behaviour of the POI for a completion exchange subsequent to an online transaction using ExchangePolicy, MaximumNumber, MaximumAmount and TimeCondition. For the definition of CompletionExchange for online transactions, ExchangePolicy may have one or several of the following values: Value Immediately NumberLimit TotalLimit AsGroup OnDemand Usage A completion exchange starts immediately after the online transaction A completion exchange starts after a fixed number of online transactions. MaximumNumber must be present; otherwise the completion exchange starts immediately. A completion exchange starts when the online transaction totals exceed a total limit amount. MaximumAmount must be present; otherwise the completion exchange starts immediately. All completion messages are sent as a series of messages when TimeCondition is reached. A completion exchange starts when CompletionRequired in the AcceptorAuthorisationResponse message is set to "True". If ExchangePolicy contains a value different from the values listed above; the configuration will be ignored and the action is stored in Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "CompletionExchange.ExchangePolicy". If ExchangePolicy is missing and the policy has not been configured; "OnDemand" is used as a default value. If several ExchangePolicy are present, the POI has to analyse all configured timing conditions and limits before initiating a completion exchange. If ExchangePolicy contains the value "AsGroup"; StartTime and Period in TimeCondition are used to define the timing of the cyclic completion exchange. If one of these elements is missing, the configuration of the completion exchange contains an error. The complete DataSet will be ignored and the error is stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "CompletionExchange.TimeCondition". ReTry in TimeCondition may be present to define the maximum number of and the delay for retransmissions of completion messages. If ReTry is missing and the policy has not been configured, the value "1" is used as default for the MaximumNumber of retransmissions. All other elements of the component TimeCondition that are not used for the present exchange policies will be ignored. 4 AcceptorConfigurationUpdate (catm ) Page 31

32 4.3.2 Configuration of Data Capture and Completion for Offline Transactions OfflineTransaction determines the data capture mechanism, batch transfer and completion exchange configuration for offline transactions Financial Capture FinancialCapture may have one of the following values: Value Batch Completion None Usage Data capture is part of the batch transfer Data capture is part of the completion exchange No message is sent. Data capture is performed by other means The current value of FinancialCapture is used if it belongs to the above table. If FinancialCapture contains a different value from the ones listed above, the complete DataSet will be ignored and the action is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "OfflineTransaction.FinancialCapture" Batch Transfer Should OnlineTransactions.FinancialCapture contain the value "Batch"; BatchTransfer determines the behaviour of the POI for the capture of offline transactions by using ExchangePolicy, MaximumNumber, MaximumAmount and/or TimeCondition (see section ). Should OfflineTransactions.FinancialCapture contain the value "Batch" and BatchTransfer be missing; the configuration of the online transactions will be used, if present. If both batch transfer configurations are missing, the error is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation containinf the text value "OfflineTransactions.BatchTransfer" Completion Exchange CompletionExchange determines the behaviour of the POI for a completion exchange subsequent to an offline transaction using ExchangePolicy, MaximumNumber, MaximumAmount or TimeCondition. ExchangePolicy may have one or several of the following values: Value AsGroup AsSoonAsPossible Immediately None NumberLimit TotalLimit Usage Completion exchange messages are sent as a series of messages when TimeCondition is reached. A completion exchange starts with the next online transaction A completion exchange starts after the current online transaction No completion exchange is required. A completion exchange starts after a fixed number of transactions defined in MaximumNumber is reached. MaximumNumber must be present; otherwise the completion exchange starts immediately. The completion exchange starts when offline transaction totals exceed a total limit amount defined in MaximumAmount. MaximumAmount must be present; otherwise the completion exchange starts immediately. 4 AcceptorConfigurationUpdate (catm ) Page 32

33 If ExchangePolicy contains a different value from the values listed above, the configuration will be ignored and the action is logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "OfflineTransactions.ExchangePolicy". If ExchangePolicy is missing and no policy was configured, the value "Immediately" is then used as a default. If several elements ExchangePolicy are present, the POI analyses all configured timing conditions and limits before initiating the completion exchange. If ExchangePolicy contains the value "AsGroup", the message elements StartTime and Period in TimeCondition are used to define the timing of the completion exchange. If the CompletionExchange of online transactions is also performed "AsGroup" the TimeCondition of the CompletionExchange of online transactions is used and the TimeCondition of CompletionExchange for the offline transaction will be ignored. ReTry in TimeCondition may be used to define the maximum number of and the delay for retransmissions of completion advices. If ReTry is missing and the policy has not been configured before, the value "1" is used as a default for the MaximumNumber of retransmissions. All other elements of TimeCondition not used for the present exchange policies will be ignored Configuration of Reconciliation ReconciliationExchange determines the behaviour of the POI for the reconciliation with an acquirer by using ExchangePolicy and TimeCondition. ExchangePolicy may contain one or several of the following values: Value Cyclic None NumberLimit TotalLimit Usage Start time and Period defined by the Acquirer. The element TimeCondition has to contain the elements StartTime and Period otherwise the reconciliation message is sent on demand. Reconciliation exchange not performed After a fixed number of transactions. The element MaximumNumber must be present to define the maximum otherwise the reconciliation is not performed. If transaction totals exceed a limit of amount. The element MaximumAmount must be present otherwise the reconciliation is not performed. If one of the occurrences of ExchangePolicy contains a value different from the values listed above, the configuration will be ignored and the action is stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value "ReconciliationExchange.ExchangePolicy". If the ReconciliationExchange configuration is missing and ExchangePolicy has not been configured before, ReconciliationExchange.ExchangePolicy has to be considered as "None". If several elements of ExchangePolicy are present, the POI has to analyse all configured timing conditions and limits for the start of the reconciliation. TimeCondition is only present in case of one of the elements ExchangePolicy contains the value "Cyclic". Otherwise the component TimeCondition will be ignored. 4 AcceptorConfigurationUpdate (catm ) Page 33

34 4.3.4 Other Acquirer Protocol Configuration Parameters BatchTransferContent BatchTransferContent contains the following values: Value DebitCredit Failed Cancelled Declined Usage Data capture containing debit and credit transactions. To be captured by the POI (i.e. payment, payment reservation and refund transactions). Data capture containing failed transactions. Failed or aborted transactions to be captured by the POI. Cancelled payment, payment reservation and refund transactions to be captured by the POI. Online declined transactions If BatchTransferContent is not present and has not been configured, the value "DebitCredit" is used by default MessageItem MessageItem determines the condition of presence for the message elements in the Acquirer protocol messages. A message component or element that can be populated by configuration is identified by the rule "Config" in the Acquirer Protocol specifications. MessageItem.ItemIdentification: A message element in the Acquirer protocol message is identified by its absolute or relative path from the XML root of the message, using XML tag separated by the character "/". For instance, the message element RecipientParty in the header of the AcceptorBatchTransfer message has the absolute path AcceptorBatchTransfer.Header.RecipientParty is identified in ItemIdentification by: the value "/AccptrBtchTrf/Hdr/RcptPty". The Identification data element of the POI identification in all the messages has relative path Environment.POI.Identification.Identification is identified in ItemIdentification by the value "Envt/POI/Idt/Idt". For each message item, Condition defines the behaviour of the message element in the acquirer protocol. The condition is valid for all relevant messages sent to the acquirer identified in AcquirerProtocolParameters.AcquirerIdentification. Following values of the Condition are allowed: Value AllowedValues Copy DefaultValue IfAvailable Mandatory NotSupported ConfiguredValue Usage Recipient supports only a set of values defined in the value list. This configuration is not used for the configuration of the POI but for the host system. Message element is sent in the response with the same value as in the request. Message element has the default value defined in the value list. The POI does not send the message element if the value equals the default value. Message element is sent if it is available in the payment application. Message element must be present in the acquirer protocol message. Message element is not supported by the recipient. This configuration is not used for the configuration of the POI but for the host system. Message element is mandatory and takes the specific value defined in the element Value. The POI uses this specific value for each message. 4 AcceptorConfigurationUpdate (catm ) Page 34

35 4.4 Host Communication Parameters Transport Protocol Parameters The configuration of the host communication parameters for the POI for connecting a host system, a TMS Server or a Sale System (e.g. Ethernet, WIFI, GPRS) are defined in the Address (NetworkParameters) structure. The Address for the primary and the secondary connection can be defined per HostIdentification. Data element PrimaryAddress PrimaryPortNumber SecondaryAddress SecondaryPortNumber UserName AccessCode ClientCertificate Usage Primary address of the host system or server (e.g. host name or IP-address) Primary port number used to connect the host system or server Secondary address of the host system or server (e.g. host name or IP-address) Secondary port number used to connect the host system or server User name to be issued to the server (e.g. FTP user name) User AccessCode to be issued to the server (e.g. FTP user AccessCode) User certificate to be issued to the server (e.g. SSL/TLS client certificate) Download of Cryptographic keys The acceptor parameters may contain in Key of HostCommunicationParameters the identification data, administrative information and value of a cryptographic key used to protect the host communication. The CMS structure KeyValue contains the encrypted key. This structure can be used to present all information of a Triple-DES encryption with Key Encryption Key (KEK) and the RSA encryption with a public key of the TMS. The message element Function is limiting the purpose of the downloaded key. The Terminal Initial Key (TIK) for the DUKPT derivation will be limited to the function "KeyDerivation" only. 4 AcceptorConfigurationUpdate (catm ) Page 35

36 5 Message Examples 5.1 Presentation of the Example The section provides the following sequence of message examples between a POI and the Terminal Manager in charge of the configuration of the POI: 1) The current management plan of the POI dedicated to the TM contains a cyclic call action to contact periodically the TM. When the time conditions of the cyclic call are reached, the POI sends to the TM a StatusReport message to declare the version of the parameters in use in the POI, and to get a possible new management plan. 2) The version of the acquirer parameters of the POI is obsolete, so the TM sends a new management plan requiring a download of the new version, in addition to the cyclic call to contact periodically the TM. 3) At the reception of the ManagementPlanReplacement message, the POI replaces the current management plan by the new one received in the message. 4) An immediate action of the new management requests the download of the new version of the acquirer parameters. The POI requests the download of this version sending a StatusReport message, and installs this new version contained in the AcceptorConfigurationUpdate response message. 5) At the next activation of the cyclic call, the POI sends a StatusReport containing the result of the download, and declaring having the new version of the acquirer parameters. The TM does not send in response a new management plan in the ManagementPlanReplacement message. This sequence of exchange is summarized in the figure below. POI TM cyclic call to the TM 1 StatusReport the version of the parameters is obsolete replace the management plan 3 ManagementPlanReplacement 2 send a new management plan request the Acquirer parameters 4 StatusReport AcceptorConfigurationUpdate new version of the Acquirer paramaters cyclic call to the TM 5 StatusReport ManagementPlanReplacement keep the same management plan Figure 1: Sequence of Message Exchanges 5 Message Examples Page 36

37 5.1.1 Partners Identification The POI is identified by the TM by the identifier , and the TM by the identifier epas-acquirer- TM1. Message Item Value POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager The resulting XML encoded structure is: <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>ACQR</Tp> </TermnlMgrId> 5 Message Examples Page 37

38 5.1.2 POI Information The CardReadingCapabilities of the POI are "ICC" and "MagneticStripe". The components the POI declared to the TM for the acquirer parameters are: A ComponentType "PINEntryDevice" from the ManufacturerIdentification "EPASOrg", Model "Counter Top E41", VersionNumber "3.42" with the SerialNumber " " A ComponentType "Soft" representing the payment application "SEPA-FAST" (Model), VersionNumber "1.0" A ComponentType "EMVKernel", Model "Generic", Version "6.21" A ComponentType "AcquirerParameters" from the acquirer identified by " " (ManufacturerIdentification) and with the VersionNumber " " Message Item Value POICapabilities CardReadingCapabilities ICC CardReadingCapabilities MagneticStripe POIComponent ComponentType PINEntryDevice ManufacturerIdentification EPASOrg Model Counter Top E41 VersionNumber 3.42 SerialNumber POIComponent ComponentType Soft Model SEPA-FAST VersionNumber 1.0 POIComponent ComponentType EMVKernel Model Generic VersionNumber 6.21 POIComponent ComponentType AcquirerParameters ManufacturerIdentification VersionNumber Message Examples Page 38

39 The resulting XML encoded structure is: <POICpblties> <CardRdngCpblties>CICC</CardRdngCpblties> <CardRdngCpblties>MGST</CardRdngCpblties> </POICpblties> <POICmpnt> <POICmpntTp>PEDV</POICmpntTp> <ManfctrId>EPASOrg</ManfctrId> <Mdl>Counter Top E41</Mdl> <VrsnNb>3.42</VrsnNb> <SrlNb> </SrlNb> </POICmpnt> <POICmpnt> <POICmpntTp>SOFT</POICmpntTp> <Mdl>SEPA-FAST</Mdl> <VrsnNb>1.0</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>EMVK</POICmpntTp> <Mdl>Generic</Mdl> <VrsnNb>6.21</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>AQPR</POICmpntTp> <ManfctrId> </ManfctrId> <VrsnNb> </VrsnNb> </POICmpnt> 5 Message Examples Page 39

40 5.1.3 Initial Management Plan in Use The management plan in use at the POI contains only one action: The request of a management plan every day at 22h45 with a maximum of 2 possible retries in case of incident. DataSet Type Action Type Trigger StartTime WaitingTime Period ManagementPlan Download DateTime T22:45:00 1 day The content of the message component Action related to this action is presented below. The Address includes only the primary address, the DataSetIdentification of the management plan only the Type, the Trigger is "DateTime" as a cyclic action, the time (StartTime) to request the management plan is "22:45", the period is 1 day: Period = "10000" in the MMDDhhmm format, a maximum of 2 retries are allowed (MaximumNumber), and the delay between 2 retries is 10 minutes: Delay = "10" in the MMDDhhmm format, No ErrorAction is defined, as in case of error the POI waits for the next day. Message Item Value Action Type Download Address PrimaryAddress TM1.Test.EPASOrg.eu PrimaryPortNumber 5001 DataSetIdentification Type ManagementPlan Trigger DateTime TimeCondition StartTime T22:45:00 Period Retry Delay 10 MaximumNumber 2 The resulting XML encoded structure for this Action is: <Actn> <Tp>DWNL</Tp> <Adr> <PmryAdr>TM1.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5001</PmryPortNb> </Adr> <DataSetId> <Tp>MGTP</Tp> </DataSetId> <Trggr>DATE</Trggr> <TmCond> <StartTm> T22:45:00</StartTm> <Prd>10000</Prd> <ReTry> <Dely>10</Dely> <MaxNb>2</MaxNb> </ReTry> </TmCond> </Actn> 5 Message Examples Page 40

41 Security The Key Encryption Key is the DUKPT test key, named SpecV1TesKey, with the version , and the following input: BDK (Base Derivation Key): 37233E89 0B0104E9 BC943D0E 45EAE5A7 KSN (Key Serial Number) 2 : A501 E Providing the following keys: TIK (Terminal Initial Key): EE3AE644 1C2EEE18 3F3B4179 2DBCD318 MAC Computation Key: 5E64F1AB F25D3BA1 7F629EC2 B302F8EA 2 The same KSN is used for all messages. 5 Message Examples Page 41

42 5.2 Periodic Contact to the TMS Host StatusReport Message Conforming to the cyclic call action of the management plan presented in the section Initial Management Plan, the information described in the other sections of 5.1, and the fact that there are no performed actions since the last StatusReport message, the status report is presented below: Message Item Value Header DownloadTransfer False FormatVersion 1.0 ExchangeIdentification 549 CreationDateTime T22:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager StatusReport POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type StatusReport CreationDateTime T22:45: :00 Content POICapabilities CardReadingCapabilities ICC CardReadingCapabilities MagneticStripe POIComponent ComponentType PINEntryDevice ManufacturerIdentification EPASOrg Model Counter Top E41 VersionNumber 3.42 SerialNumber POIComponent ComponentType Soft Model SEPA-FAST VersionNumber 1.0 POIComponent ComponentType EMVKernel Model Generic 5 Message Examples Page 42

43 VersionNumber 6.21 POIComponent ComponentType AcquirerParameters ManufacturerIdentification VersionNumber AttendanceContext Attended POIDateTime T22:45: :00 DataSetRequired Type ManagementPlan SecurityTrailer ContentType AuthenticatedData AuthenticatedData Recipient KEK KEKIdentification KeyIdentification SpecV1TestKey KeyVersion DerivationIdentification A501 KeyEncryptionAlgorithm Algorithm DUKPT EncryptedKey E MACAlgorithm Algorithm RetailSHA256MAC EncapsulatedContent ContentType PlainData MAC 73AF167B26D77DC5 5 Message Examples Page 43

44 The XML encoded StatusReport message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <StsRpt> <Hdr> <DwnldTrf>false</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>549</XchgId> <CreDtTm> T22:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <StsRpt> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>STRP</Tp> <CreDtTm> T22:45: :00</CreDtTm> </Id> <Cntt> <POICpblties> <CardRdngCpblties>CICC</CardRdngCpblties> <CardRdngCpblties>MGST</CardRdngCpblties> </POICpblties> <POICmpnt> <POICmpntTp>PEDV</POICmpntTp> <ManfctrId>EPASOrg</ManfctrId> <Mdl>Counter Top E41</Mdl> <VrsnNb>3.42</VrsnNb> <SrlNb> </SrlNb> </POICmpnt> <POICmpnt> <POICmpntTp>SOFT</POICmpntTp> <Mdl>SEPA-FAST</Mdl> <VrsnNb>1.0</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>EMVK</POICmpntTp> <Mdl>Generic</Mdl> <VrsnNb>6.21</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>AQPR</POICmpntTp> <ManfctrId> </ManfctrId> <VrsnNb> </VrsnNb> </POICmpnt> <AttndncCntxt>ATTD</AttndncCntxt> <POIDtTm> T22:45: :00</POIDtTm> <DataSetReqrd> <Tp>MGTP</Tp> </DataSetReqrd> 5 Message Examples Page 44

45 </Cntt> </DataSet> </StsRpt> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>c68WeybXfcU=</MAC> </AuthntcdData> </SctyTrlr> </StsRpt> </Document> 5 Message Examples Page 45

46 The canonical form of the message body StsRpt (without spaces or line breaks) is dumped below: C E 3C 50 4F E 3C <StsRpt><POIId>< E C 2F E Id> </Id> C E 4F 50 4F 49 3C 2F E 3C <Tp>OPOI</Tp><Is E 54 4D C 2F E 3C 2F sr>tmgt</issr></ F E 3C D 6E 6C 4D POIId><TermnlMgr E 3C E D Id><Id>epas-acqu D 54 4D 31 3C 2F E 3C irer-tm1</id><tp E 54 4D C 2F E 3C 2F D >TMGT</Tp></Term E 6C 4D E 3C nlmgrid><dataset E 3C E 3C E C 2F 54 ><Id><Tp>STRP</T 00A0 70 3E 3C D 3E D p><credttm> b D A A E T22:45: C0 31 2B A C 2F D 1+02:00</CreDtTm 00D0 3E 3C 2F E 3C 43 6E E 3C 50 4F 49 ></Id><Cntt><POI 00E C E 3C Cpblties><CardRd 00F0 6E C E C ngcpblties>cicc< F E C /CardRdngCpbltie E 3C E C 74 s><cardrdngcpblt E 4D C 2F ies>mgst</cardrd E C E 3C 2F 50 4F 49 ngcpblties></poi C E 3C 50 4F D 70 Cpblties><POICmp E 74 3E 3C 50 4F D 70 6E E 50 nt><poicmpnttp>p C 2F 50 4F D 70 6E E EDV</POICmpntTp> C 4D 61 6E E F <ManfctrId>EPASO C 2F 4D 61 6E E 3C 4D rg</manfctrid><m C 3E 43 6F 75 6E F dl>counter Top E 01A C 2F 4D 64 6C 3E 3C E 4E 62 3E 41</Mdl><VrsnNb> 01B0 33 2E C 2F E 4E 62 3E 3C </VrsnNb><Sr 01C0 6C 4E 62 3E C 2F lnb> </ 01D C 4E 62 3E 3C 2F 50 4F D 70 6E 74 SrlNb></POICmpnt 01E0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 01F0 6D 70 6E E 53 4F C 2F 50 4F 49 mpnttp>soft</poi D 70 6E E 3C 4D 64 6C 3E CmpntTp><Mdl>SEP D C 2F 4D 64 6C 3E 3C A-FAST</Mdl><Vrs E 4E 62 3E 31 2E 30 3C 2F E 4E 62 3E nnb>1.0</vrsnnb> C 2F 50 4F D 70 6E 74 3E 3C 50 4F </POICmpnt><POIC D 70 6E 74 3E 3C 50 4F D 70 6E mpnt><poicmpnttp E 45 4D 56 4B 3C 2F 50 4F D 70 6E >EMVK</POICmpntT E 3C 4D 64 6C 3E E C 2F p><mdl>generic</ D 64 6C 3E 3C E 4E 62 3E 36 2E Mdl><VrsnNb> C 2F E 4E 62 3E 3C 2F 50 4F D </VrsnNb></POICm E 74 3E 3C 50 4F D 70 6E 74 3E 3C 50 pnt><poicmpnt><p 02A0 4F D 70 6E E C 2F OICmpntTp>AQPR</ 02B0 50 4F D 70 6E E 3C 4D 61 6E 66 POICmpntTp><Manf 02C E C 2F 4D ctrid> </m 02D0 61 6E E 3C E 4E 62 anfctrid><vrsnnb 02E0 3E C > < 02F0 2F E 4E 62 3E 3C 2F 50 4F D 70 /VrsnNb></POICmp E 74 3E 3C E 64 6E E nt><attndnccntxt E C 2F E 64 6E E >ATTD</AttndncCn E 3C 50 4F D 3E txt><poidttm> D D A A T22:45: E B A C 2F 50 4F :00</POIDt D 3E 3C Tm><DataSetReqrd E 3C E 4D C 2F E 3C 2F ><Tp>MGTP</Tp></ E 3C 2F 43 DataSetReqrd></C E E 3C 2F E 3C 2F ntt></dataset></ E StsRpt> The SHA-256 digest of the canonical form of the message body StsRpt is: 0000 C3 8E 9D FC 1F CF 48 BB AE F1 DD 8B 43...H.T.6...C F6 36 3F 61 6C 4E 21 A6 90 C5 86 2F 71 6E ?alN!.../qn2 5 Message Examples Page 46

