Banks` TUPAS certification service for service providers Service
advertisement
Banks' TUPAS certification
service for service providers
Service description and service provider's
guidelines
Version 2.2
6 February 2007
FK|Federation of Finnish Financial Services
TUPAS certification service
for service providers
Service description and
guidelines
Version 2.2
6 February 2007
CHANGE LOG
Version
V2.0
V2.1
V2.2
Page
All
Comment
Message structures changed
New banks added, some wordings changed
New message fields and message field attributes.
Check from your bank whether the new attributes
have been taken into use.
APPROVAL
Version code
V2.0
Subcommittee
V2.1
Subcommittee
V2.2
Subcommittee
Date
13.6.2002
Approved by
Payment Transactions
3.10.2005
Payment Transactions
17.10.2006
Payment Transactions
TUPAS certification service
for service providers
Service description and
guidelines
Version 2.2
6 February 2007
Contents
Page
1 TUPAS CERTIFICATION SERVICE ............................................................... 1
1.1 Agreeing upon bank identifiers and the customer authentication........... 1
1.1.1 Bank identifiers for private customers.................................................... 1
1.1.2 Bank identifiers for business/corporate customers ................................... 2
1.2 Agreement on the use of Certification service........................................ 2
1.3 General description of Tupas-service..................................................... 2
1.4 Service functionality................................................................................ 3
1. 5 Service security ..................................................................................... 4
1.6 Definition of strong authentication .......................................................... 4
2 FUNCTIONAL SERVICE DESCRIPTION ....................................................... 5
3 MESSAGES IN THE TUPAS CERTIFICATION SERVICE AND RELATED
DATA ............................................................................................................... 7
3.1 Certificate request .................................................................................. 7
3.2 Certificate request field descriptions:...................................................... 8
3.3 orming the MAC for the certificate request (A01Y_MAC)..................... 9
3.4 Certificate and identifier........................................................................ 10
3.5 Certificate message field descriptions .................................................. 11
3.6 MAC calculation for in the Certificate ................................................... 12
3.7 Type of identification data..................................................................... 12
3.7.1 Identifier in plain text......................................................................... 13
3.7.2 Encrypted identifier ........................................................................... 13
3.8 Comparing the encrypted identifier data and authenticating
the customer............................................................................................... 13
3.9 Bank-specific buttons ........................................................................... 14
3.10 Exceptional situations......................................................................... 14
4 CHANGING THE PASS PHRASE.................................................................. 15
5 CHARACTER SET USED IN THE SERVICE................................................. 16
TUPAS certification service
for service providers
Service description and
guidelines
Version 2.2
6 February 2007
APPENDIX 1
BANK-SPECIFIC CONTACT INFORMATION...................... 18
APPENDIX 2
TYPE OF IDENTIFIER IN CERTIFICATE REQUEST
(A01Y_IDTYPE).............................................................................................. 20
APPENDIX 3
CUSTOMER IDENTIFIER IN THE CERTIFICATE ............... 21
1
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
1 TUPAS certification service
Banks’ Tupas-certification service (hereinafter “Certification service”)
allows businesses or corporations (hereinafter “service provider”) providing
electronic services on the Internet to authenticate their customers using
Tupas certificates. Within certfication service, the bank authenticates its
customer by a strong authentication method (see Section 1.6). Tupascertificates provided by the service can also be used for electronic signatures,
if so agreed between the customer authenticating him/herself and the service
provider.
The certification service is jointly specified by the banks. Each bank
authenticates its customers through the same bank-specific identifiers that the
customer uses in the bank’s own services.
1.1 Agreeing upon bank identifiers and the customer authentication
Certification service is accessed through bank-specific identifiers (hereafter
“bank identifiers”) created and issued by a bank for its customer. For
example, these can be a combination of a user ID and one-time passwords.
Bank identifiers are always personal regardless of whether they are issued for
use with private or business/corporate customers.
Banks can use subcontractors and agents in their operations as long as the
models of cooperation are compliant with the Credit Institutions Act and
standards issued by the Finnish Financial Supervision Authority by virtue of
the Act.
1.1.1 Bank identifiers for private customers
A customer can gain personal bank identifiers on the basis of a written
agreement. The individual concerned must always sign personally the
agreement. The customer cannot authorise another person to sign the
agreement on his/her behalf.
Banks have a statutory obligation to authenticate their customers. At a bank
branch or a bank’s subcontractor’s or agent’s office, the customer’s identity
is verified in a manner approved by the Financial Supervision Authority
using an official identity document approved by the bank, such as a driving
licence, personal identity card, passport or social insurance card with photo.
