KEMBAR78
Tms Messageusageguide 5.2 | PDF | File Transfer Protocol | Network Protocols
0% found this document useful (0 votes)
812 views272 pages

Tms Messageusageguide 5.2

Uploaded by

Henry S. Adkin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
812 views272 pages

Tms Messageusageguide 5.2

Uploaded by

Henry S. Adkin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 272

1

4 CAPE
5 Card Payments
6 Terminal Management
7 Message Usage Guide
8

10

11

12

13
14 Version 5.2
15 22 March 2017
16

© 2016 nexo AISBL All rights reserved.

This information is protected by international intellectual property laws and its use is governed by the applicable End-User license
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

17
18 TABLE OF CONTENTS
19
20 1 Introduction ................................................................................................................. 7
21 1.1 Purpose of the Document ................................................................................................................ 7
22 1.2 References ......................................................................................................................................... 8
23 1.3 Terms and Definitions ...................................................................................................................... 8
24 1.4 Conventions....................................................................................................................................... 8
25 2 StatusReport (catm.001.001.05) .............................................................................. 10
26 2.1 Message Usage ............................................................................................................................... 10
27 2.2 Message Preparation ...................................................................................................................... 16
28 2.3 Message Processing ....................................................................................................................... 17
29 2.4 Business Rules Validation ............................................................................................................. 17
30 3 ManagementPlanReplacement (catm.002.001.05) .................................................. 18
31 3.1 Message Usage ............................................................................................................................... 18
32 3.2 Message Preparation ...................................................................................................................... 24
33 3.3 Message Processing ....................................................................................................................... 24
34 3.4 Execution of the Management Plan............................................................................................... 26
35 3.4.1 One-Time Call to the Maintenance Example ............................................................................. 28
36 3.4.2 Cyclic Call and Acquirer Parameters Download Examples ....................................................... 28
37 3.4.3 Cyclic Call after an Acquirer Parameters Download Examples ................................................. 29
38 3.4.4 Sequence of Parameters Downloads Example ......................................................................... 30
39 3.5 Error Handling during Management Plan Execution ................................................................... 30
40 3.6 Business Rules Validation ............................................................................................................. 31
41 4 AcceptorConfigurationUpdate (catm.003.001.05) ................................................... 33
42 4.1 Message Usage ............................................................................................................................... 33
43 4.2 Message Processing ....................................................................................................................... 45
44 4.3 Acquirer Protocol Parameters ....................................................................................................... 48
45 4.3.1 Configuration of Data Capture and Completion for Online Transactions .................................. 48
46 4.3.1.1 Financial Capture .................................................................................................................................. 48
47 4.3.1.2 Batch Transfer ....................................................................................................................................... 48
48 4.3.1.3 Completion Exchange ........................................................................................................................... 49
49 4.3.2 Configuration of Data Capture and Completion for Offline Transactions .................................. 50
50 4.3.2.1 Financial Capture .................................................................................................................................. 50
51 4.3.2.2 Batch Transfer ....................................................................................................................................... 50
52 4.3.2.3 Completion Exchange ........................................................................................................................... 50
53 4.3.3 Configuration of Reconciliation .................................................................................................. 51
54 4.3.4 Other Acquirer Protocol Configuration Parameters ................................................................... 52
55 4.3.4.1 BatchTransferContent ........................................................................................................................... 52
56 4.3.4.2 MessageItem ......................................................................................................................................... 52
57 4.4 Host Communication Parameters ................................................................................................. 53
58 4.5 Business Rules Validation ............................................................................................................. 53
59 5 TerminalManagementRejection (catm.004.001.04) ................................................. 56
60 5.1 Introduction ..................................................................................................................................... 56

Page ii
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

61 5.2 Message Usage ............................................................................................................................... 58


62 6 MaintenanceDelegation ............................................................................................ 60
63 6.1 Introduction ..................................................................................................................................... 60
64 6.2 Delegation actors ............................................................................................................................ 62
65 6.3 Delegation use cases ...................................................................................................................... 63
66 6.3.1 POI Identifications ...................................................................................................................... 63
67 6.3.2 Setup of Delegation ................................................................................................................... 63
68 6.3.3 General rules for Delegation ...................................................................................................... 65
69 6.3.4 Rules for Key Download Delegation .......................................................................................... 66
70 6.3.5 Create a Key Download Delegation ........................................................................................... 67
71 6.3.6 Update a Key Download Delegation .......................................................................................... 69
72 6.3.7 Remove a Key Download Delegation ........................................................................................ 70
73 6.3.8 Rules for Parameters Download Delegation .............................................................................. 71
74 6.3.9 Create a Parameters Download Delegation .............................................................................. 71
75 6.3.10 Update of Parameter Download Delegation .............................................................................. 73
76 6.3.11 Remove of Parameter Download Delegation ............................................................................ 73
77 6.4 Delegation examples ...................................................................................................................... 74
78 6.4.1 Example: AcquirerParameters Download Delegation ............................................................... 74
79 6.4.2 Example: ApplicationParameters Download Delegation ........................................................... 76
80 6.4.3 Example: Untargeted Delegation ............................................................................................... 80
81 6.4.4 Distributed Delegation ................................................................................................................ 83
82 6.5 Delegated services and corresponding configuration message components ......................... 87
83 6.6 MaintenanceDelegationRequest (catm.005.001.02) ..................................................................... 87
84 6.7 MaintenanceDelegationResponse (catm.006.001.02) .................................................................. 92
85 6.8 Business Rules Validation ............................................................................................................. 93
86 7 Certificate Management ............................................................................................ 94
87 7.1 Introduction ..................................................................................................................................... 94
88 7.1.1 Certificate Creation .................................................................................................................... 94
89 7.1.2 Certificate Renewal .................................................................................................................... 95
90 7.1.3 Certificate Revocation ................................................................................................................ 96
91 7.1.4 White List Insertion .................................................................................................................... 96
92 7.1.5 White List Removal .................................................................................................................... 97
93 7.2 CertificateManagementRequest(catm.007.001.01) ...................................................................... 97
94 7.3 CertificateManagementResponse (catm.008.001.01) .................................................................. 99
95 7.4 Business Rules Validation ........................................................................................................... 101
96 8 Download of Cryptographic Keys .......................................................................... 102
97 8.1 Introduction ................................................................................................................................... 102
98 8.2 Notations and Hypothesis ............................................................................................................ 104
99 8.2.1 Notations .................................................................................................................................. 104
100 8.2.1.1 Hypothesis........................................................................................................................................... 105
101 8.3 Standard Key Download ............................................................................................................... 106
102 8.3.1 High Level Process .................................................................................................................. 106
103 8.3.2 Key Status ................................................................................................................................ 108
104 8.3.3 Management Plan with Key Download Action ......................................................................... 109

Page iii
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

105 8.3.4 Status Report to Request Key Downloading ........................................................................... 110


106 8.3.5 Configuration Update to Inject Keys ........................................................................................ 111
107 8.3.6 Key Download Result ............................................................................................................... 112
108 8.4 Example .......................................................................................................................................... 113
109 8.4.1 Introduction .............................................................................................................................. 113
110 8.4.2 RSA Keys and Certificate ........................................................................................................ 113
111 8.4.3 Initial Status of the Keys .......................................................................................................... 126
112 8.4.4 Management Plan with Key Download Action ........................................................................ 136
113 8.4.5 Status Report to Request a Key Download ............................................................................. 147
114 8.4.6 Configuration Update to Inject Keys ........................................................................................ 160
115 8.4.7 Key Download Result ............................................................................................................... 170
116 9 Message Examples.................................................................................................. 179
117 9.1 Presentation of the Example ........................................................................................................ 179
118 9.1.1 Partners Identification .............................................................................................................. 180
119 9.1.2 POI Information ........................................................................................................................ 181
120 9.1.3 Initial Management Plan in Use ............................................................................................... 184
121 9.1.4 Security .................................................................................................................................... 186
122 9.2 Periodic Contact to the TMS Host ............................................................................................... 187
123 9.2.1 StatusReport Message ............................................................................................................ 187
124 9.2.2 ManagementPlanReplacement Message ................................................................................ 196
125 9.3 Download of the Acquirer Parameters ........................................................................................ 205
126 9.3.1 StatusReport Message ............................................................................................................ 205
127 9.3.2 AcceptorConfigurationUpdate Message .................................................................................. 215
128 9.4 Maintenance Report ...................................................................................................................... 229
129 9.4.1 StatusReport Message ............................................................................................................ 229
130 9.4.2 ManagementPlanReplacement Message ................................................................................ 241
131 9.5 TerminalManagementRejection Message ................................................................................... 248
132 10 Alternative Message Exchanges ............................................................................ 257
133 10.1 Message Exchange only ............................................................................................................... 257
134 10.1.1 Upload StatusReport ................................................................................................................ 258
135 10.1.2 ManagementPlanReplacement................................................................................................ 258
136 10.1.2.1 Processing of the ManagementPlanReplacement ............................................................................... 259
137 10.1.2.2 Excecution of the ManagementPlanReplacement ............................................................................... 260
138 10.2 File Transfer only .......................................................................................................................... 260
139 10.2.1 Upload of a StatusReport ......................................................................................................... 262
140 10.2.2 Download of a ManagementPlanReplacement ....................................................................... 262
141 10.2.2.1 Processing of a ManagementPlanReplacement .................................................................................. 262
142 10.2.2.2 Execution of a ManagementPlanReplacement .................................................................................... 263
143 10.3 Message Exchange and File Transfer ......................................................................................... 265
144 11 Error Handling ......................................................................................................... 266
145 12 Transport Protocol Services .................................................................................. 267
146 12.1 File Transfer Protocol ................................................................................................................... 267
147 12.1.1.1 The FTP Model .................................................................................................................................... 267

Page iv
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

148 12.1.1.2 FTP Client Components ...................................................................................................................... 267


149 12.1.1.3 FTP Server Components ..................................................................................................................... 268
150 12.2 File Transfer Services ................................................................................................................... 269
151 12.2.1 Access Commands .................................................................................................................. 269
152 12.2.1.1 Login Sequence .................................................................................................................................. 269
153 12.2.1.2 FTP Session Termination .................................................................................................................... 269
154 12.2.1.3 Directory Positioning............................................................................................................................ 269
155 12.2.2 FTP Transfer Parameter Commands ...................................................................................... 270
156 12.2.2.1 Data Connection .................................................................................................................................. 270
157 12.2.2.2 File Type.............................................................................................................................................. 270
158 12.2.2.3 Transfer Mode ..................................................................................................................................... 270
159 12.2.2.4 File Structure ....................................................................................................................................... 270
160 12.2.2.5 File Naming Conventions .................................................................................................................... 270
161 12.2.3 FTP Protocol Service Commands............................................................................................ 272
162 12.2.3.1 File Transfer ........................................................................................................................................ 272
163 12.2.3.2 Directory Management ........................................................................................................................ 272
164

165
166

Page v
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

167 Figures
168
169 Figure 1 : StatusReport with no change on the ManagementPlan .................................................................. 28
170 Figure 2 : StatusReport with change on ManagementPlan and AcceptorConfigurationUpdate. .................... 29
171 Figure 3 Parameters management with multiple TM ....................................................................................... 46
172 Figure 4: Rejection of a TMS message ........................................................................................................... 56
173 Figure 5 One POI multiple Identifications ........................................................................................................ 63
174 Figure 6: Key Information .............................................................................................................................. 102
175 Figure 7: Sharing of a Key with a Host .......................................................................................................... 103
176 Figure 8: Key and Certificate Notations ......................................................................................................... 104
177 Figure 9: Encryption and Digital Signature Notations .................................................................................... 104
178 Figure 10: Key Check Value Notation ........................................................................................................... 105
179 Figure 11: POI and TM PKIs ......................................................................................................................... 105
180 Figure 12: Standard Key Dowload ................................................................................................................. 106
181 Figure 13: PKI used by the Key Download Example ..................................................................................... 113
182 Figure 14: Sequence of Message Exchanges ............................................................................................... 179
183 Figure 15: POI Architecture for Message Examples ..................................................................................... 181
184 Figure 16: TMS messages transferred as message exchanges ................................................................... 258
185 Figure 17: TMS messages transferred as files .............................................................................................. 261
186 Figure 18: TMS messages transferred as both messages and file ............................................................... 265
187 Figure 16: The FTP Model ............................................................................................................................. 267
188 Figure 15: FTP Server Directory Structure for TMS ...................................................................................... 269

189

Page vi
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

190 1 Introduction
191 1.1 Purpose of the Document
192 The present document describes how to use the messages of the EPAS Terminal Management Protocol
193 described in the document "Card Payment – Terminal Management, Message Definition Report" [CAPE
194 TMS MDR].
195
196
197

1 Introduction Page 7
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

198 1.2 References


199 [CAPE ACQ MDR] ISO 20022, Card Payment Exchanges, Message Definition Report, Edition
200 February 2016 (Acceptor to Acquirer)

201 [CAPE ACQ MUG] CAPE, Card Payments, Message Usage Guide, Version 5.0

202 [CAPE TMS MDR] ISO 20022, Card Payment - Terminal Management, Message Definition Report,
203 Edition February 2016

204 [EPAS SECU] Card Payment Protocols Security, EPASOrg, Version 2.0[RFC2119] Key
205 words for use in RFCs to Indicate Requirement Levels, March 1997

206

207 1.3 Terms and Definitions


208
209 CSTR Stands for Constraint. Mainly used in explaination of message, this column title will highlight
210 if a constraint exists directly on the presence or the value of an element (mark by a star ‘*’),
211 or if a constraint exists due to interdependency of elements of the messages (e.g data
212 element A must be present if data element B equals X). In this latter case the constraint is
213 labelled as ‘C’ plus a number. These constraints may serve for semantic analysis.
214 MDR Message Definition Report
215 MTM Master Terminal Manager is the Terminal Manager Server which is accountable of the POI
216 configuration. A POI has only one MTM but may have several TM.
217 MUG Message User Guide
218 Mult. Stands for Multiplicity. It will be mainly used for explaination on messages and to highlight
219 how many times a element is present inside a message.
220 POI Point Of Interaction is the point where the payment processing is processed in the merchant
221 domain. This device ma be a dedicated one like a ICC card reader or not
222 RFC Request For Comments.
223 TM Terminal Manager is a Terminal Manager Server responsible for a specific part of the POI
224 configuration
225

226 1.4 Conventions.


227
228 A grey line of any element included in a message represents a data element which are left there for
229 consistency with the MDR, but are not expected to be generated in this version of this protocol, neither
230 controlled by the receiver.
231
232 The words MUST, SHOULD and MAY will be used throughout this document with the meaning defined by
233 [RFC2119].
234
235 In order to build smaller message, all unnecessary white space inside XML messages should be
236 removed. All examples in this document will try to follow this best practice.

1 Introduction Page 8
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

237

238 1.5 What’s new in the edition 5.


239
240 This edition brings the following improvements:
241  Management of Delegation
242  Management of Certificate
243  Clear identification of constraints on element in each messages
244  Compliancy with RFC 2119
245  Removal of implicit rules
246  Management of Gateways
247  Update of parameters
248

1 Introduction Page 9
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

249 2 StatusReport (catm.001.001.05)


250

251 2.1 Message Usage


252
253 StatusReport is a request message sent by a POI to its MTM or to a delegated TM.
254
255 According to its configuration, a POI System may initiate a Terminal Management System (TMS)
256 message exchange (StatusReport request and ManagementPlanReplacement response messages) in
257 three different ways:
258  Locally. The Acceptor initiates a terminal management session manually by using a maintenance
259 command of the POI e.g. through a Man Machine Interface or by exchanging an order on any
260 POI interface. The Acceptor selects a terminal manager in the maintenance menu of the POI
261 system. The initial address of the MTM is predefined in the POI system.
262  In response to a message. An Acquirer Host sends a TMSTrigger in response to a received
263 message. The POI analyses the TMSContactLevel and TMSContactDateTime and reacts
264 accordingly.
265 The TMSIdentification contains the name of the TMS used in the POI configuration.
266  Accordingly to a schedule. The POI starts the message exchange according to a timing condition
267 of a TMS action defined in the management plan.
268
269 The StatusReport message contains information about:
270  the installed parameter versions of the POI ,
271  the POI components already installed or activated,
272  the log of Event with the results of the TMS actions performed since the last status report (usually
273 these are local actions e.g. activation of data sets or a restart of the POI application), the report
274 also contains the initiation trigger.
275
StatusReport Mult. Rule Cstr Usage
Header [1..1]
DownloadTransfer [1..1] * False
FormatVersion [1..1] * Version supported by the Initiating Party. Current version has the value
"5.0", only this value is accepted for the current version.
ExchangeIdentification [1..1] Unique identifier set by the InitiatingParty. Used to detect possible
duplications of a transfer for a period of time.
Used to link a StatusReport request message with the related response
message.
CreationDateTime [1..1] Date and time of the file or messages creation. Time accuracy has to
be at least tenth of a second.
InitiatingParty [1..1] Identification of the initiator of the message exchange or the file
transfer. Content is bilaterally agreed between InitiatingParty and
RecipientParty.
Identification [1..1] Unambiguous identification of the Initiator of the file or the message by
the recipient.
Value is bilaterally agreed between InitiatingParty and RecipientParty.
Type [0..1] Default: "OriginatingPOI"
Issuer [0..1] Appli The party assigning the Identification.
Country [0..1] Appli Country of the InitiatingParty (ISO 3166-1 alpha-2 or alpha-3).
ShortName [0..1] Appli In case of a digital signature, this element may contain the identification
of the InitiatingParty certificate (Subject).

2 StatusReport (catm.001.001.05) Page 10


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StatusReport Mult. Rule Cstr Usage


RecipientParty [0..1] Appli Identification of the recipient of the message exchange or the file
transfer. Structure and content is bilaterally agreed between
InitiatingParty and RecipientParty.
Identification [1..1]
Type [0..1] * Type of RecipientParty
Allowed values: "MasterTerminalManager", "TerminalManager"
Issuer [0..1] Appli
Country [0..1] Appli Country of the RecipientParty (ISO 3166-1 alpha-2 or alpha-3).
ShortName [0..1] Appli
RemoteAccess [0..1] Access information to reach the target host. This element is mandatory
if a network provider or a gateway is involved in the system between
the POI and TM
Address [1..*] Network addresses of the Terminal Manager host. Priorities of the
addresses are defined by the order of their appearance in the message
(the first one is the primary address, the second one the secondary
address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:
"InternetProtocol" A transport protocol using an IP network.
"PublicTelephone" A transport protocol using Public Switched
Telephone Network (PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP address or
the DNS (Domain Name Server) address, followed by the character ':'
and the TCP port number if the default port is not used.
The value of a public telephone address contains the phone number
with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificate- [0..*] Identification of the X.509 Certificate required to authenticate the
Identifier server, for instance a digest of the certificate, the certificate serial
number with the certificate issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the host.
StatusReport StatusReport message body.
POIIdentification [1..1] Identification of the POI terminal or POI system sending the message.
Identification [1..1]
Type [0..1] * Default and allowed value "OriginatingPOI"
Issuer [0..1] Appli * Allowed values: "MasterTerminalManager", "TerminalManager",
"Merchant", "Acquirer" and "IntermediaryAgent"
Country [0..1] Appli Country of the POI (ISO 3166-1 alpha-2 or alpha-3).
ShortName [0..1] Appli Name of the POI assigned by the TMS.
TerminalManager- [1..1]
Identification
Identification [1..1] Appli
Type [0..1] * Allowed values: "MasterTerminalManager" or "TerminalManager".
Issuer [0..1] Appli Issuer of identification, not used
Country [0..1] Appli Country of the Termminal Manager (ISO 3166-1 alpha-2 or alpha-3).
ShortName [0..1] Appli Name of the TMS assigned by the MTM or TM.
DataSet [1..1]
Identification [1..1] Identification of the Data set (class of file)
Name [0..1] * Name of the status report; not used
Type [1..1] * Allowed value: "StatusReport"
Version [0..1] * Version of the status report; not used
CreationDateTime [0..1] * Date and time of the creation of the status report. Time accuracy has to
be at least in seconds. This data element is mandatory for a
StatusReport

2 StatusReport (catm.001.001.05) Page 11


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StatusReport Mult. Rule Cstr Usage


SequenceCounter [0..1] * Increasing value allows detection of message replay.
Content [1..1]
POICapabilities [0..1] C1 Present if it contains any data
C2 Only present if DataSetRequired equal to "ManagementPlan"
CardReading- [0..*] Appli Capabilities defining the physical components of the POI.
Capabilities
Cardholder- [0..*] Appli Not supported
Verification-
Capabilities
PINLength- [0..1] Config Maximum number of digits the POI is able to accept when the
Capabilities cardholder enters its PIN.
ApprovalCode- [0..1] Config Maximum number of characters of the approval code the POI is able to
Length manage.
MaxScriptLength [0..1] Config Maximum data length in bytes that a card issuer can return to the ICC
at the terminal.
CardCapture- [0..1] Config default "False".
Capable True if the POI is able to capture card.
OnlineCapabilities [0..1] Appli Capability of the POI to go on-line and store the transaction.
[0..*] Appli DisplayCapabilities2 DisplayCapabilities3
MessageCapabilities Capabilities of the terminal to display or print message to the
cardholder and the merchant.
It correspond to the ISO 8583 field number 22-11 for the version 93,
and field number 27-6 for the version 2003.
Destination [1..1] Appli UserInterface1Code
Destination of the message to present.
AvailableFormat [1..*] Appli OutputFormat1Code

NumberOfLines [0..1] Appli Number


Number of lines of the display.
LineWidth [0..1] Appli Number
Number of columns of the display or printer.
[0..*] Appli LanguageCode
AvailableLanguage Available language for the messages. Reference ISO 639-1 (alpha-2)
et ISO 639-2 (alpha-3).
POIComponent [0..*] Appli Used to inform the Terminal Manager about:
- the hardware components of the POI.
- the software components of the POI.
- the installed version of the parameters.
Type [1..1] Type of component belonging to a POI.

Identification [1..1] C3 Identification of the POI component.


ItemNumber [0..1] Hierarchical identification of a component inside all the component of
the POI. It is composed of all item numbers of the upper level
components, separated by the '.' character, ended by the item number
of the current component:
Hardware: unique identification of a hardware component
inside the POI system.
Software: unique identification of the software component
inside the main hardware component executing the
software.
Parameters: identify the hardware or software component using
these parameters.
Provider- [0..1] Identifies the provider of the software, hardware or parameters of the
Identification POI component:
Hardware: identify the manufacturer1.
Software: identify the software provider.
Parameters: identify the entity in charge of the parameters.

1 replaces ManufacturerIdentification in version 1.0

2 StatusReport (catm.001.001.05) Page 12


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StatusReport Mult. Rule Cstr Usage


Identification [0..1] Identification of the POI component assigned by the provider:
Hardware: identify the model2.
Software: identify the software product.
Parameters: identify the set of parameters.
SerialNumber [0..1] Serial number of the component:
Hardware: identify the physical component.
Status [0..1] Status of the POI component.
VersionNumber [0..1] Current version of component that might include the release number.
Hardware: version of the model (optional).
Software: software version (optional).
Parameters: parameters version (mandatory).
Status [0..1] Current status of the component:
WaitingActivation The Parameters or Software component is not
yet activated.
InOperation The component is activated and in operation.
OutOfOrder The component is not working properly.
Deactivated The Parameters or Software component has
been deactivated.
ExpiryDate [0..1] Expiration date of the component.
Standard- [0..*] Identification of the standard or specification for which the component
Compliance complies with.
Identification [1..1] Identification of the standard.
Version [1..1] Version of the standard.
Issuer [1..1] Issuer of the standard.
Characteristics [0..1] Characteristics of the Hardware or SecurityParameters POI
component.
Memory [0..*] Memory characteristics of the Hardware component.
Identification [1..1] Identification or name of the memory.
TotalSize [1..1] Total size of the memory unit.
FreeSize [1..1] Total size of the available memory.
Unit [1..1] Unit of the memory size, allowed values:
ExaByte Exa byte.
PetaByte Peta byte.
TeraByte Tera byte.
GigaByte Giga byte.
MegaByte Mega byte.
KiloByte Kilo byte.
Byte Byte.
Communication [0..*] Low level communication of the hardware or software component
toward another component or an external entity.
Com- [1..1] Type of communication.
munication- .
Type
RemoteParty [1..*] Entity that communicate with the current component, using this
communication device.
Acquirer Bank of the Merchant providing goods and
services.
IntermediaryAgent Party acting on behalf of other parties to
process or forward data to other parties.
TerminalManager Responsible for one or several maintenance
functions of a card payment acceptance
terminal.
SaleSystem Sale system.
POIComponent Other component of the point of interaction.
Active [1..1] Flag indicating whether the communication is activated.
SecurityAccess- [0..1] Number of security access modules (SAM).
Modules

2 replaces Model in version 1.0

2 StatusReport (catm.001.001.05) Page 13


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StatusReport Mult. Rule Cstr Usage


Subscriber- [0..1] Number of subscriber identity modules (SIM).
Identity-
Modules
KeyCheckValue [0..1] Value for checking a cryptographic key security parameter (only for
component with Type=“SecurityParameters”).
Assessment [0..*] Assessments for the Hardware or Software POI component.
Type [1..1] Type of assessment of the component.
Evaluation Evaluation by a laboratory or a tool.
Certification Certification number delivered by a certification body.
Approval Approval number delivered by an approval centre.
Assigner [1..*] Body which has delivered the assessment.
DeliveryDate [0..1] Date when the assessment has been delivered.
ExpirationDate [0..1] Date when the assessment will expire.
Number [1..1] Unique assessment number for the component.
AttendanceContext [0..1] Appli Attended: an attendant is present and can survey the financial
transaction (face to face).
SemiAttended: one attendant present for several POIs.
Unattended: an attendant is not present
POIDateTime [1..1] Appli Information used by the TMS to detect a discrepancy of the real time
clock used in the POI terminal
DataSetRequired [0..1] Absent if the StatusReport is sent by file except for delegation (e.g
untargeted delegation).
If absent when the StatusReport is sent by message, a
ManagementPlan must be sent in response.
Identification [1..1] It contains the data elements and the values of the related
Action.DataSetIdentification requesting the transfer of data set.
Name [0..1] Action.DataSetIdentification.Name of the related management plan
action, if present.
Type [1..1] Action.DataSetIdentification.Type of the of the related action of the
management plan :
"AcquirerParameters": an AcceptorConfigurationUpdate message
containing all the configuration parameters
for one or several acquirers is requested by
the StatusReport message.
"ApplicationParameters": an AcceptorConfigurationUpdate message
containing only the application parameters
is requested by the StatusReport message.
"ManagementPlan": ManagementPlanReplacement message is
requested by the StatusReport message.
"MerchantParameters": an AcceptorConfigurationUpdate message
containing only the merchant parameters is
requested by the StatusReport message.
"Parameters": an AcceptorConfigurationUpdate message
is requested by the StatusReport message.
Content of the
AcceptorConfigurationUpdate message
determines the types of parameters to
update.
"SecurityParameters": an AcceptorConfigurationUpdate message
containing only the security parameters is
requested by the StatusReport message.
"TerminalParameters": an AcceptorConfigurationUpdate message
containing only the terminal parameters is
requested by the StatusReport message.
Version [0..1] Action.DataSetIdentification.Version of the related management plan
action, if present.
Creation- [0..1] Action.DataSetIdentification.CreationDateTime of the related
DateTime management plan action, if present.
POIChallenge [0..1] Appli Challenge generated by the POI for key download.
TMChallenge [0..1] Appli Challenge generated by the Terminal Manager in a previous
ManagementPlanReplacement containing key to dowload or
AcceptorConfigurationUpdate containing key to store.
SessionKey [0..1] Appli Temporary encryption key that the host will use for protecting keys to
download.