47 After padding, the digest becomes: 0000 C3 8E 9D FC 1F CF 48 BB AE F1 DD 8B 43...H.T.6...C F6 36 3F 61 6C 4E 21 A6 90 C5 86 2F 71 6E ?alN!.../qn Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the StatusReport 73AF167B26D77DC5 and after conversion in base64 "c68weybxfcu=" A F0 7C 15 8E A DC R.....aR1.gS B F5 F8 8D 34 6E B D 98 5D A5 D+4...4n.. -.] AF 16 7B 26 D7 7D C5 s..{&.}. The message sent by the transport protocol is: BD 3C 3F 78 6D 6C F...<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C E 3C E 3C <StsRpt><Hdr><Dw 00A0 6E 6C E C C 2F nldtrf>false</dw 00B0 6E 6C E 3C D E nldtrf><frmtvrsn 00C0 3E 31 2E 30 3C 2F D E 3E 3C >1.0</FrmtVrsn>< 00D E C 2F XchgId>549</Xchg 00E E 3C D 3E Id><CreDtTm> F0 2D D A A E T22:45: B A C 2F :00</CreDtT D 3E 3C 49 6E E 3C E m><initgpty><id> C 2F E 3C </Id><Tp E 4F 50 4F 49 3C 2F E 3C E >OPOI</Tp><Issr> D C 2F E 3C 2F 49 6E 69 TMGT</Issr></Ini E 3C E 3C tgpty><rcptpty>< E D Id>epas-acquirer D 54 4D 31 3C 2F E 3C E 54 4D 47 -TM1</Id><Tp>TMG C 2F E 3C 2F E T</Tp></RcptPty> C 2F E 3C E 3C 50 </Hdr><StsRpt><P 01A0 4F E 3C E OIId><Id> B0 31 3C 2F E 3C E 4F 50 4F 49 3C 2F 1</Id><Tp>OPOI</ 01C E 3C E 54 4D C 2F 49 Tp><Issr>TMGT</I 01D E 3C 2F 50 4F E 3C ssr></poiid><ter 01E0 6D 6E 6C 4D E 3C E mnlmgrid><id>epa 01F0 73 2D D 54 4D 31 3C 2F s-acquirer-tm1</ E 3C E 54 4D C 2F E Id><Tp>TMGT</Tp> C 2F D 6E 6C 4D E 3C 44 </TermnlMgrId><D E 3C E 3C E 53 ataset><id><tp>s C 2F E 3C D TRP</Tp><CreDtTm E D D A 34 > T22: A E B A C 2F 43 5: :00</C D 3E 3C 2F E 3C 43 6E 74 redttm></id><cnt E 3C 50 4F C E 3C t><poicpblties>< E C CardRdngCpblties E C 2F E >CICC</CardRdngC 02A C E 3C E pblties><cardrdn 02B C E 4D C 2F gcpblties>mgst</ 02C E C CardRdngCpblties 02D0 3E 3C 2F 50 4F C E 3C ></POICpblties>< 02E0 50 4F D 70 6E 74 3E 3C 50 4F D 70 POICmpnt><POICmp 02F0 6E E C 2F 50 4F D nttp>pedv</poicm E E 3C 4D 61 6E pnttp><manfctrid E F C 2F 4D 61 6E >EPASOrg</Manfct 5 Message Examples Page 47

48 E 3C 4D 64 6C 3E 43 6F 75 6E rid><mdl>counter F C 2F 4D 64 6C 3E 3C 56 Top E41</Mdl><V E 4E 62 3E 33 2E C 2F E rsnnb>3.42</vrsn E 62 3E 3C C 4E 62 3E Nb><SrlNb> C 2F C 4E 62 3E 3C 2F 50 4F 0759</SrlNb></PO D 70 6E 74 3E 3C 50 4F D 70 6E 74 ICmpnt><POICmpnt E 3C 50 4F D 70 6E E 53 4F 46 ><POICmpntTp>SOF C 2F 50 4F D 70 6E E 3C 4D T</POICmpntTp><M 03A0 64 6C 3E D C 2F 4D 64 dl>sepa-fast</md 03B0 6C 3E 3C E 4E 62 3E 31 2E 30 3C 2F 56 l><vrsnnb>1.0</v 03C E 4E 62 3E 3C 2F 50 4F D 70 6E 74 rsnnb></poicmpnt 03D0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 03E0 6D 70 6E E 45 4D 56 4B 3C 2F 50 4F 49 mpnttp>emvk</poi 03F0 43 6D 70 6E E 3C 4D 64 6C 3E E CmpntTp><Mdl>Gen C 2F 4D 64 6C 3E 3C E 4E eric</mdl><vrsnn E 36 2E C 2F E 4E 62 3E 3C b>6.21</vrsnnb>< F 50 4F D 70 6E 74 3E 3C 50 4F D /POICmpnt><POICm E 74 3E 3C 50 4F D 70 6E E pnt><poicmpnttp> C 2F 50 4F D 70 6E AQPR</POICmpntTp E 3C 4D 61 6E E ><ManfctrId> C 2F 4D 61 6E E 3C 351</ManfctrId>< E 4E 62 3E VrsnNb> C 2F E 4E 62 3E 3C 2F 43500</VrsnNb></ F D 70 6E 74 3E 3C E 64 6E POICmpnt><Attndn 04A E E C 2F ccntxt>attd</att 04B0 6E 64 6E E E 3C 50 4F ndnccntxt><poidt 04C0 54 6D 3E D D Tm> T22 04D0 3A A E B A C :45: :00< 04E0 2F 50 4F D 3E 3C /POIDtTm><DataSe 04F E 3C E 4D C treqrd><tp>mgtp< F E 3C 2F /Tp></DataSetReq E 3C 2F 43 6E E 3C 2F rd></cntt></data E 3C 2F E 3C Set></StsRpt><Sc C 72 3E 3C 43 6E E 41 tytrlr><cntttp>a C 2F 43 6E E 3C UTH</CnttTp><Aut E E 3C E hntcddata><rcpt> C 4B 45 4B 3E 3C 4B 45 4B E 3C 4B <KEK><KEKId><Key E B Id>SpecV1TestKey C 2F 4B E 3C 4B E </KeyId><KeyVrsn E C 2F 4B > </Key 05A E 3E 3C E E Vrsn><DerivtnId> 05B0 4F C D 3C 2F OYclpQE=</Derivt 05C0 6E E 3C 2F 4B 45 4B E 3C 4B nid></kekid><key 05D0 4E E 41 6C 67 6F 3E 3C 41 6C 67 6F NcrptnAlgo><Algo 05E0 3E 44 4B C 2F 41 6C 67 6F 3E 3C 2F 4B 65 >DKPT</Algo></Ke 05F0 79 4E E 41 6C 67 6F 3E 3C 4E yncrptnalgo><ncr B E D 3C ptdkey>4pagabc=< F 4E B E 3C 2F 4B 45 4B /NcrptdKey></KEK E 3C 2F E 3C 4D C 67 6F ></Rcpt><MACAlgo E 3C 41 6C 67 6F 3E 4D C 2F 41 6C 67 ><Algo>MCCS</Alg F 3E 3C 2F 4D C 67 6F 3E 3C 4E o></macalgo><ncp C E E 3C 43 6E sltdcntt><cntttp E C 2F 43 6E E 3C 2F >DATA</CnttTp></ E C E E 3C 4D NcpsltdCntt><MAC E D 3C 2F 4D >c68weybxfcu=</m E 3C 2F E AC></AuthntcdDat 06A0 61 3E 3C 2F C 72 3E 3C 2F 53 a></sctytrlr></s 06B E 3C 2F 44 6F D 65 6E 74 tsrpt></document 06C0 3E > 5 Message Examples Page 48

49 5.2.2 ManagementPlanReplacement Message The version of the acquirer parameters of the POI sent in the StatusReport is obsolete (Version " " of the POIComponentType "AcquirerParameters"). The TM sends a new management plan with, in addition to the cyclic call to contact periodically the TM, the download of the acquirer parameters. DataSet Type Action Type Trigger StartTime WaitingTime Period AcquirerParameters Download DateTime T10:28:00 ManagementPlan Download DateTime 0 1 day The ManagementPlanReplacement message body contains these two actions presented below: Message Item Value Header DownloadTransfer True FormatVersion 1.0 ExchangeIdentification 549 CreationDateTime T22:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager ManagementPlan POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type ManagementPlan CreationDateTime T22:45: :00 Content Action Type Download Address PrimaryAddress TM1.Test.EPASOrg.eu PrimaryPortNumber 5001 DataSetIdentification Type AcquirerParameters Version Trigger DateTime AdditionalProcess Restart TimeCondition 5 Message Examples Page 49

50 StartTime T10:28:00 Retry Delay 10 MaximumNumber 2 Action Type Download Address PrimaryAddress TM1.Test.EPASOrg.eu PrimaryPortNumber 5001 DataSetIdentification Type ManagementPlan Trigger DateTime TimeCondition WaitingTime 0 Period Retry Delay 10 MaximumNumber 2 SecurityTrailer ContentType AuthenticatedData AuthenticatedData Recipient KEK KEKIdentification KeyIdentification SpecV1TestKey KeyVersion DerivationIdentification A501 KeyEncryptionAlgorithm Algorithm DUKPT EncryptedKey E MACAlgorithm Algorithm RetailSHA256MAC EncapsulatedContent ContentType PlainData MAC 392A7BD321E33F6A 5 Message Examples Page 50

51 The XML encoded StatusReport message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <MgmtPlanRplcmnt> <Hdr> <DwnldTrf>true</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>549</XchgId> <CreDtTm> T22:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <MgmtPlan> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>AQPR</Tp> <CreDtTm> T22:45: :00</CreDtTm> </Id> <Cntt> <Actn> <Tp>DWNL</Tp> <Adr> <PmryAdr>TM1.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5001</PmryPortNb> </Adr> <DataSetId> <Tp>AQPR</Tp> <Vrsn> </Vrsn> </DataSetId> <Trggr>DATE</Trggr> <AddtlPrc>RSRT</AddtlPrc> <TmCond> <StartTm> T10:28:00</StartTm> <ReTry> <Dely>10</Dely> <MaxNb>2</MaxNb> </ReTry> </TmCond> </Actn> <Actn> <Tp>DWNL</Tp> <Adr> <PmryAdr>TM1.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5001</PmryPortNb> </Adr> <DataSetId> <Tp>MGTP</Tp> </DataSetId> <Trggr>DATE</Trggr> <TmCond> 5 Message Examples Page 51

52 <WtgTm>0</WtgTm> <Prd>10000</Prd> <ReTry> <Dely>10</Dely> <MaxNb>2</MaxNb> </ReTry> </TmCond> </Actn> </Cntt> </DataSet> </MgmtPlan> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>OSp70yHjP2o=</MAC> </AuthntcdData> </SctyTrlr> </MgmtPlanRplcmnt> </Document> 5 Message Examples Page 52

53 The canonical form of the message body MgmtPlan (without spaces or line breaks) is dumped below: C 4D 67 6D C 61 6E 3E 3C 50 4F <MgmtPlan><POIId E 3C E C 2F 49 ><Id> </I E 3C E 4F 50 4F 49 3C 2F E 3C d><tp>opoi</tp>< E 54 4D C 2F E Issr>TMGT</Issr> C 2F 50 4F E 3C D 6E 6C 4D </POIId><TermnlM E 3C E D grid><id>epas-ac D 54 4D 31 3C 2F E 3C quirer-tm1</id>< E 54 4D C 2F E 3C 2F Tp>TMGT</Tp></Te D 6E 6C 4D E 3C rmnlmgrid><datas E 3C E 3C E C et><id><tp>aqpr< 00A0 2F E 3C D 3E /Tp><CreDtTm>201 00B0 31 2D D A A T22:45:01 00C0 2E B A C 2F :00</CreDt 00D0 54 6D 3E 3C 2F E 3C 43 6E E 3C 41 Tm></Id><Cntt><A 00E E 3E 3C E E 4C 3C 2F ctn><tp>dwnl</tp 00F0 3E 3C E 3C 50 6D E 54 ><Adr><PmryAdr>T D 31 2E E F E M1.Test.EPASOrg C 2F 50 6D E 3C 50 6D 72 eu</pmryadr><pmr F E 62 3E C 2F 50 6D yportnb>5001</pm F E 62 3E 3C 2F E 3C ryportnb></adr>< E 3C E DataSetId><Tp>AQ C 2F E 3C E 3E PR</Tp><Vrsn> C 2F </Vrs E 3E 3C 2F E 3C 54 n></datasetid><t E C 2F rggr>date</trggr E 3C C E C ><AddtlPrc>RSRT< 01A0 2F C E 3C 54 6D 43 6F 6E /AddtlPrc><TmCon 01B0 64 3E 3C D 3E D d><starttm> c D A A C 2F 08-23T10:28:00</ 01D D 3E 3C E 3C StartTm><ReTry>< 01E C 79 3E C 2F C 79 3E 3C 4D Dely>10</Dely><M 01F E 62 3E 32 3C 2F 4D E 62 3E 3C 2F axnb>2</maxnb></ E 3C 2F 54 6D 43 6F 6E 64 3E 3C ReTry></TmCond>< F E 3E 3C E 3E 3C E /Actn><Actn><Tp> E 4C 3C 2F E 3C E 3C 50 DWNL</Tp><Adr><P D E 54 4D 31 2E E mryadr>tm1.test F E C 2F 50 6D EPASOrg.eu</Pmry E 3C 50 6D F E 62 3E Adr><PmryPortNb> C 2F 50 6D F E </PmryPortNb E 3C 2F E 3C ></Adr><DataSetI E 3C E 4D C 2F E 3C d><tp>mgtp</tp>< F E 3C /DataSetId><Trgg 02A0 72 3E C 2F E 3C 54 r>date</trggr><t 02B0 6D 43 6F 6E 64 3E 3C D 3E 30 3C 2F mcond><wtgtm>0</ 02C D 3E 3C E WtgTm><Prd> D0 3C 2F E 3C E 3C </Prd><ReTry><De 02E0 6C 79 3E C 2F C 79 3E 3C 4D ly>10</dely><max 02F0 4E 62 3E 32 3C 2F 4D E 62 3E 3C 2F Nb>2</MaxNb></Re E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 Try></TmCond></A E 3E 3C 2F 43 6E E 3C 2F ctn></cntt></dat E 3C 2F 4D 67 6D C 61 6E 3E aset></mgmtplan> The SHA-256 digest of the canonical form of the message body MgmtPlan is: 0000 C7 70 C9 AB E F4 3C E7 83 BA A4 A8 D3 76.p...)H.<...v FE BE 8D 19 FD C7 95 5C D A0 F2 t...\.y.be.. After padding, the digest becomes: 0000 C7 70 C9 AB E F4 3C E7 83 BA A4 A8 D3 76.p...)H.<...v FE BE 8D 19 FD C7 95 5C D A0 F2 t...\.y.be Message Examples Page 53

54 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the ManagementPlan 392A7BD321E33F6A and after conversion in base64 "OSp70yHjP2o=" EA F A1 32 CF 37 DD 33 C0 76 8B..D..9) v CC A4 A0 09 4E D4 DE E8 F6 3C CB D5...N...<...A A 7B D3 21 E3 3F 6A 9*{.!.?j The message sent by the transport protocol is: C 3F 78 6D 6C F...g<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C 4D 67 6D C 61 6E C 63 6D 6E 74 <MgmtPlanRplcmnt 00A0 3E 3C E 3C E 6C E ><Hdr><DwnldTrf> 00B C 2F E 6C E 3C true</dwnldtrf>< 00C D E 3E 31 2E 30 3C 2F FrmtVrsn>1.0</Fr 00D0 6D E 3E 3C E 35 mtvrsn><xchgid>5 00E C 2F E 3C </XchgId><CreD 00F D 3E D D ttm> t A A E B A :45: : C 2F D 3E 3C 49 6E </CreDtTm><Initg E 3C E Pty><Id> C 2F E 3C E 4F 50 4F 49 3C 2F 54 </Id><Tp>OPOI</T E 3C E 54 4D C 2F p><issr>tmgt</is E 3C 2F 49 6E E 3C 52 sr></initgpty><r E 3C E D cptpty><id>epas D 54 4D 31 3C 2F acquirer-tm1</id E 3C E 54 4D C 2F E 3C 2F ><Tp>TMGT</Tp></ E 3C 2F E 3C 4D RcptPty></Hdr><M 01A0 67 6D C 61 6E 3E 3C 50 4F E 3C gmtplan><poiid>< 01B E C 2F E Id> </Id> 01C0 3C E 4F 50 4F 49 3C 2F E 3C <Tp>OPOI</Tp><Is 01D E 54 4D C 2F E 3C 2F sr>tmgt</issr></ 01E0 50 4F E 3C D 6E 6C 4D POIId><TermnlMgr 01F E 3C E D Id><Id>epas-acqu D 54 4D 31 3C 2F E 3C irer-tm1</id><tp E 54 4D C 2F E 3C 2F D >TMGT</Tp></Term E 6C 4D E 3C nlmgrid><dataset E 3C E 3C E C 2F 54 ><Id><Tp>AQPR</T E 3C D 3E D p><credttm> D A A E T22:45: B A C 2F D 1+02:00</CreDtTm E 3C 2F E 3C 43 6E E 3C ></Id><Cntt><Act E 3E 3C E E 4C 3C 2F E 3C n><tp>dwnl</tp>< E 3C 50 6D E 54 4D 31 Adr><PmryAdr>TM1 02A0 2E E F E Test.EPASOrg.eu 02B0 3C 2F 50 6D E 3C 50 6D </PmryAdr><PmryP 02C0 6F E 62 3E C 2F 50 6D ortnb>5001</pmry 02D0 50 6F E 62 3E 3C 2F E 3C PortNb></Adr><Da 02E E 3C E tasetid><tp>aqpr 02F0 3C 2F E 3C E 3E </Tp><Vrsn> C 2F E 3E </Vrsn> C 2F E 3C </DataSetId><Trg E C 2F E 3C gr>date</trggr>< C E C 2F 41 AddtlPrc>RSRT</A C E 3C 54 6D 43 6F 6E 64 3E ddtlprc><tmcond> C D 3E D <StartTm> D A A C 2F T10:28:00</St D 3E 3C E 3C arttm><retry><de C 79 3E C 2F C 79 3E 3C 4D ly>10</dely><max 5 Message Examples Page 54

