View
144
Download
0
Category
Preview:
Citation preview
ICICI Bank Ltd. ICICI Bank Towers, Bandra Kurla Complex, Mumbai – 400 051
Phone: 2653 1414, Fax: 2653 1110 Phone: 2653 1414, Fax: 2653 1110
Document Identification Information Document Name Host-2-Host (Push Based).doc Version 1.0 Date Created April 25, 2010 Created By Munish Blaggan
Proposal Document
Host-2-Host Solution
PRIVATE AND CONFIDENTIAL The contents of this document must not be reproduced in full or in part without the written permission of ICICI Bank.
Copyright © 2009 ICICI Bank Ltd. Page 2 of 7
CHANGE HISTORY
The following table records information regarding released versions of this document and briefly describes the changes made to them. Version Date Author Comment / Changes from Prior
Version
1.0 April 25, 2010 Munish Blaggan Document Created
Copyright © 2009 ICICI Bank Ltd. Page 3 of 7
Table of Contents
1 Background................................................................................................................... 4
1.1 Acronyms and Abbreviations ................................................................................ 4
2 Proposal ........................................................................................................................ 5
2.1 Proposed Solution ................................................................................................. 5
2.2 Benefits .................................................................................................................. 5
2.3 Prerequisite ............................................................................................................ 6
2.4 Process Flow.......................................................................................................... 6
Copyright © 2009 ICICI Bank Ltd. Page 4 of 7
1 Background As part of CMS set-up at customer’s end, the bank has provided with required
solution, IConnect application, which is integrated to the SAP system and provides
required interface for extraction of the payment requests. These payment requests
are then manually uploaded in the CIB interface for processing. In order to
implement STP of the transactions, the Host-2-Host solution is proposed to be
implemented.
1.1 Acronyms and Abbreviations
Bank ICICI Bank Ltd.
CMS Cash Management Services
CIB Corporate Internet Banking site of ICICI Bank Ltd.
IConnect SAP extraction module provided by the bank
Host-2-Host Host to Host solution offering from ICICI Bank Ltd.
STP Straight Through Processing
IP Internet Protocol JRE Java Runtime Environment
SSL Secure Socket Layer
PKI Public Key Infrastructure
Copyright © 2009 ICICI Bank Ltd. Page 5 of 7
2 Proposal
2.1 Proposed Solution
Host to Host Solution Architecture Diagram
As part of the STP implementation, the ICICI Bank’s solution provides with the
flexibility to enable/disable Auto Authorization as per customer’s need.
In addition to the transaction STP, the said solution provides with the option
to automate the reverse flow wherein the transaction reports etc can be
pushed back to customer.
2.2 Benefits
Automation of file transfer
Secure medium to transfer payment files
Speedy execution of transaction
Elimination of manual intervention
End to end integration with customer's ERP system
Customized MIS can be sent to customer
Logs created for file transfer process.
Client Server Sends request for report download
Customer Server Initiates File Transfer and pushes the
files to be transferred over HTTPS port
•Communication over SSL Protocol and data flow is Triple DES encrypted
•Adice file is encrypted using AES 256 bit encryption
Bad request, IP address gets trapped
Firewalls on either end
Wrong Protocol Request Ignored
Internet Cloud
Host To Host Interface Architecture of ICICI Bank
Customer end
Copyright © 2009 ICICI Bank Ltd. Page 6 of 7
2.3 Prerequisite
The additional prerequisite for enabling proposed solution are listed below:
On server from where the transfer process to be initiated
o JRE 1.5 or higher
o Unrestricted Java Cryptography Extension for AES256 bit encryption
o Required folders to be created
o Read and Write access on the folder/s, to the user from whose id the
process will be running
o Static Public IP, for defining access control at our end
o Importing of server certificate issued to cms.icicibank.com to
authenticate the host
2.4 Process Flow
Post execution of the payment run, the encrypted payment advice file should
be transferred to the intermediate server in specified configurable folder post
which it is to be sent to bank for further processing. And to initiate this transfer
the Host-2-Host utility is evoked, either through a scheduled task or system
triggered.
The file which is already encrypted with AES128 bit is again encrypted with
Triple DES.
A construction resource is formed with help of the encrypted parameter
stored in the configuration file.
The corporate utility forwards the request to the configured server (over 128
bit SSL protocol)
Handshake takes place and as part of the same the certificate of the host
server is validated to ensure authenticity of the host (Bank's server).
Post successful authentication the request is forwarded to the Host-2-Host
component installed on Bank's end
Further to the same the IP address of the requester and other parameters e.g.
the host can send/receive or both, file size etc. are validated.
After all the above checks an ACK message is sent to the utility installed on
the customer’s end to initiate the transfer.
As part of payment advice transfer, the checksum of the encrypted file is
calculated and the same is validated post transfer of the same.
The data stream is transferred to the bank server over 128 bit SSL protocol
Post successful checksum validation, the file is decrypted for triple DES.
In case the checksum check fails the file is not accepted and marked as failure.
As part of further processing, the said advice file is uploaded in the CMS
Payment System wherein further validation for AES encryption, file format
Copyright © 2009 ICICI Bank Ltd. Page 7 of 7
and transaction validation is performed. In addition to this system provides
with functionality to check for transaction duplication.
Simultaneously the application at the bank's end checks if any reverse file
transfer is to be initiated
In case available, the required process is initiated with mentioned above
validations
Recommended