Tms Messageusageguide 5.2
Tms Messageusageguide 5.2
4 CAPE
5 Card Payments
6 Terminal Management
7 Message Usage Guide
8
10
11
12
13
14 Version 5.2
15 22 March 2017
16
This information is protected by international intellectual property laws and its use is governed by the applicable End-User license
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
17
18 TABLE OF CONTENTS
19
20 1 Introduction ................................................................................................................. 7
21 1.1 Purpose of the Document ................................................................................................................ 7
22 1.2 References ......................................................................................................................................... 8
23 1.3 Terms and Definitions ...................................................................................................................... 8
24 1.4 Conventions....................................................................................................................................... 8
25 2 StatusReport (catm.001.001.05) .............................................................................. 10
26 2.1 Message Usage ............................................................................................................................... 10
27 2.2 Message Preparation ...................................................................................................................... 16
28 2.3 Message Processing ....................................................................................................................... 17
29 2.4 Business Rules Validation ............................................................................................................. 17
30 3 ManagementPlanReplacement (catm.002.001.05) .................................................. 18
31 3.1 Message Usage ............................................................................................................................... 18
32 3.2 Message Preparation ...................................................................................................................... 24
33 3.3 Message Processing ....................................................................................................................... 24
34 3.4 Execution of the Management Plan............................................................................................... 26
35 3.4.1 One-Time Call to the Maintenance Example ............................................................................. 28
36 3.4.2 Cyclic Call and Acquirer Parameters Download Examples ....................................................... 28
37 3.4.3 Cyclic Call after an Acquirer Parameters Download Examples ................................................. 29
38 3.4.4 Sequence of Parameters Downloads Example ......................................................................... 30
39 3.5 Error Handling during Management Plan Execution ................................................................... 30
40 3.6 Business Rules Validation ............................................................................................................. 31
41 4 AcceptorConfigurationUpdate (catm.003.001.05) ................................................... 33
42 4.1 Message Usage ............................................................................................................................... 33
43 4.2 Message Processing ....................................................................................................................... 45
44 4.3 Acquirer Protocol Parameters ....................................................................................................... 48
45 4.3.1 Configuration of Data Capture and Completion for Online Transactions .................................. 48
46 4.3.1.1 Financial Capture .................................................................................................................................. 48
47 4.3.1.2 Batch Transfer ....................................................................................................................................... 48
48 4.3.1.3 Completion Exchange ........................................................................................................................... 49
49 4.3.2 Configuration of Data Capture and Completion for Offline Transactions .................................. 50
50 4.3.2.1 Financial Capture .................................................................................................................................. 50
51 4.3.2.2 Batch Transfer ....................................................................................................................................... 50
52 4.3.2.3 Completion Exchange ........................................................................................................................... 50
53 4.3.3 Configuration of Reconciliation .................................................................................................. 51
54 4.3.4 Other Acquirer Protocol Configuration Parameters ................................................................... 52
55 4.3.4.1 BatchTransferContent ........................................................................................................................... 52
56 4.3.4.2 MessageItem ......................................................................................................................................... 52
57 4.4 Host Communication Parameters ................................................................................................. 53
58 4.5 Business Rules Validation ............................................................................................................. 53
59 5 TerminalManagementRejection (catm.004.001.04) ................................................. 56
60 5.1 Introduction ..................................................................................................................................... 56
Page ii
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
Page iii
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
Page iv
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
165
166
Page v
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
167 Figures
168
169 Figure 1 : StatusReport with no change on the ManagementPlan .................................................................. 28
170 Figure 2 : StatusReport with change on ManagementPlan and AcceptorConfigurationUpdate. .................... 29
171 Figure 3 Parameters management with multiple TM ....................................................................................... 46
172 Figure 4: Rejection of a TMS message ........................................................................................................... 56
173 Figure 5 One POI multiple Identifications ........................................................................................................ 63
174 Figure 6: Key Information .............................................................................................................................. 102
175 Figure 7: Sharing of a Key with a Host .......................................................................................................... 103
176 Figure 8: Key and Certificate Notations ......................................................................................................... 104
177 Figure 9: Encryption and Digital Signature Notations .................................................................................... 104
178 Figure 10: Key Check Value Notation ........................................................................................................... 105
179 Figure 11: POI and TM PKIs ......................................................................................................................... 105
180 Figure 12: Standard Key Dowload ................................................................................................................. 106
181 Figure 13: PKI used by the Key Download Example ..................................................................................... 113
182 Figure 14: Sequence of Message Exchanges ............................................................................................... 179
183 Figure 15: POI Architecture for Message Examples ..................................................................................... 181
184 Figure 16: TMS messages transferred as message exchanges ................................................................... 258
185 Figure 17: TMS messages transferred as files .............................................................................................. 261
186 Figure 18: TMS messages transferred as both messages and file ............................................................... 265
187 Figure 16: The FTP Model ............................................................................................................................. 267
188 Figure 15: FTP Server Directory Structure for TMS ...................................................................................... 269
189
Page vi
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
190 1 Introduction
191 1.1 Purpose of the Document
192 The present document describes how to use the messages of the EPAS Terminal Management Protocol
193 described in the document "Card Payment – Terminal Management, Message Definition Report" [CAPE
194 TMS MDR].
195
196
197
1 Introduction Page 7
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
201 [CAPE ACQ MUG] CAPE, Card Payments, Message Usage Guide, Version 5.0
202 [CAPE TMS MDR] ISO 20022, Card Payment - Terminal Management, Message Definition Report,
203 Edition February 2016
204 [EPAS SECU] Card Payment Protocols Security, EPASOrg, Version 2.0[RFC2119] Key
205 words for use in RFCs to Indicate Requirement Levels, March 1997
206
1 Introduction Page 8
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
237
1 Introduction Page 9
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
Action- [1..1] Copy of the Action of the management plan for which the outcome is
Identification notified in the current Event.
ActionType [1..1] See ManagementPlanReplacement
DataSet- [0..1] See ManagementPlanReplacement
Identification
Name [0..1] See ManagementPlanReplacement
Type [1..1] See ManagementPlanReplacement
Version [0..1] See ManagementPlanReplacement
Creation- [0..1] See ManagementPlanReplacement
DateTime
AdditionalError- [0..1] Complete the Result, giving details on the error (e.g. number of retries).
Information
Errors [0..*] Manufacturer specific log file for errors (e.g. card reader errors)
SecurityTrailer [0..1] Digital signature or MAC of the message body StatusReport, including
the delimiters (start and end tag for XML encoding).
276
277
322
323
353
354
355
3 For the first contact to the TM in the life cycle of the POI, the TM may use POIIdentification or DelegationProof of the
StatusReport message to register the POI and send back a first management plan to the POI.
TMChallenge [0..1] Terminal Manager challenge that the POI has to send in a
StatusReport requesting key download.
KeyEncipherment- [0..*] Certificate chain containing the signed public key encryption
Certificate key of the Terminal Manager used by the POI to send a
session key encryption key.
The format of the certificate is compliant with the DER X.509
369
370
394
395 Since the ManagementPlanReplacement may only have a ServerCertificate or a ClientCertificate without
396 any certificate chain, it is assumed that the certification authority is unique. Otherwise, it is assumed that a
397 delegation is managed. So in this case, the ManagementPlan must end the SecurityProfile with the value
398 “,ACT=CMRQ” and identify the DelegationScopeIdentification. When receiving this message, the POI must
399 send a CertificateManagementRequest with a self signed certificate with SecurityDomain set with the
400 DelegationScopeIdentification value. These constraints are expressed in Business Rule C15.
401 These assumptions and constraints are temporarily set until version V7.
402
418 2. If configured the POI checks the signature of the received message as described in [EPAS SECU]. If
419 asymmetric cryptography is used, the POI checks the signature by using the public key contained in
420 the certificate that is present in the security trailer or already defined in the configuration data of the
421 POI. For each terminal manager there is a separate certificate:
422 - certPRMTM_CA(PUMTM_AUTH) if the message was received from the MTM or
423 - certPRMTM_CA(PUTM_AUTH) if the message was received from the TM.
424 If the verification of the signature fails, the error is logged in Event with Result containing
425 "SignatureError" and AdditionalErrorInformation the text value "SecurityTrailer".
426 3. If applicable, the POI checks whether the information in the Certificate Subject correspond to the
427 TerminalManagerIdentification of the message body. If not, the action is logged in Event with Result
428 containing "InvalidContent" and AdditionalErrorInformation the text value "Signer.SignerIdentification".
429 4. The POI checks whether Type of Identification corresponds to "ManagementPlan". If not, the error is
430 logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value
431 "DataSet.Identification.Type".
432 5. The POI checks the completeness, syntax and contents of each action definition grouped by
433 TerminalManagerIdentification present in the received ManagementPlan. In case of an error, the
434 whole management plan is ignored. The list of Action of the previous management plan remains
435 valid. The error is then logged in Event.
436 5.1. The actions are analysed whether the actions are correctly defined. The mandatory data
437 elements have to be present (see ERR3, section 11). All existing data elements have to be
438 correctly formatted (ERR2, section 11).
439 5.2. If an enumeration value of data elements contained in action is unknown, the action may be
440 added to the Event log with Result containing "NotSupported" and AdditionalErrorInformation
441 containing the message component or element.
442 5.3. If the message element Address is not present in the received Action, the POI uses the currently
443 defined address of the TMS (e.g. manually entered at the POI by the user or issued in
444 TMSIdentification of TMSTrigger sent by the acquirer host or intermediary agent in an acquirer
445 protocol response message, or setup up by any another means).
446 5.4. Type or Name in DataSetIdentification is used to identify the category of data to be uploaded,
447 downloaded or deleted:
448 5.4.1. For the action "Upload", DataSetIdentification.Type must be present with the value
449 "StatusReport". All other elements of DataSetIdentification must be absent
450 5.4.2. For the action “Download” if DataSetIdentification.Type contains the value
451 “ManagementPlan”. All other elements must be absent.
452 5.4.3. For the action “Download” if DataSetIdentification.Type doesn’t contain the value
453 “ManagementPlan”, DataSetIdentification.Type must contain either the values
454 ApplicationParameters, AcquirerParameters, MerchantParameters, VendorParameters,
455 TerminalParameters or SecurityParameters; DataSetIdentification.Name must contain
456 the name of the file to be downloaded when file transfer is used and the name of the
457 DataSet to receive for message exchanges. All other elements should be present in
458 DataSetIdentification. If Version is present, the POI must download only this version of
459 the acceptor parameters.
460 5.4.4. For the action Delete, DataSetIdentification.Type and DataSetIdentification.Name must
461 be present.
462 If Type contains the value ApplicationParameters, the parameters previously received by
463 an AcceptorConfigurationUpdate contained in Content.ApplicationParameters and
464 identified by Content.ApplicationParameters.ApplicationIdentification equals to
465 DataSetIdentification.Name are deleted.
466 If Type contains the value AcquirerParameters, all parameters previously received by an
467 AcceptorConfigurationUpdate contained in Content are deleted.
468 Delete action can only be applied by the MTM or a TM which issued the data to delete
469
470 5.4.5. If the value of DataSetIdentification.Type is not managed by this POI, the action is
471 ignored. This action must be logged in Event and Result must contain the value
472 "NotSupported" and AdditionalErrorInformation, the wrong message element
473 "Action.DataSetIdentification.Type".
474 5.5. If Trigger is present and valid, the possible types of events that can initiate the current action are
475 taken into account. If the value of the Trigger not supported by the POI, the action must be
476 ignored. This action must be logged in Event with Result containing "NotSupported" and
477 AdditionalErrorInformation the text value "Action.Trigger".
478 5.6. If AdditionalProcess is present, this pre-condition or post-condition is stored for the current action.
479 If the value is not supported by the POI, the error must be logged in Event with Result containing
480 "NotSupported" and AdditionalErrorInformation containing the wrong message element
481 "Action.AdditionalProcess"; Action must be ignored.
482 5.7. If TimeCondition is present, its content is checked to determine whether the data element are
483 correctly formatted. If the format of a timing parameter in TimeCondition is not correct according
484 to the ISODateTime format or the value of StartTime or EndTime is wrong (e.g. dd > 31; mm-dd =
485 02-30), the complete management plan of the Terminal Manager Identification is discarded and
486 an error must be added in the log of Event with Result containing "FormatError".
487 If the StartTime or the complete TimeCondition is missing for the first action defined for a
488 TerminalManagerIdentification, the StartTime of this action is set to the current date and time plus
489 WaitingTime if set.
490 If StartTime and WaitingTime or the complete TimeCondition are missing for an action defined for
491 a TerminalManagerIdentification, the action should be started as soon as possible.
492
493 Subsequently all other present data elements are checked and stored.
494 5.8. The error actions to be performed are stored with the related action. If there is an ActionResult
495 value of the ErrorAction which is not managed, this ErrorAction must be ignored.
496 Note: The sending of the StatusReport should be the normal reaction in case of an error. The
497 ActionToProcess "SendStatusReport" (Upload StatusReport immediately without executing next
498 actions) should be the recommended error action type to be processed.
499 6. The downloaded management plan replaces all actions defined for this specific TM (MTM or not).
500 7. The POI erases the contents of the existing log of Event per TM, if the log has been sent to the TM.
501 8. Subsequently, the POI starts the execution of the management plan (see section 3.4).
502
517 MNG3: If an action of a sequence contains a Period, this action and possible following actions of
518 the sequence (defined with a WaitingTime) are executed periodically. Otherwise the action
519 is executed only once.
520 MNG4: The management plan may contain only one sequence with an action containing a period.
521 MNG5: A sequence may contain only one action with a period.
522 MNG6: When a StartTime is reached the Action must be launched. However, if a StartTime is
523 reached during the execution of a former Action, the action must be executed once all
524 previous actions have finished..
525 MNG7: If several actions of the management plan for a dedicated TerminalManagerIdentification
526 contain a StartTime these actions have to be listed in chronological order.
527 MNG8: For message exchange, a StatusReport must be sent explicitely for each of the
528 DataSetRequired items defined in the ManagementPlan
529 MNG9: If an Action is, whatever the reason (e.g Retry or WaitingTime), outside the time slot
530 dedicated for the maintenance plan defined through the DelegationScopeDefinition, the
531 management plan of this TM must be completed. This case must be logged in Event with
532 Result containing "Success" and AdditionalErrorInformation the text value “Time period
533 exceeded".
534 MNG10: A management plan for a TM must not start before the time slot defined in the
535 DelegationScopeDefinition.
536
537 TMS actions are executed sequentially inside time slot according to StartTime or WaitingTime.
538 1. The timing conditions of each TMS action are analysed:
539 a. If StartTime has expired or WaitingTime is 0, the action must be started after execution of
540 the ManualConfirmation or Reconciliation if they are present in the AdditionalProcess. At
541 the end of the action, the RestartSystem is triggered if present in the
542 AdditionalProcess.The RestartSystem is a reboot which may occured after external
543 conditions (e.g acknowledgement of the ECR). After the execution of the reboot, the POI
544 then moves to the next action.
545 b. If StartTime has been sent and is not reached, the execution of the management plan for
546 this dedicated TerminalManagerIdentification is paused until StartTime is reached and in
547 the meantime POI considers the management plan of the next
548 TerminalManagerIdentification.
549 c. If WaitingTime has been sent and is not equal to 0, the POI waits for WaitingTime
550 2. If TimeCondition of the started action contains Period, the new StartTime is calculated and stored
551 in the management plan of this Terminal Manager. If Period is missing or the action is not part of
552 a sequence, the action must not be executed anymore.
553 3. After execution of an action the next action is analysed. The next action is executed
554 a. if the StartTime is passed or
555 b. if the WaitingTime is reached.
556
568
569 The first call is started when StartTime T0 is reached. The POI sends a StatusReport message containing
570 DataSetRequired with the same value than DataSetIdentification of the action. The TM or the MTM sends
571 back a ManagementPlanReplacement message.
572
573 In the case where there is nothing new to be downloaded by TMS, the exchange look like this
574
575 Figure 1 : StatusReport with no change on the ManagementPlan
576
577 In case where new parameters are prepared for downloading (let say Acquirer parameters), a new
578 Management Plan is sent to POI
StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type
- - - Download -any first name AcquirerParameters
- - Cycle1 Download -any second name ManagementPlan
579
580 And the exchange looks like this
581
582 Figure 2 : StatusReport with change on ManagementPlan and AcceptorConfigurationUpdate.
583
584 The following calls are performed periodically using Period defined by "Cycle1", with the same exchange
585 of messages described in Figure 1 : StatusReport with no change on the ManagementPlan.
586
598
599
D1 - Download - AcquirerParameters
- D2 - Download - ApplicationParameters
- - - Restart - -
- D4 - Download - ManagementPlan
615
641 4. If the connection of POI, in order to download a file,is rejected by the TMS due to access rights,
642 the action is added to the event log with Result containing "AccessDenied" and
643 AdditionalErrorInformation containing the text value "File".
644
DataSet.Content.Action.DataSetIdentification.Creati
onDateTime
C13 If Action.Type=Download or Delete, and DataSet.Content.Action.Type
DataSetIdentification.Type is not equal to DataSet.Content.Action.DataSetIdentification.Name
”ManagementPlan’, DataSetIdentification.Name
must be present DataSet.Content.Action.DataSetIdentification.Type
650
651
652
BatchTransfer [0..1] C1 If the Online Transactions are captured through Batch the
structure must be present.
.
ExchangePolicy [1..*] * The following policies for the capture procedure by Batch
Transfer are allowed:
"Cyclic": Batch sent periodically according to
TimeCondition ,
"NumberLimit": Batch sent when the number of non-
captured online authorised transaction reaches
MaximumNumber, as well as
"TotalLimit": Batch sent when the total amount of non-
captured online authorised transaction reaches
MaximumAmount.
"OnDemand": Batch exchange is performed if requested
by the acquirer in the previous exchange, or manually
by the acceptor.
and all combinations of these policies.
MaximumNumber [0..1] C2 Maximum number of online transactions (debit and credit)
used as trigger for batch transfer. Failed, declined or
cancellations are not included in the number of
transactions, but debit (or credit) which are cancelled are
part of the counting.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C3 Maximum cumulative amount of online transactions (debit
and credit) used as trigger for batch transfer. Failed,
declined or cancellations are not included in the
cumulative amount, but debit (or credit) which are
cancelled are part of the cumulative amount.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent.
For instance a credit of 10 € and a debit of 8 € imply a
cumulative amount of 18 €.
ReTry [0..1] Retry after a failed batch transfer
Delay [1..1] Time between two successive attempts after a failed
batch transfer.
Format: MMDDhhmm; leading zeros may be omitted.
699
700 Figure 3 Parameters management with multiple TM
701
702 So in order to allow multiple TMs to send parameters to POI, the following rules apply:
703
704 6. If a POI receives a CREATE for a type of Parameter (TMSProtocolParameters,
705 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
706 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
707 parameters of this type, the POI must replace all Parameter of this type coming from this TM.
708 Considering the previous figure as the data structure, previous parameters present in the set
709 identified by the TM identification are deleted and replaced by new ones.
710 7. If a POI receives a CREATE for a type of Parameter (TMSProtocolParameters,
711 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
712 HostCommunicvationParameters, SecurityParameters) from a TM with no previous received
713 parameters of this type, the POI must create all Parameter of this type coming from this TM.
714 Considering the previous figure as the data structure, a new set of parameter identified by the TM
715 Identification is created.
716 8. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
717 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
718 HostCommunicvationParameters, SecurityParameters) from a TM with no previous received
719 parameters of this type, the POI must create all Parameter of this type coming from this TM.
720 Considering the previous figure as the data structure, a new set of parameter identified by the TM
721 Identification is created
722 9. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
723 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
724 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
725 parameters of this type. If the keyIdentification (MerchantIdentification, VendorIdentification,
726 ApplicationIdentification, HostIdentification) is not known by the POI, the POI must reject the whole
727 set of received Parameters as an “InvalidContent. Considering the previous figure as the data
728 structure, the whole structure is unchanged
729 10. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
730 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
731 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
732 parameters of this type. If the keyIdentification (MerchantIdentification, VendorIdentification,
733 ApplicationIdentification, HostIdentification) is already known by the POI, ”. the POI must update
734 this Parameter identification of this type with the one coming from this TM. Considering the previous
735 figure as the data structure, the parameter identified by the key Identification is replaced.
736 11. CREATE and UPDATE are identical for TMSProtocolParameters or SecurityParameters.
737
738
739
740
745 4.3.1 Configuration of Data Capture and Completion for Online Transactions
746 OnlineTransaction is used for financial data capture, batch transfer and completion exchange
747 configuration.
751
752 If FinancialCapture contains another value than the first three values listed above, the complete DataSet
753 must be ignored and the action may be stored in the log of Event with Result populated with
754 "InvalidContent" and AdditionalErrorInformation containing the text value
755 "OnlineTransaction.FinancialCapture". The value of FinancialCapture before update must be used then if
756 present.
757
780 ReTry is present to define the maximum number and the delay for retries for the batch transfers in case of
781 communication errors. The element EndTime may be used to stop the process of this cyclic batch
782 transfer.
783 MaximumNumber, MaximumAmount and all other elements of TimeCondition must be ignored since
784 these are not used by the “Cyclic” policy but may be relevant for instance for other ExchangePolicy.
785
786 ExchangePolicy with "NumberLimit" value
787 If ExchangePolicy has the value "NumberLimit", MaximumNumber must be present. If this element is
788 missing the configuration of the BatchTransfer contains an error. The complete DataSet must be ignored
789 and the error may be stored in the log of Event with the Result "InvalidContent" with the
790 AdditionalErrorInformation "BatchTransfer.MaximumNumber".
791
792 ExchangePolicy with "TotalLimit" value
793 If ExchangePolicy has the value "TotalLimit", MaximumAmount must be present. If this element is missing
794 the configuration of the BatchTransfer contains an error. The complete DataSet must be ignored and the
795 error may be stored in the log of Event with the Result "InvalidContent" with the
796 AdditionalErrorInformation "BatchTransfer.MaximumAmount".
797
798 ExchangePolicy with "OnDemand" value
799 If ExchangePolicy has the value "OnDemand", Batch is exchanged at the choice of the Acceptor. If there
800 are other occurrences with other value than "OnDemand", it means that the Batch may be exchanged at
801 the choice of the Acceptor, in addition to that other ExchangePolicy.
802
809
810 If ExchangePolicy contains a value different from the values listed above; the configuration must be
811 ignored and the action may be stored in Event with Result containing "InvalidContent" and
812 AdditionalErrorInformation containing the text value "CompletionExchange.ExchangePolicy".
813 If ExchangePolicy contains the value "AsGroup"; StartTime and Period in TimeCondition are used to
814 define the timing of the cyclic completion exchange. If one of these elements is missing, the configuration
815 of the completion exchange contains an error. The complete DataSet must be ignored and the error may
816 be stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation
817 containing the text value "CompletionExchange.TimeCondition".
818 ReTry may be present to define the maximum number of and the delay for retransmissions of completion
819 messages.
820 All other elements of the component TimeCondition that are not used for the present exchange policies
821 will be ignored.
822
823 4.3.2 Configuration of Data Capture and Completion for Offline Transactions
824 OfflineTransaction determines the data capture mechanism, batch transfer and completion exchange
825 configuration for offline transactions.
829
830 The current value of FinancialCapture is used if it belongs to the above table.
831 If FinancialCapture contains a different value from the two first ones listed above, the complete DataSet
832 must be ignored and the action may be logged in Event with Result containing "InvalidContent" and
833 AdditionalErrorInformation containing the text value "OfflineTransaction.FinancialCapture".
834
845
846 If ExchangePolicy contains a different value from the values listed above, the configuration must be
847 ignored and the action may be logged in Event with Result containing "InvalidContent" and
848 AdditionalErrorInformation containing the text value "OfflineTransactions.ExchangePolicy".
849
850 If ExchangePolicy contains the value "AsGroup", the message elements StartTime and Period in
851 TimeCondition are used to define the timing of the completion exchange.
852 ReTry may be used to define the maximum number of and the delay for retransmissions of completion
853 advices.
854 All other elements of TimeCondition not used for the present exchange policies must be ignored.
855
856 If ExchangePolicy contains either “NumberLimit” or “TotalLimit”, the trigger are evaluated regardless of
857 any other value of ExchangePolicy. Then in case of coexistence, the smaller must trig the
858 ExchangePolicy.
859 If ExchangePolicy contains a time condition, the Batch must be sent without filtering its content. The time
860 condition for OnlineTransaction and OfflineTransaction should be identical.
861
867
868 If one of the occurrences of ExchangePolicy contains a value different from the values listed above, the
869 configuration must be ignored and the action may be stored in the log of Event with Result containing
870 "InvalidContent" and AdditionalErrorInformation containing the text value
871 "ReconciliationExchange.ExchangePolicy".
872 If the ReconciliationExchange configuration is missing and ExchangePolicy has not been configured
873 before, ReconciliationExchange.ExchangePolicy has to be considered as "None".
874 TimeCondition is only present in case of one of the elements ExchangePolicy contains the value "Cyclic".
875 Otherwise the component TimeCondition must be absent.
876
877
884
885
ServerCertificateIdentifier
911
912 The repeatable element Address contained in the element Address is described as follow.
913
Data element Usage
NetworkType Type of network used for the connection (e.g. Ethernet, PSTN, GPRS,…)
AddressValue Value which identifiy the access in the given network ( e.g for Ethernet : IP address +
port,…)
914
915
921
922
TMS message
message couldn’t
be processed
Rejection
TerminalManagement
932
933 Figure 4: Rejection of a TMS message
934
935 The TerminalManagementRejection message contains the reason of the rejection (RejectReason), some
936 additional information on the rejection (AdditionalInformation) for further analysis, and the rejected
937 message itself (MessageInError) which may be compared to the message sent.
938
939 The TerminalManagementRejection message must be sent in the following cases:
940
941 1. The envelope of the received message is incorrect.
942 RejectReason contains the value InvalidMessage. It is recommended to include the optional fields
943 AdditionalInformation to provide the details of the error. MessageInError contains the received
944 message with the error.
945
946 2. The rejected message cannot be decoded properly; the syntax or the semantic is invalid.
947 RejectReason contains the value ParsingError. It is recommended to include the optional fields
948 AdditionalInformation to provide the details of the decoding error. MessageInError contains the
949 received message with the coding error.
950
951 3. The identification of the rejected message is invalid.
952 RejectReason contains the value InitiatingParty or RecipientParty. No other field is required.
953 AdditionalInformation may contain the invalid identifier.
954
955 4. The verification of the security of the rejected message fails.
956 RejectReason contains the value Security. It is recommended to include the optional fields
957 AdditionalInformation to provide the details of the security error. MessageInError contains the
958 received message with the security error.
959
960 5. The rejected type of message is not supported by the RecipientParty, and then the RecipientPartyis
961 not able to send a message response to the InitiatingParty.
962 RejectReason contains the value MessageType. No other field is required. AdditionalInformation
986
987 6 MaintenanceDelegation
988
6 MaintenanceDelegation Page 60
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1033 Even if the internal structure of DelegationScopeDefinition and DelegationProof are not necessary to define
1034 this protocol, their definition is primordial to ensure interoperability of solutions based on this protocol. Then
1035 the definition of these element must be the following ones.
1036 These two elements, defined below, are structured and encoded with the same encoding format of the
1037 exchanged messages.
1038
Element Mult Usage
.
DelegationScopeDefinition
DelegationScopeIdentification [1..1]
DataSet [1..*]
Type [1..1] Allowed values are:
AcquirerParameters,
ApplicationParameters
MerchantParameters
SecurityParameters
TerminalParameters
TMSProtocolParameters
CertificateParameters
Destinations [1..*] To identify the recipient of the parameters. Should be an ApplicationName in
case of ApplicationParameters or a Manufacturer Name in case of
TerminalParameters.
ProviderName [1..1] To identify the issuer of parameters
DataSetElement [0..*]
ParamName [1..1] Identifier that must be understood by receivers identified in the Destinations
ParamType [0..1] Type that must be understood by the receivers identified in the Destinations.
Mainly used for SecurityParameters in order to identify type of the key to
exchange;
ParamPresence [0..1] To mandate or not the presence of a parameter in a delegated configuration
ParamValue [0..1] To set the value of an identifier
1039
Element Mult. Usage
DelegationProof
TMIdentification [1..1] Identifier of the TM given by the MTM
POISubset [0..*] Identification of a group of POI shared by the TM and the MTM
DelegationType [1..1] Allowed values are
Create
Delete
Update
StartDate [0..1] Activation date of the delegation
Default is the reception date
EndDate [0..1] Expiry date of the delegation
If absent there is no expiry date
DelegationScopeIdentification [1..1]
DigestOfDelegationScopeDefinition [1..1]
Algorithm [1..1] Allowed values are
SHA256,
SHA384
SHA512
Digest [1..1]
MaintenanceTimeSlot [0..*]
StartTime [1..1] ISOTime
Duration [1..1] ISOTime
1040
1041
6 MaintenanceDelegation Page 61
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 62
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
MTM
TMS
Identification
irer Acquirer A
Acqu ion
Merchant t if ic at
Sale POI Iden
System Identification Terminal
Acq
uire
Iden r
tific
atio Acquirer B
n
1105
1106 Figure 5 One POI multiple Identifications
1107
6 MaintenanceDelegation Page 63
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1123 The merchant may have to subscribe a contract with the acquirer. During this subscription the following
1124 element may be exchanged.
1125 Identification of the Terminal Estate Manager. Then the acquirer is able to check if it could reuse
1126 an existing delegation or if a new one has to be setup with the Terminal Estate Manager.
1127 Identification of the POIID and/or POISubset. To allow the acquirer to control the broadcast of its
1128 parameter and acess to its services.
1129
6 MaintenanceDelegation Page 64
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
MTM A MTM B
TMid 1 TMid 1
TM 1 TM 1
TM 2 TM 3
TMA TMB
TMid 2 TMid 3
TM 1 TM 1
POI 1 POI 1
TM 2 TM 3
POI POI 1 POI 1 POI
Terminal Terminal
POIid 1 POIid 1
1161
1162
1163 Corollary 3-1: The TMSPOIIdentification must be unique inside the MTM realm
1164
1165
6 MaintenanceDelegation Page 65
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1166 Rule 4: A given delegation is performed on a subset of the POI terminals belonging to the
1167 MTM.
1168 This subset is delimited and controlled by the MTM.
1169 This subset can be negotiated between the MTM and the TM that will perform the
1170 maintenance delegation.
1171 This subset can also be determined by some feature of the POI as the application.
1172
1173 The MTM control any delegation by allowing the creation, the update, or the removal of a delegation, with
1174 a specific action on the management plan of a POI:
1175 The MTM provides in the action the delegation proof in DelegationProof or ProtectedDelegationProof.
1176 This delegation proof must contain both the POIdentification and TMIdentification, with other elements
1177 related to the scope of the delegation.
1178 The POI forwards the delegation proof in the first Status Report to the delegated TM. The delegated TM
1179 is then able to verify that the POI belongs to the delegation subset.
1180
6 MaintenanceDelegation Page 66
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
nRequest
MaintenanceDelegatio
MaintenanceDe
StatusReport leg ationResponse
delegation action
ManagementPlanReplacement
delegation action StatusReport
acement
ManagementPlanRepl
1199
1200 The TM and the MTM negotiate the identification of the TM, the subset of the POI, and the identification
1201 of the keys.
1202
1203 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1204 The TM identification provided by the MTM.
1205 DelegationType = Create
1206 MaintenanceService = KeyDownload
1207 TMRemoteAccess = TM Host address
1208 DelegationScopeIdentification (useful to identify the delegated maintenance function)
1209 SymmetricKey = the identification of the keys for which the management is delegated.
1210 The identification of the keys must be included in the DelegationScopeDefinition.
1211 Certificate, if necessary for digital signature
1212
1213 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1214 Response = Approved/Declined.
