TIBCO BusinessConnect EBICS Protocol User s Guide. Software Release 1.0 December 2011

(1)

TIBCO BusinessConnect

EBICS Protocol™

User’s Guide

Software Release 1.0 December 2011

(2)

OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE

AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.

This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.

TIBCO, The Power of Now, TIBCO Hawk, TIBCO Rendezvous, TIBCO Runtime Agent, TIBCO ActiveMatrix BusinessWorks, TIBCO Administrator, and TIBCO Designer are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.

EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES..

(3)

Contents

_|

iii

Preface

TIBCO BusinessConnect™ EBICS Protocolis a protocol used by banks in European countries that enables banking clients, such as corporations, to communicate with banks securely.

Topics

• Related Documentation, page vi • Typographical Conventions, page viii • Connecting with TIBCO Resources, page x

(6)

TIBCO BusinessConnect

™

EBICS Protocol Documentation

The following documents form the TIBCO BusinessConnect EBICS Protocol documentation set:

• TIBCO BusinessConnect™EBICS Protocol Installation and Configuration: Read this guide to install and configure TIBCO BusinessConnect EBICS Protocol. • TIBCO BusinessConnect™EBICS Protocol User’s Guide: Read this guide to to

learn how to manage TIBCO BusinessConnect EBICS Protocol.

• TIBCO BusinessConnect™EBICS Protocol Release Notes: Read this document to learn about new features, changes in functionality, deprecated features, known issues, and closed issues for each release. This document is supplied for each release and is available only in PDF format.

TIBCO BusinessConnect

™

Documentation

The following documents form the BusinessConnect documentation set:

• TIBCO BusinessConnect™ Installation and Configuration. Read this guide to learn

how to install and configure TIBCO BusinessConnect.

• TIBCO BusinessConnect™ Concepts: Read this guide to learn about TIBCO

BusinessConnect architecture, deployment modes, protocols, and security. • TIBCO BusinessConnect Interior Server™ Administration: Read this guide in

order to administer, operate, and manage TIBCO BusinessConnect Interior Server.

• TIBCO BusinessConnect Gateway Server™ Administration: Read this guide in

order to administer, operate, and manage TIBCO BusinessConnect Gateway Server.

• TIBCO BusinessConnect™ Trading Partner Administration: Read this guide to

configure and manage trading partners.

• TIBCO BusinessConnect™ Scripting Deployment User’s Guide: Read this guide to

(7)

Preface

_|

vii

Typographical Conventions

The following typographical conventions are used in this manual.

Table 1 General Typographical Conventions

Convention Use

ENV_NAME TIBCO_HOME

ebics_HOME

TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments.

An installation environment consists of the following properties:

• Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is

appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu.

• Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME.

TIBCO BusinessConnect EBICS Server installs into a directory within a

TIBCO_HOME. This directory is referenced in documentation as ebics_HOME. The default value of ebics_HOME depends on the operating system. For example on Windows systems, the default value is

C:\tibco\bc\version\protocols\ebics

code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:

Use MyCommand to start the foo process.

bold code font

Bold code font is used in the following ways:

• In procedures, to indicate what a user types. For example: Type admin. • In large code samples, to indicate the parts of the sample that are of

particular interest.

(9)

Preface

_|

ix

italic font Italic font is used in the following ways:

• To indicate a document title. For example: See TIBCO ActiveMatrix

BusinessWorks Concepts.

• To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal.

• To indicate a variable in a command or code syntax that you must replace. For example: MyCommandPathName

Key

combinations

Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C.

Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.

The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.

The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result. The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.

Table 1 General Typographical Conventions (Cont’d)

(10)

Connecting with TIBCO Resources

How to Join TIBCOmmunity

TIBCOmmunity is an online destination for TIBCO customers, partners, and resident experts, a place to share and access the collective experience of the TIBCO community. TIBCOmmunity offers forums, blogs, and access to a variety of resources. To register, go to http://www.tibcommunity.com.

How to Access All TIBCO Documentation

After you join TIBCOmmunity, you can access the documentation for all supported product versions here:

http://docs.tibco.com/TibcoDoc

How to Contact TIBCO Support

For comments or problems with this manual or the software it addresses, please contact TIBCO Support as follows.

• For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site:

http://www.tibco.com/services/support

• If you already have a valid maintenance or support contract, visit this site: https://support.tibco.com

Entry to this site requires a user name and password. If you do not have a user name, you can request one.

(11)

|

1

Chapter 1

Introduction

This chapter gives an overview of EBICS (Electronic Banking Internet

Communication Standard) and explains briefly how TIBCO BusinessConnect is used as an EBICS client.

Topics

• Overview on page 2

(12)

Overview

TIBCO BusinessConnect™ EBICS Protocol provides a client-side implementation of EBICS (Electronic Banking Internet Communication Standard) version 2.4.2 and is limited to supporting what is known as EBICS Profile T. This chapter introduces TIBCO BusinessConnect EBICS Protocol and its support for EBICS Profile T. For specification information on EBICS version 2.4.2, please refer to the document: Specification EBICS (Electronic Banking Internet Communication Standard)

Version 2.4.2.

