Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

RESERVE BANK INFORMATION AND TRANSFER SYSTEM Technical and

advertisement 
RESERVE BANK INFORMATION AND
TRANSFER SYSTEM
Technical and
Operational
Frequently Asked
Questions
April 2006
Technical and Operational FAQs
RITS
1
Introduction ....................................................................................................... 1
1.1
Background ............................................................................................. 1
1.2
Phased Introduction .................................................................................. 1
1.3
Document audience and purpose ................................................................ 1
2
Technical Requirements ..................................................................................... 2
2.1
Minimum PC system requirements .............................................................. 2
2.2
Software required to access RITS................................................................ 2
2.3
What if I accidentally download a newer version of JRE?................................. 3
2.4
Browser security permissions ..................................................................... 3
2.5
Check your set up with the Testcard............................................................ 4
2.6
Can I access RITS via thin client installations? .............................................. 4
2.7
Login to RITS ........................................................................................... 4
3
Connection to RITS............................................................................................. 6
3.1
How do I access the new RITS User Interface?.............................................. 6
3.2
Can we continue using our existing Austraclear leased line? ............................ 6
3.3
We currently connect via dial-up modem...................................................... 6
3.4
Can we continue to use a dial-up connection? ............................................... 6
3.5
What sort of response times should I expect? ............................................... 7
3.6
I am getting slow response times. What could be the cause? ......................... 7
3.7
Will access to RITS be available via the Internet? .......................................... 7
4
Secure
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
Access to RITS ........................................................................................ 8
How will the new interface affect the system’s security? ................................. 8
How will access to RITS change?................................................................. 8
What is the “DN” or Distinguished Name of a RITS Certificate? ........................ 8
What is a RITS Token? .............................................................................. 8
How do I get a RITS digital certificate and access to RITS? ............................. 9
Can I have more than one logon? ............................................................. 10
How do I get a certificate with no Internet or external email access?.............. 10
Will Test Certificates be issued for access to RITS Pre-Production? ................. 11
Can I store my RITS digital certificate on my PC? ........................................ 11
Can the token store my Austraclear certificate?........................................... 11
Can copies of users’ RITS certificates be stored for business resumption
purposes?.............................................................................................. 12
I have lost/damaged my token; can I still access RITS? ............................... 12
Can I share a token with another user?...................................................... 12
Can more than one token be used on a single PC at the same time? .............. 12
How often do I have to renew my certificate? ............................................. 12
I have forgotten my Token Codeword?....................................................... 12
I have lost my token ............................................................................... 12
I left my token at home, can I still access RITS? ......................................... 12
Do I have to take my token with me if I leave my PC to get a cup of coffee or go
to lunch? ............................................................................................... 13
If I insert my token when the PC is locked I am asked to enter a PIN. ............ 13
Do I have to enter my token codeword each time I authorise a payment?....... 13
How do I remove certificates from my token? ............................................. 13
Can I re-use a token for a new user? ......................................................... 13
What should I do if someone is going on extended leave, and a new person is
filling in? ............................................................................................... 13
What should I do when someone leaves the organisation or no longer requires
access to RITS? ...................................................................................... 13
Can I remove my token from my PC once I’ve logged on to RITS? ................. 13
Do I have to re-enter my RITS password and my token PIN when my RITS
session times out? .................................................................................. 14
What happens if someone accesses my RITS session while I’m away from my PC
and authorises a payment that settles?? .................................................... 14
Technical and Operational FAQs
RITS
4.29
4.30
I can’t login even though there has been no change in my login details since my
last login. .............................................................................................. 14
I can’t login to RITS from someone else’s PC. ............................................. 14
5
RITS Functionality ............................................................................................ 15
5.1
Are there any other system changes to RITS?............................................. 15
5.2
Can my password administrator still do the same things? ............................. 15
5.3
How do I get a new user set up?............................................................... 15
5.4
How can a user’s profile be changed? ........................................................ 15
5.5
Is there any change to the Disaster Recovery arrangements for RITS of which I
need to be aware? .................................................................................. 15
5.6
More information on RITS functionality. ..................................................... 16
5.7
Will we have access to the same branches? ................................................ 16
6
Migration .......................................................................................................... 17
6.1
When do we move to the new System?...................................................... 17
6.2
When will the new Interface be available? .................................................. 17
6.3
What are the arrangements for a testing period?......................................... 17
6.4
Can I logon via both old and new interfaces? .............................................. 17
6.5
How do members migrate? ...................................................................... 17
Technical and Operational FAQs
RITS
Introduction
1 INTRODUCTION
1.1 Background
Banks and other Exchange Settlement Account Holders use the Reserve Bank Information and
Transfer System (RITS) to monitor and manage credit and liquidity arising from their interbank
settlement activities. The RITS User Interface Project will redevelop the user interface for
online (terminal) access to RITS. In doing so, the system architecture of RITS is being
changed significantly to include web and application servers, and improved security via a
Public Key Infrastructure utilising digital certificates contained on USB port security tokens.