1215 A copy of the following data element received in the request:
1216 DelegationType,
1217 MaintenanceService,
1218 DelegationScopeIdentification
1219
1220 In the following management plan of the subset of POI terminals part of the delegation, the MTM sends a
1221 ManagementPlanReplacement to the POI containing an Action using:
1222 Type = Download
1223 RemoteAccess = TM Host address where to send a StatusReport and get the management plan
1224 of the delegated TM.
1225 ComponentType = SecurityParameters (in the StatusReport)
1226 DelegationScopeIdentification
1227 DelegationScopeDefinition containing:
1228 The identification of the keys to manage
1229 ProtectedDelegationProof containing:
1230 The POI identification for the MTM.
1231 The TM identification provided by the MTM.
1232 Delegation type: Create
6 MaintenanceDelegation Page 67
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 68
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 69
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 70
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
nRequest
MaintenanceDelegatio
Maintenance
StatusReport DelegationR
espo nse
delegation action
ManagementPlanReplacement
delegation action StatusReport
acement
ManagementPlanRepl
1326
1327 The TM and the MTM negotiate the identification of the TM, the subset of the POI, and the identification
1328 of the parameters.
1329
1330 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1331 The TM identification provided by the MTM.
1332 DelegationType = Create
6 MaintenanceDelegation Page 71
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 72
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 73
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1425
1426 The POI receives the management plan with the delegation action, and removes:
1427 The parameters managed by the delegated TM,
1428 The delegated TM management plan,
1429 The delegation.
1430
nRequest
MaintenanceDelegatio
MaintenanceDelegationR
StatusReport esponse
delegation action
ManagementPlanReplacement
delegation action StatusReport
ManagementPlanReplacement
1438
1439
1440 Assumptions:
1441 Security trailer is configured for any messages
1442 The TM is able to check the POI certificate that is used to sign messages
1443
1444 Workflow:
1445
1446 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1447 The TM identification provided by the MTM.
1448 The POISubset contains the POI Identification assigned by the MTM (if known by the TM)
1449 DelegationType = Create
1450 MaintenanceService : contains “AcquirerProtocolParameters”
1451 TMRemoteAccess = TM Host address
1452 AcquirerProtocolParameters.Acquirerdentification.Identification for a given Acquirer.
1453 Version may contain the version of Acquirer protocol parameters, since the version is not relevant
1454 any dummy value can be sent
1455
1456 Certificate of the TM for digital signature is verified by the MTM
1457
6 MaintenanceDelegation Page 74
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1458
1459 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1460 Response = Approved
1461 A copy of the following data element received in the request:
1462 DelegationType,
1463 MaintenanceService,
1464
1465 Certificate of the MTM for digital signature is verified by the TM
1466 In the following management plan for the POI, the MTM sends a ManagementPlanReplacement to the
1467 POI containing an Action using:
1468 Type = Download
1469 RemoteAccess = TM Host address where to send a StatusReport and get the
1470 management plan of the delegated TM.
1471 ComponentType = ManagementPlan
1472 A DelegationProof protected or not containing:
1473 The TM identification provided by the MTM.
1474 Delegation type: Create
1475 MaintenanceService =AcquirerProtocolParameters
1476 AcquirerProtocolParameters.Acquirerdentification.Identification
1477 A digital signature of the proof generated by the MTM (optional)
1478
1479 The POI receives the management plan with the delegation action:
1480 The POI stores the delegated action if the digital signature is valid.
1481 The POI performs the action, sending a StatusReport to the RemoteAccess using:
1482 The same POI identification as the MTM POIIdentification
1483 The identification of the TM in TerminalManagerIdentification
1484 The DelegationProof protected or not received in the delegation action.
1485 A protection with a digital signature of the MTM (if present)
1486
1487 The delegated TM receives the StatusReport of the POI:
1488 Validates the signature of the message using the POI certificate
1489 May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1490 MaintenanceDelegationRequest.
1491 Validates the delegation proof,
1492
1493 Then the POI:
1494 Receives the management plan of the TM, which is managed independently from the MTM
1495 management plan.
1496 Exchanges the AcquirerProtocolParameters (e.g. the host address for the acquirer).
1497
6 MaintenanceDelegation Page 75
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
nRequest
MaintenanceDelegatio
MaintenanceDelegationRe
sponse
Delegation Negotiation 2
t
delegation action MaintenanceDelegationReques
MaintenanceDelegationRe
sponse
StatusReport
ent
ManagementPlanReplacem
StatusReport
delegation action
acement
ManagementPlanRepl
StatusReport
delegation action
ManagementPlanReplacement
1503
1504
1505
1506 Assumptions:
1507 Security trailer is configured for any messages
1508 Both TM are able to check the relevant POI certificate
1509
1510
1511 Workflow:
1512
1513 The TM1 sends a MaintenanceDelegationRequest to the MTM containing:
1514 The TM1 identification provided by the MTM.
1515 The POISubset contains the POI Identification assigned by the MTM (if known by TM1)
1516 DelegationType = Create
1517 MaintenanceService : contains “ApplicationParametersSubsetCreation”
1518 TMRemoteAccess = TM1 Host address
1519 DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘TM1 set of
1520 tables’)
6 MaintenanceDelegation Page 76
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1521 The identification of the parameters is included in the DelegationScopeDefinition. e.g. Table1,
1522 Table2, Table6)
1523
1524 Certificate of the TM1 for digital signature is verified by the MTM
1525
1526 Then the MTM sends a MaintenanceDelegationResponse to the TM1 containing:
1527 Response = Approved
1528 A copy of the following data element received in the request:
1529 DelegationType,
1530 MaintenanceService,
1531 DelegationScopeIdentification
1532 DelegationScopeDefinition
1533
1534 Certificate of the MTM for digital signature is verified by the TM1
1535
1536 The TM2 sends a MaintenanceDelegationRequest to the MTM containing:
1537 The TM2 identification provided by the MTM.
1538 The POISubset contains the POI Identification assigned by the MTM (if known by TM2)
1539 DelegationType = Create
1540 MaintenanceService : contains “ApplicationParametersSubsetCreation”
1541 TMRemoteAccess = TM2 Host address
1542 DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘TM2 set of
1543 tables’)
1544 The identification of the parameters is included in the DelegationScopeDefinition. e.g. Table1,
1545 Table2, Table6)
1546
1547 Certificate of the TM2 for digital signature is verified by the MTM
1548
1549 Then the MTM sends a MaintenanceDelegationResponse to the TM2 containing:
1550 Response = Approved
1551 A copy of the following data element received in the request:
1552 DelegationType,
1553 MaintenanceService,
1554 DelegationScopeIdentification
1555 DelegationScopeDefinition
1556
1557 Certificate of the MTM for digital signature is verified by the TM2
1558
1559
1560
1561
1562 In the following management plan for the POI, the MTM sends a ManagementPlanReplacement to the
1563 POI containing two Action using:
1564 Action 1
1565 Type = Download
1566 RemoteAccess = TM1 Host address where to send a StatusReport and get the management
1567 plan of the delegated TM1.
6 MaintenanceDelegation Page 77
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 78
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 79
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1631
StatusReport
ment
ManagementPlanReplace
quest
MaintenanceDelegationRe
MaintenanceDeleg
ationResponse
(delegationScopeId
entification)
Initiated StatusReport
periodically
after ent
delegation ManagementPlanReplacem
Set(Name=DelegationSc
Manually opeIdentification) StatusReport (DatasetRequired/
after IdentificationName)
delegation
ent(AcquirerProtocol
ManagementPlanReplacem Parameters) TM1 accepts
StatusReport
or not POI 1
ent
ManagementPlanReplacem
StatusReport
ment
ManagementPlanReplace
1639
1640
1641
1642
1643 Assumptions:
1644 Security trailer is configured for all messages
1645 The TM is able to check the POI certificate
1646 DelegationScopeIdentification is defined and known by all the parties prior to any message
1647 exchange
1648
1649 Workflow:
1650
1651 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1652 The TM identification provided by the MTM.
1653 DelegationType = Create
6 MaintenanceDelegation Page 80
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 81
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 82
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1716
ationRequest
MaintenanceDeleg
MaintenanceDelegationRe
sponse
Delegation Negotiation 2
t
delegation action MaintenanceDelegationReques
MaintenanceDelegationResp
onse
StatusReport
delegation action
lace ment
StatusReport ManagementPlanRep
delegation action
placement
ManagementPlanRe
StatusReport
ement
ManagementPlanReplac
StatusReport
ManagementPlanReplacement
1722
1723
1724
1725 Assumptions:
1726 Security trailer is configured for any messages
1727 Both TM are able to check the relevant POI certificate
1728 The MTM defines two POISubstets and knows which POI belongs to each of the subset
1729
1730 Workflow:
1731
1732 The TM1 sends a MaintenanceDelegationRequest to the MTM containing:
1733 The TM1 identification provided by the MTM.
1734 The POISubset contains the POISubset Identifier assigned by the MTM and known by TM1
1735 DelegationType = Create
1736 MaintenanceService : contains “ApplicationParameters”
1737 TMRemoteAccess = TM1 Host address
1738 DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘POISubset1
1739 application parameters’)
6 MaintenanceDelegation Page 83
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1740
1741 Certificate of the TM1 for digital signature is verified by the MTM
1742
1743 Then the MTM sends a MaintenanceDelegationResponse to the TM1 containing:
1744 Response = Approved
1745 A copy of the following data element received in the request:
1746 DelegationType,
1747 MaintenanceService,
1748 DelegationScopeIdentification
1749 DelegationScopeDefinition
1750
1751 Certificate of the MTM for digital signature is verified by the TM1
1752
1753 The TM2 sends a MaintenanceDelegationRequest to the MTM containing:
1754 The TM2 identification provided by the MTM.
1755 The POISubset contains the POI Identification assigned by the MTM (if known by TM2)
1756 DelegationType = Create
1757 MaintenanceService : contains “ApplicationParameters”
1758 TMRemoteAccess = TM2 Host address
1759 DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘POISubset2
1760 application parameters’)
1761
1762 Certificate of the TM2 for digital signature is verified by the MTM
1763
1764 Then the MTM sends a MaintenanceDelegationResponse to the TM2 containing:
1765 Response = Approved
1766 A copy of the following data element received in the request:
1767 DelegationType,
1768 MaintenanceService,
1769 DelegationScopeIdentification
1770 DelegationScopeDefinition
1771
1772 Certificate of the MTM for digital signature is verified by the TM2
1773
1774 In the following management plan for each of the POI belonging to POISubset1, the MTM sends a
1775 ManagementPlanReplacement to the POI containing one Action using: :
1776
1777 Type = Download
1778 RemoteAccess = TM1 Host address where to send a StatusReport and get the management
1779 plan of the delegated TM1.
1780 ComponentType = ManagementPlan
1781 A DelegationProof protected or not containing:
1782 The TM1 identification provided by the MTM.
1783 Delegation type: Create
1784 POISubset Identification
1785 MaintenanceService = ApplicationParameters
6 MaintenanceDelegation Page 84
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1786 DelegationScopeDefinition
1787 A digital signature of the proof generated by the MTM (optional)
1788
1789 The POI receives the management plan with the delegation actions.
1790 The POI stores the delegated actions if the digital signature is valid.
1791
1792 In the following management plan for each of the POI belonging to POISubset2, the MTM sends a
1793 ManagementPlanReplacement to the POI containing one Action using: :
1794
1795 Type = Download
1796 RemoteAccess = TM2 Host address where to send a StatusReport and get the management plan
1797 of the delegated TM2.
1798 ComponentType = ManagementPlan
1799 A DelegationProof protected or not containing:
1800 The TM2 identification provided by the MTM.
1801 Delegation type: Create
1802 POISubset Identification
1803 MaintenanceService = ApplicationParameters
1804 DelegationScopeDefinition
1805 A digital signature of the proof generated by the MTM (optional)
1806
1807 The POI receives the management plan with the delegation actions.
1808 The POI stores the delegated actions if the digital signature is valid.
1809
1810
1811
1812 Exchange between POI and TM1
1813 The POI performs action1, sending a StatusReport to the RemoteAccess of TM1 using:
1814
1815 The same POI identification as the MTM POIIdentification
1816 The identification of the TM1 in TerminalManagerIdentification
1817 The DelegationProof received in the delegation action1.
1818 A protection with a digital signature of the MTM (if present)
1819
1820 TM1 receives the StatusReport of the POI:
1821 Validates the signature of the message using the POI certificate
1822 May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1823 MaintenanceDelegationRequest. or validates the POISubset contains in the delegation proof
1824 Validates the delegation proof,
1825
1826 Then the POI:
1827 Receives the management plan of the TM1, which is managed independently from the MTM
1828 management plan.
1829 Exchanges the ApplicationParameters.
1830
1831 Exchange between POI and TM2
6 MaintenanceDelegation Page 85
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1832 The POI performs action2, sending a StatusReport to the RemoteAccess of TM2 using:
1833 The same POI identification as the MTM POIIdentification
1834 The identification of the TM2 in TerminalManagerIdentification
1835 The DelegationProof received in the delegation action2.
1836 A protection with a digital signature of the MTM (if present)
1837
1838 TM2 receives the StatusReport of the POI:
1839 Validates the signature of the message using the POI certificate
1840 May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1841 MaintenanceDelegationRequest.or validates the POISubset contains in the delegation proof
1842 Validates the delegation proof,
1843
1844 Then the POI:
1845 Receives the management plan of the TM2, which is managed independently from the MTM
1846 management plan.
1847 Exchanges the ApplicationParameters.
1848
1849
6 MaintenanceDelegation Page 86
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1850
6 MaintenanceDelegation Page 87
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 88
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 89
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 90
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1861
1862
1863
6 MaintenanceDelegation Page 91
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
6 MaintenanceDelegation Page 92
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1869
1875
1876
6 MaintenanceDelegation Page 93
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
1963
Modulus [1..1]
Exponent [1..1]
Attribute [1..*] Attribute of the certificate service to be put in the certificate
extensions, or to be used for the request.
AttributeType [1..1] X509 attribute.
CHLG ChallengePassword
Password by which an entity may request
certificate revocation
EMAL EmailAddress
Email address of the certificate subject.
AttributeValue [1..1] Value of the X500 attribute.
KeyIdentification [0..1] Identification of the key.
KeyVersion [0..1] Version of the key.
ClientCertificate [0..1] C3 Created certificate. The certificate is ASN.1/DER encoded,
for renewal or revocation of certificate.
WhiteListIdentification [0..1] Identification of the white list element, for white list addition
or removal.
ManufacturerIdentifier [1..1] Identifier of the terminal manufacturer.
Model [1..1] Identifier of the terminal model.
SerialNumber [1..1] Serial number of the terminal manufacturer.
SecurityTrailer [0..1] * Must be present
2025
2028
2034
AcquirerProtocolParameters
MerchantParameters
TerminalParameters
ApplicationParameters
HostCommunicationParameters
SecurityParameters
POIChallenge
Challenges
TMChallenge
Symmetric Key
Identification
AdditionalIdentification Identification
Version
Type Purpose
Function
ActivationDate
Validity period
DeactivationDate
KeyValue Key value
Symmetric Key
...
2054
2055 Figure 6: Key Information
2056
4 The POI should be a POI Terminal, a POI Server, or any Intermediary Agent.
2057 When the symmetric key is shared with a Host, to protect the exchanges with the POI, the configuration
2058 of the Host (HostConfigurationParameters) contains the identification of the shared keys (Identification,
2059 AdditionalIdentification and Version).
2060 It also allows the use of common symmetric key by different hosts.
2061 The configuration of the Host and the configuration of the security are not necessary exchanged in the
2062 same AcceptorConfigurationUpdate message.
2063
HostCommunication-
Parameters
...
Symmetric Key i
...
HostCommunication-
Parameters
...
Key i
Symmetric Key n
Key n ...
2064
2065 Figure 7: Sharing of a Key with a Host
2066
2067
2068
2099 A Key Check Value (KCV) of a symmetric key is denoted KCV(Key) and equal to Enc[Key](00…00),
2100
symmetric key
KCV(Key) = Enc[Key](00..00)
null string
2101
2102 Figure 10: Key Check Value Notation
2103
Certificate Certificate
Authority CCA-POI Authority CCA-TM
Key
Authentication Authentication
Encryption
Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC
Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC
StatusReport
Component
Component
SecurityParameters key identification
KCV encryption of a null string
DataSetRequired
TM Challenge 2 TM challenge sent in the configuration update
Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC
ManagementPlan
...
2131
2132 Figure 12: Standard Key Dowload
2133
2134
2135 The standard download of keys performs the following exchanges of messages:
2136 Key Status: The POI sends a StatusReport message to the Terminal Manager, in charge of the
2137 key download, all the status of the cryptographic keys.
2138 Dowload Keys Action: if some keys or new versions of the keys have to be injected on the POI,
2139 the Terminal Manager sends a ManagementPlanReplacement message containing an action to
2140 download keys (SecurityParameters) with:
2141 a first challenge TM Challenge 1 generated by the TM, and
2142 the X.509 certificate chain with the CCA-TM(KTM-Enc) certificate of a public key to encrypt
2143 other keys.
2144 Request Key Downloading: following the condition described in the action of the management
2145 plan, the POI sends a StatusReport message to the Terminal Manager with the DataSetRequired
2146 containing the identification of the data set with:
2147 the challenge TM Challenge 1 sent by the TM,
2148 a fresh challenge POI Challenge, generated by the POI,
2149 key encryption key KEK, encrypted by the public key KTM-Enc of the TM:
2150 Enc[KTMEnc](KEK)
2151 These data are digitally signed by the POI key KPOI-Sig
2152 Key Storing: the TM sends a AcceptorConfigurationUpdate message containing:
2153 a second fresh challenge TM Challenge 2, generated by the TM,
2154 each key to store Kxx, encrypted by KEK: Enc[KEK](Kxx)
2155 These data are digitally signed by the TM private key KTM-Sig
2156 Key Dowload Result: to report the result of the key download action, the POI sends a
2157 StatusReport message to the Terminal Manager with:
2158 the KCV for each loaded key in the related Component data structure,
2159 the challenge TM Challenge 2 sent by the TM in the DataSetRequired data structure,
2160 The Terminal Manager sends a ManagementPlanReplacement message containing other actions to
2161 perform.
2162
2163
2175
2176 This message may be protected in the SecurityTrailer:
2177 by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key, or
2178 by a digital signature (SignedData) of the message, signed by by the POI authentication
2179 key KPOI-Sig.
2180
2181
2191
2192 This message may be protected in the SecurityTrailer:
2193 by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2194 by a digital signature (SignedData) of the message, signed by by the TM authentication
2195 key KTM-Sig.
2196
2197
2206
2207 This message may be protected in the SecurityTrailer:
2208 by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2209 by a digital signature (SignedData) of the message, signed by by the POI authentication
2210 key KPOI-Sig.
2211
2212
2221
2222 This message may be protected in the SecurityTrailer:
2223 by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2224 by a digital signature (SignedData) of the message, signed by by the TM authentication
2225 key KTM-Sig.
2226
2227
2236
2237 This message may be protected in the SecurityTrailer:
2238 by a MAC (AuthenticatedData), if the POI own a shared symmetric MAC key,or
2239 by a digital signature (SignedData) of the message, signed by by the POI authentication
2240 key KPOI-Sig.
2241
2242 Then the Terminal Manager sends a ManagementPlanReplacement message containing other action to
2243 perform.
2244
2245
2256
Root CRoot
Key
Authentication Authentication
Encryption
2269 The RSA root key to sign the certificates has a key length of 4096 bits with the components dumped
2270 below:
RSA Key Component Value
Modulus A97F45122196E7353C89C240F5D163CF7B9B6A0899440C3D3F3C431BF898BFDE
121407E57E4B6EA2A85E52742659E05087CBC69E2EF6A301B9000A9DA4216951
B793B70B3D27EA9BD6E80584929C55AA5D315CF691F789E677E52105065CC79C
20C58384DF934640A80E7F970088650663610B80B478B17E5863B910332C89DF
3F1FEE47E8A96E9A413CD69410693FECBA0388D2DDB4B6B33341CF9D523AC561
729C5854512EDE984AEB1D937E3C8F74F527FFEFE710CBD2A6819CA0A3C8C7CB
C237E1B60A66D790E5DFFCE5EF1B8BA241E284FBF32345AC74D179382DA7D714
E63CE04084FD904C3AAE0CAC44CCB17A4DFB4B5917971BE12B24FBC17E1E20DD
DC363E45D1659C80D5FF087C51FBED5846C43C0D3580C1C7E8BE91629FDE96F7
A5E531E0166AFE88CC3AFE4EB642F9E51F02E007CB482B4E91D588965F53C73D
8CA2A2D4F7A8663F492CB1623906417A553C9D4DFB2CF55CE6290956C5E80009
7F0E8C974E879BCB981977377FA6A3750DBF478F57C0C7338F45BA83F54670E3
5DDBAC4E30665338A75C0D61DF6918721E885054C85BC3CACD2206468C8A84BB
8B3432CE2D8B2F46B3E25124E956E401AA4194066C01ADC9E633DD2BFE794C87
10F3B94766986465135B8B395F832166A17F9E7EDD8DCB0D19125307CC32B76B
7009113A1BD91C5A2815E0A5A533B8A6ABFC47F0D11A668A2791E9F2F6088A5D
Public Exponent 010001
Private Exponent 2329168FF34DD57A92AB55139AAAAC14CF6466F38FAFB1064786DDB900B1D723
5F06AEB8A9A1463B11C8373C86F41FF734A44DF8646F9F52ED28980B299010C3
F5DBFB9DA63B108CF160C23C45198F1FBF234D508CE917BF2A61EA9E9B3A45E2
1A5E3EB1229BEF77DC24DDCCDA3C7110892F096ED28132F8ADA74A2D9520091D
B97F8B33798D2437758F044844BB409A7FDFD9D33C508F91CEF138FB3EA2986D
65940F32B6808D86740C1FDF87D1524505D21D628BC14D36CE79969F303AA74F
9A63733C0B1E585B63843A770C49DF86723A6631C9B7286DE4F1CB3E9F21F119
11C5D1133143545AABD58D2573442F10DAFA651FFF27C68DC8206CE52F9F5A5B
B51BEDC9E488312A3B6FEB3C3F216C06B1DEAC0EEFBF0923146338A642D98136
45AD19BA6F057946FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E7
4C3B3339B312D350DF8CB61DED711FCDC184F06FB9D8F89E68BAC2ABBFADDF52
88946DE053723075CD4F429B413D7FD870A104145A6ACE893A20258864FAD2A8
6A1F5AD252269AF71283593929304F86D9720A43161E26ABA6B19E9E870B1B39
952B6D97EAA88904F8D5D33BC00C87AC207D30EB07FC90FC5EA1423AA7AED534
30DAA12A68E5FA78CC42336D34273F6530BFA098085990EA2A12252E68B5E166
67086DB85B22FF747ECC0AA74F3687A9C058ABF9B891CE423FDE410D6E3CE121
Prime 1 C68BEBAFB00F0A1B7150AB24BDFC6E9ACCB413951857EEF62EC81D78B7F4E432
CF653F969F81F6C26FB6ACC300302F583853C654B823E48EA617540F2EAE10A9
D46C005A539F270AFC86E8A1FDA9B66960B5C4B6D1746F5B616A6B90D8B1E822
C3AF0ED1097550D87B55C5B6651CBFE769A16051FAA4F416DEECBA79FD9252BC
D99694FEA3981A50E329ECB367988A5FAEEB7C81FDAD8276B11CFC3AD0A85E65
53AB5D661EFA4D26A30157BD9FEA3428EB452F20D33525B2A9151BF542885B38
BF2FDAFA3CD3C3B48754822A5EF648D91A4CB3F98BCD222CC1497CB530A91B29
F1C52ED3F3242E1D6AB0A790708A3CB96D6DD718A7F1B4579EE6D0941DC06CE5
Prime 2 DA8B67A93CB27D2F5B7D2F86454FD2A57D20258058B3AE74999665E03C8A95A4
739D338B1312AD7E39EDBECADB3151A5172D198ABA2D1D6C88DFBA3462D52805
ADCF44070423098B0DC7D12CC767109860B1D1674F37CA2A3E03A425A76ECAB5