The current version of the EBICS specification is version 2.5.0, which was released in May 26, 2011 and is not yet supported byTIBCO BusinessConnect EBICS Protocol. The current version of the EBICS specification, as well as past versions of the EBICS specification, can be found at:

http://www.ebics.org

EBICS Profile T is defined in the document EBICS - Implementation Guide in France,

Version 2.1.3. This version is consistent with V2.4.2 of the specifications. This French

Implementation Guide can be found at:

http://www.cfonb.org/Web/cfonb/cfonbmain.nsf/DocumentsByIDWeb/7 KUEQA?OpenDocument&loglvl=7KUELS

About EBICS

The Electronic Banking Internet Communication Standard (EBICS) is a standard used in the banking industries of Germany and France that specifies the

transmission protocol for exchanging information between banks and their customers. It is a client-server protocol that uses the Internet and HTTPS as the transport for the exchange of information. The data being exchanged is encoded into XML documents, and encryption and digital signatures are applied for security. Additionally, the electronic signature of a person can be applied to authorize the financial transactions contained in the XML documents. EBICS was first developed for use in Germany and later extended for use in France, where it has replaced the use of ETEBAC3 and ETEBAC5. When using EBICS to replace ETEBAC3, an order is sent to the bank using EBICS, but confirmation that the order should be executed by the bank is sent through a communication channel other than EBICS (such as email, fax). In other words,

(13)

TIBCO BusinessConnect as an EBICS Client

_|

3

TIBCO BusinessConnect as an EBICS Client

TIBCO BusinessConnect EBICS Protocol is designed to act as an EBICS technical subscriber that handles the transmission of all orders to the various banks you may want to communicate with. A technical subscriber executes all EBICS requests on behalf of users. The following diagram depicts the flow of transactions between your back end systems and a bank using TIBCO BusinessConnect EBICS Protocol.

Figure 1 TIBCO BusinessConnect as an EBICS Client

Establishing a Banking Relationship

To begin using TIBCO BusinessConnect EBICS Protocol, you as a customer of a bank must contact the bank and exchange the information required in order for the bank to set you up as a customer on their EBICS banking server. Some of the information the bank will need to know from you are:

• Your account number • The name on your account

• The number of users who will be sending/receiving EBICS transactions. (See Note A) Company A HTTPS BC Server _RV/JMS Internet Enterprise Systems Private Process Incoming Private Process Outgoing Private Process Legend RV = TIBCO Rendezvous BC = TIBCO BusinessConnect

(14)

• The type of the user (such as technical versus human) (See Note A) • Whether the user can sign for orders. (See Note A)

• The types of EBICS orders the users are allowed to send/retrieve.

• Which orders need confirmation before the bank should execute them. (See Note B)

• Who is responsible for confirming orders. (See Note B)

• The method of sending order confirmations outside of EBICS. (See Note B)

In return for your information, the bank will provide you with the information needed to establish communication with the bank using EBICS. The information the bank will provide you with will include:

• Bank Name The bank's name

• Bank URL HTTPS URL for connecting to the bank. • Bank Host ID ID of the bank.

• Customer ID ID assigned to the customer by the bank. • User ID ID assigned to the user by the bank.

• User Name Name of the user.

• E001 Hash Value Not used. (See Note C) • X001 Hash Value Not used. (See Note C)

Note A: When establishing your relationship with a bank, it is important to let the bank know that you will have only one user sending orders to the bank and that the user is a technical user. This is because the user is being implemented by TIBCO BusinessConnect EBICS Protocol. The name you use for the

BusinessConnect user can be any arbitrary name.

Note B: When orders are sent to a bank, some orders must be confirmed before they will be executed with the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should be

(15)

_|

5

• Bank SSL Cert Used for communicating via HTTPS with the bank

You will then configure your TIBCO BusinessConnect host and a trading partner for the bank using this information. See Chapter 2, Setting Up Trading Hosts and Partners, page 9 for detailed information on how to configure TIBCO

BusinessConnect with the above information.

EBICS Key and Certificate Management with TIBCO BusinessConnect

Each user requires three keys for sending orders to banks.

• User Signature Key Used to generate electronic signature (ES) of the order data that the client sends to the bank.

• Authentication Key Used for identification and authentication of the client by the bank.

• Encryption Key Used for decryption of the symmetric key sent with orders that is used for encryption of the orders and electronic signatures.

On the bank's side, all of the keys except for the signature key are used. Prior to sending any order to a bank, you must first initialize the TIBCO

BusinessConnect user with the bank. The initialization process consists of these steps:

1. Send the user keys to the bank.

2. Send initialization letters with the public key information to the bank via a separate communication channel (such as fax).

3. Wait for the bank to release the user on their EBICS bank server. 4. Download the bank's public keys or certificates.

5. Verify the hash values of the bank's public keys.

TIBCO BusinessConnect EBICS Protocol provides the tool bcebicsmanage for the management of your EBICS keys and certificates during initialization of the TIBCO BusinessConnect user with a bank.

The bcebicsmanage tool provides the following capabilities:

• RSA public/private key pair generation according to the EBICS specification. • X.509 self-signed certificate generation using the generated key pairs

• Initial client X.509 certificate exchange with banks via EBICS INI and HIA Note C: The E001 and X001 Hash Values are not used by TIBCO BusinessConnect as they pertain to earlier versions of the EBICS specification that are not

(16)

• Generation of initialization letters for the public keys or certificates. • Retrieval of the bank's public keys and certs via EBICS HPB order type. • Verification of the hash values for the bank's public keys.

• Update of existing client public keys and certificates with banks via EBICS HCS, HCA, and PUB order types.

The bcebicsmanage tool works in conjunction with your TIBCO BusinessConnect configuration repository when running its commands. If the business agreement between your TIBCO BusinessConnect host and the bank's trading partner has not been configured with any of the three keys needed for exchanging orders with the bank, those keys will be automatically created during initialization of the TIBCO BusinessConnect host with the bank server and then uploaded back into the TIBCO BusinessConnect configuration repository.

The diagram in Figure 2 depicts the case where bcebicsmanage creates the TIBCO BusinessConnect host's EBICS client keys and certificates, sends the certificates to the bank server, and then uploads the keys and certificates back to the TIBCO BusinessConnect repository. The diagram also depicts how, after initialization, bcebicsmanage is used to retrieve the bank's public keys and certificates and upload them into the TIBCO BusinessConnect Repository.