2 StatusReport (catm.001.001.05) Page 14


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StatusReport Mult. Rule Cstr Usage


Identification [1..1]
Additional- [0..1]
Identification
Version [1..1]
Type [1..1] Mandatory
Function [1..*] * Allowed value:
"KeyExport"
Activation- [0..1]
Date
Deactivation- [0..1]
Date
KeyValue [1..1]
DelegationProof [0..1] Proof of delegation to be validated by the terminal manager receiving a
status report from a new POI.
Protected- [0..1] Protected proof of delegation.
DelegationProof
Event [0..*] List of all completed TMS actions of the Management Plan which have
been performed since the last StatusReport message, receiving in
response a valid ManagementPlanReplacement message.
Events have to be listed in chronological order (by increasing time).
TimeStamp [1..1] Contains the POI processing time of the event. Time accuracy has to
be at least in seconds.
Result [1..1] Result of the performed action. Only the result of the last process retry
is present.

Action- [1..1] Copy of the Action of the management plan for which the outcome is
Identification notified in the current Event.
ActionType [1..1] See ManagementPlanReplacement
DataSet- [0..1] See ManagementPlanReplacement
Identification
Name [0..1] See ManagementPlanReplacement
Type [1..1] See ManagementPlanReplacement
Version [0..1] See ManagementPlanReplacement
Creation- [0..1] See ManagementPlanReplacement
DateTime
AdditionalError- [0..1] Complete the Result, giving details on the error (e.g. number of retries).
Information
Errors [0..*] Manufacturer specific log file for errors (e.g. card reader errors)
SecurityTrailer [0..1] Digital signature or MAC of the message body StatusReport, including
the delimiters (start and end tag for XML encoding).

276
277

2 StatusReport (catm.001.001.05) Page 15


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

278 2.2 Message Preparation


279
280 This section outlines the processing of a POI prior to sending a StatusReport message to a Terminal
281 Manager.
282 1. The StatusReport message body contains:
283 a. Identification of POIIdentification populated with the identifier of the POI for the TM or
284 MTM,
285 b. Identification of TerminalManagerIdentification populated with the identifier of the TM or
286 MTM, if available,
287 c. a data set with Identification containing the Type "StatusReport" and CreationDateTime
288 of the report filled with the local time stamp,
289 d. VersionNumber used for summarising the current status of the POI components and
290 capabilities. The version number should be updated if the status of the POI is changed
291 e.g. by an update of the acquirer parameters. An update of the log of Event or Errors
292 does not influence the version of the status report.
293 e. POICapabilities filled with the installed capabilities (e.g. card readers). This component is
294 only present if DataSetRequired equal to "ManagementPlan".
295 f. POIComponent is filled using identifiers comprehensible by the acquirer.
296 If the POI contains a configuration for several acquirers, the POIComponent values may
297 depend on the acquirer (e.g. the value of POIComponent/ Identification/
298 IdentificationProviderIdentification).
299 g. the sequence of Event containing the result of the performed TMS actions since the last
300 report that has been successfully transferred to the TM or the MTM (the action results
301 have to be stored by the POI until they have been successfully sent to the TM or MTM).
302 All Events for a delegated TM should be reported to the MTM, where the TMIdentification
303 is stored in the AdditionalErrorInformation.
304 h. the POI vendor specific error description in the data element Errors.
305 SequenceCounter is not used.
306 2. The POI may generate a security trailer for the StatusReport message. The trailer contains either:
307 a. the signature of the message body using the secret key PRPOI_AUTH as described in
308 [EPAS SECU] or
309 b. the MAC as described in [EPAS SECU].
310 3. The POI builds the header of the message:
311 a. DownloadTransfer: set to False.
312 b. FormatVersion: Version supported by the POI. Current version: "5.0" (assigned by nexo).
313 c. ExchangeIdentifier: unique identifier per partner and per pair of messages. Used to
314 assign a response to a request message and to identify duplicate messages. A cyclic
315 counter incremented by one for each new message.
316 d. CreationDateTime: date and time of the creation of the message. Time accuracy at least
317 a tenth of a second.
318 4. The POI establishes a connection to the TM or MTM and sends the request message as
319 specified in [CAPE ACQ MUG].
320 5. The POI waits for the response message. In case of no response, an error is stored in the log of
321 Event with the Result "Timeout".

322
323

2 StatusReport (catm.001.001.05) Page 16


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

324 2.3 Message Processing


325
326 1. The TM or the MTM examines the syntax and contents of the message header and checks
327 whether:
328 a. the identifier present in the message element InitiatingParty.Identification is valid3.
329 b. the version in FormatVersion is supported. If not, the TMS responds with a
330 TerminalManagementRejection message containing the Header.FormatVersion it
331 supports and a RejectReason equals to “ProtocolVersion ».
332 2. If the MTM or the TM are configured to require security trailers, then SecurityTrailer is verified:
333 The MTM or TM security configuration may be defined outside of the protocol. The POI
334 implementation will determine whether messages contain a security trailer or not. This will be
335 configured outside of the protocol.
336 a. Should the SecurityTrailer contains a digital signature:
337 i. the Common Name of the Subject may be checked against the message element
338 ShortName of POIIdentification
339 ii. the digital signature is validated using the certificate PUPOI_AUTH, according to the
340 [EPAS SECU]
341 b. Should the SecurityTrailer contains a message authentication:
342 i. the MAC of the message is validated according to the [EPAS SECU].
343 The message is discarded in case of an invalid digital signature or MAC.
344 3. The TMS verifies the contents of the status report, if it is correct; it prepares and sends either a
345 ManagementPlanReplacement or an AccetorConfigurationUpdate message. Otherwise it sends a
346 TerminalManagementRejection
347

348 2.4 Business Rules Validation


349
350 This chapter lists all business rules implying at least 2 different elements inside the message.
351
352
Constraint Literal Definition Involved elements
Number
C1 If POICapabilities is present it must have at least  DataSet.Content.POICapabilities
one child
C2 POICapabilities must only be present if Type of  DataSet.Content.DataSetRequired.Identification.Type
DataSetRequired equals ManagementPlan  DataSet.Content.POICapabilities
C3 POIComponent/Identification must at least have  DataSet.content.POIComponent/Identification
one child element

353
354
355

3 For the first contact to the TM in the life cycle of the POI, the TM may use POIIdentification or DelegationProof of the
StatusReport message to register the POI and send back a first management plan to the POI.

2 StatusReport (catm.001.001.05) Page 17


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

356 3 ManagementPlanReplacement (catm.002.001.05)


357

358 3.1 Message Usage


359
360 ManagementPlanReplacement is a response message sent by a TM or a MTM to a POI.
361
362 It contains information about the:
363  TMS actions to be performed by the POI,
364  TMS systems to be connected and the corresponding communication parameters,
365  error actions in case of unsuccessful TMS actions.
366
367 The message contains the management plan replacing a previous one.
368
ManagementPlanReplacement Mult. Rule Cstr Usage
Header [1..1]
DownloadTransfer [1..1] * True
FormatVersion [1..1] * See StatusReport
ExchangeIdentification [1..1] See StatusReport.
Used to link a ManagementPlanReplacement response
message to a StatusRequest message. Unique identifier set
by the InitiatingParty to assign a ManagementReplacement
response message to the StatusReport request message, or
to detect duplication of ManagementReplacement file transfer.
CreationDateTime [1..1] See StatusReport
InitiatingParty [1..1] See StatusReport
Identification [1..1] See StatusReport
Type [0..1] * In case of message exchange the allowed value is
"OriginatingPOI".
In case of file transfer; allowed values are: "TerminalManager"
or "MasterTerminalManager" .
Issuer [0..1] Appli See StatusReport
Country [0..1] Appli See StatusReport
ShortName [0..1] Appli In case of digital signature , may contain the identification of
the TM or MTM certificate (Subject).
RecipientParty [0..1] Appli See StatusReport
Identification [1..1] See StatusReport
Type [0..1] * Message exchange: allowed values are
"MasterTerminalManager" and "TerminalManager".
In case of File transfer: "OriginatingPOI "
Issuer [0..1] See StatusReport
Country [0..1] Appli See StatusReport
ShortName [0..1] Appli In case of digital signature and message exchange, this
element may contain the identification of the POI certificate
(Subject).
RemoteAccess [0..1] See StatusReport
Address [1..*] Network addresses of the Terminal Manager host. Priorities of
the addresses are defined by the order of their appearance in
the message (the first one is the primary address, the second
one the secondary address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:
"InternetProtocol" A transport protocol using an IP
network.

3 ManagementPlanReplacement (catm.002.001.05) Page 18


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ManagementPlanReplacement Mult. Rule Cstr Usage


"PublicTelephone" A transport protocol using Public
Switched Telephone Network
(PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,
followed by the character ':' and the TCP port number if the
default port is not used.
The value of a public telephone address contains the phone
number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificateIdentifier [0..*] Identification of the X.509 Certificate required to authenticate
the server, for instance a digest of the certificate, the
certificate serial number with the certificate issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
ManagementPlan [1..1] ManagementPlanReplacement message body.
POIIdentification [0..1] Appli Identification of a POI terminal, system or group of terminals.
For a message exchange, this is a copy of the request related
data element.
Identification [1..1] Part of the TMS/Acquirer/IntermediaryAgent or Merchant
configuration.
Type [0..1] * Default "OriginatingPOI"
Allowed value: OriginatingPOI
Issuer [0..1] Appli * Allowed values: "MasterTerminalManager,
"TerminalManager", "Merchant", "Acquirer" and
"IntermediaryAgent"
Country [0..1] Appli
ShortName [0..1] Appli Name of the POI assigned by the TMS.
TerminalManagerIdentification [1..1]
Identification [1..1] Appli
Type [0..1] * See StatusReport
Issuer [0..1] Appli * Not used.
Country [0..1] Appli
ShortName [0..1] Appli See StatusReport
DataSet [1..1] The data set contains a management plan
Identification [1..1] Identification of the management plan.
Name [0..1] Name of the management plan
Type [1..1] * Allowed value: "ManagementPlan".
Version [0..1] Version of the management plan.
CreationDateTime [0..1] Date and time of the management plan. Time accuracy has to
be at least in seconds. Checked by the POI to assess whether
the management plan needs to be replaced or not.
SequenceCounter [0..1] * Not used
Content [0..1] Contents of the management plan. The absence of Content
means that current management plan needs not to be
replaced.
TMChallenge [0..1] Terminal Manager challenge that the POI has to send in a
StatusReport requesting key download.
Used for key download delegated action.
KeyEnciphermentCertificate [0..*] Certificate chain containing the signed public key encryption
key of the Terminal Manager used by the POI to send a
session key encryption key.
The format of the certificate is compliant with the DER X.509
format.

3 ManagementPlanReplacement (catm.002.001.05) Page 19


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ManagementPlanReplacement Mult. Rule Cstr Usage


The certificate chain must be ordered by starting with the
higher certificate level and ending with the leaf.
Used for key download delegated action.
Action [1..*] List of TMS actions associated to the management plan to be
performed by the POI.
Type [1..1] * Allowed values:
"Delete", "Restart", "Download", "Upload",
RemoteAccess [0..1] Terminal Manager host access information.
Address [1..*] Network addresses of the Terminal Manager host. Priorities of
the addresses are defined by the order of their appearance in
the message (the first one is the primary address, the second
one the secondary address, etc…).
NetworkType [1..1] Type of communication network.
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,
followed by the character ':' and the TCP port number if the
default port is not used.
The value of a public telephone address contains the phone
number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificate- [0..*] Identification of the X.509 Certificate required to authenticate
Identifier the server, for instance a digest of the certificate, the
certificate serial number with the certificate issuer name.
Normally speaking, this certificate should be certified by a
Certificate Authority known by the POI. Otherwise, the server
should use SecurityProfile to request a
CertificateManagementRequest.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] C15 Identification of the set of security elements to access the
host.
In some cases, the MTM may request the POI to create a key
pair and to request a certificate for the public key (CSR). In
this case, since there is, currently, no opportunity to trigger a
CertificateManagementRequest from an Action, security
profile must be ended with the text ‘,ACT=CMRQ’ and the POI
must send a CertificateManagementRequest to the host
identified by the address value present in the action. The
CertificateManagementRequest must contain a security
domain set with the DelegationScopeIdentification’s present in
the action.
TerminalManager- [0..1] Must be absent if ManagementPlan.TerminalManagerId.Type
Identification is not ‘MasterTerminalManager’,
C1
Only present if it is different of the
TerminalManager.Identification of this ManagementPlan.
Identification [1..1] C11 List of Actions must be grouped by values of this
Identification.
Type [0..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
TMSProtocol [0..1] TMS protocol to use for performing the maintenance action.
For instance may identify a proprietary manufacturer protocol
used for software download
TMSProtocolVersion [0..1] Version of the TMS protocol to use to perform the
maintenance action.
Might be suitable in the following but not restricted examples:

3 ManagementPlanReplacement (catm.002.001.05) Page 20


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ManagementPlanReplacement Mult. Rule Cstr Usage


 POI server managing POI Terminals with different
TMS ProtocolVersion ,
 POI is managed by two TM with different
TMSProtocolVersion
 POI Software Update with legacy protocol
 …
DataSetIdentification [0..1] C2 Identification of the data set associated to the action.
Mandatory for Action.Type "Delete", “Install” , “Update”,
“Upload”and "Download",
Absent for Action.Type "Restart".
Name [0..1] C6 Name of the data set to associated to the action.
C12 Should be present if needed to identify.
C13
C14
Type [1..1] C3 "AcquirerParameters": If the acquirer configuration
C4 parameters have to be deleted (Action.Type
C5 = "Delete"), updated (Action.Type =
"Update") or replaced (Action.Type =
C6 "Download").
C7 "ApplicationParameters": If only the application parameters
have to be deleted (Action.Type = "Delete"),
updated (Action.Type = "Update") or
replaced (Action.Type = "Download").
"ManagementPlan": if management plan has to be
replaced by a new one to download
(Action.Type = "Download")
"MerchantParameters": If only the merchant parameters
have to be deleted (Action.Type = "Delete"),
updated (Action.Type = "Update") or
replaced (Action.Type = "Download").
"Parameters": If the parameters that will be present in the
AcceptorConfiguration sent by the TM, have
to be deleted (Action.Type = "Delete"),
updated (Action.Type = "Update") or
replaced (Action.Type = "Download").
“SecurityParameters”: to download cryptographic keys
(Action.Type = "Download") or remove
cryptographic keys (Action.Type =
"Delete").
"SoftwareModule": For software download (Action.Type
= "Download" or Action.Type = “Install”).
"StatusReport": if a status report has to be sent alone
without requesting any data set
(DataSetRequired absent and Action.Type
= "Upload")
"TerminalParameters": If only the terminal parameters have
to be deleted (Action.Type = "Delete"),
updated (Action.Type = "Update") or
replaced (Action.Type = "Download").
Version [0..1] C6 Version of the data set to be processed by the POI
C12
C14
CreationDateTime [0..1] C6 Date time of creation of the data set.
C12
C14
ComponentType [0..*] * Type of POI components to send in a status report.
AcquirerProtocolParameters Components for acquirer
interface of the point of
interaction, including acquirer
hosts.
ApplicationParameters Components of payment
applications running on the point
of interaction.
MerchantParameters Components for the merchant
using the point of interaction.

3 ManagementPlanReplacement (catm.002.001.05) Page 21


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ManagementPlanReplacement Mult. Rule Cstr Usage


Parameters Components for all type of
parameters used the point of
interaction.
TerminalParameters Components for manufacturer
configuration parameters of the
point of interaction.
SecurityParameters Components for security of the
point of interaction.
DelegationScope- [0..1] Identification of the delegation scope assigned by the MTM.
Identification
DelegationScope- [0..1] Definition of the delegation scope
Definition
DelegationProof [0..1] Proof of delegation to be verified by the POI, when performing
the delegated actions.
ProtectedDelegation- [0..1] Protected proof of delegation.
Proof
Trigger [1..*] * Allowed values:
"DateTime": the action is triggered by the information
contained in the Action.TimeCondition data structure
“Host”: the action is triggered through a response sent by a
Host.
"Manual": An operator has to use an administrative
command on the POI to contact the related TM, in order
to not interrupt the flow of transactions.
"SaleEvent": the sale system of the acceptor, driving the
POI system, sends an event to trigger maintenance
actions during an appropriate period.
AdditionalProcess [0..*] Process to perform before or after the TMS action, allowed
values are:
"Reconciliation": the POI has to perform reconciliation
before the action.
"ManualConfirmation": the POI has to ask a confirmation to
the cashier before starting the action.
“Restart” : the POI has to restart the application after the
successful completion of the action and other optional
external conditions (e.g acknowledgement of the
ECR).After the completion of the action and before the
restart of the application, the DataSet identified by
DataSetIdentification must not be used for transaction
processing. The application may be invalid or may used
former DataSet until the restart of the application.
ReTry [0..1] Condition of a retry if the action is not successfully completed.
Delay [1..1] Time period to wait after the last attempt in MMDDhhmm,
leading zeros may be omitted.
MaximumNumber [0..1] Maximum number of retries..
TimeCondition [0..1] C8 Mandatory for Action.Trigger "DateTime",
Absent for Action.Trigger "HostEvent", "Manual", "SaleEvent"
WaitingTime [0..1] C9 Must be absent if StartTime is present.
Time to wait before lauching the action.
Format: MMDDhhmm, leading zeros may be omitted.
StartTime [0..1] C9 Must be absent if WaitingTime is present
Date and time when the action must be started.
EndTime [0..1] Date and time after which the action must not be started and
performed.
Period [0..1] C10 Time period for a cyclic action, absent otherwise.
MaximumNumber [0..1] C10 Maximum number of cycles for a cyclic action. If the value is
0, the number of cycles is limitless.

TMChallenge [0..1] Terminal Manager challenge that the POI has to send in a
StatusReport requesting key download.
KeyEncipherment- [0..*] Certificate chain containing the signed public key encryption
Certificate key of the Terminal Manager used by the POI to send a
session key encryption key.
The format of the certificate is compliant with the DER X.509

3 ManagementPlanReplacement (catm.002.001.05) Page 22


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ManagementPlanReplacement Mult. Rule Cstr Usage


format.
The certificate chain must ordered by starting with the higher
certificate level and ending with the leaf.
ErrorAction [0..*] Processing to be performed after the last action retry fails.
ActionResult [1..*] * Result of the last retry of the action. All values are allowed at
the exception of "Success". If the actual error doesn’t match
any ActionResult listed in this ErrorAction, the rule 5.8
applies
ActionToProcess [1..1] Processing to be performed for the results defined by
ActionResult, allowed values:
SendStatusReport Send a status report immediately,
reporting the result of the action and
requesting a ManagementPlan Then
sending also POIComponent in the
StatusReport
StopSequence Stop the current sequence of terminal
management actions without any
action, and do not notice the error with
a status report.

AdditionalInformation [0..*] Additional information about the maintenance action.


SecurityTrailer [0..1] Digital signature or MAC of the message body
ManagementPlan, including the delimiters (start and end tags
if XML encoding).

369
370

3 ManagementPlanReplacement (catm.002.001.05) Page 23


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

371 3.2 Message Preparation


372
373 The TM or MTM sends back a ManagementPlanReplacement as a response to a StatusReport when one
374 of the following conditions is verified:
375  DataSetRequired is absent in the StatusReport message or
376  DataSetRequired is present in the StatusReport message and DataSetRequired.Type has the
377 value "ManagementPlan" or
378  The TM or MTM needs to receive or collect information from the POI or
379  The StatusReport is a valid message and there is no other kind of message to send back to the
380 POI..
381
382 Should the TM or MTM intend to perform a series of new actions or instruct the POI to execute a new
383 management plan, a ManagementPlanReplacement is sent as a response to a StatusReport with a set of
384 new actions detailed in ManagementPlan.DataSet.Content.
385 When the TM or MTM has no intention to modify the current management plan or change the current list
386 of actions, a ManagementPlanReplacement message is sent back as a response to a StatusReport
387 without ManagementPlan.DataSet.Content. The current list of actions remains unchanged.
388
389 The MTM is the only TM able to delegate and to send a management plan for different TM as expressed
390 in Business Rule C1.
391 When a MTM sends Actions to the POI, it must identify for each Action, not related to the MTM, the
392 TerminalManagerId. The Actions must be grouped by TerminalManagerId as expressed in Business Rule
393 C11.

394
395 Since the ManagementPlanReplacement may only have a ServerCertificate or a ClientCertificate without
396 any certificate chain, it is assumed that the certification authority is unique. Otherwise, it is assumed that a
397 delegation is managed. So in this case, the ManagementPlan must end the SecurityProfile with the value
398 “,ACT=CMRQ” and identify the DelegationScopeIdentification. When receiving this message, the POI must
399 send a CertificateManagementRequest with a self signed certificate with SecurityDomain set with the
400 DelegationScopeIdentification value. These constraints are expressed in Business Rule C15.
401 These assumptions and constraints are temporarily set until version V7.
402

403 3.3 Message Processing


404 The following steps are performed by the POI when receiving a ManagementPlanReplacement as a
405 response to a StatusReport.
406 1. The POI checks the Header of the received message.
407 1.1. The POI stores the Identification of InitiatingParty.
408 1.2. If DownloadTransfer is set to "False", the action is logged in Event with Result containing
409 "InvalidContent" and AdditionalErrorInformation the text value "DownloadTransfer".
410 1.3. FormatVersion should have a version that is supported. If the format cannot be supported the
411 message is discarded. The action is stored in the log of Event with the specific Result
412 "InvalidContent" and AdditionalErrorInformation containing the wrong message element as
413 "FormatVersion”.
414 1.4. ExchangeIdentifier should have the same value as in StatusReport. If not, the action is stored in
415 the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation the text
416 value "ExchangeIdentifier".
417 1.5. CreationDateTime is stored if required.