55 0390 4E 62 3E 32 3C 2F 4D E 62 3E 3C 2F Nb>2</MaxNb></Re 03A E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 Try></TmCond></A 03B E 3E 3C E 3E 3C E ctn><actn><tp>dw 03C0 4E 4C 3C 2F E 3C E 3C 50 6D 72 NL</Tp><Adr><Pmr 03D E 54 4D 31 2E E yadr>tm1.test.ep 03E F E C 2F 50 6D ASOrg.eu</PmryAd 03F0 72 3E 3C 50 6D F E 62 3E r><pmryportnb> C 2F 50 6D F E 62 3E 3C 01</PmryPortNb>< F E 3C E /Adr><DataSetId> C E 4D C 2F E 3C 2F 44 <Tp>MGTP</Tp></D E 3C E atasetid><trggr> C 2F E 3C 54 6D 43 DATE</Trggr><TmC F 6E 64 3E 3C D 3E 30 3C 2F ond><wtgtm>0</wt D 3E 3C E C 2F gtm><prd>10000</ E 3C E 3C C 79 Prd><ReTry><Dely E C 2F C 79 3E 3C 4D E 62 >10</Dely><MaxNb E 32 3C 2F 4D E 62 3E 3C 2F >2</MaxNb></ReTr 04A0 79 3E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F y></tmcond></act 04B0 6E 3E 3C 2F 43 6E E 3C 2F n></cntt></datas 04C E 3C 2F 4D 67 6D C 61 6E 3E 3C 53 et></mgmtplan><s 04D C 72 3E 3C 43 6E E ctytrlr><cntttp> 04E C 2F 43 6E E 3C AUTH</CnttTp><Au 04F E E 3C thntcddata><rcpt E 3C 4B 45 4B 3E 3C 4B 45 4B E 3C 4B 65 ><KEK><KEKId><Ke E B 65 yid>specv1testke C 2F 4B E 3C 4B y</keyid><keyvrs E 3E C 2F 4B 65 n> </ke E 3E 3C E yvrsn><derivtnid E 4F C D 3C 2F >OYclpQE=</Deriv E E 3C 2F 4B 45 4B E 3C 4B 65 tnid></kekid><ke E E 41 6C 67 6F 3E 3C 41 6C 67 yncrptnalgo><alg F 3E 44 4B C 2F 41 6C 67 6F 3E 3C 2F 4B o>dkpt</algo></k E E 41 6C 67 6F 3E 3C 4E 63 eyncrptnalgo><nc 05A B E D rptdkey>4pagabc= 05B0 3C 2F 4E B E 3C 2F 4B 45 </NcrptdKey></KE 05C0 4B 3E 3C 2F E 3C 4D C 67 K></Rcpt><MACAlg 05D0 6F 3E 3C 41 6C 67 6F 3E 4D C 2F 41 6C o><algo>mccs</al 05E0 67 6F 3E 3C 2F 4D C 67 6F 3E 3C 4E 63 go></macalgo><nc 05F C E E 3C 43 6E psltdcntt><cnttt E C 2F 43 6E E 3C p>data</cntttp>< F 4E C E E 3C 4D 41 /NcpsltdCntt><MA E 4F A F 3D 3C 2F C>OSp70yHjP2o=</ D E 3C 2F E MAC></AuthntcdDa E 3C 2F C 72 3E 3C 2F ta></sctytrlr></ D 67 6D C 61 6E C 63 6D 6E 74 3E MgmtPlanRplcmnt> C 2F 44 6F D 65 6E 74 3E </Document> 5 Message Examples Page 55

56 5.3 Download of the Acquirer Parameters StatusReport Message The first action of the new management plan, the download of a new version of the Acquirer parameters, contains a StartTime which is passed. This action has to be excecuted immediately. The POI sends a StatusReport message with DataSetRequired containing the DataSetIdentification of this action: Message Item Value Header DownloadTransfer False FormatVersion 1.0 ExchangeIdentification 550 CreationDateTime T22:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager StatusReport POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type StatusReport CreationDateTime T22:45: :00 Content POICapabilities CardReadingCapabilities ICC CardReadingCapabilities MagneticStripe POIComponent ComponentType PINEntryDevice ManufacturerIdentification EPASOrg Model Counter Top E41 VersionNumber 3.42 SerialNumber POIComponent ComponentType Soft Model SEPA-FAST VersionNumber 1.0 POIComponent ComponentType EMVKernel Model Generic 5 Message Examples Page 56

57 VersionNumber 6.21 POIComponent ComponentType AcquirerParameters ManufacturerIdentification VersionNumber AttendanceContext Attended POIDateTime T15:16: :00 DataSetRequired Type AcquirerParameters Version SecurityTrailer ContentType AuthenticatedData AuthenticatedData Recipient KEK KEKIdentification KeyIdentification SpecV1TestKey KeyVersion DerivationIdentification A501 KeyEncryptionAlgorithm Algorithm DUKPT EncryptedKey E MACAlgorithm Algorithm RetailSHA256MAC EncapsulatedContent ContentType PlainData MAC A4B Message Examples Page 57

58 The XML encoded StatusReport message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <StsRpt> <Hdr> <DwnldTrf>false</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>550</XchgId> <CreDtTm> T22:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <StsRpt> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>STRP</Tp> <CreDtTm> T22:45: :00</CreDtTm> </Id> <Cntt> <POICpblties> <CardRdngCpblties>CICC</CardRdngCpblties> <CardRdngCpblties>MGST</CardRdngCpblties> </POICpblties> <POICmpnt> <POICmpntTp>PEDV</POICmpntTp> <ManfctrId>EPASOrg</ManfctrId> <Mdl>Counter Top E41</Mdl> <VrsnNb>3.42</VrsnNb> <SrlNb> </SrlNb> </POICmpnt> <POICmpnt> <POICmpntTp>SOFT</POICmpntTp> <Mdl>SEPA-FAST</Mdl> <VrsnNb>1.0</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>EMVK</POICmpntTp> <Mdl>Generic</Mdl> <VrsnNb>6.21</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>AQPR</POICmpntTp> <ManfctrId> </ManfctrId> <VrsnNb> </VrsnNb> </POICmpnt> <AttndncCntxt>ATTD</AttndncCntxt> <POIDtTm> T15:16: :00</POIDtTm> <DataSetReqrd> <Tp>AQPR</Tp> <Vrsn> </Vrsn> 5 Message Examples Page 58

59 </DataSetReqrd> </Cntt> </DataSet> </StsRpt> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>pLKIIhAUZFY=</MAC> </AuthntcdData> </SctyTrlr> </StsRpt> </Document> 5 Message Examples Page 59

60 The canonical form of the message body StsRpt (without spaces or line breaks) is dumped below: C E 3C 50 4F E 3C <StsRpt><POIId>< E C 2F E Id> </Id> C E 4F 50 4F 49 3C 2F E 3C <Tp>OPOI</Tp><Is E 54 4D C 2F E 3C 2F sr>tmgt</issr></ F E 3C D 6E 6C 4D POIId><TermnlMgr E 3C E D Id><Id>epas-acqu D 54 4D 31 3C 2F E 3C irer-tm1</id><tp E 54 4D C 2F E 3C 2F D >TMGT</Tp></Term E 6C 4D E 3C nlmgrid><dataset E 3C E 3C E C 2F 54 ><Id><Tp>STRP</T 00A0 70 3E 3C D 3E D p><credttm> b D A A E T22:45: C0 36 2B A C 2F D 6+02:00</CreDtTm 00D0 3E 3C 2F E 3C 43 6E E 3C 50 4F 49 ></Id><Cntt><POI 00E C E 3C Cpblties><CardRd 00F0 6E C E C ngcpblties>cicc< F E C /CardRdngCpbltie E 3C E C 74 s><cardrdngcpblt E 4D C 2F ies>mgst</cardrd E C E 3C 2F 50 4F 49 ngcpblties></poi C E 3C 50 4F D 70 Cpblties><POICmp E 74 3E 3C 50 4F D 70 6E E 50 nt><poicmpnttp>p C 2F 50 4F D 70 6E E EDV</POICmpntTp> C 4D 61 6E E F <ManfctrId>EPASO C 2F 4D 61 6E E 3C 4D rg</manfctrid><m C 3E 43 6F 75 6E F dl>counter Top E 01A C 2F 4D 64 6C 3E 3C E 4E 62 3E 41</Mdl><VrsnNb> 01B0 33 2E C 2F E 4E 62 3E 3C </VrsnNb><Sr 01C0 6C 4E 62 3E C 2F lnb> </ 01D C 4E 62 3E 3C 2F 50 4F D 70 6E 74 SrlNb></POICmpnt 01E0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 01F0 6D 70 6E E 53 4F C 2F 50 4F 49 mpnttp>soft</poi D 70 6E E 3C 4D 64 6C 3E CmpntTp><Mdl>SEP D C 2F 4D 64 6C 3E 3C A-FAST</Mdl><Vrs E 4E 62 3E 31 2E 30 3C 2F E 4E 62 3E nnb>1.0</vrsnnb> C 2F 50 4F D 70 6E 74 3E 3C 50 4F </POICmpnt><POIC D 70 6E 74 3E 3C 50 4F D 70 6E mpnt><poicmpnttp E 45 4D 56 4B 3C 2F 50 4F D 70 6E >EMVK</POICmpntT E 3C 4D 64 6C 3E E C 2F p><mdl>generic</ D 64 6C 3E 3C E 4E 62 3E 36 2E Mdl><VrsnNb> C 2F E 4E 62 3E 3C 2F 50 4F D </VrsnNb></POICm E 74 3E 3C 50 4F D 70 6E 74 3E 3C 50 pnt><poicmpnt><p 02A0 4F D 70 6E E C 2F OICmpntTp>AQPR</ 02B0 50 4F D 70 6E E 3C 4D 61 6E 66 POICmpntTp><Manf 02C E C 2F 4D ctrid> </m 02D0 61 6E E 3C E 4E 62 anfctrid><vrsnnb 02E0 3E C > < 02F0 2F E 4E 62 3E 3C 2F 50 4F D 70 /VrsnNb></POICmp E 74 3E 3C E 64 6E E nt><attndnccntxt E C 2F E 64 6E E >ATTD</AttndncCn E 3C 50 4F D 3E txt><poidttm> D D A A T15:16: E B A C 2F 50 4F :00</POIDt D 3E 3C Tm><DataSetReqrd E 3C E C 2F E 3C 56 ><Tp>AQPR</Tp><V E 3E rsn> C 2F E 3E 3C 2F </Vrsn></DataS E 3C 2F 43 6E E 3C etreqrd></cntt>< 03A0 2F E 3C 2F /DataSet></StsRp 03B0 74 3E t> The SHA-256 digest of the canonical form of the message body StsRpt is: 0000 CC DA 15 CD CE 9F 0A 2F 48 5A DD F8 89 E5.P.../HZ BB B FA B1 23 BC 71 EF D5 E6 0D E0 9E D7.8y[..#.q... 5 Message Examples Page 60

61 After padding, the digest becomes: 0000 D6 4C F4 1D BB 72 6F 04 DF CA D ED.L...ro...G FE A9 F8 98 E0 F4 0C 23 FB EA 19 EA D #...I Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the StatusReport A4B and after conversion in base64 "ByPxWrQOasQ=" D4 5D 41 DE A CD 0B 63 1E 30 1C E2 C7 D5.]A...c E 3F F E A B4 48 1C ^?...f..~.i)w.h A4 B "..dV The message sent by the transport protocol is: D8 3C 3F 78 6D 6C F...<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C E 3C E 3C <StsRpt><Hdr><Dw 00A0 6E 6C E C C 2F nldtrf>false</dw 00B0 6E 6C E 3C D E nldtrf><frmtvrsn 00C0 3E 31 2E 30 3C 2F D E 3E 3C >1.0</FrmtVrsn>< 00D E C 2F XchgId>550</Xchg 00E E 3C D 3E Id><CreDtTm> F0 2D D A A E T22:45: B A C 2F :00</CreDtT D 3E 3C 49 6E E 3C E m><initgpty><id> C 2F E 3C </Id><Tp E 4F 50 4F 49 3C 2F E 3C E >OPOI</Tp><Issr> D C 2F E 3C 2F 49 6E 69 TMGT</Issr></Ini E 3C E 3C tgpty><rcptpty>< E D Id>epas-acquirer D 54 4D 31 3C 2F E 3C E 54 4D 47 -TM1</Id><Tp>TMG C 2F E 3C 2F E T</Tp></RcptPty> C 2F E 3C E 3C 50 </Hdr><StsRpt><P 01A0 4F E 3C E OIId><Id> B0 31 3C 2F E 3C E 4F 50 4F 49 3C 2F 1</Id><Tp>OPOI</ 01C E 3C E 54 4D C 2F 49 Tp><Issr>TMGT</I 01D E 3C 2F 50 4F E 3C ssr></poiid><ter 01E0 6D 6E 6C 4D E 3C E mnlmgrid><id>epa 01F0 73 2D D 54 4D 31 3C 2F s-acquirer-tm1</ E 3C E 54 4D C 2F E Id><Tp>TMGT</Tp> C 2F D 6E 6C 4D E 3C 44 </TermnlMgrId><D E 3C E 3C E 53 ataset><id><tp>s C 2F E 3C D TRP</Tp><CreDtTm E D D A 34 > T22: A E B A C 2F 43 5: :00</C D 3E 3C 2F E 3C 43 6E 74 redttm></id><cnt E 3C 50 4F C E 3C t><poicpblties>< E C CardRdngCpblties E C 2F E >CICC</CardRdngC 02A C E 3C E pblties><cardrdn 02B C E 4D C 2F gcpblties>mgst</ 02C E C CardRdngCpblties 02D0 3E 3C 2F 50 4F C E 3C ></POICpblties>< 02E0 50 4F D 70 6E 74 3E 3C 50 4F D 70 POICmpnt><POICmp 02F0 6E E C 2F 50 4F D nttp>pedv</poicm E E 3C 4D 61 6E pnttp><manfctrid E F C 2F 4D 61 6E >EPASOrg</Manfct 5 Message Examples Page 61

62 E 3C 4D 64 6C 3E 43 6F 75 6E rid><mdl>counter F C 2F 4D 64 6C 3E 3C 56 Top E41</Mdl><V E 4E 62 3E 33 2E C 2F E rsnnb>3.42</vrsn E 62 3E 3C C 4E 62 3E Nb><SrlNb> C 2F C 4E 62 3E 3C 2F 50 4F 0759</SrlNb></PO D 70 6E 74 3E 3C 50 4F D 70 6E 74 ICmpnt><POICmpnt E 3C 50 4F D 70 6E E 53 4F 46 ><POICmpntTp>SOF C 2F 50 4F D 70 6E E 3C 4D T</POICmpntTp><M 03A0 64 6C 3E D C 2F 4D 64 dl>sepa-fast</md 03B0 6C 3E 3C E 4E 62 3E 31 2E 30 3C 2F 56 l><vrsnnb>1.0</v 03C E 4E 62 3E 3C 2F 50 4F D 70 6E 74 rsnnb></poicmpnt 03D0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 03E0 6D 70 6E E 45 4D 56 4B 3C 2F 50 4F 49 mpnttp>emvk</poi 03F0 43 6D 70 6E E 3C 4D 64 6C 3E E CmpntTp><Mdl>Gen C 2F 4D 64 6C 3E 3C E 4E eric</mdl><vrsnn E 36 2E C 2F E 4E 62 3E 3C b>6.21</vrsnnb>< F 50 4F D 70 6E 74 3E 3C 50 4F D /POICmpnt><POICm E 74 3E 3C 50 4F D 70 6E E pnt><poicmpnttp> C 2F 50 4F D 70 6E AQPR</POICmpntTp E 3C 4D 61 6E E ><ManfctrId> C 2F 4D 61 6E E 3C 351</ManfctrId>< E 4E 62 3E VrsnNb> C 2F E 4E 62 3E 3C 2F 43500</VrsnNb></ F D 70 6E 74 3E 3C E 64 6E POICmpnt><Attndn 04A E E C 2F ccntxt>attd</att 04B0 6E 64 6E E E 3C 50 4F ndnccntxt><poidt 04C0 54 6D 3E D D Tm> T15 04D0 3A A E B A C :16: :00< 04E0 2F 50 4F D 3E 3C /POIDtTm><DataSe 04F E 3C E C treqrd><tp>aqpr< F E 3C E 3E /Tp><Vrsn> C 2F E 3E 3C </Vrsn>< F E 3C 2F /DataSetReqrd></ E E 3C 2F E 3C Cntt></DataSet>< F E 3C C /StsRpt><SctyTrl E 3C 43 6E E C 2F r><cntttp>auth</ E E 3C E CnttTp><Authntcd E 3C E 3C 4B 45 4B 3E Data><Rcpt><KEK> C 4B 45 4B E 3C 4B E <KEKId><KeyId>Sp B C 2F 4B ecv1testkey</key 05A E 3C 4B E 3E Id><KeyVrsn> B C 2F 4B E 3E </KeyVrsn> 05C0 3C E E 4F C 70 <DerivtnId>OYclp 05D D 3C 2F E E 3C QE=</DerivtnId>< 05E0 2F 4B 45 4B E 3C 4B E /KEKId><KeyNcrpt 05F0 6E 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 44 4B nalgo><algo>dkpt C 2F 41 6C 67 6F 3E 3C 2F 4B E </Algo></KeyNcrp E 41 6C 67 6F 3E 3C 4E B 65 tnalgo><ncrptdke E D 3C 2F 4E y>4pagabc=</ncrp B E 3C 2F 4B 45 4B 3E 3C 2F tdkey></kek></rc E 3C 4D C 67 6F 3E 3C 41 6C 67 pt><macalgo><alg F 3E 4D C 2F 41 6C 67 6F 3E 3C 2F 4D o>mccs</algo></m C 67 6F 3E 3C 4E C ACAlgo><NcpsltdC E E 3C 43 6E E ntt><cntttp>data C 2F 43 6E E 3C 2F 4E C </CnttTp></Ncpsl E E 3C 4D E 70 4C 4B 49 tdcntt><mac>plki 06A A D 3C 2F 4D E 3C 2F IhAUZFY=</MAC></ 06B E E 3C 2F 53 AuthntcdData></S 06C C 72 3E 3C 2F ctytrlr></stsrpt 06D0 3E 3C 2F 44 6F D 65 6E 74 3E ></Document> 5 Message Examples Page 62

63 5.3.2 AcceptorConfigurationUpdate Message The version of the acquirer parameters includes the Acquirer protocol parameters and the application parameters. The Acquirer is composed of two hosts identified by "AcquirerHost1" and "AcquirerHost2", the first one performing all messages, at the exception of the AcceptorReconciliationRequest being performed by "AcquirerHost2". The CancellationRequest is not part of the message list for the "AcquirerHost1" because the Reconciliation exchange initiates the clearing of the Acquirer. The Acquirer has the identification "12", and manages only one application identified "SEPA-FAST". The POI has the identification " " for this Acquirer. Online transactions realise the financial data capture with the online authorisation. A Completion advice is sent by the POI at the end of the transaction if the Acquirer requests it in the Authorisation response message. Offline transactions realise the financial data capture at the end of the transaction, sending a Completion advice immediately after the end of the transaction. A Reconciliation exchange is initiated by the POI every day at 23h 35, with a maximum of 3 retries if the exchange fails, waiting 5 minutes between two attempts. Identification of the reconciliation period is performed by the POI, totals are exchanged per currency, the failed offline transactions are notified by a Completion advice, and the card data sent to the Acquirer must be protected. The POI must send a RecipientParty message component in the message headers, but no traceability information. The Acquirer and Merchant identifications are required in the environment. The configuration parameters of the application "SEPA-FAST" have the same version as the data set (the value provided in this example do not represent a complete configuration of the application). The complete AcceptorConfigurationUpdate message is presented below: Message Item Value Header DownloadTransfer True FormatVersion 1.0 ExchangeIdentification 550 CreationDateTime T22:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager AcceptorConfiguration POIIdentification Identification Type OriginationgPOI 5 Message Examples Page 63

64 Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type AcquirerParameters Version CreationDateTime T22:45: :00 Content AcquirerProtocolParameters AcquirerIdentification Identification 12 Issuer Acquirer ApplicationIdentification SEPA-FAST Host HostIdentification AcquirerHost1 MessageTosend FinancialAuthorisationRequest MessageTosend FinancialCompletionAdvice MessageTosend CompletionAdvice MessageTosend FinancialReversalAdvice MessageTosend CancellationAdvice Host HostIdentification AcquirerHost2 MessageTosend ReconciliationRequest OnlineTransaction FinancialCapture Authorisation CompletionExchange ExchangePolicy OnDemand OfflineTransaction FinancialCapture Completion CompletionExchange ExchangePolicy Immediately ReconciliationExchange ExchangePolicy Cyclic TimeCondition StartTime T23:35:00 Period Retry Delay 5 MaximumNumber 3 ReconciliationByAcquirer False TotalsPerCurrency True BatchTransferContent Failed MessageItem ItemIdentification Hdr/InitgPty/Id Condition ConfiguredValue Value MessageItem ItemIdentification Hdr/RcptPty Condition Mandatory MessageItem 5 Message Examples Page 64

65 SecurityTrailer ContentType ItemIdentification Condition Value MessageItem ItemIdentification Condition MessageItem ItemIdentification Condition MessageItem ItemIdentification Condition MessageItem ItemIdentification Condition ProtectCardData ApplicationParameters ApplicationIdentification Hdr/RcptPty/Id ConfiguredValue epas-acquirer-1 Hdr/Tracblt NotSupported Envt/Acqrr/Id Mandatory Envt/Acqrr/Id/Id Mandatory Envt/Mrchnt/Id Mandatory True SEPA-FAST Version Parameters HostCommunicationParameters HostIdentification Address PrimaryAddress PrimaryPortNumber 5001 HostCommunicationParameters HostIdentification Address AuthenticatedData Recipient KEK PrimaryAddress PrimaryPortNumber 5002 KEKIdentification KeyIdentification E01A9F1E DF140101DF DF160103DF E1259F400 5A00090F0019F330360A0409F F1A02050DF DF1302E000DF AcquirerHost1 AcquirerHost1.Test.EPASOrg.eu AcquirerHost2 AcquirerHost2.Test.EPASOrg.eu AuthenticatedData SpecV1TestKey KeyVersion DerivationIdentification KeyEncryptionAlgorithm Algorithm EncryptedKey MACAlgorithm Algorithm EncapsulatedContent MAC ContentType A501 DUKPT E RetailSHA256MAC PlainData F632BC6CF969FCA5 5 Message Examples Page 65