Figure 2 Keys Created by BCEBICSMANAGE

BusinessConnect

Bank EBICS Server

EBICS Client System

Internet BCEBICSMANAGE Bank SSL Certificate Bank URL Bank ID Customer ID User ID

Client Private Keys & X.509 Certificates

Bank Public Keys & Certificates Client X,509

(17)

_|

7

When keys and certificates are generated by the bcebicsmanage tool, the

generated keys and certificates will be encoded into the proper format; when keys are generated outside of the bcebicsmanage tool, the user is responsible for making sure that the key is encoded in PKCS#12 format.

The bcebicsmanage tool is only used for initialization of the TIBCO

BusinessConnect user with a bank, and whenever new keys or certificates need to be exchanged with the bank. The keys and certificates that are generated by bcebicsmanage will expire in five years, since the French Implementation Guide states that is when self-signed certificates should expire. You should also be aware that the French Implementation Guide states that keys that you create and that are signed by a Certification Authority (CA) should expire in three years.

For further information on bcebicsmanage and how to run the commands to initialize a user or update keys, see Chapter 4, Key Management with

bcebicsmanage, page 25.

EBICS Order Transfers

Once BusinessConnect has been initialized with a bank and the bank's public keys or certificates have been downloaded and the hashes verified, you are now capable of sending orders to the bank.

EBICS defines two types of orders: upload and download. Both types of orders are initiated by the EBICS client. For download orders, an order to request the download is first sent to the bank, and the response to the request will contain the actual downloaded data.

TIBCO BusinessConnect EBICS Protocol supports the order types FUL and FDL, which are defined for use in France. FUL is used for upload orders, while FDL is used for download orders. Both FUL and FDL orders are further refined by specifying the file format to use for an order. For detailed information on how to configure TIBCO BusinessConnect EBICS Protocol for upload and download orders, see Chapter 5, Managing EBICS Operations, page 35.

Confirming Orders

When orders are sent to a bank, some orders must be confirmed before they will be executed by the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should have been established during the setting up of your relationship with the bank.

(18)

(19)

|

9

Chapter 2

Setting Up Trading Hosts and Partners

This chapter explains how to set up trading hosts and partners for TIBCO BusinessConnect EBICS Protocol.

Topics

• Configuring a Host on page 11 • Configuring a Partner on page 12

(20)

Overview

Using the TIBCO Administrator UI, the TIBCO BusinessConnect administrator sets up trading partners and configures a business agreement as follows:

1. Configure the Host participant, which will represent the user, and set it up for the EBICS protocol.

See Configuring a Host, page 11.

2. Configure the Partner participant, which will represent the bank, and import the bank SSL certificate.

Then, configure the user information provided by the bank. See Configuring a Partner, page 12.

3. Create a business agreement between the Host and the Partner (Bank). See Chapter 3, Configuring Business Agreements, page 17.

Once you have finished all partner and business agreement configuration steps, use the bcebicsmanage tool to initialize the user as explained in Chapter 4, Key Management with bcebicsmanage, page 25.

(21)

Configuring a Host

_|

11

Configuring a Host

To configure a host that will play the role of a user in this installation, do the following:

1. Select BusinessConnect>Participants. 2. Click the New button.

3. Type the host’s name in the Name field. 4. Select Host in the Type drop-down list. 5. Click OK.

6. In the New Host Participant dialog, select the Active checkbox. 7. Click Apply.

8. Select the Protocols tab.

If the TIBCO BusinessConnect EBICS Protocol has already been activated as explained in TIBCO BusinessConnect EBICS Protocol Installation and

Configuration, Protocol Activation, it is now listed under Enabled Protocols.

Otherwise, you need to enable it first. 9. Click on the EBICS link.

Select or enter the information according to Table 1.

10. Click Save.

Table 1 Host Settings: General Tab

Field Description

Valid Email Address List

(Not used for EBICS)

Authentication Key Type

The authentication key type to use during initialization process. The only value allowed for this release is X002.

Encryption Key Type

The encryption key type to use during initialization process. The only value allowed for this release is E002.

User Signature Key Type

This key is used for creating the transport signature. The only value allowed for this release is A005.

(22)

Configuring a Partner

TIBCO BusinessConnect partner in this installation represents the bank.

To configure the partner, bank information contained in the user access document is entered as partner properties.

1. Select BusinessConnect>Participants. 2. Click the New button.

3. Type partner’s name in the Name box. 4. Select Partner in the Type dropdown list. 5. Click OK.

6. In the New Partner Participant window, select the Active checkbox. 7. Click Apply.

Enable Protocol for the Partner

1. Select the Protocols tab. 2. Click Enable.

The dialog with installed protocols appears. 3. Select the checkbox next to EBICS.

4. Click OK.

The EBICS protocol is now in the Enabled Protocols list. 5. Click on the EBICS link.

The Edit Enabled Protocol dialog appears, with the following tabs: — General Tab, page 13

(23)

Configuring a Partner

_|

13

General Tab

Select or enter information as explained in Table 2.

Table 2 Partner Settings: General Tab

Valid Email Address List

HostID for Bank The hostID of the bank (required) Bank Name The bank’s name (required) EBICS Protocol

Version

Currently, only protocol version H003 is supported.

Hash Values for Bank Keys

E002 Hash value for the bank's E002 certificate (required) X002 Hash value for the bank's X002 certificate (required)

Test Mode When selected, runtime will send Test requests to the bank.

An OrderParm named TEST will be added to the request, which will treat the request as a test request.

For the FUL operation, there is a FULOrderParams element connected with the parameter TEST; for the FDL operation, TEST is not available.

Technical Subscriber Information EBICS Customer

ID

ID assigned to the customer by the bank (required)

EBICS User ID ID assigned to the user by the bank (required) EBICS User Name User name (required)

(24)

Click Save.

Transports Tab

To add a transport for the partner, do the following: 1. Click on the Transports tab.

2. Click Add.

Enter data for the new transport as explained in Table 3.

3. Click OK.

4. Configure the new EBICS transport as described in Table 4. OrderID Prefix A character in the range A - Z.

A user is assigned a character, and all the orders sent by this user will have an orderID starting with this character.