3 ManagementPlanReplacement (catm.002.001.05) Page 24


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

418 2. If configured the POI checks the signature of the received message as described in [EPAS SECU]. If
419 asymmetric cryptography is used, the POI checks the signature by using the public key contained in
420 the certificate that is present in the security trailer or already defined in the configuration data of the
421 POI. For each terminal manager there is a separate certificate:
422 - certPRMTM_CA(PUMTM_AUTH) if the message was received from the MTM or
423 - certPRMTM_CA(PUTM_AUTH) if the message was received from the TM.
424 If the verification of the signature fails, the error is logged in Event with Result containing
425 "SignatureError" and AdditionalErrorInformation the text value "SecurityTrailer".
426 3. If applicable, the POI checks whether the information in the Certificate Subject correspond to the
427 TerminalManagerIdentification of the message body. If not, the action is logged in Event with Result
428 containing "InvalidContent" and AdditionalErrorInformation the text value "Signer.SignerIdentification".
429 4. The POI checks whether Type of Identification corresponds to "ManagementPlan". If not, the error is
430 logged in Event with Result containing "InvalidContent" and AdditionalErrorInformation the text value
431 "DataSet.Identification.Type".
432 5. The POI checks the completeness, syntax and contents of each action definition grouped by
433 TerminalManagerIdentification present in the received ManagementPlan. In case of an error, the
434 whole management plan is ignored. The list of Action of the previous management plan remains
435 valid. The error is then logged in Event.
436 5.1. The actions are analysed whether the actions are correctly defined. The mandatory data
437 elements have to be present (see ERR3, section 11). All existing data elements have to be
438 correctly formatted (ERR2, section 11).
439 5.2. If an enumeration value of data elements contained in action is unknown, the action may be
440 added to the Event log with Result containing "NotSupported" and AdditionalErrorInformation
441 containing the message component or element.
442 5.3. If the message element Address is not present in the received Action, the POI uses the currently
443 defined address of the TMS (e.g. manually entered at the POI by the user or issued in
444 TMSIdentification of TMSTrigger sent by the acquirer host or intermediary agent in an acquirer
445 protocol response message, or setup up by any another means).
446 5.4. Type or Name in DataSetIdentification is used to identify the category of data to be uploaded,
447 downloaded or deleted:
448 5.4.1. For the action "Upload", DataSetIdentification.Type must be present with the value
449 "StatusReport". All other elements of DataSetIdentification must be absent
450 5.4.2. For the action “Download” if DataSetIdentification.Type contains the value
451 “ManagementPlan”. All other elements must be absent.
452 5.4.3. For the action “Download” if DataSetIdentification.Type doesn’t contain the value
453 “ManagementPlan”, DataSetIdentification.Type must contain either the values
454 ApplicationParameters, AcquirerParameters, MerchantParameters, VendorParameters,
455 TerminalParameters or SecurityParameters; DataSetIdentification.Name must contain
456 the name of the file to be downloaded when file transfer is used and the name of the
457 DataSet to receive for message exchanges. All other elements should be present in
458 DataSetIdentification. If Version is present, the POI must download only this version of
459 the acceptor parameters.
460 5.4.4. For the action Delete, DataSetIdentification.Type and DataSetIdentification.Name must
461 be present.
462 If Type contains the value ApplicationParameters, the parameters previously received by
463 an AcceptorConfigurationUpdate contained in Content.ApplicationParameters and
464 identified by Content.ApplicationParameters.ApplicationIdentification equals to
465 DataSetIdentification.Name are deleted.
466 If Type contains the value AcquirerParameters, all parameters previously received by an
467 AcceptorConfigurationUpdate contained in Content are deleted.
468 Delete action can only be applied by the MTM or a TM which issued the data to delete
469

3 ManagementPlanReplacement (catm.002.001.05) Page 25


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

470 5.4.5. If the value of DataSetIdentification.Type is not managed by this POI, the action is
471 ignored. This action must be logged in Event and Result must contain the value
472 "NotSupported" and AdditionalErrorInformation, the wrong message element
473 "Action.DataSetIdentification.Type".
474 5.5. If Trigger is present and valid, the possible types of events that can initiate the current action are
475 taken into account. If the value of the Trigger not supported by the POI, the action must be
476 ignored. This action must be logged in Event with Result containing "NotSupported" and
477 AdditionalErrorInformation the text value "Action.Trigger".
478 5.6. If AdditionalProcess is present, this pre-condition or post-condition is stored for the current action.
479 If the value is not supported by the POI, the error must be logged in Event with Result containing
480 "NotSupported" and AdditionalErrorInformation containing the wrong message element
481 "Action.AdditionalProcess"; Action must be ignored.
482 5.7. If TimeCondition is present, its content is checked to determine whether the data element are
483 correctly formatted. If the format of a timing parameter in TimeCondition is not correct according
484 to the ISODateTime format or the value of StartTime or EndTime is wrong (e.g. dd > 31; mm-dd =
485 02-30), the complete management plan of the Terminal Manager Identification is discarded and
486 an error must be added in the log of Event with Result containing "FormatError".
487 If the StartTime or the complete TimeCondition is missing for the first action defined for a
488 TerminalManagerIdentification, the StartTime of this action is set to the current date and time plus
489 WaitingTime if set.
490 If StartTime and WaitingTime or the complete TimeCondition are missing for an action defined for
491 a TerminalManagerIdentification, the action should be started as soon as possible.
492
493 Subsequently all other present data elements are checked and stored.
494 5.8. The error actions to be performed are stored with the related action. If there is an ActionResult
495 value of the ErrorAction which is not managed, this ErrorAction must be ignored.
496 Note: The sending of the StatusReport should be the normal reaction in case of an error. The
497 ActionToProcess "SendStatusReport" (Upload StatusReport immediately without executing next
498 actions) should be the recommended error action type to be processed.
499 6. The downloaded management plan replaces all actions defined for this specific TM (MTM or not).
500 7. The POI erases the contents of the existing log of Event per TM, if the log has been sent to the TM.
501 8. Subsequently, the POI starts the execution of the management plan (see section 3.4).
502

503 3.4 Execution of the Management Plan


504 The following rules are defined for the execution of the management plan:
505
506 MNG1: There is one management plan per MTM and one per TM. Each management plan is
507 processed separately.
508
509 Inside a list of Actions sharing the same TerminalManagerIdentification, a sequence of actions is defined
510 as a list of actions with the first action containing a StartTime and each following actions a WaitingTime.
511
512 MNG2: An action including a Retry has to be finished before starting another action or moving to
513 the next management plan (group of Actions with a different
514 TerminalManagerIdentification). So it is not possible to execute two actions in parallel. A
515 sequence of actions has to be finished before starting a subsequent action of the
516 management plan or new management plan.

3 ManagementPlanReplacement (catm.002.001.05) Page 26


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

517 MNG3: If an action of a sequence contains a Period, this action and possible following actions of
518 the sequence (defined with a WaitingTime) are executed periodically. Otherwise the action
519 is executed only once.
520 MNG4: The management plan may contain only one sequence with an action containing a period.
521 MNG5: A sequence may contain only one action with a period.
522 MNG6: When a StartTime is reached the Action must be launched. However, if a StartTime is
523 reached during the execution of a former Action, the action must be executed once all
524 previous actions have finished..
525 MNG7: If several actions of the management plan for a dedicated TerminalManagerIdentification
526 contain a StartTime these actions have to be listed in chronological order.
527 MNG8: For message exchange, a StatusReport must be sent explicitely for each of the
528 DataSetRequired items defined in the ManagementPlan
529 MNG9: If an Action is, whatever the reason (e.g Retry or WaitingTime), outside the time slot
530 dedicated for the maintenance plan defined through the DelegationScopeDefinition, the
531 management plan of this TM must be completed. This case must be logged in Event with
532 Result containing "Success" and AdditionalErrorInformation the text value “Time period
533 exceeded".
534 MNG10: A management plan for a TM must not start before the time slot defined in the
535 DelegationScopeDefinition.
536
537 TMS actions are executed sequentially inside time slot according to StartTime or WaitingTime.
538 1. The timing conditions of each TMS action are analysed:
539 a. If StartTime has expired or WaitingTime is 0, the action must be started after execution of
540 the ManualConfirmation or Reconciliation if they are present in the AdditionalProcess. At
541 the end of the action, the RestartSystem is triggered if present in the
542 AdditionalProcess.The RestartSystem is a reboot which may occured after external
543 conditions (e.g acknowledgement of the ECR). After the execution of the reboot, the POI
544 then moves to the next action.
545 b. If StartTime has been sent and is not reached, the execution of the management plan for
546 this dedicated TerminalManagerIdentification is paused until StartTime is reached and in
547 the meantime POI considers the management plan of the next
548 TerminalManagerIdentification.
549 c. If WaitingTime has been sent and is not equal to 0, the POI waits for WaitingTime
550 2. If TimeCondition of the started action contains Period, the new StartTime is calculated and stored
551 in the management plan of this Terminal Manager. If Period is missing or the action is not part of
552 a sequence, the action must not be executed anymore.
553 3. After execution of an action the next action is analysed. The next action is executed
554 a. if the StartTime is passed or
555 b. if the WaitingTime is reached.
556

3 ManagementPlanReplacement (catm.002.001.05) Page 27


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

557 3.4.1 One-Time Call to the Maintenance Example


558 In the following management plan example, the POI performs only one message exchange for the
559 StatusReport upload and ManagementPlanReplacement download when the StartTime T0 is reached.
560
StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type
T0 - - Download any name ManagementPlan

561 Identification in DataSetRequired of StatusReport is set to "ManagementPlan".


562

563 3.4.2 Cyclic Call and Acquirer Parameters Download Examples


564
565 The first example describes a cyclic call to the maintenance. This is the typicall case for a
566 managementPlanReplacement where TMS requires only to be recall periodically.
567
StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type
T0 - Cycle1 Download any name ManagementPlan

568
569 The first call is started when StartTime T0 is reached. The POI sends a StatusReport message containing
570 DataSetRequired with the same value than DataSetIdentification of the action. The TM or the MTM sends
571 back a ManagementPlanReplacement message.
572
573 In the case where there is nothing new to be downloaded by TMS, the exchange look like this

574
575 Figure 1 : StatusReport with no change on the ManagementPlan
576
577 In case where new parameters are prepared for downloading (let say Acquirer parameters), a new
578 Management Plan is sent to POI
StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type
- - - Download -any first name AcquirerParameters
- - Cycle1 Download -any second name ManagementPlan

579
580 And the exchange looks like this

3 ManagementPlanReplacement (catm.002.001.05) Page 28


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

581
582 Figure 2 : StatusReport with change on ManagementPlan and AcceptorConfigurationUpdate.
583
584 The following calls are performed periodically using Period defined by "Cycle1", with the same exchange
585 of messages described in Figure 1 : StatusReport with no change on the ManagementPlan.
586

587 3.4.3 Cyclic Call after an Acquirer Parameters Download Examples


588 This example presents a sequence of actions with the download of Acquirer parameters followed by a
589 cyclic call.
590 The management plan is processed in the following way:
591 When StartTime T1 is reached, a StatusReport message is sent to request AcquirerParameters. The TM
592 or MTM sends back an AcceptorConfigurationUpdate message containing the whole set of acquirer
593 parameters. The Restart of the POI application with the installed parameters is initiated by the
594 AdditionalProcess.
595 After the waiting time D2, a StatusReport message is sent to request a new management plan.
596 Repeat the last action periodically using Period defined by "Cycle2".
597
StartTime WaitingTime Period Type DataSetIdentification.Name DataSetIdentification.Type
T1 - - Download - AcquirerParameters
- D2 Cycle2 Download - ManagementPlan

598
599

3 ManagementPlanReplacement (catm.002.001.05) Page 29


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

600 3.4.4 Sequence of Parameters Downloads Example


601 According to the following example the POI performs the sequence of actions:
602  Delete all acquirer parameters installed for the POI application if the StartTime T0 is reached.
603 Repeat this action after the time period of T0+Cycle1, T0+Cycle1+Cycle1 etc.
604  Download the AcceptorConfigurationUpdate, if the action before is finished with a WaitingTime of
605 D1. Repeat this action accordingly to the first action.
606  Download the AcceptorConfigurationUpdate, if the action before is finished with a WaitingTime of
607 D2. Repeat this action accordingly to the first action.
608  Restart the POI application with the already installed parameters or install parameters during the
609 restart if the action before is finished with a WaitingTime =0. Repeat this action accordingly to the
610 previous action. This function may also be realised with AdditionalProcess equal to Restart in the
611 previous action. Note that a Restart in the AdditionalProcess means a reboot of the terminal..
612  Upload StatusReport if the action before is finished with a WaitingTime of D4 as request
613 message. The response message contains the new management plan.
614
StartTime WaitingTime Period Type DataSetIdentification.Nam DataSetIdentification.Type
e
T0 - Cycle1 Delete - AcquirerParameters

D1 - Download - AcquirerParameters
- D2 - Download - ApplicationParameters
- - - Restart - -
- D4 - Download - ManagementPlan

615

616 3.5 Error Handling during Management Plan Execution


617 The management plan is executed action by action. If an action has been performed successfully, it is
618 added in the log of Event of the dedicated Terminal Manager Identification and of the Master Terminal
619 Manager if they are different, with Result containing the value "Success" and if no Period is defined to
620 repeat this action the action is not performed anymore. The AdditionalErrorInformation that will be sent to
621 the Master Terminal Manager must contain the identification of the TerminalManager.
622 The management plan may contain for each TMS action a list of ErrorAction. If no ErrorAction is defined,
623 all errors during the processing of this action won’t trigger any specific processing on the POI which must
624 go to the next action in sequence.
625 By using ActionResult, the TMS may define which reaction has to be performed for one specific error type
626 or a range of error types. The following subset of the reactions has to be supported as defined in
627 ActionToProcess:
628  "SendStatusReport": Log the result of the action with the related error and upload a StatusReport
629 immediately to the related Terminal Manager, without executing next actions
630  "StopSequence": Stop the current sequence of terminal management actions without any action,
631 and do not notice the error by sending a status report.
632 There are several error conditions possible during the execution of a Management plan.
633 1. If the file to be downloaded does not exist in the file directory, the action is added to the event log
634 with Result containing "MissingFile".
635 2. If the POI is unable to connect to the TMS for a specific action, the action is added to the event
636 log with Result containing "ConnectionError" and AdditionalErrorInformation containing the
637 number of retries.
638 3. If the communication is terminated during an action, the action is added to the event log with
639 Result containing "ConnectionError" and AdditionalErrorInformation containing the text value
640 "Communication terminated".

3 ManagementPlanReplacement (catm.002.001.05) Page 30


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

641 4. If the connection of POI, in order to download a file,is rejected by the TMS due to access rights,
642 the action is added to the event log with Result containing "AccessDenied" and
643 AdditionalErrorInformation containing the text value "File".
644

645 3.6 Business Rules Validation


646
647 This chapter lists all business rules implying at least 2 different elements inside the message.
648
649
Constraint Literal Definition Involved elements
Number
C1 DataSet.Content.Action.TerminalManagerIdentificati  DataSet.Content.Action.TerminalManagerIdentificati
on must be present if different from on
ManagmeentPlan.TerminalManagerId.Identification  ManagementPlan.TerminalManagerId.Identification
and ManagementPlan.TerminalManagerId.Type =
MasterTerminalManager, or must be absent
otherwise
C2 DataSetIdentification must be present if Action Type  DataSet.Content.Action.Type
is Delete, Update, Upload, Install or Download, and  DataSet.Content.Action.DataSetIdentification
must be absent if Action type is Restart
C3 If Action Type is Delete DataSetIdentification.Type  DataSet.Content.Action.Type
must be set amongst AcquirerParameters,  DataSet.Content.Action.DataSetIdentification.Type
ApplicationParameters, MerchantParameters,
Parameters, SecurityParameters,
TerminalParameters
C4 If Action Type is Update DataSetIdentification.Type  DataSet.Content.Action.Type
must be set amongst AcquirerParameters,  DataSet.Content.Action.DataSetIdentification.Type
ApplicationParameters, MerchantParameters,
Parameters, TerminalParameters
C5 If Action Type is Download,  DataSet.Content.Action.Type
DataSetIdentification/Type must be set amongst  DataSet.Content.Action.DataSetIdentification.Type
AcquirerParameters, ApplicationParameters,
ManagementPlan, MerchantParameters,
Parameters, SecurityParameters, SoftwareModule,
TerminalParameters
C6 If Action.Type=Upload, the 3 elements  DataSet.Content.Action.Type
DataSetIdentification.Name,  DataSet.Content.Action.DataSetIdentification.Name
DataSetIdentification.Version,
DataSetIdentification.CreationDateTime must be  DataSet.Content.Action.DataSetIdentification.Type
absent, and DataSetIdentification.Type must be  DataSet.Content.Action.DataSetIdentification.Versio
equal to StatusReport n
 DataSet.Content.Action.DataSetIdentification.Creati
onDateTime
C7 If Action Type is Install, DataSetIdentification/Type  DataSet.Content.Action.Type
must be set to SoftwareModule  DataSet.Content.Action.DataSetIdentification.Type
C8 TimeCondition must be present, if trigger is Date  DataSet.Content.Action.Trigger
and Time  DataSet.Content.Action.TimeCondition
C9 If WaitingTime is present, then StartTime must be  DataSet.Content.Action.TimeCondition.WaitingTime
absent. If WaitingTime is absent, then StartTime  DataSet.Content.Action.TimeCondition.StartTime
must be present
C10 Period and MaxNumber must be present or absent  DataSet.Content.Action.TimeCondition.Period
together  DataSet;Content.Action.TimeCondition..MaximumN
umber
C11 All Actions for a TerminalManagerIdentification must  DataSet.Content.Action.TerminalManagerIdentificati
be grouped by ascending on.Identification
TerminalManagerIdentification
C12 If Action.Type=Download,and  DataSet.Content.Action.Type
DataSetIdentification.Type=”ManagementPlan’, the  DataSet.Content.Action.DataSetIdentification.Name
3 elements DataSetIdentification.Name,
DataSetIdentification.Version,  DataSet.Content.Action.DataSetIdentification.Type
DataSetIdentification.CreationDateTime must be  DataSet.Content.Action.DataSetIdentification.Versio
absent n

3 ManagementPlanReplacement (catm.002.001.05) Page 31


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

 DataSet.Content.Action.DataSetIdentification.Creati
onDateTime
C13 If Action.Type=Download or Delete, and  DataSet.Content.Action.Type
DataSetIdentification.Type is not equal to  DataSet.Content.Action.DataSetIdentification.Name
”ManagementPlan’, DataSetIdentification.Name
must be present  DataSet.Content.Action.DataSetIdentification.Type

C14 If Action.Type= Install or Update,and  DataSet.Content.Action.Type


DataSetIdentification.Type is not equal to  DataSet.Content.Action.DataSetIdentification.Name
”ManagementPlan’, one of the
DataSetIdentification.Name,  DataSet.Content.Action.DataSetIdentification.Versio
DataSetIdentification.Version, n
DataSetIdentification.CreationDateTime must be  DataSet.Content.Action.DataSetIdentification.Creati
present onDateTime
 DataSet.Content.Action.DataSetIdentification.Type
C15 If SecurityProfile is ended with “,ACT=CMRQ” then  DataSet.Content.Action.RemoteAccess.SecurityProf
the DelegationScopeIdentification should be present ile
 DataSet.Content.Action.DelegationScopeIdentificati
on

650
651
652

3 ManagementPlanReplacement (catm.002.001.05) Page 32


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

653 4 AcceptorConfigurationUpdate (catm.003.001.05)


654

655 4.1 Message Usage


656
657 The AcceptorConfigurationUpdate message contains the following information:
658
AcceptorConfigurationUpdate Mult. Rule Cstr Usage
Header [1..1]
DownloadTransfer [1..1] * True
FormatVersion [1..1] * See StatusReport
ExchangeIdentification [1..1] Unique identifier for the InitiatingParty to detect
duplication of the AcceptorConfigurationUpadet file
transfer, or to assign a AcceptorConfigurationUpdate
response message to the StatusReport request message.
Cyclic counter that increments by one with each new
transfer between the InitiatingParty and the
RecipientParty.
CreationDateTime [1..1] See StatusReport
InitiatingParty [1..1] See StatusReport
Identification [1..1] See StatusReport
Type [0..1] * See ManagementReplacement
Issuer [0..1] Appli See StatusReport
Country [0..1] Appli See StatusReport
ShortName [0..1] Appli See ManagementReplacement
RecipientParty [0..1] Appli See StatusReport
Identification [1..1] See StatusReport
Type [0..1] * See ManagementReplacement
Issuer [0..1] Appli See StatusReport
Country [0..1] Appli See StatusReport
ShortName [0..1] Appli See ManagementReplacement
RemoteAccess [0..1] Access information to reach the target host. (see
StatusReport)
Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificateIdentifier [0..*]
ClientCertificate [0..*]
SecurityProfile [0..1]
AcceptorConfiguration [1..1] AcceptorConfigurationUpdate message body
TerminalManagerIdentification [1..1]
Identification [1..1] See StatusReport
Type [0..1] Appli * See StatusReport
Issuer [0..1] Appli * See ManagementReplacement
Country [0..1] Appli
ShortName [0..1] Appli See ManagementReplacement
DataSet [1..*] The POI has to process several data sets, if present.
Identification [1..1] Identification of the data set
Name [0..1] Name of the data set

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 33


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


Type [1..1] * Allowed values:
"AcquirerParameters": AcquirerProtocolParameters,
HostCommunicationParameters,
ApplicationParameters and MerchantParameters are
present if they need to be created or replaced.
"ApplicationParameters" if only ApplicationParameters is
present.
"MerchantParameters" if only MerchantParameters is
present.
"Parameters" for any combination of parameters in the
message.
"TerminalParameters" if only TerminalParameters is
present.
"SecurityParameters" if only SecurityParameters is
present.
Version [0..1] Version of the parameters, this value is used in the data
element
Acquirer.ParametersVersion of the Acquirer protocol.
CreationDateTime [0..1] * Date and time of the creation of the acceptor parameters.
Time accuracy has to be in seconds.
This element must be present
SequenceCounter [0..1] *
POIIdentification [0..*] Identification of the point of interactions involved by the
configuration data set.
ConfigurationScope [0..1] Scope of the configuration contained in the data set.
PSYS POISystem
Configuration to apply to the whole POI system.
PGRP POIGroup
Configuration to apply to a subset of the whole POI
system.
PSNG SinglePOI
Configuration to apply to a single POI terminal.
Content [1..1]
ReplaceConfiguration [0..1] True if the whole configuration related to this terminal
manager must be deleted prior to taking this new
configuration into account.

False if the configuration related to this terminal manager


has to be updated accordingly to the configuration
included in the message content.
Default value : False.

TMSProtocolParameters [0..*] Configuration parameters of the TMS protocol between a


POI and a terminal manager.
ActionType [1..1] C23 TerminalManagementAction3Code
Type of action for the configuration parameters.
CREA Create
Creation or addition of a new data set.
UPDT Update
Update, or replacement of the data set.
DELT Delete
Data set must be deleted.
TerminalManager- [1..1] Identification of the master terminal manager or the
Identification terminal manager.
Identification [1..1]
Type [0..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
MaintenanceService [1..*] Maintenance services provided by the terminal manager.
Allowed values:

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 34


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


"AcquirerParameters" Acquirer specific configuration
parameters for the point of
interaction (POI) system.
"ApplicationParameters" Payment application specific
configuration parameters for
the point of interaction (POI)
system.
“CertificateParameters” Certificate provided by a
terminal manager.
"MasterTerminalManager" The terminal manager is
the master.
"MerchantParameters" Merchant configuration
parameters for the point of
interaction (POI).
"Monitoring" Monitoring of the terminal
estate.
"SecurityParameters" Point of interaction parameters
related to the security of
software application and
application protocol.
"SoftwareModule" Software module update.
"TerminalParameters" Point of interaction parameters
attached to the terminal.
“TMSProtocolParameters” Configuration parameters
for the TMS protocol.
Version [1..1] Version of the TMS protocol parameters.
ApplicationIdentification [0..*] Identification of applications which may be managed by
the TM, partially or globally.
HostIdentification [1..1] Identification of the terminal manager host.
POIIdentification
[0..1]
InitiatingParty- [0..1] New identification of the initiating party to set in TMS
Identification messages with this terminal manager.
RecipientParty- [0..1] New identification of the recipient party to set in TMS
Identification messages with this terminal manager.
FileTransfer [0..1] Configuration parameters are exchanged per file transfer
protocol rather than per message.
AcquirerProtocolParameters [0..*] Acquirer protocol parameters defined per set of POI
applications.
ActionType [1..1] C23 Type of action for the configuration parameters.
AcquirerIdentification [1..*] * Identification of the acquirer protocol parameters.
AcquirerIdentification must be restricted to [1..1]
Identification [1..1]
Type [0..1] Appli
Issuer [0..1] Appli
ShortName [0..1] Appli
Version [1..1] Version of the Acquirer protocol parameters.
ApplicationIdentification [0..*] Identification of the applications the acquirer protocol
parameters are valid for.
Host [0..*] Repartition of messages per acquirer host.
For a terminal with online capabilities the
HostIdentification including the
HostCommunicationParameters have to be installed
once.
HostIdentification [1..1] Identification of the host used also in
HostCommunicationParameters.
MessageToSend [0..*] List of MessageFunction to be sent to the host (the
message "DiagnosticRequest" must be accepted by all
hosts, even if not present in this list). Allowed values:
"AuthorisationRequest": Request for authorisation
without financial capture.
"BatchTransfer": Transfer the financial data as a
collection of transction.
"CancellationRequest": Request for cancellation.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 35


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


"CancellationAdvice": Advice for cancellation.
"CompletionAdvice": Advice for completion without
financial capture.
"CurrencyConversionRequest": Request for currency
conversion.
"DiagnosticRequest": Request for diagnostic.
"FinancialAuthorisationRequest": Request for
authorisation with financial capture.
"FinancialCompletionAdvice": Advice for completion with
financial capture.
"FinancialReversalAdvice": Advice for reversal with
financial capture.
"ReconciliationRequest": Request for reconciliation.
"ReversalAdvice": Advice for reversal without financial
capture. To workaround an editorial error, the coding
to use for ReversalAdvice is REVV
OnlineTransaction [0..1] Configuration for data capture and completion procedure
of online authorised transactions
If absent, the financial capture for online transaction is not
performed by the acquirer protocol
FinancialCapture [1..1] Definition of capture mechanism for online authorised
transactions, allowed values:
"Authorisation": financial capture performed with an
authorisation exchange.
"Completion": financial capture performed with a
completion exchange.
"Batch": financial capture performed by batch transfer.