The first bank identifiers must be fetched in person to enable a reliable
customer authentication. Subsequent one-time identifiers can then be mailed
to the customer. The customer cannot authorise anyone else to fetch the
identifiers for the customer.
2
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
1.1.2 Bank identifiers for business/corporate customers
When making an agreement on bank identifiers for business/corporate use,
the bank identifiers are agreed on and fetched in compliance with the
provisions of Section 1.1.1 above as applicable and with the practice
accepted by the Finnish Financial Supervision Authority.
1.2 Agreement on the use of Certification service
The service provider must enter into a contract regarding Certification
service with all of the banks whose services are to be used. A separate
contract must be made with each bank. Bank-specific contact information is
included in Appendix 1 to this description.
Certification service implementation date is agreed upon when preparing the
contract. The service provider’s data is registered in each bank and the
service provider notifies each bank separately when changes occur to the
contract data.
Once the contract has been signed, the bank delivers the bank-specific
service identifier and pass phrase to the service provider. The data is
delivered to the service provider through a bank-specific procedure, either
electronically or in paper format.
The bank-specific data used in the testing phase is available with the service
descriptions of each bank. The service provider can test the service in a
production environment by using bank-specific testing identifiers before
signing the contract.
1.3 General description of Tupas-service
The customer authenticating him/herself plays a central role in the service.
The customer controls the transmission of data between the service provider
and the bank. The bank and the service provider are not in direct contact with
each other during the service.
When the service provider needs to authenticate a customer, the service
provider sends a certification request to the customer, who is transferred to
the bank’s authentication service by clicking on the link leading to the bank’s
authentication service. The service provider’s certification request is transmitted from the customer to the bank’s Certificate service, which sends a
response message to the customer (“the Certificate”). The customer checks
the certificate’s data. If the customer approves it, he/she returns to the service
provider’s service and the Certificate is transmitted to the service provider. If
the customer so wishes, he/she is allowed to cancel the authentication transaction before authenticating him/herself to the bank’s service or reject the
Certificate given by the bank.
3
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
The service provider and customer may agree on using the certificate as a
component in an electronic signature used for a legal transaction between the
customer and the service provider. However, the bank is only responsible for
authenticating the customer as specified in this service description. The bank
is not responsible for the validity or content of the legal transaction between
the customer and the service provider.
1.4 Service functionality
The Certificate provided by the bank is unique and tied to the service
transaction in question and to the customer with a time stamp.
The Certification service contains several functionalities and possibilities for
use depending on the type of the Certificate specified in the service
agreement between the service provider and the bank. The certificate issued
by a bank always includes the name of the customer (person and/or
company). Any additional identification information can be either plain text
or encrypted.
If the identification information is plain text, the bank may transmit either the
customer’s personal identity number, the last four characters of the personal
identity number, a Business Identity Code (hereinafter “Business ID”) or
other electronic transaction identifier in accordance with the service
agreement. The bank will only transmit personal identity numbers in plain
text to service providers authorised to register them.
If the identification information is encrypted, the bank will provide the
service provider with an identifier based on the customer’s personal identity
number, Business ID or other electronic transaction identifier. The actual
personal identity number or other identifier will not be transmitted with the
response message. Thus the service provider must have access to the
customer’s personal identity number, Business ID or other electronic
transaction identifier in order to ensure the correct authentication of the
customer’s identity based on the response message provided by the bank. If
the service provider does not possess the customer’s code, it should be
requested before sending the certificate request. This functionality is suitable
for verifying the validity of data submitted by the customer by comparing the
data with the data stored at the bank.
The Certification service is mainly applicable to consumer services. Some
banks are able to identify a corporate user through the Business ID, but not
all banks offer certification service certifying corporate customers. When
authenticating banks’ corporate customers, the banks can give, together with
the certificate, either the customer’s Business ID and the company name or
4
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
the customer’s Business ID, company name, name of person and personal
identity code.
1. 5 Service security
The SSL protocol is used in data communication between the parties of the
certification service, preventing external parties from viewing the
information or changing any of it. The service provider’s server software
must support SSL encryption implemented with 128-bit keys. The length of
the key used in the session is based on the properties of the customer’s
browser. The Certification request and the Certificate are protected with a
message authentication code ensuring data integrity, so it is not possible for
the customer who controls the Certificate transmission to alter the data
without the service provider or the bank noticing it.
Each party is responsible for the protection and security of its own services
and correctness of the data stored by them. The customer authenticating
him/herself is responsible for making sure that the identifiers provided by the
bank do not fall into the hands of any third parties.
