catm.007.001.04
The CertificateManagementRequest message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
Message Construction
Every ISO20022 message has at the highest level what we call ‘building blocks’. Because the message is constructed as immutable records, the association is by composition. Below you can see the relationship between the message and its constituent building blocks: For comparison, see the ISO20022 official specification
classDiagram
direction LR
%% CertificateManagementRequestV04 recursion level 0 with max 0
CertificateManagementRequestV04 *-- "1..1" TMSHeader1 : Header
CertificateManagementRequestV04 *-- "1..1" CertificateManagementRequest2 : CertificateManagementRequest
CertificateManagementRequestV04 *-- "0..1" ContentInformationType25 : SecurityTrailer
Now, we will zero-in one-by-one on each of these building blocks.
Header building block
Information related to the protocol management. Set of characteristics related to the transfer of transactions. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% TMSHeader1 recursion level 0 with max 1
class TMSHeader1{
DownloadTransfer IsoTrueFalseIndicator
FormatVersion IsoMax6Text
ExchangeIdentification IsoNumber
CreationDateTime IsoISODateTime
}
TMSHeader1 *-- "1..1" GenericIdentification176 : InitiatingParty
TMSHeader1 *-- "0..1" GenericIdentification177 : RecipientParty
TMSHeader1 *-- "0..0" Traceability8 : Traceability
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification177 recursion level 1 with max 1
class GenericIdentification177{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
GenericIdentification177 *-- "0..1" NetworkParameters7 : RemoteAccess
GenericIdentification177 *-- "0..1" Geolocation1 : Geolocation
%% Traceability8 recursion level 1 with max 1
class Traceability8{
ProtocolName IsoMax35Text
ProtocolVersion IsoMax6Text
TraceDateTimeIn IsoISODateTime
TraceDateTimeOut IsoISODateTime
}
Traceability8 *-- "1..1" GenericIdentification177 : RelayIdentification
TMSHeader1 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| DownloadTransfer | Indicates if the file transfer is a download or an upload. | IsoTrueFalseIndicator - Required 1..1 |
| FormatVersion | Version of file format. | IsoMax6Text - Required 1..1 |
| ExchangeIdentification | Unique identification of an exchange occurrence. | IsoNumber - Required 1..1 |
| CreationDateTime | Date and time at which the file or message was created. | IsoISODateTime - Required 1..1 |
| InitiatingParty | Unique identification of the partner that has initiated the exchange. | GenericIdentification176 - Required 1..1 |
| RecipientParty | Unique identification of the partner that is the recipient of the exchange. | GenericIdentification177 - Optional 0..1 |
| Traceability | Identification of partners involved in exchange from the merchant to the issuer, with the relative timestamp of their exchanges. | Traceability8 - Unknown 0..0 |
CertificateManagementRequest building block
Information related to the request of certificate management. Information related to the request of certificate management. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% CertificateManagementRequest2 recursion level 0 with max 1
class CertificateManagementRequest2{
CertificateService CardPaymentServiceType10Code
SecurityDomain IsoMax70Text
BinaryCertificationRequest IsoMax20000Text
ClientCertificate IsoMax10KBinary
}
CertificateManagementRequest2 *-- "1..1" GenericIdentification176 : POIIdentification
CertificateManagementRequest2 *-- "0..1" GenericIdentification176 : TMIdentification
CertificateManagementRequest2 *-- "0..1" CertificationRequest1 : CertificationRequest
CertificateManagementRequest2 *-- "0..1" PointOfInteraction6 : WhiteListIdentification
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% GenericIdentification176 recursion level 1 with max 1
class GenericIdentification176{
Identification IsoMax35Text
Type PartyType33Code
Issuer PartyType33Code
Country IsoMin2Max3AlphaText
ShortName IsoMax35Text
}
%% CertificationRequest1 recursion level 1 with max 1
class CertificationRequest1{
KeyIdentification IsoMax140Text
KeyVersion IsoMax140Text
}
CertificationRequest1 *-- "1..1" CertificationRequest2 : CertificateRequestInformation
%% PointOfInteraction6 recursion level 1 with max 1
class PointOfInteraction6{
ManufacturerIdentifier IsoMax35Text
Model IsoMax35Text
SerialNumber IsoMax35Text
}
CertificateManagementRequest2 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| POIIdentification | Identification of the terminal or system using the certificate management service. | GenericIdentification176 - Required 1..1 |
| TMIdentification | Identification of the TM or the MTM providing the Certificate Authority service. | GenericIdentification176 - Optional 0..1 |
| CertificateService | Requested certificate management service. | CardPaymentServiceType10Code - Required 1..1 |
| SecurityDomain | Identification of the client and server public key infrastructures containing the certificate. In addition, it may identify specific requirements of the customer. | IsoMax70Text - Optional 0..1 |
| BinaryCertificationRequest | PKCS#10 (Public Key Certificate Standard 10) certification request coded in base64 ASN.1/DER (Abstract Syntax Notation 1, Distinguished Encoding Rules) or PEM (Privacy Enhanced Message) format. | IsoMax20000Text - Optional 0..1 |
| CertificationRequest | Certification request PKCS#10 (Public Key Certificate Standard 10) for creation or renewal of an X.509 certificate. | CertificationRequest1 - Optional 0..1 |
| ClientCertificate | Created certificate. The certificate is ASN.1/DER encoded, for renewal or revocation of certificate. | IsoMax10KBinary - Optional 0..1 |