2737392460DB0221E90E099F02623FC93631E34C146B8DBD7367C0365C329704
C6D2304E0B4A8519737162556E0D36952D24A830DC8BDB1EDE7062C0DA000C26
44653F9F6043452EC676F51E3CF8EC2AC4B9249630CE522E2E754D5A0629612D
5D7180EBA39802E9DA665C6EA661A8483AB688D5B525B2EB0521BFF5E37211FA
7E882FE3F2FA109CC53800A902296BA6E4C3CCDC84E8EBAAB9EB59A03CCFC819
Exponent 1 9D26A8D1319865D69CD54DF1521358F45BEC78C77D3234A95513FE07CC0B2108
7A91D847FF4EDE22BE4BA7E8DCE046C91C246B0A2989F7615563879C50C563D9
1892B7A0C72964BCD46E6FF9B00EC19C1CF9228FD5AFC4685EEDDDE0133495D9
D66B5C5DE68F9E030B74337F0FFF36821360B11D923738205628A7DCE0F10D5D
FF17AA2CF70DF05E6FBF8263EA2E99EFEC42E614F9D6793A3B2C0715028D11D2
3FEC968BBB1F412BC0BFD253FC1C6356B409D9A8B0A413879B3F6316B8A7B714
6E77916A99F4BFA5C7AC032F4864C5FA594FB6F0615067A96700249E41BAC80E
66183DDD734902DB33D4497D1126C9B3B742C68AF47B62D42BA8E415288B6365
Exponent 2 483FC1FB5F079AFF26FDD1D24FE3BDBDDC09DE9BF9B71D3B8AF2FFA70C1CBCAF
EB50D3136D30C58E6F543BB91091D36E02A574463A9A6399D7FE2EAED6E5A51F
8B8073FAE5D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608F3F
2841C770515CD5EDA4007209D15DEDBC756034C698119E803D40D578A32E4E62
D3DFF4FC381B60B933430EC1336AC6DAB65BE2069542DF23EB61B8240D6DEA96
54122CE061909BB485041AB0EE735490270D161D58F13C95EBE1F7BA8542F4CF
6C8EF391F33973ED1FB8AB62213B33C8FD300F38A774591BFD4C550BD32F88E6
0922B8C261376E7A8570A8373771BE172495DE8A209E681ABEF0216729F37F31
Coefficient 6978A387C201384A23F0E0BCD73737787364460ACF34F2B103AE60181A3E2DAF
D4F26B819F4B1ED7CD9E8CF225922365ACFB408ACC2E87207E339CF72059B94B
09552BFFAED96E486CE29AABDC8B95DA948B19F26CE702FD4D40867B50F5CFF5
7361BD181A7B4AFF4D80C547A5CBF9D2D51E9A1D1C729FF12E84129DCB132DC9
DCEE79F45456A05F232E1B3C31CA02D56EBDBC031C81A85DDE3CA2A5E4CD2F5B
C7D6394AA7F20022B74ED11A730C8C7024053C36500658D10C0622668C41E627
AF714A6EB76BCDC0B888F8AB4046DC5F158D08A5D7F388C76C7F022CE1834FDE
2B443126A9209274DED029D7D4FF7AC4B5AB0C88E8DEFD592D440AE254FBB422
2271
2272 The root X.509 certificate contains the following information:
Certificate Information Value
serialNumber 5087 CBC6 9E2E F6
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418084958+0100
notAfter 20181001182005+0200
Subject
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Extensions
keyUsage KeyCertSign CRLSign
basicConstraints 3
2273
2274 The dump of the X.509 certificate CRoot is:
2275 0000 30 82 05 7D 30 82 03 65 A0 03 02 01 02 02 07 50 |0..}0..e.......P|
2276 0010 87 CB C6 9E 2E F6 30 0D 06 09 2A 86 48 86 F7 0D |......0...*.H...|
2277 0020 01 01 0B 05 00 30 68 31 0B 30 09 06 03 55 04 06 |.....0h1.0...U..|
2278 0030 0C 02 42 45 31 10 30 0E 06 03 55 04 0A 0C 07 45 |..BE1.0...U....E|
2279 0040 50 41 53 4F 72 67 31 26 30 24 06 03 55 04 0B 0C |PASOrg1&0$..U...|
2280 0050 1D 54 65 63 68 6E 69 63 61 6C 20 43 65 6E 74 65 |.Technical Cente|
2281 0060 72 20 6F 66 20 45 78 70 65 72 74 69 73 65 31 1F |r of Expertise1.|
2282 0070 30 1D 06 03 55 04 03 0C 16 45 50 41 53 20 50 72 |0...U....EPAS Pr|
2283 0080 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 43 41 30 |otocols Test CA0|
2284 0090 2A 18 13 32 30 31 33 30 34 31 38 30 38 34 39 35 |*..2013041808495|
2285 00A0 38 2B 30 31 30 30 18 13 32 30 31 38 31 30 30 31 |8+0100..20181001|
2286 00B0 31 38 32 30 30 35 2B 30 32 30 30 30 68 31 0B 30 |182005+02000h1.0|
2287 00C0 09 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 |...U....BE1.0...|
2288 00D0 55 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 |U....EPASOrg1&0$|
2289 00E0 06 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C |..U....Technical|
2290 00F0 20 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 | Center of Exper|
2291 0100 74 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 |tise1.0...U....E|
2292 0110 50 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 |PAS Protocols Te|
2293 0120 73 74 20 43 41 30 82 02 22 30 0D 06 09 2A 86 48 |st CA0.."0...*.H|
2294 0130 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 |.............0..|
2295 0140 0A 02 82 02 01 00 A9 7F 45 12 21 96 E7 35 3C 89 |........E.!..5<.|
2365 The POI RSA authentication key KPOI-Sign to generate the digital signature has a key length of 2048 bits
2366 with the components dumped below:
RSA Key Component Value
Modulus C22511390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8
FB00071293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B
8F16270E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9
E6647000B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9
844BD79AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4
D385C48D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050
B41DB5FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E
8FE5D8B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867
Public Exponent 010001
Private Exponent 1F11BF87D9883A6523F85BE307DC153B2F58689582B27811D2D38A2D8EEAD00C
12DF1642AAD5BA8FAA4DF7E29C1A6994F8AD8F6C0B43153AC6F3E3E0B714A7AB
DD62362DD1E88E068250F877EB2A7E542682791DA7BAC153AC71E23DC125F229
6DED74DF27B39A566D9BEB08E8F0F2D419502CABC5B35CD2899DC5D48840291B
65D1825915B19EC667600AF9EC1F677D2F9D8D5C54DFDAAF316FD291706361C2
852CA6DF00A651BC043312059F37891B7C83F66414E692DA58AD9A0DA19AF9BE
167F3A4CDC60618AF309565345D0B5D699208F84CA07ECDC5F1A082FB54791DD
03F4B3689738C821C824047F5C9441D112BBC9DF909724D5359956AE546AAA41
Prime 1 EBAB12EB45E933B2062E1FC1AAF81A987844DD504B10D4B493EAC90AD3882284
4DF24AA38F2C08C59FDE8FCBD80EC75E507B66A032FA7965A0EBF387BC75691E
C0BC961C5A24E12D894ACEEA239C0320F52CD034276D746691EC2652115157BD
B222A8B040DCE87731793A86BE01A00D31108135259F560C48B256521C73A3F3
Prime 2 D2E4E9EB2BDB7CEA1618A9C49DCDAC3BA0CEFC832DC06DB281A21597D0B2B9A2
5AA2FFC78654FECEC883937DB43847EDD391A0F209867BFE0F7C69C6D4CA1E4F
0A4AA6229249F6F961685EDEF250F86B9884256EC44D03980DD934CEA16A4471
9D79F9FDE018999B977E43F31412FD4D04FF8E06DB718A10848B0085388B4ABD
Exponent 1 673260747A06A6467C825211A266466F21AB362664D897EC0321BAAB6CF99DF3
C59625ACFD92D0BC8947123CB6FDB1BBD10E58602A32985A325F6022BE19C3D0
5DA1B731EF1F5B236F8D3C9236C9A86D142F6D7489175AF3574ECB710078582D
8F05B24C8BFAB0291196FE53E67C1BB3EB1A491A16C17112ABFABBE5F4E38695
Exponent 2 D006EA0F0635FDA3D2A4056262DEAC542D2DBFBB8DF7D0BD524E15CAA91C832C
79076C12DE991CB7D0E6A928480B74384E87CA20B5F0A88255B83D86DA037D9E
2DE2B0BA4D5F1475ADF60C0F132B77C07AB36F5131E55DF43144DE682CA4EC5A
BE21C1CD01AE82670E2A88D0502EE3198422A9706E2A332C53F1E15388112E69
Coefficient 389861E483F93CA0FC53D9D73FCC8C28F5F1213ECE23D23B9A6F8E546BC8C0A8
C16ECE7A75F4CB1056F07638FBA8D4040AEB6AFA005102B06C243E67FA317B66
4E587BFC0F4481017E06D6669096805B043CB806503FB703DF1D31550E591659
35DE699BF055426A490333EAA4AA88A1C7F05106813340D6EB0398A2565E0310
2367
2368
2369
2370 This RSA public key KPOI-Sign is authenticated by a certificate authority with the X.509 certificate
2371 CCA-POI(KPOI-Sign) containing the following information:
Certificate Information Value
serialNumber 2225 A8FB 0007 1293 D464 1C3C
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418102546+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Client Authentication
Extensions
keyUsage DigitalSign
2372
2373 The dump of the X.509 certificate CCA-POI(KPOI-Sign) is:
2374 0000 30 82 04 83 30 82 02 6B A0 03 02 01 02 02 0C 22 |0...0..k......."|
2375 0010 25 A8 FB 00 07 12 93 D4 64 1C 3C 30 0D 06 09 2A |%.......d.<0...*|
2376 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
2377 0030 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
2378 0040 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
2379 0050 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
2380 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
2381 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 |ise1.0...U....EP|
2382 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
2383 0090 74 20 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
2384 00A0 31 30 32 35 34 36 2B 30 31 30 30 18 13 32 30 31 |102546+0100..201|
2385 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
2386 00C0 30 7A 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 |0z1.0...U....FR1|
2387 00D0 10 30 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 |.0...U....EPASOr|
2388 00E0 67 31 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 |g1&0$..U....Tech|
2389 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
2390 0100 45 78 70 65 72 74 69 73 65 31 31 30 2F 06 03 55 |Expertise110/..U|
2391 0110 04 03 0C 28 45 50 41 53 20 50 72 6F 74 6F 63 6F |...(EPAS Protoco|
2392 0120 6C 20 54 65 73 74 20 43 6C 69 65 6E 74 20 41 75 |l Test Client Au|
2393 0130 74 68 65 6E 74 69 63 61 74 69 6F 6E 30 82 01 22 |thentication0.."|
2394 0140 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 |0...*.H.........|
2395 0150 82 01 0F 00 30 82 01 0A 02 82 01 01 00 C2 25 11 |....0.........%.|
2396 0160 39 0B 85 DB 39 90 A2 76 38 B8 50 61 6C 18 B1 1B |9...9..v8.Pal...|
2397 0170 DF 78 49 4B 48 B6 1F 8F 8D 03 22 25 A8 FB 00 07 |.xIKH....."%....|
2398 0180 12 93 D4 64 1C 3C DD E1 8D 47 33 7E B7 38 1A C1 |...d.<...G3~.8..|
2399 0190 29 76 82 0F F5 C0 B3 21 E4 ED F8 8C 9B 8F 16 27 |)v.....!.......'|
2400 01A0 0E 0F C6 FA B4 70 44 9B A7 0B 94 71 39 55 1A BE |.....pD....q9U..|
2401 01B0 32 66 86 F5 38 C4 F7 F6 3A 45 FF 4C B9 E6 64 70 |2f..8...:E.L..dp|
2402 01C0 00 B2 8B 79 1E 12 05 AD B6 AC DC 29 85 46 98 D9 |...y.......).F..|
2403 01D0 0A CC 3B 6C 84 F0 F8 C2 EF BE E4 E3 F9 84 4B D7 |..;l..........K.|
2404 01E0 9A B1 4C 1F 22 37 61 98 C1 3B EA C5 60 DD C8 35 |..L."7a..;..`..5|
2405 01F0 10 41 76 72 9C 7E 62 FB F4 EC 35 0D E4 D3 85 C4 |.Avr.~b...5.....|
2406 0200 8D 3E A4 0A 90 D7 AA 58 38 FA ED 3E 3C 76 0D 19 |.>.....X8..><v..|
2407 0210 BB 84 D1 99 70 77 C7 23 31 F3 AD F0 50 B4 1D B5 |....pw.#1...P...|
2408 0220 FF D1 9D 12 9E 88 C7 53 31 DA 13 26 4B E4 C2 F0 |.......S1..&K...|
2409 0230 B0 A0 AA 09 F7 7E ED 2C 80 1F AD 23 9E 8F E5 D8 |.....~.,...#....|
2410 0240 B4 3F 10 70 8F C3 D6 05 4B 91 56 C5 B5 51 84 F1 |.?.p....K.V..Q..|
2411 0250 A2 94 DA B8 F8 26 71 62 BE 9B B5 48 67 02 03 01 |.....&qb...Hg...|
2412 0260 00 01 A3 0F 30 0D 30 0B 06 03 55 1D 0F 04 04 03 |....0.0...U.....|
2413 0270 02 07 80 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B |...0...*.H......|
2447
2448
2449 The TM Host RSA authentication key KTM-Sign to generate the digital signature has a key length of 3072
2450 bits with the components dumped below:
RSA Key Component Value
Modulus BD095898F981BAF42BE20E19339B396C59626690BDF396D20C503CA57C688AF4
1E50552CF1B9DDC4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B
8F835AE60D9E057EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40
F4D482F5EBC9754F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27
457693B41E7BF2CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98D
BA3047F2C0CDCD9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70
A9548D7804B5E4A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659
D828A94C5544AEBBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD
810E43D574DD7BE664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD
791AB5718F1FA19673EBAF7ABF3CCD732F31D397FCE790869D2A682DF2324514
181CCE1CDB4E7A4036DABAC26276EE0A3A2D2BE04FB52E58128FF4086C7417CD
ECE75B18783DFA2C05D4A51899307FDCC4A00701300D73B45FFD52E396758CC5
Public Exponent 010001
Private Exponent 17D112A18B6605E8F7926E964C433553EA5B14730E0B9FA7ED373ABCDAD4CD14
FEB0BE5A80461BA3B550F5CF2B665363D9C3215071A4DF795A556ABA51DF99BD
E121FA94DB885A46E6AD9FE84FED25F10C224F86E22E71ADB632C78E61B057B1
936726ECD6FD35D3862B10D9B706732D16DC98C8D53D82841617151935E6B58E
FA187B798911B2C06826AE2CD89F75B96483D3FF4201410E25815DAA59F70C4B
D7F6774A2572888228DDF7B0F778D0537A038B245C21FA3E37C69D17D92CEFAE
0999568D7ED81EE98DD3529FD19C52E890CABB99538A8AAD768E2CA7A1F2191A
8A4C0D1C1431A90C7A8AD3240349E7B30344E9F946EBF9CA556B1348936C04C0
24D45C87204F7E04C828A6A781085E5541451C4111A0AA63F807E32D0F941611
8E9F395E936D5AE530F490B05F76337B4AD6C79CACBFB65A12BC137A5B98F02B
8E7456A123F4C43AC50E2244344A3D86402B74E2A66A28EF69095D0A044D14D9
E164F9F67561B462EB95B65A6298BA636BD9E4A150D02357FB293F0B5CF0C5AD
Prime 1 E67D8DC159476C2CB803BA39BBF3606B3F45434FC07AF91368406B57095D205B
AC88BFAF9462B458F9B4DCC26078B27040766510A19F317021AC87B5BDD618BE
95850BC5A895787F6D134C578F9218EAD686EFED14EAA84804F749794288E24C
EA2A955AA3473EF99A0D536A7AA13E0DFAD7739A42F46C98C55C8066FBA20EDB
91D587A966F061351A46141CEBCFD944E766FBCAA19F251A09BF6BD7E3B8A8FD
F3AD572B7B7FEC9B160C8F8A6FDE5E029D7942A45F5572BD40B04F3CF59F4BF7
Prime 2 D1F548FB2D1A25B094040F6B26B051F99F6E7C9DB34148A458393C08BC2232EB
CDB9E98BD8CB7E1E1A5D133F668E535E1A27FAF807C253057438ADF7846AA656
7E03A4879248DF06A9A8E413F8125CAC14B2093EB043AB4831F16EF7DB04FD34
855D525A6C5BE4E7D2C6B6F02C97BF975BE971C5F8515BBE2FE9BD894B39DF74
CED4BE6BEEF5D35C5D420BDD29111EDCE556D1DC38669AC9D5136FAF44951381
BE2B1F51DD150EB1A591C46242E54715550710E7AB20BAFC50B6D31469F4A623
Exponent 1 5E579BD33D40DFC53A18C47BE7338A0EBBDA14E02AEFEACD87C97E6624BE0A85
9B8C69B16B722F518FFBF8B4531A7427402B75D8A5DEEC34728415144DBCB96A
20F751473966DCE88373F7B68B5C88786F10D259DF4AE150813FDAC2187AC0EE
2C96FB851AFA098BCF038F56311598B9CE27ABF8C3591AAE3972505856BD1189
CC1A73A9E22998104D4DCBE3BE9DD7D7BD43C8E23ADF5227634007DB5929777A
62E85B9ABFB52FDA96DED34E1DD60DF2D214153404958C1E6CC0FDDDFCC79427
Exponent 2 80A494A9E9B19AA43D9CDB41A0FBE9CE53E463905093D08979D0DFBACE62F9E6
4730012C0192755CC6747EE59AD5DBB8CDB7EF6AE77E26563226C458E3166182
9F45661AF703953B44DAC99C7EA3E98A3A47F7A82461E1E1A35035D8C1A6A5E9
F748FDBB8FA72272F44F732967793717EB65F6A3010A0077606E0C06C243DC69
7A8D197B9277A6A07237948356B539BEC8FA502D69955C840BFD13B245083E62
817D747C3944BCB3162A61347F9E71D65D39AE1EF4586299546F2097E26FD717
Coefficient D175B7C635A4E77C5140848E541B1F75EF83ADEDF347B1727A332FC292142080
8225783A23F9475692A0E14425BEDD0CD72342F243AC24D0901778B91C58A9A2
515F72538BC0F1DC7167FF598247F1CE2A475967256AA3FA63EC1008C8B7FF90
51DF38D7B9B7AC0B86CBDFA141DC22D755898FB471818202734F761D3464C9B0
5E7F0119E80F7BD4F205233B020DB1EEA7CC8DE11BB68CF8A0F82CE8CD3E33C5
2472FC11229F8C0A56F85189D0B7868958E1987D7B7819EB85C5B05FB1CD0448
2451
2452
2453
2454 This RSA public key KTM-Sign is authenticated by a certificate authority with the X.509 certificate
2455 CCA-TM(KTM-Sign) containing the following information:
Certificate Information Value
serialNumber 2ABC 40F4 D482 F5EB C975
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418100646+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Authentication
Extensions
keyUsage DigitalSign
2456
2457 The dump of the X.509 certificate CCA-TM(KTM-Sign) is:
2458 0: 30 82 04 FF 30 82 02 E7 A0 03 02 01 02 02 0A 2A |0 0 *|
2459 10: BC 40 F4 D4 82 F5 EB C9 75 30 0D 06 09 2A 86 48 | @ u0 * H|
2460 20: 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 06 03 | 0h1 0 |
2461 30: 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 04 0A |U BE1 0 U |
2462 40: 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 03 55 | EPASOrg1&0$ U|
2463 50: 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 43 65 | Technical Ce|
2464 60: 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 69 73 |nter of Expertis|
2465 70: 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 41 53 |e1 0 U EPAS|
2466 80: 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 | Protocols Test |
2467 90: 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 31 30 |CA0* 2013041810|
2468 A0: 30 36 34 36 2B 30 31 30 30 18 13 32 30 31 38 31 |0646+0100 20181|
2469 B0: 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 30 78 |001182005+01000x|
2470 C0: 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 10 30 |1 0 U FR1 0|
2471 D0: 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 67 31 | U EPASOrg1|
2472 E0: 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 6E 69 |&0$ U Techni|
2473 F0: 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 45 78 |cal Center of Ex|
2474 100: 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 04 03 |pertise1/0- U |
2475 110: 0C 26 45 50 41 53 20 50 72 6F 74 6F 63 6F 6C 20 | &EPAS Protocol |
2476 120: 54 65 73 74 20 48 6F 73 74 20 41 75 74 68 65 6E |Test Host Authen|
2477 130: 74 69 63 61 74 69 6F 6E 30 82 01 A2 30 0D 06 09 |tication0 0 |
2478 140: 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 8F 00 |* H |
2479 150: 30 82 01 8A 02 82 01 81 00 BD 09 58 98 F9 81 BA |0 X |
2480 160: F4 2B E2 0E 19 33 9B 39 6C 59 62 66 90 BD F3 96 | + 3 9lYbf |
2481 170: D2 0C 50 3C A5 7C 68 8A F4 1E 50 55 2C F1 B9 DD | P< |h PU, |
2482 180: C4 11 62 09 DD 00 C2 6B 67 3F 7E DE E7 D0 CA 6D | b kg?~ m|
2483 190: C2 DA A9 FF 2F 8C 3A 86 0B 8F 83 5A E6 0D 9E 05 | / : Z |
2484 1A0: 7E DD F1 62 5F AC 55 A1 02 83 7F C1 C7 EF 8C 0A |~ b_ U |
2485 1B0: 6C 13 7C 59 73 97 2A BC 40 F4 D4 82 F5 EB C9 75 |l |Ys * @ u|
2486 1C0: 4F 96 4B 6E EC ED BE 66 DB 62 AD 0D A7 B3 8E 05 |O Kn f b |
2487 1D0: 91 75 62 E8 99 DF 71 7D 27 45 76 93 B4 1E 7B F2 | ub q}'Ev { |
2488 1E0: CB A9 88 55 AE 2C 97 DE 4B 48 FD 81 2A 52 0D 6D | U , KH *R m|
2489 1F0: 35 60 10 F6 E8 35 5E C9 8D BA 30 47 F2 C0 CD CD |5` 5^ 0G |
2490 200: 9B E6 55 27 7F 3E D6 9A 78 8D D8 0A 6A 12 BC A3 | U' > x j |
2491 210: D4 C7 F0 86 62 B9 9D 3F 70 A9 54 8D 78 04 B5 E4 | b ?p T x |
2492 220: A2 91 3A 3E C0 25 25 BE 63 9E D7 D9 B9 86 55 6C | :> %% c Ul|
2493 230: 59 32 67 56 42 FC C4 E6 59 D8 28 A9 4C 55 44 AE |Y2gVB Y ( LUD |
2494 240: BB C5 44 6E E6 B9 6A 04 A0 18 54 70 29 6D FC 2F | Dn j Tp)m /|
2495 250: FB A7 3D 40 74 93 09 68 DD 81 0E 43 D5 74 DD 7B | =@t h C t {|
2496 260: E6 64 89 9D A6 E4 8E B4 B3 B5 90 E2 CA A9 7C 75 | d |u|
2497 270: 01 5C 73 50 93 AD 62 E3 FD 79 1A B5 71 8F 1F A1 | \sP b y q |
2498 280: 96 73 EB AF 7A BF 3C CD 73 2F 31 D3 97 FC E7 90 | s z < s/1 |
2539
2540
2541 The TM Host RSA key encryption key KTM-Enc to protect the key encryption key, has a key length of 3072
2542 bits with the components dumped below:
RSA Key Component Value
Modulus D72CCF63FB2F866A18F219DC919316495FF66C906F904D7B266525C37FABE7D4
ED99EA0424336D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB90
6AA75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE042216
FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA44DB6BE51A6358C
AA3CCB8528E58B55540ED22325233333D3D6D2B82ED7A58D499F445FF835C3EB
D5B515379A7C2B5B41D35F3DFD5A1A2D61491038FDD19E18EF678FD794872ACC
8B8129AFA0D02FCD6E4ADE9184D5FEC2386441293B16BB76B8E2E4F8E8027636
6855A880E0EFAC449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E153
0E11F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B7D222
1F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC81489469C17DA2DFAF7AB
496EE7C24E43951FFE28006BFF96E2D15838AC7252F3D45E8FEBEF0F7EEF974F
FE0A38C38926CFA0683198CA8FD08C8B2427B91A0B16F79A7186DE7DAB9DFF3D
Public Exponent 010001
Private Exponent 70CA3357D446202E232F5CB10AB9D017DC2E7ECFE33AFFF24AB900678ED7DC68
F7B7133CE280F6B57635764B32F0E1C979B8D28EACA82C96FF5F87CB64D56A43
2434DFF1F4ED305C3D9D8B2C9FCCB3B66091EAFFE5E4A7D16753204FB782F11F
9C6D774FA0D5128ADCE69CFFFBD49FE67EEED01D0E3E3F5248FBD78BC19EDF39
01CF665B4189B9549C003CD461562733C69A37D085F551F9529B22AB2F9F7738
7AC835FBF4859BF074FBC853E526C2CC00CFDCAA131A3AC6154FF2CD6D34C110
8A903DDA424D8A689EBCCFDB05FCAC0B9FC16C3091D284506661F52D4A2FAB8C
A519B79C882E1E1DA6E04BC292D8C86A073BBB4DD354FE9A068F59621AD2739C
F0C7C1536187337B758F0CA31CE1381EC81D61EF92F7251BA60ABC2F3732C0CB
31979282D7B96866CAD0CFD4842A1041E2A8BC720FB2B9147DED36BAD36E323E
21482BD5A5416E3FA2DB23355B19A3534910DA8A03FC41B2DCA278796D98E9A3
BE44410361825CBA24ACC5E0D5276FE55A6AD20E0F8FE1F3BFBE7DC5E1D5F581
Prime 1 FA00B40D29723058B33EB625A4B52D9B9F010360F739135E4A6AB13A24780D7C
D577657B3E6DB0043C4B1422384D4023E2F901B922D188C5AE0365B816DCF8AF
7E62E4ECF2D0AB3EA21B362B811873661BFF476DD123509F07D8D633CC373F7A
EF59894385BF9FC7E82BBD84DC148922A00558DD365A47B6A384BF91EAF440F4
E05D4BC95481AEFB61A1706C1E4B62A482A0A5AE9E3A87ED64826896CDD52B00
355FDF2D81B649E553D412205C0EFB4E075C2526FDDFA885F94AAFA323C4601D
Prime 2 DC5639C6AE9A6BD28746623C4D86C4A4E0212A1BE44EC34054FEEC65C101DC1E
0F45183CEC4CECB367E250D69A1B4ADE858BD67CE8CDCFAE182369B7B86D2DC0
F1159429A29E1293ADAFC66C5A8673D789D589AA66D0C25AE6B5325D1477B47A
713DC43842E22A36AEB738A893D17CFEAC4F9F0FF25DCD5D7DAD3AF7346B88EA
D4E5C86ECC970BC67BE142C53534788006AA1D8FADE91EE6D988BDB6D57775C7
3F8C41AAEF83508E836A92083B571D52E2904D0592A34900787C9650A41831A1
Exponent 1 D72FA7CAF473BF3D79FB6E98F42EA6B51EA5A69CDDEF18C6BE531B7D2A4AD381
31D4755B219F14347119469935D0F8766B355DD05731F801FF081993DCCA129C
2BB33FCCDC2BD45A32FA2D24411824AC2D490BD8707D6F35937186DE4AD6FB22
FBC61BAA2D0385AA7222C41C09BAFB56FC59DDE57A9536C8F3F29D5A21DC5FD4
E71226DB828BA56BE6DB2883478827BDE65A14823ADBB288194D4E6D0F7A7E6A
CD8659F9377F0A180491B3907AECC24EA57320DF710204725CE3764E7BC8D9D9
Exponent 2 5826F73E92249DF6C0C05C151C3F4AF55BE668DE77DD3B28C5D8A7E39DF08C8C
4A37AE96D143857FD1942E1B6DD47583C99244E1FC923B00C00F8B0041FD0C4D
21272CFBEB5FAAB702CA4C6C955B2D859253A89C503E3D43F9018D80C7EB8C7D
604901F4306E23CD74E140FDD106032830F03A073B4464217F628B30D3FC21EF
31F62CD6876BF6FE1619ED88D0DC89494F61482A6FBDD0EB33250E21D40DD345
401B713A5E50FF2DC54E21D6C146FD286814AB7C0B4AE0AE1B865CED2E79AF81
Coefficient BF2571D99CCC8D31ECEE0DE36E8C591043C371D01052AE0DF46DD35118031F5E
4AAB2948761A9BFCE909047EA5143B03EAD08A65B9F0E96F525ABF014A121E4C
E7935EDB7F0244357B1E20E106066A2E0BF326D82BFE6EDD2A283174D6E9A865
D3FD60D3FACC1D1B8F82FD32A9DAE2CEFC92C0BA4A3D66872A82FB1E67608565
3EDF96B096766729824F4C2B050494C7CE6ADEE376379558E3DA58CC608558CD
A2C4257398C03A973B9790ADAE2E3D4FD18A551DBC847E632455BB55633698EF
2543
2544
2545
2546 This RSA public key KTM-Enc is authenticated by a certificate authority with the X.509 certificate
2547 CCA-TM(KTM-Enc) containing the following information:
Certificate Information Value
serialNumber 7895 CA35 014C 3D2F 1E11 B10D
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418101823+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Key Encryption
Extensions
keyUsage KeyEncipherment
2548
2549 The dump of the X.509 certificate CCA-TM(KTM-Enc) is:
2550 0000 30 82 05 01 30 82 02 E9 A0 03 02 01 02 02 0C 78 |0...0..........x|
2551 0010 95 CA 35 01 4C 3D 2F 1E 11 B1 0D 30 0D 06 09 2A |..5.L=/....0...*|
2552 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
2553 0030 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
2554 0040 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
2555 0050 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
2556 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
2557 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 |ise1.0...U....EP|
2558 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
2559 0090 74 20 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
2560 00A0 31 30 31 38 32 33 2B 30 31 30 30 18 13 32 30 31 |101823+0100..201|
2561 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
2562 00C0 30 78 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 |0x1.0...U....FR1|
2563 00D0 10 30 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 |.0...U....EPASOr|
2564 00E0 67 31 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 |g1&0$..U....Tech|
2565 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
2566 0100 45 78 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 |Expertise1/0-..U|
2567 0110 04 03 0C 26 45 50 41 53 20 50 72 6F 74 6F 63 6F |...&EPAS Protoco|
2568 0120 6C 20 54 65 73 74 20 48 6F 73 74 20 4B 65 79 20 |l Test Host Key |
2569 0130 45 6E 63 72 79 70 74 69 6F 6E 30 82 01 A2 30 0D |Encryption0...0.|
2570 0140 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 |..*.H...........|
2571 0150 8F 00 30 82 01 8A 02 82 01 81 00 D7 2C CF 63 FB |..0.........,.c.|
2572 0160 2F 86 6A 18 F2 19 DC 91 93 16 49 5F F6 6C 90 6F |/.j.......I_.l.o|
2573 0170 90 4D 7B 26 65 25 C3 7F AB E7 D4 ED 99 EA 04 24 |.M{&e%.........$|
2574 0180 33 6D 99 B0 B7 97 9D E1 76 4E 7C D1 6B 64 B9 BA |3m......vN|.kd..|
2575 0190 95 46 10 BC AC BB 6C FD A4 CB 90 6A A7 5B ED 58 |.F....l....j.[.X|
2576 01A0 B9 A0 03 71 52 54 1E B1 DC 3D D0 B6 21 4E B3 1B |...qRT...=..!N..|
2577 01B0 E9 7A 4F 91 07 34 12 DE 04 22 16 FA 8F 82 6D 24 |.zO..4..."....m$|
2578 01C0 C7 F2 D3 05 D4 BF 63 46 5B F8 99 DC 6F 07 3F F6 |......cF[...o.?.|
2579 01D0 AA 33 8E A4 4D B6 BE 51 A6 35 8C AA 3C CB 85 28 |.3..M..Q.5..<..(|
2580 01E0 E5 8B 55 54 0E D2 23 25 23 33 33 D3 D6 D2 B8 2E |..UT..#%#33.....|
2581 01F0 D7 A5 8D 49 9F 44 5F F8 35 C3 EB D5 B5 15 37 9A |...I.D_.5.....7.|
2582 0200 7C 2B 5B 41 D3 5F 3D FD 5A 1A 2D 61 49 10 38 FD ||+[A._=.Z.-aI.8.|
2583 0210 D1 9E 18 EF 67 8F D7 94 87 2A CC 8B 81 29 AF A0 |....g....*...)..|
2584 0220 D0 2F CD 6E 4A DE 91 84 D5 FE C2 38 64 41 29 3B |./.nJ......8dA);|
2585 0230 16 BB 76 B8 E2 E4 F8 E8 02 76 36 68 55 A8 80 E0 |..v......v6hU...|
2586 0240 EF AC 44 9E 76 12 4C 4B F7 FF 2B A1 5E 67 4B 62 |..D.v.LK..+.^gKb|
2587 0250 A5 63 7D 26 60 0A A3 A0 13 E1 53 0E 11 F4 BF 98 |.c}&`.....S.....|
2588 0260 4E 53 3F 52 0A 2E 74 BD 82 6D D5 07 C2 83 D2 F5 |NS?R..t..m......|
2589 0270 63 C2 28 48 E0 5D 84 D2 B7 D2 22 1F 4B 63 B5 67 |c.(H.]....".Kc.g|
2590 0280 97 E6 AF B4 25 D5 67 E5 F9 16 E3 AB 4E 2C 48 6E |....%.g.....N,Hn|
2631
2632
2636
2637 The POI has no symmetric key shared usable by the key injection, so the pre-loaded authentication RSA
2638 key is used to provide a digital signature of the message body.