BatchTransfer [0..1] C1 If the Online Transactions are captured through Batch the
structure must be present.
.
ExchangePolicy [1..*] * The following policies for the capture procedure by Batch
Transfer are allowed:
"Cyclic": Batch sent periodically according to
TimeCondition ,
"NumberLimit": Batch sent when the number of non-
captured online authorised transaction reaches
MaximumNumber, as well as
"TotalLimit": Batch sent when the total amount of non-
captured online authorised transaction reaches
MaximumAmount.
"OnDemand": Batch exchange is performed if requested
by the acquirer in the previous exchange, or manually
by the acceptor.
and all combinations of these policies.
MaximumNumber [0..1] C2 Maximum number of online transactions (debit and credit)
used as trigger for batch transfer. Failed, declined or
cancellations are not included in the number of
transactions, but debit (or credit) which are cancelled are
part of the counting.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C3 Maximum cumulative amount of online transactions (debit
and credit) used as trigger for batch transfer. Failed,
declined or cancellations are not included in the
cumulative amount, but debit (or credit) which are
cancelled are part of the cumulative amount.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent.
For instance a credit of 10 € and a debit of 8 € imply a
cumulative amount of 18 €.
ReTry [0..1] Retry after a failed batch transfer
Delay [1..1] Time between two successive attempts after a failed
batch transfer.
Format: MMDDhhmm; leading zeros may be omitted.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 36


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


Maximum- [0..1] Maximum number of attempts.
Number
TimeCondition [0..1] C4 Mandatory if at least one ExchangePolicy = "Cyclic"
exists, otherwise absent.
StartTime [0..1] Date and time after which Batch transfer is allowed
EndTime [0..1] Date and time after which Batch transfer is prohibited.
Period [0..1] Period of the cyclic batch transfer.
Format: MMDDhhmm; leading zeros may be omitted.
CompletionExchange [0..1] C5 Configuration of the completion exchange.
Mandatory if FinancialCapture equals to "Completion",
otherwise optional. .
ExchangePolicy [1..*] * Policies for a completion exchange. Allowed values are:
"AsGroup": All completion messages are sent as a
series of messages if the trigger in TimeCondition is
met.
"Immediately": Exchange starts after the online
transaction
"NumberLimit": Exchange starts after a fixed number of
online transactions is reached. MaximumNumber must
be present otherwise the exchange starts immediately.
"OnDemand": Exchange only occurs when
CompletionRequired in the
AcceptorAuthorisationResponse message is set to
"True". This value is allowed only if FinancialCapture is
different from "Completion".
"TotalLimit": Exchange starts as a group of transactions
after the online transaction totals exceed a certain
amount limit. MaximumAmount must be present
otherwise the exchange starts immediately.
Each combination of these policies is allowed.
MaximumNumber [0..1] C6 Maximum number of online transactions used as trigger
for completions sent as group of messages.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C7 Maximum amount used as trigger for completions sent as
group of messages.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent. Sum of the amount of all online
transactions (debit and credit).
ReTry [0..1] Definition of retransmissions for completion exchange
Delay [1..1] Time period to wait between two successive attempts if
the completion sending failed.
Format: MMDDhhmm, leading zeros may be omitted.
Maximum- [0..1] Maximum number of retransmissions
Number
TimeCondition [0..1] C8 Mandatory if at least one ExchangePolicy = "AsGroup"
exists, otherwise must be absent.
StartTime [0..1] Date and time after which completion message is sent.
EndTime [0..1] Date and time after which sending completion exchange
is prohibited
Period [0..1] Period of time between the sending of 2 completion
messages.
Format: MMDDhhmm, leading zeros may be omitted.
ExchangeFailed [0..1] default "False"
This flag indicates that Completion messages of failed
transactions have to be exchanged (
ExchangeDeclined [0..1] default "False"
This flag indicates that Completion messages of online
declined transactions, or declined after the authorisation
has to be exchanged.
CancellationExchange [0..1] default "Advice"
Configuration of the cancellation exchanges for online
authorised transactions.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 37


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


“NotAllowed” Card payment transaction cannot be
cancelled by the acquirer.
“Advice” Card payment transaction may be
cancelled by an advice only.
“Request” Card payment transaction must be
cancelled by a cancellation request
exchange.
OfflineTransaction [0..1] Configuration for data capture and completion procedure
of offline authorised transactions
If absent, the financial capture of offline transaction is not
performed by the acquirer protocol
FinancialCapture [1..1] * Definition of capture mechanism for offline authorised
transactions, allowed values:
"Completion": financial capture performed as part of the
completion exchange.
"Batch": financial capture performed by batch transfer.

BatchTransfer [0..1] C9 If Configuration of FinancialCapture is equal to "Batch",


the structure must be present.
.
ExchangePolicy [1..*] * Policy for a financial capture procedure by batch:
"Cyclic": Batch sent periodically according to
TimeCondition
"NumberLimit": Batch starts after a fixed number of
offline non-captured authorised transactions reaches
MaximumNumber .
"TotalLimit": Batch starts after the total amount of offline
non-captured authorised transactions reaches
MaximumAmount.
"OnDemand": Batch may be exchanged at the choice of
the Acceptor.
Each combination of "Cyclic", "NumberLimit",
“OnDemand” and "TotalLimit" is allowed.
The ExchangePolicy “OnDemand” must always be
allowed on the POI even if this policy is not present.
MaximumNumber [0..1] C10 Maximum number of offline transactions (debit and credit)
used as trigger for batch transfer. Failed, declined or
cancellations are not included in the number of
transactions, but debit (or credit) which are cancelled are
part of the counting.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C11 Maximum cumulated amount of offline transactions (debit
and credit) used as trigger for batch transfer. Failed,
declined or cancellations are not included in the
cumulative amount, but debit (or credit) which are
cancelled are part of the cumulative amount.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent.
ReTry [0..1] Retry after a failed batch transfer
Delay [1..1] Time to wait between two successive attempts after a
failed batch transfer.
Format: MMDDhhmm, leading zeros may be omitted.
Maximum- [0..1] Maximum number of attempts.
Number
TimeCondition [0..1] C12 Mandatory if at least one ExchangePolicy = "Cyclic"
exists, otherwise absent.
StartTime [0..1] Date and time after which Batch transfer should occur..
EndTime [0..1] Date and time after which Batch Rransfer is prohibited
Period [0..1] Period of time for the cyclic batch transfer.
Format: MMDDhhmm, leading zeros may be omitted.
CompletionExchange [0..1] * Configuration of the completion message exchange.
Mandatory if FinancialCapture is equal to "Completion",
otherwise optional. If the structure CompletionExchange
is absent and the structure OfflineTransaction is present,

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 38


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


the ExchangePolicy of CompletionExchange is
considered to have the value "Immediately".
ExchangePolicy [1..*] Policies for a completion exchange. Allowed values are:
C14 "Immediately": Exchange starts after the offline
transaction
"AsGroup": All completion messages are sent as a
series of messages if the trigger in TimeCondition is met.
"AsSoonAsPossible": Exchange starts when the
communication resources become available (e.g. for
the next online transaction if the connection with the
acquirer is down).
"NumberLimit": Exchange starts after a fixed number of
offline transactions is reached. MaximumNumber must
be present otherwise the exchange starts immediately.
"TotalLimit": Exchange starts as a group of transactions
after the offline transaction totals exceed a certain
amount limit. MaximumAmount must be present
otherwise the exchange starts immediately.
Each combination of "AsGroup", "NumberLimit" and
"TotalLimit" is allowed.
MaximumNumber [0..1] C15 Maximum number of offline transactions to be reached
before completion messages are sent as a group of
messages.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C16 Maximum amount of offline transactions (sum of the totals
for debit and credit transactions) to be reached before
completion messages are sent as a group of messages.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent.
ReTry [0..1] Definition of retransmissions for completion exchange.
Delay [1..1] Time period between two successive attempts if the
completion sending has failed.
Format: MMDDhhmm, leading zeros may be omitted.
Maximum- [0..1] Maximum number of retries.
Number
TimeCondition [0..1] C17 Mandatory if at least one ExchangePolicy = "AsGroup"
exists, otherwise must be absent.
StartTime [0..1] Date and time after wich a completion messages should
be sent.
EndTime [0..1] Date and Time after which Completion Exchange is
prohibited
Period [0..1] Period between 2 exchanges of messages by group.
Format: MMDDhhmm, leading zeros may be omitted.
ExchangeFailed [0..1] default "False"
This flag indicates that Completion messages of failed
offline transactions have to be exchanged.
ExchangeDeclined [0..1] default "False"
This flag indicates that Completion messages of offline
declined transactions have to be exchanged.
CancellationExchange [0..1] default "Advice"
Configuration of the cancellation exchanges for offline
authorised transactions.
“NotAllowed” Card payment transaction cannot be
cancelled by the merchant.
“Advice” Card payment transaction may be
cancelled by an advice only.
“Request” Card payment transaction must be
cancelled by a cancellation request
exchange.
ReconciliationExchange [0..1] Configuration of reconciliation exchange. If the structure
is absent, the ExchangePolicy of ReconciliationExchange
is considered to have the value "None".
ExchangePolicy [1..*] C18 Policies for the reconciliation exchange, allowed values:

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 39


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


“Cyclic": Reconciliation is exchanged periodically
according to the TimeCondition.
"None": Reconciliation is never exchanged.
"NumberLimit": Reconciliation is exchanged after a fixed
number of transactions. The element
MaximumNumber must be present to define the
maximum number otherwise the message exchange is
started immediately.
"OnDemand": Reconciliation is exchanged at the choice
of the Acceptor.
"TotalLimit": Reconciliation is exchanged if the total
amount of transactions exceeds a limit of amount the
completions are sent as group. The message element
MaximumAmount must be present the reconciliation is
not performed.
Each combination of "Cyclic", "NumberLimit",
“OnDemand” and "TotalLimit" is allowed.
MaximumNumber [0..1] C19 Maximum number of all transactions (debit and credit) as
trigger for reconciliation. Failed, declined or cancellations
are not included in the number of transactions, but debit
(or credit) which are cancelled are part of the counting.
Mandatory if at least one ExchangePolicy =
"NumberLimit" exists, otherwise absent.
MaximumAmount [0..1] C20 Maximum cumulative amount of all transactions (debit
and credit) as trigger for reconciliation. Failed, declined or
cancellations are not included in the cumulative amount,
but debit (or credit) which are cancelled are part of the
cumulative amount.
Mandatory if at least one ExchangePolicy = "TotalLimit"
exists, otherwise absent.
ReTry [0..1] Definition of retransmissions for reconciliation exchange.
Delay [1..1] Time period to wait between two successive attempts if
the reconciliation sending has failed.
Format: MMDDhhmm, leading zeros may be omitted.
Maximum- [0..1] Maximum number of retries.
Number
TimeCondition [0..1] C21 Timing conditions for reconciliation exchange.
Mandatory if at least one ExchangePolicy = "Cyclic"
exists, otherwise absent.
StartTime [0..1] Date and time after which a reconciliation exchange
should occur
EndTime [0..1] Date and time after which a Reconciliation is prohibited
Period [0..1] Period between 2 reconciliation exchanges.
Format: MMDDhhmm, leading zeros may be omitted.
ReconciliationByAcquirer [0..1] Indicator whether reconciliation period will be defined by
the acquirer. In this case the acquirer protocol response
message must contain the ReconciliationIdentifier.
default “False”
TotalsPerCurrency [0..1] Indicator whether reconciliation totals have to be
calculated per currency.
default “False”
SplitTotals [0..1] default "False"
The flag indicates that totals in reconciliation or batch
must be split per POIGroup and CardProductProfile
according to the presence of these informations in the
messages of the transaction.
ReconciliationError [0..1] After an error in a totals of the Reconciliation, the POI
sends transactions in error in the BatchTransfer
messages.
default “False”
CardDataVerification [0..1] default "False"
When True, an AcceptorCompletionAdvice following an
authorisation exchange must contain either
CardProtectedData or PlainCardData.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 40


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


If False, an AcceptorCompletionAdvice following an
authorisation exchange must not contain
CardProtectedData and PlainCardData.
NotifyOffLineCancellation [0..1] default: "False"
Send a cancellation advice for offline transactions not yet
captured.
BatchTransferContent [0..*] C24 Types of transaction to be present in batch transfer, a
combination of one or several following values:
"DebitCredit": Debit and credit transactions must be
included in the batch.
""Cancellation": Cancellation transactions must be
included in the batch.
"Declined": Non financial declined transactions must be
included in the batch (i.e. not forced by the merchant).
"Failed": Non financial failed transactions must be
included in the batch.
FileTransferBatch [0..1] default "False"
BatchTransfer are exchanged per file transfer protocol
rather than per message.
BatchDigitalSignature [0..1] default "False"
BatchTransfer are authenticated by digital signature
rather than a MAC (Message Authentication Code).
MessageItem [0..*] List of message elements and components to be present
in the acquirer protocol (see section 4.3).
ItemIdentification [1..1] Identification of the message element present in one or
several messages of the acquirer protocol. This is an
absolute path (i.e. starting by the message envelope) or a
relative path to the message element with the XML tags
separated by the character '/' (e.g. the absolute path
/AccptrAuthstnReq/Hdr/RcptPty and the relative
path Envt/POI/Id/Id).
Condition [1..1] Condition of presence of the related message element,
allowed values:
"NotSupported": Message item must be absent.
"Mandatory": Message item must be present.
"ConfiguredValue": Message item must be present with
the content of Value. The message item must not not
represent an XML structure.
"DefaultValue": If the message item is absent, it is
considered to have the content of Value. The message
item must not represent an XML structure.
"AllowedValues": Message item is present with the
content of one of Values. The message item must not
represent an XML structure.
"IfAvailable": Message item has to be present if the data
is available in the application.
"Copy": Message item is present if it was present in a
previous related message with the same value.
Value [0..*] Value to be used for the related message element.
Must be absent for the values "NotSupported",
"Mandatory", "IfAvailable" and "Copy" of Condition.
Mandatory but not repeated for the values
"ConfiguredValue" and "DefaultValue" of Condition.
Mandatory with possible repetitions for the value
"AllowedValue" of Condition.
ProtectCardData [1..1] "True": Acquirer protocol messages must protect sensitive
card data using the ProtectedCardData alternative.
"False": Acquirer protocol messages do not protect
sensitive card data using the PlainCardData alternative.
MandatorySecurityTrailer [0..1] Acceptor parameters dedicated to the merchant.
Default value = True
MerchantParameters [0..*] Configuration parameters under the responsibility of the
merchant.
ActionType [1..1] C23 Type of action for the configuration parameters.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 41


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


MerchantIdentification [0..1] Identification of the merchant for the MTM, if the POI
manages several merchants.
Version [1..1] Version of the merchant parameters.
Proxy [0..1] Local proxy configuration.
Type [1..1] Type of proxy.
HTTP HTTP proxy.
Sock4 Sock4 proxy.
Sock5 Sock5 proxy.
Access [1..1] Access information to the proxy.
OtherParameters [1..1] Merchant parameters.
TerminalParameters [0..*] C23 Manufacturer configuration parameters of the POI.
ActionType [1..1] Type of action for the configuration parameters.
VendorIdentification [0..1] Identification of the vendor for the MTM, if the POI
manages various subsets of terminal parameters.
Version [1..1] Version of the terminal parameters.
ClockSynchronisation [0..1] Parameters to synchronise the real time clock of the POI.
POITimeZone [1..1] Name of the time zone where is located the POI, as
definined by the IANA (Internet Assigned Number
Authority) time zone data base.
SynchronisationServer [0..*] Parameters to contact a time server.
Address [1..1] IP address of the server.
PortNumber [0..1] Port number of the server, if the default port number is not
used.
Delay [0..1] Delay between two contacts of the server.
TimeZoneLine [0..*] Time zone line to update in the time zone data base
subset stored in the POI. The format of the line is conform
to the IANA (Internet Assigned Number Authority) time
zone data base.
LocalDateTime [0..*] Local time offset to UTC (Coordinated Universal Time).
FromDateTime [0..1] Date time of the beginning of the period (inclusive).
ToDateTime [0..1] Date time of the end of the period (exclusive).
UTCOffset [1..1] UTC offset in minutes, of the local time during the period.
For instance, 120 for Central European Time, -720 for
Central Standard Time (North America).
OtherParameters [0..1] Others manufacturer configuration parameters of the
point of interaction.
ApplicationParameters [0..*] Application configuration parameters defined per
ApplicationIdentification.
ActionType [1..1] C23 Type of action for the configuration parameters.
ApplicationIdentification [1..1] Identification of the application defined by the TMS,
vendor, merchant or acquirer (e.g. used for message
element POIComponent.Model)
Version [1..1] Version of the application parameters (e.g. used for
message element POIComponent.VersionNumber)
Parameters [0..*] C22 Contents of the parameters.
If this data element is absent, EncryptedParameters must
be present.
EncryptedParameters [0..1] C22 Sensitive parameters (sequence of Parameters including
the component identifier) encrypted with a cryptographic
key, using CMS ContentType "EnvelopedData".
If this data element is absent, at least one occurrence of
Parameters must be present.
HostCommunication- [0..*] Configuration parameters related to the communication
Parameters with an acquirer host or a terminal manager host.
ActionType [1..1] C23 Type of action for the configuration parameters.
HostIdentification [1..1] Identification of the host operated by the acquirer or
intermediate agent.
Address [0..1] Network parameters of the host.
see StatusReport/Action/RemoteAccess

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 42


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificate- [0..*]
Identifier
Key [0..*] Cryptographic key to be used for message element
protection (see section 4.4)
KeyIdentification [1..1] Identification of the cryptographic key.
KeyVersion [1..1] Version of the cryptographic key.
SequenceNumber [0..1] Number of usages of the cryptographic key.
DerivationIdentification [0..1] Identification used for derivation of a unique key from a
master key provided for the data protection.
Type [0..1] Type of algorithm used by the cryptographic key.
Function [0..*] Allowed usage of the key.
NetworkServiceProvider [0..1] Access information to reach an intermediate network
service provider.
Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificate- [0..*]
Identifier
ClientCertificate [0..*]
SecurityProfile [0..1]
SecurityParameters [0..*] POI parameters related to the security of software
application and application protocol.
ActionType [1..1] C23 Type of action for the configuration parameters.
Version [1..1] Version of the security parameters.
POIChallenge [0..1] Challenge generated by the POI in the StatusReport
requesting security parameters data set.
TMChallenge [0..1] Challenge generated by the Terminal Manager to be sent
by the POI in the StatusReport reporting the result of the
security parameters data set download and installation.
SymmetricKey [0..*] Symetric key to inject in the POI, protected by the
temporary key previously sent by the POI in the
StatusReport.
Identification [1..1] see
HostCommunicationParameters.Key.KeyIdentification.
AdditionalIdentification [0..1] see
HostCommunicationParameters.Key.DerivationIdentificati
on.
Version [1..1] see HostCommunicationParameters.Key.KeyVersion.
Type [0..1] Type of cryptographic key, allowed values:
“AES128” AES (Advanced Encryption Standard) 128
bits cryptographic key as defined by the
Federal Information Processing Standards
(FIPS 197 - November 6, 2001 - Advanced
Encryption Standard).
“AES192” AES (Advanced Encryption Standard) 192
bits cryptographic key as defined by the
Federal Information Processing Standards
(FIPS 197 - November 6, 2001 - Advanced
Encryption Standard).

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 43


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AcceptorConfigurationUpdate Mult. Rule Cstr Usage


“AES256” AES (Advanced Encryption Standard) 256
bits cryptographic key as defined by the
Federal Information Processing Standards
(FIPS 197 - November 6, 2001 - Advanced
Encryption Standard).
“DES112” Data encryption standard key of 112 bits
(without the parity bits).
“DES168” Data encryption standard key of 168 bits
(without the parity bits)
“DUKPT2009” DUKPT (Derived Unique Key Per
Transaction) key, as specified in ANSI
X9.24-2009 Annex A.

Function [1..*] Functions of cryptographic key, allowed values:


"Decryption" Key used for decryption.
"DataDecryption" Key used for decrypting data.
"DataEncryption" Key used for encrypting data.
"Encryption" Key used for encryption.
"KeyDerivation" Key used for deriving other keys.
"KeyGeneration" Key used to generate other keys.
"KeyImport" Key used to import other keys.
"KeyExport" Key used to export other keys.
"MessageAuthenticationCodeGeneration"
Key used to generate message
authentication codes (MAC).
"MessageAuthenticationCodeVerification"
Key used to verify message
authentication codes (MAC).
“PINDecryption” Key used to decrypt a PIN.
“PINEncryption” Key used to encrypt a PIN.
“PINVerification” Key used to verify a PIN.
"SignatureGeneration"
Key used to generate digital
signature.
"SignatureVerification"
Key used to verify digital signature.
"TranslateInput" Key used to encrypt information
before translation.
"TranslateOutput" Key used to encrypt information after
translation.
ActivationDate [0..1] Date and time on which the cryptographic key must be
activated.
DeactivationDate [0..1] Date and time after which the cryptographic cannot have
an active usage.
KeyValue [1..1] Encrypted value of the key present as CMS structure
EnvelopedData
SecurityTrailer [0..1] Digital signature or MAC of the message body
AcceptorConfiguration, including the delimiters (start and
end tags if XML encoding).
659

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 44


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

660 4.2 Message Processing


661
662 The POI System processes the download of the message AcceptorConfigurationUpdate in the following
663 ways:
664 1. If configured the POI checks the signature of the received message. If the signature or the MAC
665 verification fails, the error is stored in the log of Event with Result containing "SignatureError".
666 The AcceptorConfiguration is then deleted from the internal memory of the POI.
667 2. The POI checks whether the dataset category present in Type of Identification sent in the
668 StatusReport corresponds to one of the type received (e.g. AcquirerParameters). If there is no
669 Type corresponding to Identification, the error is stored in the log of Event with the Result
670 containing "InvalidContent" and AdditionalErrorInformation containing the text value
671 "Identification.Type". The AcceptorConfiguration is then deleted from the internal memory of the
672 POI.
673 3. The POI checks CreationDateTime of AcceptorConfigurationUpdate. The POI must only accept a
674 more recent CreationDateTime.
675 Note: The reload of a previous version of a parameter file may be implemented by signing again
676 the file with a new CreationDateTime.
677 4. The structure Content is analysed.
678 a. The content of AcquirerProtocolParameters is described in Section 4.3.
679 b. The content of ApplicationParameters is used to update the data basis for the payment
680 application. If present, ApplicationParameters contain ApplicationIdentification, the
681 Version of the application and Parameters. The content of Parameters is application
682 specific.
683 c. The content of MerchantParameters is used to update the configuration parameters of
684 the POI related to the merchant. The internal structure of the MerchantParameters is
685 merchant specific.
686 d. The HostCommunicationParameters determines Address (NetworkParameters) for each
687 HostIdentification as described in Section 4.4.
688 5. If the POI does not approve the content of any element contained in the
689 AcquirerProtocolParameters, MerchantParameters, HostConfiguration and/or
690 HostCommunicationParameters, the POI must log the error in Event with Result containing
691 "InvalidContent". AdditionalErrorInformation indicates the position of the error as a text value. The
692 whole AcceptorConfiguration is then deleted from the internal memory and the former
693 configuration stay valid.
694 If the whole content is correct, the POI replaces or updates the existing parameters by installing and
695 activating the downloaded parameters.
696 Since the POI may receive parameters from different TMs, it should manage these parameters according
697 to the TM Identification, as illustrated by the following figures.
698

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 45


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

699
700 Figure 3 Parameters management with multiple TM
701
702 So in order to allow multiple TMs to send parameters to POI, the following rules apply:
703
704 6. If a POI receives a CREATE for a type of Parameter (TMSProtocolParameters,
705 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
706 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
707 parameters of this type, the POI must replace all Parameter of this type coming from this TM.
708 Considering the previous figure as the data structure, previous parameters present in the set
709 identified by the TM identification are deleted and replaced by new ones.
710 7. If a POI receives a CREATE for a type of Parameter (TMSProtocolParameters,
711 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
712 HostCommunicvationParameters, SecurityParameters) from a TM with no previous received
713 parameters of this type, the POI must create all Parameter of this type coming from this TM.
714 Considering the previous figure as the data structure, a new set of parameter identified by the TM
715 Identification is created.
716 8. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
717 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
718 HostCommunicvationParameters, SecurityParameters) from a TM with no previous received
719 parameters of this type, the POI must create all Parameter of this type coming from this TM.
720 Considering the previous figure as the data structure, a new set of parameter identified by the TM
721 Identification is created
722 9. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
723 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
724 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
725 parameters of this type. If the keyIdentification (MerchantIdentification, VendorIdentification,
726 ApplicationIdentification, HostIdentification) is not known by the POI, the POI must reject the whole
727 set of received Parameters as an “InvalidContent. Considering the previous figure as the data
728 structure, the whole structure is unchanged
729 10. If a POI receives an UPDATE for a type of Parameter (TMSProtocolParameters,
730 AcquirerProtocolParameters, MerchantParameters, TerminalParameters, ApplicationParameters,
731 HostCommunicvationParameters, SecurityParameters) from a TM with previous received
732 parameters of this type. If the keyIdentification (MerchantIdentification, VendorIdentification,
733 ApplicationIdentification, HostIdentification) is already known by the POI, ”. the POI must update
734 this Parameter identification of this type with the one coming from this TM. Considering the previous
735 figure as the data structure, the parameter identified by the key Identification is replaced.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 46


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

736 11. CREATE and UPDATE are identical for TMSProtocolParameters or SecurityParameters.
737
738
739
740

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 47


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

741 4.3 Acquirer Protocol Parameters


742 AcquirerProtocolParameters may refer to one or more acquirers identified by AcquirerIdentification
743 (acquirer protocol parameters). This set of parameters may also be used for one or a set of POI
744 applications identified by ApplicationIdentification.

745 4.3.1 Configuration of Data Capture and Completion for Online Transactions
746 OnlineTransaction is used for financial data capture, batch transfer and completion exchange
747 configuration.

748 4.3.1.1 Financial Capture


749 FinancialCapture may have one of the following values for online transactions:
750
Value Usage
Authorisation Data capture is part of an authorisation exchange. TransactionCapture is set to True in the related
AcceptorAuthorisationRequest message.
Batch Data capture is part of a batch transfer.
Completion Data capture is part of a completion exchange. TransactionCapture is set to True in the related
AcceptorCompletionAdvice message.
No financial capture or done by other means If OnlineTransaction is absent from the
AcquirerProtocolParameters

751
752 If FinancialCapture contains another value than the first three values listed above, the complete DataSet
753 must be ignored and the action may be stored in the log of Event with Result populated with
754 "InvalidContent" and AdditionalErrorInformation containing the text value
755 "OnlineTransaction.FinancialCapture". The value of FinancialCapture before update must be used then if
756 present.
757

758 4.3.1.2 Batch Transfer


759 Should OnlineTransactions.FinancialCapture be equal to "Batch"; BatchTransfer determines the
760 behaviour of the POI for capturing online transactions using ExchangePolicy, MaximumNumber,
761 MaximumAmount and/or TimeCondition. For all other values of OnlineTransactions.FinancialCapture, the
762 element BatchTransfer must be absent.
763 If ExchangePolicy contains a value different from "Cyclic", “OnDemand”, "NumberLimit" or "TotalLimit";
764 the complete DataSet is ignored and an error may be stored in the log of Event with Result containing
765 "InvalidContent" and AdditionalErrorInformation containing the text value
766 "OnlineTransactions.BatchTransfer.ExchangePolicy".
767 If ExchangePolicy contains either “NumberLimit” or “TotalLimit”, the trigger are evaluated regardless of
768 any other value of ExchangePolicy. Then in case of coexistence, the smaller must trig the
769 ExchangePolicy.
770 If ExchangePolicy contains a time condition, the Batch must be sent without filtering its content. The time
771 condition for OnlineTransaction and OfflineTransaction should be identical.
772
773
774 ExchangePolicy with "Cyclic" value
775 If ExchangePolicy has the value "Cyclic"; StartTime and Period in TimeCondition are used to define the
776 timing of the cyclic batch transfer. The configuration of BatchTransfer contains an error if one of these
777 elements is missing. The complete DataSet must be ignored and an error may be stored in the log of
778 Event with Result containing "InvalidContent" and AdditionalErrorInformation containing the text value
779 "BatchTransfer.TimeCondition".