The ability to access RITS via the Internet will also be introduced.
1.2 Phased Introduction
The new interface is being delivered in two phases:
•
Phase 1 functionality includes the functions for the management of queued
transactions; enquiries on settled payments, transactions and cash accounts; cash
transfers; new batch functionality; member administration (user roles, passwords, etc);
and messages.
•
Phase 2 functionality includes SWIFT AIF message enquiry; evening agreement
functionality; unsolicited advice management; access to reports and downloads
(although phase 1 includes enhanced print and download functionality in each
function); more member administration; and system information functions.
1.3 Document audience and purpose
This document is for the information of all RITS Members. Given the significant change to the
RITS user interface and the required use of a digital certificate on a USB port security token,
with its ancillary desktop software, this document seeks to assist members in their enquiries
using the ‘Frequently Asked Questions’ approach. Clarifications or further questions about the
new RITS user interface may be directed to the RITS Help Desk on 1800 659 360 or to
rits@rba.gov.au.
April
2006
1
Technical and Operational FAQs
RITS
Technical requirements
2 TECHNICAL REQUIREMENTS
2.1 Minimum PC system requirements
The minimum system requirements to access the RITS User Interface currently are:
•
Pentium 4
•
Windows 2000 (Service Pack 4) or Windows XP (Service Pack 1 or Service Pack 2)
•
512MB minimum memory
•
Screen resolution 1024 x 768
•
USB port
1
These requirements may change over time. See the Technical Information Paper for more
details.
2.2 Software required to access RITS
The following software required to access RITS is available from the RITS Help Desk on CD
with installation scripts or wizards. The software is also available from the internet.
Software name
Details
Sun Java Runtime Environment
(JRE) v1.4.2
RITS requires JRE v1.4.2 and is not currently certified to work with
JRE v1.5/5.0. If necessary, because of the requirements of other
non-RITS applications, different versions of the JRE can co-exist on
the one PC. JRA is approximately 15 megabytes.
Java cryptographic toolkit
This software includes DLLs for interfacing with the RITS Token
drivers. This is approximately 2 megabytes.
Safenet driver for RITS Token.
This will contain drivers and token/certificate management functions.
This is up to 14 megabytes.
Applet download
At first use, RITS performs an applet download of approximately
200 kilobytes. This may re-occur periodically at application
upgrades.
Internet Explorer 6 is the required browser software.
Each Member will be responsible for the deployment of this software to appropriate RITS user
PCs. More technical information may be found in the Technical Information Paper.
1
Microsoft support for XP Service Pack 1 ends 17 September 2006. It is likely that the RBA will withdraw RITS
support for it at the same time.
April
2006
2
Technical and Operational FAQs
RITS
Technical requirements
2.3 What if I accidentally download a newer version of JRE?
Accidentally downloading a newer version of Java Runtime Environment can happen because
of the temptation to act on a popup prompt from the vendor. RITS may not work with newer
versions of JRE. If the wrong version is loaded, the member’s technical staff will need to
remove the later version and re-install the version specified for RITS.
To determine if the incorrect version is installed the user can run the Testcard (see 2.5 below).
Contact the RITS Help Desk if problems are still encountered.
2.4 Browser security settings
Member browser permissions on user PCs should permit:
Javascript;
Signed Applets; and
Session Cookies.