2639 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
2640 body is:
2641 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
2642 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
2643 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
2644 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
2645 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
2646 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
2647 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
2648 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
2649 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
2650 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
2651 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
2652 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 34 |13-12-06T13:53:4|
2653 00C0 39 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |9.00+02:00</CreD|
2654 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
2655 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
2656 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
2657 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
2658 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
2659 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
2660 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
2661 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
2662 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
2663 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
2664 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
2665 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
2666 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
2667 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
2668 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
2669 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
2670 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|
2671 01E0 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 45 50 41 2D |dCmplc><Id>SEPA-|
2672 01F0 46 41 53 54 3C 2F 49 64 3E 3C 56 72 73 6E 3E 33 |FAST</Id><Vrsn>3|
2673 0200 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 73 72 3E 43 |.0</Vrsn><Issr>C|
2674 0210 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 74 64 43 6D |IR</Issr></StdCm|
2675 0220 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |plc></POICmpnt><|
2676 0230 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 |AttndncCntxt>ATT|
2677 0240 44 3C 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E |D</AttndncCntxt>|
2678 0250 3C 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 31 32 |<POIDtTm>2013-12|
2679 0260 2D 30 36 54 31 33 3A 35 33 3A 34 39 2E 30 30 2B |-06T13:53:49.00+|
2680 0270 30 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C |02:00</POIDtTm><|
2681 0280 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E |/Cntt></DataSet>|
2682 0290 3C 2F 53 74 73 52 70 74 3E |</StsRpt> |
2683
2684
2685 The SHA256 digest of the StatusReport message body is:
2686 0000 A1 1B 8D 78 72 94 2C 4A C5 9E 7C A8 41 5F A2 9F |...xr.,J..|.A_..|
2687 0010 05 15 24 81 26 DB D1 47 62 AF B5 EE 7E B1 B2 5E |..$.&..Gb...~..^|
2688
2689
2690
8 Download of Cryptographic Keys Page 127
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
2691 Applying the padding process for the digital signature, the block result is dumped below:
2692 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2693 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2694 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2695 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2696 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2697 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2698 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2699 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2700 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2701 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2702 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2703 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2704 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
2705 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
2706 00E0 A1 1B 8D 78 72 94 2C 4A C5 9E 7C A8 41 5F A2 9F |...xr.,J..|.A_..|
2707 00F0 05 15 24 81 26 DB D1 47 62 AF B5 EE 7E B1 B2 5E |..$.&..Gb...~..^|
2708
2709
2710 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
2711 body:
2712 0000 6E 0E 57 07 DF E9 8A 0A F8 D5 7D B7 55 60 12 5C |n.W.......}.U`.\|
2713 0010 49 7A 90 98 4F E7 4E 06 A2 54 20 1A B6 F6 A9 C5 |Iz..O.N..T .....|
2714 0020 0D 04 C2 9D EB FA 16 D1 55 51 E3 73 1B 70 1D C3 |........UQ.s.p..|
2715 0030 CA 3C 7D CA 37 13 2F C5 B0 B3 7D 49 32 BE 13 10 |.<}.7./...}I2...|
2716 0040 CE 79 CF 0D 2F A8 4A D7 6D B8 7D 05 FC 02 70 63 |.y../.J.m.}...pc|
2717 0050 B2 4D FE A1 88 92 A5 02 1C E5 3D 24 E6 86 D8 56 |.M........=$...V|
2718 0060 45 B7 74 3F E4 A8 2D 15 CA AD DD 72 5C AD 38 1E |E.t?..-....r\.8.|
2719 0070 C7 A1 AD E7 A7 A7 DB 83 79 5C BD F4 41 3D C3 AD |........y\..A=..|
2720 0080 A4 D6 65 C8 9B AD 9A D9 EE 68 A1 08 00 27 5F 9F |..e......h...'_.|
2721 0090 D0 4E 4D C1 F0 1B B1 5C EE 02 A0 7F F0 5A FE 8E |.NM....\.....Z..|
2722 00A0 3E 71 F3 E7 30 40 0A 56 41 D1 72 95 2D A0 72 8E |>[email protected].|
2723 00B0 D6 73 D4 51 A6 0D 97 FF FD AF A0 52 18 5E 84 43 |.s.Q.......R.^.C|
2724 00C0 8D 24 FE D3 29 3D AF 64 25 43 E0 E6 3C 2D DE D0 |.$..)=.d%C..<-..|
2725 00D0 DA 6A 10 65 A0 D3 A2 8A F9 04 48 6A 90 BF 43 D2 |.j.e......Hj..C.|
2726 00E0 AA 23 58 0D D2 FA 39 16 CB 59 39 4A 40 E4 55 9A |.#[email protected].|
2727 00F0 D9 FE EE 08 45 00 D0 C6 E0 41 DF BA 24 F2 07 19 |....E....A..$...|
2728
2729
2730
2731
2732
2733 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 6E0E5707DFE98A0AF8D57DB75560125C497A90984FE74E06A254201AB6F6A9C5
0D04C29DEBFA16D15551E3731B701DC3CA3C7DCA37132FC5B0B37D4932BE1310
CE79CF0D2FA84AD76DB87D05FC027063B24DFEA18892A5021CE53D24E686D856
45B7743FE4A82D15CAADDD725CAD381EC7A1ADE7A7A7DB83795CBDF4413DC3AD
A4D665C89BAD9AD9EE68A10800275F9FD04E4DC1F01BB15CEE02A07FF05AFE8E
3E71F3E730400A5641D172952DA0728ED673D451A60D97FFFDAFA052185E8443
8D24FED3293DAF642543E0E63C2DDED0DA6A1065A0D3A28AF904486A90BF43D2
AA23580DD2FA3916CB59394A40E4559AD9FEEE084500D0C6E041DFBA24F20719
2734
2735 The XML encoded structure of the StatusReport message is:
2736
2737 <?xml version="1.0" encoding="UTF-8"?>
2738 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2739 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
2740 <StsRpt>
2741 <Hdr>
2742 <DwnldTrf>false</DwnldTrf>
2743 <FrmtVrsn>5.0</FrmtVrsn>
2744 <XchgId>001</XchgId>
2745 <CreDtTm>2013-12-06T13:53:49.00+02:00</CreDtTm>
2746 <InitgPty>
2747 <Id>66000001</Id>
2748 <Tp>OPOI</Tp>
2749 <Issr>MTMG</Issr>
2750 </InitgPty>
2751 <RcptPty>
2752 <Id>epas-keyDownload-TM1</Id>
2753 <Tp>MTMG</Tp>
2754 </RcptPty>
2755 </Hdr>
2756 <StsRpt>
2757 <POIId>
2758 <Id>66000001</Id>
2759 <Tp>OPOI</Tp>
2760 <Issr>MTMG</Issr>
2761 </POIId>
2762 <TermnlMgrId>
2763 <Id>epas-keyDownload-TM1</Id>
2764 <Tp>MTMG</Tp>
2765 </TermnlMgrId>
2766 <DataSet>
2767 <Id>
2768 <Tp>STRP</Tp>
2769 <CreDtTm>2013-12-06T13:53:49.00+02:00</CreDtTm>
2770 </Id>
2771 <Cntt>
2772 <POICmpnt>
2773 <Tp>TERM</Tp>
2774 <Id>
2775 <ItmNb>1</ItmNb>
2776 <PrvdrId>EPASVendor001</PrvdrId>
2777 <Id>Counter Top E41</Id>
2778 <SrlNb>7825410759</SrlNb>
2779 </Id>
2780 </POICmpnt>
2781 <POICmpnt>
2782 <Tp>APLI</Tp>
2783 <Id>
2784 <ItmNb>1.1</ItmNb>
2785 <PrvdrId>EPASVendor001</PrvdrId>
2786 </Id>
2787 <Sts>
2788 <VrsnNb>1.01</VrsnNb>
2789 </Sts>
2790 <StdCmplc>
2791 <Id>SEPA-FAST</Id>
2792 <Vrsn>3.0</Vrsn>
2793 <Issr>CIR</Issr>
2794 </StdCmplc>
2795 </POICmpnt>
2796 <AttndncCntxt>ATTD</AttndncCntxt>
2797 <POIDtTm>2013-12-06T13:53:49.00+02:00</POIDtTm>
2798 </Cntt>
2799 </DataSet>
2800 </StsRpt>
2801 <SctyTrlr>
2802 <CnttTp>SIGN</CnttTp>
2803 <SgndData>
2804 <DgstAlgo>
2805 <Algo>HS25</Algo>
2806 </DgstAlgo>
2807 <NcpsltdCntt>
2808 <CnttTp>DATA</CnttTp>
2809 </NcpsltdCntt>
2810 <Cert>
2811 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
2812 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
2813 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
2814 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
2815 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
2816 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
2817 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
2818 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
2819 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
2820 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
2821 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
2822 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
2823 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
2824 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
2825 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
2826 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
2827 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
2828 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
2829 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
2830 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
2831 </Cert>
2832 <Sgnr>
2833 <SgnrId>
2834 <IssrAndSrlNb>
2835 <Issr>
2836 <RltvDstngshdNm>
2837 <AttrTp>CATT</AttrTp>
2838 <AttrVal>BE</AttrVal>
2839 </RltvDstngshdNm>
2840 <RltvDstngshdNm>
2841 <AttrTp>OATT</AttrTp>
2842 <AttrVal>EPASOrg</AttrVal>
2843 </RltvDstngshdNm>
2844 <RltvDstngshdNm>
2845 <AttrTp>OUAT</AttrTp>
2846 <AttrVal>Technical Center of Expertise</AttrVal>
2847 </RltvDstngshdNm>
2848 <RltvDstngshdNm>
2849 <AttrTp>CNAT</AttrTp>
2850 <AttrVal>EPAS Protocols Test CA</AttrVal>
2851 </RltvDstngshdNm>
2852 </Issr>
2853 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
2854 </IssrAndSrlNb>
2855 </SgnrId>
2856 <DgstAlgo>
2857 <Algo>HS25</Algo>
2858 </DgstAlgo>
2859 <SgntrAlgo>
2860 <Algo>ERS2</Algo>
2861 </SgntrAlgo>
2862 <Sgntr>
2863 bg5XB9/pigr41X23VWASXEl6kJhP504GolQgGrb2qcUNBMKd6/oW0VVR43MbcB3Dyjx9yjcTL
2864 8Wws31JMr4TEM55zw0vqErXbbh9BfwCcGOyTf6hiJKlAhzlPSTmhthWRbd0P+SoLRXKrd1yXK
2865 04Hsehreenp9uDeVy99EE9w62k1mXIm62a2e5ooQgAJ1+f0E5NwfAbsVzuAqB/8Fr+jj5x8+c
2866 wQApWQdFylS2gco7Wc9RRpg2X//2voFIYXoRDjST+0yk9r2QlQ+DmPC3e0NpqEGWg06KK+QRI
2867 apC/Q9KqI1gN0vo5FstZOUpA5FWa2f7uCEUA0MbgQd+6JPIHGQ==
2868
2869 </Sgntr>
2870 </Sgnr>
2871 </SgndData>
2872 </SctyTrlr>
2873 </StsRpt>
2874 </Document>
2875
2876
2877 Once unnecessary spaces and carriage returns are removed, the XML encoded SecurityTrailer structure
2878 is:
2879 0000 3C 53 63 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 |<SctyTrlr><CnttT|
2880 0010 70 3E 53 49 47 4E 3C 2F 43 6E 74 74 54 70 3E 3C |p>SIGN</CnttTp><|
2881 0020 53 67 6E 64 44 61 74 61 3E 3C 44 67 73 74 41 6C |SgndData><DgstAl|
2882 0030 67 6F 3E 3C 41 6C 67 6F 3E 48 53 32 35 3C 2F 41 |go><Algo>HS25</A|
2883 0040 6C 67 6F 3E 3C 2F 44 67 73 74 41 6C 67 6F 3E 3C |lgo></DgstAlgo><|
2884 0050 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 |NcpsltdCntt><Cnt|
2885 0060 74 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 |tTp>DATA</CnttTp|
2886 0070 3E 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C |></NcpsltdCntt><|
2887 0080 43 65 72 74 3E 4D 49 49 45 67 7A 43 43 41 6D 75 |Cert>MIIEgzCCAmu|
2888 0090 67 41 77 49 42 41 67 49 4D 49 69 57 6F 2B 77 41 |gAwIBAgIMIiWo+wA|
2889 00A0 48 45 70 50 55 5A 42 77 38 4D 41 30 47 43 53 71 |HEpPUZBw8MA0GCSq|
2890 00B0 47 53 49 62 33 44 51 45 42 43 77 55 41 4D 47 67 |GSIb3DQEBCwUAMGg|
2891 00C0 78 43 7A 41 4A 42 67 4E 56 42 41 59 4D 41 6B 4A |xCzAJBgNVBAYMAkJ|
2892 00D0 46 4D 52 41 77 44 67 59 44 56 51 51 4B 44 41 64 |FMRAwDgYDVQQKDAd|
2893 00E0 46 55 45 46 54 54 33 4A 6E 4D 53 59 77 4A 41 59 |FUEFTT3JnMSYwJAY|
2894 00F0 44 56 51 51 4C 44 42 31 55 5A 57 4E 6F 62 6D 6C |DVQQLDB1UZWNobml|
2895 0100 6A 59 57 77 67 51 32 56 75 64 47 56 79 49 47 39 |jYWwgQ2VudGVyIG9|
2896 0110 6D 49 45 56 34 63 47 56 79 64 47 6C 7A 5A 54 45 |mIEV4cGVydGlzZTE|
2897 0120 66 4D 42 30 47 41 31 55 45 41 77 77 57 52 56 42 |fMB0GA1UEAwwWRVB|
2898 0130 42 55 79 42 51 63 6D 39 30 62 32 4E 76 62 48 4D |BUyBQcm90b2NvbHM|
2899 0140 67 56 47 56 7A 64 43 42 44 51 54 41 71 47 42 4D |gVGVzdCBDQTAqGBM|
2900 0150 79 4D 44 45 7A 4D 44 51 78 4F 44 45 77 4D 6A 55 |yMDEzMDQxODEwMjU|
2901 0160 30 4E 69 73 77 4D 54 41 77 47 42 4D 79 4D 44 45 |0NiswMTAwGBMyMDE|
2902 0170 34 4D 54 41 77 4D 54 45 34 4D 6A 41 77 4E 53 73 |4MTAwMTE4MjAwNSs|
2903 0180 77 4D 54 41 77 4D 48 6F 78 43 7A 41 4A 42 67 4E |wMTAwMHoxCzAJBgN|
2904 0190 56 42 41 59 4D 41 6B 5A 53 4D 52 41 77 44 67 59 |VBAYMAkZSMRAwDgY|
2905 01A0 44 56 51 51 4B 44 41 64 46 55 45 46 54 54 33 4A |DVQQKDAdFUEFTT3J|
2906 01B0 6E 4D 53 59 77 4A 41 59 44 56 51 51 4C 44 42 31 |nMSYwJAYDVQQLDB1|
2907 01C0 55 5A 57 4E 6F 62 6D 6C 6A 59 57 77 67 51 32 56 |UZWNobmljYWwgQ2V|
2908 01D0 75 64 47 56 79 49 47 39 6D 49 45 56 34 63 47 56 |udGVyIG9mIEV4cGV|
2909 01E0 79 64 47 6C 7A 5A 54 45 78 4D 43 38 47 41 31 55 |ydGlzZTExMC8GA1U|
2910 01F0 45 41 77 77 6F 52 56 42 42 55 79 42 51 63 6D 39 |EAwwoRVBBUyBQcm9|
2911 0200 30 62 32 4E 76 62 43 42 55 5A 58 4E 30 49 45 4E |0b2NvbCBUZXN0IEN|
2912 0210 73 61 57 56 75 64 43 42 42 64 58 52 6F 5A 57 35 |saWVudCBBdXRoZW5|
2913 0220 30 61 57 4E 68 64 47 6C 76 62 6A 43 43 41 53 49 |0aWNhdGlvbjCCASI|
2914 0230 77 44 51 59 4A 4B 6F 5A 49 68 76 63 4E 41 51 45 |wDQYJKoZIhvcNAQE|
2915 0240 42 42 51 41 44 67 67 45 50 41 44 43 43 41 51 6F |BBQADggEPADCCAQo|
2916 0250 43 67 67 45 42 41 4D 49 6C 45 54 6B 4C 68 64 73 |CggEBAMIlETkLhds|
2917 0260 35 6B 4B 4A 32 4F 4C 68 51 59 57 77 59 73 52 76 |5kKJ2OLhQYWwYsRv|
2918 0270 66 65 45 6C 4C 53 4C 59 66 6A 34 30 44 49 69 57 |feElLSLYfj40DIiW|
2919 0280 6F 2B 77 41 48 45 70 50 55 5A 42 77 38 33 65 47 |o+wAHEpPUZBw83eG|
2920 0290 4E 52 7A 4E 2B 74 7A 67 61 77 53 6C 32 67 67 2F |NRzN+tzgawSl2gg/|
2921 02A0 31 77 4C 4D 68 35 4F 33 34 6A 4A 75 50 46 69 63 |1wLMh5O34jJuPFic|
2922 02B0 4F 44 38 62 36 74 48 42 45 6D 36 63 4C 6C 48 45 |OD8b6tHBEm6cLlHE|
2923 02C0 35 56 52 71 2B 4D 6D 61 47 39 54 6A 45 39 2F 59 |5VRq+MmaG9TjE9/Y|
2924 02D0 36 52 66 39 4D 75 65 5A 6B 63 41 43 79 69 33 6B |6Rf9MueZkcACyi3k|
2925 02E0 65 45 67 57 74 74 71 7A 63 4B 59 56 47 6D 4E 6B |eEgWttqzcKYVGmNk|
2926 02F0 4B 7A 44 74 73 68 50 44 34 77 75 2B 2B 35 4F 50 |KzDtshPD4wu++5OP|
2927 0300 35 68 45 76 58 6D 72 46 4D 48 79 49 33 59 5A 6A |5hEvXmrFMHyI3YZj|
2928 0310 42 4F 2B 72 46 59 4E 33 49 4E 52 42 42 64 6E 4B |BO+rFYN3INRBBdnK|
2929 0320 63 66 6D 4C 37 39 4F 77 31 44 65 54 54 68 63 53 |cfmL79Ow1DeTThcS|
2930 0330 4E 50 71 51 4B 6B 4E 65 71 57 44 6A 36 37 54 34 |NPqQKkNeqWDj67T4|
2931 0340 38 64 67 30 5A 75 34 54 52 6D 58 42 33 78 79 4D |8dg0Zu4TRmXB3xyM|
2932 0350 78 38 36 33 77 55 4C 51 64 74 66 2F 52 6E 52 4B |x863wULQdtf/RnRK|
2933 0360 65 69 4D 64 54 4D 64 6F 54 4A 6B 76 6B 77 76 43 |eiMdTMdoTJkvkwvC|
2934 0370 77 6F 4B 6F 4A 39 33 37 74 4C 49 41 66 72 53 4F |woKoJ937tLIAfrSO|
2935 0380 65 6A 2B 58 59 74 44 38 51 63 49 2F 44 31 67 56 |ej+XYtD8QcI/D1gV|
2936 0390 4C 6B 56 62 46 74 56 47 45 38 61 4B 55 32 72 6A |LkVbFtVGE8aKU2rj|
2937 03A0 34 4A 6E 46 69 76 70 75 31 53 47 63 43 41 77 45 |4JnFivpu1SGcCAwE|
2938 03B0 41 41 61 4D 50 4D 41 30 77 43 77 59 44 56 52 30 |AAaMPMA0wCwYDVR0|
2939 03C0 50 42 41 51 44 41 67 65 41 4D 41 30 47 43 53 71 |PBAQDAgeAMA0GCSq|
2940 03D0 47 53 49 62 33 44 51 45 42 43 77 55 41 41 34 49 |GSIb3DQEBCwUAA4I|
2941 03E0 43 41 51 42 55 44 62 54 4D 79 6E 6A 46 74 79 37 |CAQBUDbTMynjFty7|
2942 03F0 44 54 57 70 56 37 6E 77 56 4C 74 56 45 43 55 47 |DTWpV7nwVLtVECUG|
2943 0400 65 43 33 76 48 67 37 68 56 6C 56 66 41 4C 4D 70 |eC3vHg7hVlVfALMp|
2944 0410 65 67 62 62 4D 71 46 53 6A 59 6C 43 74 79 67 7A |egbbMqFSjYlCtygz|
2945 0420 56 58 4A 62 30 4C 77 47 58 6D 62 57 68 41 4D 6C |VXJb0LwGXmbWhAMl|
078310B300906035504060C0246523110300E060355040A0C074550
41534F726731263024060355040B0C1D546563686E6963616C20436
56E746572206F6620457870657274697365312F302D06035504030C
26455041532050726F746F636F6C205465737420486F7374204B657
920456E6372797074696F6E308201A2300D06092A864886F70D0101
0105000382018F003082018A0282018100D72CCF63FB2F866A18F21
9DC919316495FF66C906F904D7B266525C37FABE7D4ED99EA042433
6D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB906AA
75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE
042216FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA
44DB6BE51A6358CAA3CCB8528E58B55540ED22325233333D3D6D2B8
2ED7A58D499F445FF835C3EBD5B515379A7C2B5B41D35F3DFD5A1A2
D61491038FDD19E18EF678FD794872ACC8B8129AFA0D02FCD6E4ADE
9184D5FEC2386441293B16BB76B8E2E4F8E80276366855A880E0EFA
C449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E1530E11
F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B
7D2221F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC8148946
9C17DA2DFAF7AB496EE7C24E43951FFE28006BFF96E2D15838AC725
2F3D45E8FEBEF0F7EEF974FFE0A38C38926CFA0683198CA8FD08C8B
2427B91A0B16F79A7186DE7DAB9DFF3D0203010001A30F300D300B0
603551D0F040403020520300D06092A864886F70D01010B05000382
02010026ED5F4E115A9E2D10F07B35D10F35D8BD3BB40D481E5F0D2
E08C80241D70002BA5C7307491CE28953CB70D49D85D20D0BBAFDBD
C404EFB7AEDD2B5E9292EA7684783E02DC98955CFB1D941719E1E48
FF83F1174102435B35259E7509F8FB67C30DDBEE7B5F540AD890035
D604B98D2F0814E78F8F9DE9D4B77AF726DB667CCAF70A175AF87F7
16979CA8783A8247E3CF36BD8DC316FE1D631A24896253D1242AE65
9E3EA15A82E73C4B296457AF5F088B00F6EF51730EE5E4FA9BAF6ED
8E4CC34F0FB90FF4442D455F3619A5059CA82DD15CB401302E70F12
4BDE6D514156FB42DDE6ADA620EF2D27B7F2189B4FCAB9F4487DA26
ED4418F00EA4C7A89308EAC88E5865943F95F087A6FB7749BDB783E
2AE28FF7C410ADC935F41658F36CD90F2CC895A27DB5AD1EF147AA6
0634A6591C343AC7FF95C6D7D7CB88EBB361691FDA586551D6F0CAD
7FE5F037460350E5D0A650D627EB0C1B5315B0492414684230BBA23
9D5CAB98942079DAB4F0CBBCEB2D881D0FFE8B2E19DB8F94AE9D99B
AC6BE2C48E5FE45DEEC2FFE8FAF52B43256BC50E17F0CEF1AB8B869
4FC3493627CF2852283B25176DDAFEE8FBA49F434D2B7F1BCAF79CC
B3EAD15F3A6D11939EDC406352DF6A68F1201831CED0FE205E1F381
5F46E01E6E5F5798DE2EFB7CF6EFE578BA33AEDBB3ED9C4EF39EA5E
9A6899CE00DB6C8922450AA18227549DB43F1643
3050
3051
3052 As for the previous message, the POI has no symmetric key shared usable by the key injection, so the
3053 TM authentication RSA key is used to provide a digital signature of the message body.
3054
3055 Once unnecessary spaces and carriage returns are removed, the XML encoded
3056 ManagementPlanReplacement message body is:
3057 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
3058 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
3059 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
3060 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
3061 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
3062 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 |grId><Id>epas-ke|
3063 0060 79 44 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 |yDownload-TM1</I|
3064 0070 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
3065 0080 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 |/TermnlMgrId><Da|
3066 0090 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 41 51 |taSet><Id><Tp>AQ|
3067 00A0 50 52 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E |PR</Tp><CreDtTm>|
3068 00B0 32 30 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 |2013-12-06T13:53|
3069 00C0 3A 35 32 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 |:52.00+02:00</Cr|
3070 00D0 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 |eDtTm></Id><Cntt|
3071 00E0 3E 3C 41 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C |><Actn><Tp>DWNL<|
3072 00F0 2F 54 70 3E 3C 44 61 74 61 53 65 74 49 64 3E 3C |/Tp><DataSetId><|
3073 0100 4E 6D 3E 65 70 61 73 2D 61 63 71 75 69 72 65 72 |Nm>epas-acquirer|
3074 0110 2D 54 4D 31 2D 54 49 4B 3C 2F 4E 6D 3E 3C 54 70 |-TM1-TIK</Nm><Tp|
3075 0120 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E |>SCPR</Tp><Vrsn>|
3076 0130 32 30 31 33 31 32 30 36 31 33 35 33 35 32 3C 2F |20131206135352</|
3077 0140 56 72 73 6E 3E 3C 2F 44 61 74 61 53 65 74 49 64 |Vrsn></DataSetId|
3078 0150 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 |><Trggr>DATE</Tr|
3079 0160 67 67 72 3E 3C 41 64 64 74 6C 50 72 63 3E 52 53 |ggr><AddtlPrc>RS|
3080 0170 52 54 3C 2F 41 64 64 74 6C 50 72 63 3E 3C 52 65 |RT</AddtlPrc><Re|
3081 0180 54 72 79 3E 3C 44 65 6C 79 3E 31 30 3C 2F 44 65 |Try><Dely>10</De|
3082 0190 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C 2F 4D 61 78 |ly><MaxNb>2</Max|
3083 01A0 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C 54 6D 43 6F |Nb></ReTry><TmCo|
3084 01B0 6E 64 3E 3C 53 74 61 72 74 54 6D 3E 32 30 31 33 |nd><StartTm>2013|
3085 01C0 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 34 39 3C |-12-06T13:53:49<|
3086 01D0 2F 53 74 61 72 74 54 6D 3E 3C 2F 54 6D 43 6F 6E |/StartTm></TmCon|
3087 01E0 64 3E 3C 54 4D 43 68 6C 6C 6E 67 3E 34 37 44 45 |d><TMChllng>47DE|
3088 01F0 51 70 6A 38 48 42 53 61 2B 2F 54 49 6D 57 2B 35 |Qpj8HBSa+/TImW+5|
3089 0200 4A 43 65 75 51 65 52 6B 6D 35 4E 4D 70 4A 57 5A |JCeuQeRkm5NMpJWZ|
3090 0210 47 33 68 53 75 46 55 3D 3C 2F 54 4D 43 68 6C 6C |G3hSuFU=</TMChll|
3091 0220 6E 67 3E 3C 4B 65 79 4E 63 70 68 72 6D 6E 74 43 |ng><KeyNcphrmntC|
3092 0230 65 72 74 3E 4D 49 49 46 41 54 43 43 41 75 6D 67 |ert>MIIFATCCAumg|
3093 0240 41 77 49 42 41 67 49 4D 65 4A 58 4B 4E 51 46 4D |AwIBAgIMeJXKNQFM|
3094 0250 50 53 38 65 45 62 45 4E 4D 41 30 47 43 53 71 47 |PS8eEbENMA0GCSqG|
3095 0260 53 49 62 33 44 51 45 42 43 77 55 41 4D 47 67 78 |SIb3DQEBCwUAMGgx|
3096 0270 43 7A 41 4A 42 67 4E 56 42 41 59 4D 41 6B 4A 46 |CzAJBgNVBAYMAkJF|
3097 0280 4D 52 41 77 44 67 59 44 56 51 51 4B 44 41 64 46 |MRAwDgYDVQQKDAdF|
3098 0290 55 45 46 54 54 33 4A 6E 4D 53 59 77 4A 41 59 44 |UEFTT3JnMSYwJAYD|
3099 02A0 56 51 51 4C 44 42 31 55 5A 57 4E 6F 62 6D 6C 6A |VQQLDB1UZWNobmlj|
3100 02B0 59 57 77 67 51 32 56 75 64 47 56 79 49 47 39 6D |YWwgQ2VudGVyIG9m|