66 The XML encoded AcceptorConfigurationUpdate message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <AccptrCfgtnUpd> <Hdr> <DwnldTrf>false</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>550</XchgId> <CreDtTm> T22:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <AccptrCfgtn> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>ACQR</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>AQPR</Tp> <Vrsn> </Vrsn> <CreDtTm> T22:45: :00</CreDtTm> </Id> <Cntt> <AcqrrPrtcolParams> <AcqrrId> <Id>12</Id> <Tp>ACQR</Tp> </AcqrrId> <ApplId>SEPA-FAST</ApplId> <Hst> <HstId>AcquirerHost1</HstId> <MsgToSnd>FAUQ</MsgToSnd> <MsgToSnd>FCMV</MsgToSnd> <MsgToSnd>CMPV</MsgToSnd> <MsgToSnd>FRVA</MsgToSnd> <MsgToSnd>CCAV</MsgToSnd> </Hst> <Hst> <HstId>AcquirerHost2</HstId> <MsgToSnd>RCLQ</MsgToSnd> </Hst> <OnLineTx> <FinCaptr>AUTH</FinCaptr> <CmpltnXchg> <XchgPlcy>ONDM</XchgPlcy> </CmpltnXchg> </OnLineTx> <OffLineTx> <FinCaptr>COMP</FinCaptr> <CmpltnXchg> <XchgPlcy>IMMD</XchgPlcy> </CmpltnXchg> </OffLineTx> 5 Message Examples Page 66

67 <RcncltnXchg> <XchgPlcy>CYCL</XchgPlcy> <TmCond> <StartTm> T23:35:00</StartTm> <Prd>10000</Prd> <ReTry> <Dely>5</Dely> <MaxNb>3</MaxNb> </ReTry> </TmCond> </RcncltnXchg> <RcncltnByAcqrr>false</RcncltnByAcqrr> <TtlsPerCcy>true</TtlsPerCcy> <BtchTrfCntt>FAIL</BtchTrfCntt> <MsgItm> <ItmId>Hdr/InitgPty/Id</ItmId> <Cond>CFVL</Cond> <Val> </Val> </MsgItm> <MsgItm> <ItmId>Hdr/InitgPty/Id</ItmId> <Cond>CFVL</Cond> <Val> </Val> </MsgItm> <MsgItm> <ItmId>Hdr/RcptPty</ItmId> <Cond>MNDT</Cond> </MsgItm> <MsgItm> <ItmId>Hdr/RcptPty/Id</ItmId> <Cond>CFVL</Cond> <Val>epas-acquirer-1</Val> </MsgItm> <MsgItm> <ItmId>Hdr/Tracblt</ItmId> <Cond>UNSP</Cond> </MsgItm> <MsgItm> <ItmId>Envt/Acqrr/Id</ItmId> <Cond>MNDT</Cond> </MsgItm> <MsgItm> <ItmId>Envt/Acqrr/Id/Id</ItmId> <Cond>MNDT</Cond> </MsgItm> <MsgItm> <ItmId>Envt/Mrchnt/Id</ItmId> <Cond>MNDT</Cond> </MsgItm> <PrtctCardData>true</PrtctCardData> </AcqrrPrtcolParams> <ApplParams> <ApplId>SEPA-FAST</ApplId> <Vrsn> </Vrsn> <Params> 4BqfHgiFMQKY3xQBAd8VAQLfFgED3zMEQAMGDhJZ9ABaAAkP ABnzMDYKBAnzUBMp8aAgUN8SAkZS3xMC4ADfFwEB </Params> </ApplParams> <HstComParams> <HstId>AcquirerHost1</HstId> <Adr> <PmryAdr>AcquirerHost1.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5001</PmryPortNb> </Adr> </HstComParams> <HstComParams> <HstId>AcquirerHost2</HstId> <Adr> 5 Message Examples Page 67

68 <PmryAdr>AcquirerHost2.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5002</PmryPortNb> </Adr> </HstComParams> </Cntt> </DataSet> </AccptrCfgtn> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>9jK8bPlp/KU=</MAC> </AuthntcdData> </SctyTrlr> </AccptrCfgtnUpd> </Document> 5 Message Examples Page 68

69 The canonical form of the message body AccptrCfgtn (without spaces or line breaks) is dumped below: C E 3E 3C 50 4F <AccptrCfgtn><PO E 3C E IId><Id> C 2F E 3C E 4F 50 4F 49 3C 2F 54 </Id><Tp>OPOI</T E 3C E C 2F p><issr>acqr</is E 3C 2F 50 4F E 3C D sr></poiid><term E 6C 4D E 3C E nlmgrid><id>epas D D 54 4D 31 3C 2F 49 -acquirer-tm1</i E 3C E 54 4D C 2F E 3C d><tp>tmgt</tp>< F D 6E 6C 4D E 3C /TermnlMgrId><Da E 3C E 3C E taset><id><tp>aq 00A C 2F E 3C E 3E PR</Tp><Vrsn>201 00B C 2F </Vrs 00C0 6E 3E 3C D 3E D n><credttm> d D A A E T22:45: E0 31 2B A C 2F D 1+02:00</CreDtTm 00F0 3E 3C 2F E 3C 43 6E E 3C ></Id><Cntt><Acq F 6C D 73 3E 3C rrprtcolparams>< E 3C E C 2F AcqrrId><Id>12</ E 3C E C 2F E Id><Tp>ACQR</Tp> C 2F E 3C C 49 </AcqrrId><ApplI E D C 2F d>sepa-fast</app C E 3C E 3C E lid><hst><hstid> F C 2F 48 AcquirerHost1</H E 3C 4D F 53 6E 64 3E 46 stid><msgtosnd>f C 2F 4D F 53 6E 64 3E 3C 4D AUQ</MsgToSnd><M F 53 6E 64 3E D 56 3C 2F 4D 73 sgtosnd>fcmv</ms 01A F 53 6E 64 3E 3C 4D F 53 6E 64 gtosnd><msgtosnd 01B0 3E 43 4D C 2F 4D F 53 6E 64 3E >CMPV</MsgToSnd> 01C0 3C 4D F 53 6E 64 3E C 2F <MsgToSnd>FRVA</ 01D0 4D F 53 6E 64 3E 3C 4D F 53 MsgToSnd><MsgToS 01E0 6E 64 3E C 2F 4D F 53 6E nd>ccav</msgtosn 01F0 64 3E 3C 2F E 3C E 3C d></hst><hst><hs E F tid>acquirerhost C 2F E 3C 4D F 53 2</HstId><MsgToS E 64 3E C 51 3C 2F 4D F 53 6E nd>rclq</msgtosn E 3C 2F E 3C 4F 6E 4C 69 6E d></hst><onlinet E 3C E E x><fincaptr>auth C 2F E E 3C 43 6D 70 6C </FinCaptr><Cmpl E E 3C C tnxchg><xchgplcy E 4F 4E 44 4D 3C 2F C E >ONDM</XchgPlcy> C 2F 43 6D 70 6C 74 6E E 3C 2F 4F </CmpltnXchg></O E 4C 69 6E E 3C 4F C 69 6E 65 nlinetx><offline 02A E 3C E E 43 4F 4D Tx><FinCaptr>COM 02B0 50 3C 2F E E 3C 43 6D 70 P</FinCaptr><Cmp 02C0 6C 74 6E E 3C C 63 ltnxchg><xchgplc 02D0 79 3E 49 4D 4D 44 3C 2F C y>immd</xchgplcy 02E0 3E 3C 2F 43 6D 70 6C 74 6E E 3C 2F ></CmpltnXchg></ 02F0 4F C 69 6E E 3C E 63 6C OffLineTx><Rcncl E E 3C C tnxchg><xchgplcy E C 3C 2F C E >CYCL</XchgPlcy> C 54 6D 43 6F 6E 64 3E 3C D <TmCond><StartTm E D D A 33 > T23: A C 2F D 3E 3C 50 5:00</StartTm><P E C 2F E 3C 52 rd>10000</prd><r E 3C C 79 3E 35 3C 2F etry><dely>5</de C 79 3E 3C 4D E 62 3E 33 3C 2F 4D ly><maxnb>3</max E 62 3E 3C 2F E 3C 2F 54 6D 43 Nb></ReTry></TmC F 6E 64 3E 3C 2F E 63 6C 74 6E ond></rcncltnxch 03A0 67 3E 3C E 63 6C 74 6E g><rcncltnbyacqr 03B0 72 3E C C 2F E 63 6C 74 6E r>false</rcncltn 03C E 3C C ByAcqrr><TtlsPer 03D E C 2F C Ccy>true</TtlsPe 03E E 3C E 74 rccy><btchtrfcnt 03F0 74 3E C 3C 2F t>fail</btchtrfc E E 3C 4D D 3E 3C D ntt><msgitm><itm E F 49 6E F Id>Hdr/InitgPty/ C 2F D E 3C 43 6F 6E 64 3E Id</ItmId><Cond> C 3C 2F 43 6F 6E 64 3E 3C C 3E CFVL</Cond><Val> 5 Message Examples Page 69

70 C 2F C 3E 3C 2F </Val></ D D 3E 3C 4D D 3E 3C MsgItm><MsgItm>< D E F 49 6E ItmId>Hdr/InitgP F C 2F D E 3C 43 6F ty/id</itmid><co E 64 3E C 3C 2F 43 6F 6E 64 3E 3C 56 nd>cfvl</cond><v C 3E C 2F C al> </val 04A0 3E 3C 2F 4D D 3E 3C 4D ></MsgItm><MsgIt 04B0 6D 3E 3C D E F m><itmid>hdr/rcp 04C C 2F D E 3C 43 6F 6E tpty</itmid><con 04D0 64 3E 4D 4E C 2F 43 6F 6E 64 3E 3C 2F 4D d>mndt</cond></m 04E D 3E 3C 4D D 3E 3C 49 sgitm><msgitm><i 04F0 74 6D E F tmid>hdr/rcptpty F C 2F D E 3C 43 6F 6E 64 /Id</ItmId><Cond E C 3C 2F 43 6F 6E 64 3E 3C C >CFVL</Cond><Val E D D 31 >epas-acquirer C 2F C 3E 3C 2F 4D D 3E 3C </Val></MsgItm>< D D 3E 3C D E MsgItm><ItmId>Hd F C 74 3C 2F D r/tracblt</itmid E 3C 43 6F 6E 64 3E 55 4E C 2F 43 6F 6E ><Cond>UNSP</Con E 3C 2F 4D D 3E 3C 4D d></msgitm><msgi D 3E 3C D E 45 6E F 41 tm><itmid>envt/a F C 2F D E 3C cqrr/id</itmid>< 05A0 43 6F 6E 64 3E 4D 4E C 2F 43 6F 6E 64 3E Cond>MNDT</Cond> 05B0 3C 2F 4D D 3E 3C 4D D </MsgItm><MsgItm 05C0 3E 3C D E 45 6E F ><ItmId>Envt/Acq 05D F F C 2F D E rr/id/id</itmid> 05E0 3C 43 6F 6E 64 3E 4D 4E C 2F 43 6F 6E 64 <Cond>MNDT</Cond 05F0 3E 3C 2F 4D D 3E 3C 4D ></MsgItm><MsgIt D 3E 3C D E 45 6E F 4D 72 m><itmid>envt/mr E 74 2F C 2F D E 3C chnt/id</itmid>< F 6E 64 3E 4D 4E C 2F 43 6F 6E 64 3E Cond>MNDT</Cond> C 2F 4D D 3E 3C </MsgItm><PrtctC E C 2F arddata>true</pr E 3C 2F tctcarddata></ac F 6C D 73 3E qrrprtcolparams> C C D 73 3E 3C <ApplParams><App C E D C 2F 41 lid>sepa-fast</a C E 3C E 3E pplid><vrsn> A C 2F E </Vrsn 06B0 3E 3C D 73 3E ><Params>4BqfHgi 06C0 46 4D 51 4B C FMQKY3xQBAd8VAQL 06D A 4D D A ffged3zmeqamgdhj 06E0 5A B E 7A 4D Z9ABaAAkPABnzMDY 06F0 4B E 7A D E 38 KBAnzUBMp8aAgUN B 5A D SAkZS3xMC4ADfFwE C 2F D 73 3E 3C 2F C B</Params></Appl D 73 3E 3C F 6D Params><HstComPa D 73 3E 3C E rams><hstid>acqu F C 2F irerhost1</hstid E 3C E 3C 50 6D E 41 ><Adr><PmryAdr>A F E cquirerhost1.tes E F E C 2F 50 6D t.epasorg.eu</pm E 3C 50 6D F E ryadr><pmryportn E C 2F 50 6D F b>5001</pmryport 07A0 4E 62 3E 3C 2F E 3C 2F F Nb></Adr></HstCo 07B0 6D D 73 3E 3C F 6D 50 mparams><hstcomp 07C D 73 3E 3C E arams><hstid>acq 07D F C 2F uirerhost2</hsti 07E0 64 3E 3C E 3C 50 6D E d><adr><pmryadr> 07F F E AcquirerHost2.Te E F E C 2F 50 st.epasorg.eu</p D E 3C 50 6D F mryadr><pmryport E 62 3E C 2F 50 6D F 72 Nb>5002</PmryPor E 62 3E 3C 2F E 3C 2F tnb></adr></hstc F 6D D 73 3E 3C 2F 43 6E E omparams></cntt> C 2F E 3C 2F </DataSet></Accp E 3E trcfgtn> 5 Message Examples Page 70

71 The SHA-256 digest of the canonical form of the message body AccptrCfgtn is: B 9E 3C F A 1A 15 C7 C7 {.<B&...Rj C9 62 DD FC A b.rvx#.BRh..I After padding, the digest becomes: B 9E 3C F A 1A 15 C7 C7 {.<B&...Rj C9 62 DD FC A b.rvx#.BRh..I Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the AcceptorConfigurationUpdate F632BC6CF969FCA5 and after conversion in base64 "9jK8bPlp/KU=" A 2A 5F 9A B5 19 7E B6 4E 27 9E B7 22 F9 44 BF Z*_...~.N'..".D E 6D 18 C0 69 AE B 1D 7B F FE 3C.m..i.V6K.{.8`.< 0020 F6 32 BC 6C F9 69 FC A5.2.l.i.. The message sent by the transport protocol is: B 9E 3C 3F 78 6D 6C F...<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C E E <AccptrCfgtnUpd> 00A0 3C E 3C E 6C E 66 <Hdr><DwnldTrf>f 00B0 61 6C C 2F E 6C E 3C alse</dwnldtrf>< 00C D E 3E 31 2E 30 3C 2F FrmtVrsn>1.0</Fr 00D0 6D E 3E 3C E 35 mtvrsn><xchgid>5 00E C 2F E 3C </XchgId><CreD 00F D 3E D D ttm> t A A E B A :45: : C 2F D 3E 3C 49 6E </CreDtTm><Initg E 3C E Pty><Id> C 2F E 3C E 4F 50 4F 49 3C 2F 54 </Id><Tp>OPOI</T E 3C E 54 4D C 2F p><issr>tmgt</is E 3C 2F 49 6E E 3C 52 sr></initgpty><r E 3C E D cptpty><id>epas D 54 4D 31 3C 2F acquirer-tm1</id E 3C E 54 4D C 2F E 3C 2F ><Tp>TMGT</Tp></ E 3C 2F E 3C 41 RcptPty></Hdr><A 01A E 3E 3C 50 4F ccptrcfgtn><poii 01B0 64 3E 3C E C 2F d><id> </ 01C E 3C E 4F 50 4F 49 3C 2F E Id><Tp>OPOI</Tp> 01D0 3C E C 2F <Issr>ACQR</Issr 01E0 3E 3C 2F 50 4F E 3C D 6E 6C ></POIId><Termnl 01F0 4D E 3C E D 61 MgrId><Id>epas-a D 54 4D 31 3C 2F E cquirer-tm1</id> C E 54 4D C 2F E 3C 2F 54 <Tp>TMGT</Tp></T D 6E 6C 4D E 3C ermnlmgrid><data E 3C E 3C E Set><Id><Tp>AQPR C 2F E 3C E 3E </Tp><Vrsn> C 2F E 3E </Vrsn> C D 3E D <CreDtTm> D A A E B -23T22:45: A C 2F D 3E 3C 02:00</CreDtTm>< F E 3C 43 6E E 3C /Id><Cntt><Acqrr 02A F 6C D 73 3E 3C PrtcolParams><Ac 02B E 3C E C 2F qrrid><id>12</id 02C0 3E 3C E C 2F E 3C 2F ><Tp>ACQR</Tp></ 5 Message Examples Page 71

72 02D E 3C C E AcqrrId><ApplId> 02E D C 2F C 49 SEPA-FAST</ApplI 02F0 64 3E 3C E 3C E d><hst><hstid>ac F C 2F quirerhost1</hst E 3C 4D F 53 6E 64 3E Id><MsgToSnd>FAU C 2F 4D F 53 6E 64 3E 3C 4D Q</MsgToSnd><Msg F 53 6E 64 3E D 56 3C 2F 4D ToSnd>FCMV</MsgT F 53 6E 64 3E 3C 4D F 53 6E 64 3E 43 osnd><msgtosnd>c D C 2F 4D F 53 6E 64 3E 3C 4D MPV</MsgToSnd><M F 53 6E 64 3E C 2F 4D 73 sgtosnd>frva</ms F 53 6E 64 3E 3C 4D F 53 6E 64 gtosnd><msgtosnd E C 2F 4D F 53 6E 64 3E >CCAV</MsgToSnd> C 2F E 3C E 3C </Hst><Hst><HstI 03A0 64 3E F C d>acquirerhost2< 03B0 2F E 3C 4D F 53 6E 64 /HstId><MsgToSnd 03C0 3E C 51 3C 2F 4D F 53 6E 64 3E >RCLQ</MsgToSnd> 03D0 3C 2F E 3C 4F 6E 4C 69 6E E </Hst><OnLineTx> 03E0 3C E E C 2F <FinCaptr>AUTH</ 03F E E 3C 43 6D 70 6C 74 6E FinCaptr><Cmpltn E 3C C E 4F Xchg><XchgPlcy>O E 44 4D 3C 2F C E 3C 2F NDM</XchgPlcy></ D 70 6C 74 6E E 3C 2F 4F 6E 4C CmpltnXchg></OnL E E 3C 4F C 69 6E inetx><offlinetx E 3C E E 43 4F 4D 50 3C ><FinCaptr>COMP< F E E 3C 43 6D 70 6C 74 /FinCaptr><Cmplt E E 3C C E nxchg><xchgplcy> D 4D 44 3C 2F C E 3C IMMD</XchgPlcy>< F 43 6D 70 6C 74 6E E 3C 2F 4F 66 /CmpltnXchg></Of C 69 6E E 3C E 63 6C 74 6E flinetx><rcncltn 04A E 3C C E 43 Xchg><XchgPlcy>C 04B C 3C 2F C E 3C 54 YCL</XchgPlcy><T 04C0 6D 43 6F 6E 64 3E 3C D 3E 32 mcond><starttm>2 04D D D A A T23:35: 04E C 2F D 3E 3C </StartTm><Prd 04F0 3E C 2F E 3C >10000</Prd><ReT E 3C C 79 3E 35 3C 2F C 79 ry><dely>5</dely E 3C 4D E 62 3E 33 3C 2F 4D E 62 ><MaxNb>3</MaxNb E 3C 2F E 3C 2F 54 6D 43 6F 6E ></ReTry></TmCon E 3C 2F E 63 6C 74 6E E d></rcncltnxchg> C E 63 6C 74 6E E <RcncltnByAcqrr> C C 2F E 63 6C 74 6E false</rcncltnby E 3C C Acqrr><TtlsPerCc E C 2F C y>true</ttlsperc E 3C E E cy><btchtrfcntt> C 3C 2F E 74 FAIL</BtchTrfCnt 05A0 74 3E 3C 4D D 3E 3C D t><msgitm><itmid 05B0 3E F 49 6E F >Hdr/InitgPty/Id 05C0 3C 2F D E 3C 43 6F 6E 64 3E </ItmId><Cond>CF 05D0 56 4C 3C 2F 43 6F 6E 64 3E 3C C 3E VL</Cond><Val>66 05E C 2F C 3E 3C 2F 4D </Val></Ms 05F D 3E 3C 4D D 3E 3C gitm><msgitm><it D E F 49 6E mid>hdr/initgpty F C 2F D E 3C 43 6F 6E 64 /Id</ItmId><Cond E C 3C 2F 43 6F 6E 64 3E 3C C >CFVL</Cond><Val E C 2F C 3E 3C > </Val>< F 4D D 3E 3C 4D D 3E /MsgItm><MsgItm> C D E F <ItmId>Hdr/RcptP C 2F D E 3C 43 6F 6E 64 3E ty</itmid><cond> D 4E C 2F 43 6F 6E 64 3E 3C 2F 4D MNDT</Cond></Msg D 3E 3C 4D D 3E 3C D Itm><MsgItm><Itm E F F 49 Id>Hdr/RcptPty/I 06A0 64 3C 2F D E 3C 43 6F 6E 64 3E 43 d</itmid><cond>c 06B C 3C 2F 43 6F 6E 64 3E 3C C 3E 65 FVL</Cond><Val>e 06C D D 31 3C 2F pas-acquirer-1</ 06D C 3E 3C 2F 4D D 3E 3C 4D 73 Val></MsgItm><Ms 06E D 3E 3C D E F gitm><itmid>hdr/ 06F C 74 3C 2F D E 3C Tracblt</ItmId>< F 6E 64 3E 55 4E C 2F 43 6F 6E 64 3E Cond>UNSP</Cond> C 2F 4D D 3E 3C 4D D </MsgItm><MsgItm 5 Message Examples Page 72

