0% found this document useful (0 votes)

9 views10 pages

Data Exchange Guide v1.1

The Data Exchange Guide serves as a reference for Merchants integrated with the CSC platform, detailing the processes for data exchange related to reconciliation and reporting. It emphasizes the need for standardized formats for Delivery and Acknowledgement files, secure data transfer via SFTP, and the importance of encryption for data security. The document outlines the necessary specifications and procedures for effective data exchange between CSC SPV and Merchants.

Uploaded by

csctechteam0

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

9 views10 pages

Data Exchange Guide v1.1

Uploaded by

csctechteam0

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 10

Data Exchange April 25

Guide 2016
The document acts as a guide for Merchants integrated with the
CSC platform and should be used as a reference document for
understanding the usage and process for exchange of data towards User Guide
reconciliation and reporting.
Data Exchange Guide 2016

Table of Contents

Introduction ............................................................................................................................... 3
Summary .................................................................................................................................... 3
Data Security .............................................................................................................................. 4
Encryption Process and Flow ..................................................................................................... 4
Public and Private Keys .......................................................................................................... 4
Public Key Authentication ...................................................................................................... 5
Definitions .................................................................................................................................. 6
Data Exchange Format & Frequency ......................................................................................... 7
ANNEXURE I - IP White Listing Form .......................................................................................... 8
ANNEXURE II – Data Delivery File .............................................................................................. 9
ANNEXURE III – Acknowledgement Return File....................................................................... 10

Introduction

CSC e-Governance Services India Limited is a Special Purpose Vehicle (CSC SPV) incorporated
under the Companies Act, 1956 by the Department of Electronics and Information Technology
(DeitY), Government of India, to monitor the implementation of the Common Service Center
Scheme. CSC SPV is connecting local population with the Government departments, banks, and
insurance companies and with various service providers in private sector using IT-Enabled
network of citizen service points.

Summary

As we are growing in terms of number of services and customers with quality of service
provided, CSC SPV is planning to redesign the process of data exchange with its service
providers to streamline the process of sharing daily MIS. For better and effective integration of
services, there should be a standardized format for the Merchant’s Delivery file and
Acknowledgement file shared by CSC SPV. This implementation will establish an automated
data exchange mechanism between CSC SPV and Merchant for better delivery of services and
integration.

This document for transactional data exchange covers Delivery File data exchange format,
Acknowledgement Return File data exchange format and IP White Listing Form. Merchant
should ensure field names of delivery file and acknowledgement return file for facilitating
smoother data exchanges. Merchant needs to provide Server Path with Protocol, Server IP and
Port to secure an efficient data exchange implementation. This implementation will minimize
the chances in mismatch of transactional data and would help to further automate the process.

To be considered valid, the data exchange format must be confirmed and signed by merchant.

Data Security

Data Security is a big challenge in today’s cyber world. With the Internet continually growing,
the threat to data travelling over the network increases exponentially. In the current business
environment of increased security regulations as well as heightened security threats by hackers,
secure file transfer has become extremely important and necessary.

In lieu of above, CSC e-Governance Services India Limited allows the option to use encryption in
data exchange implementation as per Encryption Standards.

To ensure end to end data encryption the data is exchanged through SFTP (Secure File Transfer
Protocol). SFTP is based on Secure Shell and automatically applies multiple layers of protection
to the data in transit from eavesdropping attacks.

SFTP securely transfer data—usernames, passwords, and file contents and enables bidirectional
secure data transfer using one port.

Encryption Process and Flow

SFTP is a network protocol that facilitates file transfer, access and management over a reliable
data stream. It is a secure binary, packet based protocol in which the client and server
communicate with each other in the form of packets.

When a client attempts to establish a connection via SFTP there are two layers that come into
play, these are the Transport & Authentication layers. The Transport Layer handles initial key
exchange, server authentication, determines what encryption algorithm to use, decides whether
to employ compression & performs integrity verification. The Authentication Layer handles
client authentication and employs a number of methods to accomplish this including password
and public-key cryptography.

