catm.007.001.02
The certificate management request message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
Message Construction
Every ISO20022 message has at the highest level what we call ‘building blocks’. Because the message is constructed as immutable records, the association is by composition. Below you can see the relationship between the message and its constituent building blocks: For comparison, see the ISO20022 official specification
classDiagram
direction LR
%% CertificateManagementRequestV02 recursion level 0 with max 0
CertificateManagementRequestV02 *-- "1..1" Header29 : Header
CertificateManagementRequestV02 *-- "1..1" CertificateManagementRequest1 : CertificateManagementRequest
CertificateManagementRequestV02 *-- "0..1" ContentInformationType18 : SecurityTrailer
Now, we will zero-in one-by-one on each of these building blocks.
Header building block
Information related to the protocol management. Set of characteristics related to the reject of a transaction. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% Header29 recursion level 0 with max 1
class Header29{
ProtocolVersion IsoMax6Text
ExchangeIdentification IsoNumber
CreationDateTime IsoISODateTime
}
Header29 *-- "1..1" GenericIdentification72 : InitiatingParty
Header29 *-- "0..1" GenericIdentification93 : RecipientParty
%% GenericIdentification72 recursion level 1 with max 1
class GenericIdentification72{
Identification IsoMax35Text
Issuer PartyType6Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification93 recursion level 1 with max 1
class GenericIdentification93{
Identification IsoMax35Text
Issuer PartyType6Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
GenericIdentification93 *-- "0..1" NetworkParameters5 : RemoteAccess
Header29 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| ProtocolVersion | Version of the terminal management protocol specifications. | IsoMax6Text - Required 1..1 |
| ExchangeIdentification | Unique identification of an exchange occurrence. | IsoNumber - Optional 0..1 |
| CreationDateTime | Date and time at which the file or message was created. | IsoISODateTime - Required 1..1 |
| InitiatingParty | Unique identification of the partner that has initiated the exchange. | GenericIdentification72 - Required 1..1 |
| RecipientParty | Unique identification of the partner that is the recipient of the exchange. | GenericIdentification93 - Optional 0..1 |
CertificateManagementRequest building block
Information related to the request of certificate management. Information related to the request of certificate management. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% CertificateManagementRequest1 recursion level 0 with max 1
class CertificateManagementRequest1{
CertificateService CardPaymentServiceType10Code
SecurityDomain IsoMax70Text
BinaryCertificationRequest IsoMax20000Text
ClientCertificate IsoMax10KBinary
}
CertificateManagementRequest1 *-- "1..1" GenericIdentification72 : POIIdentification
CertificateManagementRequest1 *-- "0..1" GenericIdentification72 : TMIdentification
CertificateManagementRequest1 *-- "0..1" CertificationRequest1 : CertificationRequest
CertificateManagementRequest1 *-- "0..1" PointOfInteraction6 : WhiteListIdentification
%% GenericIdentification72 recursion level 1 with max 1
class GenericIdentification72{
Identification IsoMax35Text
Issuer PartyType6Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification72 recursion level 1 with max 1
class GenericIdentification72{
Identification IsoMax35Text
Issuer PartyType6Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% CertificationRequest1 recursion level 1 with max 1
class CertificationRequest1{
KeyIdentification IsoMax140Text
KeyVersion IsoMax140Text
}
CertificationRequest1 *-- "1..1" CertificationRequest2 : CertificateRequestInformation
%% PointOfInteraction6 recursion level 1 with max 1
class PointOfInteraction6{
ManufacturerIdentifier IsoMax35Text
Model IsoMax35Text
SerialNumber IsoMax35Text
}
CertificateManagementRequest1 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| POIIdentification | Identification of the terminal or system using the certificate management service. | GenericIdentification72 - Required 1..1 |
| TMIdentification | Identification of the TM or the MTM providing the Certificate Authority service. | GenericIdentification72 - Optional 0..1 |
| CertificateService | Requested certificate management service. | CardPaymentServiceType10Code - Required 1..1 |
| SecurityDomain | Identification of the client and server public key infrastructures containing the certificate. In addition, it may identify specific requirements of the customer. | IsoMax70Text - Optional 0..1 |
| BinaryCertificationRequest | PKCS#10 (Public Key Certificate Standard 10) certification request coded in base64 ASN.1/DER (Abstract Syntax Notation 1, Distinguished Encoding Rules) or PEM (Privacy Enhanced Message) format. | IsoMax20000Text - Optional 0..1 |
| CertificationRequest | Certification request PKCS#10 (Public Key Certificate Standard 10) for creation or renewal of an X.509 certificate. | CertificationRequest1 - Optional 0..1 |
| ClientCertificate | Created certificate. The certificate is ASN.1/DER encoded, for renewal or revocation of certificate. | IsoMax10KBinary - Optional 0..1 |