Every FUL request sent by a user should have a unique orderID. The orderID can range from prefix+000 to prefix+ZZZ. TIBCO BusinessConnect will create a unique orderId by incrementing it for every order sent by this user.

If an orderID prefix is changed for a given user, the orderID sequence with the previous prefix will be saved; for example, when any of the previously used prefixes are specified, the sequence number with that prefix will be used Reset OrderID Reset the OrderID in TIBCO BusinessConnect to prefix+000. The orderID is

reset only after a user is initialized.

Table 2 Partner Settings: General Tab

Table 3 New Transport for the Partner

Name Enter the name for the transport (required)

(25)

Configuring a Partner

_|

15

5. Click Save three times.

Manage Partner Credentials

You can upload a partner certificate using the Credentials tab:

New Certificate

To upload a new certificate for the partner, perform these steps: 1. Select BusinessConnect>Participants> partner> Credentials tab. 2. Click New Certificate.

Type the name of the key in the Alias field. 3. In the Current Credential line click change.

Browse and navigate to the file containing the public key and click OK. 4. Click Save.

The new certificate for the partner is now listed in the Credential Name list.

Table 4 New EBICS Transport

Transport Name The transport name can be changed

URL URL of the bank EBICS server (required), such as: www.hostname.com/bank/EbicsServlet

Server Certificate Add the SSL certificate sent from the bank. This certificate can be uploaded as explained in TIBCO BusinessConnect Trading Partner Administration, Managing Partner Credentials.

Socket Timeout (sec) Leave the default (300).

SSH public keys and PGP public keys are not used for TIBCO BusinessConnect EBICS Protocol.

(26)

(27)

|

17

Chapter 3

Configuring Business Agreements

This chapter explains how to configure business agreements and protocol bindings for TIBCO BusinessConnect EBICS Protocol.

Topics

• Adding a New Business Agreement on page 18

• Configuring Agreement Protocol Binding for EBICS on page 19 • Operation Bindings Tab on page 20

• Document Security Tab on page 22 • Transports Tab on page 24

(28)

Adding a New Business Agreement

After the TIBCO BusinessConnect host and bank trading partner have been configured, you will now configure their business agreement.

1. Select BusinessConnect>Business Agreements. 2. Click the New button.

The New Agreement dialog appears.

Verify that EBICS appears in the Protocols column for both trading partners between which you wish to configure a business agreement. If EBICS is missing, return back to Enable Protocol for the Partner, page 12 and enable the EBICS protocol.

3. Select a host from the Host Party list that has EBICS protocol enabled. 4. Select a partner from the Partner Party list hat has EBICS protocol enabled. 5. Click OK.

The New Agreement, general dialog appears.

6. Confirm that the Valid checkbox is selected. This will make the agreement valid immediately.

If you wish to make the agreement valid for a certain time period, do the following:

— Use the Start Date dropdown lists to specify the start date.

— Use the End Date dropdown lists to specify the stop date. This date has to be later than the start date.

(29)

Configuring Agreement Protocol Binding for EBICS

_|

19

Configuring Agreement Protocol Binding for EBICS

To configure EBICS agreement protocol bindings, follow these steps: 1. In the New Agreement dialog, click Add Protocol Bindings. 2. In the Select Protocol dialog, select the checkmark next to EBICS. 3. Click OK.

The New Agreement dialog appears.

4. Click the EBICS link in the Agreement Protocol Binding list.

The following tabs for configuring protocol binding options are available: — Operation Bindings Tab

— Document Security Tab — Transports Tab

(30)

Operation Bindings Tab

Use the Operations Binding tab to configure the EBICS operations that each participant in a business agreement can initiate and respond to. The Host ’X’ Can Initiate and Partner ’Y’ Can Initiate areas list the activities that the host/partner can initiate and the partner/host can respond to.

1. Enter information according to Table 5.

2. In the Host can initiate section, click Add Operation Binding.

3. Click the topmost (+) to expand the operation tree and select the operation. 4. Click OK.

The selected operation appears in the Operation Name list.

Edit Operation Bindings for the Host

Click the operation in the panel Host can initiate. The following tabs for configuring options are available: • Operation Settings Tab

• Transports Tab

Table 5 Edit Protocol Binding: Operation Binding Tab

Allow All Operations

This checkbox is selected by default. If you leave it selected, you don’t need to specify operation bindings that the host or partner can initiate.

If the checkbox is cleared, you need to define the specific operation bindings. Non Repudiation

Logging

(31)

Operation Bindings Tab

_|

21

Operation Settings Tab

Override the operation settings using Table 6.

Click Save.

Transports Tab

Configure transport settings using Table 7.

Click Save.

Show Advanced Button

In TIBCO BusinessConnect EBICS Protocol there are no properties that can be overridden. Therefore this option is not applicable although it appears in the TIBCO Administrator GUI.

Edit Operation Bindings for the Partner

Table 6 Override Outbound Settings: Operation Settings Tab (All Operations)

Override Operation Settings

Select the checkbox to override the operation settings for this operation. These settings have been previously configured.

Inbound for FDL; Outbound for FUL

Validate Message When selected, the request message will be validated.

Table 7 Override Outbound Settings: Transports Tab (All Operations)

Override Transports Select to override the originally configured transport for the host. Override Outbound Transports

Primary Transport Select any of the transports previously configured for the partner. See Transports Tab, page 14 for more details.

Operation bindings for the partner are not used for TIBCO BusinessConnect EBICS Protocol since the bank cannot initiate a transaction with TIBCO BusinessConnect.

(32)

Document Security Tab

The Document Security tab is used to specify security settings for the business transaction that is being exchanged.

1. Configure document security using the information provided on Table 8. Before using the Document Security tab to select any keys or certificates, you must first configure these keys or certificates as explained in TIBCO

BusinessConnect Trading Partner Administration, Managing Host Credentials.