73 0720 3E 3C D E 45 6E F ><ItmId>Envt/Acq F C 2F D E 3C 43 6F rr/id</itmid><co E 64 3E 4D 4E C 2F 43 6F 6E 64 3E 3C 2F nd>mndt</cond></ D D 3E 3C 4D D 3E 3C MsgItm><MsgItm>< D E 45 6E F ItmId>Envt/Acqrr F F C 2F D E 3C 43 /Id/Id</ItmId><C F 6E 64 3E 4D 4E C 2F 43 6F 6E 64 3E 3C ond>mndt</cond>< F 4D D 3E 3C 4D D 3E /MsgItm><MsgItm> 07A0 3C D E 45 6E F 4D <ItmId>Envt/Mrch 07B0 6E 74 2F C 2F D E 3C 43 6F nt/id</itmid><co 07C0 6E 64 3E 4D 4E C 2F 43 6F 6E 64 3E 3C 2F nd>mndt</cond></ 07D0 4D D 3E 3C MsgItm><PrtctCar 07E E C 2F ddata>true</prtc 07F E 3C 2F tcarddata></acqr F 6C D 73 3E 3C 41 rprtcolparams><a C D 73 3E 3C C 49 pplparams><appli E D C 2F d>sepa-fast</app C E 3C E 3E lid><vrsn> C 2F E 3E 3C </Vrsn>< D 73 3E D Params>4BqfHgiFM B C QKY3xQBAd8VAQLfF A 4D D A 5A 39 ged3zmeqamgdhjz B E 7A 4D B 42 ABaAAkPABnzMDYKB E 7A D E AnzUBMp8aAgUN8SA 08A0 6B 5A D C kzs3xmc4adffweb< 08B0 2F D 73 3E 3C 2F C /Params></ApplPa 08C D 73 3E 3C F 6D rams><hstcompara 08D0 6D 73 3E 3C E ms><hstid>acquir 08E F C 2F E 3C erhost1</hstid>< 08F E 3C 50 6D E Adr><PmryAdr>Acq F E E uirerhost1.test F E C 2F 50 6D EPASOrg.eu</Pmry E 3C 50 6D F E 62 3E Adr><PmryPortNb> C 2F 50 6D F E </PmryPortNb E 3C 2F E 3C 2F F 6D 50 ></Adr></HstComP D 73 3E 3C F 6D arams><hstcompar D 73 3E 3C E ams><hstid>acqui F C 2F E rerhost2</hstid> C E 3C 50 6D E <Adr><PmryAdr>Ac F E quirerhost2.test 09A0 2E F E C 2F 50 6D 72.EPASOrg.eu</Pmr 09B E 3C 50 6D F E 62 yadr><pmryportnb 09C0 3E C 2F 50 6D F E >5002</PmryPortN 09D0 62 3E 3C 2F E 3C 2F F 6D b></adr></hstcom 09E D 73 3E 3C 2F 43 6E E 3C 2F Params></Cntt></ 09F E 3C 2F DataSet></Accptr 0A E 3E 3C C 72 3E Cfgtn><SctyTrlr> 0A10 3C 43 6E E C 2F 43 6E <CnttTp>AUTH</Cn 0A E 3C E tttp><authntcdda 0A E 3C E 3C 4B 45 4B 3E 3C 4B ta><rcpt><kek><k 0A B E 3C 4B E EKId><KeyId>Spec 0A B C 2F 4B V1TestKey</KeyId 0A60 3E 3C 4B E 3E ><KeyVrsn> A C 2F 4B E 3E 3C </KeyVrsn><D 0A E E 4F C erivtnid>oyclpqe 0A90 3D 3C 2F E E 3C 2F 4B =</DerivtnId></K 0AA0 45 4B E 3C 4B E E 41 EKId><KeyNcrptnA 0AB0 6C 67 6F 3E 3C 41 6C 67 6F 3E 44 4B C 2F lgo><algo>dkpt</ 0AC0 41 6C 67 6F 3E 3C 2F 4B E E Algo></KeyNcrptn 0AD0 41 6C 67 6F 3E 3C 4E B E Algo><NcrptdKey> 0AE D 3C 2F 4E pAgABc=</Ncrptd 0AF0 4B E 3C 2F 4B 45 4B 3E 3C 2F Key></KEK></Rcpt 0B00 3E 3C 4D C 67 6F 3E 3C 41 6C 67 6F 3E ><MACAlgo><Algo> 0B10 4D C 2F 41 6C 67 6F 3E 3C 2F 4D MCCS</Algo></MAC 0B C 67 6F 3E 3C 4E C E 74 Algo><NcpsltdCnt 0B E 3C 43 6E E C 2F t><cntttp>data</ 0B E E 3C 2F 4E C CnttTp></Ncpsltd 0B E E 3C 4D E 39 6A 4B Cntt><MAC>9jK8bP 0B60 6C 70 2F 4B 55 3D 3C 2F 4D E 3C 2F lp/ku=</mac></au 5 Message Examples Page 73

74 0B E E 3C 2F thntcddata></sct 0B C 72 3E 3C 2F ytrlr></accptrcf 0B E E 3C 2F 44 6F D 65 6E gtnupd></documen 0BA0 74 3E t> 5 Message Examples Page 74

75 5.4 Maintenance Report StatusReport Message After the successfull downloading of the AcceptorConfigurationUpdate, the next action of the management plan is the download of a new management plan, to be performed just after the previous action (StartTime absent, WaitingTime="0"). The StatusReport to request the management plan includes the status of the previous maintenance action, and notifies the new version of the parameters: Message Item Value Header DownloadTransfer False FormatVersion 1.0 ExchangeIdentification 551 CreationDateTime T22:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager StatusReport POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type StatusReport CreationDateTime T22:45: :00 Content POICapabilities CardReadingCapabilities ICC CardReadingCapabilities MagneticStripe POIComponent ComponentType PINEntryDevice ManufacturerIdentification EPASOrg Model Counter Top E41 VersionNumber 3.42 SerialNumber POIComponent ComponentType Soft Model SEPA-FAST VersionNumber 1.0 POIComponent 5 Message Examples Page 75

76 ComponentType EMVKernel Model Generic VersionNumber 6.21 POIComponent ComponentType AcquirerParameters ManufacturerIdentification VersionNumber AttendanceContext Attended POIDateTime T22:45: :00 DataSetRequired Type ManagementPlan Event TimeStamp T22:45: :00 Result Success ActionIdentification ActionType Download DataSetIdentification Type AcquirerParameters Version CreationDateTime T22:45: :00 SecurityTrailer ContentType AuthenticatedData AuthenticatedData Recipient KEK KEKIdentification KeyIdentification SpecV1TestKey KeyVersion DerivationIdentification A501 KeyEncryptionAlgorithm Algorithm DUKPT EncryptedKey E MACAlgorithm Algorithm RetailSHA256MAC EncapsulatedContent ContentType PlainData MAC C717663BBE399A20 5 Message Examples Page 76

77 The XML encoded StatusReport message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <StsRpt> <Hdr> <DwnldTrf>false</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>551</XchgId> <CreDtTm> T22:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <StsRpt> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>STRP</Tp> <CreDtTm> T22:45: :00</CreDtTm> </Id> <Cntt> <POICpblties> <CardRdngCpblties>CICC</CardRdngCpblties> <CardRdngCpblties>MGST</CardRdngCpblties> </POICpblties> <POICmpnt> <POICmpntTp>PEDV</POICmpntTp> <ManfctrId>EPASOrg</ManfctrId> <Mdl>Counter Top E41</Mdl> <VrsnNb>3.42</VrsnNb> <SrlNb> </SrlNb> </POICmpnt> <POICmpnt> <POICmpntTp>SOFT</POICmpntTp> <Mdl>SEPA-FAST</Mdl> <VrsnNb>1.0</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>EMVK</POICmpntTp> <Mdl>Generic</Mdl> <VrsnNb>6.21</VrsnNb> </POICmpnt> <POICmpnt> <POICmpntTp>AQPR</POICmpntTp> <ManfctrId> </ManfctrId> <VrsnNb> </VrsnNb> </POICmpnt> <AttndncCntxt>ATTD</AttndncCntxt> <POIDtTm> T22:45: :00</POIDtTm> <DataSetReqrd> <Tp>MGTP</Tp> </DataSetReqrd> 5 Message Examples Page 77

78 <Evt> <TmStmp> T22:45: :00</TmStmp> <Rslt>SUCC</Rslt> <ActnId> <ActnTp>DWNL</ActnTp> <DataSetId> <Tp>AQPR</Tp> <Vrsn> </Vrsn> <CreDtTm> T22:45: :00</CreDtTm> </DataSetId> </ActnId> </Evt> </Cntt> </DataSet> </StsRpt> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>xxdmO745miA=</MAC> </AuthntcdData> </SctyTrlr> </StsRpt> </Document> 5 Message Examples Page 78

79 The canonical form of the message body StsRpt (without spaces or line breaks) is dumped below: C E 3C 50 4F E 3C <StsRpt><POIId>< E C 2F E Id> </Id> C E 4F 50 4F 49 3C 2F E 3C <Tp>OPOI</Tp><Is E 54 4D C 2F E 3C 2F sr>tmgt</issr></ F E 3C D 6E 6C 4D POIId><TermnlMgr E 3C E D Id><Id>epas-acqu D 54 4D 31 3C 2F E 3C irer-tm1</id><tp E 54 4D C 2F E 3C 2F D >TMGT</Tp></Term E 6C 4D E 3C nlmgrid><dataset E 3C E 3C E C 2F 54 ><Id><Tp>STRP</T 00A0 70 3E 3C D 3E D p><credttm> b D A A E T22:45: C0 37 2B A C 2F D 7+02:00</CreDtTm 00D0 3E 3C 2F E 3C 43 6E E 3C 50 4F 49 ></Id><Cntt><POI 00E C E 3C Cpblties><CardRd 00F0 6E C E C ngcpblties>cicc< F E C /CardRdngCpbltie E 3C E C 74 s><cardrdngcpblt E 4D C 2F ies>mgst</cardrd E C E 3C 2F 50 4F 49 ngcpblties></poi C E 3C 50 4F D 70 Cpblties><POICmp E 74 3E 3C 50 4F D 70 6E E 50 nt><poicmpnttp>p C 2F 50 4F D 70 6E E EDV</POICmpntTp> C 4D 61 6E E F <ManfctrId>EPASO C 2F 4D 61 6E E 3C 4D rg</manfctrid><m C 3E 43 6F 75 6E F dl>counter Top E 01A C 2F 4D 64 6C 3E 3C E 4E 62 3E 41</Mdl><VrsnNb> 01B0 33 2E C 2F E 4E 62 3E 3C </VrsnNb><Sr 01C0 6C 4E 62 3E C 2F lnb> </ 01D C 4E 62 3E 3C 2F 50 4F D 70 6E 74 SrlNb></POICmpnt 01E0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 01F0 6D 70 6E E 53 4F C 2F 50 4F 49 mpnttp>soft</poi D 70 6E E 3C 4D 64 6C 3E CmpntTp><Mdl>SEP D C 2F 4D 64 6C 3E 3C A-FAST</Mdl><Vrs E 4E 62 3E 31 2E 30 3C 2F E 4E 62 3E nnb>1.0</vrsnnb> C 2F 50 4F D 70 6E 74 3E 3C 50 4F </POICmpnt><POIC D 70 6E 74 3E 3C 50 4F D 70 6E mpnt><poicmpnttp E 45 4D 56 4B 3C 2F 50 4F D 70 6E >EMVK</POICmpntT E 3C 4D 64 6C 3E E C 2F p><mdl>generic</ D 64 6C 3E 3C E 4E 62 3E 36 2E Mdl><VrsnNb> C 2F E 4E 62 3E 3C 2F 50 4F D </VrsnNb></POICm E 74 3E 3C 50 4F D 70 6E 74 3E 3C 50 pnt><poicmpnt><p 02A0 4F D 70 6E E C 2F OICmpntTp>AQPR</ 02B0 50 4F D 70 6E E 3C 4D 61 6E 66 POICmpntTp><Manf 02C E C 2F 4D ctrid> </m 02D0 61 6E E 3C E 4E 62 anfctrid><vrsnnb 02E0 3E C > < 02F0 2F E 4E 62 3E 3C 2F 50 4F D 70 /VrsnNb></POICmp E 74 3E 3C E 64 6E E nt><attndnccntxt E C 2F E 64 6E E >ATTD</AttndncCn E 3C 50 4F D 3E txt><poidttm> D D A A T22:45: E B A C 2F 50 4F :00</POIDt D 3E 3C Tm><DataSetReqrd E 3C E 4D C 2F E 3C 2F ><Tp>MGTP</Tp></ E 3C DataSetReqrd><Ev E 3C 54 6D D 70 3E D 30 t><tmstmp> D A A E T22:45: A0 2B A C 2F 54 6D D 70 3E 3C +02:00</TmStmp>< 03B C 74 3E C 2F C 74 3E Rslt>SUCC</Rslt> 03C0 3C E E 3C E E <ActnId><ActnTp> 03D E 4C 3C 2F E E 3C DWNL</ActnTp><Da 03E E 3C E tasetid><tp>aqpr 03F0 3C 2F E 3C E 3E </Tp><Vrsn> C 2F E 3E </Vrsn> C D 3E D <CreDtTm> D A A E B -23T22:45: A C 2F D 3E 3C 02:00</CreDtTm>< 5 Message Examples Page 79

80 0440 2F E 3C 2F /DataSetId></Act E E 3C 2F E 3C 2F 43 6E nid></evt></cntt E 3C 2F E 3C 2F ></DataSet></Sts E Rpt> The SHA-256 digest of the canonical form of the message body StsRpt is: C 2D 2E C7 08 F E EA BB 2E.-...AvNW..6W F B5 28 A7 A2 BE F4 28 DC 2B FE 75 A6.0v..(...(.+.u. After padding, the digest becomes: C 2D 2E C7 08 F E EA BB 2E.-...AvNW..6W F B5 28 A7 A2 BE F4 28 DC 2B FE 75 A6.0v..(...(.+.u Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the StatusReport C717663BBE399A20 and after conversion in base64 "xxdmo745mia=" D AC CB 9D DF E %FDP...fr A 0E 8D EA B3 13 AE 5A AA 67 AC C9 D9 BA C4 92 :...Z.g C B BE 39 9A 20..f;.9. The message sent by the transport protocol is: A 3C 3F 78 6D 6C F...<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C E 3C E 3C <StsRpt><Hdr><Dw 00A0 6E 6C E C C 2F nldtrf>false</dw 00B0 6E 6C E 3C D E nldtrf><frmtvrsn 00C0 3E 31 2E 30 3C 2F D E 3E 3C >1.0</FrmtVrsn>< 00D E C 2F XchgId>551</Xchg 00E E 3C D 3E Id><CreDtTm> F0 2D D A A E T22:45: B A C 2F :00</CreDtT D 3E 3C 49 6E E 3C E m><initgpty><id> C 2F E 3C </Id><Tp E 4F 50 4F 49 3C 2F E 3C E >OPOI</Tp><Issr> D C 2F E 3C 2F 49 6E 69 TMGT</Issr></Ini E 3C E 3C tgpty><rcptpty>< E D Id>epas-acquirer D 54 4D 31 3C 2F E 3C E 54 4D 47 -TM1</Id><Tp>TMG C 2F E 3C 2F E T</Tp></RcptPty> C 2F E 3C E 3C 50 </Hdr><StsRpt><P 01A0 4F E 3C E OIId><Id> B0 31 3C 2F E 3C E 4F 50 4F 49 3C 2F 1</Id><Tp>OPOI</ 01C E 3C E 54 4D C 2F 49 Tp><Issr>TMGT</I 01D E 3C 2F 50 4F E 3C ssr></poiid><ter 01E0 6D 6E 6C 4D E 3C E mnlmgrid><id>epa 01F0 73 2D D 54 4D 31 3C 2F s-acquirer-tm1</ E 3C E 54 4D C 2F E Id><Tp>TMGT</Tp> C 2F D 6E 6C 4D E 3C 44 </TermnlMgrId><D E 3C E 3C E 53 ataset><id><tp>s C 2F E 3C D TRP</Tp><CreDtTm E D D A 34 > T22: A E B A C 2F 43 5: :00</C D 3E 3C 2F E 3C 43 6E 74 redttm></id><cnt 5 Message Examples Page 80

81 E 3C 50 4F C E 3C t><poicpblties>< E C CardRdngCpblties E C 2F E >CICC</CardRdngC 02A C E 3C E pblties><cardrdn 02B C E 4D C 2F gcpblties>mgst</ 02C E C CardRdngCpblties 02D0 3E 3C 2F 50 4F C E 3C ></POICpblties>< 02E0 50 4F D 70 6E 74 3E 3C 50 4F D 70 POICmpnt><POICmp 02F0 6E E C 2F 50 4F D nttp>pedv</poicm E E 3C 4D 61 6E pnttp><manfctrid E F C 2F 4D 61 6E >EPASOrg</Manfct E 3C 4D 64 6C 3E 43 6F 75 6E rid><mdl>counter F C 2F 4D 64 6C 3E 3C 56 Top E41</Mdl><V E 4E 62 3E 33 2E C 2F E rsnnb>3.42</vrsn E 62 3E 3C C 4E 62 3E Nb><SrlNb> C 2F C 4E 62 3E 3C 2F 50 4F 0759</SrlNb></PO D 70 6E 74 3E 3C 50 4F D 70 6E 74 ICmpnt><POICmpnt E 3C 50 4F D 70 6E E 53 4F 46 ><POICmpntTp>SOF C 2F 50 4F D 70 6E E 3C 4D T</POICmpntTp><M 03A0 64 6C 3E D C 2F 4D 64 dl>sepa-fast</md 03B0 6C 3E 3C E 4E 62 3E 31 2E 30 3C 2F 56 l><vrsnnb>1.0</v 03C E 4E 62 3E 3C 2F 50 4F D 70 6E 74 rsnnb></poicmpnt 03D0 3E 3C 50 4F D 70 6E 74 3E 3C 50 4F ><POICmpnt><POIC 03E0 6D 70 6E E 45 4D 56 4B 3C 2F 50 4F 49 mpnttp>emvk</poi 03F0 43 6D 70 6E E 3C 4D 64 6C 3E E CmpntTp><Mdl>Gen C 2F 4D 64 6C 3E 3C E 4E eric</mdl><vrsnn E 36 2E C 2F E 4E 62 3E 3C b>6.21</vrsnnb>< F 50 4F D 70 6E 74 3E 3C 50 4F D /POICmpnt><POICm E 74 3E 3C 50 4F D 70 6E E pnt><poicmpnttp> C 2F 50 4F D 70 6E AQPR</POICmpntTp E 3C 4D 61 6E E ><ManfctrId> C 2F 4D 61 6E E 3C 351</ManfctrId>< E 4E 62 3E VrsnNb> C 2F E 4E 62 3E 3C 2F 81900</VrsnNb></ F D 70 6E 74 3E 3C E 64 6E POICmpnt><Attndn 04A E E C 2F ccntxt>attd</att 04B0 6E 64 6E E E 3C 50 4F ndnccntxt><poidt 04C0 54 6D 3E D D Tm> T22 04D0 3A A E B A C :45: :00< 04E0 2F 50 4F D 3E 3C /POIDtTm><DataSe 04F E 3C E 4D C treqrd><tp>mgtp< F E 3C 2F /Tp></DataSetReq E 3C E 3C 54 6D D 70 3E rd><evt><tmstmp> D D A T22: A E B A C 2F 54 6D : :00</Tm D 70 3E 3C C 74 3E C Stmp><Rslt>SUCC< F C 74 3E 3C E E 3C 41 /Rslt><ActnId><A E E E 4C 3C 2F E ctntp>dwnl</actn E 3C E 3C 54 Tp><DataSetId><T E C 2F E 3C E p>aqpr</tp><vrsn E C > < 05A0 2F E 3E 3C D 3E 32 /Vrsn><CreDtTm>2 05B D D A A T22:45: 05C E B A C 2F :00</Cre 05D D 3E 3C 2F DtTm></DataSetId 05E0 3E 3C 2F E E 3C 2F E ></ActnId></Evt> 05F0 3C 2F 43 6E E 3C 2F </Cntt></DataSet E 3C 2F E 3C ></StsRpt><SctyT C 72 3E 3C 43 6E E rlr><cntttp>auth C 2F 43 6E E 3C E 74 </CnttTp><Authnt E 3C E 3C 4B 45 cddata><rcpt><ke B 3E 3C 4B 45 4B E 3C 4B E K><KEKId><KeyId> B C 2F 4B SpecV1TestKey</K E 3C 4B E 3E eyid><keyvrsn> C 2F 4B </KeyVrs E 3E 3C E E 4F n><derivtnid>oyc C D 3C 2F E lpqe=</derivtnid 06A0 3E 3C 2F 4B 45 4B E 3C 4B E ></KEKId><KeyNcr 06B E 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 44 4B ptnalgo><algo>dk 5 Message Examples Page 81