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 48


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

780 ReTry is present to define the maximum number and the delay for retries for the batch transfers in case of
781 communication errors. The element EndTime may be used to stop the process of this cyclic batch
782 transfer.
783 MaximumNumber, MaximumAmount and all other elements of TimeCondition must be ignored since
784 these are not used by the “Cyclic” policy but may be relevant for instance for other ExchangePolicy.
785
786 ExchangePolicy with "NumberLimit" value
787 If ExchangePolicy has the value "NumberLimit", MaximumNumber must be present. If this element is
788 missing the configuration of the BatchTransfer contains an error. The complete DataSet must be ignored
789 and the error may be stored in the log of Event with the Result "InvalidContent" with the
790 AdditionalErrorInformation "BatchTransfer.MaximumNumber".
791
792 ExchangePolicy with "TotalLimit" value
793 If ExchangePolicy has the value "TotalLimit", MaximumAmount must be present. If this element is missing
794 the configuration of the BatchTransfer contains an error. The complete DataSet must be ignored and the
795 error may be stored in the log of Event with the Result "InvalidContent" with the
796 AdditionalErrorInformation "BatchTransfer.MaximumAmount".
797
798 ExchangePolicy with "OnDemand" value
799 If ExchangePolicy has the value "OnDemand", Batch is exchanged at the choice of the Acceptor. If there
800 are other occurrences with other value than "OnDemand", it means that the Batch may be exchanged at
801 the choice of the Acceptor, in addition to that other ExchangePolicy.
802

803 4.3.1.3 Completion Exchange


804 CompletionExchange defines the behaviour of the POI for a completion exchange subsequent to an
805 online transaction using ExchangePolicy, MaximumNumber, MaximumAmount, Retry and TimeCondition.
806 For the definition of CompletionExchange for online transactions, ExchangePolicy may have one or
807 several of the following values:
808
Value Usage
Immediately A completion exchange starts immediately after the online transaction
NumberLimit A completion exchange starts after a fixed number of online transactions. MaximumNumber must
be present.
TotalLimit A completion exchange starts when the online transaction totals exceed a total limit amount.
MaximumAmount must be present.
AsGroup All completion messages are sent as a series of messages when TimeCondition is reached.
OnDemand A completion exchange starts when CompletionRequired in the AcceptorAuthorisationResponse
message is set to "True".

809
810 If ExchangePolicy contains a value different from the values listed above; the configuration must be
811 ignored and the action may be stored in Event with Result containing "InvalidContent" and
812 AdditionalErrorInformation containing the text value "CompletionExchange.ExchangePolicy".
813 If ExchangePolicy contains the value "AsGroup"; StartTime and Period in TimeCondition are used to
814 define the timing of the cyclic completion exchange. If one of these elements is missing, the configuration
815 of the completion exchange contains an error. The complete DataSet must be ignored and the error may
816 be stored in the log of Event with Result containing "InvalidContent" and AdditionalErrorInformation
817 containing the text value "CompletionExchange.TimeCondition".
818 ReTry may be present to define the maximum number of and the delay for retransmissions of completion
819 messages.

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 49


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

820 All other elements of the component TimeCondition that are not used for the present exchange policies
821 will be ignored.
822

823 4.3.2 Configuration of Data Capture and Completion for Offline Transactions
824 OfflineTransaction determines the data capture mechanism, batch transfer and completion exchange
825 configuration for offline transactions.

826 4.3.2.1 Financial Capture


827 FinancialCapture may have one of the following values:
828
Value Usage
Batch Data capture is part of the batch transfer
Completion Data capture is part of the completion exchange
No message is sent. Data capture is performed by other means if OfflineTransaction is absent from
the AcquirerProtocolParameters.

829
830 The current value of FinancialCapture is used if it belongs to the above table.
831 If FinancialCapture contains a different value from the two first ones listed above, the complete DataSet
832 must be ignored and the action may be logged in Event with Result containing "InvalidContent" and
833 AdditionalErrorInformation containing the text value "OfflineTransaction.FinancialCapture".
834

835 4.3.2.2 Batch Transfer


836 Should OfflineTransactions.FinancialCapture contain the value "Batch"; BatchTransfer determines the
837 behaviour of the POI for the capture of offline transactions by using ExchangePolicy, MaximumNumber,
838 MaximumAmount and/or TimeCondition (see section 4.3.1.2).
839

840 4.3.2.3 Completion Exchange


841 CompletionExchange determines the behaviour of the POI for a completion exchange subsequent to an
842 offline transaction using ExchangePolicy, MaximumNumber, MaximumAmount or TimeCondition.
843 ExchangePolicy may have one or several of the following values:
844
Value Usage
AsGroup Completion exchange messages are sent as a series of messages when TimeCondition is
reached.
AsSoonAsPossible A completion exchange starts with the next online transaction
Immediately A completion exchange starts after the current offline transaction
NumberLimit A completion exchange starts after a fixed number of transactions defined in
MaximumNumber is reached. MaximumNumber must be present;.
TotalLimit The completion exchange starts when offline transaction totals exceed a total limit amount
defined in MaximumAmount. MaximumAmount must be present;
No completion exchange is required. If OfflineTransaction is absent from the
AcquirerProtocolParameters

845
846 If ExchangePolicy contains a different value from the values listed above, the configuration must be
847 ignored and the action may be logged in Event with Result containing "InvalidContent" and
848 AdditionalErrorInformation containing the text value "OfflineTransactions.ExchangePolicy".

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 50


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

849
850 If ExchangePolicy contains the value "AsGroup", the message elements StartTime and Period in
851 TimeCondition are used to define the timing of the completion exchange.
852 ReTry may be used to define the maximum number of and the delay for retransmissions of completion
853 advices.
854 All other elements of TimeCondition not used for the present exchange policies must be ignored.
855
856 If ExchangePolicy contains either “NumberLimit” or “TotalLimit”, the trigger are evaluated regardless of
857 any other value of ExchangePolicy. Then in case of coexistence, the smaller must trig the
858 ExchangePolicy.
859 If ExchangePolicy contains a time condition, the Batch must be sent without filtering its content. The time
860 condition for OnlineTransaction and OfflineTransaction should be identical.
861

862 4.3.3 Configuration of Reconciliation


863 ReconciliationExchange determines the behaviour of the POI for the reconciliation with an acquirer by
864 using ExchangePolicy and TimeCondition.
865 ExchangePolicy may contain one or several of the following values:
866
Value Usage
Cyclic Start time and Period defined by the Acquirer. The element TimeCondition has to contain the
elements StartTime and Period otherwise the reconciliation message is sent on demand.
None Reconciliation exchange not performed
NumberLimit After a fixed number of transactions. The element MaximumNumber must be present to define the
maximum otherwise the reconciliation is not performed.
TotalLimit If transaction totals exceed a limit of amount. The element MaximumAmount must be present
otherwise the reconciliation is not performed.
OnDemand Reconciliation exchange is performed at the choice of the Acceptor.

867
868 If one of the occurrences of ExchangePolicy contains a value different from the values listed above, the
869 configuration must be ignored and the action may be stored in the log of Event with Result containing
870 "InvalidContent" and AdditionalErrorInformation containing the text value
871 "ReconciliationExchange.ExchangePolicy".
872 If the ReconciliationExchange configuration is missing and ExchangePolicy has not been configured
873 before, ReconciliationExchange.ExchangePolicy has to be considered as "None".
874 TimeCondition is only present in case of one of the elements ExchangePolicy contains the value "Cyclic".
875 Otherwise the component TimeCondition must be absent.
876
877

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 51


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

878 4.3.4 Other Acquirer Protocol Configuration Parameters


879

880 4.3.4.1 BatchTransferContent


881
882 BatchTransferContent contains the following values:
883
Value Usage
DebitCredit Data capture containing debit and credit transactions. To be captured by the POI (i.e. payment,
payment reservation and refund transactions).
Cancellation When a transaction of the batch is cancelled, the batch contains both the cancelled transaction
and the transaction of cancellation.
Failed Data capture containing failed transactions. Failed or aborted transactions to be captured by the
POI.
Declined Online declined transactions

884
885

886 4.3.4.2 MessageItem


887 MessageItem determines the condition of presence for the message elements in the nexo Acquirer
888 protocol messages.
889 A message component or element that can be populated by configuration is identified by the rule "Config"
890 in the nexo Acquirer Protocol specifications.
891 MessageItem.ItemIdentification: A message element in the nexo Acquirer protocol message is identified
892 by its absolute or relative path from the XML root of the message, using XML tag separated by the
893 character "/".
894 For instance, the message element RecipientParty in the header of the AcceptorBatchTransfer message
895 has the absolute path AcceptorBatchTransfer.Header.RecipientParty is identified in ItemIdentification by:
896 the value "/AccptrBtchTrf/Hdr/RcptPty". The Identification data element of the POI identification in all the
897 messages has relative path Environment.POI.Identification.Identification is identified in ItemIdentification
898 by the value "Envt/POI/Idt/Idt".
899 For each message item, Condition defines the behaviour of the message element in the acquirer protocol.
900 The condition is valid for all relevant messages sent to the acquirer identified in
901 AcquirerProtocolParameters.AcquirerIdentification. Following values of the Condition are allowed:
902
Value Usage
AllowedValues Recipient supports only a set of values defined in the value list. This configuration is not used
for the configuration of the POI but for the host system.
Copy Message element is sent in the response with the same value as in the request.
DefaultValue Message element has the default value defined in the value list. The POI does not send the
message element if the value equals the default value.
IfAvailable Message element is sent if it is available in the payment application.
Mandatory Message element must be present in the acquirer protocol message.
NotSupported Message element is not supported by the recipient. This configuration is not used for the
configuration of the POI but for the host system.
ConfiguredValue Message element is mandatory and takes the specific value defined in the element Value. The
POI uses this specific value for each message.
903

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 52


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

904 4.4 Host Communication Parameters


905 The configuration of the host communication parameters for the POI for connecting a host system, a TMS
906 Server or a Sale System (currently restricted to IP communication) are defined in the Address structure.
907 The Addresses for connections can be defined per HostIdentification. The data elements for defining
908 access are repeatable, allowing to define several means for a single server.
909 The structure of the Address element is the following one.
910
Data element Usage
Address Repeatable element to define NetworkType and AdressValue
UserName User name to be issued to the server (e.g. FTP user name)
AccessCode User AccessCode to be issued to the server (e.g. FTP user AccessCode)
ServerCertificate

ServerCertificateIdentifier

911
912 The repeatable element Address contained in the element Address is described as follow.
913
Data element Usage
NetworkType Type of network used for the connection (e.g. Ethernet, PSTN, GPRS,…)
AddressValue Value which identifiy the access in the given network ( e.g for Ethernet : IP address +
port,…)

914
915

916 4.5 Business Rules Validation


917
918 This chapter lists all business rules implying at least 2 different elements inside the message.
919
920
Constraint Literal Definition Involved elements
Number
C1 If the Online Transactions are captured through  OnlineTransaction.FinancialCapture
Batch, the BatchTransfer element must be present,  OnlineTransaction.BatchTransfer
otherwise it must be absent
C2 If the Batch Transfer of Online transaction is  OnlineTransaction.BatchTransfer.ExchangePolicy
managed at least by a NumberLimit of transaction,  OnlineTransaction.BatchTransfer.MaximumNumber
then the element MaximumNumber must be present
C3 If the Batch Transfer of Online transaction is  OnlineTransaction.BatchTransfer.ExchangePolicy
managed at least by a TotalLimit of transaction,  OnlineTransaction.BatchTransfer.MaximumAmount
then the element MaximumAmount must be
present otherwise it must be absent
C4 If the Batch Transfer of Online transaction is  OnlineTransaction.BatchTransfer.ExchangePolicy
managed at least by a Cyclic ExchangePolicy, then  OnlineTransaction.BatchTransfer.TimeCondition
the element TimeCondition must be present with at
StartTime and Period, otherwise it must be absent  OnlineTransaction.BatchTransfer.TimeCondition.Sta
rtTime
 OnlineTransaction.BatchTransfer.TimeCondition.Per
iod
C5 If the Online Transactions are captured through  OnlineTransaction.FinancialCapture
Completion, the CompletionExchange element must  OnlineTransaction.CompletionExchange
be present
C6 If the Completion of Online transaction is managed  OnlineTransaction.CompletionExchange.Exchange
at least by a NumberLimit of transaction, then the Policy

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 53


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

element MaximumNumber must be present  OnlineTransaction.


otherwise it must be absent CompletionExchange.MaximumNumber
C7 If the Completion of Online transaction is managed  OnlineTransaction.
at least by a TotalLimit of transaction, then the CompletionExchange.ExchangePolicy
element MaximumAmount must be present  OnlineTransaction.
otherwise it must be absent CompletionExchange.MaximumAmount
C8 If the Completion of Online transaction is managed  OnlineTransaction.
at least by a AsGroup ExchangePolicy, then the CompletionExchange.ExchangePolicy
element TimeCondition must be present with at  OnlineTransaction.
StartTime and Period otherwise it must be absent CompletionExchange.TimeCondition
 OnlineTransaction.
CompletionExchange.TimeCondition.StartTime
 OnlineTransaction.
CompletionExchange.TimeCondition.Period
C9 If the Offline Transactions are captured through  OfflineTransaction.FinancialCapture
Batch, the BatchTransfer element must be present  OfflineTransaction.BatchTransfer
C10 If the Batch Transfer of Offline transaction is  OfflineTransaction.BatchTransfer.ExchangePolicy
managed at least by a NumberLimit of transaction,  OfflineTransaction.BatchTransfer.MaximumNumber
then the element MaximumNumber must be present
otherwise it must be absent
C11 If the Batch Transfer of Offline transaction is  OfflineTransaction.BatchTransfer.ExchangePolicy
managed at least by a TotalLimit of transaction,  OfflineTransaction.BatchTransfer.MaximumAmount
then the element MaximumAmount must be
present otherwise it must be absent
C12 If the Batch Transfer of Offline transaction is  OfflineTransaction.BatchTransfer.ExchangePolicy
managed at least by a Cyclic ExchangePolicy, then  OfflineTransaction.BatchTransfer.TimeCondition
the element TimeCondition must be present with
StartTime and Period, otherwise it must be absent  OfflineTransaction.BatchTransfer.TimeCondition.Sta
rtTime
 OfflineTransaction.BatchTransfer.TimeCondition.Per
iod
C13
C14 If the ExchangePolicy of the CompletionExchange  OfflineTransaction.CompletionExchange.Exchange
of OfflineTransaction is set to Immediately or Policy
AsSoonAsPossible, there musn’t be another
ExchangePolicy
C15 If the Completion of Offline transaction is managed  OfflineTransaction.CompletionExchange.Exchange
at least by a NumberLimit of transaction, then the Policy
element MaximumNumber must be present  OfflineTransaction.
otherwise it must be absent CompletionExchange.MaximumNumber
C16 If the Completion of Offline transaction is managed  OfflineTransaction.
at least by a TotalLimit of transaction, then the CompletionExchange.ExchangePolicy
element MaximumAmount must be present  OfflineTransaction.
otherwise it must be absent CompletionExchange.MaximumAmount
C17 If the Completion of Offline transaction is managed  OfflineTransaction.
at least by a Cyclic ExchangePolicy, then the CompletionExchange.ExchangePolicy
element TimeCondition must be present with  OfflineTransaction.
StartTime and Period, otherwise it must be absent CompletionExchange.TimeCondition
 OfflineTransaction.
CompletionExchange.TimeCondition.StartTime
 OfflineTransaction.
CompletionExchange.TimeCondition.Period
C18 If the ExchangePolicy of the  ReconciliationExchange.ExchangePolicy
ReconciliationExchange is set to None there musn’t
be another ExchangePolicy
C19 If the ExchangePolicy of ReconciliationExchange is  ReconciliationExchange.ExchangePolicy
managed at least by a NumberLimit of transaction,  ReconciliationExchange.MaximumNumber
then the element MaximumNumber must be present
otherwise it must be absent
C20 If the ExchangePolicy of ReconciliationExchange is  ReconciliationExchange.ExchangePolicy
managed at least by a TotalLimit of transaction,  ReconciliationExchange.MaximumAmount
then the element MaximumAmount must be
present otherwise it must be absent
C21 If the ExchangePolicy of ReconciliationExchange is  ReconciliationExchange.ExchangePolicy
managed at least by a Cyclic ExchangePolicy, then  ReconciliationExchange.TimeCondition
 ReconciliationExchange.TimeCondition.StartTime

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 54


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

the element TimeCondition must be present with  ReconciliationExchange.TimeCondition.Period


StartTime and Period, otherwise it must be absent
C22 If there is no Parameters in ApplicationParameters,  ApplicationParameters.Parameters
EncryptedParameters must be present  ApplicationParameters.EncryptedParameters
If there is no EncryptedParameters in
ApplicationParameters, Parameters must be
present
C23 If we ReplaceConfiguration of a Terminal Manager  ReplaceConfiguration
we must only create new parameters,  ActionType
C24 BatchTransferContent must be present if  OnlineTransaction.FinancialCapture
OnlineTransaction.FinancialCapture is Batch or if  OfflineTransaction.FinancialCapture
OfflineTransaction.FinancialCapture is Batch.
 BatchTransferContent

921
922

4 AcceptorConfigurationUpdate (catm.003.001.05) Page 55


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

923 5 TerminalManagementRejection (catm.004.001.04)


924

925 5.1 Introduction


926 The TerminalManagementRejection allows the rejection of any TMS messages from a POI, a MTM or a
927 TM.
928
929 A RecipientParty sends a TerminalManagementRejection message to an InitiatingParty to indicate that
930 the RecipientParty could not process the received message.
931
InititatingParty
InititatingParty RecipientParty

TMS message

message couldn’t
be processed
Rejection
TerminalManagement

932
933 Figure 4: Rejection of a TMS message
934
935 The TerminalManagementRejection message contains the reason of the rejection (RejectReason), some
936 additional information on the rejection (AdditionalInformation) for further analysis, and the rejected
937 message itself (MessageInError) which may be compared to the message sent.
938
939 The TerminalManagementRejection message must be sent in the following cases:
940
941 1. The envelope of the received message is incorrect.
942 RejectReason contains the value InvalidMessage. It is recommended to include the optional fields
943 AdditionalInformation to provide the details of the error. MessageInError contains the received
944 message with the error.
945
946 2. The rejected message cannot be decoded properly; the syntax or the semantic is invalid.
947 RejectReason contains the value ParsingError. It is recommended to include the optional fields
948 AdditionalInformation to provide the details of the decoding error. MessageInError contains the
949 received message with the coding error.
950
951 3. The identification of the rejected message is invalid.
952 RejectReason contains the value InitiatingParty or RecipientParty. No other field is required.
953 AdditionalInformation may contain the invalid identifier.
954
955 4. The verification of the security of the rejected message fails.
956 RejectReason contains the value Security. It is recommended to include the optional fields
957 AdditionalInformation to provide the details of the security error. MessageInError contains the
958 received message with the security error.
959
960 5. The rejected type of message is not supported by the RecipientParty, and then the RecipientPartyis
961 not able to send a message response to the InitiatingParty.
962 RejectReason contains the value MessageType. No other field is required. AdditionalInformation

5 TerminalManagementRejection (catm.004.001.04) Page 56


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

963 may contain the invalid MessageFunction value.


964
965 6. The version of the protocol used for the message (Header.FormatVersion) is not supported by the
966 RecipientParty which is not able to send a message response of this version to the InitiatingParty.
967 RejectReason contains the value ProtocolVersion and AdditionalInformation the invalid protocol
968 version.
969
970 7. The RecipientParty is not able to process the message for lack of resources. For that reason, a
971 message response could not be built and the message is not processed.
972 RejectReason has the value UnableToProcess. AdditionalInformation contains the reason for which
973 the message could not be processed.
974
975 8. The RecipientParty must not respond to a received TerminalManagementRejection.
976
977 The reaction of the InitiatingParty to an TerminalManagementRejection message depends on the
978 RejectReason and the type of rejected message.
979
980
981
982

5 TerminalManagementRejection (catm.004.001.04) Page 57


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

983 5.2 Message Usage


984 The TerminalManagementRejection message contains the following information:
985
TerminalManagementRejection Mult. Rule Cstr Usage
Header [1..1]
DownloadTransfer [1..1] * False
FormatVersion [1..1] * See StatusReport
ExchangeIdentification [0..1] Copy from the request if successfully extracted
CreationDateTime [1..1] See StatusReport
InitiatingParty [0..1] Copy from the request if successfully extracted
Identification [1..1]
Type [0..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RecipientParty [0..1] Copy from the request if successfully extracted, otherwise
absent.
Identification [1..1]
Type [0..1]
Issuer [0..1]
Country [0..1] Appli
ShortName [0..1]
RemoteAccess [0..1] Access information to reach the target host.
Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificateIdentifier [0..*]
ClientCertificate [0..*]
SecurityProfile [0..1]
Reject [1..1]
RejectReason [1..1] High level information allowing the sender to know the class
of error, and to have different processing.
InitiatingParty: Invalid identification data for the sender
InitiatingParty.
InvalidMessage: Invalid envelope message.
MessageType: Type of message the recipient receives is
unknow or unsupported.
ParsingError: Invalid message: At least one of the data
element or data structure is not present, the format, or
the content of one data element or one data structure is
not correct.
ProtocolVersion: Version of the protocol couldn't be
supported by the recipient.
RecipientParty: Invalid identification data for the the
receiver RecipientParty.
Security: Security error (for example an invalid key or an
incorrect MAC value).
UnableToProcess: Not possible to process the message,
for instance the security module is unavailable, the
hardware is unavailable, or there is a problem of
resource.
AdditionalInformation [0..1] Appli Additional information related to the sending of a reject
message in response to a request or an advice.