The service provider’s service must include a notice specifying that the
service uses certification service employing the customer’s personal bank
identifiers or corporate bank identifiers. The service provider must edit the
notice text in its service according to whether the service provider wants to
authenticate private customers and/or corporate customers.
1.6 Definition of strong authentication
A strong authentication of a person comprises something that the user:
1) knows (such as a user ID),
2) possesses (such as a list of passwords),
3) is (such as a fingerprint).
An authentication transaction can be considered to comply with the definition of the strong authentication if two of these requirements are fulfilled
simultaneously. In addition to the strong authentication, the transaction must
be based on a sufficiently secure procedure. One-time passwords fulfil the
criteria for a strong authentication. This means that the sole combination of a
fixed password and user ID does not fulfil the criteria for the strong authentication required in the Certification service.
5
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
2 Functional service description
Customer
Service provider
Service
screens
1
Customer
service
2
Certificate
request
Customer's bank
3
Bank's
customer
authentication
Approval of
Certificate
data
4
5
Customer
authentication
and Tupas
certification
service
8
6
7
Service terms
Tupas
Certificate
Explanation of the chart describing service progression:
1.
The customer identifying him/herself is in contact with the service
provider’s service. The data communication between the customer and the
service provider must be SSL-protected when the customer begins to enter
data related to the certification service. During phases 2 to 7, the data transfer
link is always SSL-protected.
2.
The service provider sends to the customer a certification request
containing specification data related to the transaction. The customer verifies
the data in the request, but cannot alter it. The customer can, however,
interrupt the authentication process, if desired, and return to customer
service. The certification request page in the customer’s browser includes
function buttons leading to the banks’ certification service and a Cancel
button.
3.
The customer clicks on a button transferring him/her to his/her bank’s
certification service. The certificate request transmitted to the bank contains
6
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
the data on the service provider and transaction. The bank verifies the
integrity of the request and the correctness of the data.
4.
The bank sends an authentication request to the customer if the service
provider’s certificate request is valid. The bank gives the customer an error
notification if the bank notices errors in the request. Then the customer
returns to the service provider’s service by clicking the Cancel button.
5.
The customer authenticates him/herself in the certification service of
the bank. The bank returns an error message to the customer if the
authentication fails, and the customer returns to the service provider’s service
by clicking the Cancel button.
6.
After successful authentication, the bank generates the certificate. The
certification service activates Accept and Cancel buttons for the customer.
7.
The customer verifies the Certificate and approves the identification
data to be transmitted to the service provider. By clicking Cancel, the
customer can interrupt the authentication process and return to the service
provider’s service.
8.
The service provider verifies the integrity and uniqueness of the
Certificate received. The service provider attaches the Certificate to the
customer’s service transaction and stores it for as long as other service data is
stored. Customer identification data must not be registered or used for any
other purpose.
7
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
3 Messages in the TUPAS certification service and related data
3.1 Certificate request
Certificate request data lies behind the bank-specific button or icon in the
FORM data group, as hidden variables.
CERTIFICATE REQUEST
Field
1. Type of message
2. Version
3. Service provider
4. Service language
Name of data
A01Y_ACTION_ID
A01Y_VERS
A01Y_RCVID
A01Y_LANGCODE
Length
3-4
4
10 -15
2
5. Request identifier
A01Y_STAMP
20
6. Type of identifier
7. Return address
A01Y_IDTYPE
A01Y_RETLINK
2
199
8. Cancel address
A01Y_CANLINK
199
9. Rejected address
A01Y_REJLINK
199
10. Key version
11. Algorithm
A01Y_KEYVERS
A01Y_ALG
4
2
12. Control field
A01Y_MAC
32 - 40
Comment
Standard, "701"
For example, "0002"
Customer code
ISO 639 identifier:
FI = Finnish
SV = Swedish
EN = English
yyyymmddhhmmssxx
xxxx
See Appendix 2
OK return address for
Certificate
Return address in
cancellation
Return address in
error situations
Key generation data
01 = MD5
02 = SHA-1
Message
Authentication Code
of request
Data field names are written in capital letters. The HTML structure of the
FORM data group is:
<FORM METHOD=”POST” ACTION=”bank certification service URL”>
<INPUT NAME=”A01Y_ACTION_ID” TYPE=”hidden” VALUE=”701”>
<INPUT NAME=”A01Y_VERS” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_RCVID” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_LANGCODE” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_STAMP” TYPE="hidden” VALUE=”...”>
8
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
<INPUT NAME=”A01Y_IDTYPE” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_RETLINK” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_CANLINK” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_REJLINK” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_KEYVERS” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_ALG” TYPE="hidden” VALUE=”...”>
<INPUT NAME=”A01Y_MAC” TYPE="hidden” VALUE=”...”>
</FORM>
3.2 Certificate request field descriptions:
Field 1
service.