The following settings should be enabled in the Security tab in Internet Explorer
Tools/Options:
ActiveX controls and plug-ins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Downloads
File download
Scripting
Active scripting
Members may wish to establish these settings in the “Trusted Sites” zone and add RITS as a
Trusted Site. Different settings could then be established for other zones, allowing, for
example, higher security settings for general internet browsing. The status of other Security
settings should not impact RITS functionality.
Privacy settings must allow RITS UI to use session cookies. For further information on this
setting, members should refer to their own IT security officers.
April
2006
3
Technical and Operational FAQs
RITS
Technical requirements
2.5 Browser - advanced Settings
On the Advanced tab in Internet Options, Use Java 2 v1.4.2_10 for <applet> (requires
restart) must be enabled. 2
Tests performed at the RBA using a Microsoft ISA Proxy server showed a significant
system performance benefit when Use HTTP 1.1 and Use HTTP 1.1 through proxy
connections settings were both enabled. Members should assess whether this is helpful in
their own environment.
2.6 Pop-ups
Popup blockers such as the one included in the Windows XP Service Pack 2 update (found
under Tools->Popup Blocker in Internet Explorer), and third party popup blockers such as
Google Toolbar can interfere with the RITS UI login process, and may also interfere with
other RITS screens.
Most packages allow popup blocking to be disabled for specific sites. However due to the
wide variety of blocking software available, the RBA cannot provide specific instructions
for doing this for every package available. If you encounter errors such as the ones in
Appendix 3, and you have ensured your settings comply with those in this guide, please
ensure that popup blocking is not active for the RITS RBA website. If that does not work,
try disabling all popup blocking software. See your system administrator if you require
further assistance with this. If no popup blocking software is active and your software is
configured as indicated in this guide, then contact the RITS help desk.
2.7 Check your set up with the Testcard
A Testcard has been developed which, when run, will verify that the mandatory software and
environment requirements are in place to access RITS. This is available on CD from the RITS
Help Desk, via a link from the RITS Logon screen and via the internet. This should prove a
useful tool allowing members to target and fix any setup problems.
See the Guide to Connectivity Testing for more information.
2.8 Can I access RITS via thin client installations?
The Reserve Bank is not intending to provide Member support for thin client installations such
as Citrix and Windows Terminal Server. A number of issues arise, including the need to ensure
that the client/server connection is encrypted to preserve the integrity of the signing and the
privacy of each user’s Token Codeword (RITS Tokens may not be shared). Refer to the
Technical Information Paper, for further details.
2.9 Login to RITS
When accessing RITS via the SFE Network (ANNI) or via the Internet, each user will require a
desktop shortcut/link and/or entry in Favourites containing the RITS Launch Page.
2
The exact version referred to in this option changes to reflect the local installation.
April
2006
4
Technical and Operational FAQs
RITS
Technical requirements
This Launch Page will enable access to both Production and Pre-Production systems. The link
will find the active RITS system regardless of where it is operating (eg, primary site or backup
site).
See the next chapter for more information on connectivity to RITS.
April
2006
5
Technical and Operational FAQs
RITS
Connection to RITS
3 CONNECTION TO RITS
3.1 How do I access the new RITS User Interface?
Network access to RITS will be available by:
•
SFE Network (ANNI) as now.
connection to RITS; and
Leased line only; no internet access for the main
•
Internet. This new access method replaces dial-up and is available for use by
members under certain conditions Refer to Information Paper #3 for more details.
As noted in section 2.7, for one or both of the network options, members’ technical staff will
need to provide each RITS user with a desktop link/favourites to the RITS Launch Page.
Members accessing RITS via the Internet will use a web address that resolves to a public
Internet IP using DNS.
Members accessing RITS via the SFE Network (ANNI) will use a web address that corresponds
to one of the following:
•
a name that is resolved to the IP address of the RITS server by the Member’s internal
DNS (or use of SFE’s ANNI DNS service if appropriate) or alternative name resolution
mechanism such as host files; or
•
a name that is resolved to a private IP address by the Member’s internal DNS or
alternative name resolution mechanism, and subsequently converted to the target
server address by Network Address Translation (NAT).
3.2 Can we continue using our existing Austraclear leased line?
Yes, access to RITS under the new interface will continue across the SFE Network (ANNI).