5 TerminalManagementRejection (catm.004.001.04) Page 58


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

TerminalManagementRejection Mult. Rule Cstr Usage


For logging purpose, in order to allow further analysis,
statistics and deferred processing on the success or the
failure of the request processing.
MessageInError [0..1] Appli Message (without transport header) received by the recipient
which has been rejected and produced this
TerminalManagementRejection message

986

5 TerminalManagementRejection (catm.004.001.04) Page 59


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

987 6 MaintenanceDelegation
988

989 6.1 Introduction


990
991 Depending on use cases, the Master Terminal Manager (MTM) might be operated by an estate owner who
992 may not be responsible for the whole set of parameters. In such a case, part of the parameters could be
993 managed by a delegated Terminal Manager (TM).
994 There are 2 possibilities for the TM to send parameters to the POI
995  The TM may send its parameters to the MTM in order to add it in the next
996 AcceptorConfigurationUpdate managed by the MTM
997  For security or confidentiality reasons, the TM may not send its parameters to the MTM. In such a
998 case, the MTM may control the delegation and exchange with its estate element of information to
999 verify the delegation scope – we will qualify it as Closed Delegation – or may give free access to
1000 the TM – the delegation will then be qualified as Open Delegation
1001
1002 This document will focus on Closed Delegation.
1003
1004 The set of terminals which is targeted by a delegation may be flexible, depending on the use case. Basicaly,
1005 one can have the following situation
1006 1. Targeted Delegation
1007 a. The set of terminals concerned by a delegation is known by the MTM:
1008 A formal definition of the set of terminal targeted by one specific delegation can be handled
1009 on MTM. Then MTM can issue a management plan with information for delegation to this
1010 specific set of terminals. Note that the case where ALL terminals from the MTM are targeted
1011 is a particular case of this use case. Nevertheless, the intention of targeting all terminals
1012 must be clearly expressed to distinguish from the third use case (untargeted delegation).
1013 b. The set of terminals concerned by a delegation is known by the TM:
1014 Creation of terminals concerned by delegation can be done on the TM. The TM must then
1015 create a delegation request with a definition of the terminals POIidentification for which a
1016 delegation is requested. As in the previous case, MTM can originate Management Plan
1017 with information for delegation to the TM.
1018 2. Untargeted Delegation : The set of terminals concerned is unknown at the time of creation of
1019 delegation.
1020 If the set of terminals concerned by delegation is not known by the MTM and TM (see note
1021 1.a), then the Management Plan with instruction for delegation must not be initiated by the
1022 MTM. Then we expect a specific operation to be initiated on the terminal to trigger the
1023 transmission of management Plan including delegation instructions to this terminal.
1024
1025 In order to control, verify or restrict the delegation to a subset of an estate, the solution is mainly based on
1026 three important data elements, which are:
1027
1028  DelegationScopeIdentification: a label identifying the delegation
1029  DelegationScopeDefinition: a container to record all necessary information to control the delegation
1030  DelegationProof (or ProtectedDelegationProof if secured by a CMS structure): a kind of pass to
1031 exchange between actors in order to legitimate the reason of message exchanges.
1032

6 MaintenanceDelegation Page 60
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1033 Even if the internal structure of DelegationScopeDefinition and DelegationProof are not necessary to define
1034 this protocol, their definition is primordial to ensure interoperability of solutions based on this protocol. Then
1035 the definition of these element must be the following ones.
1036 These two elements, defined below, are structured and encoded with the same encoding format of the
1037 exchanged messages.
1038
Element Mult Usage
.
DelegationScopeDefinition
DelegationScopeIdentification [1..1]
DataSet [1..*]
Type [1..1] Allowed values are:
AcquirerParameters,
ApplicationParameters
MerchantParameters
SecurityParameters
TerminalParameters
TMSProtocolParameters
CertificateParameters
Destinations [1..*] To identify the recipient of the parameters. Should be an ApplicationName in
case of ApplicationParameters or a Manufacturer Name in case of
TerminalParameters.
ProviderName [1..1] To identify the issuer of parameters
DataSetElement [0..*]
ParamName [1..1] Identifier that must be understood by receivers identified in the Destinations
ParamType [0..1] Type that must be understood by the receivers identified in the Destinations.
Mainly used for SecurityParameters in order to identify type of the key to
exchange;
ParamPresence [0..1] To mandate or not the presence of a parameter in a delegated configuration
ParamValue [0..1] To set the value of an identifier

1039
Element Mult. Usage
DelegationProof
TMIdentification [1..1] Identifier of the TM given by the MTM
POISubset [0..*] Identification of a group of POI shared by the TM and the MTM
DelegationType [1..1] Allowed values are
Create
Delete
Update
StartDate [0..1] Activation date of the delegation
Default is the reception date
EndDate [0..1] Expiry date of the delegation
If absent there is no expiry date
DelegationScopeIdentification [1..1]
DigestOfDelegationScopeDefinition [1..1]
Algorithm [1..1] Allowed values are
SHA256,
SHA384
SHA512
Digest [1..1]
MaintenanceTimeSlot [0..*]
StartTime [1..1] ISOTime
Duration [1..1] ISOTime

1040
1041

6 MaintenanceDelegation Page 61
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1042 6.2 Delegation actors


1043 This chapter lists all the stakeholders for the POI configuration which may interact with the
1044 parameters setting or usage
1045
1046 Terminal manufacturer : in charge with Terminal production. For this purpose it may be
1047 concerned by the initial keys introduction and by TerminalParameters
1048
1049 Terminal supplier : put the terminal in the field, operate it in the fied, maintain the terminal. It may
1050 be the more concerned user of TMS solution for setting the parameters.
1051
1052 Terminal owner (estate owner) : the one who may want to have the MTM for controlling its
1053 estate and broadcasting the parameters
1054
1055 Repair center/ call center : need to know what is running in the terminal . It has the same
1056 concerns as a Teminal supplier
1057
1058 Application developper : deal with the parameters to be received from all parties – and
1059 specifically the ones agreed with the acquirers or standardization (such as OSCar) for the
1060 Application Parameters
1061
1062 Acquirers : is originator of most of the parameters managed by the application for the business
1063 part of it
1064 Loyalties provider : originator of the application parameter needed by a loyalty application. It can
1065 be assimilated to an acquirer
1066
1067 Merchant : is originator of the MerchantParameter, and may have some prerogative on some of
1068 the others parameters
1069
1070
1071 Intermediate agent (processor) : management of some of the parameters on behalf of the
1072 acquirer (PIN encryption, communication)
1073 Service provider : create and operate certificates used for transport, be aware of POI managed
1074 (white lists)
1075
1076 POI terminal : receives all parameters related to its activity, checks delegation
1077
1078 Concentrator (POI server) : receives all parameters related to all equipments under its
1079 responsibility in a retail solution and dispatches parameters when needed to individual equipment
1080
1081 Scheme (issuer) : under the responsibility of acquirer => not to be part of TMS actors
1082
1083
1084
1085

6 MaintenanceDelegation Page 62
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1086 6.3 Delegation use cases


1087
1088 The following use cases will be devoted to use cases where a delegated TM doesn’t provide the MTM with
1089 its parameters. Otherwise, the ParameterDataSet of the MaintenanceDelegationRequest must embed all
1090 the parameters coming from the TM.
1091

1092 6.3.1 POI Identifications


1093 A POI terminal has 3 types of identifications:
1094 The identification of the terminal for the Merchant.
1095 This is useful when the shop of the merchant has several POI terminals, clustered or not, to
1096 identify the POI terminal for the Sale system.
1097 The identification of the terminal for the Acquirer.
1098 This is used when the Acquirer want to manage the POI terminal on its side. The Acquirer may
1099 choose to use the identification of the Merchant.
1100 There is potentially one identifier per Acquirer.
1101 For standalone terminals, which are unique at the acceptor side, the identification is always 1.
1102 For e-commerce, there is only one identifier.
1103 The identification of the terminal for TMS. This is useful when the shop of the merchant has several
1104 POI terminals to identify the POI terminal for the Sale system.

MTM

TMS
Identification

irer Acquirer A
Acqu ion
Merchant t if ic at
Sale POI Iden
System Identification Terminal
Acq
uire
Iden r
tific
atio Acquirer B
n

1105
1106 Figure 5 One POI multiple Identifications
1107

1108 6.3.2 Setup of Delegation


1109
1110 Before exchanging MaintenanceDelegationRequest and MaintenanceDelegationResponse, some actors
1111 have to agree on definition of some elements.
1112
1113 The acquirer and the estate owner must agree on the following elements:
1114  On the couple (MTMIdentification, TMIdentification). As explained before, a TM or a MTM must
1115 be able to identify a delegation from these values. Then this couple of values must uniquely
1116 identify a TM from the MTM point of view, but also a MTM from a TM point of view.
1117  On the DelegationScopeIdentification
1118  On the list of DataSet to delegate
1119  On the POISubset
1120  On the timeslot available for the TM management plan.
1121  On the need or not to protect Delegation information and how to exchange CA root keys.
1122

6 MaintenanceDelegation Page 63
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1123 The merchant may have to subscribe a contract with the acquirer. During this subscription the following
1124 element may be exchanged.
1125  Identification of the Terminal Estate Manager. Then the acquirer is able to check if it could reuse
1126 an existing delegation or if a new one has to be setup with the Terminal Estate Manager.
1127  Identification of the POIID and/or POISubset. To allow the acquirer to control the broadcast of its
1128 parameter and acess to its services.
1129

1130 6.3.3 Stopping a Delegation


1131
1132 A delegation may be stopped by a MTM or a TM, but it should be stop by a TM. In this case, it should
1133 Delete all its parameters and management plan inside POI (terminal or system) and then should send a
1134 MaintenanceDelegationRequest with a DelegationType set to DELETE to the MTM.
1135
1136

6 MaintenanceDelegation Page 64
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1137 6.3.4 General rules for Delegation


1138
1139 Rule 1: A POI Terminal must belong to one and only one MTM (i.e. to one terminal estate
1140 only).
1141
1142 Rule 2: TM identifications (i.e. TMIdentification values) used during the delegation must be
1143 agreements between the MTM and the TM.
1144 The TMIdentification value is assigned by the MTM before any delegation process.
1145 The TMIdentification respects the unicity of the TM identifications at the POI, and at
1146 the MTM.
1147 The MTM must verify the TMIdentification is not assigned to another delegated TM of
1148 the terminal estate.
1149 The TM has to verify that the same TMIdentification is not assigned by two different
1150 MTM, for those he get delegations.
1151
1152 Rule 3: A POI Terminal must keep the same identification, whatever the TM (i.e. the delegated
1153 TM uses the POIdentification value defined by the MTM).
1154 The unicity of the POIdentification at the TM must be ensured, using the TM
1155 identification coupled with the POIIdentification.
1156
1157 For instance, in the drawing below, there are 2 terminal estates sharing the same delegated TM:
1158 Both MTM have the identification 1
1159 POI Terminal, identified by 1, keeps the same POI identification for the shared TM.
1160 The shared delegated TM has a different identification for the 2 MTM.

Terminal Estate A Terminal Estate B

MTM A MTM B
TMid 1 TMid 1
TM 1 TM 1
TM 2 TM 3

TMA TMB
TMid 2 TMid 3
TM 1 TM 1
POI 1 POI 1
TM 2 TM 3
POI POI 1 POI 1 POI
Terminal Terminal
POIid 1 POIid 1
1161
1162
1163 Corollary 3-1: The TMSPOIIdentification must be unique inside the MTM realm
1164
1165

6 MaintenanceDelegation Page 65
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1166 Rule 4: A given delegation is performed on a subset of the POI terminals belonging to the
1167 MTM.
1168 This subset is delimited and controlled by the MTM.
1169 This subset can be negotiated between the MTM and the TM that will perform the
1170 maintenance delegation.
1171 This subset can also be determined by some feature of the POI as the application.
1172
1173 The MTM control any delegation by allowing the creation, the update, or the removal of a delegation, with
1174 a specific action on the management plan of a POI:
1175 The MTM provides in the action the delegation proof in DelegationProof or ProtectedDelegationProof.
1176 This delegation proof must contain both the POIdentification and TMIdentification, with other elements
1177 related to the scope of the delegation.
1178 The POI forwards the delegation proof in the first Status Report to the delegated TM. The delegated TM
1179 is then able to verify that the POI belongs to the delegation subset.
1180

1181 6.3.5 Rules for Key Download Delegation


1182
1183 Rule 1: The scope of the key exchange delegation must contain the identification of the keys
1184 to download.
1185 The identification of the keys to download must be defined in agreement with the
1186 MTM, with applications, or with protocols’ type to used.
1187 The identification of the keys to download may be a prefix of the identification.
1188 The identifications of the keys to download may be updated by a delegation update.
1189
1190 In case of OpenDelegation, the TM is free to exchange any key, and collision in key identification could
1191 occur. In CloseDelegation TM may exchange key if and only if SecurityParameters is defined in
1192 DelegationScopeDefinition. In this latter case, collision shouldn’t occur since the name of keys must be
1193 present in DelegationScopeDefinition in section paramName.
1194
1195
1196

6 MaintenanceDelegation Page 66
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1197 6.3.6 Create a Key Download Delegation


1198 The process to create a delegation of the key download is summarised in the message flow below.
POI MTM TM
Delegation Negotiation

nRequest
MaintenanceDelegatio

MaintenanceDe
StatusReport leg ationResponse

delegation action
ManagementPlanReplacement
delegation action StatusReport

acement
ManagementPlanRepl

1199
1200 The TM and the MTM negotiate the identification of the TM, the subset of the POI, and the identification
1201 of the keys.
1202
1203 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1204  The TM identification provided by the MTM.
1205  DelegationType = Create
1206  MaintenanceService = KeyDownload
1207  TMRemoteAccess = TM Host address
1208  DelegationScopeIdentification (useful to identify the delegated maintenance function)
1209  SymmetricKey = the identification of the keys for which the management is delegated.
1210 The identification of the keys must be included in the DelegationScopeDefinition.
1211 Certificate, if necessary for digital signature
1212
1213 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1214 Response = Approved/Declined.
1215 A copy of the following data element received in the request:
1216  DelegationType,
1217  MaintenanceService,
1218  DelegationScopeIdentification
1219
1220 In the following management plan of the subset of POI terminals part of the delegation, the MTM sends a
1221 ManagementPlanReplacement to the POI containing an Action using:
1222  Type = Download
1223  RemoteAccess = TM Host address where to send a StatusReport and get the management plan
1224 of the delegated TM.
1225  ComponentType = SecurityParameters (in the StatusReport)
1226  DelegationScopeIdentification
1227  DelegationScopeDefinition containing:
1228  The identification of the keys to manage
1229  ProtectedDelegationProof containing:
1230  The POI identification for the MTM.
1231  The TM identification provided by the MTM.
1232  Delegation type: Create

6 MaintenanceDelegation Page 67
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1233  MaintenanceService = KeyManagement


1234  DelegationScopeDefinition
1235  A digital signature of the proof
1236
1237 The POI receives the management plan with the delegation action:
1238 The POI stores the delegated action if the digital signature is valid.
1239 The POI performs the action, sending a StatusReport to the RemoteAccess using:
1240  The same POI identification as the MTM POIIdentification
1241  The identification of the TM in TerminalManagerIdentification
1242  The ProtectedDelegationProof received in the delegation action.
1243  A protection with a digital signature.
1244
1245 The delegated TM receives the StatusReport of the POI:
1246  Validates the delegation proof,
1247  May verify that the POI is part of the POI subset which has been delegated.
1248
1249

6 MaintenanceDelegation Page 68
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1250 Then the POI:


1251  Receives the management plan of the TM, which is managed independently from the
1252 MTM management plan.
1253  Exchanges the keys identified in the scope of the delegation: the POI has to verify that
1254 the keys belong to this scope.
1255

1256 6.3.7 Update a Key Download Delegation


1257 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1258  DelegationType = Update
1259  The same MaintenanceService, DelegationScopeIdentification,
1260  The updated DelegationScopeDefinition.
1261
1262 The MTM sends a ManagementPlanReplacement to the POIs containing an Action using:
1263  Type = Update
1264  The same ComponentType, DelegationScopeIdentification
1265  The updated DelegationScopeDefinition.
1266  An updated ProtectedDelegationProof, containing
1267  The POI identification for the MTM.
1268  The TM identification provided by the MTM.
1269  Delegation type: Update
1270  MaintenanceService = KeyManagement
1271  The updated DelegationScopeDefinition
1272  A digital signature of the proof
1273
1274 The POI receives the management plan with the delegation action.
1275 The POI updates the delegated action if the digital signature is valid.
1276
1277 When the delegated TM receives the StatusReport of the POI:
1278  Validates the delegation proof,
1279  May verify that the POI is part of the POI subset which has been delegated.
1280

6 MaintenanceDelegation Page 69
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1281 6.3.8 Remove a Key Download Delegation


1282 The MTM decides to remove the delegation, or:
1283 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1284  DelegationType = Delete
1285  The same DelegationScopeIdentification,
1286
1287 The MTM sends a ManagementPlanReplacement to the POIs containing an Action using:
1288  Type = Delete
1289  The same ComponentType, DelegationScopeIdentification
1290
1291 The POI receives the management plan with the delegation action, and removes:
1292  The keys managed by the delegated TM,
1293  The delegated TM management plan,
1294  The delegation.
1295
1296

6 MaintenanceDelegation Page 70
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1297 6.3.9 Rules for Parameters Download Delegation


1298
1299 Rule 1: The delegation scope of the parameter exchange must contain the identification of the
1300 parameters to download.
1301 The identification of theparameters to download must be defined in agreement with
1302 the MTM, with applications, or with protocols’ type to used.
1303 The identification of the parameters to download may be a prefix of the identification.
1304 The identifications of the parameters to download may be updated by a delegation
1305 update.
1306
1307 Rule 2: Management rules to ensure consistency of global set of parameters are defined at
1308 application level
1309
1310 Rule 3: For application parameters delegation, acquirer identification must be present in the
1311 delegation scope
1312
1313 Corollary 3-1: Even if a TM manages multiple acquirers, TM must request to MTM one Delegation
1314 per Acquirer
1315
1316 Rule 4: Delegation for ApplicationParameters is only possible when
1317 AcquirerProtocolParameters is also delegated to the TM.
1318
1319 Note: When the MTM sends a management plan for a delegated TM, it may contain calls to
1320 status report for both the delegated TM and the MTM.
1321

1322 6.3.10 Create a Parameters Download Delegation


1323
1324 The process to create a delegation of the Parameters download is summarised in the message flow
1325 below.
POI MTM TM
Delegation Negotiation

nRequest
MaintenanceDelegatio

Maintenance
StatusReport DelegationR
espo nse
delegation action
ManagementPlanReplacement
delegation action StatusReport

acement
ManagementPlanRepl

1326
1327 The TM and the MTM negotiate the identification of the TM, the subset of the POI, and the identification
1328 of the parameters.
1329
1330 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1331  The TM identification provided by the MTM.
1332  DelegationType = Create

6 MaintenanceDelegation Page 71
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1333  MaintenanceService : one or more occurrences in (AcquirerProtocolParameters,


1334 ApplicationParameters, ApplicationParametersSubsetCreation, MerchantParameters,
1335 TerminalParameters, CertificateParameters)
1336  TMRemoteAccess = TM Host address
1337  DelegationScopeIdentification to identify the delegated maintenance function
1338 The identification of the parameters may be included in the DelegationScopeDefinition. In case of
1339 OpenDelegation , the delegation applies to any parameters of the delegated services.
1340  Certificate, if necessary for digital signature
1341
1342 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1343  Response = Approved/Declined.
1344  A copy of the following data element received in the request:
1345  DelegationType,
1346  MaintenanceService,
1347  DelegationScopeIdentification
1348
1349 In the following management plan of the subset of POI terminals part of the delegation, the MTM sends a
1350 ManagementPlanReplacement to the POI containing an Action using:
1351  Type = Download
1352  RemoteAccess = TM Host address where to send a StatusReport and get the
1353 management plan of the delegated TM.
1354  ComponentType must be consistant with
1355 MaintenanceDelegationRequest.MaintenanceService
1356  DelegationScopeIdentification
1357  DelegationScopeDefinition containing:
1358  The identification of the parameters to manage
1359  ProtectedDelegationProof containing:
1360  The POI identification for the MTM.
1361  The TM identification provided by the MTM.
1362  Delegation type: Create
1363  MaintenanceService =applicationParameters
1364  DelegationScopeDefinition
1365  A digital signature of the proof
1366
1367 The POI receives the management plan with the delegation action:
1368 The POI stores the delegated action if the digital signature is valid.
1369 The POI performs the action, sending a StatusReport to the RemoteAccess using:
1370  The same POI identification as the MTM POIIdentification
1371  The identification of the TM in TerminalManagerIdentification
1372  The ProtectedDelegationProof received in the delegation action.
1373  A protection with a digital signature.
1374
1375 The delegated TM receives the StatusReport of the POI:
1376  Validates the delegation proof,
1377  May verify that the POI is part of the POI subset which has been delegated.
1378
1379

6 MaintenanceDelegation Page 72
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1380 Then the POI:


1381  Receives the management plan of the TM, which is managed independently from the
1382 MTM management plan.
1383  Exchanges the parameters identified in the scope of the delegation: the POI has to verify
1384 that the parameters belong to this scope.
1385

1386 6.3.11 Update of Parameter Download Delegation


1387 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1388  DelegationType = Update
1389  The same DelegationScopeIdentification,
1390  MaintenanceService with one or more occurrences (AcquirerProtocolParameters,
1391 ApplicationParameters, ApplicationParametersSubsetCreation, MerchantParameters,
1392 TerminalParameters, CertificateParameters)
1393  The updated DelegationScopeDefinition.
1394
1395 The MTM sends a ManagementPlanReplacement to the POIs containing an Action using:
1396  Type = Update
1397  The same ComponentType, DelegationScopeIdentification
1398  The updated DelegationScopeDefinition.
1399  DataSet with one or more occurrences (AcquirerProtocolParameters,
1400 ApplicationParameters, ApplicationParametersSubsetCreation,
1401 MerchantParameters, TerminalParameters, CertificateParameters)
1402  An updated ProtectedDelegationProof, containing
1403  The POI identification for the MTM.
1404  The TM identification provided by the MTM.
1405  Delegation type: Update
1406  The updated DelegationScopeDefinition
1407  A digital signature of the proof
1408
1409 The POI receives the management plan with the delegation action:
1410 The POI updates the delegated action if the digital signature is valid.
1411
1412 When the delegated TM receives the StatusReport of the POI:
1413  Validates the delegation proof,
1414  May verify that the POI is part of the POI subset which has been delegated
1415

1416 6.3.12 Remove of Parameter Download Delegation


1417 The MTM decides to remove the delegation, or:
1418 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1419  DelegationType = Delete
1420  The same DelegationScopeIdentification,
1421
1422 The MTM sends a ManagementPlanReplacement to the POIs containing an Action using:
1423  Type = Delete
1424  The same ComponentType, DelegationScopeIdentification

6 MaintenanceDelegation Page 73
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1425
1426 The POI receives the management plan with the delegation action, and removes:
1427  The parameters managed by the delegated TM,
1428  The delegated TM management plan,
1429  The delegation.
1430

1431 6.4 Delegation examples


1432

1433 6.4.1 Example: AcquirerParameters Download Delegation


1434
1435 This example describes a successful delegation for one specific acquirer through one TM.
1436 The process to create a delegation of the AcquirerProtocolParameters download is summarised in the
1437 message flow below.
POI MTM TM
Delegation Negotiation

nRequest
MaintenanceDelegatio

MaintenanceDelegationR
StatusReport esponse

delegation action
ManagementPlanReplacement
delegation action StatusReport

ManagementPlanReplacement

1438
1439
1440 Assumptions:
1441  Security trailer is configured for any messages
1442  The TM is able to check the POI certificate that is used to sign messages
1443
1444 Workflow:
1445
1446 The TM sends first a MaintenanceDelegationRequest to the MTM containing:
1447  The TM identification provided by the MTM.
1448  The POISubset contains the POI Identification assigned by the MTM (if known by the TM)
1449  DelegationType = Create
1450  MaintenanceService : contains “AcquirerProtocolParameters”
1451  TMRemoteAccess = TM Host address
1452  AcquirerProtocolParameters.Acquirerdentification.Identification for a given Acquirer.
1453  Version may contain the version of Acquirer protocol parameters, since the version is not relevant
1454 any dummy value can be sent
1455
1456 Certificate of the TM for digital signature is verified by the MTM
1457

6 MaintenanceDelegation Page 74
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1458
1459 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1460  Response = Approved
1461  A copy of the following data element received in the request:
1462  DelegationType,
1463  MaintenanceService,
1464
1465 Certificate of the MTM for digital signature is verified by the TM
1466 In the following management plan for the POI, the MTM sends a ManagementPlanReplacement to the
1467 POI containing an Action using:
1468  Type = Download
1469  RemoteAccess = TM Host address where to send a StatusReport and get the
1470 management plan of the delegated TM.
1471  ComponentType = ManagementPlan
1472  A DelegationProof protected or not containing:
1473  The TM identification provided by the MTM.
1474  Delegation type: Create
1475  MaintenanceService =AcquirerProtocolParameters
1476  AcquirerProtocolParameters.Acquirerdentification.Identification
1477  A digital signature of the proof generated by the MTM (optional)
1478
1479 The POI receives the management plan with the delegation action:
1480 The POI stores the delegated action if the digital signature is valid.
1481 The POI performs the action, sending a StatusReport to the RemoteAccess using:
1482  The same POI identification as the MTM POIIdentification
1483  The identification of the TM in TerminalManagerIdentification
1484  The DelegationProof protected or not received in the delegation action.
1485  A protection with a digital signature of the MTM (if present)
1486
1487 The delegated TM receives the StatusReport of the POI:
1488  Validates the signature of the message using the POI certificate
1489  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1490 MaintenanceDelegationRequest.
1491  Validates the delegation proof,
1492
1493 Then the POI:
1494  Receives the management plan of the TM, which is managed independently from the MTM
1495 management plan.
1496  Exchanges the AcquirerProtocolParameters (e.g. the host address for the acquirer).
1497

6 MaintenanceDelegation Page 75
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1498 6.4.2 Example: ApplicationParameters Download Delegation


1499
1500 This example describes a successful delegation for two acquirers through two TM.
1501 The process to create a delegation of the ApplicationParameters download is summarised in the
1502 message flow below.

POI MTM TM1 TM2


Delegation Negotiation 1

nRequest
MaintenanceDelegatio

MaintenanceDelegationRe
sponse

Delegation Negotiation 2

t
delegation action MaintenanceDelegationReques

MaintenanceDelegationRe
sponse
StatusReport

ent
ManagementPlanReplacem

StatusReport
delegation action

acement
ManagementPlanRepl

StatusReport
delegation action

ManagementPlanReplacement

1503
1504
1505
1506 Assumptions:
1507  Security trailer is configured for any messages
1508  Both TM are able to check the relevant POI certificate
1509
1510
1511 Workflow:
1512
1513 The TM1 sends a MaintenanceDelegationRequest to the MTM containing:
1514  The TM1 identification provided by the MTM.
1515  The POISubset contains the POI Identification assigned by the MTM (if known by TM1)
1516  DelegationType = Create
1517  MaintenanceService : contains “ApplicationParametersSubsetCreation”
1518  TMRemoteAccess = TM1 Host address
1519  DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘TM1 set of
1520 tables’)

6 MaintenanceDelegation Page 76
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1521  The identification of the parameters is included in the DelegationScopeDefinition. e.g. Table1,
1522 Table2, Table6)
1523
1524 Certificate of the TM1 for digital signature is verified by the MTM
1525
1526 Then the MTM sends a MaintenanceDelegationResponse to the TM1 containing:
1527  Response = Approved
1528  A copy of the following data element received in the request:
1529  DelegationType,
1530  MaintenanceService,
1531  DelegationScopeIdentification
1532  DelegationScopeDefinition
1533
1534 Certificate of the MTM for digital signature is verified by the TM1
1535
1536 The TM2 sends a MaintenanceDelegationRequest to the MTM containing:
1537  The TM2 identification provided by the MTM.
1538  The POISubset contains the POI Identification assigned by the MTM (if known by TM2)
1539  DelegationType = Create
1540  MaintenanceService : contains “ApplicationParametersSubsetCreation”
1541  TMRemoteAccess = TM2 Host address
1542  DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘TM2 set of
1543 tables’)
1544  The identification of the parameters is included in the DelegationScopeDefinition. e.g. Table1,
1545 Table2, Table6)
1546
1547 Certificate of the TM2 for digital signature is verified by the MTM
1548
1549 Then the MTM sends a MaintenanceDelegationResponse to the TM2 containing:
1550  Response = Approved
1551  A copy of the following data element received in the request:
1552  DelegationType,
1553  MaintenanceService,
1554  DelegationScopeIdentification
1555  DelegationScopeDefinition
1556
1557 Certificate of the MTM for digital signature is verified by the TM2
1558
1559
1560
1561
1562 In the following management plan for the POI, the MTM sends a ManagementPlanReplacement to the
1563 POI containing two Action using:
1564  Action 1
1565  Type = Download
1566  RemoteAccess = TM1 Host address where to send a StatusReport and get the management
1567 plan of the delegated TM1.