Keep in mind that only one set of valid bank keys may exist at one time. Therefore, shadow certificates cannot be used for EBICS.

Table 8 Edit Protocol Bindings: Document Security Tab

Field Enter/Select

Outbound Doc Exchange Signing Info Settings

Signing Key Select the signing private key of the host from the dropdown list. This key is used to generate the EBICS identification and authentication signature on messages sent to the EBICS bank server.

When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Authentication Key Type setting.

User Signature Info Settings

User Signature Key Select the user signature private key of the host from the dropdown list. This key is used to generate the electronic signature of the order data that the client uploads to the bank.

When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting

(33)

Document Security Tab

_|

23

Encryption Info Settings Encryption

Certificate

Specifies the Encryption certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically.

Inbound Doc Exchange Signing Info Settings Verification

Certificate

Specifies the Verification certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically.

Encryption Info Settings

Decryption Key Select the decryption private key of the host from the dropdown list. This key is used for decryption of the symmetric key, which is sent with orders and is used for encryption of the orders and electronic signatures. When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Encryption Key Type setting.

Table 8 Edit Protocol Bindings: Document Security Tab

(34)

Transports Tab

Configure transports for the host according to Table 9.

Click Save twice.

Advanced Tab

Advanced configuration settings are not supported for TIBCO BusinessConnect EBICS Protocol.

Table 9 Configure Transports for the Host

Outbound Transports for Host

This section is is used for specifying transport information for the outbound direction, or host to trading partner.

Primary Transport Select the outbound transport that was previously configured for the host. See Transports Tab, page 14 for more details.

Client

Authentication Identity for HTTPS, FTPS, HTTPS CA

Client

Authentication Identity for SSHFTP

Allowed Inbound Transports for Partner

Since the EBCIS bank cannot initiate a transaction with TIBCO BusinessConnect, no inbound transport configuration is needed.

(35)

|

25

Chapter 4

Key Management with bcebicsmanage

This chapter explains how to manage keys that belong to the TIBCO BusinessConnect user using the bcebicsmanage tool.

Topics

• Initializing the TIBCO BusinessConnect User on page 27

• Suspending Bank Access of the TIBCO BusinessConnect User on page 29 • Updating TIBCO BusinessConnect User Keys on page 30

• Recovering From Upload Errors to TIBCO BusinessConnect on page 31 • bcebicsmanage Keystore on page 32

(36)

Overview

TIBCO BusinessConnect EBICS Protocol provides a tool, bcebicsmanage, to perform the functions relating to key management of the TIBCO BusinessConnect user.

This chapter describes the key management functions provided by the bcebicsmanage tool and when they are used. For specific details on how to configure the bcebicsmanage tool and how to run each of the commands, see Appendix A, bcebicsmanage Command Reference, page 59..

This chapter describes how to use the bcebicsmanage tool to perform the following:

• Create keys for the TIBCO BusinessConnect user. • Send the TIBCO BusinessConnect user keys to the bank. • Retrieve the bank's public keys.

• Verify the hashes of the bank's public keys.

• Upload the keys generated for the TIBCO BusinessConnect user to the TIBCO BusinessConnect repository.

• Upload the bank's public keys to the TIBCO BusinessConnect repository. • Change the keys for the TIBCO BusinessConnect user.

(37)

Initializing the TIBCO BusinessConnect User

_|

27

Initializing the TIBCO BusinessConnect User

Two bcebicsmanage tool commands, -init and -verify, are used when the TIBCO BusinessConnect user first initializes with the EBICS server of a bank. The -init command sends the certificates associated with the private keys of the TIBCO BusinessConnect user to the bank; the -verify command retrieves the bank's public keys and verifies the hash values of those keys with the ones which were previously provided by the bank.

-init The -init command is typically run just once to initiate the setup of an EBICS client with a bank's EBICS server. You will run the -init command when the bank has indicated that the TIBCO BusinessConnect user has been configured on their EBICS server. When you run the -init command the following occurs: • If private keys have been configured in the Document Security settings of the

business agreement, those keys are retrieved from the TIBCO BusinessConnect repository.

• Any key that has not been configured will be generated according to the French Implementation Guide for EBICS.

• Self-signed X.509 certificates will be generated for any private keys created. • The X.509 certificates for all 3 keys (authentication, encryption, and user

signature) will be sent to the bank using the EBICS INI and HIA commands. • Initialization letters for the 3 keys will be created in the directory

BC_HOME/protocols/ebics/tools/letters.

• The generated keys will be uploaded back into the TIBCO BusinessConnect repository.

• The Document Security settings of the business agreement will be updated with the generated keys.

After running the -init command, you will need to sign each of the initialization letters and send them to the bank by some other means than using EBICS; for example, you could fax the letters to the bank. The method for sending the initialization letters to the bank should be established in the contract between you and the bank.

-verify Once the bank has indicated that the public keys (contained in the X.509 certificates) of the TIBCO BusinessConnect user have been released on their EBICS server, you can run the -verify command to download the bank's public keys. The -verify command can be run any number of times, but typically will be run once after the -init command is run, and then again whenever the bank

(38)

When you run the -verify command the following occurs:

• The bank's authentication and encryption public keys are retrieved using the EBICS HPB command.

• The hash values of the retrieved keys are compared against the hash values configured for the keys in the General settings of the bank's trading partner configuration in the TIBCO BusinessConnect Administrator GUI.

• If the public keys are not retrieved as X.509 certificates, new X.509 certificates are created for the keys. These X.509 certificates are signed by the internal CA of the bcebicsmanage tool.

• The bank's X.509 certificates are converted to PKCS#7 and loaded into the TIBCO BusinessConnect repository.

• The Document Security settings for the business agreement are updated with the bank's certificates.

(39)

Suspending Bank Access of the TIBCO BusinessConnect User

_|

29

Suspending Bank Access of the TIBCO BusinessConnect User

The bcebicsmanage tool command, -lock, is used to suspend any further access of the BusinessConnect user to a bank.