Some bandwidth upgrades are underway. It is encouraged you continue with your leased line
connection. Refer to Information Paper #3 for more details.
3.3 We currently connect via dial-up modem
The Reserve Bank has decided to provide access to the new RITS user interface via the
Internet instead of the dial-up connections that are mainly used by small institutions. Use of
the Internet will involve strict security controls, and will be subject to certain restrictions,
particularly for institutions that may use it as their only means of connecting to RITS. Dial up
access will remain available until migration to the new interface is complete for all members.
3.4 Can we continue to use a dial-up connection?
A dial-up connection will not work when accessing the new RITS user interface. You should
plan access via the SFE network or via the Internet. Rollout of access to the new RITS user
interface is planned from mid-2006. Dial up access to the old RITS interface will continue to
be provided until all functionality is migrated to the new interface.
April
2006
6
Technical and Operational FAQs
RITS
3.5 What sort of response times should I expect?
Connection to RITS
On average, response times should be in the range of 3 to 5 seconds. Response times will
vary based on other activity within your internal network, your PC configuration, other activity
on your PC and your network connection to RITS (which is shared with Austraclear). For
example, if other users within your organisation are logging onto the Austraclear system, then
you should expect some slower than normal response times on RITS. Similarly, if there are a
larger than normal number of users accessing both RITS and Austraclear, this may cause
congestion on the network, and impact on response times.
3.6 I am getting slow response times. What could be the cause?
There are a couple of things you should check before contacting the RITS Help Desk:
•
Do you have the recommended Internet Proxy settings within Internet Explorer? Refer
Section 2.4 and 2.5.
•
Is there something running on your PC that is slowing it down?
•
Are there other users logging onto the Austraclear system at the time that you are
running slow?
•
Are other internal applications running slower than normal?
3.7 Will access to RITS be available via the Internet?
Yes. However, for large and medium sized organisations the current SFE Network (ANNI)
access must be used for RITS Production access to the Primary and Secondary Sites. Internet
access may be used by these members in a contingency, including for access from outside the
office or at home.
April
2006
7
Technical and Operational FAQs
RITS
Secure access
4 SECURE ACCESS TO RITS
4.1 How will the new interface affect the system’s security?
The RBA has decided to introduce digital certificates to enhance the security of RITS in line
with best practice overseas and domestically. For the protection of RITS Members and the
RBA, and consistent with the critical importance of RITS to the financial system, the use of
digital certificates stored in hardware will provide an extremely strong level of user
authentication, transaction integrity and improved protection from repudiation. Confidentiality
of all information in transit between the RBA and RITS users will be ensured through the use of
SSL technology.
4.2 How will access to RITS change?
In the old RITS interface, users entered a company logon and password, and a personal logon
and password. To access RITS in the new user interface, users will:
•
Insert their personal RITS Token into the USB port of their PC;
•
Select the desktop link or Favourite to RITS and enter their personal logon and
password;
•
Select their RITS Certificate stored on the RITS Token and enter the Token Codeword,
known only to the user.
If all is correct, access will be made available.
4.3 What is the “DN” or Distinguished Name of a RITS Certificate?
The Distinguished Name of a RITS Certificate uniquely describes each RITS user by the
following features:
•
First Name;
•
Last Name;
•
Email address; and
•
Australian Business Number of the member.
4.4 What is a RITS Token?
The RITS Token is a SafeNet Rainbow ikey 2032 security token. It is an EAL2
government rated security device that performs cryptographic functions such as
public key pair generation, digital signature generation, unwrapping of session
encryption keys, user authentication, symmetric encryption/decryption and
on-line authentication (mutual challenge/response).
The iKey 2032 generates the private/public key pairs on the token, and allows
the import of an existing digital ID onto the token eg an SFE Certificate.
However, the token does not release the private key or allow it to be exported
for external cryptographic operations, and it cannot be viewed.
April
2006
8
Technical and Operational FAQs
RITS
Secure access
In the model of ‘something you have and something you know’, the token represents
‘something the user has’. Users should:
•
keep their RITS token in their possession and/or secure at all times; and
•
keep secret the Token Codeword used to access the certificate/s on the token, and not
disclose the token codeword to anybody else, or write the Token Codeword.