Type of message, which is a standard "701" in the certification
Field 2 Version number of the certificate request message, which is bankspecific.
Field 3
Service provider’s bank-specific customer identifier. The bank
identifies the service provider based on the customer code and
attaches to the certificate the service provider’s name existing in its
register.
Field 4 The language code of the service indicates the language of the
service provider’s page, and the bank certification service opens in this
language.
Field 5 Individual code assigned to the certificate request by the service
provider. The identifier can be a reference or customer number or a
combination of the date, time and running identifier, as well as a reference
number.
Field 6 The identifier type shows what kind of an identifier the service
provider wants from the customer to be authenticated. The identifier type
must correspond to the functionality agreed upon in the service contract.
Field 7 This is the address of the service provider’s page where the service
continues when OK. The service address must start with ‘https’ - that is, the
page must be SSL protected.
Example:
VALUE="https://product.merchant.fi/order/confirmation.htm"
Field 8 Continuation point for the service provider’s service in case the
customer cancels the transmission of the Certificate.
9
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
Example:
VALUE="https://product.merchant.fi/order/cancel.htm"
Field 9 Continuation point for the service provider’s service in case of a
technical error during identification. The return address can be the same as in
field 8.
Example:
VALUE="https://product.merchant.fi/order/error.htm"
Field 10 Key version used in MAC calculation.
Field 11 Algorithm type code used in MAC calculation.
01 = MD5 algorithm, which produces a 32-character MAC
01 = SHA-1 algorithm, which produces a 40-character MAC.
Field 12 Message Authentication Code (MAC), calculated from the data to
be protected in the certificate request and the service provider’s pass phrase
using the algorithm defined in data field 11. Using the MAC, the recipient
can verify the integrity of the certificate request and authenticate the sender.
3.3 Forming the MAC for the certificate request (A01Y_MAC)
The service provider forms a bank-specific certificate request for each bank’s
button, protected by a MAC attached to each request. The MAC is calculated
from the bank-specific certificate request’s FORM data group using the pass
phrase given to the service provider by the specific bank.
The calculation starts by forming a character string from the VALUE of all
data fields in the FORM data group preceding the MAC (fields 1 to 11) and
the service provider’s pass phrase. The data is combined into character
strings in sequence, and any blanks serving as fill characters are left out. The
data groups in the character string are separated by “&” characters. An “&”
character is also placed between the last data (field 11) and the pass phrase,
as well as at the end of the pass phrase. The “&” characters are included in
the MAC calculation. The data appears on one single line. "↵" indicates a
line break in this document.
A01Y_ACTION_ID&A01Y_VERS&A01Y_RCVID&A01Y_LANGCODE&↵
A01Y_STAMP&A01Y_IDTYPE&A01Y_RETLINK&A01Y_CANLINK&↵
A01Y_REJLINK&A01Y_KEYVERS&A01Y_ALG&passphrase&
10
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
The calculated MAC is converted into hexadecimal form, in which
characters from A to F are represented in capitals. The hexadecimal hash
value is taken to the Control field.
3.4 Certificate and identifier
CERTIFICATE
Field
Name of data
Length
1. Version
B02K_VERS
4
2. Certificate identification
B02K_TIMESTMP
23
3. Certificate number
B02K_IDNBR
10
4. Request identifier
B02K_STAMP
20
5. Customer
B02K_CUSTNAME
–40
6. Key version
7. Algorithm
B02K_KEYVERS
B02K_ALG
4
2
8. Identifier
9. Type of identifier
10. User ID
B02K_CUSTID
B02K_CUSTTYPE
B02K_USERID
-40
2
-40
11. User name
B02K_USERNAME
-40
12. Control field
B02K_MAC
32-40
1
Obligatoriness of the data:
O = obligatory
R = at request only
Obligato- Comment
riness1
O
For example,
"0002"
O
NNNyyyymmddh
hmmssxxxxxx
O
Number assigned
to the identifier by
the bank
O
Request data field
7
(A01Y_STAMP)
O
Name of person or
company
authenticated that
is in the bank’s
database
O
Key generation
O
01 = MD5
02 = SHA-1
O
See Appendix 3
O
See Appendix 3
R
Corporate user’s
social security
number or
encrypted
identifier
See appendix 3
R
Corporate user’s
name
See appendix 3
O
MAC of the
Certificate
11
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
The customer’s bank adds the certificate data in the response message to the
OK return link in so-called query-string format.
http://A01Y_RETLINK?↵
B02K_VERS&B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP&↵
B02K_CUSTNAME&B02K_KEYVERS&B02K_ALG&B02K_CUSTID&↵
&B02K_MAC
The data BO2K_USERID and BO2K_USERNAME_are optional and are
included only with identifier values “
3.5 Certificate message field descriptions
Field 1 Version number of the certificate message, which is bank-specific.