Public and Private Keys

Authentication and encryption use digital codes called "keys" - a public and a private key. The
public key is used to encrypt messages, and the corresponding private key is used to decrypt
them. It is important to note, however, that despite their symbiotic association, it is virtually
impossible to infer the private key if you know the public key.

The public key has two major functions: validation and data encryption. As its name suggests,
the public key is openly published to any party requesting one of these two functions.

The private key on the other hand, is necessary for decrypting the data encrypted by the
associated party. Unlike the public key, this key is closely guarded.

Public Key Authentication

Public-key authentication consists of public-private key pair. The public key is installed on the
server and the private key resides with the user. Messages are encrypted using the recipient’s
public key and can only be decrypted with the associated private key. Note that it is near
impossible to derive the private key using the corresponding public key therefore the security
of the public key authentication mechanism depends largely on the safe keeping of the private
key by the user; if it is lost the user account can be compromised.

The encryption used in data exchange mechanism is as shown in the figure below:

Figure 1, Public Key Authentication

As described in Figure 1, the same process will be carried out in our data exchange process
through SFTP. As stated in the figure, Merchant will encrypt the Data Delivery Files with the
public key of CSC and in return CSC will decrypt the files using its private key.

For acknowledgement Return File, CSC would encrypt the Data File with the Merchant’s public
key and in turn Merchant would decrypt the same file with the help of its private key.

Definitions

CSC SPV CSC e-Governance Services India Limited

A Government Body/Organization/Company/Agency/Person which

has agreement with CSC SPV to deal and provide various goods and
Merchant
services to Indian citizens using CSC SPV IT-enabled access points
across India

Transaction report provided by Merchant with standard file name as

Delivery File
per specifications

Acknowledgement Return Transaction report acknowledged by CSC SPV with standard file name
File as per specifications

Merchant ID/Code Unique Merchant ID/Code assigned by CSC SPV platform

Unique Transaction ID generated on Merchant platform (common for

Merchant Transaction ID
both Delivery File and Acknowledgement Return File)

Unique Transaction ID generated on CSC SPV platform (Common for

CSC Transaction ID
both files)

Product ID ID of the product assigned by Merchant platform

Merchant Transaction
Transaction Date and Time generated on Merchant platform
Date & Time

Amount Transaction Amount (Common for both files)

CSC User ID/ VLE ID Unique ID of Village Level Entrepreneur generated by CSC SPV

Merchant Transaction Processing Status of transaction on Merchant platform

Status (S-Success, F-Fail, R-Reject)

Merchant Receipt Number Receipt No. of Merchant for Transaction

Description Details of Product, Type of transaction-Sale, Reversal etc.

VLE Village Level Entrepreneur

Reconciliation Processing Status by CSC SPV

Reconciliation Status
(S-Success, F-Fail, R-Reject)

Reason (Optional) Reason in case of failure and reject case. For success append NA

Additional Information 1 Additional data provided by Merchant (separated by ;)

Additional Information 2 Additional data provided by Merchant (separated by ;)

Data Exchange Format & Frequency

For standardization, the data exchange between CSC SPV and Merchant should adhere to a
common and uniform format to enable seamless exchange of data and facilitate automated
reconciliation of the transaction data.

The frequency of data exchange should be highlighted by the Merchant in Annexure I. Merchant
should also indicate about the encryption enablement.

The SFTP folder would be organized as shown in Figure 2, SFTP Server Snapshot.

Figure 2, SFTP Server Snapshot

1. The inbox directory would be the location where the acknowledgement return file
would be stored. Merchant will have only read access in the folder. This will enable the
Merchant to download Acknowledgement Files as on when needed.
2. The outbox directory would be the default location to upload the delivery files.
Merchant will have read/write access in the folder.
3. The readme.txt file will contain the details of the Merchant i.e Merchant ID, Merchant
Name and Creation Date of account.

ANNEXURE I - IP White Listing Form

This form has to be filled by the Merchant for white listing the IP of Merchant on the CSC SPV
Server.