4.5 How do I get a RITS digital certificate and access to RITS?
The following activities are undertaken to set up a RITS user:
•
Request access: Members must set out each user’s details in a User Access Request
Form signed by RITS Authorised Signatories, and provide it to the RITS Help Desk.
•
Format token:
Obtained from the RITS Help Desk, the member’s RITS
Password/Certificate Administrator will provide the user with a RITS Token. The user
must format their token to prepare it for use with RITS, and to set a Token Codeword
known only to them. Insert the token into the USB port of the PC and access “Token
Administration” at the RITS login page and select "Format Token".
•
Receive Pre-enrolment email: The RITS Help Desk will pre-enrol the user in RITS.
An email will be automatically sent to each user containing certificate enrolment
instructions and the Private Reference Code which is part one of a two part secret
required for enrolment.
•
Receive Secret Password from your Password Administrator: The RITS Help
Desk will telephone the member’s RITS Password/Certificate Administrator and
provide the Secret Password - which is part two of the two part secret required for
enrolment. The password administrator will notify the Secret Password to the end
user, together with the personal User ID to be used eg WPAC2003.
•
Enrol for a RITS Certificate: Once the user has both the email and the Secret
Password provided to them by their RITS Password/Certificate Administrator, the user
can enrol for their RITS Certificate by inserting their RITS Token into their PC and
clicking the link in the email. Internet access is required to enrol. The following
enrolment details are required:
•
April
−
first name;
−
last name;
−
email address;
−
the Private Reference Code from the email; and
−
the Secret Password provided by their Password Administrator.
Activate your certificate in RITS: After being notified of a successful enrolment,
and prior to logging on, you must activate your new certificate in RITS. The user
should go to the RITS "Token Administration screen" and obtain the Activation Code
for the newly created RITS certificate and pass it to the RITS user with the Certificate
Activation role. This person will select your name in the menu option called "User
Privileges" and enter the Activation Code. NB. If access is required to both RITS
Production and RITS Pre-Production, then the Activation Code must be entered in
both. For test only users, the Activation Code should not be entered in Production.
2006
9
Technical and Operational FAQs
RITS
Secure access
•
Login to RITS: The user should insert their RITS Token into their PC, then click on
the link to RITS and enter:
•
User ID: The Password Administrator will notify the User ID to the user.
•
Password: First time users must use the Secret Password obtained from your
Password Administrator and used to enrol for your certificate. Users will be forced to
reset the password at first use. Users re-enrolling prior to certificate expiry should
enter their existing password.
•
Select Certificate:
The user must select the RITS Certificate for the RITS
membership to be accessed.
•
Token Codeword:
was formatted.
The user must enter the Token Codeword set when the Token
4.6 Can I have more than one logon?
A user is not permitted to have multiple RITS User IDs within one membership.
users of two or more RITS members may have more than one logon.
However,
4.7 How do I get a certificate with no Internet or external email access?
Users need external email access and Internet access to enrol for a RITS Certificate. If a user
does not have Internet access on their desktop, they should enrol from another PC with
Internet access. If RITS users do not have external email access they should contact the RITS
Help Desk.
Once enrolled, Internet access to RITS is not required for users accessing via ANNI. However,
external email access is required for individual users to receive advance notice of expiry of
their RITS Certificate, and to be notified if their certificate has been revoked. Additionally, in
order to ensure that no staff member has access problems and to maintain suitable access for
credit and liquidity management, RITS Password/Certificate Administrators need external email
access to receive advance notice of certificate expiry for their staff. They will also receive
email notification of certificate revocations of staff.
The RBA very strongly recommends that RITS users have their own email address to receive
security information as part of the certificate enrolment procedure. These procedures are
designed to ensure that only the authorised user may enrol for the certificate issued in their
name. The use of shared email addresses by a member may weaken the very high security
built into RITS certificate issuance procedures, by exposing them to a greater risk of internal
malpractice, with resulting unauthorised issuance and use of certificates. It also means that a
user may not receive certificate expiry reminder emails.