Field 2 Time stamp formed by the bank’s system, in which NNN is the
bank’s number:
Handelsbanken
Nordea Bank Finland
OP Bank Group
Sampo Bank
Savings banks and local co-op banks
Tapiola Bank
Bank of Åland
= 310
= 200
= 500
= 800
= 400
= 360
= 600
Field 3 Data provided for the Certificate by the bank’s information system,
uniquely identifying the Certificate in the bank’s system.
Field 4 Identification of the certificate request, picked from data field 7 in
the certificate request in question (A01Y_STAMP)
Field 5 Name of authenticated customer according to the bank’s customer
database.
Field 6 Generation number of the MAC pass phrase.
Field 7 MAC algorithm code.
Field 8 Customer identifier with contents depending on the A01Y_IDTYPE
field in the certificate request. The field may contain a customer identifier
either in encrypted or in plain text format.
Field 9 Type of identifier.
Field 10 Corporate user’s social security number or encrypted identifier.
12
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
Field 11 Corporate user’s name.
Field 12 MAC code of the certificate
3.6 MAC calculation for in the Certificate
The control code (BO2K_MAC)is calculated from the original message, after
which the Scandinavian characters and certain special characters (eg blank
spaces, equal signs and quotation marks) are replaced in the corresponding
hexadecimall character (eg %20) in the data communication message.
The bank calculates the MAC of the Certificate with a service provider
specific key. With the MAC the service provider can ensure that the
Certificate has been formed at the customer’s bank and that its contents are
unchanged. With the Certificate’s identifier type values “00” - “07” the MAC
is calculated using data fields 1 to 9 in the Certificate. When calculating the
MAC, the data and the pass phrase are separated by an "&" character. The
character is also appended at the end of the pass phrase. The service
provider-specific key is used in calculating the MAC. MAC calculation is
not executed for the optional fields 10 & 11 when they are empty and are not
returned to the service provider.
B02K_VERS&B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP&↵
B02K_CUSTNAME&B02K_KEYVERS&B02K_ALG&↵
B02K_CUSTTYPE&passphrase&
with the Certificate’s identifier type values “08” - “09” the MAC is
calculated using data fields 1 to 11 in the certificate. When calculating the
MAC, the data and the pass phrase are separated by an "&" character. The
character is also appended at the end of the pass phrase. The service
provider-specific key is used in calculating the MAC
B02K_VERS&B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP&↵
B02K_CUSTNAME&B02K_KEYVERS&B02K_ALG&B02K_CUSTID↵
B02K_CUSTTYPE&BO2K_USERID&B02K_USERNAME&passphase&
3.7 Type of identification data
The type of the identifier to be transmitted, specified in the A01Y_IDTYPE
field of the certificate request, affects the response message MAC calculation.
13
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
3.7.1 Identifier in plain text
The value of the A01Y_IDTYPE field in the certificate request is ”02” or
”03” - that is, basic identifier or truncated basic identifier in plain text.
The identifier is a character string in plain text - for example, a personal
identity number or the last four characters thereof - in accordance with the
A01Y_IDTYPE field in the request message. The identifier will be assigned
to the data field B02K_CUSTID in the Certificate in an unchanged form.
3.7.2 Encrypted identifier
The value of the A01Y_IDTYPE field in the certificate request is “01” - that
is, encrypted basic identifier.
The bank uses the same hash algorithm for encrypting the identifier as is
used for the MAC fields. The uniqueness of the identifier is ensured by using
the data in the certificate data fields 2 to 4 and the customer identifier
(personal identity number or Business ID) in accordance with data field 8
(A01Y_IDTYPE) in the request message as additional data. When calculating the encrypted identifier, the data and the pass phrase are separated by
an "&" character. The character is also appended at the end of the pass
phrase. The service provider-specific key is used for encryption.
B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP&↵
customer_identifier&passphrase&
The result of the calculation is converted into hexadecimal form, in which
characters from A to F are represented in capitals. The final result is a
character string identifying the customer. The string will be used in the
B02K_CUSTID field of the Certificate.
3.8 Comparing the encrypted identifier data and authenticating the customer
If the identifier is encrypted, the service provider first verifies the integrity of
the Certificate. Then the service provider calculates the comparison data for
the customer identifier as described in section 3.7.2 on the basis of the customer code stored in its register.