82 06C C 2F 41 6C 67 6F 3E 3C 2F 4B E 63 PT</Algo></KeyNc 06D E 41 6C 67 6F 3E 3C 4E rptnalgo><ncrptd 06E0 4B E D 3C 2F 4E 63 Key>4pAgABc=</Nc 06F B E 3C 2F 4B 45 4B 3E 3C 2F rptdkey></kek></ E 3C 4D C 67 6F 3E 3C 41 Rcpt><MACAlgo><A C 67 6F 3E 4D C 2F 41 6C 67 6F 3E 3C lgo>mccs</algo>< F 4D C 67 6F 3E 3C 4E C 74 /MACAlgo><Ncpslt E E 3C 43 6E E dcntt><cntttp>da C 2F 43 6E E 3C 2F 4E TA</CnttTp></Ncp C E E 3C 4D E sltdcntt><mac>xx D 4F D D 3C 2F 4D E dmo745mia=</mac> C 2F E E 3C </AuthntcdData>< F C 72 3E 3C 2F /SctyTrlr></StsR E 3C 2F 44 6F D 65 6E 74 3E pt></document> 5 Message Examples Page 82

83 5.4.2 ManagementPlanReplacement Message The TM sends the cyclic management plan for the POI which contains only one action: The request of a management plan every day at 22h45 with a maximum of 2 possible retries in case of incident. DataSet Type Action Type Trigger StartTime WaitingTime Period ManagementPlan Download DateTime T22:45:00 1 day The ManagementPlanReplacement message body contains the action presented below: Message Item Value Header DownloadTransfer True FormatVersion 1.0 ExchangeIdentification 551 CreationDateTime T23:45: :00 InitiatingParty Identification Type OriginationgPOI Issuer TerminalManager RecipientParty Identification epas-acquirer-tm1 Type TerminalManager ManagementPlan POIIdentification Identification Type OriginationgPOI Issuer TerminalManager TerminalManagerdentification Identification epas-acquirer-tm1 Type TerminalManager DataSet Identification Type ManagementPlan CreationDateTime T23:45: :00 Content Action Type Download Address PrimaryAddress TM1.Test.EPASOrg.eu PrimaryPortNumber 5001 DataSetIdentification Type ManagementPlan Trigger DateTime TimeCondition StartTime T22:45:00 Period Retry Delay 10 5 Message Examples Page 83

84 MaximumNumber 2 SecurityTrailer ContentType AuthenticatedData AuthenticatedData Recipient KEK KEKIdentification KeyIdentification SpecV1TestKey KeyVersion DerivationIdentification A501 KeyEncryptionAlgorithm Algorithm DUKPT EncryptedKey E MACAlgorithm Algorithm RetailSHA256MAC EncapsulatedContent ContentType PlainData MAC 4C22D26AE822262E 5 Message Examples Page 84

85 The XML encoded ManagementPlanReplacement message is presented below. <?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi=" xmlns="urn:swift:xsd:catm "> <MgmtPlanRplcmnt> <Hdr> <DwnldTrf>true</DwnldTrf> <FrmtVrsn>1.0</FrmtVrsn> <XchgId>551</XchgId> <CreDtTm> T23:45: :00</CreDtTm> <InitgPty> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </InitgPty> <RcptPty> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </RcptPty> </Hdr> <MgmtPlan> <POIId> <Id> </Id> <Tp>OPOI</Tp> <Issr>TMGT</Issr> </POIId> <TermnlMgrId> <Id>epas-acquirer-TM1</Id> <Tp>TMGT</Tp> </TermnlMgrId> <DataSet> <Id> <Tp>AQPR</Tp> <CreDtTm> T23:45: :00</CreDtTm> </Id> <Cntt> <Actn> <Tp>DWNL</Tp> <Adr> <PmryAdr>TM1.Test.EPASOrg.eu</PmryAdr> <PmryPortNb>5001</PmryPortNb> </Adr> <DataSetId> <Tp>MGTP</Tp> </DataSetId> <Trggr>DATE</Trggr> <TmCond> <StartTm> T22:45:00</StartTm> <Prd>10000</Prd> <ReTry> <Dely>10</Dely> <MaxNb>2</MaxNb> </ReTry> </TmCond> </Actn> </Cntt> </DataSet> </MgmtPlan> <SctyTrlr> <CnttTp>AUTH</CnttTp> <AuthntcdData> <Rcpt> <KEK> <KEKId> <KeyId>SpecV1TestKey</KeyId> <KeyVrsn> </KeyVrsn> <DerivtnId>OYclpQE=</DerivtnId> 5 Message Examples Page 85

86 </KEKId> <KeyNcrptnAlgo> <Algo>DKPT</Algo> </KeyNcrptnAlgo> <NcrptdKey>4pAgABc=</NcrptdKey> </KEK> </Rcpt> <MACAlgo> <Algo>MCCS</Algo> </MACAlgo> <NcpsltdCntt> <CnttTp>DATA</CnttTp> </NcpsltdCntt> <MAC>TCLSaugiJi4=</MAC> </AuthntcdData> </SctyTrlr> </MgmtPlanRplcmnt> </Document> 5 Message Examples Page 86

87 The canonical form of the message body MgmtPlan (without spaces or line breaks) is dumped below: C 4D 67 6D C 61 6E 3E 3C 50 4F <MgmtPlan><POIId E 3C E C 2F 49 ><Id> </I E 3C E 4F 50 4F 49 3C 2F E 3C d><tp>opoi</tp>< E 54 4D C 2F E Issr>TMGT</Issr> C 2F 50 4F E 3C D 6E 6C 4D </POIId><TermnlM E 3C E D grid><id>epas-ac D 54 4D 31 3C 2F E 3C quirer-tm1</id>< E 54 4D C 2F E 3C 2F Tp>TMGT</Tp></Te D 6E 6C 4D E 3C rmnlmgrid><datas E 3C E 3C E C et><id><tp>aqpr< 00A0 2F E 3C D 3E /Tp><CreDtTm>201 00B0 31 2D D A A T23:45:03 00C0 2E B A C 2F :00</CreDt 00D0 54 6D 3E 3C 2F E 3C 43 6E E 3C 41 Tm></Id><Cntt><A 00E E 3E 3C E E 4C 3C 2F ctn><tp>dwnl</tp 00F0 3E 3C E 3C 50 6D E 54 ><Adr><PmryAdr>T D 31 2E E F E M1.Test.EPASOrg C 2F 50 6D E 3C 50 6D 72 eu</pmryadr><pmr F E 62 3E C 2F 50 6D yportnb>5001</pm F E 62 3E 3C 2F E 3C ryportnb></adr>< E 3C E 4D 47 DataSetId><Tp>MG C 2F E 3C 2F TP</Tp></DataSet E 3C E C 2F Id><Trggr>DATE</ E 3C 54 6D 43 6F 6E 64 3E 3C 53 Trggr><TmCond><S D 3E D tarttm> D A A C 2F T22:45:00</St 01A D 3E 3C E arttm><prd> B0 3C 2F E 3C E 3C </Prd><ReTry><De 01C0 6C 79 3E C 2F C 79 3E 3C 4D ly>10</dely><max 01D0 4E 62 3E 32 3C 2F 4D E 62 3E 3C 2F Nb>2</MaxNb></Re 01E E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 Try></TmCond></A 01F E 3E 3C 2F 43 6E E 3C 2F ctn></cntt></dat E 3C 2F 4D 67 6D C 61 6E 3E aset></mgmtplan> The SHA-256 digest of the canonical form of the message body MgmtPlan is: C 95 C C C B2 35 2F EB....eb.ui.,.5/ FE 23 3C 1B 2B AB C0 91 2B 42 C2 09 5D E #<.+...+B..].tp After padding, the digest becomes: C 95 C C C B2 35 2F EB....eb.ui.,.5/ FE 23 3C 1B 2B AB C0 91 2B 42 C2 09 5D E #<.+...+B..].tp Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA), we obtain the MAC of the ManagementPlan 4C22D26AE822262E and after conversion in base64 "TCLSaugiJi4=" FC CF 49 0C B4 E C DE I..#...Ep DF F1 21 3C E8 8A D0 6C A 21...!<...l...! C 22 D2 6A E E L".j."&. 5 Message Examples Page 87

88 The message sent by the transport protocol is: C 3F 78 6D 6C F...G<?xml versio E 3D E E 63 6F E 67 n="1.0" encoding D D F 3E 3C 44 6F D ="UTF-8"?><Docum E D 6C 6E 73 3A D ent xmlns:xsi="h A 2F 2F E E 6F ttp:// F F 58 4D 4C D 61 2D /2001/XMLSchema E E D 6C 6E 73 3D instance" xmlns= E 3A A A 63 "urn:swift:xsd:c D 2E E E E atm "> C 4D 67 6D C 61 6E C 63 6D 6E 74 <MgmtPlanRplcmnt 00A0 3E 3C E 3C E 6C E ><Hdr><DwnldTrf> 00B C 2F E 6C E 3C true</dwnldtrf>< 00C D E 3E 31 2E 30 3C 2F FrmtVrsn>1.0</Fr 00D0 6D E 3E 3C E 35 mtvrsn><xchgid>5 00E C 2F E 3C </XchgId><CreD 00F D 3E D D ttm> t A A E B A :45: : C 2F D 3E 3C 49 6E </CreDtTm><Initg E 3C E Pty><Id> C 2F E 3C E 4F 50 4F 49 3C 2F 54 </Id><Tp>OPOI</T E 3C E 54 4D C 2F p><issr>tmgt</is E 3C 2F 49 6E E 3C 52 sr></initgpty><r E 3C E D cptpty><id>epas D 54 4D 31 3C 2F acquirer-tm1</id E 3C E 54 4D C 2F E 3C 2F ><Tp>TMGT</Tp></ E 3C 2F E 3C 4D RcptPty></Hdr><M 01A0 67 6D C 61 6E 3E 3C 50 4F E 3C gmtplan><poiid>< 01B E C 2F E Id> </Id> 01C0 3C E 4F 50 4F 49 3C 2F E 3C <Tp>OPOI</Tp><Is 01D E 54 4D C 2F E 3C 2F sr>tmgt</issr></ 01E0 50 4F E 3C D 6E 6C 4D POIId><TermnlMgr 01F E 3C E D Id><Id>epas-acqu D 54 4D 31 3C 2F E 3C irer-tm1</id><tp E 54 4D C 2F E 3C 2F D >TMGT</Tp></Term E 6C 4D E 3C nlmgrid><dataset E 3C E 3C E C 2F 54 ><Id><Tp>AQPR</T E 3C D 3E D p><credttm> D A A E T23:45: B A C 2F D 5+02:00</CreDtTm E 3C 2F E 3C 43 6E E 3C ></Id><Cntt><Act E 3E 3C E E 4C 3C 2F E 3C n><tp>dwnl</tp>< E 3C 50 6D E 54 4D 31 Adr><PmryAdr>TM1 02A0 2E E F E Test.EPASOrg.eu 02B0 3C 2F 50 6D E 3C 50 6D </PmryAdr><PmryP 02C0 6F E 62 3E C 2F 50 6D ortnb>5001</pmry 02D0 50 6F E 62 3E 3C 2F E 3C PortNb></Adr><Da 02E E 3C E 4D tasetid><tp>mgtp 02F0 3C 2F E 3C 2F </Tp></DataSetId E 3C E C 2F ><Trggr>DATE</Tr E 3C 54 6D 43 6F 6E 64 3E 3C ggr><tmcond><sta D 3E D D 32 rttm> A A C 2F T22:45:00</Star D 3E 3C E C 2F ttm><prd>10000</ E 3C E 3C C 79 Prd><ReTry><Dely E C 2F C 79 3E 3C 4D E 62 >10</Dely><MaxNb E 32 3C 2F 4D E 62 3E 3C 2F >2</MaxNb></ReTr E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F y></tmcond></act E 3E 3C 2F 43 6E E 3C 2F n></cntt></datas 03A E 3C 2F 4D 67 6D C 61 6E 3E 3C 53 et></mgmtplan><s 03B C 72 3E 3C 43 6E E ctytrlr><cntttp> 03C C 2F 43 6E E 3C AUTH</CnttTp><Au 03D E E 3C thntcddata><rcpt 03E0 3E 3C 4B 45 4B 3E 3C 4B 45 4B E 3C 4B 65 ><KEK><KEKId><Ke 03F E B 65 yid>specv1testke C 2F 4B E 3C 4B y</keyid><keyvrs E 3E C 2F 4B 65 n> </ke E 3E 3C E yvrsn><derivtnid E 4F C D 3C 2F >OYclpQE=</Deriv 5 Message Examples Page 88

89 E E 3C 2F 4B 45 4B E 3C 4B 65 tnid></kekid><ke E E 41 6C 67 6F 3E 3C 41 6C 67 yncrptnalgo><alg F 3E 44 4B C 2F 41 6C 67 6F 3E 3C 2F 4B o>dkpt</algo></k E E 41 6C 67 6F 3E 3C 4E 63 eyncrptnalgo><nc B E D rptdkey>4pagabc= C 2F 4E B E 3C 2F 4B 45 </NcrptdKey></KE 04A0 4B 3E 3C 2F E 3C 4D C 67 K></Rcpt><MACAlg 04B0 6F 3E 3C 41 6C 67 6F 3E 4D C 2F 41 6C o><algo>mccs</al 04C0 67 6F 3E 3C 2F 4D C 67 6F 3E 3C 4E 63 go></macalgo><nc 04D C E E 3C 43 6E psltdcntt><cnttt 04E0 70 3E C 2F 43 6E E 3C p>data</cntttp>< 04F0 2F 4E C E E 3C 4D 41 /NcpsltdCntt><MA E C A D 3C 2F C>TCLSaugiJi4=</ D E 3C 2F E MAC></AuthntcdDa E 3C 2F C 72 3E 3C 2F ta></sctytrlr></ D 67 6D C 61 6E C 63 6D 6E 74 3E MgmtPlanRplcmnt> C 2F 44 6F D 65 6E 74 3E </Document> 5 Message Examples Page 89

90 6 Alternative Message Exchanges The Message Definition Report of the TMS protocol is describing the TMS messages without mentioning the transport mechanism used to exchange the data. The transport mechanism used may vary for each message but only the following alternatives are described in the document: 1. Message Exchange only (see section 6.1): o o StatusReport as request and ManagementPlanReplacement as response message StatusReport as request and AcceptorConfigurationUpdate as response message 2. File Transfer only (see section 6.2): o o o StatusReport uploaded per file transfer protocol ManagementPlanReplacement downloaded per file transfer protocol AcceptorConfigurationUpdate downloaded per file transfer protocol 3. Message Exchange and File Transfer (see section 6.3): o o StatusReport as request and ManagementPlanReplacement as response message AcceptorConfigurationUpdate downloaded per file transfer protocol Depending on the applied transport protocol the contents of some message element may differ (e.g. DataSetRequired in the StatusReport, Action.DataSetIdentification.Name in the ManagementPlanReplacement and the cryptographic mechanism used in the SecurityTrailer). 6.1 Message Exchange only This section describes the TMS protocol and the handling of the messages by the POI and TMS if the StatusReport, the ManagementPlanReplacement and the AcceptorConfigurationUpdate are exchanged as messages only. The StatusReport message is used to request either the response messages ManagementPlanReplacement or AcceptorConfigurationUpdate. The ManagementPlanReplacement response message is requested by the POI using the StatusReport message containing the message element DataSetRequired. The type of message in the DataSetIdentification is "ManagementPlan" then. The AcceptorConfigurationUpdate response message is requested by the POI using the StatusReport message containing the message element DataSetRequired. The Type of dataset in the DataSetIdentification is "AcquirerParameters" or "ApplicationParameters" then. The diagram in figure 2 shows the scenario described above. The card acceptor establishes a communication session manually. The POI sends the StatusReport to inform the MTM about the parameter versions already installed and receives in the response the management plan generated by the MTM. The new management plan contains a list of actions to be performed: 1. The StatusReport as request for AcceptorConfigurationUpdate containing the new acquirer parameters. 2. The StatusReport as request for a new management plan. If the trigger of the first action is reached the POI sends the StatusReport and receives the new acquirer parameters in the response. Afterwards the POI sends a StatusReport as request message with the result of the parameter update and gets back the new management plan in the response. 6 Alternative Message Exchanges Page 90

91 Figure 2: TMS messages transferred as message exchanges Upload StatusReport The action Upload StatusReport is initiated when the StartTime in the message element TimeCondition is reached. The POI processing for sending a StatusReport to a Terminal Manager is the following one: 1. The timing conditions of all outstanding TMS actions are analysed. 2. If a StartTime is reached for the upload of the StatusReport, this action is initiated. 3. The POI builds MessageBody, SecurityTrailer and MessageHeader of the StatusReport file as described in section The POI sends the message to the TMS using the address defined in the TMS action or the local configuration of the POI ManagementPlanReplacement The response message contains the new management plan. The POI replaces the current management plan and analyses the new one. The new Management plan contains several actions: actions to request new parameters with an absolute start time. the sending of a status report after WaitingTime the sending of a status report at a given StartTime the last action instructs to request a new management plan Processing of the ManagementPlanReplacement 1. The POI checks the signature of the received message. 6 Alternative Message Exchanges Page 91

92 2. The POI checks whether the dataset category present in the element Type in Identification corresponds to the type of file name. 3. The POI stores the version of the management plan in the log of Event. 4. CreationDate is used to identify the management plan. 5. The list of TMS actions in Action is analysed: The actions are analysed for correctness The presence of mandatory data elements is checked All existing data elements have to be correctly formatted. The validation of the files is performed according to section 3.2 but the data element Identification.Name must exist for each download. 6 Alternative Message Exchanges Page 92

93 Excecution of the ManagementPlanReplacement The ManagementPlanReplacement contents complies with the contents described in section 3. ManagementPlanReplacement (example 1) StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - - Download AcquirerParameters D1 Download ManagementPlan 1. The POI requests acquirer parameters when the StartTime T0 is reached. 2. If the response message containing the acquirer parameters is processed by the POI the POI sends the result of the parameter update to the TMS after a waiting time D1 and receives a new management plan in the response message. ManagementPlanReplacement (example 2). StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - Cycle1 Download - AcquirerParameters D1 - Download - MerchantParameters D2 - Download - ManagementPlan 1. The POI requests acquirer parameters when the StartTime T0 is reached. 2. If the response message containing the acquirer parameters is processed the POI requests merchant parameters after a waiting time D1. 3. If the response message containing the merchant parameters is processed by the POI the POI sends the result of the parameter update to the TMS after a waiting time D2 and receives a new management plan in the response message. 6.2 File Transfer only This section describes the differences of the TMS protocol and the handling of the messages by the POI and TMS if the StatusReport and the ManagementPlanReplacement are exchanged as files using FTP. If the ManagementPlanReplacement file is requested by the POI by the StatusReport the message element DataSetRequired has to be present to inform the TMS to provide the new ManagementPlanReplacement file on the corresponding file directory. If the ManagementPlanReplacement file is downloaded by a file transfer to the POI there is no request necessary. The message element DataSetRequired is not needed then. The diagram in figure 3 shows the scenario described above. The card acceptor establishes a FTP session with the MTM. The POI uploads the StatusReport and downloads a new management plan. The new management plan of the MTM contains a list of actions to be performed: 6 Alternative Message Exchanges Page 93

94 1. The download of several AcceptorConfigurationUpdate files (illustrated as loop of actions) containing new vendor parameters. The acceptor parameters issued by the vendor are identified by their file name in the definition of the TMS action. 2. The upload of the StatusReport to the MTM for sending the status of the new parameters. 3. The upload of the StatusReport to one TM for sending the status of the new parameters. 4. The download of the management plan of the TM after a period. If the trigger of the first action is reached the POI downloads several files containing new acquirer parameters. Afterwards the POI uploads a StatusReport to the MTM with the result of the download including the actual version of the acquirer parameter set. If the trigger of the third action is reached the POI establishes a FTP session with the TM, uploads a StatusReport and downloads a management plan generated by the TM. The management plan of the TM contains a list of actions to be performed: 1. The download of several AcceptorConfigurationUpdate files (illustrated as loop of actions) containing new acquirer parameters. The acceptor parameters issued by the Acquirer are identified by their file name in the definition of the TMS action. 2. The upload of the StatusReport to the TM for sending the status of the new parameters. Figure 3: TMS messages transferred as files 6 Alternative Message Exchanges Page 94