Where a member’s internal policies or environment do not allow each RITS user to have an
individual email address, the RBA will require a written acknowledgement from that Member
(signed by RITS authorised signatories), that they will not provide all users with individual
email addresses, and will rely on other internal security controls. These might, for example,
involve the following:
•
that the Password Administrators will have their own individual email addresses to
receive notice of revocation emails, and expiry emails;
•
the owner of the shared email address will not be a RITS user given the role of Password
Administration;
April
2006
10
Technical and Operational FAQs
RITS
Secure access
•
that users will format their own tokens and set a Token Codeword known only to
themselves;
•
each individual RITS user will enrol (i.e. receive certificate) via the internet. This should
not be done by any other person.
4.8 Will Test Certificates be issued for access to RITS Pre-Production?
No, there will be no test certificates. The RITS Production Certificate will be issued from the
Production System for access to both the Pre-Production (formerly known as Industry Test)
and Production Environments.
Members’ Password/Certificate Administrators are responsible for controlling staff access to
RITS Production and Pre-Production environments. To prevent test staff from accessing RITS
Production, the Password/Certificate Administrator should:
•
Only enter the Activation Code into the Pre-Production environment. [An Activation
entry cannot be undone, so if it is wrong, the certificate must be revoked and the
process restarted.]
•
Ensure that the user remains “Inactive” in the function User Privileges in RITS
Production.
•
Ensure that the user is not given any roles in the function User Privileges in RITS
Production.
The RITS Status and the Certificate Status of each user in both Production and Pre-Production
environments are listed on the first page of the function User Privileges. Access is available
only to a user with both an Active RITS Status and an Active RITS Certificate.
4.9 Can I store my RITS digital certificate on my PC?
No, RITS Certificate must be stored on the RITS Token.
4.10 Can the token store my Austraclear certificate?
Yes, it has been proven that SFE Austraclear System certificates can be stored on the token by
importing them to the token or at enrolment by inserting the token into the PC and by
selecting “Datakey” as the encryption device.
Other certificates would need to be
independently tested by each RITS Member.
You should note that if you need to reformat your token for any reason (for example, you have
forgotten your Token Codeword or made too many attempts at the Token Codeword) all
certificates on the token will be deleted. In the case of RITS, the RITS certificate must then be
revoked and re-issued.
Please contact the SFE for procedures relating to transferring your Austraclear certificate (from
your PC) to your token.
April
2006
11
Technical and Operational FAQs
RITS
Secure access
4.11 Can copies of users’ RITS certificates be stored for business resumption
purposes?
No, it is not possible to export digital certificates from the RITS Token. Users should take their
RITS Token with them when attending a business recovery site. Otherwise, the user will need
to have the existing certificate revoked and request a new certificate to be issued onto another
token stored at the backup site.
4.12 I have lost/damaged my token; can I still access RITS?
No, if a user has a lost or damaged token, they will be unable to access RITS. The user should
arrange for their password administrator or the RITS Help Desk to revoke their certificate and
request a new certificate via the standard process.
4.13 Can I share a token with another user?
No, each user must obtain an individual token and keep the Token Codeword secret. Sharing
the Token Codeword reduces the effectiveness of the RITS security access regime.
4.14 Can more than one token be used on a single PC at the same time?
Yes, as long as the PC has sufficient USB ports.
4.15 How often do I have to renew my certificate?
RITS certificates expire after approximately 2 years. The timing is staggered to avoid all users
of a member expiring on the same day. Users will be advised well in advance that they need
to enrol for a new certificate. This requires completion of User Access Request Form. At
expiry, certificates are not renewed but rather a new certificate is issued and the old one is
revoked.
4.16 I have forgotten my Token Codeword?
Forgetting the Token Codeword, and too many tries at the Token Codeword, require the token
to be reformatted using the Token Administration link at the RITS login page and the RITS
Information Facility web site. This will delete all certificates on the token, and requires the
RITS Certificate to be revoked and the user will need to re-enrol for a new certificate using the
standard process via the Help Desk.
4.17 I have lost my token
The member’s Password/Certificate Administrator will need to provide the user with a new
RITS Token and revoke the user’s RITS Certificate. The user will need to be enrolled for a new
certificate by the standard Help Desk process.