When the calculated comparison data and the identifier of the received
message are identical and the message is intact, the data for the customer
authenticated by the bank corresponds to that for the customer registered by
the service provider.
14
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
3.9 Bank-specific buttons
The image files for bank-specific buttons can be obtained from a website at
an address separately specified by each bank. The size or colour of the buttons must not be changed. The button image must not be used for purposes
other than those that have been agreed upon between the service provider and
the bank.
3.10 Exceptional situations
The service provider must be prepared for exceptional occasions, which
include:
1. Customer interrupts the authentication process
The customer can interrupt the transaction by clicking the Cancel button,
either before the certificate request has been sent to the bank or after
receiving the Certificate. The address for the Cancel button is the Cancel
address in FORM data field 8 of the certificate request.
2. Customer authentication failed
Customer authentication may fail if there are errors in the identifier or if the
customer has requested authentication at a wrong bank. The customer can
return to the service provider’s service by using the Cancel button. The
address for the Cancel button is the Cancel address in FORM data field 8 of
the certificate request.
3. The bank notices an error in the certificate request
The bank notices an error in the identification request before the customer
has been authenticated. The customer returns to the service provider’s
service using the Cancel button assigned to the Rejected address in FORM
data field 9.
4. The service provider notices an error in the Certificate.
The service provider notices an error when verifying the Certificate that
might be due to an error in the Certificate content or because the data
provided by the customer to the service provider does not match the data
stored in the bank’s information system.
The service provider should provide the customer with information relevant
to the situation at hand.
15
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
5. There is no response at all
The reason for the interruption may be a connection break or other technical
disturbance, or the customer terminating the session halfway through.
6. The same response comes several times
The service provider must be prepared for that the customer will send the
same response several times or resend an old certificate when moving
between browser windows with the back/forward buttons.
4 Changing the pass phrase
The pass phrase (key) used when calculating the MAC values can be
changed if the bank or service provider so wishes. Bank-specific procedures
are used when changing the key, and these are described in the bank-specific
system descriptions.
Two bank-specific procedures are used when changing the key:
•
Only the pass phrase is changed, the service provider’s customer ID
remains the same.
•
Both the pass phrase and the customer ID are changed.
The pass phrase is delivered to the contact person named in the contract. At
the same time, the information on the new key’s version number and the
effective date will also be delivered. From that date onwards, all MACs will
be calculated using the new key.
In order to guarantee a smooth change between keys, the service provider’s
system must enable the entry of the new key into the system ahead of time in other words, the simultaneous use of at least two pass phrases. At the time
of transfer (for a period of about 15 minutes), it is possible that the MACs in
some Certificates arriving to the service provider have been calculated using
the old key and the rest have been calculated using the new key.
Once the new pass phrase has been successfully taken into use, the old key
can be deleted or deactivated in the service provider’s system.
16
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
5 CHARACTER SET USED IN THE SERVICE
An 8-bit ISO 8859-1 (Latin1) character set is used in the service, the
codes of which are listed in the table below.
æ
backspace
tab
linefeed
c return
Space
!
"
#
$
%
&
'
%00
%01
%02
%03
%04
%05
%06
%07
%08
%09
%0a
%0b
%0c
%0d
%0e
%0f
%10
%11
%12
%13
%14
%15
%16
%17
%18
%19
%1a
%1b
%1c
%1d
%1e
%1f
%20
%21
%22
%23
%24
%25
%26
%27
0
1
2
3
4
5
6
7
8
9
:
;
<
=
>
?