| WhiteListIdentification | Identification of the white list element, for white list addition or removal. | PointOfInteraction6 - Optional 0..1 |
SecurityTrailer building block
Trailer of the message containing a MAC or a digital signature. General cryptographic message syntax (CMS) containing data. protected by a MAC or a digital signature. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% ContentInformationType18 recursion level 0 with max 1
class ContentInformationType18{
ContentType ContentType2Code
}
ContentInformationType18 *-- "0..1" AuthenticatedData5 : AuthenticatedData
ContentInformationType18 *-- "0..1" SignedData5 : SignedData
%% AuthenticatedData5 recursion level 1 with max 1
class AuthenticatedData5{
Version IsoNumber
MAC IsoMax140Binary
}
AuthenticatedData5 *-- "1..0" IRecipient6Choice : Recipient
AuthenticatedData5 *-- "1..1" AlgorithmIdentification22 : MACAlgorithm
AuthenticatedData5 *-- "1..1" EncapsulatedContent3 : EncapsulatedContent
%% SignedData5 recursion level 1 with max 1
class SignedData5{
Version IsoNumber
Certificate IsoMax5000Binary
}
SignedData5 *-- "0..0" AlgorithmIdentification21 : DigestAlgorithm
SignedData5 *-- "0..1" EncapsulatedContent3 : EncapsulatedContent
SignedData5 *-- "0..0" Signer4 : Signer
ContentInformationType18 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| ContentType | Type of data protection. | ContentType2Code - Required 1..1 |
| AuthenticatedData | Data protection by a message authentication code (MAC). | AuthenticatedData5 - Optional 0..1 |
| SignedData | Data protected by a digital signatures. | SignedData5 - Optional 0..1 |
Extensibility and generalization considerations
To facilitate generalized design patterns in the system, the CertificateManagementRequestV02 implementation follows a specific implementaiton pattern. First of all, CertificateManagementRequestV02 impleemnts IOuterRecord indicating it is the outermost logical part of the message definition. Like all message wrappers, CertificateManagementRequestV02Document implements IOuterDocument. Because CertificateManagementRequestV02 implements IOuterDocument, it is a suitable template parameter for IOuterDocument, and causes the internal ‘Message’ to be of type CertificateManagementRequestV02.
classDiagram
class IOuterRecord
CertificateManagementRequestV02 --|> IOuterRecord : Implements
CertificateManagementRequestV02Document --|> IOuterDocument~CertificateManagementRequestV02~ : Implements
class IOuterDocument~CertificateManagementRequestV02~ {
CertificateManagementRequestV02 Message
}
Document wrapper for serialization
The only real purpose CertificateManagementRequestV02Document serves is to cause the document to be serialized into the ‘urn:iso:std:iso:20022:tech:xsd:catm.007.001.02’ namespace. Therefore, it will probably be the usual practice to build the message and construct this wrapper at the last minute using CertificateManagementRequestV02.ToDocument() method. The returned CertificateManagementRequestV02Document value will serialize correctly according to ISO 20022 standards.
classDiagram
CertificateManagementRequestV02Document *-- CertificateManagementRequestV02 : Document
Sample of message format
This is an abbreviated version of what the message should look like.
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:catm.007.001.02">
<CertMgmtReq>
<Hdr>
<!-- Header inner content -->
</Hdr>
<CertMgmtReq>
<!-- CertificateManagementRequest inner content -->
</CertMgmtReq>
<SctyTrlr>
<!-- SecurityTrailer inner content -->
</SctyTrlr>
</CertMgmtReq>
</Document>
Data from ISO specification
This is the technical data from the specification document.
<messageDefinition
xmi:id="_GPQT4dtdEee9e6xduATmQg"
nextVersions="_ZtrIsQ0VEeqUVL7sB4m7NA"
previousVersion="_EQjhgI4KEeW6h7rGyYlyTg"
name="CertificateManagementRequestV02"
definition="The certificate management request message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
"
registrationStatus="Registered"
messageSet="_urpIICeJEeOCeO5e7islRQ"
xmlTag="CertMgmtReq"
rootElement="Document"
xmlns:xmi="http://www.omg.org/XMI">
<messageBuildingBlock
xmi:id="_GPQT49tdEee9e6xduATmQg"
nextVersions="_ZtrIsw0VEeqUVL7sB4m7NA"
previousVersion="_mxb7oI4KEeW6h7rGyYlyTg"
name="Header"
definition="Information related to the protocol management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="Hdr"
complexType="_RtBnUY4CEeWrZqsymMFdfg" />
<messageBuildingBlock
xmi:id="_GPQT5dtdEee9e6xduATmQg"
nextVersions="_ZtrItQ0VEeqUVL7sB4m7NA"
previousVersion="_FkqYQI4LEeW6h7rGyYlyTg"
name="CertificateManagementRequest"
definition="Information related to the request of certificate management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="CertMgmtReq"
complexType="_199JII4KEeW6h7rGyYlyTg" />
<messageBuildingBlock
xmi:id="_GPQT59tdEee9e6xduATmQg"
nextVersions="_ZtrvwQ0VEeqUVL7sB4m7NA"
previousVersion="_sYvF4I4LEeW6h7rGyYlyTg"
name="SecurityTrailer"
definition="Trailer of the message containing a MAC or a digital signature."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="0"
xmlTag="SctyTrlr"
complexType="__DJZ4dtZEee9e6xduATmQg" />
<messageDefinitionIdentifier
businessArea="catm"
messageFunctionality="007"
flavour="001"
version="02" />
</messageDefinition>
ISO Building Blocks
The following items are used as building blocks to construct this message.