4.18 I left my token at home, can I still access RITS?
No. You must have your token and a valid certificate to access RITS. The member’s
Password/Certificate Administrator will need to provide the user with a new RITS Token and
revoke the user’s RITS Certificate. The user will need to be enrolled for a new certificate by
the standard process.
April
2006
12
Technical and Operational FAQs
RITS
Secure access
4.19 Do I have to take my token with me if I leave my PC to get a cup of
coffee or go to lunch?
We suggest that you log out of RITS and remove your token upon leaving your desk for short
periods. This will prevent anyone from making enquiries and updates under your User ID.
If you leave the office, you should take your token with you. In addition to the above, this
ensures that you have it with you should you need to go to your institution’s backup site in a
contingency event and continue access to RITS.
4.20 If I insert my token when the PC is locked I am asked to enter a PIN.
This PIN is not required. Click on “Cancel” and the normal PC unlock request will display (ie,
press Ctrl/Alt/Delete to unlock the computer).
4.21 Do I have to enter my token codeword each time I authorise a payment?
No, the Token Codeword only needs to be entered at log in.
4.22 How do I remove certificates from my token?
Either delete the individual certificate or reformat the whole token to remove all certificates.
This task is performed via the “RITS Token Administration” link on the RITS login screen.
4.23 Can I re-use a token for a new user?
Yes. Existing certificates can be removed or the token reformatted via the “RITS Token
Administration” link on the RITS login screen.
4.24 What should I do if someone is going on extended leave, and a new
person is filling in?
It is recommended that the absent user be made inactive in RITS and the token either stored
securely by the Password Administrator or kept by the user themselves until they return to
work (depending on the length of the absence).
The relieving officer should have a new user created and enrol them by completing a User
Access Request Form and sending it to the RITS Help Desk. A blank token should be issued to
the new user.
4.25 What should I do when someone leaves the organisation or no longer
requires access to RITS?
The Password/Certificate Administrator should re-possess the user’s token and reformat it.
The user should be deleted from RITS.
4.26 Can I remove my token from my PC once I’ve logged on to RITS?
No, the token must remain in your PC if you are entering or settling transactions. When you
send an update to RITS, it is digitally signed and the digital certificate on the token is accessed
to perform this signing. If you are only using enquiry functions, these are not digitally signed,
so the token is not needed and could be removed, but this is not a helpful practice.
April
2006
13
Technical and Operational FAQs
RITS
Secure access
4.27 Do I have to re-enter my RITS password and my token PIN when my
RITS session times out?
Yes. Username, password and token codeword need to be entered. The timeout period is 15
minutes.
4.28 What happens if someone accesses my RITS session while I’m away
from my PC and authorises a payment that settles??
The action performed by the interloper would be accepted by RITS as digitally signed by you
and is not able to be “undone”. Each Member is responsible for the RITS activities of their
staff and you would be identified as the user who performed the action. This type of problem
will be avoided if you remove your token and/or logged out of RITS before leaving your PC.
4.29 I can’t login even though there has been no change in my login details
since my last login.
Have you upgraded your JRE (Java Runtime Environment)? The JRE version 1.5.0 over-rides
the version 1.4.2 which is required to access RITS. This over-ride is a bug that is outstanding
with SUN. You should check the version of JRE you have installed (run the “Test Card”) and
revert to version 1.4.2.
4.30 I can’t login to RITS from someone else’s PC.
When using your own token on someone else’s PC there may be problems with your
configuration and RITS doesn’t recognise you as a valid user. You may get a “Certificate not
selected” error upon login.
This can be overcome by making a change to your PC profile on the other PC. This is
performed by running the Testcard (available from the RITS logon screen). The Central
Signing Interface software will be updated and allow login.
April
2006
14
Technical and Operational FAQs
RITS
Functionality
5 RITS FUNCTIONALITY
5.1 Are there any other system changes to RITS?
There are no changes to the business rules eg to SWIFT processing or settlement rules for the
RITS System Queue process. However, the new interface has provided some amalgamation of
functions.
5.2 Can my password administrator still do the same things?
Member’s Password/Certificate Administrators are still responsible for controlling user access to
RITS. They can activate and inactivate users, add and deny access to roles, allow users to be
authorisers, link and unlink a user to a branch, and reset passwords.