-lock The -lock command causes the EBICS SPR command to be sent to the bank. After the -lock command has been executed, the bank will return an error if the TIBCO BusinessConnect user tries to continue to communicate with the bank. To resume communication with the bank, the TIBCO BusinessConnect user must be re-initialized by sending the bcebicsmanage tool commands -init and -verify again. To learn how to initialize a user, see See Initializing the TIBCO BusinessConnect User, page 27.

If the private keys of the TIBCO BusinessConnect user have been compromised, you should do the following after running the -lock command and before re-running the -init command:

• Configure your own new key(s) in the Document Security settings of the business agreement.

• Specify None in the Document Security settings of the business agreement for any key you wish to be automatically created anew when the command -init is executed.

It is important to understand that if you do not change your key configuration in the Document Security settings of the business agreement, the keys currently configured will be used by the -init command. If the configured keys were compromised, you would have just re-initialized with the same compromised keys.

(40)

Updating TIBCO BusinessConnect User Keys

The French Implementation Guide states that self-signed certificates must be renewed after a period of five years, and that certificates signed by a CA must be renewed after a period of three years. Therefore, it will be necessary for the public keys of the TIBCO BusinessConnect user to be periodically updated with the bank.

The bcebicsmanage tool provides three options for updating the TIBCO BusinessConnect user keys:

• -updatekeys Sends the X.509 certificates of all three keys, as configured in the Document Security settings of the business agreement, to the bank using the EBICS HCS command.

• -updatesignkey Sends the X.509 certificate of the configured User Signature Key to the bank using the EBICS PUB command.

• -updateauthencrkeys Sends the X.509 certificates of the configured Authentication and Encryption keys to the bank using the EBICS HCA command.

These -update* commands, which update the TIBCO BusinessConnect user keys, act the same as the -init command when it comes to key configuration, key generation, and X.509 certificate generation. If you specify None in the Document Security settings of the business agreement for any key, that key will be

automatically generated by the corresponding -update* command and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings.

Unlike the -init command, with the -update* commands it is not necessary to send initialization letters for the new keys to the bank. The keys are exchanged in a secure manner using the previously exchanged keys, so initialization letters to confirm the hashes of the keys are not necessary.

The -update* commands can be run any number of times after the TIBCO BusinessConnect user has been initialized, and as long as the TIBCO BusinessConnect user has not been suspended with the bank.

(41)

Recovering From Upload Errors to TIBCO BusinessConnect

_|

31

Recovering From Upload Errors to TIBCO BusinessConnect

The final step of most of the bcebicsmanage tool commands is to upload any of the generated keys or certificates back to the TIBCO BusinessConnect repository. If your database connection goes down for some reason during this final

processing step, the next command or order that you try to send to the bank would fail. The bank would have the latest keys or certificates, but TIBCO BusinessConnect would still be trying to use old keys or certificates since updating of the TIBCO BusinessConnect repository with the new keys or certificates did not succeed.

To recover from this scenario, the bcebicsmanage tool provides the following commands:

• -uploadkeys Uploads the latest version of TIBCO BusinessConnect user keys that have been exchanged with the bank to TIBCO BusinessConnect.

• -uploadcerts Uploads the latest version of public keys/certificates that have been downloaded from the bank to TIBCO BusinessConnect.

The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. Therefore, when a key is created and sent to the bank using the -init command, the bcebicsmanage Java keystore will contain that key.

The -uploadkeys command will cause the TIBCO BusinessConnect user keys that are contained in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository.

The -uploadcerts command will cause the latest bank certificates that were downloaded and stored in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository.

(42)

bcebicsmanage Keystore

The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. This keystore is tied to the operation system user running the bcebicsmanage tool.

When using the bcebicsmanage tool to manage the TIBCO BusinessConnect user's keys or download a bank's certificates, the same user should run the TIBCO BusinessConnect tool to ensure that the proper Java keystore is accessed by the tool, and that a new Java keystore won't be created. For example, having the same user execute the bcebicsmanage tool is especially important for the -update* commands. For the -update* commands, the current TIBCO BusinessConnect user keys stored in the bcebicsmanage Java keystore are used to send the TIBCO BusinessConnect user's new public keys to the bank.

Recreating the Keystore

In the event that your bcebicsmanage Java keystore gets accidently deleted, it is possible to recreate the keystore by doing the following:

• Ensure that the key configuration in each business agreement has not been modified since the command -init or -update* was last run successfully. • Run the -init command again for each business agreement between the

TIBCO BusinessConnect user and your bank trading partners. The

bcebicsmanage Java keystore will get created and the keys from the business agreements will get loaded into it. The -init command will ultimately fail with a user state error, since the bank will not be expecting the TIBCO BusinessConnect user to be re-initializing itself. However, the keys from the business agreement will have been loaded into the keystore before the bank error is returned.

• Run the -verify command again for each business agreement between the TIBCO BusinessConnect user and your bank trading partners. The latest bank certificates will then be loaded into the bcebicsmanage Java keystore. The -verify command should succeed as long as the hashes of the bank's public keys have been configured properly, since bank certificates can be

(43)

Updating the EBICS OrderID

_|

33

Updating the EBICS OrderID

Various EBICS commands require a unique order ID to be assigned to the command when it is sent to the bank.

TIBCO BusinessConnect EBICS Protocol maintains a table of the next order ID to use based upon the order ID prefix configured for the bank trading partner. In the event that you find it necessary to set the next order ID to be used to a specific order ID, the bcebicsmanage tool provides the command -updateorderid. For specific information on how to invoke the -updateorderid command, see Appendix A, bcebicsmanage Command Reference, page 59.

(44)

(45)

|

35

Chapter 5

Managing EBICS Operations

This chapter describes how to manage operations for TIBCO BusinessConnect EBICS Protocol.