95 6.2.1 Upload of a StatusReport The action Upload StatusReport is initiated when StartTime in TimeCondition is reached (StartTime = dd.mm.yyyy hh.mm.ss). The POI processing for sending a StatusReport to a Terminal Manager is the following one: 1. The timing conditions of all outstanding TMS actions are analysed. 2. If a StartTime is reached for the upload of the "StatusReport" this action has to be started. The StatusReport contains the log of Event containing at least the last twenty events (Last in, first out) if already existing. The log will never be erased completely. 3. The POI builds the MessageBody and SecurityTrailer of the StatusReport file as described in section The POI builds the header of the file and generates the file name of the report as follows: "SR" concatenated with the counter converted to six characters (range '0'-'F') and ".XML". 5. The POI performs the login into the TMS FTP server. a) If the POI is not able to establish the FTP session, it tries it again according to the definition in ReTry or saves the error directly in the log of Event with the Result "ConnectionError", if no retry is defined. b) If a username and AccessCode is needed to login, the POI uses the corresponding data in the component Address of the TMS action. If the FTP server denies the access the POI saves the error in the log of Event with the Result "AccessDenied". c) If the login was successful the POI changes the directory to Rep. This directory may be presented by the FTP server as a physical or virtual directory dedicated for this POI. 6. The POI uploads the StatusReport to this directory. 7. If the StartTime or WaitingTime of the next action is shorter than in internally defined period for the session the FTP session is kept open for the next action. 8. The timing conditions of the remaining actions are analysed. If a StartTime is expired or the delay to the previous action is reached the action will be started if allowed. 9. If the TimeCondition of the action done contains a Period, the new StartTime is calculated (New StartTime = StartTime + Period) and stored in the management plan. 10. If no other StartTime is reached the session will be closed Download of a ManagementPlanReplacement The action Download the management plan is initiated when the WaitingTime after the previous action is reached. The POI analyses the new management plan and replaces the current one if no error has been found. The new management plan contains several actions: Actions to download the parameter files with an absolute start time. Usually the parameter files are downloaded immediately. Upload of the status report after WaitingTime Upload of the status report at a given StartTime The last action instructs to download a new management Plan Processing of a ManagementPlanReplacement 1. The POI performs a login to the TMS FTP server and changes the directory to MgtPlan. The error handling is performed according to section Alternative Message Exchanges Page 95

96 2. The POI downloads the management plan with the file name taken from the specific action or the default management plan named MP XML if existing and the file to be downloaded does not exist. If neither the default management plan nor the specific one exists the POI logs the error in the log of Event with the Result "MissingFile". 3. The POI checks the signature of the received message. 4. The POI checks whether the dataset category present in the Type in the identification corresponds to the type of file name. 5. The POI stores the version of the management plan in the log of Event. 6. CreationDate is used to identify the management plan. 7. SequenceCounter is used by the TMS to identify all dataset structures with the same CreationDate. It is used if the dataset is split into several files. SequenceCounter starts with `1`. The last dataset of the series is identified by the maximum value of the SequenceCounter `9999`. 8. Subsequently the list Action in is analysed. The actions are analysed for correctness The presence of mandatory data elements is checked All existing data elements have to be correctly formatted. The validation of the files is performed according to section 3.2 but the data element Identification.Name must exist for each download Execution of a ManagementPlanReplacement A ManagementPlanReplacement complies to the contents described in section 3 with two exceptions: Rule 7 Rule 8 The Upload of the StatusReport and the Download of the ManagementPlanReplacement are separate actions, so that the ManagementPlanReplacement is not downloaded after each StatusReport upload. The message element Identification.Name must always contain the filename to be downloaded. ManagementPlanReplacement (example 1) StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - - Upload - StatusReport D1 - Download PA XML AcquirerParameters D2 - Download MP XML ManagementPlan The delays D1 and D2 are set according to the reaction time of the TMS for building the files AcceptorConfigurationUpdate and ManagementReplacement if the content of these files depend on the StatusReport. ManagementPlanReplacement (example 2) StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - - Upload - StatusReport D1 - Download PA XML AcquirerParameters T1 - - Upload - StatusReport D2 - Download MP XML ManagementPlan 6 Alternative Message Exchanges Page 96

97 ManagementPlanReplacement (example 3) StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - Cycle1 Upload - StatusReport D1 - Download PA XML AcquirerParameters D2 - Download PA XML MerchantParameters T1 - - Upload - StatusReport D3 - Download MP XML ManagementPlan ManagementPlanReplacement (example 4) StartTime WaitingTime Period Type Identification.Name Identification.Type T0 - Download PA XML MerchantParameters - D1 Download PA XML AcquirerParameters - D2 Upload - StatusReport T1=T0+D4 - Cycle1 Upload - StatusReport D3 - Download MP XML ManagementPlan 6 Alternative Message Exchanges Page 97

98 6.3 Message Exchange and File Transfer The POI may also use different transport protocols for the exchange of the TMS messages. Figure 4Erreur! Source du renvoi introuvable. shows a scenario where the POI sends a StatusReport as requested and receives a ManagementPlanReplacement as a response. The AcceptorConfigurationUpdate is downloaded by the POI as a file using the File Transport Protocol. This TMS session is initiated by the card acceptor since a TMSTrigger in the response message of the acquirer has been received. In this scenario the rules for building a management plan by the MTM - as described in section 6.1 for the StatusReport and ManagementPlanReplacement apply. The rules of section 5.2 for AcceptorConfigurationUpdate apply as well. Figure 4: TMS messages transferred as both messages and file 6 Alternative Message Exchanges Page 98

99 7 Error Handling Below are some basic rules for handling errors: ERR1: Ignored if the recipient cannot interpret the message components or elements (actually, not to be considered as an error). ERR2: The complete message to be discarded and the event to be logged as "FormatError" (e.g. alphanumeric or binary instead of numeric) if a component or a message element has the wrong format. ERR3: The complete message to be discarded and the event to be logged as "SyntaxError" (e.g. missing ending Tag, missing mandatory element, unexpected attributes) if a parsing error occurs. ERR4: The complete message to be discarded and the event to be logged as "LengthError" if the message element or the complete message does not respect the defined length (element or component exceeding the length or being to short). ERR5: If a message is requested by the POI and the response is not received after a defined period the event is logged as "Timeout". 7 Error Handling Page 99

100 8 CMS and Usage of Certificates The Cryptographic Message Syntax (CMS) defines a generic data structure. This data structure is an encapsulation of an encrypted content, an authentication code (MAC), a digital signature, or a digest of any arbitrary part of a message. The CMS is general enough to convey various attributes related to the protected data (e.g. identifications of the used keys, encrypted keys, cryptographic algorithms with their parameters, certificate and revocation lists, time stamps), and can support various architectures of key management. In addition the syntax of the data structure accepts multiple encapsulations, and these encapsulations can be nested. As illustrated in the figure below, the CMS generic data structure is used: 1. To reformat the data protected by the application with the related information (e.g. encrypted, cryptographic keys for the POI). 2. To protect the sensible data transferred in the message with the required security (e.g. black list of cards). 3. To protect the complete message body by a digital signature or a MAC. EPAS Message Header EPAS Message Header EPAS Message Header MessageBody MessageBody MessageBody (a) Data1 ProtectedData1 (b) (c) Data2 Data3 ContentInformationType ProtectedData2 ContentInformationType Unprotected message Data3 protected data Message containing protected data ContentInformationType SecurityTrailer Message with body protected by a signature in a SecurityTrailer Figure 5: CMS Data Protection in Terminal Management Protocol Messages The TMS protocol uses standard cryptographic algorithms and hash function mechanisms. The TMS protocol messages use three types of protection: 1) Protection of sensitive data especially cryptographic keys. 2) Protection of the message by a digital signature. 3) Protection of the message by a MAC (Message Authentication Code). For the generation of a digest the SHA-256 hash function is used. For the generation of a digital signature the algorithm SHA-256withRSAEncryption will be applied. The encryption of data is not part of the current release of the protocol. The generation of a MAC is described using the algorithm Retail-CBC-MAC with SHA-256 is described in the "CAPE, Card Payments, Message Usage Guide". The encryption of data is not part of the current release of the protocol. 8 CMS and Usage of Certificates Page 100

101 8.1 POI Signatures Signatures Generation For the generation of the signature the POI uses the following cryptographic keys and algorithms. SignerIdentifier = certpr MTM_CA(PU POI_AUTH) certificate = - DigestAlgorithm.Algorithm = HS25 SignatureAlgorithm. Algorithm = ERS2 These information are sent to the TMS in the security trailer of the message. The POI uses the complete message body for the conversion according to the UTF-8 format. The signature is then generated by the POI of the UTF-8 formatted message body contents including the envelope (start and end Tag) using the private key PR POI_AUTH. The binary value of the signature is converted to the BASE64 format and placed in the message element Signature of the security trailer. The message element ContentType of the component EncapsulatedContent is filled with SignedData. In addition the message element RelativeDistinguishedName in the component Signer of the security trailer is filled with the identification data of the MTM_CA as Country, the organisation, optional the organisational unit name (OU) and the identifier in common name (CN) that is also present in the message element POIIdentification.Identification. The serial number of the POI certificate is placed in the element SerialNumber Signatures Verification For the verification of the signature generated by the POI the TM or MTM uses the following cryptographic keys and algorithms. SignerIdentifier = certpr MTM_CA (PU POI_AUTH ) certificate = - DigestAlgorithm.Algorithm SignatureAlgorithm. Algorithm = ERS2 = HS25 These information are sent to the TMS in the security trailer of the message. The message element RelativeDistinguishedName in the component Signer of the security trailer contains the identification data of the MTM_CA as Country, the organisation, optional the organisational unit name (OU) and the identifier in common name (CN) that is also present in the message element TerminalManagerIdentification.Identification. The serial number of the POI certificate is placed in the element SerialNumber. The TMS uses the identified certificate of the POI public key for authentication certpr MTM_CA (PU POI_AUTH ) to verify the POI signature. After verifying the authenticity of the POI public key using the public key of the MTM CA the message contents is analysed. Using the message elements Issuer and the SerialNumber of the certificate in the component SignerIdentifier of the security trailer of the message the certificate of the POI is identified in the data base. If the certificate is present in the trailer the CA root key has to be identified in the data base only. Alternatively the certificate of the POI public key may be part of the security trailer stored in Certificate. The signature present in the message element Signature has to be converted from the BASE64 format to the binary format. The TMS uses the complete message body for the binary conversion according to the UTF-8 format. The signature sent by the POI of the binary content is then verified using the public key PU POI_AUTH. 8 CMS and Usage of Certificates Page 101

102 8.2 TM Signatures TM Signatures Verification For the verification of the signature generated by the MTM the POI uses the following cryptographic keys and algorithms. SignerIdentifier = certpr MTM_CA (PU TM_AUTH ) certificate DigestAlgorithm.Algorithm = certpr MTM_CA (PU TM_AUTH ) (optional) = HS25 SignatureAlgorithm. Algorithm = ERS2 These information are sent to the POI in the security trailer of the message. The certificate of the TM public key may already be present in the POI System. The POI uses the identified certificate of the TMS public key for authentication certpr MTM_CA (PU TM_AUTH ) to verify the TMS signature. If the verification of the authenticity by the POI fails, the POI saves the error in the log of Event with the Result "UnknownKeyReference". After verifying the authenticity of the TM public key using the public key of the MTM CA the message contents is analysed. The signature present in the message element Signature has to be converted from the BASE64 format to the binary format. The TMS uses the complete message body for the binary conversion according to the UTF-8 format. The signature sent by the TM of the binary content is then verified using the public key PU TM_AUTH MTM Signatures Verification For the verification of the signature generated by the MTM the POI uses the following cryptographic keys and algorithms. SignerIdentifier = certpr MTM_CA (PU MTM_AUTH ) certificate = - DigestAlgorithm.Algorithm = HS25 SignatureAlgorithm. Algorithm = ERS2 These information are sent to the POI in the security trailer of the message. The certificate of the POI is already part of the TMS data base. The POI uses the identified certificate of the TMS public key for authentication certpr MTM_CA (PU MTM_AUTH ) to verify the TMS signature. If the verification of the authenticity by the POI fails, the POI saves the error in the log of Event with the Result "UnknownKeyReference" with the AdditionalErrorInformation containing the wrong element, here "SerialNumber". After verifying the authenticity of the TM public key using the public key of the MTM CA the message contents is analysed. The signature present in the message element Signature has to be converted from the BASE64 format to the binary format. The TMS uses the complete message body for the binary conversion according to the UTF-8 format. The signature sent by the MTM of the binary content is then verified by the POI using the public key PU MTM_AUTH. The POI, TM and MTM certificates are based on X.509 version 3 certificates as defined in ITU T X.509 third edition and in RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. 8 CMS and Usage of Certificates Page 102

103 The minimal content of these certificates is given in Table 1 below, where the presence of some fields depends on whether it is the POI certificate, the MTM certificate, the certificate of an intermediate Certificate Authority (CA). Certificates Content Remark Signed Certificate Version Version 3 Serial Number Signature Algorithm Identifier SHA-256withRSAEncryption Issuer Period of Validity Subject Subject s Public Key Exponent 3 not allowed Extensions Subject Key Identifier Except for end entity Basic Constraints Subject Alternative Name Only for the SSL Server certificate Authority Key Identifier Key Usage Signature Algorithm Identifier SHA-256withRSAEncryption Signature Value Table 1: Minimal X.509 POI Certificates Content The certificates listed in the following sections will be used for the EPAS protocol security. 8 CMS and Usage of Certificates Page 103

104 8.3 X.509 Certificates POI certificate The POI certificate certpr MTM (PU POI ) shall satisfy the following requirements. The minimal content of the certificate shall be as given in Table 1 above. The Subject field shall at least contain the following attributes. o o o o The Country attribute set to the country of the POI Manufacturer. The Organisation attribute set to a POI Manufacturer Identifier/Name. The Organisational Unit attribute set to the Model name assigned by the POI Manufacturer. The Common Name attribute is uniquely identifying the POI and coded as 16 to 32 ASCII characters. The length of the private/public key pair of the POI shall be at least 1152 bits. The public key exponent of is recommended TM certificate The TM certificate certpr MTM (PU TM ) shall satisfy the following requirements. The minimal content of the certificate shall be as given in Table 1 above. The Subject field shall at least contain the following attributes. o o o The Country attribute set to the country of the TM operator. The Organisation attribute set to a TM operator Identifier. The Common Name attribute shall be set to a unique TM site identifier set by the MTM. The length of the private/public key pair shall be 2048 bits. The public key exponent of is recommended MTM certificate The Master Terminal Manager certificate certpr CA (PU MTM ) shall satisfy the following requirements. The minimal content of the certificate shall be as given in Table 1 above. The Subject field shall at least contain the following attributes. o o o The Country attribute set to the country of the Master Terminal Manager. The Organisation attribute set to a Master Terminal Manager Identifier. The Common Name attribute set to a unique Master Terminal Manager site identifier assigned by the Acquirer. The length of the private/public key pair shall be 2048 bits. The public key exponent shall not be 3; a public key exponent of is recommended. In the following the corresponding examples for the POI, TM and MTM certificates are listed. For the POI certificate the Subject Organisational Unit (OU) should be a vendor specific model name of the device identifying the product clearly. The model name should also correspond to the name sent in the Acquirer Protocol Message element POI.Component.Model. The Common Name (CN) should contain the vendor specific serial number of the secure device of the POI using the Certificate. This serial number with a length of max. 32 bits is also part of the Key Serial Number with a length of 40 bits used to derive the device specific key for the Acquirer message security. 8 CMS and Usage of Certificates Page 104

105 8.3.4 POI Certificate Example poi.txt The subject related information (C=DE, O=CompanyName6, OU=CompanyName6 TestCenter, CN=CompanyName6 POI) is understandable as an example and should be replaced by actual values. Certificate: Data: Version: 3 (0x2) Serial Number: 10:c6:41:f5:5c:40:0c:b4 Signature Algorithm: sha256withrsaencryption Issuer: C=DE, O=CompanyName2, OU=TEST-TestCenter, CN=TEST-MTM-CA Validity Not Before: Aug 8 11:57: GMT Not After : Dec 25 11:57: GMT Subject: C=DE, O=CompanyName6, OU=CompanyName6 TestCenter, CN=CompanyName6 POI Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1152 bit) Modulus (1152 bit): 00:ac:06:e1:a5:76:13:3e:59:83:b3:c1:01:84:7c: 1e:22:f8:d1:35:bc:52:20:ae:66:c4:b6:7c:a5:5b: 14:56:8f:08:3b:a0:24:25:0d:71:7c:6f:6b:8f:51: 85:2d:7a:ae:f3:e5:2c:e4:eb:e8:d6:6f:a0:af:5c: 9a:f7:95:96:dd:34:51:16:5c:22:e8:e2:d8:ca:4c: 31:e9:a8:52:a7:f7:75:26:bf:76:fc:a4:68:3d:da: b9:18:4e:43:d2:6e:3e:7a:10:cd:ea:5d:5b:51:96: b7:62:87:27:51:9f:fc:12:88:29:ae:16:26:37:82: a7:48:ce:90:7d:bc:f6:39:73:6d:0e:e0:39:25:78: b6:07:b9:61:2d:c3:92:fa:6d:4b Exponent: (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 61:6A:22:EE:E9:30:34:F9:78:0A:D1:5E:F8:EC:E8:13:8E:B7:0B:29 X509v3 Authority Key Identifier: keyid:90:67:99:32:e4:eb:4b:08:d3:fb:24:85:fd:b9:0f:ae:ef:4f:2c:83 X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature Signature Algorithm: sha256withrsaencryption 32:d5:24:b2:05:5b:6d:f3:52:cc:fc:53:59:dc:9f:d3:3d:81: 76:01:d0:5f:1f:dd:43:e4:14:7d:cb:fa:22:f6:f7:4f:bf:c7: 73:74:cc:fd:5e:f3:41:7e:d1:37:82:4e:23:e8:b8:f7:17:ef: 53:7e:73:aa:a0:30:b3:c6:ff:dd:89:71:fb:10:c3:66:b6:4b: 96:42:ec:50:66:cd:08:0c:6b:5c:fb:7d:32:29:e5:e5:b4:c2: 0c:d3:48:39:44:41:5b:1a:1c:f2:63:03:01:cf:6d:b7:e2:21: 47:2e:59:0e:43:e5:89:8b:1a:e9:eb:27:24:70:66:fb:c3:49: 4a:b1:6f:c5:aa:e4:ef:ea:f3:0b:7f:03:90:d8:68:3d:34:54: a6:68:f9:1d:e0:d1:63:49:e0:20:d2:06:06:6b:7d:24:13:e8: 25:58:7a:15:5e:29:e4:1b:0f:1f:ea:86:b2:37:65:95:c3:ab: 7d:97:e9:32:ce:40:06:09:e1:4e:fa:46:d9:d5:5a:3c:e2:fc: 0c:2a:ff:b7:a8:07:02:01:01:e2:ab:2e:b5:c8:d2:d5:97:e7: f2:43:15:39:3d:66:79:bf:7c:cd:66:f9:5e:99:af:2c:39:01: 64:b2:14:57:31:8f:1a:d9:29:39:b0:14:43:a5:e7:07:10:c5: e0:31:58:e1 8 CMS and Usage of Certificates Page 105

106 -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgIIEMZB9VxADLQwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE BhMCREUxFTATBgNVBAoTDENvbXBhbnlOYW1lMjEYMBYGA1UECxMPVEVTVC1UZXN0 Q2VudGVyMRQwEgYDVQQDEwtURVNULU1UTS1DQTAeFw0wODA4MDgxMTU3MzRaFw0z NTEyMjUxMTU3MzRaMGExCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxDb21wYW55TmFt ZTYxIDAeBgNVBAsTF0NvbXBhbnlOYW1lNiBUZXN0Q2VudGVyMRkwFwYDVQQDExBD b21wyw55tmftztygue9jmigvma0gcsqgsib3dqebaquaa4gdadcbmqkbkqcsbugl dhm+wyozwqgefb4i+ne1vfigrmbetnylwxrwjwg7ocqldxf8b2upuyuteq7z5szk 6+jWb6CvXJr3lZbdNFEWXCLo4tjKTDHpqFKn93Umv3b8pGg92rkYTkPSbj56EM3q XVtRlrdihydRn/wSiCmuFiY3gqdIzpB9vPY5c20O4DkleLYHuWEtw5L6bUsCAwEA AaNgMF4wHQYDVR0OBBYEFGFqIu7pMDT5eArRXvjs6BOOtwspMB8GA1UdIwQYMBaA FJBnmTLk60sI0/skhf25D67vTyyDMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD AgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAy1SSyBVtt81LM/FNZ3J/TPYF2AdBfH91D 5BR9y/oi9vdPv8dzdMz9XvNBftE3gk4j6Lj3F+9TfnOqoDCzxv/diXH7EMNmtkuW QuxQZs0IDGtc+30yKeXltMIM00g5REFbGhzyYwMBz2234iFHLlkOQ+WJixrp6yck cgb7w0lksw/fqutv6vmlfwoq2gg9nfsmapkd4nfjseag0gyga30ke+glwhovxink Gw8f6oayN2WVw6t9l+kyzkAGCeFO+kbZ1Vo84vwMKv+3qAcCAQHiqy61yNLVl+fy QxU5PWZ5v3zNZvlema8sOQFkshRXMY8a2Sk5sBRDpecHEMXgMVjh -----END CERTIFICATE MTM Certificate Example mtmauth.txt The subject related information (C=DE, O=CompanyName3, OU=CompanyName3 POI Distribution, CN=CompanyName3 MTM-AUTH, IP Address: ) is understandable as an example and should be replaced by actual values. Certificate: Data: Version: 3 (0x2) Serial Number: 10:c6:41:f5:5c:40:0c:b1 Signature Algorithm: sha256withrsaencryption Issuer: C=DE, O=CompanyName2, OU=TEST-TestCenter, CN=TEST-MTM-CA Validity Not Before: Aug 8 11:57: GMT Not After : Dec 25 11:57: GMT Subject: C=DE, O=CompanyName3, OU=CompanyName3 POI Distribution, CN=CompanyName3 MTM-AUTH Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:aa:6d:e4:52:3b:64:0a:ce:01:9d:d0:a2:f4:99: 6e:b1:b4:5d:0b:9f:58:ab:43:ac:ee:b4:cf:f8:74: 8d:7f:47:e1:45:7a:24:f8:53:94:ba:4c:ea:db:54: 75:b0:f5:d5:b7:58:01:ac:a9:d4:b2:0e:8d:da:c1: e5:7b:ed:18:43:f6:55:f4:e7:78:d0:0c:f0:30:e4: c5:6a:07:a2:da:7c:c3:47:1c:db:19:bb:19:cd:68: 94:1e:88:6d:07:68:ad:d3:a0:7f:ec:34:f5:52:a2: 0a:d9:e6:0d:14:37:66:cb:82:a2:9e:c7:83:db:8f: 75:a4:e7:48:95:38:25:83:b1:ce:5f:a3:c1:19:6e: 47:6f:c9:bf:5d:32:3b:56:8c:16:a8:ca:5f:86:46: e2:77:95:26:0f:99:8e:24:fe:aa:40:c9:f7:f8:58: 95:35:c5:c9:01:12:12:7b:67:78:7a:70:f6:99:2c: 08:07:3c:f6:b0:b7:9d:8d:3c:d6:b9:49:c7:65:01: 5c:ce:b2:b8:67:66:ef:26:60:28:25:0f:8c:ab:91: 15:cd:ca:d6:f2:e2:93:94:75:0f:47:d5:2e:28:00: 27:94:b1:e6:ec:c3:48:22:28:68:cd:b9:a0:bb:74: 63:41:5f:49:2d:62:b0:24:e9:13:9b:60:25:45:73: 56:41 Exponent: (0x10001) X509v3 extensions: 8 CMS and Usage of Certificates Page 106