Please fill out the form and send a signed and scanned copy to [email protected] /
[email protected]

CONTACT DETAILS

Merchant Name

Contact Person

Designation
Mobile Number
E-mail

Landline Number

DATA SPECIFICATIONS
Frequency [ ] Hourly [ ] Daily [ ] Weekly [ ] Monthly

Encryption [ ] Yes [ ] No

Keys To be generated on CSC bridge Portal

SERVER DETAILS
IP Address

Port

File Path on Server

Username To be shared separately
Password To be shared separately

(Signature and Seal)

ANNEXURE II – Data Delivery File

The delivery file has to be shared by the Merchant in below mentioned specified format where
the data should be pipe delimited (|). The delivery file should has to be pushed to the outbox
directory of the CSC SPV SFTP location.

File Name: ZZZZZ _YYYYMMDD_ SNO_D.dat

ZZZZZ Merchant ID/Code

YYYYMMDD File generation year, month and date
SNO Running serial number, three digit
D Indicator for file type (D – for delivery files)

Parameter List
S. No. Parameter Name TYPE Parameter Description
1. Merchant ID/Code VARCHAR (5) Unique code assigned by CSC SPV to the
Merchant.
2. Merchant Transaction ID VARCHAR (64) Unique Transaction ID generated on
Merchant platform for each transaction
3. CSC Transaction ID VARCHAR (24) Unique Transaction No. generated on
CSC SPV platform assigned to each
merchant transaction
4. Product ID VARCHAR (12) ID of the product assigned by Merchant
platform
5. Merchant Transaction Date & DATETIME YYYY-MM-DD HH:MM:SS
Time Transaction date from Merchant
platform
6. Date Format VARCHAR (20) Specify the date format whether YYYY-
MM-DD HH:MM:SS or any other format
7. Amount DOUBLE (8,2) Transaction Amount
8. CSC User ID VARCHAR (50) Name/Receipt No/Other Detail for
particular consumer
9. Merchant Transaction Status CHAR(1) Processing status
(S-Success, F- Fail ,R-Reject)
10. Merchant Receipt Number VARCHAR (50) Request ID of Merchant for Transaction

11. Additional Information 1 VARCHAR (50) Additional data provided by Merchant

(separated by ‘;’)
12. Additional Information 2 VARCHAR (50) Additional data provided by Merchant
(separated by ‘;’)

Delivery file data format

S.No.1|S.No.2|S.No.3|…….|S.No.12

Note:
 The serial numbers in sample data Format refers to the S. No. in the Parameter List table.
 It is mandatory to store the file with the name as specified in the format.

ANNEXURE III – Acknowledgement Return File

The acknowledgement return file will be shared by CSC SPV with the Merchant, in a pipe
delimited text file. This file will be uploaded by CSC SPV and can be seen and downloaded from
the inbox directory of the SFTP location.

File Name: ZZZZZ_YYYYMMDD_ SNO_R.dat

Server Directory Path: /home/ZZZZZ/inbox

ZZZZZ Merchant ID/Code

YYYYMMDD File generation year, month and date
SNO Running serial number, three digit
R Indicator for File type (R – for return files)

Request Parameters

S.NO. Parameter Name TYPE Parameter Description

1. Merchant Transaction ID VARCHAR (64) Transaction ID generated on
Merchant platform with
YYYY-MM-DD HH:MM:SS
2. Product ID VARCHAR (12) ID of the product assigned by
Merchant platform
3. Amount DOUBLE (8,2) Transaction Amount
4. CSC User ID VARCHAR (11) Name/Receipt No/Other Detail for
particular consumer
5. CSC Transaction ID VARCHAR (24) Unique Transaction No. generated on
CSC SPV platform assigned to each
merchant transaction
6. CSC Transaction Date & DATETIME YYYY-MM-DD HH:MM:SS
Time Transaction date from CSC SPV
platform
7. Reconciliation Status CHAR (1) Processing status by CSC SPV
(S-Success, F- Fail ,R-Reject)
8. Reason(Optional) VARCHAR (50) Reason in case of failure and reject
case, for success append NA

Acknowledgement file data format

ZZZZZ| S.No.1|S.No.2|…….|S.No.8

Note:

 The serial numbers in sample data Format refers to the S. No. in the above table.
 It is mandatory to store the file with the name as specified in the format.