3101 02C0 49 45 56 34 63 47 56 79 64 47 6C 7A 5A 54 45 66 |IEV4cGVydGlzZTEf|
3102 02D0 4D 42 30 47 41 31 55 45 41 77 77 57 52 56 42 42 |MB0GA1UEAwwWRVBB|
3103 02E0 55 79 42 51 63 6D 39 30 62 32 4E 76 62 48 4D 67 |UyBQcm90b2NvbHMg|
3104 02F0 56 47 56 7A 64 43 42 44 51 54 41 71 47 42 4D 79 |VGVzdCBDQTAqGBMy|
3203
3204 The SHA256 digest of the ManagementPlanReplacement message body is:
3205 0000 23 46 28 92 72 B2 B4 C5 A8 03 09 2B 35 5A 1A 9F |#F(.r......+5Z..|
3206 0010 4F 3E 67 5D 2C CF 55 21 F6 21 FA 47 40 DE 74 7B |O>g],[email protected]{|
3207
3208 Applying the padding process for the digital signature, the block result is dumped below:
3209 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3210 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3233
3234
3235 After encryption by the private key of KTM-Sign, we have the digital signature of the
3236 ManagementPlanReplacement message body:
3237 0000 B0 12 54 74 89 27 2F 01 97 2C 60 9D D4 9E AC 34 |..Tt.'/..,`....4|
3238 0010 3C EA 57 00 93 01 AA 86 10 0C D8 99 A3 2B 05 56 |<.W..........+.V|
3239 0020 48 E7 1A 3A 20 B5 C0 22 AD 05 C6 75 22 80 15 86 |H..: .."...u"...|
3240 0030 3E 92 1C 97 23 18 D1 F9 95 2B A2 FA 63 AE 09 F0 |>...#....+..c...|
3241 0040 01 42 38 7F 3F 16 E8 2D CD D9 DF B3 BC AD F0 DF |.B8.?..-........|
3242 0050 27 B1 A4 85 06 0E F5 F4 BF 4C 34 58 C7 16 8D D6 |'........L4X....|
3243 0060 44 C3 50 B9 7A 11 14 2D B5 68 99 10 F6 6D B3 82 |D.P.z..-.h...m..|
3244 0070 44 69 8F E8 65 DB 94 D7 13 94 8A F3 9D 21 84 CF |Di..e........!..|
3245 0080 9A EF 06 04 33 98 AA 0F E0 CE 6A 71 92 C4 C2 66 |....3.....jq...f|
3246 0090 E6 28 A1 0C B7 BC 0C E1 02 0D F4 9E E7 82 42 1E |.(............B.|
3247 00A0 79 70 B1 7E 4B 02 A1 9A C6 66 98 C8 73 41 36 57 |yp.~K....f..sA6W|
3248 00B0 6C E8 D9 B1 6E 4F 4B D7 F4 E9 69 96 B4 AF 12 4D |l...nOK...i....M|
3249 00C0 75 48 9A DA 9C DC 7A DE 2A F2 1A 90 62 0F 40 B5 |uH....z.*...b.@.|
3250 00D0 42 F9 BC 94 54 43 DB 63 62 BC E1 52 55 7E 11 39 |B...TC.cb..RU~.9|
3251 00E0 08 65 A2 3E 69 94 C7 FF EC 0A 78 04 0F 23 1B 77 |.e.>i.....x..#.w|
3252 00F0 C5 25 A4 F1 64 0C 59 93 1B 6D 49 0A 48 FA 84 EB |.%..d.Y..mI.H...|
3253 0100 FE A4 EF 27 9A 3B 4E 90 86 FA F5 4C F8 55 20 C4 |...'.;N....L.U .|
3254 0110 3B 79 90 10 7C 64 C1 2C 1F 4A A0 D4 09 8F 04 97 |;y..|d.,.J......|
3255 0120 01 29 1A 4B 38 3D 30 1C E2 A4 DD 8D 08 F2 3B 11 |.).K8=0.......;.|
3256 0130 F3 8D 60 C4 C7 4B 3E FC 67 E3 E4 70 09 E4 F0 B1 |..`..K>.g..p....|
3257 0140 8B E0 38 0C 2F F9 79 EB F6 D2 7C 0B 6D 26 A9 8E |..8./.y...|.m&..|
3258 0150 F7 12 3D D8 AC 6B 4C 6C 2E 55 C0 48 78 9F 04 16 |..=..kLl.U.Hx...|
3259 0160 E4 77 EA C7 34 FC 0A AE E0 2B 1E 4A DE 0A 50 90 |.w..4....+.J..P.|
3260 0170 28 BC B8 DC 34 B9 82 0E 8C E3 FB 2C 25 9A 42 0A |(...4......,%.B.|
3261
3262
3263 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204FF308202E7A003020102020A2ABC40F4D482F5EBC975300D06092A8648
86F70D01010B05003068310B300906035504060C0242453110300E060355040A
0C07455041534F726731263024060355040B0C1D546563686E6963616C204365
6E746572206F6620457870657274697365311F301D06035504030C1645504153
2050726F746F636F6C732054657374204341302A181332303133303431383130
303634362B30313030181332303138313030313138323030352B303130303078
310B300906035504060C0246523110300E060355040A0C07455041534F726731
263024060355040B0C1D546563686E6963616C2043656E746572206F66204578
70657274697365312F302D06035504030C26455041532050726F746F636F6C20
5465737420486F73742041757468656E7469636174696F6E308201A2300D0609
2A864886F70D01010105000382018F003082018A0282018100BD095898F981BA
F42BE20E19339B396C59626690BDF396D20C503CA57C688AF41E50552CF1B9DD
C4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B8F835AE60D9E05
7EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40F4D482F5EBC975
4F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27457693B41E7BF2
CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98DBA3047F2C0CDCD
9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70A9548D7804B5E4
A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659D828A94C5544AE
BBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD810E43D574DD7B
E664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD791AB5718F1FA1
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2ABC40F4D482F5EBC975
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature B012547489272F01972C609DD49EAC343CEA57009301AA86100CD899A32B0556
48E71A3A20B5C022AD05C675228015863E921C972318D1F9952BA2FA63AE09F0
0142387F3F16E82DCDD9DFB3BCADF0DF27B1A485060EF5F4BF4C3458C7168DD6
44C350B97A11142DB5689910F66DB38244698FE865DB94D713948AF39D2184CF
9AEF06043398AA0FE0CE6A7192C4C266E628A10CB7BC0CE1020DF49EE782421E
7970B17E4B02A19AC66698C8734136576CE8D9B16E4F4BD7F4E96996B4AF124D
75489ADA9CDC7ADE2AF21A90620F40B542F9BC945443DB6362BCE152557E1139
0865A23E6994C7FFEC0A78040F231B77C525A4F1640C59931B6D490A48FA84EB
FEA4EF279A3B4E9086FAF54CF85520C43B7990107C64C12C1F4AA0D4098F0497
01291A4B383D301CE2A4DD8D08F23B11F38D60C4C74B3EFC67E3E47009E4F0B1
8BE0380C2FF979EBF6D27C0B6D26A98EF7123DD8AC6B4C6C2E55C048789F0416
E477EAC734FC0AAEE02B1E4ADE0A509028BCB8DC34B9820E8CE3FB2C259A420A
3264
3265 The XML encoded structure of the StatusReport message is:
3266
3267 <?xml version="1.0" encoding="UTF-8"?>
3268 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3269 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.002.001.05">
3270 <MgmtPlanRplcmnt>
3271 <Hdr>
3272 <DwnldTrf>true</DwnldTrf>
3273 <FrmtVrsn>5.0</FrmtVrsn>
3274 <XchgId>001</XchgId>
3275 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3276 <InitgPty>
3277 <Id>66000001</Id>
3278 <Tp>OPOI</Tp>
3279 <Issr>MTMG</Issr>
3280 </InitgPty>
3281 <RcptPty>
3282 <Id>epas-keyDownload-TM1</Id>
3283 <Tp>MTMG</Tp>
3284 </RcptPty>
3285 </Hdr>
3286 <MgmtPlan>
3287 <POIId>
3288 <Id>66000001</Id>
3289 <Tp>OPOI</Tp>
3290 <Issr>MTMG</Issr>
3291 </POIId>
3292 <TermnlMgrId>
3293 <Id>epas-keyDownload-TM1</Id>
3294 <Tp>MTMG</Tp>
3295 </TermnlMgrId>
3296 <DataSet>
3297 <Id>
3298 <Tp>AQPR</Tp>
3299 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3300 </Id>
3301 <Cntt>
3302 <Actn>
3303 <Tp>DWNL</Tp>
3304 <DataSetId>
3305 <Nm>epas-acquirer-TM1-TIK</Nm>
3306 <Tp>SCPR</Tp>
3307 <Vrsn>20131206135352</Vrsn>
3308 </DataSetId>
3309 <Trggr>DATE</Trggr>
3310 <AddtlPrc>RSRT</AddtlPrc>
3311 <ReTry>
3312 <Dely>10</Dely>
3313 <MaxNb>2</MaxNb>
3314 </ReTry>
3315 <TmCond>
3316 <StartTm>2013-12-06T13:53:49</StartTm>
3317 </TmCond>
3318 <TMChllng>
3319 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
3320 </TMChllng>
3321 <KeyNcphrmntCert>
3322 MIIFATCCAumgAwIBAgIMeJXKNQFMPS8eEbENMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYM
3323 AkJFMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4
3324 cGVydGlzZTEfMB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEw
3325 MTgyMyswMTAwGBMyMDE4MTAwMTE4MjAwNSswMTAwMHgxCzAJBgNVBAYMAkZSMRAwDgYDVQQK
3326 DAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEvMC0G
3327 A1UEAwwmRVBBUyBQcm90b2NvbCBUZXN0IEhvc3QgS2V5IEVuY3J5cHRpb24wggGiMA0GCSqG
3328 SIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXLM9j+y+GahjyGdyRkxZJX/ZskG+QTXsmZSXDf6vn
3329 1O2Z6gQkM22ZsLeXneF2TnzRa2S5upVGELysu2z9pMuQaqdb7Vi5oANxUlQesdw90LYhTrMb
3330 6XpPkQc0Et4EIhb6j4JtJMfy0wXUv2NGW/iZ3G8HP/aqM46kTba+UaY1jKo8y4Uo5YtVVA7S
3331 IyUjMzPT1tK4LteljUmfRF/4NcPr1bUVN5p8K1tB0189/VoaLWFJEDj90Z4Y72eP15SHKsyL
3332 gSmvoNAvzW5K3pGE1f7COGRBKTsWu3a44uT46AJ2NmhVqIDg76xEnnYSTEv3/yuhXmdLYqVj
3333 fSZgCqOgE+FTDhH0v5hOUz9SCi50vYJt1QfCg9L1Y8IoSOBdhNK30iIfS2O1Z5fmr7Ql1Wfl
3334 +Rbjq04sSG7IFIlGnBfaLfr3q0lu58JOQ5Uf/igAa/+W4tFYOKxyUvPUXo/r7w9+75dP/go4
3335 w4kmz6BoMZjKj9CMiyQnuRoLFveacYbefaud/z0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMA0G
3336 CSqGSIb3DQEBCwUAA4ICAQAm7V9OEVqeLRDwezXRDzXYvTu0DUgeXw0uCMgCQdcAArpccwdJ
3337 HOKJU8tw1J2F0g0Luv29xATvt67dK16Skup2hHg+AtyYlVz7HZQXGeHkj/g/EXQQJDWzUlnn
3338 UJ+Ptnww3b7ntfVArYkANdYEuY0vCBTnj4+d6dS3evcm22Z8yvcKF1r4f3FpecqHg6gkfjzz
3339 a9jcMW/h1jGiSJYlPRJCrmWePqFaguc8SylkV69fCIsA9u9Rcw7l5Pqbr27Y5Mw08PuQ/0RC
3340 1FXzYZpQWcqC3RXLQBMC5w8SS95tUUFW+0Ld5q2mIO8tJ7fyGJtPyrn0SH2ibtRBjwDqTHqJ
3341 MI6siOWGWUP5Xwh6b7d0m9t4Pirij/fEEK3JNfQWWPNs2Q8syJWifbWtHvFHqmBjSmWRw0Os
3342 f/lcbX18uI67NhaR/aWGVR1vDK1/5fA3RgNQ5dCmUNYn6wwbUxWwSSQUaEIwu6I51cq5iUIH
3343 natPDLvOstiB0P/osuGduPlK6dmbrGvixI5f5F3uwv/o+vUrQyVrxQ4X8M7xq4uGlPw0k2J8
3344 8oUig7JRdt2v7o+6SfQ00rfxvK95zLPq0V86bRGTntxAY1LfamjxIBgxztD+IF4fOBX0bgHm
3345 5fV5jeLvt89u/leLozrtuz7ZxO856l6aaJnOANtsiSJFCqGCJ1SdtD8WQw==
3346 </KeyNcphrmntCert>
3347 </Actn>
3348 </Cntt>
3349 </DataSet>
3350 </MgmtPlan>
3351 <SctyTrlr>
3352 <CnttTp>SIGN</CnttTp>
3353 <SgndData>
3354 <DgstAlgo>
3355 <Algo>HS25</Algo>
3356 </DgstAlgo>
3357 <NcpsltdCntt>
3358 <CnttTp>DATA</CnttTp>
3359 </NcpsltdCntt>
3360 <Cert>
3361 MIIE/zCCAuegAwIBAgIKKrxA9NSC9evJdTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGDAJCRTEQMA
3362 4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwdVGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxHzAd
3363 BgNVBAMMFkVQQVMgUHJvdG9jb2xzIFRlc3QgQ0EwKhgTMjAxMzA0MTgxMDA2NDYrMDEwMBgTMjAxOD
3364 EwMDExODIwMDUrMDEwMDB4MQswCQYDVQQGDAJGUjEQMA4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwd
3365 VGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxLzAtBgNVBAMMJkVQQVMgUHJvdG9jb2wgVGVzdC
3366 BIb3N0IEF1dGhlbnRpY2F0aW9uMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvQlYmPmB
3367 uvQr4g4ZM5s5bFliZpC985bSDFA8pXxoivQeUFUs8bndxBFiCd0AwmtnP37e59DKbcLaqf8vjDqGC4
3368 +DWuYNngV+3fFiX6xVoQKDf8HH74wKbBN8WXOXKrxA9NSC9evJdU+WS27s7b5m22KtDaezjgWRdWLo
3369 md9xfSdFdpO0Hnvyy6mIVa4sl95LSP2BKlINbTVgEPboNV7JjbowR/LAzc2b5lUnfz7WmniN2ApqEr
3370 yj1MfwhmK5nT9wqVSNeAS15KKROj7AJSW+Y57X2bmGVWxZMmdWQvzE5lnYKKlMVUSuu8VEbua5agSg
3371 GFRwKW38L/unPUB0kwlo3YEOQ9V03XvmZImdpuSOtLO1kOLKqXx1AVxzUJOtYuP9eRq1cY8foQ==
3372 </Cert>
3373 <Sgnr>
3374 <SgnrId>
3375 <IssrAndSrlNb>
3376 <Issr>
3377 <RltvDstngshdNm>
3378 <AttrTp>CATT</AttrTp>
3379 <AttrVal>BE</AttrVal>
3380 </RltvDstngshdNm>
3381 <RltvDstngshdNm>
3382 <AttrTp>OATT</AttrTp>
3383 <AttrVal>EPASOrg</AttrVal>
3384 </RltvDstngshdNm>
3385 <RltvDstngshdNm>
3386 <AttrTp>OUAT</AttrTp>
3387 <AttrVal>Technical Center of Expertise</AttrVal>
3388 </RltvDstngshdNm>
3389 <RltvDstngshdNm>
3390 <AttrTp>CNAT</AttrTp>
3391 <AttrVal>EPAS Protocols Test CA</AttrVal>
3392 </RltvDstngshdNm>
3393 </Issr>
3394 <SrlNb>KrxA9NSC9evJdQ==</SrlNb>
3395 </IssrAndSrlNb>
3396 </SgnrId>
3397 <DgstAlgo>
3398 <Algo>HS25</Algo>
3399 </DgstAlgo>
3400 <SgntrAlgo>
3401 <Algo>ERS2</Algo>
3402 </SgntrAlgo>
3403 <Sgntr>
3404 sBJUdIknLwGXLGCd1J6sNDzqVwCTAaqGEAzYmaMrBVZI5xo6ILXAIq0FxnUigBWGPpIclyMY0
3405 fmVK6L6Y64J8AFCOH8/Fugtzdnfs7yt8N8nsaSFBg719L9MNFjHFo3WRMNQuXoRFC21aJkQ9m
3406 2zgkRpj+hl25TXE5SK850hhM+a7wYEM5iqD+DOanGSxMJm5iihDLe8DOECDfSe54JCHnlwsX5
3407 LAqGaxmaYyHNBNlds6Nmxbk9L1/TpaZa0rxJNdUia2pzcet4q8hqQYg9AtUL5vJRUQ9tjYrzh
3408 UlV+ETkIZaI+aZTH/+wKeAQPIxt3xSWk8WQMWZMbbUkKSPqE6/6k7yeaO06Qhvr1TPhVIMQ7e
3409 ZAQfGTBLB9KoNQJjwSXASkaSzg9MBzipN2NCPI7EfONYMTHSz78Z+PkcAnk8LGL4DgML/l56/
3410 bSfAttJqmO9xI92KxrTGwuVcBIeJ8EFuR36sc0/Aqu4CseSt4KUJAovLjcNLmCDozj+ywlmkI
3411 K
3412 </Sgntr>
3413 </Sgnr>
3414 </SgndData>
3415 </SctyTrlr>
3416 </MgmtPlanRplcmnt>
3417 </Document>
3418
3419
3420
3428
3429 The POI generate the following seed:
3430 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |?.].w.0}`..lo;.=|
3431 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C |...]d.Lg.;......|
3432
3433 With the previous seed, the OAEP encryption of this session key Enc[KTM-Enc](SK) is :
3434 0000: 0E 8E 47 09 FA 83 A3 2B 80 63 5B D7 D0 F7 F8 B9 | G + c[ |
3435 0010: EE A8 14 E9 D2 B7 7A 34 95 84 F5 24 DB DF 60 76 | z4 $ `v|
3436 0020: 4B 16 CE 42 71 5F 01 D7 49 FC B4 EF B2 51 77 11 |K Bq_ I Qw |
3437 0030: A4 9D FD 6D 6F 8E 81 87 51 9C 8F A7 B7 FF 92 8E | mo Q |
3438 0040: C1 78 3E D7 07 DB C7 D5 79 BC 08 9A 6E AA 87 6C | x> y n l|
3439 0050: DD 06 16 E9 32 2C 0A CF 43 18 B4 2B 58 35 DD 5B | 2, C +X5 [|
3440 0060: 2C 2F FA E5 46 26 4D 61 5F 79 88 E0 D4 DC 53 F6 |,/ F&Ma_y S |
3441 0070: 20 4B D6 35 B1 B7 24 F0 51 F8 46 93 9E D1 13 B1 | K 5 $ Q F |
3442 0080: A3 90 EE 6B 02 E1 14 12 BB D2 4D 5F 73 65 32 05 | k M_se2 |
3443 0090: 9D 54 E4 8C 9A 67 39 C1 CE 5D 48 B0 A6 90 67 EA | T g9 ]H g |
3444 00A0: 76 24 CF A4 4B D8 BD 7E FD 2D 3E BE 58 76 39 89 |v$ K ~ -> Xv9 |
3445 00B0: C7 4A CA 5B 38 F3 8D D0 C8 EE FF EE 7F EC A8 A5 | J [8 |
3446 00C0: 47 5E 0E 3D 32 98 00 7A C6 E9 44 2A 6D D3 1B 7D |G^ =2 z D*m }|
3447 00D0: 3C 1B AE F5 A6 DE B3 37 AA FF A4 83 6E 8D 09 1E |< 7 n |
3448 00E0: EF 98 2A EC C0 BA 5F B0 5E 48 6B 51 DA 82 02 64 | * _ ^HkQ d|
3449 00F0: 20 26 1A 8F 05 5C 40 B4 F3 60 8D 7B 07 FF C2 0C | & \@ ` { |
3450 0100: 71 69 4A 9E DC 2A 54 8B 72 CA C2 DC 38 2D B1 AF |qiJ *T r 8- |
3451 0110: F7 E0 F6 1F F9 06 86 01 CA 90 3A 1F 2C 59 8F FF | : ,Y |
3452 0120: D8 86 EC 23 A9 25 F6 F3 4E 49 BE AC 43 83 6D 76 | # % NI C mv|
3453 0130: EF C8 B3 88 F4 F2 CB E6 45 AD 10 14 C3 29 E8 09 | E ) |
3454 0140: 2C A3 71 7C 88 4D A8 6A 7F A5 8E 8D 96 DB 31 57 |, q| M j 1W|
3455 0150: 85 1A 56 98 F5 5D BA 0C 4D 26 21 A0 E1 58 AE 06 | V ] M&! X |
3456 0160: 87 86 95 31 AF 1C 6B 1F E4 CA 99 B1 C5 D2 1E 11 | 1 k |
3457 0170: 69 23 B9 09 42 7D 5B 94 96 B5 82 C6 2D 15 BA 69 |i# B}[ - i|
3458
3459 The POI generates the triple DES 112 bits KEK key:
3460 0000 A7 5D 20 F7 04 51 75 45 3E 29 25 9D 3B 08 A7 2A |.] ..QuE>)%.;..*|
3461
3462 Applying the padding process, the hexadecimal byte 80 is appended, followed by 7 null bytes:
3463 0000 A7 5D 20 F7 04 51 75 45 3E 29 25 9D 3B 08 A7 2A |.] ..QuE>)%.;..*|
3464 0010 80 00 00 00 00 00 00 00 |........ |
3465
3466 Using the Initialisation Vector value A27BB46D1C306E09, the Triple DES CBC encryption by SK of the
3467 padded KEK provides the values below:
3468 0000 9F 04 15 02 7B 61 F4 6C 85 1D A5 35 96 89 4E 25 |....{a.l...5..N%|
3469 0010 AD 20 A8 F1 EE 6B A1 38 |. ...k.8 |
3470
3471
3472
3473 The StatusReport message containing the header and the body presented in the table below:
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 002
CreationDateTime 2013-12-06:13:53:53.00+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-12-06:13:53:53.00+02:00
Content
POIComponent
Type Terminal
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
Identification Counter Top E41
SerialNumber 7825410759
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Status
VersionNumber 1.01
StandardCompliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-12-06:13:53:53.00+02:00
DataSetRequired
Identification
Name epas-acquirer-TM1-TIK
Type SecurityParameters
Version 20131206135352
CreationDateTime 2013-12-06T13:53:52.00+02:00
POIChallenge D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608
F3F2841C77051
TMChallenge E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA49
5991B7852B855
SessionKey
Identification Key Encryption Key KEK
Version 01
Type DES112
Function KeyExport
KeyValue
EnvelopedData
Recipient
KeyTransport
Version 0
RecipientIdentification
IssuerAndSerial-
Number
Issuer
Relative-
Distinguished-
Name
AtributeType CountryName
AttributeName BE
Relative-
Distinguished-
Name
AtributeType OrganisationName
AttributeName EPASOrg
Relative-
Distinguished-
Name
AtributeType OrganisationUnitName
AttributeName Technical Center of Expertise
Relative-
Distinguished-
Name
AtributeType CommonName
AttributeName EPAS Protocols Test CA
SerialNumber 7895CA35014C3D2F1E11B10D
KeyEncryptionAlgorithm
Algorithm RSAES-OAEP
Parameter
DigestAlgorithm SHA256
MaskGenerator-
Algorithm
Algorithm MGF1
Parameter
SHA256
DigestAlgorithm
EncryptedKey 0E8E4709FA83A32B80635BD7D0F7F8B9EEA814E9D2B77A34958
4F524DBDF60764B16CE42715F01D749FCB4EFB2517711A49DFD
6D6F8E8187519C8FA7B7FF928EC1783ED707DBC7D579BC089A6
EAA876CDD0616E9322C0ACF4318B42B5835DD5B2C2FFAE54626
4D615F7988E0D4DC53F6204BD635B1B724F051F846939ED113B
1A390EE6B02E11412BBD24D5F736532059D54E48C9A6739C1CE
5D48B0A69067EA7624CFA44BD8BD7EFD2D3EBE58763989C74AC
A5B38F38DD0C8EEFFEE7FECA8A5475E0E3D3298007AC6E9442A
6DD31B7D3C1BAEF5A6DEB337AAFFA4836E8D091EEF982AECC0B
A5FB05E486B51DA82026420261A8F055C40B4F3608D7B07FFC2
0C71694A9EDC2A548B72CAC2DC382DB1AFF7E0F61FF9068601C
A903A1F2C598FFFD886EC23A925F6F34E49BEAC43836D76EFC8
B388F4F2CBE645AD1014C329E8092CA3717C884DA86A7FA58E8
D96DB3157851A5698F55DBA0C4D2621A0E158AE0687869531AF
1C6B1FE4CA99B1C5D21E116923B909427D5B9496B582C62D15B
A69
EncryptedContent
ContentType PlainData
ContentEncryptionAlgorithm
Algorithm DES112CBC
Parameter
InitialisationVector A27BB46D1C306E09
EncryptedData 9F0415027B61F46C851DA53596894E25AD20A8F1EE6BA138
3474
3475 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
3476 body is:
3477 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
3478 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
3479 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
3480 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
3481 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
3482 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
3483 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
3484 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
3485 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
3486 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
3487 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
3488 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 35 |13-12-06T13:53:5|
3489 00C0 33 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |3.00+02:00</CreD|
3490 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
3491 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
3492 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
3493 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
3494 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
3495 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
3496 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
3497 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
3498 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
3499 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
3500 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
3501 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
3502 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
3503 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
3504 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
3505 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
3506 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|
3635
3636 The SHA256 digest of the StatusReport message body is:
3637 0000 08 A6 49 61 C5 4E C2 79 14 C2 2D 9C AE C9 B9 F8 |..Ia.N.y..-.....|
3638 0010 14 F9 1B 39 5A 7F 2C 30 AC 38 04 47 75 31 7D 46 |...9Z.,0.8.Gu1}F|
3639
3640
3641 Applying the padding process for the digital signature, the block result is dumped below:
3642 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3643 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3644 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3645 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3646 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3647 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3648 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3649 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3650 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3651 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3652 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3653 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3654 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
3655 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
3656 00E0 08 A6 49 61 C5 4E C2 79 14 C2 2D 9C AE C9 B9 F8 |..Ia.N.y..-.....|
3657 00F0 14 F9 1B 39 5A 7F 2C 30 AC 38 04 47 75 31 7D 46 |...9Z.,0.8.Gu1}F|
3658
3659 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
3660 body:
3661 0000 52 5E 91 3C D2 62 6D 6D F5 CB 67 85 A3 24 01 D1 |R^.<.bmm..g..$..|
3662 0010 AB 3C 5A 57 C3 B7 1F 10 73 A7 A1 5A C4 12 FF 8D |.<ZW....s..Z....|
3663 0020 4C 53 4B 3F E4 7C B5 6A 0C 9B C7 2F A2 22 79 D0 |LSK?.|.j.../."y.|
3664 0030 1F 74 76 B5 40 C5 BA BF 48 AE 39 11 4E 5B 67 4B |[email protected][gK|
3665 0040 D2 6B F5 46 36 57 FE 16 5B E4 53 D2 BB F5 31 F3 |.k.F6W..[.S...1.|
3666 0050 F2 56 B7 09 B2 8E DF 63 1D AD AD 57 59 3F D4 67 |.V.....c...WY?.g|
3667 0060 18 78 79 30 2D CB 9E 35 FC A7 4C FC 5C E9 2B 6E |.xy0-..5..L.\.+n|
3668 0070 12 2A E9 3D A5 7A 0B 27 91 D4 5D F3 00 6A DF 72 |.*.=.z.'..]..j.r|
3669 0080 18 37 BB AB CB E8 91 FD 9E B9 BD 11 FA F4 1F 1B |.7..............|
3670 0090 6F 31 C9 79 67 B5 4B 76 F2 90 42 60 FA E4 51 B0 |o1.yg.Kv..B`..Q.|
3671 00A0 BC 59 6D 60 D0 AF C7 82 AC 0B 89 19 D5 2B 24 A6 |.Ym`.........+$.|
3672 00B0 D7 1C F1 1F EA 08 23 81 FD EB BF EC AE E5 7F CB |......#.........|
3673 00C0 4B 17 7C 1A B0 F1 6D 62 7D FE CE AF D9 D7 A9 B8 |K.|...mb}.......|
3674 00D0 06 31 E0 C3 3A FA 7D 26 F2 F8 AA 76 AE 46 8A C1 |.1..:.}&...v.F..|
3675 00E0 59 07 F3 F5 F1 D9 BF 03 0F 49 C9 C0 0D C8 6E 10 |Y........I....n.|
3676 00F0 24 60 49 EB C4 85 E1 BA 2B 44 B2 A9 87 60 D7 0E |$`I.....+D...`..|
3677
3678
3679
3680
3681 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 525E913CD2626D6DF5CB6785A32401D1AB3C5A57C3B71F1073A7A15AC412FF8D
4C534B3FE47CB56A0C9BC72FA22279D01F7476B540C5BABF48AE39114E5B674B
D26BF5463657FE165BE453D2BBF531F3F256B709B28EDF631DADAD57593FD467
187879302DCB9E35FCA74CFC5CE92B6E122AE93DA57A0B2791D45DF3006ADF72
1837BBABCBE891FD9EB9BD11FAF41F1B6F31C97967B54B76F2904260FAE451B0
BC596D60D0AFC782AC0B8919D52B24A6D71CF11FEA082381FDEBBFECAEE57FCB
4B177C1AB0F16D627DFECEAFD9D7A9B80631E0C33AFA7D26F2F8AA76AE468AC1
5907F3F5F1D9BF030F49C9C00DC86E10246049EBC485E1BA2B44B2A98760D70E
3682
3683 The XML encoded structure of the StatusReport message is:
3684
3685 <?xml version="1.0" encoding="UTF-8"?>
3686 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3687 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