107 X509v3 Subject Key Identifier: 0D:54:56:9D:CC:FF:1D:0C:8E:AD:DB:AE:80:A5:9A:63:6B:92:81:DE X509v3 Authority Key Identifier: keyid:90:67:99:32:e4:eb:4b:08:d3:fb:24:85:fd:b9:0f:ae:ef:4f:2c:83 X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Subject Alternative Name: IP Address: Signature Algorithm: sha256withrsaencryption 9d:93:f5:40:18:89:b5:06:bb:f7:27:08:3a:91:be:0a:d1:e3: 46:28:ae:ca:9d:15:15:26:ec:c4:5a:56:10:07:10:21:99:ca: ea:8b:a6:80:8a:68:42:f1:01:a5:c4:9a:76:b7:2c:47:3e:8f: 5f:6e:39:6e:dc:27:e9:fe:a7:84:da:93:2a:54:c2:a9:3e:00: 0e:b4:a1:e6:79:3b:5e:6c:b4:1f:4a:0e:4c:a6:bc:b0:71:00: 4b:3c:1e:18:da:89:db:ff:d2:cd:27:85:3f:b4:0b:2d:5a:4d: 96:a6:fa:90:ac:c1:14:b4:e4:6f:ec:b2:58:c4:a4:be:94:67: fc:3f:d4:33:0e:a3:52:1c:57:e8:d3:af:c7:16:72:1b:d6:2f: 44:9d:fe:75:5c:be:cb:03:af:44:52:f1:f3:6c:ad:9c:83:ae: 7e:90:1b:64:5d:86:55:57:e3:b4:70:02:5e:a0:98:62:17:37: fa:58:ad:6a:34:db:93:74:91:05:87:fe:1c:9d:e9:f8:d1:ce: 6a:ec:87:d5:46:5c:0f:8f:e6:d5:f9:c2:c7:1a:22:f5:5b:92: 3e:56:60:7c:fd:5a:a4:2f:a6:c4:ce:2e:05:66:e9:a4:7d:e2: 83:8a:3f:93:84:3d:e7:52:78:c4:36:ac:db:86:a4:65:31:84: fb:2a:03:fd -----BEGIN CERTIFICATE----- MIIDszCCApugAwIBAgIIEMZB9VxADLEwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE BhMCREUxFTATBgNVBAoTDENvbXBhbnlOYW1lMjEYMBYGA1UECxMPVEVTVC1UZXN0 Q2VudGVyMRQwEgYDVQQDEwtURVNULU1UTS1DQTAeFw0wODA4MDgxMTU3MzNaFw0z NTEyMjUxMTU3MzNaMGwxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxDb21wYW55TmFt ZTMxJjAkBgNVBAsTHUNvbXBhbnlOYW1lMyBQT0kgRGlzdHJpYnV0aW9uMR4wHAYD VQQDExVDb21wYW55TmFtZTMgTVRNLUFVVEgwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCqbeRSO2QKzgGd0KL0mW6xtF0Ln1irQ6zutM/4dI1/R+FFeiT4 U5S6TOrbVHWw9dW3WAGsqdSyDo3aweV77RhD9lX053jQDPAw5MVqB6LafMNHHNsZ uxnnajqeig0hak3toh/snpvsogrz5g0un2blgqkex4pbj3wk50ivocwdsc5fo8ez bkdvyb9dmjtwjbaoyl+gruj3lsypmy4k/qpayff4wju1xckbehj7z3h6cpazlagh PPawt52NPNa5ScdlAVzOsrhnZu8mYCglD4yrkRXNytby4pOUdQ9H1S4oACeUsebs w0gikgjnuac7dgnbx0ktyrak6robycvfc1zbagmbaagjctbvmb0ga1uddgqwbbqn VFadzP8dDI6t266ApZpja5KB3jAfBgNVHSMEGDAWgBSQZ5ky5OtLCNP7JIX9uQ+u 708sgzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAPBgNVHREECDAGhwTA qaobma0gcsqgsib3dqebcwuaa4ibaqcdk/vagim1brv3jwg6kb4k0engkk7knruv JuzEWlYQBxAhmcrqi6aAimhC8QGlxJp2tyxHPo9fbjlu3Cfp/qeE2pMqVMKpPgAO tkhmetteblqfsg5mprywcqblpb4y2onb/9lnj4u/tastwk2wpvqqrmeutorv7ljy xks+lgf8p9qzdqnshffo06/hfnib1i9enf51xl7la69euvhzbk2cg65+kbtkxyzv V+O0cAJeoJhiFzf6WK1qNNuTdJEFh/4cnen40c5q7IfVRlwPj+bV+cLHGiL1W5I+ VmB8/VqkL6bEzi4FZumkfeKDij+ThD3nUnjENqzbhqRlMYT7KgP END CERTIFICATE CMS and Usage of Certificates Page 107

108 8.3.6 TM Server Certificate Example tmauth.txt The subject related information (C=DE, O=CompanyName4, OU=CompanyName4 AcquirerTM, CN=CompanyName4 TM-AUTH, IP Address: ) is understandable as an example and should be replaced by actual values. Certificate: Data: Version: 3 (0x2) Serial Number: 10:c6:41:f5:5c:40:0c:b2 Signature Algorithm: sha256withrsaencryption Issuer: C=DE, O=CompanyName2, OU=TEST-TestCenter, CN=TEST-MTM-CA Validity Not Before: Aug 8 11:57: GMT Not After : Dec 25 11:57: GMT Subject: C=DE, O=CompanyName4, OU=CompanyName4 AcquirerTM, CN=CompanyName4 TM-AUTH Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bc:69:74:d4:41:fa:98:78:a6:ef:6b:a1:c5:5f: 22:97:cf:71:0a:98:c8:58:b7:4f:48:8c:a3:0f:c5: 9a:fc:c9:0e:13:bb:44:db:aa:23:7c:e1:d9:5e:6a: a9:be:00:bc:0d:03:ed:f8:b9:ab:7a:b6:e4:a0:04: 74:de:10:c0:e8:06:1f:e5:36:a7:37:b0:8d:08:8e: 8c:42:76:9b:62:7f:b7:ec:6e:ec:20:75:60:17:25: 99:a3:93:2f:ea:8f:c2:2d:1c:ca:b8:3e:9f:9f:ac: c2:5e:5c:7c:f1:84:dc:12:44:57:05:43:c1:6c:40: ec:3d:73:a2:f9:27:86:2a:cc:c3:0c:0d:32:0f:89: 82:b6:4d:18:ca:3c:16:63:1c:a3:2a:f4:0e:32:d3: 36:65:f8:b5:70:ff:5b:6f:70:01:55:4f:e9:2b:70: cb:8c:c1:7c:bc:83:f1:c8:33:fa:8a:b1:85:57:f7: 30:cf:6b:1f:72:1e:e7:85:7f:21:d7:1b:27:50:d8: ff:f2:68:53:10:66:e8:7a:bb:a5:46:71:f3:ce:97: 09:7a:1e:f2:fa:be:53:79:df:6b:60:c3:5b:f7:74: c3:3d:2c:12:b0:a7:3d:15:cc:5e:21:eb:b7:be:a8: a2:82:51:fa:04:a6:79:fe:b1:bf:ec:b6:f5:ae:e8: 3e:ef Exponent: (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 40:01:E4:D4:27:45:4F:FE:78:33:B7:B1:06:80:53:63:65:77:58:59 X509v3 Authority Key Identifier: keyid:90:67:99:32:e4:eb:4b:08:d3:fb:24:85:fd:b9:0f:ae:ef:4f:2c:83 X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Subject Alternative Name: IP Address: Signature Algorithm: sha256withrsaencryption a3:9a:3e:1e:0d:b6:bd:bc:b1:69:5c:46:b0:0a:72:3e:0e:5a: 8 CMS and Usage of Certificates Page 108

109 9e:0c:77:6d:65:20:ef:36:24:fa:7b:8c:6a:f4:56:3d:8a:33: 47:85:12:d9:0d:2b:4a:d5:27:ef:37:2e:59:f3:b9:f0:02:47: e3:e3:a4:a5:19:b2:4a:cc:53:9f:3c:b7:bb:c1:55:c0:c8:6d: 8e:fc:77:08:51:70:09:3e:4c:da:c5:db:3b:c7:db:d9:fc:0f: 63:8a:45:46:83:b1:9d:a4:e6:a2:d0:e5:b8:c0:2e:b6:b2:29: 23:2e:30:23:d7:0d:f0:28:2f:44:37:52:bb:33:7e:d5:b0:71: 24:e1:d5:34:ca:31:68:2e:f1:ec:73:05:19:50:17:7f:46:4e: 58:eb:4d:e2:92:74:eb:0b:d0:84:91:bc:f8:bb:77:2a:81:7b: e5:e7:a5:6d:84:58:a9:9f:ab:74:5b:18:79:bc:88:74:2b:12: 20:dc:23:76:c7:06:7f:01:85:f4:8f:76:7c:7c:6d:44:94:2e: 00:f8:f9:cc:48:9e:3b:c9:cb:9f:19:a4:10:f1:77:09:18:54: 9f:91:b9:66:6d:fe:1a:e2:b8:aa:d0:89:89:a4:b5:d3:75:b8: 9f:43:a0:ad:18:95:05:33:59:42:9b:27:96:23:3f:df:ac:6b: 8c:4d:ae: BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIIEMZB9VxADLIwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE BhMCREUxFTATBgNVBAoTDENvbXBhbnlOYW1lMjEYMBYGA1UECxMPVEVTVC1UZXN0 Q2VudGVyMRQwEgYDVQQDEwtURVNULU1UTS1DQTAeFw0wODA4MDgxMTU3MzNaFw0z NTEyMjUxMTU3MzNaMGUxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxDb21wYW55TmFt ZTQxIDAeBgNVBAsTF0NvbXBhbnlOYW1lNCBBY3F1aXJlclRNMR0wGwYDVQQDExRD b21wyw55tmftztqgve0tqvvusdccasiwdqyjkozihvcnaqebbqadggepadccaqoc ggebalxpdnrb+ph4pu9rocvfipfpcqqyyfi3t0imow/fmvzjdho7rnuqi3zh2v5q qb4ava0d7fi5q3q25kaedn4qwoggh+u2pzewjqiojej2m2j/t+xu7cb1ybclmaot L+qPwi0cyrg+n5+swl5cfPGE3BJEVwVDwWxA7D1zovknhirMwwwNMg+JgrZNGMo8 FmMcoyr0DjLTNmX4tXD/W29wAVVP6Stwy4zBfLyD8cgz+oqxhVf3MM9rH3Ie54V/ IdcbJ1DY//JoUxBm6Hq7pUZx886XCXoe8vq+U3nfa2DDW/d0wz0sErCnPRXMXiHr t76ooojr+gsmef6xv+y29a7opu8caweaaanxmg8whqydvr0obbyefeab5nqnru/+ edo3sqaau2nld1hzmb8ga1udiwqymbaafjbnmtlk60si0/skhf25d67vtyydmawg A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMA8GA1UdEQQIMAaHBMCoCgEwDQYJ KoZIhvcNAQELBQADggEBAKOaPh4Ntr28sWlcRrAKcj4OWp4Md21lIO82JPp7jGr0 Vj2KM0eFEtkNK0rVJ+83LlnzufACR+PjpKUZskrMU588t7vBVcDIbY78dwhRcAk+ TNrF2zvH29n8D2OKRUaDsZ2k5qLQ5bjALrayKSMuMCPXDfAoL0Q3UrszftWwcSTh 1TTKMWgu8exzBRlQF39GTljrTeKSdOsL0ISRvPi7dyqBe+XnpW2EWKmfq3RbGHm8 ihqreidci3bhbn8bhfspdnx8busulgd4+cxinjvjy58zpbdxdwkyvj+ruwzt/hri ukrqiymktdn1uj9dok0ylquzwukbj5yjp9+sa4xnrim= -----END CERTIFICATE CMS and Usage of Certificates Page 109

110 9 Transport Protocol Services For the first version of the EPAS TMS Protocol the transport protocol TCP (Transmission Control Protocol, specified in the RFC 793) as described in chapter 7 of Erreur! Source du renvoi introuvable. and the File Transfer Protocol (FTP) will be used for the transfer of data between the POI and the TMS. FTP is used as download and upload mechanism of the messages described in this document. The POI System represents the FTP client. The TMS represents the FTP server. The same filename conventions and structures should be used for other file transport mechanisms (e.g. for a local update using a USB memory stick). 9.1 File Transfer Protocol The File Transfer Protocol (FTP 3 ) is the protocol used by the EPAS application protocols to transfer files. This chapter contains the specification of the services of FTP to be implemented by the EPAS application protocols using file transfers The FTP Model FTP is a typical client/server protocol, where the client is the POI and the server the TMS host. The FTP specifications call the client the user in relation to the person who gets file transfer services. FTP uses two types of transport connections to provide the file transfer services: 1. The Control Connection, which is established at the creation of the FTP session, and carry on the command request by the client and the response from the server after the processing of the service. 2. The Data Connection, which is established each time a file has to be exchanged or any data like the content of a directory. The data connection is release at the end of the transfer. The set of components of the FTP client and of the FTP server are respectively called User-FTP Process and Server-FTP Process. FTP Client User-FTP Process User User Interface FTP Server Server-FTP Process User Protocol Interpreter (User-PI) Control Connection Server Protocol Interpreter (Server-PI) File System User Data Transfer Process (User-DTP) Data Connection Server Data Transfer Process (Server-DTP) File System Figure 6: The FTP Model 3 RFC 959, October 1985, by Jon Postel and Joyce Reynolds 9 Transport Protocol Services Page 110

111 FTP Client Components The User-FTP Process contains the following components: The User Interface, which provides an interface the application protocol. An interface to a human user is not required. The User Protocol Interpreter (User-PI), which manages the control connection. After the establishment of the connection, it processes the command requested by the User Interface and send them to the Server Protocol Interpreter. In addition, it manages the User Data Transfer Process. The User Data Transfer Process (User-DTP), which establishes or listens to the data connection at the request of the User Protocol Interpreter. It sends or receive data using the local file transfer where is implanted the User-FTP Process FTP Server Components The Server-FTP Process contains the following components: The Server Protocol Interpreter (Server-PI), which manages the control connection. It listens to the FTP reserved port for incoming connection requests coming from clients. It processes the command requested by the Client, send response on the control connection, and manages the Server Data Transfer Process. The Server Data Transfer Process (Server -DTP), which establishes or listens to the data connection at the request of the Server Protocol Interpreter. It sends or receive data using the local file transfer where is implanted the Server-FTP Process. 9 Transport Protocol Services Page 111

112 9.2 File Transfer Services Access Commands Login Sequence The command USER UserName is the first command transmitted by the client after the establishment of the control connection. UserName is the identification of the POI as described in the organisation unit and common name (OU used as Modelname concatenated with CN used as serial number with a possible separator) of the POI certificate subject name also used in the message header element InitiatingParty.ShortName. The command PASS Password is not mandatory, other and more appropriate authentication method has to be employed. Usually the password is equal to the username (e.g. the password is built by the serial number of the POI terminal concatenated with the merchant identifier). The command ACCT Account is not used FTP Session Termination The command QUIT is used to close the FTP session and is followed by the release of the control connection by the client after reception of the response. The command REIN reinitialises the FTP session without closing it. This command is used when a POI Server managing several POI, needs to exchange different types of files on the behalf of these POI Terminals Directory Positioning The command CWD DirName is the command the client use to go to the directory where a file has to be downloaded or uploaded. The directory structure shown below is presented by the TM to POI. The presented directories may be physical or virtual. DirName is the path name of the target directory to go to. The structure of an example of the file directory reachable is presented in the figure below. root / Acqu TMS Auth Capt Soft MgtPlan Param Rep Authorisations Captures Software Management Plan Report Vendor Mer Acq Vendor Merchant Acquirer Figure 7: FTP Server Directory Structure for TMS 9 Transport Protocol Services Page 112

113 9.2.2 FTP Transfer Parameter Commands Data Connection The command PASV to pass the server in a passive data connection mode is used by default to avoid the problem of firewall, Network Address Translation, and port change by the client 4. The response at the command informs to the client the server port to connect to. The command PORT DataPort and the active data mode is not used File Type The binary file type is used for the transfer. The command TYPE is not used Transfer Mode The file transfer mode which might be used are: The stream mode if the exchange of data does not require restart of the transfer after the beginning of the file. The block mode, if restart might be used if the file transfer does not terminate correctly. The POI must support the stream mode. The block mode may be used in addition for the file transfer. The command MODE TransferMode is sent by the Client to inform the stream or block mode to use for the next transfer. There is no recommendation for the position of the marker. The stream mode is the preferred solution File Structure The file (no record structure) structure is used for the transfer, so the command STRU is not used File Naming Conventions The file names contain the following information that are concatenated (min. 8 and max. 32 characters): - File Type o o o o o "SR" for Status report "MP" for Management Plan "SW" for Software Modules "PA" for Acceptor Configuration (e.g. Vendor, Merchant or Acquirer Parameter) "DD" for Delegation Data (e.g. TM certificate) - Value for the SequenceNumber (Default "00 00") - ".ASN" for ASN.1 coded and ".XML" for XML coded files. The sequence number is used to check if a file has to be downloaded: 1. If the sequence number is higher than the existing one the file has to be downloaded. 2. If the sequence number is equal or lower than the last number stored by the POI this sequence number is not acceptable. 4 See RFC 1579, Firewall-Friendly FTP 9 Transport Protocol Services Page 113

114 If there is no file with an acceptable sequence number the POI looks for a file with the default sequence number that can be downloaded instead of. Therefore the default value for the SequenceNumber is used to synchronise the sequence numbers present in the POI and TMS (This means that the default sequence number will reset the sequence number to "00 00"). If the maximum number is reached the TMS system resets the sequence number also with the default value. The following example illustrates the naming convention for a sequence of files if always the default name for the Management Plan is used: Download first Management Plan MP containing the Cyclic Call with two TMS actions: 1. Upload StatusReport and 2. Download Management Plan MP (StartTime plus Period defined). For a foreseen download of a parameter set the TMS server generates a new Management Plan MP containing three actions: 1. Upload StatusReport 2. Download Acceptor configuration PA Download new Management Plan MP00000 containing only the default actions Upload StatusReport and Download Management Plan MP For the next download of a new parameter set the TMS server generates a new Management Plan MP containing three actions: 1. Upload StatusReport 2. Download parameter set PA Download new Management Plan MP00000 containing only the default actions Upload StatusReport and Download Management Plan MP Transport Protocol Services Page 114

115 9.2.3 FTP Protocol Service Commands File Transfer The commands RETR and STOR are used to download and upload files. The command ALLO is necessary to allocate storage at the server before the transfer of files. The command REST Mark is used to restart the transfer from the specific marker Mark. This command has to be immediately followed by a RETR or a STOR command. For the stream mode the restart is not possible. The command ABOR is used to abort a transfer or a command Directory Management The command LIST is used to get the content of a directory. 9 Transport Protocol Services Page 115