catm.007.001.05
The CertificateManagementRequest message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
Message Construction
Every ISO20022 message has at the highest level what we call ‘building blocks’. Because the message is constructed as immutable records, the association is by composition. Below you can see the relationship between the message and its constituent building blocks: For comparison, see the ISO20022 official specification
classDiagram
direction LR
%% CertificateManagementRequestV05 recursion level 0 with max 0
CertificateManagementRequestV05 *-- "1..1" TMSHeader1 : Header
CertificateManagementRequestV05 *-- "1..1" CertificateManagementRequest2 : CertificateManagementRequest
CertificateManagementRequestV05 *-- "0..1" ContentInformationType29 : SecurityTrailer
Now, we will zero-in one-by-one on each of these building blocks.
Header building block
Information related to the protocol management. Set of characteristics related to the transfer of transactions. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% TMSHeader1 recursion level 0 with max 1
class TMSHeader1{
DownloadTransfer IsoTrueFalseIndicator
FormatVersion IsoMax6Text
ExchangeIdentification IsoNumber
CreationDateTime IsoISODateTime
}
TMSHeader1 *-- "1..1" GenericIdentification176 : InitiatingParty
TMSHeader1 *-- "0..1" GenericIdentification177 : RecipientParty
TMSHeader1 *-- "0..0" Traceability8 : Traceability
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification177 recursion level 1 with max 1
class GenericIdentification177{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
GenericIdentification177 *-- "0..1" NetworkParameters7 : RemoteAccess
GenericIdentification177 *-- "0..1" Geolocation1 : Geolocation
%% Traceability8 recursion level 1 with max 1
class Traceability8{
ProtocolName IsoMax35Text
ProtocolVersion IsoMax6Text
TraceDateTimeIn IsoISODateTime
TraceDateTimeOut IsoISODateTime
}
Traceability8 *-- "1..1" GenericIdentification177 : RelayIdentification
TMSHeader1 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| DownloadTransfer | Indicates if the file transfer is a download or an upload. | IsoTrueFalseIndicator - Required 1..1 |
| FormatVersion | Version of file format. | IsoMax6Text - Required 1..1 |
| ExchangeIdentification | Unique identification of an exchange occurrence. | IsoNumber - Required 1..1 |
| CreationDateTime | Date and time at which the file or message was created. | IsoISODateTime - Required 1..1 |
| InitiatingParty | Unique identification of the partner that has initiated the exchange. | GenericIdentification176 - Required 1..1 |
| RecipientParty | Unique identification of the partner that is the recipient of the exchange. | GenericIdentification177 - Optional 0..1 |
| Traceability | Identification of partners involved in exchange from the merchant to the issuer, with the relative timestamp of their exchanges. | Traceability8 - Unknown 0..0 |
CertificateManagementRequest building block
Information related to the request of certificate management. Information related to the request of certificate management. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% CertificateManagementRequest2 recursion level 0 with max 1
class CertificateManagementRequest2{
CertificateService CardPaymentServiceType10Code
SecurityDomain IsoMax70Text
BinaryCertificationRequest IsoMax20000Text
ClientCertificate IsoMax10KBinary
}
CertificateManagementRequest2 *-- "1..1" GenericIdentification176 : POIIdentification
CertificateManagementRequest2 *-- "0..1" GenericIdentification176 : TMIdentification
CertificateManagementRequest2 *-- "0..1" CertificationRequest1 : CertificationRequest
CertificateManagementRequest2 *-- "0..1" PointOfInteraction6 : WhiteListIdentification
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% CertificationRequest1 recursion level 1 with max 1
class CertificationRequest1{
KeyIdentification IsoMax140Text
KeyVersion IsoMax140Text
}
CertificationRequest1 *-- "1..1" CertificationRequest2 : CertificateRequestInformation
%% PointOfInteraction6 recursion level 1 with max 1
class PointOfInteraction6{
ManufacturerIdentifier IsoMax35Text
Model IsoMax35Text
SerialNumber IsoMax35Text
}
CertificateManagementRequest2 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| POIIdentification | Identification of the terminal or system using the certificate management service. | GenericIdentification176 - Required 1..1 |
| TMIdentification | Identification of the TM or the MTM providing the Certificate Authority service. | GenericIdentification176 - Optional 0..1 |
| CertificateService | Requested certificate management service. | CardPaymentServiceType10Code - Required 1..1 |
| SecurityDomain | Identification of the client and server public key infrastructures containing the certificate. In addition, it may identify specific requirements of the customer. | IsoMax70Text - Optional 0..1 |
| BinaryCertificationRequest | PKCS#10 (Public Key Certificate Standard 10) certification request coded in base64 ASN.1/DER (Abstract Syntax Notation 1, Distinguished Encoding Rules) or PEM (Privacy Enhanced Message) format. | IsoMax20000Text - Optional 0..1 |
| CertificationRequest | Certification request PKCS#10 (Public Key Certificate Standard 10) for creation or renewal of an X.509 certificate. | CertificationRequest1 - Optional 0..1 |