3688 <StsRpt>
3689 <Hdr>
3690 <DwnldTrf>false</DwnldTrf>
3691 <FrmtVrsn>5.0</FrmtVrsn>
3692 <XchgId>002</XchgId>
3693 <CreDtTm>2013-12-06T13:53:53.00+02:00</CreDtTm>
3694 <InitgPty>
3695 <Id>66000001</Id>
3696 <Tp>OPOI</Tp>
3697 <Issr>MTMG</Issr>
3698 </InitgPty>
3699 <RcptPty>
3700 <Id>epas-keyDownload-TM1</Id>
3701 <Tp>MTMG</Tp>
3702 </RcptPty>
3703 </Hdr>
3704 <StsRpt>
3705 <POIId>
3706 <Id>66000001</Id>
3707 <Tp>OPOI</Tp>
3708 <Issr>MTMG</Issr>
3709 </POIId>
3710 <TermnlMgrId>
3711 <Id>epas-keyDownload-TM1</Id>
3712 <Tp>MTMG</Tp>
3713 </TermnlMgrId>
3714 <DataSet>
3715 <Id>
3716 <Tp>STRP</Tp>
3717 <CreDtTm>2013-12-06T13:53:53.00+02:00</CreDtTm>
3718 </Id>
3719 <Cntt>
3720 <POICmpnt>
3721 <Tp>TERM</Tp>
3722 <Id>
3723 <ItmNb>1</ItmNb>
3724 <PrvdrId>EPASVendor001</PrvdrId>
3725 <Id>Counter Top E41</Id>
3726 <SrlNb>7825410759</SrlNb>
3727 </Id>
3728 </POICmpnt>
3729 <POICmpnt>
3730 <Tp>APLI</Tp>
3731 <Id>
3732 <ItmNb>1.1</ItmNb>
3733 <PrvdrId>EPASVendor001</PrvdrId>
3734 </Id>
3735 <Sts>
3736 <VrsnNb>1.01</VrsnNb>
3737 </Sts>
3738 <StdCmplc>
3739 <Id>SEPA-FAST</Id>
3740 <Vrsn>3.0</Vrsn>
3741 <Issr>CIR</Issr>
3742 </StdCmplc>
3743 </POICmpnt>
3744 <AttndncCntxt>ATTD</AttndncCntxt>
3745 <POIDtTm>2013-12-06T13:53:53.00+02:00</POIDtTm>
3746 <DataSetReqrd>
3747 <Id>
3748 <Nm>epas-acquirer-TM1-TIK</Nm>
3749 <Tp>SCPR</Tp>
3750 <Vrsn>20131206135352</Vrsn>
3751 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3752 </Id>
3753 <POIChllng>
3754 0Td8cwfWDTm2xvO5M9AImVXWTfTGe2O/YI8/KEHHcFE=
3755 </POIChllng>
3756 <TMChllng>
3757 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
3758 </TMChllng>
3759 <SsnKey>
3760 <Id>Key Encryption Key KEK</Id>
3761 <Vrsn>01</Vrsn>
3762 <Tp>EDE3</Tp>
3763 <Fctn>KEYX</Fctn>
3764 <KeyVal> <CnttTp>EVLP</CnttTp>
3765 <EnvlpdData>
3766 <Rcpt>
3767 <KeyTrnsprt>
3768 <Vrsn>0</Vrsn>
3769 <RcptId>
3770 <IssrAndSrlNb>
3771 <Issr>
3772 <RltvDstngshdNm>
3773 <AttrTp>CATT</AttrTp>
3774 <AttrVal>BE</AttrVal>
3775 </RltvDstngshdNm>
3776 <RltvDstngshdNm>
3777 <AttrTp>OATT</AttrTp>
3778 <AttrVal>EPASOrg</AttrVal>
3779 </RltvDstngshdNm>
3780 <RltvDstngshdNm>
3781 <AttrTp>OUAT</AttrTp>
3782 <AttrVal>Technical Center of Expertise</AttrVal>
3783 </RltvDstngshdNm>
3784 <RltvDstngshdNm>
3785 <AttrTp>CNAT</AttrTp>
3786 <AttrVal>EPAS Protocols Test CA</AttrVal>
3787 </RltvDstngshdNm>
3788 </Issr>
3789 <SrlNb>eJXKNQFMPS8eEbEN</SrlNb>
3790 </IssrAndSrlNb>
3791 </RcptId>
3792 <KeyNcrptnAlgo>
3793 <Algo>RSAO</Algo>
3794 <Param>
3795 <DgstAlgo>HS25</DgstAlgo>
3796 <MskGnrtrAlgo>
3797 <Algo>MGF1</Algo>
3798 <Param>
3799 <DgstAlgo>HS25</DgstAlgo>
3800 </Param>
3801 </MskGnrtrAlgo>
3802 </Param>
3803 </KeyNcrptnAlgo>
3804 <NcrptdKey>
3805 Do5HCfqDoyuAY1vX0Pf4ue6oFOnSt3o0lYT1JNvfYHZLFs5CcV8B10n8tO+yUXcR
3806 pJ39bW+OgYdRnI+nt/+SjsF4PtcH28fVebwImm6qh2zdBhbpMiwKz0MYtCtYNd1b
3807 LC/65UYmTWFfeYjg1NxT9iBL1jWxtyTwUfhGk57RE7GjkO5rAuEUErvSTV9zZTIF
3808 nVTkjJpnOcHOXUiwppBn6nYkz6RL2L1+/S0+vlh2OYnHSspbOPON0Mju/+5/7Kil
3809 R14OPTKYAHrG6UQqbdMbfTwbrvWm3rM3qv+kg26NCR7vmCrswLpfsF5Ia1HaggJk
3810 ICYajwVcQLTzYI17B//CDHFpSp7cKlSLcsrC3Dgtsa/34PYf+QaGAcqQOh8sWY//
3811 2IbsI6kl9vNOSb6sQ4Ntdu/Is4j08svmRa0QFMMp6Akso3F8iE2oan+ljo2W2zFX
3812 hRpWmPVdugxNJiGg4ViuBoeGlTGvHGsf5MqZscXSHhFpI7kJQn1blJa1gsYtFbpp
3813 </NcrptdKey>
3814 </KeyTrnsprt>
3815 </Rcpt>
3816 <NcrptdCntt>
3817 <CnttTp>DATA</CnttTp>
3818 <CnttNcrptnAlgo>
3819 <Algo>E3DC</Algo>
3820 <Param>
3821 <InitlstnVctr>onu0bRwwbgk=</InitlstnVctr>
3822 </Param>
3823 </CnttNcrptnAlgo>
3824 <NcrptdData>nwQVAnth9GyFHaU1lolOJa0gqPHua6E4</NcrptdData>
3825 </NcrptdCntt>
3826 </EnvlpdData>
3827 </KeyVal>
3828
3829 </SsnKey>
3830 </DataSetReqrd>
3831 </Cntt>
3832 </DataSet>
3833 </StsRpt>
3834 <SctyTrlr>
3835 <CnttTp>SIGN</CnttTp>
3836 <SgndData>
3837 <DgstAlgo>
3838 <Algo>HS25</Algo>
3839 </DgstAlgo>
3840 <NcpsltdCntt>
3841 <CnttTp>DATA</CnttTp>
3842 </NcpsltdCntt>
3843 <Cert>
3844 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
3845 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
3846 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
3847 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
3848 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
3849 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
3850 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
3851 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
3852 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
3853 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
3854 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
3855 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
3856 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
3857 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
3858 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
3859 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
3860 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
3861 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
3862 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
3863 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
3864 </Cert>
3865 <Sgnr>
3866 <SgnrId>
3867 <IssrAndSrlNb>
3868 <Issr>
3869 <RltvDstngshdNm>
3870 <AttrTp>CATT</AttrTp>
3871 <AttrVal>BE</AttrVal>
3872 </RltvDstngshdNm>
3873 <RltvDstngshdNm>
3874 <AttrTp>OATT</AttrTp>
3875 <AttrVal>EPASOrg</AttrVal>
3876 </RltvDstngshdNm>
3877 <RltvDstngshdNm>
3878 <AttrTp>OUAT</AttrTp>
3879 <AttrVal>Technical Center of Expertise</AttrVal>
3880 </RltvDstngshdNm>
3881 <RltvDstngshdNm>
3882 <AttrTp>CNAT</AttrTp>
3883 <AttrVal>EPAS Protocols Test CA</AttrVal>
3884 </RltvDstngshdNm>
3885 </Issr>
3886 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
3887 </IssrAndSrlNb>
3888 </SgnrId>
3889 <DgstAlgo>
3890 <Algo>HS25</Algo>
3891 </DgstAlgo>
3892 <SgntrAlgo>
3893 <Algo>ERS2</Algo>
3894 </SgntrAlgo>
3895 <Sgntr>
3896 Ul6RPNJibW31y2eFoyQB0as8WlfDtx8Qc6ehWsQS/41MU0s/5Hy1agybxy+iInnQH3R2tUDFu
3897 r9IrjkRTltnS9Jr9UY2V/4WW+RT0rv1MfPyVrcJso7fYx2trVdZP9RnGHh5MC3LnjX8p0z8XO
3898 krbhIq6T2legsnkdRd8wBq33IYN7ury+iR/Z65vRH69B8bbzHJeWe1S3bykEJg+uRRsLxZbWD
3899 Qr8eCrAuJGdUrJKbXHPEf6ggjgf3rv+yu5X/LSxd8GrDxbWJ9/s6v2depuAYx4MM6+n0m8viq
3900 dq5GisFZB/P18dm/Aw9JycANyG4QJGBJ68SF4borRLKph2DXDg==
3901 </Sgntr>
3902 </Sgnr>
3903 </SgndData>
3904 </SctyTrlr>
3905 </StsRpt>
3906 </Document>
3907
3908
3909
3910
3911
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
SecurityParameters
ActionType Create
Version 1.1.01
POIChallenge D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608
F3F2841C77051
TMChallenge 46FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E74
C3B3339B312D3
SymetricKey
Identification SpecV1TestKey
AdditionalIdentification 398725A501E29020
Version 2010060715
Type DUKP9
Function DataEncryption
Function DataDecryption
Function PINEncryption
ActivationDate 2013-12-06:13:00:00
KeyValue
ContentType EnvelopedData
EnvelopedData
Recipient
KEK
KEKIdentification
KeyIdentification KeyEncryptionKey
KeyVersion 2013120613
KeyEncryption-
Algorithm
Algorithm UKPT
EncryptedKey F5DBFB9D229BEF77758F044887D15245
EncryptedContent
ContentType PlainData
ContentEncryption-
Algorithm
Algorithm DES112CBC
EncryptedData 8F611CC30B12BF753EA31B1B7BBC3DDE
3934
3935
3936 As for the previous message, the POI has no symmetric key shared usable by the key injection, so the
3937 TM authentication RSA key is used to provide a digital signature of the message body.
3938 Once unnecessary spaces and carriage returns are removed, the XML encoded
3939 AcceptorConfigurationUpdate message body is:
3940 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
3941 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
3942 0020 61 73 2D 6B 65 79 44 6F 77 6E 6C 6F 61 64 2D 54 |as-keyDownload-T|
3943 0030 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C |M1</Id><Tp>MTMG<|
3944 0040 2F 54 70 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 |/Tp></TermnlMgrI|
3945 0050 64 3E 3C 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C |d><DataSet><Id><|
3946 0060 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 73 |Tp>SCPR</Tp><Vrs|
3947 0070 6E 3E 32 30 31 33 31 32 30 36 31 33 35 33 35 32 |n>20131206135352|
3948 0080 3C 2F 56 72 73 6E 3E 3C 2F 49 64 3E 3C 43 6E 74 |</Vrsn></Id><Cnt|
3949 0090 74 3E 3C 48 73 74 43 6F 6D 50 61 72 61 6D 73 3E |t><HstComParams>|
3950 00A0 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 |<ActnTp>CREA</Ac|
3951 00B0 74 6E 54 70 3E 3C 48 73 74 49 64 3E 41 63 71 75 |tnTp><HstId>Acqu|
3952 00C0 69 72 65 72 48 6F 73 74 31 3C 2F 48 73 74 49 64 |irerHost1</HstId|
3953 00D0 3E 3C 4B 65 79 3E 3C 4B 65 79 49 64 3E 53 70 65 |><Key><KeyId>Spe|
3954 00E0 63 56 31 54 65 73 74 4B 65 79 3C 2F 4B 65 79 49 |cV1TestKey</KeyI|
3955 00F0 64 3E 3C 4B 65 79 56 72 73 6E 3E 32 30 31 30 30 |d><KeyVrsn>20100|
3956 0100 36 30 37 31 35 3C 2F 4B 65 79 56 72 73 6E 3E 3C |60715</KeyVrsn><|
3957 0110 2F 4B 65 79 3E 3C 2F 48 73 74 43 6F 6D 50 61 72 |/Key></HstComPar|
3958 0120 61 6D 73 3E 3C 53 63 74 79 50 61 72 61 6D 73 3E |ams><SctyParams>|
3959 0130 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 |<ActnTp>CREA</Ac|
3960 0140 74 6E 54 70 3E 3C 56 72 73 6E 3E 31 2E 31 2E 30 |tnTp><Vrsn>1.1.0|
3961 0150 31 3C 2F 56 72 73 6E 3E 3C 50 4F 49 43 68 6C 6C |1</Vrsn><POIChll|
3962 0160 6E 67 3E 30 54 64 38 63 77 66 57 44 54 6D 32 78 |ng>0Td8cwfWDTm2x|
3963 0170 76 4F 35 4D 39 41 49 6D 56 58 57 54 66 54 47 65 |vO5M9AImVXWTfTGe|
3964 0180 32 4F 2F 59 49 38 2F 4B 45 48 48 63 46 45 3D 3C |2O/YI8/KEHHcFE=<|
3965 0190 2F 50 4F 49 43 68 6C 6C 6E 67 3E 3C 54 4D 43 68 |/POIChllng><TMCh|
3966 01A0 6C 6C 6E 67 3E 52 76 74 39 31 73 57 51 34 6A 4C |llng>Rvt91sWQ4jL|
3967 01B0 74 69 33 74 42 51 78 31 70 63 44 59 76 44 55 32 |ti3tBQx1pcDYvDU2|
3968 01C0 38 76 5A 73 6B 35 30 77 37 4D 7A 6D 7A 45 74 4D |8vZsk50w7MzmzEtM|
3969 01D0 3D 3C 2F 54 4D 43 68 6C 6C 6E 67 3E 3C 53 6D 6D |=</TMChllng><Smm|
3970 01E0 74 72 63 4B 65 79 3E 3C 49 64 3E 53 70 65 63 56 |trcKey><Id>SpecV|
3971 01F0 31 54 65 73 74 4B 65 79 3C 2F 49 64 3E 3C 41 64 |1TestKey</Id><Ad|
3972 0200 64 74 6C 49 64 3E 4F 59 63 6C 70 51 48 69 6B 43 |dtlId>OYclpQHikC|
3973 0210 41 3D 3C 2F 41 64 64 74 6C 49 64 3E 3C 56 72 73 |A=</AddtlId><Vrs|
3974 0220 6E 3E 32 30 31 30 30 36 30 37 31 35 3C 2F 56 72 |n>2010060715</Vr|
3975 0230 73 6E 3E 3C 54 70 3E 44 4B 50 39 3C 2F 54 70 3E |sn><Tp>DKP9</Tp>|
3976 0240 3C 46 63 74 6E 3E 44 45 4E 43 3C 2F 46 63 74 6E |<Fctn>DENC</Fctn|
3977 0250 3E 3C 46 63 74 6E 3E 44 44 45 43 3C 2F 46 63 74 |><Fctn>DDEC</Fct|
3978 0260 6E 3E 3C 46 63 74 6E 3E 50 49 4E 45 3C 2F 46 63 |n><Fctn>PINE</Fc|
3979 0270 74 6E 3E 3C 41 63 74 76 74 6E 44 74 3E 32 30 31 |tn><ActvtnDt>201|
3980 0280 33 2D 31 32 2D 30 36 54 31 33 3A 30 30 3A 30 30 |3-12-06T13:00:00|
3981 0290 3C 2F 41 63 74 76 74 6E 44 74 3E 3C 4B 65 79 56 |</ActvtnDt><KeyV|
3982 02A0 61 6C 3E 3C 43 6E 74 74 54 70 3E 45 56 4C 50 3C |al><CnttTp>EVLP<|
3983 02B0 2F 43 6E 74 74 54 70 3E 3C 45 6E 76 6C 70 64 44 |/CnttTp><EnvlpdD|
3984 02C0 61 74 61 3E 3C 52 63 70 74 3E 3C 4B 45 4B 3E 3C |ata><Rcpt><KEK><|
3985 02D0 4B 45 4B 49 64 3E 3C 4B 65 79 49 64 3E 4B 65 79 |KEKId><KeyId>Key|
3986 02E0 45 6E 63 72 79 70 74 69 6F 6E 4B 65 79 3C 2F 4B |EncryptionKey</K|
3987 02F0 65 79 49 64 3E 3C 4B 65 79 56 72 73 6E 3E 32 30 |eyId><KeyVrsn>20|
3988 0300 31 33 31 32 30 36 31 33 3C 2F 4B 65 79 56 72 73 |13120613</KeyVrs|
4014
4015 Applying the padding process for the digital signature, the block result is dumped below:
4016 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4017 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4018 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4019 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4020 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4021 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4022 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4023 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4024 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4025 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4026 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4027 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4028 00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4029 00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4030 00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4031 00F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4032 0100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4033 0110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4034 0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4035 0130 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4036 0140 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
4037 0150 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
4038 0160 65 A4 BB 73 A5 6D 05 65 42 EC 8C 19 C5 CB 88 B0 |e..s.m.eB.......|
4039 0170 A7 6B 46 41 4F 72 26 44 A7 C9 ED 3C EB 34 BF 7D |.kFAOr&D...<.4.}|
4040
4041
8 Download of Cryptographic Keys Page 163
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
4042 After encryption by the private key of KTM-Sign, we have the digital signature of the
4043 ManagementPlanReplacement message body:
4044 0000 84 7D 10 C8 50 F7 A8 D9 6B 6F FB 3A A5 01 3F 17 |.}..P...ko.:..?.|
4045 0010 11 6B E9 A4 C2 AC 04 7B DB 2E 8C DA BB 06 41 99 |.k.....{......A.|
4046 0020 02 00 A5 FD 38 20 B3 01 9E A5 F3 D6 C8 FF 92 35 |....8 .........5|
4047 0030 F5 93 AD EA 43 1C F1 AC 5F F5 AA 4A C2 86 94 91 |....C..._..J....|
4048 0040 93 47 B5 21 3D 6D 5A D9 6A 44 C3 C0 91 68 98 4C |.G.!=mZ.jD...h.L|
4049 0050 EA 0A 00 15 37 9E DD 84 8F 4F 44 E0 6C 3B 1D B6 |....7....OD.l;..|
4050 0060 4A F1 99 C4 45 02 AC 10 34 B9 42 06 3C FA 66 E3 |J...E...4.B.<.f.|
4051 0070 4C 2F 19 FE 67 90 CA DF 67 CE 14 6C BB 17 FB D3 |L/..g...g..l....|
4052 0080 B2 D6 6A F0 C9 A7 A9 B1 B4 74 3E BD DB F2 2D A7 |..j......t>...-.|
4053 0090 B9 8A 14 93 8E 2A C0 1D C8 34 EE 4A 8C 79 75 1B |.....*...4.J.yu.|
4054 00A0 CE E8 1D 1A 26 B0 16 8E 69 6F 1A D1 A8 96 54 66 |....&...io....Tf|
4055 00B0 5A 2B 86 59 1F 65 06 3B 27 1E A8 97 36 E3 A7 DC |Z+.Y.e.;'...6...|
4056 00C0 F5 4D 6D B9 69 72 A8 6B 4C BE 5C D7 B7 AC 70 43 |.Mm.ir.kL.\...pC|
4057 00D0 C4 B4 5F F9 FA 57 A9 13 60 F2 FE 45 EF 07 24 1A |.._..W..`..E..$.|
4058 00E0 C1 F5 0A F2 73 5D 78 EE 99 58 76 13 FF 55 9C 01 |....s]x..Xv..U..|
4059 00F0 4A CC E5 C7 39 CE 8E DE C0 AF E9 68 FD 02 2D E7 |J...9......h..-.|
4060 0100 A5 D7 58 18 3E E2 A4 6B 91 6F 3B 41 22 52 7F 7B |..X.>..k.o;A"R.{|
4061 0110 2C B2 1E 76 5A 0C 7C 8B A2 A2 D0 9B 40 B8 77 5B |,..vZ.|[email protected][|
4062 0120 F0 32 4B 1B 54 C3 75 8D 8E DB 3F BA 8A 2A 33 B5 |.2K.T.u...?..*3.|
4063 0130 C1 76 C2 8C AE 1B B9 6A 3E BB 7D 3C F7 AE 35 6F |.v.....j>.}<..5o|
4064 0140 74 A3 DD B7 CD 3C 17 03 8D B7 C1 4D 18 A5 64 93 |t....<.....M..d.|
4065 0150 DE 14 60 42 F7 6A 6C AE A1 24 83 73 D3 7F 12 B0 |..`B.jl..$.s....|
4066 0160 29 43 EE 5D 66 DE 11 79 1A ED 5F 39 FA 4E B3 B0 |)C.]f..y.._9.N..|
4067 0170 7F 49 A7 A7 A9 A1 2C D0 C5 D8 BD 71 33 A3 57 25 |.I....,....q3.W%|
4068
4069
4070 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204FF308202E7A003020102020A2ABC40F4D482F5EBC975300D06092A8648
86F70D01010B05003068310B300906035504060C0242453110300E060355040A
0C07455041534F726731263024060355040B0C1D546563686E6963616C204365
6E746572206F6620457870657274697365311F301D06035504030C1645504153
2050726F746F636F6C732054657374204341302A181332303133303431383130
303634362B30313030181332303138313030313138323030352B303130303078
310B300906035504060C0246523110300E060355040A0C07455041534F726731
263024060355040B0C1D546563686E6963616C2043656E746572206F66204578
70657274697365312F302D06035504030C26455041532050726F746F636F6C20
5465737420486F73742041757468656E7469636174696F6E308201A2300D0609
2A864886F70D01010105000382018F003082018A0282018100BD095898F981BA
F42BE20E19339B396C59626690BDF396D20C503CA57C688AF41E50552CF1B9DD
C4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B8F835AE60D9E05
7EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40F4D482F5EBC975
4F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27457693B41E7BF2
CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98DBA3047F2C0CDCD
9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70A9548D7804B5E4
A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659D828A94C5544AE
BBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD810E43D574DD7B
E664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD791AB5718F1FA1
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2ABC40F4D482F5EBC975
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 847D10C850F7A8D96B6FFB3AA5013F17116BE9A4C2AC047BDB2E8CDABB064199
0200A5FD3820B3019EA5F3D6C8FF9235F593ADEA431CF1AC5FF5AA4AC2869491
9347B5213D6D5AD96A44C3C09168984CEA0A0015379EDD848F4F44E06C3B1DB6
4AF199C44502AC1034B942063CFA66E34C2F19FE6790CADF67CE146CBB17FBD3
B2D66AF0C9A7A9B1B4743EBDDBF22DA7B98A14938E2AC01DC834EE4A8C79751B
CEE81D1A26B0168E696F1AD1A89654665A2B86591F65063B271EA89736E3A7DC
F54D6DB96972A86B4CBE5CD7B7AC7043C4B45FF9FA57A91360F2FE45EF07241A
C1F50AF2735D78EE99587613FF559C014ACCE5C739CE8EDEC0AFE968FD022DE7
A5D758183EE2A46B916F3B4122527F7B2CB21E765A0C7C8BA2A2D09B40B8775B
F0324B1B54C3758D8EDB3FBA8A2A33B5C176C28CAE1BB96A3EBB7D3CF7AE356F
74A3DDB7CD3C17038DB7C14D18A56493DE146042F76A6CAEA1248373D37F12B0
2943EE5D66DE11791AED5F39FA4EB3B07F49A7A7A9A12CD0C5D8BD7133A35725
4071
4072
4073
4074
4143 <NcrptdCntt>
4144 <CnttTp>DATA</CnttTp>
4145 <CnttNcrptnAlgo>
4146 <Algo>E3DC</Algo>
4147 </CnttNcrptnAlgo>
4148 <NcrptdData>j2EcwwsSv3U+oxsbe7w93g==</NcrptdData>
4149 </NcrptdCntt>
4150 </EnvlpdData>
4151 </KeyVal>
4152 </SmmtrcKey>
4153 </SctyParams>
4154 </Cntt>
4155 </DataSet>
4156 </AccptrCfgtn>
4157 <SctyTrlr>
4158 <CnttTp>SIGN</CnttTp>
4159 <SgndData>
4160 <DgstAlgo>
4161 <Algo>HS25</Algo>
4162 </DgstAlgo>
4163 <NcpsltdCntt>
4164 <CnttTp>DATA</CnttTp>
4165 </NcpsltdCntt>
4166 <Cert>
4167 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
4168 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
4169 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
4170 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
4171 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
4172 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
4173 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
4174 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
4175 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
4176 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
4177 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
4178 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
4179 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
4180 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
4181 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
4182 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
4183 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
4184 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
4185 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
4186 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
4187 </Cert>
4188 <Sgnr>
4189 <SgnrId>
4190 <IssrAndSrlNb>
4191 <Issr>
4192 <RltvDstngshdNm>
4193 <AttrTp>CATT</AttrTp>
4194 <AttrVal>BE</AttrVal>
4195 </RltvDstngshdNm>
4196 <RltvDstngshdNm>
4197 <AttrTp>OATT</AttrTp>
4198 <AttrVal>EPASOrg</AttrVal>
4199 </RltvDstngshdNm>
4200 <RltvDstngshdNm>
4201 <AttrTp>OUAT</AttrTp>
4202 <AttrVal>Technical Center of Expertise</AttrVal>
4203 </RltvDstngshdNm>
4204 <RltvDstngshdNm>
4205 <AttrTp>CNAT</AttrTp>
4206 <AttrVal>EPAS Protocols Test CA</AttrVal>
4207 </RltvDstngshdNm>
4208 </Issr>
4209 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
4210 </IssrAndSrlNb>
4211 </SgnrId>
4212 <DgstAlgo>
4213 <Algo>HS25</Algo>
4214 </DgstAlgo>
4215 <SgntrAlgo>
4216 <Algo>ERS2</Algo>
4217 </SgntrAlgo>
4218 <Sgntr>
4219 hH0QyFD3qNlrb/s6pQE/FxFr6aTCrAR72y6M2rsGQZkCAKX9OCCzAZ6l89bI/5I19ZOt6kMc8
4220 axf9apKwoaUkZNHtSE9bVrZakTDwJFomEzqCgAVN57dhI9PROBsOx22SvGZxEUCrBA0uUIGPP
4221 pm40wvGf5nkMrfZ84UbLsX+9Oy1mrwyaepsbR0Pr3b8i2nuYoUk44qwB3INO5KjHl1G87oHRo
4222 msBaOaW8a0aiWVGZaK4ZZH2UGOyceqJc246fc9U1tuWlyqGtMvlzXt6xwQ8S0X/n6V6kTYPL+
4223 Re8HJBrB9Qryc1147plYdhP/VZwBSszlxznOjt7Ar+lo/QIt56XXWBg+4qRrkW87QSJSf3sss
4224 h52Wgx8i6Ki0JtAuHdb8DJLG1TDdY2O2z+6iioztcF2woyuG7lqPrt9PPeuNW90o923zTwXA4
4225 23wU0YpWST3hRgQvdqbK6hJINz038SsClD7l1m3hF5Gu1fOfpOs7B/SaenqaEs0MXYvXEzo1c
4226 l
4227 </Sgntr>
4228 </Sgnr>
4229 </SgndData>
4230 </SctyTrlr>
4231 </AccptrCfgtnUpd>
4232 </Document>
4233
4234
StandardCompliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
Component
Type SecurityParameters
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Identification SpecV1TestKey
Status
VersionNumber 2010060715
Status InOperation
Characteristics
KeyCheckValue 4E06B7DBF79A7705
AttendanceContext Attended
POIDateTime 2013-12-06T13:53:55.00+02:00
4245
4246
4247 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
4248 body is:
4249 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
4250 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
4251 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
4252 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
4253 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
4254 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
4255 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
4256 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
4257 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
4258 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
4259 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
4260 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 35 |13-12-06T13:53:5|
4261 00C0 35 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |5.00+02:00</CreD|
4262 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
4263 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
4264 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
4265 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
4266 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
4267 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
4268 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
4269 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
4270 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
4271 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
4272 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
4273 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
4274 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
4275 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
4276 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
4277 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
4278 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|
4279 01E0 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 45 50 41 2D |dCmplc><Id>SEPA-|
4280 01F0 46 41 53 54 3C 2F 49 64 3E 3C 56 72 73 6E 3E 33 |FAST</Id><Vrsn>3|
4281 0200 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 73 72 3E 43 |.0</Vrsn><Issr>C|
4282 0210 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 74 64 43 6D |IR</Issr></StdCm|
4283 0220 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |plc></POICmpnt><|
4284 0230 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 53 43 50 |POICmpnt><Tp>SCP|
4285 0240 52 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |R</Tp><Id><ItmNb|
4286 0250 3E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 |>1.1</ItmNb><Prv|
4287 0260 64 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 |drId>EPASVendor0|
4288 0270 30 31 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E |01</PrvdrId><Id>|
4289 0280 53 70 65 63 56 31 54 65 73 74 4B 65 79 3C 2F 49 |SpecV1TestKey</I|
4290 0290 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 |d></Id><Sts><Vrs|
4291 02A0 6E 4E 62 3E 32 30 31 30 30 36 30 37 31 35 3C 2F |nNb>2010060715</|
4292 02B0 56 72 73 6E 4E 62 3E 3C 53 74 73 3E 4F 50 45 52 |VrsnNb><Sts>OPER|
4293 02C0 3C 2F 53 74 73 3E 3C 2F 53 74 73 3E 3C 43 68 72 |</Sts></Sts><Chr|
4294 02D0 74 63 73 3E 3C 4B 65 79 43 68 63 6B 56 61 6C 3E |tcs><KeyChckVal>|
4295 02E0 54 67 61 33 32 2F 65 61 64 77 55 3D 3C 2F 4B 65 |Tga32/eadwU=</Ke|
4296 02F0 79 43 68 63 6B 56 61 6C 3E 3C 2F 43 68 72 74 63 |yChckVal></Chrtc|
4297 0300 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 41 74 |s></POICmpnt><At|
4298 0310 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 44 3C |tndncCntxt>ATTD<|
4299 0320 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 3C 50 |/AttndncCntxt><P|
4300 0330 4F 49 44 74 54 6D 3E 32 30 31 33 2D 31 32 2D 30 |OIDtTm>2013-12-0|
4305
4306 The SHA256 digest of the StatusReport message body is:
4307 0000 D2 ED A4 7B FE FF 0A E7 8A BD 7A 7D CE 6E AC 2A |...{......z}.n.*|
4308 0010 D3 82 05 46 5B BF B1 64 85 80 38 DF B6 3B 9B A5 |...F[..d..8..;..|
4309
4310
4311 Applying the padding process for the digital signature, the block result is dumped below:
4312 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4313 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4314 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4315 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4316 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4317 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4318 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4319 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4320 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4321 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4322 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4323 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4324 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
4325 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
4326 00E0 D2 ED A4 7B FE FF 0A E7 8A BD 7A 7D CE 6E AC 2A |...{......z}.n.*|
4327 00F0 D3 82 05 46 5B BF B1 64 85 80 38 DF B6 3B 9B A5 |...F[..d..8..;..|
4328
4329 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
4330 body:
4331 0000 88 CF CD B0 F9 C4 EE 5E DD 6F BF 98 BA 09 56 40 |.......^.o....V@|
4332 0010 FE 9A BC F3 5C 98 25 22 DD 31 4B 32 D1 84 6E 85 |....\.%".1K2..n.|
4333 0020 A0 A4 D2 BC 88 D5 48 3C 76 BD A6 A5 E7 E3 B7 D6 |......H<v.......|
4334 0030 CB DA 91 51 63 62 D3 26 27 A9 2F A7 91 EF FB E1 |...Qcb.&'./.....|
4335 0040 A4 CE 7B 58 D5 55 00 8E 48 BE 66 55 8F EB 12 1A |..{X.U..H.fU....|
4336 0050 B9 C6 E2 95 C2 BA 49 8D 6B D3 78 B2 68 AC C0 7E |......I.k.x.h..~|
4337 0060 7E 7F 95 BB 5D 7B 03 EA DC D4 1D ED 81 38 80 21 |~...]{.......8.!|
4338 0070 F5 54 D6 41 58 C8 BD 80 4E 0A B6 05 0D 49 DC 0E |.T.AX...N....I..|
4339 0080 45 65 54 76 69 41 FC 4C 4A FF 26 5C 24 F0 77 BA |EeTviA.LJ.&\$.w.|
4340 0090 A9 09 97 F5 7C 95 22 B7 01 CE 21 82 47 07 98 92 |....|."...!.G...|
4341 00A0 48 9D F9 DE D1 E7 0B 05 43 66 CE 0D B4 3F B8 3D |H.......Cf...?.=|
4342 00B0 BC 01 5D 79 72 60 7A C4 B2 06 DD 95 6E C9 73 0C |..]yr`z.....n.s.|
4343 00C0 4B 23 B1 22 B0 47 45 AB 06 10 27 10 1C 48 4B 09 |K#.".GE...'..HK.|
4344 00D0 AF 3F 4E F5 FB 05 DB 2F 39 D6 C2 8D 41 11 02 28 |.?N..../9...A..(|
4345 00E0 E5 DE D9 48 95 F7 97 15 D8 07 58 A9 31 FE 15 AB |...H......X.1...|
4346 00F0 D3 BC FE 00 1A 2A DC F0 74 42 17 BE 36 8D A3 15 |.....*..tB..6...|
4347
4348
4349
4350
4351
4352 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 88CFCDB0F9C4EE5EDD6FBF98BA095640FE9ABCF35C982522DD314B32D1846E85
A0A4D2BC88D5483C76BDA6A5E7E3B7D6CBDA91516362D32627A92FA791EFFBE1
A4CE7B58D555008E48BE66558FEB121AB9C6E295C2BA498D6BD378B268ACC07E
7E7F95BB5D7B03EADCD41DED81388021F554D64158C8BD804E0AB6050D49DC0E
456554766941FC4C4AFF265C24F077BAA90997F57C9522B701CE218247079892
489DF9DED1E70B054366CE0DB43FB83DBC015D7972607AC4B206DD956EC9730C
4B23B122B04745AB061027101C484B09AF3F4EF5FB05DB2F39D6C28D41110228
E5DED94895F79715D80758A931FE15ABD3BCFE001A2ADCF0744217BE368DA315
4353
4354 The XML encoded structure of the StatusReport message is:
4355
4356 <?xml version="1.0" encoding="UTF-8"?>
4357 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4358 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