6 MaintenanceDelegation Page 77
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1568  ComponentType = ManagementPlan


1569  A DelegationProof protected or not containing:
1570  The TM1 identification provided by the MTM.
1571  Delegation type: Create
1572  MaintenanceService = ApplicationParametersSubsetCreation
1573  AcquirerProtocolParameters.Acquirerdentification.Identification= Acquirer1
1574  DelegationScopeDefinition
1575  A digital signature of the proof generated by the MTM (optional)
1576
1577  Action 2
1578  Type = Download
1579  RemoteAccess = TM2 Host address where to send a StatusReport and get the management
1580 plan of the delegated TM2.
1581  ComponentType = ManagementPlan
1582  A DelegationProof protected or not containing:
1583  The TM2 identification provided by the MTM.
1584  Delegation type: Create
1585  MaintenanceService = ApplicationParametersSubsetCreation
1586  AcquirerProtocolParameters.Acquirerdentification.Identification= Acquirer1
1587  DelegationScopeDefinition
1588  A digital signature of the proof generated by the MTM (optional)
1589
1590
1591 The POI receives the management plan with the delegation actions.
1592 The POI stores the delegated actions if the digital signature is valid.
1593
1594 Exchange between POI and TM1
1595 The POI performs action1, sending a StatusReport to the RemoteAccess of TM1 using:
1596  The same POI identification as the MTM POIIdentification
1597  The identification of the TM1 in TerminalManagerIdentification
1598  The DelegationProof received in the delegation action1.
1599  A protection with a digital signature of the MTM (if present)
1600
1601 TM1 receives the StatusReport of the POI:
1602  Validates the signature of the message using the POI certificate
1603  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1604 MaintenanceDelegationRequest.
1605  Validates the delegation proof,
1606
1607 Then the POI:
1608  Receives the management plan of the TM1, which is managed independently from the MTM
1609 management plan.
1610  Exchanges the ApplicationParameters.
1611
1612 Exchange between POI and TM2
1613 The POI performs action2, sending a StatusReport to the RemoteAccess of TM2 using:

6 MaintenanceDelegation Page 78
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1614  The same POI identification as the MTM POIIdentification


1615  The identification of the TM2 in TerminalManagerIdentification
1616  The DelegationProof received in the delegation action2.
1617  A protection with a digital signature of the MTM (if present)
1618
1619 TM2 receives the StatusReport of the POI:
1620  Validates the signature of the message using the POI certificate
1621  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1622 MaintenanceDelegationRequest.
1623  Validates the delegation proof,
1624
1625 Then the POI:
1626  Receives the management plan of the TM2, which is managed independently from the MTM
1627 management plan.
1628  Exchanges the ApplicationParameters.
1629
1630

6 MaintenanceDelegation Page 79
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1631

1632 6.4.3 Example: Untargeted Delegation


1633
1634 This example describes a successful delegation for a specific POI through one TM.
1635 In this example the POI may not yet known by the TM
1636 Delegation is initiated by the POI operator.
1637 The process to create a delegation of the parameters download is summarised in the sequence diagram
1638 below.

Operator POI 1 POI 2 MTM TM1


Nominal StatusReport
case before
delegation ManagementPlanReplacement

StatusReport

ment
ManagementPlanReplace
quest
MaintenanceDelegationRe

MaintenanceDeleg
ationResponse
(delegationScopeId
entification)
Initiated StatusReport
periodically
after ent
delegation ManagementPlanReplacem

Set(Name=DelegationSc
Manually opeIdentification) StatusReport (DatasetRequired/
after IdentificationName)
delegation
ent(AcquirerProtocol
ManagementPlanReplacem Parameters) TM1 accepts
StatusReport
or not POI 1

ent
ManagementPlanReplacem

StatusReport

ment
ManagementPlanReplace
1639
1640
1641
1642
1643 Assumptions:
1644  Security trailer is configured for all messages
1645  The TM is able to check the POI certificate
1646  DelegationScopeIdentification is defined and known by all the parties prior to any message
1647 exchange
1648
1649 Workflow:
1650
1651 The TM sends a MaintenanceDelegationRequest to the MTM containing:
1652  The TM identification provided by the MTM.
1653  DelegationType = Create

6 MaintenanceDelegation Page 80
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1654  MaintenanceService : contains “ApplicationParametersSubsetCreation”


1655  TMRemoteAccess = TM Host address
1656  DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘TM set of
1657 tables’)
1658  PartialDelegation = True and POISubset is absent
1659
1660 Digital signature and Certificate of the TM for digital signature are verified by the MTM
1661
1662 Then the MTM sends a MaintenanceDelegationResponse to the TM containing:
1663  Response = Approved
1664  A copy of the following data element received in the request:
1665  DelegationType,
1666  MaintenanceService,
1667  DelegationScopeIdentification
1668  DelegationScopeDefinition
1669
1670 Digital signature and Certificate of the MTM for digital signature are verified by the TM
1671
1672 To be granted access to the delegated services, the POI sends a StatusReport to the MTM using:
1673  DataSetRequired.Identification.Name = DelegationScopeIdentification (entered by the operator)
1674  DataSetRequired.Identification.Type = ManagementPlan
1675
1676 According to its estate management policy, the MTM may either:
1677  Grant the access to the services with a following additional management plan for the POI,
1678 sending a ManagementPlanReplacement to the POI containing an Action using:
1679  Type = Download
1680  RemoteAccess = TM Host address where to send a StatusReport and get the management
1681 plan of the delegated TM.
1682  ComponentType = ManagementPlan
1683  TerminalManagerIdentification = TMIDentification provided by MTM
1684  A DelegationProof protected or not containing:
1685  The TM identification provided by the MTM.
1686  Delegation type: Create
1687  MaintenanceService = ApplicationParametersSubsetCreation
1688  AcquirerProtocolParameters.Acquirerdentification.Identification= Acquirer1
1689  DelegationScopeDefinition
1690  A digital signature of the proof generated by the MTM (optional)
1691  Decline the access to the services with a following additional management plan for the POI,
1692 sending an empty ManagementPlanReplacement to the POI:
1693
1694 The POI receives the management plan with the delegation actions:
1695 The POI stores the delegated actions if the digital signature is valid.
1696
1697 Exchange between POI and TM
1698 The POI performs action1, sending a StatusReport to the RemoteAccess of TM using:
1699  The same POI identification as the MTM POIIdentification
1700  The identification of the TM in TerminalManagerIdentification

6 MaintenanceDelegation Page 81
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1701  The DelegationProof received in the delegation action.


1702  A protection with a digital signature of the MTM (if present)
1703
1704 TM receives the StatusReport of the POI:
1705  Validates the signature of the message using the POI certificate
1706  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1707 MaintenanceDelegationRequest,
1708  Validates the delegation proof.
1709
1710 Then the POI:
1711  Receives the management plan of the TM, which is managed independently from the MTM
1712 management plan.
1713  Exchanges the parameters identified in the scope of the delegation: the POI has to verify that the
1714 parameters belong to this scope.
1715

6 MaintenanceDelegation Page 82
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1716

1717 6.4.4 Distributed Delegation


1718
1719 In this example the MTM shares its estate between two TM according to specific criteria (acquiring bank,
1720 geographic area, type of merchant …)
1721
POI
POI subset
subset 22 POI
POI subset
subset 11 MTM
MTM TM1
TM1 TM2
TM2
Delegation Negotiation 1

ationRequest
MaintenanceDeleg

MaintenanceDelegationRe
sponse

Delegation Negotiation 2

t
delegation action MaintenanceDelegationReques

MaintenanceDelegationResp
onse
StatusReport

delegation action
lace ment
StatusReport ManagementPlanRep

delegation action
placement
ManagementPlanRe

StatusReport

ement
ManagementPlanReplac

StatusReport

ManagementPlanReplacement

1722
1723
1724
1725 Assumptions:
1726  Security trailer is configured for any messages
1727  Both TM are able to check the relevant POI certificate
1728  The MTM defines two POISubstets and knows which POI belongs to each of the subset
1729
1730 Workflow:
1731
1732 The TM1 sends a MaintenanceDelegationRequest to the MTM containing:
1733  The TM1 identification provided by the MTM.
1734  The POISubset contains the POISubset Identifier assigned by the MTM and known by TM1
1735  DelegationType = Create
1736  MaintenanceService : contains “ApplicationParameters”
1737  TMRemoteAccess = TM1 Host address
1738  DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘POISubset1
1739 application parameters’)

6 MaintenanceDelegation Page 83
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1740
1741 Certificate of the TM1 for digital signature is verified by the MTM
1742
1743 Then the MTM sends a MaintenanceDelegationResponse to the TM1 containing:
1744  Response = Approved
1745  A copy of the following data element received in the request:
1746  DelegationType,
1747  MaintenanceService,
1748  DelegationScopeIdentification
1749  DelegationScopeDefinition
1750
1751 Certificate of the MTM for digital signature is verified by the TM1
1752
1753 The TM2 sends a MaintenanceDelegationRequest to the MTM containing:
1754  The TM2 identification provided by the MTM.
1755  The POISubset contains the POI Identification assigned by the MTM (if known by TM2)
1756  DelegationType = Create
1757  MaintenanceService : contains “ApplicationParameters”
1758  TMRemoteAccess = TM2 Host address
1759  DelegationScopeIdentification to identify the delegated maintenance function (e.g. ‘POISubset2
1760 application parameters’)
1761
1762 Certificate of the TM2 for digital signature is verified by the MTM
1763
1764 Then the MTM sends a MaintenanceDelegationResponse to the TM2 containing:
1765  Response = Approved
1766  A copy of the following data element received in the request:
1767  DelegationType,
1768  MaintenanceService,
1769  DelegationScopeIdentification
1770  DelegationScopeDefinition
1771
1772 Certificate of the MTM for digital signature is verified by the TM2
1773
1774 In the following management plan for each of the POI belonging to POISubset1, the MTM sends a
1775 ManagementPlanReplacement to the POI containing one Action using: :
1776
1777  Type = Download
1778  RemoteAccess = TM1 Host address where to send a StatusReport and get the management
1779 plan of the delegated TM1.
1780  ComponentType = ManagementPlan
1781  A DelegationProof protected or not containing:
1782  The TM1 identification provided by the MTM.
1783  Delegation type: Create
1784  POISubset Identification
1785  MaintenanceService = ApplicationParameters

6 MaintenanceDelegation Page 84
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1786  DelegationScopeDefinition
1787  A digital signature of the proof generated by the MTM (optional)
1788
1789 The POI receives the management plan with the delegation actions.
1790 The POI stores the delegated actions if the digital signature is valid.
1791
1792 In the following management plan for each of the POI belonging to POISubset2, the MTM sends a
1793 ManagementPlanReplacement to the POI containing one Action using: :
1794
1795  Type = Download
1796  RemoteAccess = TM2 Host address where to send a StatusReport and get the management plan
1797 of the delegated TM2.
1798  ComponentType = ManagementPlan
1799  A DelegationProof protected or not containing:
1800  The TM2 identification provided by the MTM.
1801  Delegation type: Create
1802  POISubset Identification
1803  MaintenanceService = ApplicationParameters
1804  DelegationScopeDefinition
1805  A digital signature of the proof generated by the MTM (optional)
1806
1807 The POI receives the management plan with the delegation actions.
1808 The POI stores the delegated actions if the digital signature is valid.
1809
1810
1811
1812 Exchange between POI and TM1
1813 The POI performs action1, sending a StatusReport to the RemoteAccess of TM1 using:
1814
1815  The same POI identification as the MTM POIIdentification
1816  The identification of the TM1 in TerminalManagerIdentification
1817  The DelegationProof received in the delegation action1.
1818  A protection with a digital signature of the MTM (if present)
1819
1820 TM1 receives the StatusReport of the POI:
1821  Validates the signature of the message using the POI certificate
1822  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1823 MaintenanceDelegationRequest. or validates the POISubset contains in the delegation proof
1824  Validates the delegation proof,
1825
1826 Then the POI:
1827  Receives the management plan of the TM1, which is managed independently from the MTM
1828 management plan.
1829  Exchanges the ApplicationParameters.
1830
1831 Exchange between POI and TM2

6 MaintenanceDelegation Page 85
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1832 The POI performs action2, sending a StatusReport to the RemoteAccess of TM2 using:
1833  The same POI identification as the MTM POIIdentification
1834  The identification of the TM2 in TerminalManagerIdentification
1835  The DelegationProof received in the delegation action2.
1836  A protection with a digital signature of the MTM (if present)
1837
1838 TM2 receives the StatusReport of the POI:
1839  Validates the signature of the message using the POI certificate
1840  May verify that StatusReport.POIIdentification is part of the POI subset sent in the
1841 MaintenanceDelegationRequest.or validates the POISubset contains in the delegation proof
1842  Validates the delegation proof,
1843
1844 Then the POI:
1845  Receives the management plan of the TM2, which is managed independently from the MTM
1846 management plan.
1847  Exchanges the ApplicationParameters.
1848
1849

6 MaintenanceDelegation Page 86
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1850

1851 6.5 Delegated services and corresponding configuration message components


1852
1853 The table below indicates the message components which can be downloaded by a TM for each of the
1854 delegated service
1855
Delegated Maintenance Message components usable
service
AcquirerProtocolParameters AcceptorConfigurationUpdate.Dataset.Content.Acquirer-
ProtocolParameters
ApplicationParameters AcceptorConfigurationUpdate.Dataset.Content.Application-
Parameters
ApplicationParametersSubset AcceptorConfigurationUpdate.Dataset.Content.Application-
Creation Parameters
KeyDownload AcceptorConfigurationUpdate.Dataset.Content.Security-
Parameters
KeyManagement AcceptorConfigurationUpdate.Dataset.Content.Security-
Parameters
Reporting None
SoftwareModule None
TMSProtocolParameters AcceptorConfigurationUpdate.Dataset.Content.TMSProtocol
-Parameters
MerchantParameters AcceptorConfigurationUpdate.Dataset.Content.Merchant-
Parameters
TerminalParameters AcceptorConfigurationUpdate.Dataset.Content.Terminal-
Parameters
CertificateParameters CertificateManagementResponse.ServerCertificate
CertificateManagementResponse.ServerCertificateIdentifier
CertificateManagementResponse.ClientCertificate
1856

1857 6.6 MaintenanceDelegationRequest (catm.005.001.02)


1858
1859 The MaintenanceDelegationRequest message contains the following information:
1860
MaintenanceDelegationRequest Mult. Rule Cstr Usage
Header [1..1] Information related to the protocol management.
ProtocolVersion [1..1] * See StatusReport
ExchangeIdentification [0..1] Identification of the exchange (request, response).
CreationDateTime [1..1] Date and time at which the message was sent.
InitiatingParty [1..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RecipientParty [0..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RemoteAccess [0..1] * Access information to reach the target host.

6 MaintenanceDelegation Page 87
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MaintenanceDelegationRequest Mult. Rule Cstr Usage


Must be present in case of MaintenanceDelegationRequest
Address [1..*] Network addresses of the Terminal Manager host. Priorities
of the addresses are defined by the order of their
appearance in the message (the first one is the primary
address, the second one the secondary address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:
"InternetProtocol" A transport protocol using an IP
network.
"PublicTelephone" A transport protocol using Public
Switched Telephone Network
(PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,
followed by the character ':' and the TCP port number if
the default port is not used.
The value of a public telephone address contains the
phone number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificateIdentifier [0..*] Identification of the X.509 Certificate required to authenticate
the server, for instance a digest of the certificate, the
certificate serial number with the certificate issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
MaintenanceDelegationRequest [1..1] Information related to the request of maintenance
delegations.
TMIdentification [1..1] Identification of the Terminal Manager requesting the
delegation.
See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
MasterTMIdentification [0..1] Identification of the Master Terminal Manager managing the
terminal estate.
See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RequestedDelegation [1..*] Information on the delegation of a maintenance action or
maintenance function.
DelegationType [1..1] Type of delegation action.
CREA Create.
UPDT Update.
DELT Delete.
MaintenanceService [1..*] C1 Maintenance service to be delegated.
AcquirerParameters: Configuration parameters of the
payment acquirer protocol.
ApplicationParameters: Configuration parameters of an
application.
ApplicationParametersSubsetCreation: Creation of a
subset of the configuration
parameters of an application.
CertficateParamleters: Certificate provided by a
terminal manager

6 MaintenanceDelegation Page 88
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MaintenanceDelegationRequest Mult. Rule Cstr Usage


KeyDownload: Download of cryptographic keys
with the related information.
KeyManagement: Activate, deactivate or revoke
loaded cryptographic keys.
MerchantParameters: hant configuration parameters for
the point of interaction (POI).
Reporting: Reporting on activity, status and
error of a point of interaction.
SoftwareModule: Software module update.
TerminalParameters: Point of interaction parameters
attached to the terminal as serial
number or physical capabilities.
TMSProtocolParameters Configuration parameters for the
TMS protocol.
If DelegationType equals DELETE the MaintenanceService
value is not relevant
PartialDelegation [0..1] Flag to indicate that the delegated maintenance must be
performed on a subset of the terminal estate.
Default False
If PartialDelegation is True and POISubset is absent then
the Delegation may apply to any POI belonging to the MTM.
If PartialDelegation is False and POISubset is absent then
the Delegation applies to any POI belonging to the MTM.
POISubset [0..*] Subset of the terminal estate for the delegation.
The subset may be expressed as a list of POI or terminal
estate subset identifier.
DelegatedAction [0..1] Information for the MTM to build or include delegated actions
in the management plan of the POI.
PeriodicAction [0..1] Flag to indicate that the delegated actions have to be
included in a periodic sequence of actions.
Default False
TMRemoteAccess [0..1] Network address and parameters of the terminal manager
host which will perform the delegated actions.
see ManagementPlanReplacement
Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificateIdentifier [0..*]
ClientCertificate [0..*]
SecurityProfile [0..1]
TMSProtocol [0..1] TMS protocol to use to perform the maintenance action.
TMSProtocolVersion [0..1] Version of the TMS protocol to use to perform the
maintenance action.
DataSetIdentification [0..1] Data set on which the delegated action has to be performed.
Name [0..1]
Type [1..1]
Version [0..1]
CreationDateTime [0..1]
ReTry [0..1] Definition of retry process when activation of the action fails.
Delay [1..1]
MaximumNumber [0..1]
AdditionalInformation [0..*] Additional information to include in the maintenance action.
Action [0..*] Sequence of action to include in the next MTM management
plan.
see ManagementPlanReplacement
Type [1..1]

6 MaintenanceDelegation Page 89
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MaintenanceDelegationRequest Mult. Rule Cstr Usage


RemoteAccess [0..1]
Address [1..*]
NetworkType [1..1]
AddressValue [1..1]
UserName [0..1]
AccessCode [0..1]
ServerCertificate [0..*]
ServerCertificate- [0..*]
Identifier
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
TerminalManager- [0..1]
Identification
Identification [1..1]
Type [0..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
TMSProtocol [0..1]
TMSProtocolVersion [0..1]
DataSetIdentification [0..1]
Name [0..1] C2 At least one DataSetIdentification must be present with
Name and Type equals to ManagementPlan
Type [1..1] C2 At least one DataSetIdentification must be present with
Name and Type equals to ManagementPlan
Version [0..1]
CreationDateTime [0..1]
ComponentType [0..*]
DelegationScope- [0..1] Identification of the delegation scope assigned by the MTM.
Identification
[0..1] Definition of the delegation scope, for instance inside the
DelegationScopeDefinition payment application parameters the range of application
profiles, the RID (Registered application provider
IDentification).
DelegationProof [0..1]
ProtectedDelegationProof [0..1]
Trigger [1..1]
AdditionalProcess [0..*]
ReTry [0..1] Should be present with the default value expected by the TM
Delay [1..1]
MaximumNumber [0..1]
TimeCondition [0..1] Should be present with the default value expected by the TM
WaitingTime [0..1]
StartTime [0..1]
EndTime [0..1]
Period [0..1] Should not be present
MaximumNumber [0..1] Should not be present
TMChallenge [0..1]
KeyEncipherment- [0..*]
Certificate
ErrorAction [0..*]
ActionResult [1..*]
ActionToProcess [1..1]

6 MaintenanceDelegation Page 90
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MaintenanceDelegationRequest Mult. Rule Cstr Usage


AdditionalInformation [0..*]
DelegationScopeIdentification [0..1] Identification of the delegation scope assigned by the MTM.
DelegationScopeDefinition [0..1] Definition of the delegation scope, for instance inside the
payment application parameters the range of application
profiles, the RID (registered application provider
identification).
Certificate [0..*] Certificate path of the terminal manager.
POIIdentificationAssociation [0..*] Association of the TM identifier and the MTM identifier of a
POI.
MasterTMIdentification [1..1] Identifier for the master terminal manager.
TMIdentification [1..1] Identifier for the terminal manager requesting the delegation.
SymmetricKey [0..*] Identification of the key to manage or to download.
see ManagementPlanReplacement
KeyIdentification [1..1]
KeyVersion [1..1]
SequenceNumber [0..1]
DerivationIdentification [0..1]
Type [0..1]
Function [0..*]
ParameterDataSet [0..1] * Configuration parameters of the Terminal Manager to be
sent by the MTM.
see AcceptorConfigurationUpdate/dataset
Same constraints than AcceptorConfigurationUpdate applies
here also
SecurityTrailer [1..1]

1861
1862
1863

6 MaintenanceDelegation Page 91
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1864 6.7 MaintenanceDelegationResponse (catm.006.001.02)


1865 The master terminal manager provides the outcome of a maintenance delegation request to a terminal
1866 manager.
1867 The MaintenanceDelegationResponse message contains the following information:
1868
MaintenanceDelegationResponse Mult. Rule Cstr Usage
Header [1..1] Maintenance delegation response message management
information.
ProtocolVersion [1..1] Copy *
ExchangeIdentification [0..1] Copy
CreationDateTime [1..1] Date and time at which the message was sent.
InitiatingParty [1..1] Copy
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RecipientParty [0..1]
Identification [1..1] Copy from the request
Issuer [0..1] Copy from the request
Country [0..1] Copy from the request
ShortName [0..1]
RemoteAccess [0..1] Access information to reach the target host.
Address [1..*] Network addresses of the Terminal Manager host. Priorities
of the addresses are defined by the order of their
appearance in the message (the first one is the primary
address, the second one the secondary address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:
"InternetProtocol" A transport protocol using an IP
network.
"PublicTelephone" A transport protocol using Public
Switched Telephone Network
(PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,
followed by the character ':' and the TCP port number if the
default port is not used.
The value of a public telephone address contains the
phone number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificateIdentifier [0..*] Identification of the X.509 Certificate required to authenticate
the server, for instance a digest of the certificate, the
certificate serial number with the certificate issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
MaintenanceDelegationResponse [1..1] Information related to the request of maintenance
delegations.
TMIdentification [1..1] Copy Identification of the Terminal Manager requesting the
delegation.
See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]

6 MaintenanceDelegation Page 92
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MaintenanceDelegationResponse Mult. Rule Cstr Usage


ShortName [0..1]
MasterTMIdentification [0..1] Copy Identification of the Master Terminal Manager managing the
terminal estate.
See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
DelegationResponse [1..*] Information on the delegation of a maintenance action or
maintenance function.
MaintenanceService [1..*] Copy Requested maintenance service to be delegated.
Response [1..1] Response of the MTM to the delegation of the maintenance
service.
Approved: Service has been successfuly provided.
Declined: Service is declined.
ResponseReason [0..1] Reason of the response of the MTM.
DelegationType [1..1] Type of delegation action.
CREA Create.
UPDT Update.
DELT Delete.
POISubset [0..*]
DelegationScopeIdentification [0..1] Identification of the delegation scope assigned by the MTM.
DelegationScopeDefinition [0..1] Definition of the delegation scope, for instance inside the
payment application parameters the range of application
profiles, the RID (registered application provider
identification).
DelegationProof [0..1] Proof of delegation to be verified by the POI, when
performing the delegated actions.
ProtectedDelegationProof [0..1] Protected proof of delegation.
POIIdentificationAssociation [0..*]
MasterTMIdentification [1..1] Identifier for the master terminal manager.
TMIdentification [1..1] Identifier for the terminal manager requesting the delegation.
SecurityTrailer [0..1] * Must be present

1869

1870 6.8 Business Rules Validation


1871
1872 This chapter lists all business rules implying at least 2 different elements inside the message.
1873
1874
Constraint Literal Definition Involved elements
Number
C1 If a MaintenanceService is required on  RequestedDelegation.MaintenanceService.
ApplicationParameters, a
MaintenanceService on AcquirerParameters
must also be expected
C2 In a MaintenanceDelegationRequest at least  DataSetIdentification.Name
one DataSetIdentification must be present  DataSetIdentification.Type
with a Name and Type equals to
ManagementPlan

1875
1876

6 MaintenanceDelegation Page 93
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1877 7 Certificate Management


1878

1879 7.1 Introduction


1880 The CertificateManagementRequest message is sent by a POI terminal or any intermediary entity:
1881  to the terminal manager acting as a Certificate Authority for managing X.509 certificate of a public
1882 key owned by the initiating party, or
1883  for requesting the inclusion or the removal of the POI to a white list of the terminal manager.
1884
1885 The CertificateManagementResponse is sent by a terminal manager in response to a
1886 CertificateManagementRequest to provide the outcome of the requested service.
1887

1888 7.1.1 Certificate Creation


1889 A POI terminal or any intermediary entity request the creation of an X.509 certificate with the public key
1890 and the information of the owner of the asymmetric key provided by the requestor.
1891
1892 The CertificateManagementRequest message body contains:
1893  POIIdentification, containing the identification assigned by the Master Terminal Manager as
1894 defined in 6.3.4.
1895  Optionally TMIdentification (which is mandatory in the response)
1896  CertificateService with the value CreateCertificate,
1897 The public key of the asymmetric key and the information of the owner are provided
1898 - Either (cf Constraints C5 and C1):
1899  In BinaryCertificationRequest, which is the DER or PEM of the PKCS#10 Certificate
1900 Signing Request.
1901  Or in the CertificateRequestInformation data structure.
1902 The CertificateRequestInformation data structure, and partially BinaryCertificationRequest, contains:
1903  The attributes to included in the X.509 certificate to build which may contain at least:
1904  OrganisationName with the name of the manufacturer,
1905  OrganisationUnitName with the model of POI terminal
1906  CommonName with the serial number of the POI terminal
1907 - Optionally other attributes to put as extension of the certificate to create.
1908 - The public key PublicKeyValue, which is necessary an RSA key (Algorithm) in the data structure
1909 SubjectPublicKeyInformation.
1910 These information must be signed with a digital signature:
1911 - In the BinaryCertificationRequest PKCS#10 structure, using the asymmetric key to certified.
1912 - In the SecurityTrailer/SignedData, using the identification of the key provided inside
1913 CertificateRequestInformation (KeyIdentification and KeyVersion), with the asymmetric key to
1914 certified or any other key recognised by the TM.
1915
1916 The CertificateManagementResponse message body contains:
1917 - A copy of POIIdentification.
1918 - TMIdentification.
1919 - Result containing the outcome of the performed service.