| ClientCertificate | Created certificate. The certificate is ASN.1/DER encoded, for renewal or revocation of certificate. | IsoMax10KBinary - Optional 0..1 |
| WhiteListIdentification | Identification of the white list element, for white list addition or removal. | PointOfInteraction6 - Optional 0..1 |
SecurityTrailer building block
Trailer of the message containing a MAC or a digital signature. General cryptographic message syntax (CMS) containing data. protected by a MAC or a digital signature. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% ContentInformationType29 recursion level 0 with max 1
class ContentInformationType29{
ContentType ContentType2Code
}
ContentInformationType29 *-- "0..1" AuthenticatedData8 : AuthenticatedData
ContentInformationType29 *-- "0..1" SignedData7 : SignedData
%% AuthenticatedData8 recursion level 1 with max 1
class AuthenticatedData8{
Version IsoNumber
MAC IsoMax140Binary
}
AuthenticatedData8 *-- "1..0" IRecipient11Choice : Recipient
AuthenticatedData8 *-- "1..1" AlgorithmIdentification22 : MACAlgorithm
AuthenticatedData8 *-- "1..1" EncapsulatedContent3 : EncapsulatedContent
%% SignedData7 recursion level 1 with max 1
class SignedData7{
Version IsoNumber
Certificate IsoMax5000Binary
}
SignedData7 *-- "0..0" AlgorithmIdentification21 : DigestAlgorithm
SignedData7 *-- "0..1" EncapsulatedContent3 : EncapsulatedContent
SignedData7 *-- "0..0" Signer6 : Signer
ContentInformationType29 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| ContentType | Type of data protection. | ContentType2Code - Required 1..1 |
| AuthenticatedData | Data protection by a message authentication code (MAC). | AuthenticatedData8 - Optional 0..1 |
| SignedData | Data protected by a digital signatures. | SignedData7 - Optional 0..1 |
Extensibility and generalization considerations
To facilitate generalized design patterns in the system, the CertificateManagementRequestV05 implementation follows a specific implementaiton pattern. First of all, CertificateManagementRequestV05 impleemnts IOuterRecord indicating it is the outermost logical part of the message definition. Like all message wrappers, CertificateManagementRequestV05Document implements IOuterDocument. Because CertificateManagementRequestV05 implements IOuterDocument, it is a suitable template parameter for IOuterDocument, and causes the internal ‘Message’ to be of type CertificateManagementRequestV05.
classDiagram
class IOuterRecord
CertificateManagementRequestV05 --|> IOuterRecord : Implements
CertificateManagementRequestV05Document --|> IOuterDocument~CertificateManagementRequestV05~ : Implements
class IOuterDocument~CertificateManagementRequestV05~ {
CertificateManagementRequestV05 Message
}
Document wrapper for serialization
The only real purpose CertificateManagementRequestV05Document serves is to cause the document to be serialized into the ‘urn:iso:std:iso:20022:tech:xsd:catm.007.001.05’ namespace. Therefore, it will probably be the usual practice to build the message and construct this wrapper at the last minute using CertificateManagementRequestV05.ToDocument() method. The returned CertificateManagementRequestV05Document value will serialize correctly according to ISO 20022 standards.
classDiagram
CertificateManagementRequestV05Document *-- CertificateManagementRequestV05 : Document
Sample of message format
This is an abbreviated version of what the message should look like.
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:catm.007.001.05">
<CertMgmtReq>
<Hdr>
<!-- Header inner content -->
</Hdr>
<CertMgmtReq>
<!-- CertificateManagementRequest inner content -->
</CertMgmtReq>
<SctyTrlr>
<!-- SecurityTrailer inner content -->
</SctyTrlr>
</CertMgmtReq>
</Document>
Data from ISO specification
This is the technical data from the specification document.
<messageDefinition
xmi:id="_JeRIcVE_EeyApZmLzm74zA"
nextVersions="_RC0PQXPXEe2pK6udhxEaHA"
previousVersion="_DlBlES8kEeu125Ip9zFcsQ"
name="CertificateManagementRequestV05"
definition="The CertificateManagementRequest message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
"
registrationStatus="Registered"
messageSet="_fMW_Eb1vEeKoB-JG4saAMg_205458547"
xmlTag="CertMgmtReq"
rootElement="Document"
xmlns:xmi="http://www.omg.org/XMI">
<messageBuildingBlock
xmi:id="_JeRIc1E_EeyApZmLzm74zA"
nextVersions="_RC0PQ3PXEe2pK6udhxEaHA"
previousVersion="_DlBlEy8kEeu125Ip9zFcsQ"
name="Header"
definition="Information related to the protocol management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="Hdr"
complexType="_ROuPdwuhEeqw5uEXxQ9H4g" />
<messageBuildingBlock
xmi:id="_JeRIdVE_EeyApZmLzm74zA"
nextVersions="_RC0PRXPXEe2pK6udhxEaHA"
previousVersion="_DlBlFS8kEeu125Ip9zFcsQ"
name="CertificateManagementRequest"
definition="Information related to the request of certificate management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="CertMgmtReq"
complexType="_gt6twQ0UEeqUVL7sB4m7NA" />
<messageBuildingBlock
xmi:id="_JeRId1E_EeyApZmLzm74zA"
nextVersions="_RC0PR3PXEe2pK6udhxEaHA"
previousVersion="_DlBlFy8kEeu125Ip9zFcsQ"
name="SecurityTrailer"
definition="Trailer of the message containing a MAC or a digital signature."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="0"
xmlTag="SctyTrlr"
complexType="_uXF14VE1EeyApZmLzm74zA" />
<messageDefinitionIdentifier
businessArea="catm"
messageFunctionality="007"
flavour="001"
version="05" />
</messageDefinition>
ISO Building Blocks
The following items are used as building blocks to construct this message.