4359 <StsRpt>
4360 <Hdr>
4361 <DwnldTrf>false</DwnldTrf>
4362 <FrmtVrsn>5.0</FrmtVrsn>
4363 <XchgId>003</XchgId>
4364 <CreDtTm>2013-12-06T13:53:55.00+02:00</CreDtTm>
4365 <InitgPty>
4366 <Id>66000001</Id>
4367 <Tp>OPOI</Tp>
4368 <Issr>MTMG</Issr>
4369 </InitgPty>
4370 <RcptPty>
4371 <Id>epas-keyDownload-TM1</Id>
4372 <Tp>MTMG</Tp>
4373 </RcptPty>
4374 </Hdr>
4375 <StsRpt>
4376 <POIId>
4377 <Id>66000001</Id>
4378 <Tp>OPOI</Tp>
4379 <Issr>MTMG</Issr>
4380 </POIId>
4381 <TermnlMgrId>
4382 <Id>epas-keyDownload-TM1</Id>
4383 <Tp>MTMG</Tp>
4384 </TermnlMgrId>
4385 <DataSet>
4386 <Id>
4387 <Tp>STRP</Tp>
4388 <CreDtTm>2013-12-06T13:53:55.00+02:00</CreDtTm>
4389 </Id>
4390 <Cntt>
4391 <POICmpnt>
4392 <Tp>TERM</Tp>
4393 <Id>
4394 <ItmNb>1</ItmNb>
4395 <PrvdrId>EPASVendor001</PrvdrId>
4396 <Id>Counter Top E41</Id>
4397 <SrlNb>7825410759</SrlNb>
4398 </Id>
4399 </POICmpnt>
4400 <POICmpnt>
4401 <Tp>APLI</Tp>
4402 <Id>
4403 <ItmNb>1.1</ItmNb>
4404 <PrvdrId>EPASVendor001</PrvdrId>
4405 </Id>
4406 <Sts>
4407 <VrsnNb>1.01</VrsnNb>
4408 </Sts>
4409 <StdCmplc>
4410 <Id>SEPA-FAST</Id>
4411 <Vrsn>3.0</Vrsn>
4412 <Issr>CIR</Issr>
4413 </StdCmplc>
4414 </POICmpnt>
4415 <POICmpnt>
4416 <Tp>SCPR</Tp>
4417 <Id>
4418 <ItmNb>1.1</ItmNb>
4419 <PrvdrId>EPASVendor001</PrvdrId>
4420 <Id>SpecV1TestKey</Id>
4421 </Id>
4422 <Sts>
4423 <VrsnNb>2010060715</VrsnNb>
4424 <Sts>OPER</Sts>
4425 </Sts>
4426 <Chrtcs>
4427 <KeyChckVal>Tga32/eadwU=</KeyChckVal>
4428 </Chrtcs>
4429 </POICmpnt>
4430 <AttndncCntxt>ATTD</AttndncCntxt>
4431 <POIDtTm>2013-12-06T13:53:49.00+02:00</POIDtTm>
4432 </Cntt>
4433 </DataSet>
4434 </StsRpt>
4435 <SctyTrlr>
4436 <CnttTp>SIGN</CnttTp>
4437 <SgndData>
4438 <DgstAlgo>
4439 <Algo>HS25</Algo>
4440 </DgstAlgo>
4441 <NcpsltdCntt>
4442 <CnttTp>DATA</CnttTp>
4443 </NcpsltdCntt>
4444 <Cert>
4445 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
4446 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
4447 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
4448 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
4449 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
4450 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
4451 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
4452 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
4453 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
4454 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
4455 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
4456 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
4457 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
4458 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
4459 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
4460 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
4461 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
4462 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
4463 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
4464 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
4465 </Cert>
4466 <Sgnr>
4467 <SgnrId>
4468 <IssrAndSrlNb>
4469 <Issr>
4470 <RltvDstngshdNm>
4471 <AttrTp>CATT</AttrTp>
4472 <AttrVal>BE</AttrVal>
4473 </RltvDstngshdNm>
4474 <RltvDstngshdNm>
4475 <AttrTp>OATT</AttrTp>
4476 <AttrVal>EPASOrg</AttrVal>
4477 </RltvDstngshdNm>
4478 <RltvDstngshdNm>
4479 <AttrTp>OUAT</AttrTp>
4480 <AttrVal>Technical Center of Expertise</AttrVal>
4481 </RltvDstngshdNm>
4482 <RltvDstngshdNm>
4483 <AttrTp>CNAT</AttrTp>
4484 <AttrVal>EPAS Protocols Test CA</AttrVal>
4485 </RltvDstngshdNm>
4486 </Issr>
4487 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
4488 </IssrAndSrlNb>
4489 </SgnrId>
4490 <DgstAlgo>
4491 <Algo>HS25</Algo>
4492 </DgstAlgo>
4493 <SgntrAlgo>
4494 <Algo>ERS2</Algo>
4495 </SgntrAlgo>
4496 <Sgntr>
4497 iM/NsPnE7l7db7+YuglWQP6avPNcmCUi3TFLMtGEboWgpNK8iNVIPHa9pqXn47fWy9qRUWNi0
4498 yYnqS+nke/74aTOe1jVVQCOSL5mVY/rEhq5xuKVwrpJjWvTeLJorMB+fn+Vu117A+rc1B3tgT
4499 iAIfVU1kFYyL2ATgq2BQ1J3A5FZVR2aUH8TEr/Jlwk8He6qQmX9XyVIrcBziGCRweYkkid+d7
4500 R5wsFQ2bODbQ/uD28AV15cmB6xLIG3ZVuyXMMSyOxIrBHRasGECcQHEhLCa8/TvX7BdsvOdbC
4501 jUERAijl3tlIlfeXFdgHWKkx/hWr07z+ABoq3PB0Qhe+No2jFQ==
4502
4503 </Sgntr>
4504 </Sgnr>
4505 </SgndData>
4506 </SctyTrlr>
4507 </StsRpt>
4508 </Document>
4509
4510
4511
4534
4535 Figure 14: Sequence of Message Exchanges
4536
4541
4542 The resulting XML encoded structure is:
4543 <POIId>
4544 <Id>66000001</Id>
4545 <Tp>OPOI</Tp>
4546 <Issr>MTMG</Issr>
4547 </POIId>
4548 <TermnlMgrId>
4549 <Id>epas-acquirer-TM1</Id>
4550 <Tp>MTMG</Tp>
4551 </TermnlMgrId>
4552
4553
1.1
Countertop
Terminal
1.1.1 1.1.2
SEPA-FAST
PIN Pad
Application
SEPA-FAST
EMV Kernel
Parameters
1.1.1.1 1.1.2.1
4558
4559 Figure 15: POI Architecture for Message Examples
4560
4561
Message Item Value
POICapabilities
CardReadingCapabilities ICC
CardReadingCapabilities MagneticStripe
POIComponent
Type Server
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
POIComponent
Type Terminal
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Model Counter Top E41
SerialNumber 7825410759
POIComponent
Type Device
Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
4562
4563 The resulting XML encoded structure is:
4564 <POICpblties>
4565 <CardRdngCpblties>CICC</CardRdngCpblties>
4566 <CardRdngCpblties>MGST</CardRdngCpblties>
4567 </POICpblties>
4568 <Cmpnt>
4569 <Tp>SERV</Tp>
4570 <Id>
4571 <ItmNb>1</ItmNb>
4572 <PrvdrId>EPASVendor001</PrvdrId>
4573 </Id>
4574 </Cmpnt>
4575 <Cmpnt>
4576 <Tp>TERM</Tp>
4577 <Id>
4578 <ItmNb>1.1</ItmNb>
4579 <PrvdrId>EPASVendor001</PrvdrId>
4580 <Id>Counter Top E41</Id>
4581 <SrlNb>7825410759</SrlNb>
4582 </Id>
4583 </Cmpnt>
4584 <Cmpnt>
4585 <Tp>DVCE</Tp>
4586 <Id>
4587 <ItmNb>1.1.1</ItmNb>
4588 <PrvdrId>EPASVendor001</PrvdrId>
4589 <Id>PIN Pad T25</Id>
4590 <SrlNb>1825410759</SrlNb>
4591 </Id>
4592 </Cmpnt>
4593 <Cmpnt>
4594 <Tp>EMVK</Tp>
4595 <Id>
4596 <ItmNb>1.1.1.1</ItmNb>
4597 <PrvdrId>EPASVendor003</PrvdrId>
4598 </Id>
4599 <Sts>
4600 <VrsnNb>7.1</VrsnNb>
4601 </Sts>
4602 </Cmpnt>
4603 <Cmpnt>
4604 <Tp>APLI</Tp>
4605 <Id>
4606 <ItmNb>1.1.2</ItmNb>
4607 <PrvdrId>EPASVendor002</PrvdrId>
4608 </Id>
4609 <Sts>
4610 <VrsnNb>1.0</VrsnNb>
4611 </Sts>
4612 <StdCmplc>
4613 <Id>SEPA-FAST</Id>
4614 <Vrsn>3.0</Vrsn>
4615 <Issr>CIR</Issr>
4616 </StdCmplc>
4617 </Cmpnt>
4618 <Cmpnt>
4619 <Tp>APPR</Tp>
4620 <Id>
4621 <ItmNb>1.1.2.1</ItmNb>
4622 <PrvdrId>EPASAcquirer01</PrvdrId>
4623 </Id>
4624 <Sts>
4625 <VrsnNb>20110807143500</VrsnNb>
4626 </Sts>
4627 </Cmpnt>
4628
4629
4635
4636 The content of the message component Action related to this action is presented below.
4637 The Address includes only one address,
4638 the DataSetIdentification of the management plan only the Type,
4639 the Trigger is "DateTime" as a endless cyclic action,
4640 the MaximumNumber is “0” for endless,
4641 the time (StartTime) to request the management plan is "22:45",
4642 the period is 1 day: Period = "10000" in the MMDDhhmm format,
4643 a maximum of 2 retries are allowed (MaximumNumber), and
4644 the delay between 2 retries is 10 minutes: Delay = "10" in the MMDDhhmm format,
4645 No ErrorAction is defined, as in case of error the POI waits for the next day.
4646
Message Item Value
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2011-08-21T22:45:00
Period 10000
MaximumNumber 0
4647
4648 The resulting XML encoded structure for this Action is:
4649 <Actn>
4650 ___ <Tp>DWNL</Tp>
4651 <RmotAccs>
4652 <Adr>
4653 <NtwkTp>IPNW</NtwkTp>
4654 <AdrVal>TM1.Test.EPASOrg.eu:5001</AdrVal>
4655 </Adr>
4656 </RmotAccs>
4657 <DataSetId>
4658 <Tp>MGTP</Tp>
4659 </DataSetId>
4660 <Trggr>DATE</Trggr>
4661 <ReTry>
4662 <Dely>10</Dely>
4663 <MaxNb>2</MaxNb>
4664 </ReTry>
4665 <TmCond>
4666 <StartTm>2011-08-21T22:45:00</StartTm>
4667 <Prd>10000</Prd>
4668 <MaxNb>0</MaxNb>
4669 </TmCond>
4670 </Actn>
4671
4759 <Id>
4760 <ItmNb>1.1.1.1</ItmNb>
4761 <PrvdrId>EPASVendor003</PrvdrId>
4762 </Id>
4763 <Sts>
4764 <VrsnNb>7.1</VrsnNb>
4765 </Sts>
4766 </POICmpnt>
4767 <POICmpnt>
4768 <Tp>APLI</Tp>
4769 <Id>
4770 <ItmNb>1.1.2</ItmNb>
4771 <PrvdrId>EPASVendor002</PrvdrId>
4772 </Id>
4773 <Sts>
4774 <VrsnNb>1.0</VrsnNb>
4775 </Sts>
4776 <StdCmplc>
4777 <Id>SEPA-FAST</Id>
4778 <Vrsn>3.0</Vrsn>
4779 <Issr>CIR</Issr>
4780 </StdCmplc>
4781 </POICmpnt>
4782 <POICmpnt>
4783 <Tp>APPR</Tp>
4784 <Id>
4785 <ItmNb>1.1.2.1</ItmNb>
4786 <PrvdrId>EPASAcquirer01</PrvdrId>
4787 </Id>
4788 <Sts>
4789 <VrsnNb>20110807143500</VrsnNb>
4790 </Sts>
4791 </POICmpnt>
4792 <POIDtTm>2013-08-23T22:45:00.01+02:00</POIDtTm>
4793 <DataSetReqrd>
4794 <Id>
4795 <Tp>MGTP</Tp>
4796 </Id>
4797 </DataSetReqrd>
4798 </Cntt>
4799 </DataSet>
4800 </StsRpt>
4801 <SctyTrlr>
4802 <CnttTp>AUTH</CnttTp>
4803 <AuthntcdData>
4804 <Rcpt>
4805 <KEK>
4806 <KEKId>
4807 <KeyId>SpecV1TestKey</KeyId>
4808 <KeyVrsn>2010060715</KeyVrsn>
4809 <DerivtnId>OYclpQE=</DerivtnId>
4810 </KEKId>
4811 <KeyNcrptnAlgo>
4812 <Algo>DKP9</Algo>
4813 </KeyNcrptnAlgo>
4814 <NcrptdKey>4pAgABc=</NcrptdKey>
4815 </KEK>
4816 </Rcpt>
4817 <MACAlgo>
4818 <Algo>MCCS</Algo>
4819 </MACAlgo>
4820 <NcpsltdCntt>
4821 <CnttTp>DATA</CnttTp>
4822 </NcpsltdCntt>
4823 <MAC> SSO3hoKXk6U=</MAC>
4824 </AuthntcdData>
4825 </SctyTrlr>
4826 </StsRpt>
4827 </Document>
4828
9 Message Examples Page 190
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
4829 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
4830 or line breaks) is dumped below:
4831 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
4832 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
4833 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
4834 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
4835 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
4836 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
4837 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
4838 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
4839 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
4840 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
4841 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
4842 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 30 2E 30 |08-23T22:45:00.0|
4843 00C0 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |1+02:00</CreDtTm|
4844 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
4845 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
4846 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
4847 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
4848 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
4849 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
4850 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
4851 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
4852 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
4853 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
4854 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
4855 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
4856 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
4857 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
4858 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
4859 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
4860 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
4861 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
4862 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
4863 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
4864 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
4865 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
4866 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
4867 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
4868 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
4869 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
4870 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
4871 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
4872 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
4873 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
4874 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
4875 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
4876 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
4877 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
4878 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|
4879 0300 6F 72 30 30 33 3C 2F 50 72 76 64 72 49 64 3E 3C |or003</PrvdrId><|
4880 0310 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 |/Id><Sts><VrsnNb|
4881 0320 3E 37 2E 31 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 |>7.1</VrsnNb></S|
5078
5079 The ManagementPlanReplacement message body contains these two actions presented below:
5080
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 549
CreationDateTime 2013-08-23T22:45:01.61+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
ManagementPlan
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type ManagementPlan
CreationDateTime 2013-08-23T22:45:01.61+02:00
Content
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Name “MyParameter”
Type AcquirerParameters
Version 20130822181900
Trigger DateTime
AdditionalProcess Restart
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2013-08-23T10:28:00
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
WaitingTime 0
Period 10000
MaximumNumber 0
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC 137BC5E629E830F6
5081
5082
5151 <DataSetId>
5152 <Tp>MGTP</Tp>
5153 </DataSetId>
5154 <Trggr>DATE</Trggr>
5155 <ReTry>
5156 <Dely>10</Dely>
5157 <MaxNb>2</MaxNb>
5158 </ReTry>
5159 <TmCond>
5160 <WtgTm>0</WtgTm>
5161 <Prd>10000</Prd>
5162 <MaxNb>0</MaxNb>
5163 </TmCond>
5164 </Actn>
5165 </Cntt>
5166 </DataSet>
5167 </MgmtPlan>
5168 <SctyTrlr>
5169 <CnttTp>AUTH</CnttTp>
5170 <AuthntcdData>
5171 <Rcpt>
5172 <KEK>
5173 <KEKId>
5174 <KeyId>SpecV1TestKey</KeyId>
5175 <KeyVrsn>2010060715</KeyVrsn>
5176 <DerivtnId>OYclpQE=</DerivtnId>
5177 </KEKId>
5178 <KeyNcrptnAlgo>
5179 <Algo>DKP9</Algo>
5180 </KeyNcrptnAlgo>
5181 <NcrptdKey>4pAgABc=</NcrptdKey>
5182 </KEK>
5183 </Rcpt>
5184 <MACAlgo>
5185 <Algo>MCCS</Algo>
5186 </MACAlgo>
5187 <NcpsltdCntt>
5188 <CnttTp>DATA</CnttTp>
5189 </NcpsltdCntt>
5190 <MAC> E3vF5inoMPY=</MAC>
5191 </AuthntcdData>
5192 </SctyTrlr>
5193 </MgmtPlanRplcmnt>
5194 </Document>
5195
5196
5197 Once unnecessary spaces and carriage returns are removed, the message body MgmtPlan (without
5198 spaces or line breaks) is dumped below:
5199 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
5200 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
5201 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
5202 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
5203 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
5204 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 |grId><Id>epas-ac|
5205 0060 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C |quirer-TM1</Id><|
5206 0070 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 |Tp>MTMG</Tp></Te|
5207 0080 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 |rmnlMgrId><DataS|
5208 0090 65 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C |et><Id><Tp>MGTP<|
5209 00A0 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |/Tp><CreDtTm>201|
5210 00B0 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 |3-08-23T22:45:01|
5211 00C0 2E 36 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.61+02:00</CreDt|
5212 00D0 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 |Tm></Id><Cntt><A|
5213 00E0 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 |ctn><Tp>DWNL</Tp|
5214 00F0 3E 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E |><RmotAccs><Adr>|
5215 0100 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 |<NtwkTp>IPNW</Nt|
5216 0110 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 |wkTp><AdrVal>TM1|
5217 0120 2E 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 |.Test.EPASOrg.eu|
5218 0130 3A 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F |:5001</AdrVal></|
5219 0140 41 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C |Adr></RmotAccs><|
5220 0150 44 61 74 61 53 65 74 49 64 3E 3C 4E 6D 3E 4D 79 |DataSetId><Nm>My|
5221 0160 50 61 72 61 6D 65 74 65 72 3C 2F 4E 6D 3E 3C 54 |Parameter</Nm><T|
5222 0170 70 3E 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E |p>AQPR</Tp><Vrsn|
5223 0180 3E 32 30 31 33 30 38 32 32 31 38 31 39 30 30 3C |>20130822181900<|
5224 0190 2F 56 72 73 6E 3E 3C 2F 44 61 74 61 53 65 74 49 |/Vrsn></DataSetI|
5225 01A0 64 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 |d><Trggr>DATE</T|
5226 01B0 72 67 67 72 3E 3C 41 64 64 74 6C 50 72 63 3E 52 |rggr><AddtlPrc>R|
5227 01C0 53 52 54 3C 2F 41 64 64 74 6C 50 72 63 3E 3C 52 |SRT</AddtlPrc><R|
5228 01D0 65 54 72 79 3E 3C 44 65 6C 79 3E 31 30 3C 2F 44 |eTry><Dely>10</D|
5229 01E0 65 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C 2F 4D 61 |ely><MaxNb>2</Ma|
5230 01F0 78 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C 54 6D 43 |xNb></ReTry><TmC|
5231 0200 6F 6E 64 3E 3C 53 74 61 72 74 54 6D 3E 32 30 31 |ond><StartTm>201|
5232 0210 33 2D 30 38 2D 32 33 54 31 30 3A 32 38 3A 30 30 |3-08-23T10:28:00|
5233 0220 3C 2F 53 74 61 72 74 54 6D 3E 3C 2F 54 6D 43 6F |</StartTm></TmCo|
5234 0230 6E 64 3E 3C 2F 41 63 74 6E 3E 3C 41 63 74 6E 3E |nd></Actn><Actn>|
5235 0240 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E 3C 52 6D |<Tp>DWNL</Tp><Rm|
5236 0250 6F 74 41 63 63 73 3E 3C 41 64 72 3E 3C 4E 74 77 |otAccs><Adr><Ntw|
5237 0260 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 6B 54 70 |kTp>IPNW</NtwkTp|
5238 0270 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 2E 54 65 73 |><AdrVal>TM1.Tes|
5239 0280 74 2E 45 50 41 53 4F 72 67 2E 65 75 3A 35 30 30 |t.EPASOrg.eu:500|
5240 0290 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 64 72 3E |1</AdrVal></Adr>|
5241 02A0 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C 44 61 74 61 |</RmotAccs><Data|
5242 02B0 53 65 74 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F |SetId><Tp>MGTP</|
5243 02C0 54 70 3E 3C 2F 44 61 74 61 53 65 74 49 64 3E 3C |Tp></DataSetId><|
5244 02D0 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 67 67 |Trggr>DATE</Trgg|
5245 02E0 72 3E 3C 52 65 54 72 79 3E 3C 44 65 6C 79 3E 31 |r><ReTry><Dely>1|
5246 02F0 30 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E 62 3E 32 |0</Dely><MaxNb>2|
5247 0300 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 72 79 3E |</MaxNb></ReTry>|
5248 0310 3C 54 6D 43 6F 6E 64 3E 3C 57 74 67 54 6D 3E 30 |<TmCond><WtgTm>0|
5249 0320 3C 2F 57 74 67 54 6D 3E 3C 50 72 64 3E 31 30 30 |</WtgTm><Prd>100|
5266 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
5267 we obtain the MAC of the ManagementPlan 137BC5E629E830F6 and after conversion in base64 "
5268 E3vF5inoMPY=".
5269 0000 0C A0 B6 35 D2 8E 1E 6B 9C 2D 36 A7 5E C8 DF A1 |...5...k.-6.^...|
5270 0010 22 83 7D 38 F8 0E 62 8A 2C 64 FC 44 0D 08 DA 9B |".}8..b.,d.D....|
5271 0020 13 7B C5 E6 29 E8 30 F6 |.{..).0. |
5272
5273
5274 The message sent by the transport protocol is:
5275 0000 00 00 06 BB 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | - <?xml versio|
5276 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
5277 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
5278 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
5279 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
5280 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
5281 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
5282 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
5283 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
5284 0090 63 61 74 6D 2E 30 30 32 2E 30 30 31 2E 30 35 22 |catm.002.001.05"|
5285 00A0 3E 3C 4D 67 6D 74 50 6C 61 6E 52 70 6C 63 6D 6E |><MgmtPlanRplcmn|
5286 00B0 74 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 |t><Hdr><DwnldTrf|
5287 00C0 3E 74 72 75 65 3C 2F 44 77 6E 6C 64 54 72 66 3E |>true</DwnldTrf>|
5288 00D0 3C 46 72 6D 74 56 72 73 6E 3E 35 2E 30 3C 2F 46 |<FrmtVrsn>5.0</F|
5289 00E0 72 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E |rmtVrsn><XchgId>|
5290 00F0 35 34 39 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 |549</XchgId><Cre|
5291 0100 44 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 |DtTm>2013-08-23T|
5292 0110 32 32 3A 34 35 3A 30 31 2E 36 31 2B 30 32 3A 30 |22:45:01.61+02:0|
5293 0120 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 |0</CreDtTm><Init|
5294 0130 67 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 |gPty><Id>6600000|
5295 0140 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F |1</Id><Tp>OPOI</|
5296 0150 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 |Tp><Issr>MTMG</I|
5297 0160 73 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C |ssr></InitgPty><|
5298 0170 52 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 |RcptPty><Id>epas|
5299 0180 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
5300 0190 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
5301 01A0 2F 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C |/RcptPty></Hdr><|
5302 01B0 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 3E |MgmtPlan><POIId>|
5303 01C0 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 |<Id>66000001</Id|
5304 01D0 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 |><Tp>OPOI</Tp><I|
5305 01E0 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C |ssr>MTMG</Issr><|
5306 01F0 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 |/POIId><TermnlMg|
5307 0200 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 |rId><Id>epas-acq|
5308 0210 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |uirer-TM1</Id><T|
5309 0220 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 |p>MTMG</Tp></Ter|
5310 0230 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
5311 0240 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F |t><Id><Tp>MGTP</|
5312 0250 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 |Tp><CreDtTm>2013|
5313 0260 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 2E |-08-23T22:45:01.|
5314 0270 36 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 |61+02:00</CreDtT|
5315 0280 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 |m></Id><Cntt><Ac|
5316 0290 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E |tn><Tp>DWNL</Tp>|
5317 02A0 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E 3C |<RmotAccs><Adr><|
Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20110807143500
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-08-23T15:16:08.13+02:00
DataSetRequired
Identification
Type AcquirerParameters
Version 20130822181900
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC BF38EEF2EC94A3FB
5392
5393
5462 <Id>
5463 <ItmNb>1.1.1.1</ItmNb>
5464 <PrvdrId>EPASVendor003</PrvdrId>
5465 </Id>
5466 <Sts>
5467 <VrsnNb>7.1</VrsnNb>
5468 </Sts>
5469 </POICmpnt>
5470 <POICmpnt>
5471 <Tp>APLI</Tp>
5472 <Id>
5473 <ItmNb>1.1.2</ItmNb>
5474 <PrvdrId>EPASVendor002</PrvdrId>
5475 </Id>
5476 <Sts>
5477 <VrsnNb>1.0</VrsnNb>
5478 </Sts>
5479 <StdCmplc>
5480 <Id>SEPA-FAST</Id>
5481 <Vrsn>3.0</Vrsn>
5482 <Issr>CIR</Issr>
5483 </StdCmplc>
5484 </POICmpnt>
5485 <POICmpnt>
5486 <Tp>APPR</Tp>
5487 <Id>
5488 <ItmNb>1.1.2.1</ItmNb>
5489 <PrvdrId>EPASAcquirer01</PrvdrId>
5490 </Id>
5491 <Sts>
5492 <VrsnNb>20110807143500</VrsnNb>
5493 </Sts>
5494 </POICmpnt>
5495 <AttndncCntxt>ATTD</AttndncCntxt>
5496 <POIDtTm>2013-08-23T15:16:08.13+02:00</POIDtTm>
5497 <DataSetReqrd>
5498 <Id>
5499 <Tp>AQPR</Tp>
5500 <Vrsn>20130822181900</Vrsn>
5501 </Id>
5502 </DataSetReqrd>
5503 </Cntt>
5504 </DataSet>
5505 </StsRpt>
5506 <SctyTrlr>
5507 <CnttTp>AUTH</CnttTp>
5508 <AuthntcdData>
5509 <Rcpt>
5510 <KEK>
5511 <KEKId>
5512 <KeyId>SpecV1TestKey</KeyId>
5513 <KeyVrsn>2010060715</KeyVrsn>
5514 <DerivtnId>OYclpQE=</DerivtnId>
5515 </KEKId>
5516 <KeyNcrptnAlgo>
5517 <Algo>DKP9</Algo>
5518 </KeyNcrptnAlgo>
5519 <NcrptdKey>4pAgABc=</NcrptdKey>
5520 </KEK>
5521 </Rcpt>
5522 <MACAlgo>
5523 <Algo>MCCS</Algo>
5524 </MACAlgo>
5525 <NcpsltdCntt>
5526 <CnttTp>DATA</CnttTp>
5527 </NcpsltdCntt>
5528 <MAC>vzju8uyUo/s=</MAC>
5529 </AuthntcdData>
5530 </SctyTrlr>
5531 </StsRpt>
5532 </Document>
5533
5534 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
5535 or line breaks) is dumped below:
5536 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
5537 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
5538 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
5539 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
5540 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
5541 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
5542 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
5543 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
5544 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
5545 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
5546 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
5547 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 2E 38 |08-23T22:45:01.8|
5548 00C0 36 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |6+02:00</CreDtTm|
5549 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
5550 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
5551 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
5552 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
5553 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
5554 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
5555 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
5556 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
5557 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
5558 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
5559 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
5560 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
5561 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
5562 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
5563 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
5564 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
5565 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
5566 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
5567 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
5568 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
5569 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
5570 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
5571 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
5572 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
5573 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
5574 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
5575 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
5576 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
5577 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
5578 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
5579 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
5580 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
5581 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
5582 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
5583 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type AcquirerParameters
Version 20130822181900
CreationDateTime 2013-08-23T22:45:02.31+02:00
POIIdentification
Identification 66000001
Type OriginationgPOI
Content
AcquirerProtocolParameters
ActionType Create
AcquirerIdentification
Identification 12
Issuer Acquirer
Version 123e4567-e89b-12d3-a456-426655440000
ApplicationIdentification SEPA-FAST
Host
HostIdentification AcquirerHost1
MessageTosend FinancialAuthorisationRequest
MessageTosend FinancialCompletionAdvice
MessageTosend CompletionAdvice
MessageTosend FinancialReversalAdvice
MessageTosend CancellationAdvice
Host
HostIdentification AcquirerHost2
MessageTosend ReconciliationRequest
OnlineTransaction
FinancialCapture Authorisation
CompletionExchange
ExchangePolicy OnDemand
OfflineTransaction
FinancialCapture Completion
CompletionExchange
ExchangePolicy Immediately
ReconciliationExchange
ExchangePolicy Cyclic
Retry
Delay 5
MaximumNumber 3
TimeCondition
StartTime 2013-08-23T23:35:00
Period 10000
ReconciliationByAcquirer False
TotalsPerCurrency True
BatchTransferContent Failed
MessageItem
ItemIdentification Hdr/InitgPty/Id
Condition ConfiguredValue
Value 66000001
MessageItem
ItemIdentification Hdr/RcptPty
Condition Mandatory
MessageItem
ItemIdentification Hdr/RcptPty/Id
Condition ConfiguredValue
Value epas-acquirer-1
MessageItem
ItemIdentification Hdr/Tracblt
Condition NotSupported
MessageItem
ItemIdentification Envt/Acqrr/Id
Condition Mandatory
MessageItem
ItemIdentification Envt/Acqrr/Id/Id
Condition Mandatory
MessageItem
ItemIdentification Envt/Mrchnt/Id
Condition Mandatory
ProtectCardData True
ApplicationParameters
ActionType Create
ApplicationIdentification SEPA-FAST
Version 20130822181900
Parameters E01E9F1E088531029885310298DF1401
01DF150102DF160103DF3304656E6672
E1259F4005A00090F0019F330360A040
9F3501329F1A020250DF12024652DF13
02E000DF170101
HostCommunicationParameters
ActionType Create
HostIdentification AcquirerHost1
Address
Address
NetworkType InternetProtocol
AddressValue AcquirerHost1.Test.EPASOrg.eu:5001
HostCommunicationParameters
HostIdentification AcquirerHost2
ActionType Create
Address
Address
NetworkType InternetProtocol
AddressValue AcquirerHost2.Test.EPASOrg.eu:5002
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC D80D8B1257E8378A
5811
5812
5881 </CmpltnXchg>
5882 </OffLineTx>
5883 <RcncltnXchg>
5884 <XchgPlcy>CYCL</XchgPlcy>
5885 <ReTry>
5886 <Dely>5</Dely>
5887 <MaxNb>3</MaxNb>
5888 </ReTry>
5889 <TmCond>
5890 <StartTm>2013-08-23T23:35:00</StartTm>
5891 <Prd>10000</Prd>
5892 </TmCond>
5893 </RcncltnXchg>
5894 <RcncltnByAcqrr>false</RcncltnByAcqrr>
5895 <TtlsPerCcy>true</TtlsPerCcy>
5896 <BtchTrfCntt>FAIL</BtchTrfCntt>
5897 <MsgItm>
5898 <ItmId>Hdr/InitgPty/Id</ItmId>
5899 <Cond>CFVL</Cond>
5900 <Val>66000001</Val>
5901 </MsgItm>
5902 <MsgItm>
5903 <ItmId>Hdr/InitgPty/Id</ItmId>
5904 <Cond>CFVL</Cond>
5905 <Val>66000001</Val>
5906 </MsgItm>
5907 <MsgItm>
5908 <ItmId>Hdr/RcptPty</ItmId>
5909 <Cond>MNDT</Cond>
5910 </MsgItm>
5911 <MsgItm>
5912 <ItmId>Hdr/RcptPty/Id</ItmId>
5913 <Cond>CFVL</Cond>
5914 <Val>epas-acquirer-1</Val>
5915 </MsgItm>
5916 <MsgItm>
5917 <ItmId>Hdr/Tracblt</ItmId>
5918 <Cond>UNSP</Cond>
5919 </MsgItm>
5920 <MsgItm>
5921 <ItmId>Envt/Acqrr/Id</ItmId>
5922 <Cond>MNDT</Cond>
5923 </MsgItm>
5924 <MsgItm>
5925 <ItmId>Envt/Acqrr/Id/Id</ItmId>
5926 <Cond>MNDT</Cond>
5927 </MsgItm>
5928 <MsgItm>
5929 <ItmId>Envt/Mrchnt/Id</ItmId>
5930 <Cond>MNDT</Cond>
5931 </MsgItm>
5932 <PrtctCardData>true</PrtctCardData>
5933 </AcqrrPrtcolParams>
5934 <ApplParams>
5935 <ActnTp>CREA</ActnTp>
5936 <ApplId>SEPA-FAST</ApplId>
5937 <Vrsn>20130822181900</Vrsn>
5938 <Params>
5939 4B6fHgiFMQKYhTECmN8UAQHfFQEC3xYBA98zBGVuZnLhJZ9A
5940 BaAAkPABnzMDYKBAnzUBMp8aAgJQ3xICRlLfEwLgAN8XAQE=
5941 </Params>
5942 </ApplParams>
5943 <HstComParams>
5944 <ActnTp>CREA</ActnTp>
5945 <HstId>AcquirerHost1</HstId>
5946 <Adr>
5947 <Adr>
5948 <NtwkTp>IPNW</NtwkTp>
5949 <AdrVal>AcquirerHost1.Test.EPASOrg.eu:5001</AdrVal>
5950 </Adr>
5951 </Adr>
5952 </HstComParams>
5953 <HstComParams>
5954 <ActnTp>CREA</ActnTp>
5955 <HstId>AcquirerHost2</HstId>
5956 <Adr>
5957 <Adr>
5958 <NtwkTp>IPNW</NtwkTp>
5959 <AdrVal>AcquirerHost2.Test.EPASOrg.eu:5002</AdrVal>
5960 </Adr>
5961 </Adr>
5962 </HstComParams>
5963 </Cntt>
5964 </DataSet>
5965 </AccptrCfgtn>
5966 <SctyTrlr>
5967 <CnttTp>AUTH</CnttTp>
5968 <AuthntcdData>
5969 <Rcpt>
5970 <KEK>
5971 <KEKId>
5972 <KeyId>SpecV1TestKey</KeyId>
5973 <KeyVrsn>2010060715</KeyVrsn>
5974 <DerivtnId>OYclpQE=</DerivtnId>
5975 </KEKId>
5976 <KeyNcrptnAlgo>
5977 <Algo>DKP9</Algo>
5978 </KeyNcrptnAlgo>
5979 <NcrptdKey>4pAgABc=</NcrptdKey>
5980 </KEK>
5981 </Rcpt>
5982 <MACAlgo>
5983 <Algo>MCCS</Algo>
5984 </MACAlgo>
5985 <NcpsltdCntt>
5986 <CnttTp>DATA</CnttTp>
5987 </NcpsltdCntt>
5988 <MAC> 2A2LElfoN4o=</MAC>
5989 </AuthntcdData>
5990 </SctyTrlr>
5991 </AccptrCfgtnUpd>
5992 </Document>
5993
5994
5995 Once unnecessary spaces and carriage returns are removed, the message body AccptrCfgtn (without
5996 spaces or line breaks) is dumped below:
5997 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
5998 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
5999 0020 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
6000 0030 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
6001 0040 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
6002 0050 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|
6003 0060 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E 32 |AQPR</Tp><Vrsn>2|
6004 0070 30 31 33 30 38 32 32 31 38 31 39 30 30 3C 2F 56 |0130822181900</V|
6005 0080 72 73 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |rsn><CreDtTm>201|
6006 0090 31 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 |1-08-23T22:45:02|
6007 00A0 2E 33 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.31+02:00</CreDt|
6008 00B0 54 6D 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 3E 3C |Tm></Id><POIId><|
6009 00C0 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
6010 00D0 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
6011 00E0 73 72 3E 41 43 51 52 3C 2F 49 73 73 72 3E 3C 2F |sr>ACQR</Issr></|
6012 00F0 50 4F 49 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 71 |POIId><Cntt><Acq|
6013 0100 72 72 50 72 74 63 6F 6C 50 61 72 61 6D 73 3E 3C |rrPrtcolParams><|
6014 0110 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 74 |ActnTp>CREA</Act|
6015 0120 6E 54 70 3E 3C 41 63 71 72 72 49 64 3E 3C 49 64 |nTp><AcqrrId><Id|
6016 0130 3E 31 32 3C 2F 49 64 3E 3C 54 70 3E 41 43 51 52 |>12</Id><Tp>ACQR|
6017 0140 3C 2F 54 70 3E 3C 2F 41 63 71 72 72 49 64 3E 3C |</Tp></AcqrrId><|
6018 0150 56 72 73 6E 3E 31 32 33 65 34 35 36 37 2D 65 38 |Vrsn>123e4567-e8|
6019 0160 39 62 2D 31 32 64 33 2D 61 34 35 36 2D 34 32 36 |9b-12d3-a456-426|
6020 0170 36 35 35 34 34 30 30 30 30 3C 2F 56 72 73 6E 3E |655440000</Vrsn>|
6021 0180 3C 41 70 70 6C 49 64 3E 53 45 50 41 2D 46 41 53 |<ApplId>SEPA-FAS|
6022 0190 54 3C 2F 41 70 70 6C 49 64 3E 3C 48 73 74 3E 3C |T</ApplId><Hst><|
6023 01A0 48 73 74 49 64 3E 41 63 71 75 69 72 65 72 48 6F |HstId>AcquirerHo|
6024 01B0 73 74 31 3C 2F 48 73 74 49 64 3E 3C 4D 73 67 54 |st1</HstId><MsgT|
6025 01C0 6F 53 6E 64 3E 46 41 55 51 3C 2F 4D 73 67 54 6F |oSnd>FAUQ</MsgTo|
6026 01D0 53 6E 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E 46 43 |Snd><MsgToSnd>FC|
6027 01E0 4D 56 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C 4D 73 |MV</MsgToSnd><Ms|
6028 01F0 67 54 6F 53 6E 64 3E 43 4D 50 56 3C 2F 4D 73 67 |gToSnd>CMPV</Msg|
6029 0200 54 6F 53 6E 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E |ToSnd><MsgToSnd>|
6030 0210 46 52 56 41 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C |FRVA</MsgToSnd><|
6031 0220 4D 73 67 54 6F 53 6E 64 3E 43 43 41 56 3C 2F 4D |MsgToSnd>CCAV</M|
6032 0230 73 67 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 48 |sgToSnd></Hst><H|
6033 0240 73 74 3E 3C 48 73 74 49 64 3E 41 63 71 75 69 72 |st><HstId>Acquir|
6034 0250 65 72 48 6F 73 74 32 3C 2F 48 73 74 49 64 3E 3C |erHost2</HstId><|
6035 0260 4D 73 67 54 6F 53 6E 64 3E 52 43 4C 51 3C 2F 4D |MsgToSnd>RCLQ</M|
6036 0270 73 67 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 4F |sgToSnd></Hst><O|
6037 0280 6E 4C 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 74 |nLineTx><FinCapt|
6038 0290 72 3E 41 55 54 48 3C 2F 46 69 6E 43 61 70 74 72 |r>AUTH</FinCaptr|
6039 02A0 3E 3C 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 63 |><CmpltnXchg><Xc|
6040 02B0 68 67 50 6C 63 79 3E 4F 4E 44 4D 3C 2F 58 63 68 |hgPlcy>ONDM</Xch|
6041 02C0 67 50 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 63 |gPlcy></CmpltnXc|
6042 02D0 68 67 3E 3C 2F 4F 6E 4C 69 6E 65 54 78 3E 3C 4F |hg></OnLineTx><O|
6043 02E0 66 66 4C 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 |ffLineTx><FinCap|
6044 02F0 74 72 3E 43 4F 4D 50 3C 2F 46 69 6E 43 61 70 74 |tr>COMP</FinCapt|
6045 0300 72 3E 3C 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 |r><CmpltnXchg><X|
6046 0310 63 68 67 50 6C 63 79 3E 49 4D 4D 44 3C 2F 58 63 |chgPlcy>IMMD</Xc|
6047 0320 68 67 50 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 |hgPlcy></CmpltnX|
6152 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6153 we obtain the MAC of the AcceptorConfigurationUpdate D80D8B1257E8378A and after conversion in
6154 base64 " 2A2LElfoN4o= ".