Topics

• Synchronous Request Response Operation on page 37 • Configuring EBICS Operations on page 38

(46)

Overview

There are two operation types for EBICS: FUL and FDL. The FUL operation types are used to upload data to bank, while FDL operations are used for fetching data from the bank. Each operation has a FileType property, which is a required field. File type should be supported by the bank.

The EBICS operations are Synchronous Request Response in nature, and both the request and response actions can contain schemas. When schemas are present and the option "Validate Schema" is selected, schema validation is performed on request/response. For the FDL type of operations, only inbound schema validation is enabled, which means that only the response can be validated. TIBCO BusinessConnect EBICS Protocol is shipped with some preloaded

operations. One of these operations, Status.ptk, is used for fetching the status of the FUL requests.

About Schema Validation in EBICS

Schema validation in TIBCO BusinessConnect EBICS Protocol is performed based on the following:

• Schema type: XSD • Direction of messages

• Whether the validation is done for a request or for a response

Caching of Schemas

The referenced schema is updated in the validator cache during runtime validation, in the same way as if it was saved through the GUI.

When a schema is used by reference, you will not observe any schema changes in the referenced object but you will see the change on the reference instead. This means that the TIBCO BusinessConnect configuration store does not scan the referenced object each time the validation occurs, but it instead indicates if there is a change in the uploaded file object. You need to update the reference in the GUI — re-save the schema reference — and the new referenced object will be updated in the cache.

(47)

Synchronous Request Response Operation

_|

37

Synchronous Request Response Operation

The Synchronous Request Response operation can send a document to the trading partner and wait for a response. It waits until the response is received and suspends any further processing for that request. This operation is used to send documents to trading partners and require response for further processing to proceed. The operation flow is presented in Figure 3.

Figure 3 Synchronous Request-Response Operation

1. The Initiator private process sends the request to the Initiator. There are two operation types:

— FUL This operation type is used to upload data to the bank. — FDL This operation type is used for fetching data from the bank. The Initiator Request message from the private process is used to cause TIBCO BusinessConnect to initiate either the FUL or FDL operations. When performing FUL operations, the payload from the private process can be sent to TIBCO BusinessConnect as a string or a file reference.

2. The Initiator sends the request to the Bank and waits for the response until the timeout specified in the EBICS transport has expired.

The Initiator Response message from TIBCO BusinessConnect to the private process is used to send the response payload from the bank for FDL

operations. When performing FDL operations, the response payload is always sent to the private process as a file reference.

3. Upon receiving the response from the Bank, the Initiator sends the Initiator Response message. If the Initiator times out, an audit log entry is generated, a timeout error advisory is sent, and the connection is closed.

If the Initiator TIBCO BusinessConnect times out, an audit log entry will be generated and a timeout error advisory will be sent out. In this case, the request will be cancelled. When the response arrives at a later time, there won’t be any corresponding request present, the advisory will be rejected, an error advisory will be published, and an internal system error will be sent to the partner.

Initiator Request Initiator Response Initiator BusinessConnect Internet Initiator Private Process 1 2 3 4 The Bank

(48)

Configuring EBICS Operations

To configure an EBICS operation, perform these steps:

1. In the left panel under TIBCO BusinessConnect, click the link Operations Editor.

In the Operations Editor window, group the available installed protocols (plug-ins) by Plug-in or None.

Figure 4 Configure New Operation for EBICS

Using this window, you can:

— Import a new operation, by clicking on the Import button

— Export the existing operations, by selecting the radio button next to the plug-in and clicking on the Export button.

Add New Category

Category is used to group operations based on their type. 1. Click on the EBICS link.

The Edit Operations: EBICS window opens. 2. Click New Category.

(49)

Configuring EBICS Operations

_|

39

Add New Version

Version is used to allow various subgroups of operations.

1. With the radio button for the category selected, click New Version. 2. In the New Version dialog, do the following:

— In the Name field, type a version name (required)

— In the Description field, type a brief description for this version (optional). 3. Click Done.

Add New Operation

Operations are added to a specific version. Each version can contain same or different operation sets.

1. With the radio button for a version selected, click New Operation. The New Operation dialog appears.

Figure 5 New Operation Dialog

2. Select one operation from the Operation Type dropdown list: — FUL This operation type is used to upload data to the bank. — FDL This operation type is used for fetching data from the bank.

These two operations are configured in a similar way, with small differences that are pointed out in the instructions.

3. Click OK.

FUL Operation

To configure the FUL operation, you will use the following tabs:

(50)

Table 10 FUL Operation Tab

Click Save.

FUL Request Action Tab

In the Request Action tab, enter information according to Table 11.

Name Name of the operation (required) Description Brief description for the operation Outbound

Validate Message Validates the outbound request.

File Type File type to be associated with file that will be uploaded.

Table 11 FUL Request Action Tab

Name Name of the request action

Description Brief description for the request action Direction Initiator to Responder (pre-defined) Validation Schema

Name

Schema file for validating the outbound request.

Only the XSD schema can be defined. To select the schema document: 1. Click on the change link.

2. In the Change File dialog, select one of the following two choice from the dropdown list:

File Reference If you select file reference, enter the path to the .xsd file you wish to use.

Uploaded File If you select uploaded file, the new Change File dialog will appear.

(51)

_|

41

Click Save.

FUL Response Action Tab

In the Edit Operation dialog, enter information according to Table 12.

Click Save.

FDL Operation

To configure the FUL operation, you will use the following tabs:

FDL Operation Tab

In the FDL Operation tab, enter information according to Table 10.

Table 13 FDL Operation Tab For BC Palette use only XML Document

Validation

Select XSD from the dropdown list.

Root XML Element Name

Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette.

Table 11 FUL Request Action Tab

Table 12 FUL Response Action Tab

Name Name of the response action

Description Brief description for the response action Direction Responder to Initiator (pre-defined)

Name Name of the operation (required) Description Brief description for the operation

(52)

Click Save.