@
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
%30
%31
%32
%33
%34
%35
%36
%37
%38
%39
%3a
%3b
%3c
%3d
%3e
%3f
%40
%41
%42
%43
%44
%45
%46
%47
%48
%49
%4a
%4b
%4c
%4d
%4e
%4f
%50
%51
%52
%53
%54
%55
%56
%57
`
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
{
|
}
~
€
‚
ƒ
„
…
†
‡
%60
%61
%62
%63
%64
%65
%66
%67
%68
%69
%6a
%6b
%6c
%6d
%6e
%6f
%70
%71
%72
%73
%74
%75
%76
%77
%78
%79
%7a
%7b
%7c
%7d
%7e
%7f
%80
%81
%82
%83
%84
%85
%86
%87
‘
’
“
”
•
–
—
˜
™
š
›
œ
Ÿ
¡
¢
£
¥
|
§
¨
©
ª
«
¬
¯
®
¯
°
±
²
³
´
µ
¶
·
%90
%91
%92
%93
%94
%95
%96
%97
%98
%99
%9a
%9b
%9c
%9d
%9e
%9f
%a0
%a1
%a2
%a3
%a4
%a5
%a6
%a7
%a8
%a9
%aa
%ab
%ac
%ad
%ae
%af
%b0
%b1
%b2
%b3
%b4
%b5
%b6
%b7
À
Á
Â
Ã
Ä
Å
Æ
Ç
È
É
Ê
Ë
Ì
Í
Î
Ï
Ð
Ñ
Ò
Ó
Ô
Õ
Ö
Ø
Ù
Ú
Û
Ü
Ý
Þ
ß
à
á
â
ã
ä
å
æ
ç
%c0
%c1
%c2
%c3
%c4
%c5
%c6
%c7
%c8
%c9
%ca
%cb
%cc
%cd
%ce
%cf
%d0
%d1
%d2
%d3
%d4
%d5
%d6
%d7
%d8
%d9
%da
%db
%dc
%dd
%de
%df
%e0
%e1
%e2
%e3
%e4
%e5
%e6
%e7
ð
ñ
ò
ó
ô
õ
ö
÷
ø
ù
ú
û
ü
ý
þ
ÿ
%f0
%f1
%f2
%f3
%f4
%f5
%f6
%f7
%f8
%f9
%fa
%fb
%fc
%fd
%fe
%ff
17
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
(
)
*
+
,
.
/
%28
%29
%2a
%2b
%2c
%2d
%2e
%2f
X
Y
Z
[
\
]
^
_
%58
%59
%5a
%5b
%5c
%5d
%5e
%5f
ˆ
‰
Š
‹
Œ
Ž
%88
%89
%8a
%8b
%8c
%8d
%8e
%8f
¸
¹
º
»
¼
½
¾
¿
%b8
%b9
%ba
%bb
%bc
%bd
%be
%bf
è
é
ê
ë
ì
í
î
ï
%e8
%e9
%ea
%eb
%ec
%ed
%ee
%ef
18
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
APPENDIX 1
BANK-SPECIFIC CONTACT INFORMATION
HANDELSBANKEN
Contract issues:
Codes and keys:
Customer support and
technical problems:
E-mail:
Local branch
Collected from the bank
HelpDesk 010 444 2545
During weekdays 8–17
finhelp@handelsbanken.fi
NORDEA
Contract issues:
Codes and keys:
Customer support and
technical problems:
E-mail:
OP BANK GROUP
Contract issues:
Codes and keys:
Customer support:
E-mail:
SAMPO BANK
Contract issues:
Local branch
Delivered by mail to the contact
person named in the
contract.
Solo information for corporate
customers
• In Finnish: 0200 67210 (0.11 €/min
+ local network/mobile call fee)
During weekdays between 8–18
• In Swedish: 0200 67220
(0.11 €/min + local network/mobile
call fee)
During weekdays 9–16.30
• In English: 0200 67230 (0.11 €/min
+ local network/mobile call fee)
During weekdays 9–18
Solo.tori@nordea.fi
Local OP bank
To be collected from a branch of the
bank
OP Bank phone service:
• In Finnish: 0100 0500
• In Swedish: 0100 9051
verkkopainikkeet@op.fi
Local branch or
phone 0106 6060 (local n
etwork/mobile call fee) Mon–Fri
8–17
19
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
Codes and keys:
Will be delivered on diskette in a
sealed mail package
Customer support and technical problems:
• Private customers 0200 2589
(local network/mobile call fee),
Mon–Fri 9–18
• Corporate customers 0600 122 12
(1.17 €/min +local network/mobile
fee),
Mon–Fri 8–17
E-mail:
asiakastuki.ml@sampo.fi or
varmennepalvelu@sampo.fi
SAVINGS BANKS AND LOCAL CO-OPERATIVE BANKS
Contract issues:
Local branch
Codes and keys:
Collected from the bank
Customer support and technical problems:
• phone 0100 4052 (1.17 €/min +
local network fee)
E-mail:
info@samlink.fi
TAPIOLA BANK
Contract issues
Codes and keys
Tapiola electronic services
Delivered to the contact person named
in the contract
Customer support and technical problems:
• Private customers 0203 45370
(Mon–Fri)
E-mail:
tunnistuspalvelu@tapiola.fi
BANK OF ÅLAND
Contract issues:
Customer code:
Customer support and
technical problems:
e-mail:
Local branch
Delivered at the branch upon signing
the contract.
The pass phrase is mailed to the
contact person named in the contract.