6155 0000 B1 8F 6A C6 F1 AD 84 CC 77 5B 76 8A CF 36 6E 54 |..j.....w[v..6nT|
6156 0010 6B AB 51 AD 1E 77 7A 30 39 2F CB 22 C3 F7 11 46 |k.Q..wz09/."...F|
6157 0020 D8 0D 8B 12 57 E8 37 8A |....W.7. |
6158
6159
6160 The message sent by the transport protocol is:
6161 0000 00 00 0C 46 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | F<?xml versio|
6162 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6163 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6164 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
6165 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
6166 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
6167 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
6168 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
6169 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
6170 0090 63 61 74 6D 2E 30 30 33 2E 30 30 31 2E 30 35 22 |catm.003.001.05"|
6171 00A0 3E 3C 41 63 63 70 74 72 43 66 67 74 6E 55 70 64 |><AccptrCfgtnUpd|
6172 00B0 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 3E |><Hdr><DwnldTrf>|
6173 00C0 74 72 75 65 3C 2F 44 77 6E 6C 64 54 72 66 3E 3C |true</DwnldTrf><|
6174 00D0 46 72 6D 74 56 72 73 6E 3E 35 2E 30 3C 2F 46 72 |FrmtVrsn>5.0</Fr|
6175 00E0 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E 35 |mtVrsn><XchgId>5|
6176 00F0 35 30 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 44 |50</XchgId><CreD|
6177 0100 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 |tTm>2013-08-23T2|
6178 0110 32 3A 34 35 3A 30 32 2E 33 31 2B 30 32 3A 30 30 |2:45:02.31+02:00|
6179 0120 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 67 |</CreDtTm><Initg|
6180 0130 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 |Pty><Id>66000001|
6181 0140 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 |</Id><Tp>OPOI</T|
6182 0150 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 |p><Issr>MTMG</Is|
6183 0160 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C 52 |sr></InitgPty><R|
6184 0170 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 2D |cptPty><Id>epas-|
6185 0180 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 |acquirer-TM1</Id|
6186 0190 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F |><Tp>MTMG</Tp></|
6187 01A0 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C 41 |RcptPty></Hdr><A|
6188 01B0 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 72 6D |ccptrCfgtn><Term|
6189 01C0 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 |nlMgrId><Id>epas|
6190 01D0 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
6191 01E0 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
6192 01F0 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 |/TermnlMgrId><Da|
6193 0200 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 41 51 |taSet><Id><Tp>AQ|
6194 0210 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E 32 30 31 |PR</Tp><Vrsn>201|
6195 0220 33 30 38 32 32 31 38 31 39 30 30 3C 2F 56 72 73 |30822181900</Vrs|
6196 0230 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 31 2D |n><CreDtTm>2011-|
6197 0240 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 2E 33 |08-23T22:45:02.3|
6198 0250 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |1+02:00</CreDtTm|
6199 0260 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 3E 3C 49 64 |></Id><POIId><Id|
6200 0270 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
6201 0280 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
6202 0290 3E 41 43 51 52 3C 2F 49 73 73 72 3E 3C 2F 50 4F |>ACQR</Issr></PO|
6203 02A0 49 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 71 72 72 |IId><Cntt><Acqrr|
POIComponent
Type Device
Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20130822181900
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-08-23T22:45:02.07+02:00
DataSetRequired
Identification
Type ManagementPlan
Event
TimeStamp 2011-08-23T22:45:02.03+02:00
Result Success
ActionIdentification
ActionType Download
DataSetIdentification
Type AcquirerParameters
Version 20130822181900
CreationDateTime 2013-08-23T22:45:02.31+02:00
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC E9C98FA226CA1E4A
6370
6371
6440 <Id>
6441 <ItmNb>1.1.1.1</ItmNb>
6442 <PrvdrId>EPASVendor003</PrvdrId>
6443 </Id>
6444 <Sts>
6445 <VrsnNb>7.1</VrsnNb>
6446 </Sts>
6447 </POICmpnt>
6448 <POICmpnt>
6449 <Tp>APLI</Tp>
6450 <Id>
6451 <ItmNb>1.1.2</ItmNb>
6452 <PrvdrId>EPASVendor002</PrvdrId>
6453 </Id>
6454 <Sts>
6455 <VrsnNb>1.0</VrsnNb>
6456 </Sts>
6457 <StdCmplc>
6458 <Id>SEPA-FAST</Id>
6459 <Vrsn>3.0</Vrsn>
6460 <Issr>CIR</Issr>
6461 </StdCmplc>
6462 </POICmpnt>
6463 <POICmpnt>
6464 <Tp>APPR</Tp>
6465 <Id>
6466 <ItmNb>1.1.2.1</ItmNb>
6467 <PrvdrId>EPASAcquirer01</PrvdrId>
6468 </Id>
6469 <Sts>
6470 <VrsnNb>20110822181900</VrsnNb>
6471 </Sts>
6472 </POICmpnt>
6473 <AttndncCntxt>ATTD</AttndncCntxt>
6474 <POIDtTm>2013-08-23T22:45:02.07+02:00</POIDtTm>
6475 <DataSetReqrd>
6476 <Id>
6477 <Tp>MGTP</Tp>
6478 </Id>
6479 </DataSetReqrd>
6480 <Evt>
6481 <TmStmp>2011-08-23T22:45:02.03+02:00</TmStmp>
6482 <Rslt>SUCC</Rslt>
6483 <ActnId>
6484 <ActnTp>DWNL</ActnTp>
6485 <DataSetId>
6486 <Tp>AQPR</Tp>
6487 <Vrsn>20130822181900</Vrsn>
6488 <CreDtTm>2013-08-23T22:45:02.31+02:00</CreDtTm>
6489 </DataSetId>
6490 </ActnId>
6491 </Evt>
6492 </Cntt>
6493 </DataSet>
6494 </StsRpt>
6495 <SctyTrlr>
6496 <CnttTp>AUTH</CnttTp>
6497 <AuthntcdData>
6498 <Rcpt>
6499 <KEK>
6500 <KEKId>
6501 <KeyId>SpecV1TestKey</KeyId>
6502 <KeyVrsn>2010060715</KeyVrsn>
6503 <DerivtnId>OYclpQE=</DerivtnId>
6504 </KEKId>
6505 <KeyNcrptnAlgo>
6506 <Algo>DKP9</Algo>
6507 </KeyNcrptnAlgo>
6508 <NcrptdKey>4pAgABc=</NcrptdKey>
6509 </KEK>
6510 </Rcpt>
6511 <MACAlgo>
6512 <Algo>MCCS</Algo>
6513 </MACAlgo>
6514 <NcpsltdCntt>
6515 <CnttTp>DATA</CnttTp>
6516 </NcpsltdCntt>
6517 <MAC>6cmPoibKHko=</MAC>
6518 </AuthntcdData>
6519 </SctyTrlr>
6520 </StsRpt>
6521 </Document>
6522
6523
6524 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
6525 or line breaks) is dumped below:
6526 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
6527 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
6528 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
6529 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
6530 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
6531 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
6532 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
6533 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
6534 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
6535 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
6536 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
6537 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 2E 30 |08-23T22:45:02.0|
6538 00C0 37 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |7+02:00</CreDtTm|
6539 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
6540 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
6541 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
6542 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
6543 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
6544 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
6545 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
6546 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
6547 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
6548 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
6549 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
6550 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
6551 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
6552 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
6553 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
6554 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
6555 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
6556 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
6557 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
6558 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
6559 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
6560 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
6561 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
6562 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
6563 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
6564 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
6565 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
6566 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
6567 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
6568 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
6569 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
6570 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
6571 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
6572 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
6573 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|
6574 0300 6F 72 30 30 33 3C 2F 50 72 76 64 72 49 64 3E 3C |or003</PrvdrId><|
6575 0310 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 |/Id><Sts><VrsnNb|
6576 0320 3E 37 2E 31 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 |>7.1</VrsnNb></S|
6629
6630 After padding, the digest becomes:
6631 0000 64 3D BE 99 79 64 44 0D 87 E6 E3 EA 08 AC 6F 42 |d=..ydD.......oB|
6632 0010 F0 ED 45 84 4E F1 13 00 F5 1D 43 28 73 EB 3A DB |..E.N.....C(s.:.|
6633 0020 80 00 00 00 00 00 00 00 |........ |
6634
6635 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6636 we obtain the MAC of the StatusReport E9C98FA226CA1E4A and after conversion in base64
6637 "6cmPoibKHko=".
6638 0000 F7 A9 10 E2 44 4A 1C 2B E3 82 51 F2 57 F0 ED 59 |....DJ.+..Q.W..Y|
6639 0010 45 CD E7 29 D5 55 45 91 C4 3F 7B 21 3A 9C 02 4B |E..).UE..?{!:..K|
6640 0020 E9 C9 8F A2 26 CA 1E 4A |....&..J |
6641
6642
6643 The message sent by the transport protocol is:
6644 0000 00 00 09 3F 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | ?<?xml versio|
6645 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6646 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6647 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
6648 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
6649 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
6650 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
6651 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
6652 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
6653 0090 63 61 74 6D 2E 30 30 31 2E 30 30 31 2E 30 35 22 |catm.001.001.05"|
6654 00A0 3E 3C 53 74 73 52 70 74 3E 3C 48 64 72 3E 3C 44 |><StsRpt><Hdr><D|
6655 00B0 77 6E 6C 64 54 72 66 3E 66 61 6C 73 65 3C 2F 44 |wnldTrf>false</D|
6656 00C0 77 6E 6C 64 54 72 66 3E 3C 46 72 6D 74 56 72 73 |wnldTrf><FrmtVrs|
6657 00D0 6E 3E 35 2E 30 3C 2F 46 72 6D 74 56 72 73 6E 3E |n>5.0</FrmtVrsn>|
6658 00E0 3C 58 63 68 67 49 64 3E 35 35 31 3C 2F 58 63 68 |<XchgId>551</Xch|
6659 00F0 67 49 64 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |gId><CreDtTm>201|
6660 0100 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 |3-08-23T22:45:02|
6661 0110 2E 30 37 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.07+02:00</CreDt|
6662 0120 54 6D 3E 3C 49 6E 69 74 67 50 74 79 3E 3C 49 64 |Tm><InitgPty><Id|
6663 0130 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
6664 0140 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
6665 0150 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F 49 6E |>MTMG</Issr></In|
6666 0160 69 74 67 50 74 79 3E 3C 52 63 70 74 50 74 79 3E |itgPty><RcptPty>|
6667 0170 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 69 72 65 |<Id>epas-acquire|
6668 0180 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 |r-TM1</Id><Tp>MT|
6669 0190 4D 47 3C 2F 54 70 3E 3C 2F 52 63 70 74 50 74 79 |MG</Tp></RcptPty|
6670 01A0 3E 3C 2F 48 64 72 3E 3C 53 74 73 52 70 74 3E 3C |></Hdr><StsRpt><|
6671 01B0 50 4F 49 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 |POIId><Id>660000|
6672 01C0 30 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C |01</Id><Tp>OPOI<|
6673 01D0 2F 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F |/Tp><Issr>MTMG</|
6674 01E0 49 73 73 72 3E 3C 2F 50 4F 49 49 64 3E 3C 54 65 |Issr></POIId><Te|
6675 01F0 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
6676 0200 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
6677 0210 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
6678 0220 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
6679 0230 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|
6793
6800
6801 The ManagementPlanReplacement message body contains the action presented below:
6802
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 551
CreationDateTime 2013-08-23T23:45:03.95+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
ManagementPlan
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type ManagementPlan
CreationDateTime 2013-08-23T23:45:03.95+02:00
Content
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2013-08-24T22:45:00
Period 10000
MaximumNumber 0
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC F953790159FB9E35
6803
6804
6873 <KeyId>SpecV1TestKey</KeyId>
6874 <KeyVrsn>2010060715</KeyVrsn>
6875 <DerivtnId>OYclpQE=</DerivtnId>
6876 </KEKId>
6877 <KeyNcrptnAlgo>
6878 <Algo>DKP9</Algo>
6879 </KeyNcrptnAlgo>
6880 <NcrptdKey>4pAgABc=</NcrptdKey>
6881 </KEK>
6882 </Rcpt>
6883 <MACAlgo>
6884 <Algo>MCCS</Algo>
6885 </MACAlgo>
6886 <NcpsltdCntt>
6887 <CnttTp>DATA</CnttTp>
6888 </NcpsltdCntt>
6889 <MAC>+VN5AVn7njU=</MAC>
6890 </AuthntcdData>
6891 </SctyTrlr>
6892 </MgmtPlanRplcmnt>
6893 </Document>
6894
6895
6896 Once unnecessary spaces and carriage returns are removed, the message body MgmtPlan (without
6897 spaces or line breaks) is dumped below:
6898 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
6899 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
6900 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
6901 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
6902 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
6903 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 |grId><Id>epas-ac|
6904 0060 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C |quirer-TM1</Id><|
6905 0070 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 |Tp>MTMG</Tp></Te|
6906 0080 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 |rmnlMgrId><DataS|
6907 0090 65 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C |et><Id><Tp>MGTP<|
6908 00A0 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |/Tp><CreDtTm>201|
6909 00B0 33 2D 30 38 2D 32 33 54 32 33 3A 34 35 3A 30 33 |3-08-23T23:45:03|
6910 00C0 2E 39 35 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.95+02:00</CreDt|
6911 00D0 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 |Tm></Id><Cntt><A|
6912 00E0 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 |ctn><Tp>DWNL</Tp|
6913 00F0 3E 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E |><RmotAccs><Adr>|
6914 0100 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 |<NtwkTp>IPNW</Nt|
6915 0110 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 |wkTp><AdrVal>TM1|
6916 0120 2E 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 |.Test.EPASOrg.eu|
6917 0130 3A 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F |:5001</AdrVal></|
6918 0140 41 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C |Adr></RmotAccs><|
6919 0150 44 61 74 61 53 65 74 49 64 3E 3C 54 70 3E 4D 47 |DataSetId><Tp>MG|
6920 0160 54 50 3C 2F 54 70 3E 3C 2F 44 61 74 61 53 65 74 |TP</Tp></DataSet|
6921 0170 49 64 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F |Id><Trggr>DATE</|
6922 0180 54 72 67 67 72 3E 3C 52 65 54 72 79 3E 3C 44 65 |Trggr><ReTry><De|
6923 0190 6C 79 3E 31 30 3C 2F 44 65 6C 79 3E 3C 4D 61 78 |ly>10</Dely><Max|
6924 01A0 4E 62 3E 32 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 |Nb>2</MaxNb></Re|
6925 01B0 54 72 79 3E 3C 54 6D 43 6F 6E 64 3E 3C 53 74 61 |Try><TmCond><Sta|
6926 01C0 72 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 34 54 |rtTm>2013-08-24T|
6927 01D0 32 32 3A 34 35 3A 30 30 3C 2F 53 74 61 72 74 54 |22:45:00</StartT|
6928 01E0 6D 3E 3C 50 72 64 3E 31 30 30 30 30 3C 2F 50 72 |m><Prd>10000</Pr|
6929 01F0 64 3E 3C 4D 61 78 4E 62 3E 30 3C 2F 4D 61 78 4E |d><MaxNb>0</MaxN|
6930 0200 62 3E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 63 74 |b></TmCond></Act|
6931 0210 6E 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 |n></Cntt></DataS|
6932 0220 65 74 3E 3C 2F 4D 67 6D 74 50 6C 61 6E 3E |et></MgmtPlan> |
6933 The SHA-256 digest of the message body MgmtPlan is:
6934 0000 94 4B AC B6 48 23 A4 27 72 68 9E EE 82 78 7C BD |.K..H#.'rh...x|.|
6935 0010 3B 84 7A 2A 94 03 EF 7E 38 FA 7B 66 33 1E 92 5C |;.z*...~8.{f3..\|
6936 After padding, the digest becomes:
6937 0000 94 4B AC B6 48 23 A4 27 72 68 9E EE 82 78 7C BD |.K..H#.'rh...x|.|
6938 0010 3B 84 7A 2A 94 03 EF 7E 38 FA 7B 66 33 1E 92 5C |;.z*...~8.{f3..\|
6939 0020 80 00 00 00 00 00 00 00 |........ |
6940
6941 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6942 we obtain the MAC of the ManagementPlan F953790159FB9E35 and after conversion in base64
6943 "+VN5AVn7njU=".
6944 0000 E8 E9 31 74 3A B7 11 08 B8 3D 31 51 24 7F 5A 05 |..1t:....=1Q$.Z.|
6945 0010 C2 2A 5C B3 33 57 A4 78 47 C4 51 74 B3 24 40 A6 |.*\.3W.xG.Qt.$@.|
6946 0020 F9 53 79 01 59 FB 9E 35 |.Sy.Y..5 |
6947
6948
9 Message Examples Page 245
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017
7049
7050
7051 The base64 representation of the StatusReport message example (without transport protocol header –
7052 e.g. the 4 bytes of length with TCP) is:
7053
7054 0000 50 44 39 34 62 57 77 67 64 6D 56 79 63 32 6C 76 |PD94bWwgdmVyc2lv|
7055 0010 62 6A 30 69 4D 53 34 77 49 69 42 6C 62 6D 4E 76 |bj0iMS4wIiBlbmNv|
7056 0020 5A 47 6C 75 5A 7A 30 69 56 56 52 47 4C 54 67 69 |ZGluZz0iVVRGLTgi|
7057 0030 50 7A 34 38 52 47 39 6A 64 57 31 6C 62 6E 51 67 |Pz48RG9jdW1lbnQg|
7058 0040 65 47 31 73 62 6E 4D 36 65 48 4E 70 50 53 4A 6F |eG1sbnM6eHNpPSJo|
7059 0050 64 48 52 77 4F 69 38 76 64 33 64 33 4C 6E 63 7A |dHRwOi8vd3d3Lncz|
7060 0060 4C 6D 39 79 5A 79 38 79 4D 44 41 78 4C 31 68 4E |Lm9yZy8yMDAxL1hN|
7061 0070 54 46 4E 6A 61 47 56 74 59 53 31 70 62 6E 4E 30 |TFNjaGVtYS1pbnN0|
7062 0080 59 57 35 6A 5A 53 49 67 65 47 31 73 62 6E 4D 39 |YW5jZSIgeG1sbnM9|
7063 0090 49 6E 56 79 62 6A 70 70 63 32 38 36 63 33 52 6B |InVybjppc286c3Rk|
7064 00A0 4F 6D 6C 7A 62 7A 6F 79 4D 44 41 79 4D 6A 70 30 |OmlzbzoyMDAyMjp0|
7065 00B0 5A 57 4E 6F 4F 6E 68 7A 5A 44 70 6A 59 58 52 74 |ZWNoOnhzZDpjYXRt|
7066 00C0 4C 6A 41 77 4D 53 34 77 4D 44 45 75 4D 44 55 69 |LjAwMS4wMDEuMDUi|
7067 00D0 50 6A 78 54 64 48 4E 53 63 48 51 2B 50 45 68 6B |PjxTdHNScHQ+PEhk|
7068 00E0 63 6A 34 38 52 48 64 75 62 47 52 55 63 6D 59 2B |cj48RHdubGRUcmY+|
7069 00F0 5A 6D 46 73 63 32 55 38 4C 30 52 33 62 6D 78 6B |ZmFsc2U8L0R3bmxk|
7070 0100 56 48 4A 6D 50 6A 78 47 63 6D 31 30 56 6E 4A 7A |VHJmPjxGcm10VnJz|
7071 0110 62 6A 34 31 4C 6A 41 38 4C 30 5A 79 62 58 52 57 |bj41LjA8L0ZybXRW|
7072 0120 63 6E 4E 75 50 6A 78 59 59 32 68 6E 53 57 51 2B |cnNuPjxYY2hnSWQ+|
7073 0130 4E 54 51 35 50 43 39 59 59 32 68 6E 53 57 51 2B |NTQ5PC9YY2hnSWQ+|
7074 0140 50 45 4E 79 5A 55 52 30 56 47 30 2B 4D 6A 41 78 |PENyZUR0VG0+MjAx|
7075 0150 4D 79 30 77 4F 43 30 79 4D 31 51 79 4D 6A 6F 30 |My0wOC0yM1QyMjo0|
7076 0160 4E 54 6F 77 4D 43 34 77 4D 53 73 77 4D 6A 6F 77 |NTowMC4wMSswMjow|
7077 0170 4D 44 77 76 51 33 4A 6C 52 48 52 55 62 54 34 38 |MDwvQ3JlRHRUbT48|
7078 0180 53 57 35 70 64 47 64 51 64 48 6B 2B 50 45 6C 6B |SW5pdGdQdHk+PElk|
7079 0190 50 6A 59 32 4D 44 41 77 4D 44 41 78 50 43 39 4A |PjY2MDAwMDAxPC9J|
7080 01A0 5A 44 34 38 56 48 41 2B 54 31 42 50 53 54 77 76 |ZD48VHA+T1BPSTwv|
7081 01B0 56 48 41 2B 50 45 6C 7A 63 33 49 2B 54 56 52 4E |VHA+PElzc3I+TVRN|
7082 01C0 52 7A 77 76 53 58 4E 7A 63 6A 34 38 4C 30 6C 75 |RzwvSXNzcj48L0lu|
7083 01D0 61 58 52 6E 55 48 52 35 50 6A 78 53 59 33 42 30 |aXRnUHR5PjxSY3B0|
7084 01E0 55 48 52 35 50 6A 78 4A 5A 44 35 6C 63 47 46 7A |UHR5PjxJZD5lcGFz|
7085 01F0 4C 57 46 6A 63 58 56 70 63 6D 56 79 4C 56 52 4E |LWFjcXVpcmVyLVRN|
7086 0200 4D 54 77 76 53 57 51 2B 50 46 52 77 50 6B 31 55 |MTwvSWQ+PFRwPk1U|
7087 0210 54 55 63 38 4C 31 52 77 50 6A 77 76 55 6D 4E 77 |TUc8L1RwPjwvUmNw|
7088 0220 64 46 42 30 65 54 34 38 4C 30 68 6B 63 6A 34 38 |dFB0eT48L0hkcj48|
7089 0230 55 33 52 7A 55 6E 42 30 50 6A 78 51 54 30 6C 4A |U3RzUnB0PjxQT0lJ|
7090 0240 5A 44 34 38 53 57 51 2B 4E 6A 59 77 4D 44 41 77 |ZD48SWQ+NjYwMDAw|
7091 0250 4D 44 45 38 4C 30 6C 6B 50 6A 78 55 63 44 35 50 |MDE8L0lkPjxUcD5P|
7092 0260 55 45 39 4A 50 43 39 55 63 44 34 38 53 58 4E 7A |UE9JPC9UcD48SXNz|
7093 0270 63 6A 35 4E 56 45 31 48 50 43 39 4A 63 33 4E 79 |cj5NVE1HPC9Jc3Ny|
7094 0280 50 6A 77 76 55 45 39 4A 53 57 51 2B 50 46 52 6C |PjwvUE9JSWQ+PFRl|
7095 0290 63 6D 31 75 62 45 31 6E 63 6B 6C 6B 50 6A 78 4A |cm1ubE1ncklkPjxJ|
7096 02A0 5A 44 35 6C 63 47 46 7A 4C 57 46 6A 63 58 56 70 |ZD5lcGFzLWFjcXVp|
7097 02B0 63 6D 56 79 4C 56 52 4E 4D 54 77 76 53 57 51 2B |cmVyLVRNMTwvSWQ+|
7098 02C0 50 46 52 77 50 6B 31 55 54 55 63 38 4C 31 52 77 |PFRwPk1UTUc8L1Rw|
7099 02D0 50 6A 77 76 56 47 56 79 62 57 35 73 54 57 64 79 |PjwvVGVybW5sTWdy|
7100 02E0 53 57 51 2B 50 45 52 68 64 47 46 54 5A 58 51 2B |SWQ+PERhdGFTZXQ+|
7101 02F0 50 45 6C 6B 50 6A 78 55 63 44 35 54 56 46 4A 51 |PElkPjxUcD5TVFJQ|
7102 0300 50 43 39 55 63 44 34 38 51 33 4A 6C 52 48 52 55 |PC9UcD48Q3JlRHRU|
7103 0310 62 54 34 79 4D 44 45 7A 4C 54 41 34 4C 54 49 7A |bT4yMDEzLTA4LTIz|
7104 0320 56 44 49 79 4F 6A 51 31 4F 6A 41 77 4C 6A 41 78 |VDIyOjQ1OjAwLjAx|
7105 0330 4B 7A 41 79 4F 6A 41 77 50 43 39 44 63 6D 56 45 |KzAyOjAwPC9DcmVE|
7106 0340 64 46 52 74 50 6A 77 76 53 57 51 2B 50 45 4E 75 |dFRtPjwvSWQ+PENu|
7107 0350 64 48 51 2B 50 46 42 50 53 55 4E 77 59 6D 78 30 |dHQ+PFBPSUNwYmx0|
7108 0360 61 57 56 7A 50 6A 78 44 59 58 4A 6B 55 6D 52 75 |aWVzPjxDYXJkUmRu|
7109 0370 5A 30 4E 77 59 6D 78 30 61 57 56 7A 50 6B 4E 4A |Z0NwYmx0aWVzPkNJ|
7110 0380 51 30 4D 38 4C 30 4E 68 63 6D 52 53 5A 47 35 6E |Q0M8L0NhcmRSZG5n|
7111 0390 51 33 42 69 62 48 52 70 5A 58 4D 2B 50 45 4E 68 |Q3BibHRpZXM+PENh|
7112 03A0 63 6D 52 53 5A 47 35 6E 51 33 42 69 62 48 52 70 |cmRSZG5nQ3BibHRp|
7113 03B0 5A 58 4D 2B 54 55 64 54 56 44 77 76 51 32 46 79 |ZXM+TUdTVDwvQ2Fy|
7114 03C0 5A 46 4A 6B 62 6D 64 44 63 47 4A 73 64 47 6C 6C |ZFJkbmdDcGJsdGll|
7115 03D0 63 7A 34 38 4C 31 42 50 53 55 4E 77 59 6D 78 30 |cz48L1BPSUNwYmx0|
7116 03E0 61 57 56 7A 50 6A 78 51 54 30 6C 44 62 58 42 75 |aWVzPjxQT0lDbXBu|
7117 03F0 64 44 34 38 56 48 41 2B 55 30 56 53 56 6A 77 76 |dD48VHA+U0VSVjwv|
7118 0400 56 48 41 2B 50 45 6C 6B 50 6A 78 4A 64 47 31 4F |VHA+PElkPjxJdG1O|
7560 1. The StatusReport as request for AcceptorConfigurationUpdate containing the new acquirer
7561 parameters.
7562 2. The StatusReport as request for a new management plan.
7563 If the trigger of the first action is reached the POI sends the StatusReport and receives the new acquirer
7564 parameters in the response. Afterwards the POI sends a StatusReport as request message with the
7565 result of the parameter update and gets back the new management plan in the response.
7566
7567
7568
POI MTM
POI initiates terminal StatusReport
1
management
2
lan Replacement
ManagementP
StatusReport
3
4
rationU pdate
AcceptorConfigu
StatusReport
5
6
lan Replacement
ManagementP
7569
7570 Figure 16: TMS messages transferred as message exchanges
7571
7642 3. The upload of the StatusReport to one TM for sending the status of the new parameters.
7643 4. The download of the management plan of the TM after a period.
7644 If the trigger of the first action is reached the POI downloads several files containing new acquirer
7645 parameters. Afterwards the POI uploads a StatusReport to the MTM with the result of the download
7646 including the actual version of the acquirer parameter set.
7647 If the trigger of the third action is reached the POI establishes a FTP session with the TM, uploads a
7648 StatusReport and downloads a management plan generated by the TM. The management plan of the TM
7649 contains a list of actions to be performed:
7650 1. The download of several AcceptorConfigurationUpdate files (illustrated as loop of actions)
7651 containing new acquirer parameters. The acceptor parameters issued by the Acquirer are
7652 identified by their file name in the definition of the TMS action.
7653 2. The upload of the StatusReport to the TM for sending the status of the new parameters.
POI MTM TM
POI initiates terminal StatusReport
1
management session
2
lan Replacement
ManagementP
Loop (1,*) 1
rationUpdate
AcceptorConfigu
StatusReport
3
Loop (1,*) 1
te
AcceptorConfigurationUpda
StatusReport
6
7654
7655
7656
7657 Figure 17: TMS messages transferred as files
7658
7704 exist. If neither the default management plan nor the specific one exists the POI logs the error in the
7705 log of Event with the Result "MissingFile".
7706 3. The POI checks the optional signature of the received message.
7707 4. The POI checks whether the dataset category present in the Type in the identification corresponds to
7708 the type of file name.
7709 5. The POI stores the version of the management plan in the log of Event.
7710 6. CreationDate is used to identify the management plan.
7711 7. SequenceCounter is used by the TMS to identify all dataset structures with the same CreationDate. It
7712 is used if the dataset is split into several files. SequenceCounter starts with `1`. The last dataset of
7713 the series is identified by the maximum value of the SequenceCounter `9999`.
7714 8. Subsequently the list of Action is analysed.
7715 The actions are analysed for correctness
7716 The presence of mandatory data elements is checked
7717 All existing data elements have to be correctly formatted.
7718 The validation of the files is performed according to section 3.2 but the data element
7719 Identification.Name must exist for each download.
7720
AcquirerParameters
2 version expired
AcceptorAuthorisationResponse
TMS Trigger sent
StatusReport
3
4
acement
ManagementPlanRepl
StatusReport
( If defined 1
as final
2
action ) acement
ManagementPlanRepl
7753
7754
7755
7756 Figure 18: TMS messages transferred as both messages and file
7757
7771
7772
FTP Client
User-FTP Process
User
User Interface
FTP Server
Server-FTP Process
7798
7799 Figure 19: The FTP Model
7800
7803 The User Interface, which provides an interface to the application protocol. An interface to a human user
7804 is not required.
7805 The User Protocol Interpreter (User-PI), which manages the control connection. After the establishment of
7806 the connection, it processes the command requested by the User Interface and send them to the Server
7807 Protocol Interpreter. In addition, it manages the User Data Transfer Process.
7808 The User Data Transfer Process (User-DTP), which establishes or listens to the data connection at the
7809 request of the User Protocol Interpreter. It sends or receive data using the local file transfer where is
7810 implanted the User-FTP Process.
7811
UserRoot
/
Acqu TMS
7895 If there is no file with an acceptable sequence number the POI looks for a file with the default
7896 sequence number that can be downloaded instead of.
7897 Therefore the default value for the SequenceNumber is used to synchronise the sequence
7898 numbers present in the POI and TMS (This means that the default sequence number must reset
7899 the sequence number to "00…00"). If the maximum number is reached the TMS system resets
7900 the sequence number also with the default value.
7901
7902 The following example illustrates the naming convention for a sequence of files if always the default name
7903 for the Management Plan is used:
7904
7905 Download first Management Plan MP000000 containing the Cyclic Call with two TMS actions:
7906 o Upload StatusReport and
7907 o Download Management Plan MP000000 (StartTime plus Period defined).
7908 For a foreseen download of a parameter set the TMS server generates a new Management Plan
7909 MP000000 containing three actions:
7910 1. Upload StatusReport
7911 2. Download Acceptor configuration PA000001
7912 3. Download new Management Plan MP00000 containing only the default actions Upload
7913 StatusReport and Download Management Plan MP000000
7914 For the next download of a new parameter set the TMS server generates a new Management
7915 Plan MP000000 containing three actions:
7916 1. Upload StatusReport
7917 2. Download parameter set PA000002
7918 3. Download new Management Plan MP00000 containing only the default actions Upload
7919 StatusReport and Download Management Plan MP000000
7920