| WhiteListIdentification | Identification of the white list element, for white list addition or removal. | PointOfInteraction6 - Optional 0..1 |
SecurityTrailer building block
Trailer of the message containing a MAC or a digital signature. General cryptographic message syntax (CMS) containing data. protected by a MAC or a digital signature. For comparison, see the ISO20022 official specification
classDiagram
direction tb
%% ContentInformationType25 recursion level 0 with max 1
class ContentInformationType25{
ContentType ContentType2Code
}
ContentInformationType25 *-- "0..1" AuthenticatedData7 : AuthenticatedData
ContentInformationType25 *-- "0..1" SignedData6 : SignedData
%% AuthenticatedData7 recursion level 1 with max 1
class AuthenticatedData7{
Version IsoNumber
MAC IsoMax140Binary
}
AuthenticatedData7 *-- "1..0" IRecipient10Choice : Recipient
AuthenticatedData7 *-- "1..1" AlgorithmIdentification22 : MACAlgorithm
AuthenticatedData7 *-- "1..1" EncapsulatedContent3 : EncapsulatedContent
%% SignedData6 recursion level 1 with max 1
class SignedData6{
Version IsoNumber
Certificate IsoMax5000Binary
}
SignedData6 *-- "0..0" AlgorithmIdentification21 : DigestAlgorithm
SignedData6 *-- "0..1" EncapsulatedContent3 : EncapsulatedContent
SignedData6 *-- "0..0" Signer5 : Signer
ContentInformationType25 members
| Member name | Description | Data Type / Multiplicity |
|---|---|---|
| ContentType | Type of data protection. | ContentType2Code - Required 1..1 |
| AuthenticatedData | Data protection by a message authentication code (MAC). | AuthenticatedData7 - Optional 0..1 |
| SignedData | Data protected by a digital signatures. | SignedData6 - Optional 0..1 |
Extensibility and generalization considerations
To facilitate generalized design patterns in the system, the CertificateManagementRequestV04 implementation follows a specific implementaiton pattern. First of all, CertificateManagementRequestV04 impleemnts IOuterRecord indicating it is the outermost logical part of the message definition. Like all message wrappers, CertificateManagementRequestV04Document implements IOuterDocument. Because CertificateManagementRequestV04 implements IOuterDocument, it is a suitable template parameter for IOuterDocument, and causes the internal ‘Message’ to be of type CertificateManagementRequestV04.
classDiagram
class IOuterRecord
CertificateManagementRequestV04 --|> IOuterRecord : Implements
CertificateManagementRequestV04Document --|> IOuterDocument~CertificateManagementRequestV04~ : Implements
class IOuterDocument~CertificateManagementRequestV04~ {
CertificateManagementRequestV04 Message
}
Document wrapper for serialization
The only real purpose CertificateManagementRequestV04Document serves is to cause the document to be serialized into the ‘urn:iso:std:iso:20022:tech:xsd:catm.007.001.04’ namespace. Therefore, it will probably be the usual practice to build the message and construct this wrapper at the last minute using CertificateManagementRequestV04.ToDocument() method. The returned CertificateManagementRequestV04Document value will serialize correctly according to ISO 20022 standards.
classDiagram
CertificateManagementRequestV04Document *-- CertificateManagementRequestV04 : Document
Sample of message format
This is an abbreviated version of what the message should look like.
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:catm.007.001.04">
<CertMgmtReq>
<Hdr>
<!-- Header inner content -->
</Hdr>
<CertMgmtReq>
<!-- CertificateManagementRequest inner content -->
</CertMgmtReq>
<SctyTrlr>
<!-- SecurityTrailer inner content -->
</SctyTrlr>
</CertMgmtReq>
</Document>
Data from ISO specification
This is the technical data from the specification document.
<messageDefinition
xmi:id="_DlBlES8kEeu125Ip9zFcsQ"
nextVersions="_JeRIcVE_EeyApZmLzm74zA"
previousVersion="_ZtrIsQ0VEeqUVL7sB4m7NA"
name="CertificateManagementRequestV04"
definition="The CertificateManagementRequest message is sent by a POI terminal or any intermediary entity either to a terminal manager acting as a certificate authority for managing X.509 certificate of a public key owned by the initiating party, or for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
"
registrationStatus="Registered"
messageSet="_urpIICeJEeOCeO5e7islRQ"
xmlTag="CertMgmtReq"
rootElement="Document"
xmlns:xmi="http://www.omg.org/XMI">
<messageBuildingBlock
xmi:id="_DlBlEy8kEeu125Ip9zFcsQ"
nextVersions="_JeRIc1E_EeyApZmLzm74zA"
previousVersion="_ZtrIsw0VEeqUVL7sB4m7NA"
name="Header"
definition="Information related to the protocol management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="Hdr"
complexType="_ROuPdwuhEeqw5uEXxQ9H4g" />
<messageBuildingBlock
xmi:id="_DlBlFS8kEeu125Ip9zFcsQ"
nextVersions="_JeRIdVE_EeyApZmLzm74zA"
previousVersion="_ZtrItQ0VEeqUVL7sB4m7NA"
name="CertificateManagementRequest"
definition="Information related to the request of certificate management."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="1"
xmlTag="CertMgmtReq"
complexType="_gt6twQ0UEeqUVL7sB4m7NA" />
<messageBuildingBlock
xmi:id="_DlBlFy8kEeu125Ip9zFcsQ"
nextVersions="_JeRId1E_EeyApZmLzm74zA"
previousVersion="_ZtrvwQ0VEeqUVL7sB4m7NA"
name="SecurityTrailer"
definition="Trailer of the message containing a MAC or a digital signature."
registrationStatus="Provisionally Registered"
maxOccurs="1"
minOccurs="0"
xmlTag="SctyTrlr"
complexType="_kWoPYS8jEeu125Ip9zFcsQ" />
<messageDefinitionIdentifier
businessArea="catm"
messageFunctionality="007"
flavour="001"
version="04" />
</messageDefinition>
ISO Building Blocks
The following items are used as building blocks to construct this message.