In addition, the roles of Activating a Certificate and Revoking a Certificate can be allocated to a
Password Administrator, or can be allocated to a separate “Certificate Administrator”,
depending on the security arrangements for your organisation.
5.3 How do I get a new user set up?
See section 4.5 of this document “How do I get a RITS digital certificate and access to RITS?”
Also refer to the RITS Access and Security User Guide available from the RITS Information
Facility.
5.4 How can a user’s profile be changed?
Your Password/Certifcate Administrator can alter the profiles of users in terms of activating
and inactivating users, adding and denying access to roles, linking and unlinking a user to a
branch, and resetting passwords.
If a new user takes over an existing user ID this must be arranged with the RITS Help Desk.
It will involve revoking the previous user and requesting the setup of a new user for that ID.
5.5 Is there any change to the Disaster Recovery arrangements for RITS of
which I need to be aware?
Yes, your staff should be set up with a desktop shortcut or Favourite to the RITS Launch Page
at all your operating sites. Separate icons for Production and backup RITS access are no
longer required.
You should arrange for some blank RITS Tokens to be stored at your Business Recovery Site in
case staff arrive there in a contingency event without their RITS Tokens. RITS users should be
periodically reminded to remember to take their RITS Tokens to your Business Recovery Site.
Otherwise, the changes that were made for the new RITS user interface did not affect the core
aspects of RITS operations. RITS will continue to operate a Primary and Redundant facility at
the Primary Site, and backup facilities at a Secondary Site.
April
2006
15
Technical and Operational FAQs
RITS
5.6 More information on RITS functionality.
Functionality
Guides to RITS functionality are available at the RITS Information Facility, from the facility
inside RITS (via the “I” icon in the header) and from the internet.
5.7 Will we have access to the same branches?
Users will be still able to perform actions on behalf of different branches. However, in the new
interface users must be linked to the branch (by the Password/Certificate Administrator or the
RITS Help Desk) to perform certain branch functions (cash transfers, manage queued
payments at the cash account level, set cash account override statuses, set cash account sublimit and participate in the new batch facility). More information on this can be found in the
RITS Information Facility.
April
2006
16
Technical and Operational FAQs
RITS
Migration
6 MIGRATION
6.1 When do we move to the new System?
The underlying system is still the same; the only change is to the interface through which you
use it. This means that we don’t have a “big bang” cutover from one system to another. More
details are available in Information Paper No. 4.
6.2 When will the new Interface be available?
The User Interface will be available for Member trial access during the Pre-Production period in
Q2 of 2006. Migration windows will be available from Q2 2006 for access to Production.
Members may select when to go live in Production from a specified window.
More information about migration arrangements is contained in Information Paper No. 4.
6.3 What are the arrangements for a testing period?
Prior to the Production interface being available to Members, connectivity and application
verifications will be undertaken by Members.
Users will access the Pre - Production
Environment (formerly known as Industry Test) to familiarise themselves with the new
interface. More details are available in Information Paper No. 4.
6.4 Can I logon via both old and new interfaces?
Yes, you can be logged on via both old and new interfaces at the same time. You can also
view and update the same data from both interfaces. The old functionality will be “turned off”
once you are happy that your users have migrated to the new functionality successfully.
6.5 How do members migrate?
The RBA will make migration windows available during which Members can nominate when
they wish to migrate from the current access method to the new RITS User Interface. This
migration will take place after each Member completes their Pre-Production verifications.
Functionality not delivered in Phase 1 will continue to be accessed via the existing interface
until the replacement functionality is rolled out.
See Information Paper No 4 for more details.
April
2006
17
Related documents
RESERVE BANK OF AUSTRALIA RITS Low Value Settlement Service (LVSS)
RESERVE BANK OF AUSTRALIA RITS Low Value Settlement Service (LVSS)
RITS Production Environment File Name Deletion RITS Low Value Clearing Service
RITS Production Environment File Name Deletion RITS Low Value Clearing Service
RESERVE BANK INFORMATION & TRANSFER SYSTEM RITS July 2008
RESERVE BANK INFORMATION & TRANSFER SYSTEM RITS July 2008
Download
advertisement