FDL Request Action Tab

In the Request Action tab, enter information according to Table 11. Inbound

Validate Message Validates the response received from the bank.

When selected, either the request or response will be validated. This checkbox should be selected in the following cases:

• Initiator needs that the request to the partner be validated • Responder needs that the response be validated

File Type File type to be associated with file that will be downloaded.

Table 14 FDL Request Action Tab

Name Name of the request action

Description Brief description for the request action Direction Initiator to Responder (pre-defined)

(53)

_|

43

Click Save. Download Criteria

Schema Name

Schema file for specifying the download criteria. Since for FDL operations no data is uploaded to the bank, this schema is used to specify the

download criteria for FDL file type.

To specify the criteria, a predefined schema should be uploaded.

Note: Only the XSD schema can be defined. To select the schema document:

1. Click on the change link.

a. Click the Browse button and navigate to the schema file. b. Click Open and OK.

Note: This schema can be found in EBICS_HOME/examples/

FDLRequestData.xsd. It contains a FDLRequestData root element and startData and endDate child elements. You can specify the startDate and endDate values in YYMMDD format.

For BC Palette use only XML Document

Validation

Root XML Element Name

Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette.

Table 14 FDL Request Action Tab

(54)

FDL Response Action Tab

In the Edit Operation dialog, enter information according to Table 12.

Table 15 FDL Response Action Tab

Name Name of the response action

Description Brief description for the response action Direction Responder to Initiator (pre-defined) Validation

Schema Name

Schema file for validating the downloaded data from bank.

Only the XSD schema can be defined. To select the schema document: 1. Click on the change link.

a. Click the Browse button and navigate to the schema file.

Note: EBICS supports only XSD schema validation. b. Click Open and OK.

Private Process Wait (seconds)

Determines the time in seconds for how long the private process will wait for response.

The default is 3600 For BC Palette use only

XML Document Validation

(55)

|

45

Chapter 6

Managing Properties

This chapter explains how to add and remove EBICS properties.

Topics

(56)

Managing EBICS Properties

You can add, change, or remove EBICS properties using the Edit Plug-in Properties dialog.

Add a Property

To add a property:

1. In TIBCO Administrator, select BusinessConnect>System Settings>Activated Protocol Plug-ins and Properties. 2. Click on the EBICS link.

3. In the Edit Plug-in Properties window, click Add.

4. Type a name for the property in the Property Name field.

5. Select a data type from the Property Type dropdown list: boolean, string. or integer.

6. Type a description of the new property in the Description field. 7. Click Save.

The new property is now added in the Edit Plug-in Properties window.

Delete a Property

To remove a property:

1. In the Edit Plug-in Properties window, check the checkbox next to the property you want to delete.

2. Click Delete.

3. In the Delete Property dialog, type the name of the property you want to delete and click OK.

Keep in mind that you may remove only user defined properties, and that default properties should not be removed.

(57)

|

47

Chapter 7

EBICS Private Messages

This chapter describes how to configure the EBICS private messages.

Topics

• Overview on page 48 • Initiator Request on page 49 • Initiator Response on page 50 • Error Advisories on page 51

(58)

Overview

The exchange of business documents is known as the process flow. In any TIBCO BusinessConnect process flow, two types of messages are exchanged:

• Private messages

• Public messages See Chapter 5, Managing EBICS Operations, page 35

About EBICS Private Messages

Private messages are exchanged between a private process and the local TIBCO BusinessConnect installation. Private messages can contain a request, response, or notification document. The private process handles conversion from internal to public data and back.

You can generate EBICS private messages from TIBCO ActiveMatrix

BusinessWorks private processes that use the TIBCO BusinessConnect Palette. TIBCO BusinessConnect EBICS Protocol supports three types of private process messages:

• Initiator Request Used to initiate a file upload or file download request to the bank.

• Initiator Response Used to send the response received from the bank. This can be status message, such as for file upload, or a payload from the bank, such as for file download.

• Error Advisory Used to send advisories when an error occurs during the execution of a request.

See TIBCO BusinessConnect Trading Partner Administration Guide, Chapter 7, Private Process Configuration for more information.

TIBCO BusinessConnect EBICS Protocol User s Guide. Software Release 1.0 December 2011

TIBCO BusinessConnect

EBICS Protocol™

User’s Guide

|

Contents

|

Preface

Topics

Related Documentation

TIBCO BusinessConnect

EBICS Protocol Documentation

TIBCO BusinessConnect

Documentation

|

Other TIBCO Product Documentation

Typographical Conventions

|

Connecting with TIBCO Resources

How to Join TIBCOmmunity

How to Access All TIBCO Documentation

How to Contact TIBCO Support

|

Chapter 1

Introduction

Topics

Overview

About EBICS

|

TIBCO BusinessConnect as an EBICS Client

Establishing a Banking Relationship

|

EBICS Key and Certificate Management with TIBCO BusinessConnect

|

EBICS Order Transfers

Confirming Orders

|

Chapter 2

Setting Up Trading Hosts and Partners

Topics

Overview

|

Configuring a Host

Configuring a Partner

Enable Protocol for the Partner

|

|

Manage Partner Credentials

|

Chapter 3

Configuring Business Agreements

Topics

Adding a New Business Agreement

|

Configuring Agreement Protocol Binding for EBICS

Operation Bindings Tab

Edit Operation Bindings for the Host

|

Edit Operation Bindings for the Partner

Document Security Tab

|

Transports Tab

Advanced Tab

|

Chapter 4

Key Management with bcebicsmanage

Topics

Overview

|

Initializing the TIBCO BusinessConnect User

|

Suspending Bank Access of the TIBCO BusinessConnect User

Updating TIBCO BusinessConnect User Keys

|

Recovering From Upload Errors to TIBCO BusinessConnect

bcebicsmanage Keystore

|

Updating the EBICS OrderID

|

Chapter 5

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|

_|