Sterling B2B Integrator - Processing Order Data

The Order Data Processor is responsible for packing and unpacking the order data. It interfaces with the Subscription Manager and Transaction Manager to retrieve the relevant information that is required for packing and unpacking the order data.

To ensure secure transfer of order data, the order data must be packed. Packing the order data includes signing, compression, encryption, and base64 encoding depending on the requirements of the order type. The receiver must unpack the order data to view the attributes. Unpacking the order data includes verification, decompression, decryption, and base64 decoding depending on the requirements of the order type.

For example, the profile information may include the transaction ID, the direction of the flow (upload or download), response type (synchronous or asynchronous), type of processes required, object ID of the encrypted key, and object ID of the Electronic Signature (ES). EBICS Order Processing service performs EBICS transactions and user retrieval, and packing and unpacking of encrypted symmetric keys. Based on the profile information that is retrieved, the EBICS Order Processing service determines if packing or unpacking the order data is required, and invokes the appropriate packing or unpacking service.

Authorized Order Manager is responsible for initiating the Order Data Processor to unpack the order data received from the FUL order type request, routing the unpacked order data to the backend subscriber’s upload mailbox, and renaming it according to a defined naming convention.

Apart from the EBICS Order Processing service, the following services are available in Sterling B2B Integrator to process order data:

  • The EBICS Order Authorization service handles incoming order requests for the bank-technical upload order type (FUL). If an order has fulfilled the number of signatures required, this service forwards the order to the subscriber upload mailbox. Otherwise, this service forwards the order to the pending order mailbox.
  • The EBICS Order Streaming service packs and unpacks order data using the pipeline functionality in Sterling B2B Integrator.
  • The EBICS ES Packaging service either packs or unpacks key information that is used when signing and verifying the ES.
  • The EBICS Compression service performs compression and decompression of order data using zlib in pipeline mode.
  • The EBICS Encryption service performs encryption and decryption of order data using the AES-128 algorithm in pipeline mode. E002 encryption algorithm is supported.
  • The EBICS Encoding service performs encoding and decoding of order data using the base64 method in pipeline mode.
  • The EBICS Signing service performs the signing and verification of order data on the SHA-256 digest computed in pipeline mode. A005 and A006 signing algorithm is supported.

Order data must be unpacked for upload transactions, and packed for download transactions.

The packing process involves the following sequence. However, based on the order type, one or more of the following processes may not be required:

  1. Signing
  2. Compressing
  3. Encrypting
  4. Base64 encoding

The following example illustrates encryption of an order type. A business process invokes the Encryption service. If the order data has been signed, the business process passes the symmetric key to the Encryption service. If the order data has not been signed, the Encryption service generates and returns the symmetric key to the business process. If the symmetric key was created, the business process invokes the EBICS Order Processing service with the output message type set to setEncryptedKey.

The unpacking process involves the following sequence. However, based on the order type, one or more of the following processes may not be required:

  1. Base64 decoding
  2. Decrypting
  3. Decompressing
  4. Verifying the signature

The following example illustrates decryption of an order type. A business process invokes the EBICS Order Processing service with the output message type set to getEncryptedKey. The base64-encoded secret key is retrieved and set in the process data for use by the Encryption service.

Electronic Signatures

The Electronic Signature (ES) ensures the authentication of the order data. The signatures ensure the integrity and non-repudiation of order data sent by the client to the banking server.

EBICS specifies two signature classes of ES:

  • Personal signature
    • Single signature of type E
    • First signature of type A
    • Second signature of type B
  • Transport signature of type T

Sterling B2B Integrator supports the following signature types:

  • Transport signature of type T
  • Personal signature or Bank-technical ES of type E – Single signature

Transport signatures can be either self-signed or CA-signed certificates. Personal signatures must be CA-signed and recognized by the bank. Use the transport signature to submit the order and the personal signature to authorize the order.

In personal signatures, you must specify the number of signatures for each order type or file format in the contract to process the order data. The maximum number of personal signature allowed is 2.

Personal signature of type E can contain the following signatures:

  • Single
  • Optional Dual
  • Mandatory Dual

Prevalidation

When using bank-technical upload order types, the subscriber can send information in the first transaction step to the bank. The bank can prevalidate the order data.

Prevalidation of order data includes the following:

  • Data digest verification
  • Account authorization
  • Amount limit verification

After prevalidation of the order data is successful, the bank system receives the FUL file. The bank can use prevalidation to process the order data if the following prerequisites are met:

  • The bank supports the prevalidation functionality
  • Prevalidation node exists in the incoming request
Prevalidation of Data digest

The bank can verify data digest if the following prerequisites are met:

  • The bank supports the prevalidation functionality.
  • Prevalidation or DataDigest node exists in the incoming request.
  • The order type is set to any upload order type except the SPR request.
Prevalidation of account authorization and amount limit

The bank can verify account authorization and amount limit if the following prerequisites are met:

  • The bank supports the prevalidation functionality.
  • Prevalidation or AccountAuthorization node exists in the incoming request.
  • The OrderAttribute attribute is not set to DZHNN in the incoming request.
  • The Order Type is set to Technical upload order type (FUL) in the incoming request.
  • The signature class of the signatory is at least B in the contract permission.

Prevalidation verifies the signatory-designated account information and the amount limit if the minimum and maximum number of personal signatures required to authorize the order is defined. The account listed under AccountAuthorization must be a valid partner account. All the signatories must be configured with user permission to all the accounts listed in Prevalidation. The amount of a specified currency value must not exceed the maximum amount set in the User Permission configuration for any signatory.

Previous Topic

Managing System Order

Parent Topic

Sterling B2B Integrator - EBICS Server Concepts

Next Topic

Integrating with Sterling File Gateway

Thank you for submitting your details.

For more information, Download the PDF.

Thank you for the Registration Request, Our team will confirm your request shortly.

Invite and share the event with your colleagues 

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

Pragma Edge - API Connect