Contact Center customer service
• In Finnish: 0204 292920
• In Swedish: 0204 292910
• During weekdays Mon–Thu 8.40–
16.30, Fri 9.30–16.30
contactcenter@alandsbanken.fi
20
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
APPENDIX 2
TYPE OF IDENTIFIER IN CERTIFICATE REQUEST (A01Y_IDTYPE)
Data field 6 in the certificate request specifies the type of identifier
requested. The type is encoded with two characters XY as follows:
The first figure (X) indicates the contents of the type of identifier
requested:
0Y = basic identifier
1Y = personal identity number
2Y = Business ID
3Y = personal identity number or Business ID
4Y = personal identity number and Business ID
5Y = personal identity number and Business ID or
personal identity number alone
The latter figure (Y) indicates the form of the identifier requested:
X1 = Encrypted identifier
A hexadecimal MAC (Message
Authentication Code) calculated on
the basis of the customer’s
identification data.
X2 = Identifier in plain text
The identifier can be the customer’s
complete personal identity number, an
electronic transaction identifier or a
complete Business ID.
03 = Truncated identifier
A truncated identifier can contain the
last four characters of the personal
identity number without the
punctuation mark indicating century,
or a complete Business ID.
NB: Code 23 is not used.
21
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
APPENDIX 3
CUSTOMER IDENTIFIER IN THE CERTIFICATE
The data field for identifier type (field 9) indicates the type of
identifier data. The data is encoded with two characters XY so that
the first figure indicates whether the requested information about the
customer is in the bank's customer database.
0Y = The requested information was found.
The Certificate is returned to the return address in
the return address field of the certificate request.
00 = identifier not known
Value "00" is used if no identifiers are
found.
01 = personal identity number in plain text
Value "01" is used if the request
concerns an identifier in plain text and
only the personal identity number is
returned.
Field 5 holds the customer's name and
field 8 the personal identity number in
plain text.
02 = last four characters of personal identity number
in plain text
Value "02" is used if the request
concerns a truncated identifier and
only the last four characters of the
personal identity number are returned.
Field 5 holds the customer's name and
field 8 the last four characters of the
personal identity number in plain text.
22
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
03 = Business ID in plain text
Value "03" is used if the request
concerns an identifier in plain text and
only the Business ID is returned.
Field 5 holds the company's name and
field 8 the Business ID in plain text.
04 = electronic transaction identifier in plain text
Value "04" is used if the request
concerns an identifier in plain text and
only the electronic transaction
identifier is returned.
Field 5 holds the customer's name and
field 8 the electronic transaction
identifier in plain text.
05 = encrypted personal identity number
Value "05" is used if the request
concerns an encrypted identifier and
only the personal identity number is
returned.
Field 5 holds the customer's name and
field 8 the encrypted personal identity
number.
06 = encrypted Business ID
Value "06" is used if the request
concerns an encrypted identifier and
only the Business ID is returned.
Field 5 holds the company's name and
field 8 the encrypted Business ID.
07 = encrypted electronic transaction identifier
Value "07" is used if the request
concerns an encrypted identifier and
only the electronic transaction
23
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
identifier is returned (not in use at
Sampo).
Field 5 holds the customer's name and
field 8 the encrypted electronic
transaction identifier.
08 = Business ID and corporate user's personal
identity number in plain text, or other identifier agreed
between the service provider and the bank in plain
text
Value "08" is used if the request
concerns identifiers in plain text.
Field 5 holds the company's name,
field 8 the Business ID in plain text,
field 10 the corporate user's personal
identity number in plain text and field
11 the corporate user's name.
09 = encrypted Business ID and encrypted corporate
user's personal identity number, or other encrypted
identifier agreed between the service provider and the
bank
Value "09" is used if the request has
concerned encrypted identifiers.
Field 5 holds the company's name,
field 8 the encrypted Business ID,
field 10 the corporate user's encrypted
personal identity number and field 11
the corporate user's name.
1Y = The requested information or part of it was not found.
The information in the type of identifier field
(B02K_CUSTTYPE) is returned to the address in the
rejected address field of the certificate request. The
latter number (Y) in the type of identifier indicates
what information was not found on the customer. In
such cases, the service provider can automate its error
messages to the customers in different situations.
24
TUPAS certification service
Service description and
guidelines
Version 2.2
6 February 2007
10 = No requested information on the customer.
11 = No personal identity number for the customer.
12 = No Business ID for the customer.
Example: A service provider wants to know the
customer's personal identity number but the customer
uses identifiers that only have a Business ID. The
bank sends the information in the type of identifier
field (B02K_CUSTTYPE) to the address in the
rejected address field. In this case, field 9, type of
identifier, holds the value 11.
Bulevardi 28
FI-00120 Helsinki, Finland
Tel. +358 20 7934 200
Fax +358 20 7934 202
firstname.surename@fkl.fi
http://www.fkl.fi