7 Certificate Management Page 94


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1920 - SecurityProfile (to be better defined)


1921 - The created certificate in ClientCertificate.
1922 - The sequence of X.509 certificates from the CA signing the client certificate to the root certificate in
1923 CertificatePath.
1924
1925 In order to manage errors occurring during the communication of the CertificateManagementResponse
1926 message, the TM must provide an approved response, even if the certificate has been already created.
1927

1928 7.1.2 Certificate Renewal


1929 The POI terminal or the intermediary entity request the renewal of an X.509 certificate with the public key
1930 of the asymmetric key provided by the requestor.
1931
1932 The CertificateManagementRequest message body contains:
1933 - POIIdentification, containing the identification assigned by the Master Terminal Manager as defined
1934 in 6.3.4.
1935 - Optionally TMIdentification
1936 - CertificateService with the value RenewCertificate,
1937 - The certificate to renew in ClientCertificate.
1938 The public key of the asymmetric key and the information of the owner are provided either:
1939 - In BinaryCertificationRequest, which is the DER or PEM of the PKCS#10 Certificate Signing
1940 Request.
1941 - In the CertificateRequestInformation data structure.
1942 The CertificateRequestInformation data structure, and partially BinaryCertificationRequest, contains:
1943 - The public key PublicKeyValue of the new certificate to create, which is necessary an RSA key
1944 (Algorithm) in the data structure SubjectPublicKeyInformation.
1945 This information must be signed with a digital signature:
1946 In the SecurityTrailer/SignedData, using the identification of the key provided inside
1947 CertificateRequestInformation (KeyIdentification and KeyVersion), with the asymmetric key of the
1948 certificate to renew or any other key recognised by the TM.
1949
1950 The CertificateManagementResponse message body contains:
1951 - A copy of POIIdentification.
1952 - TMIdentification.
1953 - Result containing the outcome of the performed service.
1954 - SecurityProfile
1955 - The renewed certificate in ClientCertificate.
1956 - Optionally, the sequence of X.509 certificates from the CA signing the client certificate to the root
1957 certificate in CertificatePath.
1958
1959 In order to manage errors occurring during the communication of the CertificateManagementResponse
1960 message, the TM must provide an approved response, even if the certificate has been alredy renewed.
1961
1962

7 Certificate Management Page 95


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

1963

1964 7.1.3 Certificate Revocation


1965 The POI terminal or the intermediary entity request the revocation of an already created X.509 certificate.
1966
1967 The CertificateManagementRequest message body contains:
1968 - POIIdentification, containing the identification assigned by the Master Terminal Manager as defined
1969 in 6.3.4.
1970 - Optionally TMIdentification
1971 - CertificateService with the value RevokeCertificate,
1972 - The certificate to revoke in ClientCertificate.
1973 This information must be signed with a digital signature:
1974 - In the SecurityTrailer/SignedData, using the identification of the key provided inside
1975 CertificateRequestInformation (KeyIdentification and KeyVersion), with the asymmetric key of the
1976 certificate to revoke or any other key recognised by the TM.
1977
1978 The CertificateManagementResponse message body contains:
1979 - A copy of POIIdentification.
1980 - TMIdentification.
1981 - Result containing the outcome of the performed service.
1982
1983

1984 7.1.4 White List Insertion


1985 The POI terminal or the intermediary entity request the insertion of the POI on a white list of the Terminal
1986 Manager.
1987
1988 The CertificateManagementRequest message body contains:
1989 - POIIdentification, containing the identification assigned by the Master Terminal Manager as defined
1990 in 6.3.4.
1991 - Optionally TMIdentification
1992 - CertificateService with the value AddWhiteList,
1993 - The identification of the POI terminal in WhiteListIdentification:
1994  The identifier of the terminal manufacturer in ManufacturerIdentifier,
1995  The identifier of the model in Model,
1996  The serial number of the the POI terminal in SerialNumber.
1997
1998 The CertificateManagementResponse message body contains:
1999 - A copy of POIIdentification.
2000 - TMIdentification.
2001 - Result containing the outcome of the performed service.
2002
2003

7 Certificate Management Page 96


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2004 7.1.5 White List Removal


2005 The POI terminal or the intermediary entity request the removal of the POI on a white list of the Terminal
2006 Manager.
2007
2008 The CertificateManagementRequest message body contains:
2009 - POIIdentification, containing the identification assigned by the Master Terminal Manager as defined
2010 in 6.3.4.
2011 - Optionally TMIdentification
2012 - CertificateService with the value RemoveWhiteList,
2013 - The identification of the POI terminal in WhiteListIdentification:
2014  The identifier of the terminal manufacturer in ManufacturerIdentifier,
2015  The identifier of the model in Model,
2016  The serial number of the the POI terminal in SerialNumber.
2017
2018 The CertificateManagementResponse message body contains:
2019 - A copy of POIIdentification.
2020 - TMIdentification.
2021 - Result containing the outcome of the performed service.
2022

2023 7.2 CertificateManagementRequest(catm.007.001.01)


2024
CertificateManagementRequest Mult. Rule Cstr Usage
Header [1..1] Information related to the protocol management.
ProtocolVersion [1..1] * See StatusReport
ExchangeIdentification [0..1] Identification of the exchange (request, response).
CreationDateTime [1..1] Date and time at which the message was sent.
InitiatingParty [1..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RecipientParty [0..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RemoteAccess [0..1] Access information to reach the target host.
Address [1..*] Network addresses of the Terminal Manager host. Priorities
of the addresses are defined by the order of their
appearance in the message (the first one is the primary
address, the second one the secondary address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:
"InternetProtocol" A transport protocol using an IP
network.
"PublicTelephone" A transport protocol using Public
Switched Telephone Network
(PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,

7 Certificate Management Page 97


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

CertificateManagementRequest Mult. Rule Cstr Usage


followed by the character ':' and the TCP port number if
the default port is not used.
The value of a public telephone address contains the
phone number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificateIdentifier [0..*] Identification of the X.509 Certificate required to
authenticate the server, for instance a digest of the
certificate, the certificate serial number with the certificate
issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
CertificateManagementRequest [1..1] Information related to the request of certificate
managements.
POIIdentification [1..1] Identification of the terminal or system using the certificate
management service.
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
TMIdentification [0..1] Identification of the TM or the MTM providing the Certificate
Authority service.
See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
CertificateService [1..1] Requested certificate management service.
WLSA AddWhiteList
Add a POI in the white list of the terminal
manager.
CRTC CreateCertificate
Creation of an X.509 certificate with the
public key and the information of the
owner of the asymmetric key provided by
the requestor.
WLSR RemoveWhiteList
Remove a POI from the white list of the
terminal manager.
CRTR RenewCerificate
Renewal of an X.509 certificate, protected
by the certificate to renew.
CRTK RevokeCertificate
Revocation of an active X.509 certificate.
SecurityDomain [0..1] Identification of the client and server public key
infrastructures containing the certificate. In addition, it may
identify specific requirements of the customer.
BinaryCertificationRequest [0..1] C1 PKCS#10 (Public Key Certificate Standard 10) certification
C5 request coded in base64 ASN.1/DER (Abstract Syntax
Notation 1, Distinguished Encoding Rules) or PEM (Privacy
Enhanced Message) format.
CertificationRequest [0..1] C1 Certification request data structure with PKCS#10 (Public
C5 Key Certificate Standard 10) information for creation or
renewal of an X.509 certificate.
CertificateRequestInformation [1..1] Information of the certificate to create.
Version [0..1] Version of the certificate request information data structure.
SubjectName [0..1] Distinguished name of the certificate subject, the entity
whose public key is to be certified.

7 Certificate Management Page 98


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

CertificateManagementRequest Mult. Rule Cstr Usage


[1..*]
RelativeDistinguishedName
AttributeType [1..1] C2
AttributeValue [1..1]
SubjectPublicKeyInformation [1..1] Information about the public key being certified.
Algorithm [0..1] Asymmetric cryptographic algorithm.ERSA RSAEncryption
PublicKeyValue [1..1] Public key value.

Modulus [1..1]
Exponent [1..1]
Attribute [1..*] Attribute of the certificate service to be put in the certificate
extensions, or to be used for the request.
AttributeType [1..1] X509 attribute.
CHLG ChallengePassword
Password by which an entity may request
certificate revocation
EMAL EmailAddress
Email address of the certificate subject.
AttributeValue [1..1] Value of the X500 attribute.
KeyIdentification [0..1] Identification of the key.
KeyVersion [0..1] Version of the key.
ClientCertificate [0..1] C3 Created certificate. The certificate is ASN.1/DER encoded,
for renewal or revocation of certificate.
WhiteListIdentification [0..1] Identification of the white list element, for white list addition
or removal.
ManufacturerIdentifier [1..1] Identifier of the terminal manufacturer.
Model [1..1] Identifier of the terminal model.
SerialNumber [1..1] Serial number of the terminal manufacturer.
SecurityTrailer [0..1] * Must be present

2025

2026 7.3 CertificateManagementResponse (catm.008.001.01)


2027
CertificateManagementResponse Mult. Rule Cstr Usage
Header [1..1] Information related to the protocol management.
ProtocolVersion [1..1] * See StatusReport
ExchangeIdentification [0..1] Identification of the exchange (request, response).
CreationDateTime [1..1] Date and time at which the message was sent.
InitiatingParty [1..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RecipientParty [0..1] See StatusReport
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
RemoteAccess [0..1] Access information to reach the target host.
Address [1..*] Network addresses of the Terminal Manager host. Priorities of
the addresses are defined by the order of their appearance in
the message (the first one is the primary address, the second
one the secondary address, etc…).
NetworkType [1..1] Type of communication network. Allowed values:

7 Certificate Management Page 99


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

CertificateManagementResponse Mult. Rule Cstr Usage


"InternetProtocol" A transport protocol using an IP
network.
"PublicTelephone" A transport protocol using Public
Switched Telephone Network
(PSTN).
AddressValue [1..1] Value of the address:
The value of an internet protocol address contains the IP
address or the DNS (Domain Name Server) address,
followed by the character ':' and the TCP port number if the
default port is not used.
The value of a public telephone address contains the phone
number with possible prefix and extensions.
UserName [0..1] Username for identification of the POI e.g. to login into a
server
AccessCode [0..1] Password for authentication of the POI e.g. to login into a
server
ServerCertificate [0..*] X.509 Certificate required to authenticate the server.
ServerCertificateIdentifier [0..*] Identification of the X.509 Certificate required to authenticate
the server, for instance a digest of the certificate, the
certificate serial number with the certificate issuer name.
ClientCertificate [0..*] X.509 Certificate required to authenticate the client.
SecurityProfile [0..1] Identification of the set of security elements to access the
host.
CertificateManagementResponse [1..1] Information related to response to the request of Certificate
management.
POIIdentification [1..1] Identification of the terminal or system using the certificate
management service.
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
TMIdentification [0..1] * Identification of the TM or the MTM providing the Certificate
Authority service.
See StatusReport
Must be present
Identification [1..1]
Issuer [0..1]
Country [0..1]
ShortName [0..1]
CertificateService [1..1] Requested certificate management service.
Result [1..1] Outcome of the certificate service processing.
Response [1..1] Response of the terminal manager.
ResponseDetail [0..1] Detail of the response.
CRTU UnknownCertificate
The certificate is unknown.
SVSU UnsupportedService
Requested service not supported.
AdditionalResponse [0..1] Additional information about the result.
SecurityProfile [0..1] Identification of the security profile, for creation, renewal or
revocation of certificate.
ClientCertificate [0..1] C4 Created certificate. The certificate is ASN.1/DER encoded, for
renewal or revocation of certificate.
ClientCertificatePath [0..*] C4 Certificate of the client certificate path, from the CA
(Certificate Authority) certificate, to the root certificate, for
renewal or revocation of certificate.
ServerCertificatePath [0..*] C4 Certificate of the server certificate path, from the CA
(Certificate Authority) certificate, to the root certificate, for
renewal or revocation of certificate.
SecurityTrailer [0..1] * Must be present

7 Certificate Management Page 100


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2028

2029 7.4 Business Rules Validation


2030
2031 This chapter lists all business rules implying at least 2 different elements inside the message.
2032
2033
Constraint Literal Definition Involved elements
Number
C1 In case of Certificate Creation or Renewal, the  CertificateManagement.CertificateService
BinaryCertificationRequest or the  CertificateManagement.BinaryCertificationRequest
CertificateRequest must be present
 CertificateManagement.CertificateRequest
C2 In case of Certificate Creation or Renewal, and if  CertificateManagement.CertificateService
the CertificateRequest is present, the following  CertificateManagement.CertificateRequest.
AttributeType must be present OrganisationName,
OrganisationUnitName and CommonName  CertificateManagement.CertificateRequest.Certificat
eRequestInformation.Attribute.
C3 In case of Certificate Renewal or Revocation, the  CertificateManagement.CertificateService
ClientCertificate must be present, otherwise it must  CertificateManagement.ClientCertificate
be absent
C4 In case of Approved result on certificate, the  CertificateManagementResponse.CertificateService
ClientCertificate, ClientCertificatePath and  CertificateManagementResponse.ClientCertificate
ServerCertificatePath must be present, and must be
absent otherwise  CertificateManagementResponse.Result
 CertificateManagementResponse.ClientCertificateP
ath
 CertificateManagementResponse.ServerCertificateP
ath
C5 BinaryCertificationRequest and CertificateRequest  CertificateManagement.BinaryCertificationRequest
must not be present simultaneously  CertificateManagement.CertificateRequest

2034

7 Certificate Management Page 101


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2035 8 Download of Cryptographic Keys


2036 8.1 Introduction
2037 This section specifies the downloading of symmetric cryptographic keys by a Terminal Manager to a
2038 POI4.
2039 These symmetric keys are used:
2040  Internally by a POI for any kind of protection, or
2041  To protect data exchanged between the POI and a Host, or between two Hosts.
2042
2043 Protection of the downloaded keys is based on asymmetric cryptographic keys, and may be applied
2044 remotely without any particular personalisation of the POI.
2045
2046 These symmetric keys are downloaded through the AcceptorConfigurationUpdate message in the
2047 DataSet/Content/SecurityParameters data structure which contains:
2048  Some challenges to avoid replay (POIChallenge, TMChallenge),
2049  For each symmetric key (SymmetricKey):
2050  The identification of the key (Identification, AdditionalIdentification, Version),
2051  The purpose of the key (Type, Function),
2052  The period of usage (ActivationDate, DeactivationDate),
2053  The value of the key (KeyValue).
AcceptorConfigurationUpdate

AcquirerProtocolParameters

MerchantParameters

TerminalParameters

ApplicationParameters

HostCommunicationParameters

SecurityParameters
POIChallenge
Challenges
TMChallenge

Symmetric Key
Identification
AdditionalIdentification Identification
Version
Type Purpose
Function
ActivationDate
Validity period
DeactivationDate
KeyValue Key value

Symmetric Key
...

2054
2055 Figure 6: Key Information
2056

4 The POI should be a POI Terminal, a POI Server, or any Intermediary Agent.

8 Download of Cryptographic Keys Page 102


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2057 When the symmetric key is shared with a Host, to protect the exchanges with the POI, the configuration
2058 of the Host (HostConfigurationParameters) contains the identification of the shared keys (Identification,
2059 AdditionalIdentification and Version).
2060 It also allows the use of common symmetric key by different hosts.
2061 The configuration of the Host and the configuration of the security are not necessary exchanged in the
2062 same AcceptorConfigurationUpdate message.
2063
HostCommunication-
Parameters
...

Key 1 Symmetric Key 1


...
Key i

Symmetric Key i
...
HostCommunication-
Parameters
...

Key i
Symmetric Key n
Key n ...
2064
2065 Figure 7: Sharing of a Key with a Host
2066
2067
2068

8 Download of Cryptographic Keys Page 103


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2069 8.2 Notations and Hypothesis

2070 8.2.1 Notations


2071
2072 Asymmetric keys are denoted KOwner-Usage, where:
2073  Owner of the key is either the POI, denoted POI, or the MTM/TM Host, denoted TM,
2074  Usage of the key is either the encryption, denoted Enc, or the digital signature denoted Sig.
2075
2076 X.509 certificates are denoted CertIssuer-PKI(Key), where:
2077  Issuer of the certificate is either the Root of the PKI issuing the certificate, denoted Root , or the
2078 certification authority, denoted CA,
2079  PKI is either the POI public key infrastructure, denoted POI, or the MTM/TM Host public key
2080 infrastructure, denoted TM,
2081  Key is the asymmetric key which is certified.
2082
Enc: encryption Root: root of the PKI
Sig: signature CA: Certificate authority

K Owner-Usage C Issuer-PKI (Key)

POI: POI POI: POI


certified key
TM: MTM/TM Host TM: MTM/TM Host
2083
2084 Figure 8: Key and Certificate Notations
2085
2086
2087 Encryptions are denoted Enc[Key](Data), and decryptions Dec[Key](Data), where
2088  Key is the asymmetric key or the symmetric key which has encrypted the Data.
2089  Data is the data which is encrypted,
2090
2091 Digital signatures are denoted Sig[Key](Data), where
2092  Key is the asymmetric key which has signed the Data.
2093  Data is the data which is signed,
2094
asymmetric public key, or asymmetric private key, or
symmetric key symmetric key asymmetric private key

Enc[Key](Data) Dec[Key](Data) Sig[Key](Data)

data to encrypt data to decrypt data to sign


2095
2096 Figure 9: Encryption and Digital Signature Notations
2097
2098

8 Download of Cryptographic Keys Page 104


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2099 A Key Check Value (KCV) of a symmetric key is denoted KCV(Key) and equal to Enc[Key](00…00),
2100
symmetric key

KCV(Key) = Enc[Key](00..00)

null string
2101
2102 Figure 10: Key Check Value Notation
2103

2104 8.2.1.1 Hypothesis


2105
2106 Hypothesis 1: POI Asymmetric Authentication
2107 The POI owns an authentication asymmetric key KPOI-Sig, certified by a certificate authority which has
2108 issued the certificate CCA-POI(KPOI-Sig).
2109 The Terminal Manager (TM) has the X.509 certificate CRoot-POI of the root of the POI PKI, or any
2110 certificate authority in the chain from the root to the POI authentication asymmetric key K POI-Sig.
2111
2112 Hypothesis 2: TM Asymmetric Authentication
2113 The TM owns:
2114  An authentication asymmetric key KTM-Sig, certified by a certificate authority which has issued the
2115 certificate CCA-TM(KTM-Sig),
2116  A key encryption asymmetric key KTM-Enc, certified by the same certificate authority which has
2117 issued the certificate CCA-TM(KTM-Enc),.
2118
POI PKI TM PKI

Root CRoot-POI Root CRoot-TM

Certificate Certificate
Authority CCA-POI Authority CCA-TM

Key
Authentication Authentication
Encryption

CCA-POI(KPOI-Sig) CCA-TM(KTM-Sig) CCA-TM(KTM-Enc)


2119
2120 Figure 11: POI and TM PKIs
2121
2122 Hypothesis 3: PKI Organisation
2123 The PKI of the POI and the PKI of the TM may share a common root (CRoot-POI = CRoot-TM).
2124 If the PKI are not shared, the POI has the X.509 certificate CRoot-TM of the root of the Terminal Manager
2125 PKI, or any certificate authority in the chain from the root to the TM asymmetric keys K TM-Sig and KTM-Enc.
2126
2127
8 Download of Cryptographic Keys Page 105
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2128 8.3 Standard Key Download

2129 8.3.1 High Level Process


2130
cryptographic keys status StatusReport
Component
Component
SecurityParameters
Identification
VersionNumber
Status

Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC

ManagementPlan action: download keys


download security parameters Action
TM challenge TM Challenge 1
TM key to encrypt key CCA-TM(KTM-Enc)

digital signature with TM key, or MAC Sig[KTM-Sig](msg)


MAC

request key download StatusReport


DataSetRequired
POI Challenge POI challenge
TM Challenge 1 TM challenge sent in the management plan
Enc[KTM-Enc](KEK) Key Encryption Key, encrypted by TM key

Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC

ConfigurationUpdate keys to store


security parameters SecurityParameters
POI challenge sent in the status report POI Challenge
TM challenge (2nd) TM Challenge 2

keys to download SymmetricKey


SymmetricKey
key identification, usage, validity ... key parameters
key encrypted by KEK sent in the status report Enc[KEK](Kxx)

digital signature with TM key, or MAC Sig[KTM-Sig](msg)


MAC
keys download result

StatusReport
Component
Component
SecurityParameters key identification
KCV encryption of a null string

DataSetRequired
TM Challenge 2 TM challenge sent in the configuration update

Sig[KPOI-Sig](msg)
digital signature with POI key, or MAC
MAC

ManagementPlan
...
2131
2132 Figure 12: Standard Key Dowload
2133
2134

8 Download of Cryptographic Keys Page 106


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2135 The standard download of keys performs the following exchanges of messages:
2136  Key Status: The POI sends a StatusReport message to the Terminal Manager, in charge of the
2137 key download, all the status of the cryptographic keys.
2138  Dowload Keys Action: if some keys or new versions of the keys have to be injected on the POI,
2139 the Terminal Manager sends a ManagementPlanReplacement message containing an action to
2140 download keys (SecurityParameters) with:
2141  a first challenge TM Challenge 1 generated by the TM, and
2142  the X.509 certificate chain with the CCA-TM(KTM-Enc) certificate of a public key to encrypt
2143 other keys.
2144  Request Key Downloading: following the condition described in the action of the management
2145 plan, the POI sends a StatusReport message to the Terminal Manager with the DataSetRequired
2146 containing the identification of the data set with:
2147  the challenge TM Challenge 1 sent by the TM,
2148  a fresh challenge POI Challenge, generated by the POI,
2149  key encryption key KEK, encrypted by the public key KTM-Enc of the TM:
2150 Enc[KTMEnc](KEK)
2151 These data are digitally signed by the POI key KPOI-Sig
2152  Key Storing: the TM sends a AcceptorConfigurationUpdate message containing:
2153  a second fresh challenge TM Challenge 2, generated by the TM,
2154  each key to store Kxx, encrypted by KEK: Enc[KEK](Kxx)
2155 These data are digitally signed by the TM private key KTM-Sig
2156  Key Dowload Result: to report the result of the key download action, the POI sends a
2157 StatusReport message to the Terminal Manager with:
2158  the KCV for each loaded key in the related Component data structure,
2159  the challenge TM Challenge 2 sent by the TM in the DataSetRequired data structure,
2160 The Terminal Manager sends a ManagementPlanReplacement message containing other actions to
2161 perform.
2162
2163

8 Download of Cryptographic Keys Page 107


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2164 8.3.2 Key Status


2165
2166 Depending on the POI key management, symmetric key may be downloaded periodically by a dedicated
2167 action in the management plan, or when required by the TM host depending on the status of the keys
2168 loaded on the POI, and provided in the StatusReport message.
2169 The status of the keys loaded on the POI is reported in the Content/Component of the StatusReport with
2170 the following structure:
2171
2172 The Multiplicity in the following table should be considered to manage status of keys and not according to
2173 the definition of the protocol.
2174
StatusReport/DataSet Mult. Usage

Content [1..1] Content of the status report.

POIComponent [1..*] Information related to a key loaded in the POI.
Type [1..1] “SecurityParameters”
Identification [1..1] Identification of the key.
ItemNumber [0..1] Identify the hardware or software component loading the key, if defined in
another Component occurrence.
ProviderIdentification [0..1] Identifies the provider or the owner of the key.
Identification [1..1] Key indentification.
SerialNumber [0..1] see StatusReport
Status [1..1] Key status.
VersionNumber [1..1] Key version.
Status [1..1] Current status of the component:
WaitingActivation The key is not yet valid.
InOperation The key is activated and in operation.
Deactivated The key is no more valid or has been deactivated.
ExpiryDate [0..1] Expiry date of the Key

2175
2176 This message may be protected in the SecurityTrailer:
2177  by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key, or
2178  by a digital signature (SignedData) of the message, signed by by the POI authentication
2179 key KPOI-Sig.
2180
2181

8 Download of Cryptographic Keys Page 108


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2182 8.3.3 Management Plan with Key Download Action


2183
2184 If the key status sent by the POI indicates that some keys or new versions of the keys have to be injected
2185 on the POI, the Terminal Manager sends a ManagementPlanReplacement message containing an action
2186 to download keys with following structure:
2187
2188 The Multiplicity in the following table should be considered to manage key download and not according to
2189 the definition of the protocol.
2190
ManagementPlan/DataSet/Content Mult. Usage
Action [1..1] Information related to a key download in the POI.
Type [1..1] “Download”
RemoteAccess [0..0] Not relevant for Key management
TerminalManagerIdentification [0..0] Not relevant for Key management
TMSProtocol [0..0] Not relevant for Key management
TMSProtocolVersion [0..0] Not relevant for Key management
DataSetIdentification [1..1] Identification of the set of key to dowload.
Name [0..1] Name of the data set.
Type [1..1] “SecurityParameters”
Version [0..1] Version of the data set.
CreationDateTime [1..1] Creation date time of the data set.
ComponentType [0..*] “SecurityParameters” may be added
DelegationScopeIdentification [0..0] Not relevant for Key management
DelegationScopeDefinition [0..0] Not relevant for Key management
DelegationProof [0..0] Not relevant for Key management
ProtectedDelegationProof [0..0] Not relevant for Key management
Trigger [1..1] see ManagementPlanReplacement
AdditionalProcess [0..1] "Restart": the POI has to restart the application after the successful
completion of the action.
Retry [0..1] see ManagementPlanReplacement
TimeCondition [0..1] see ManagementPlanReplacement
TMChallenge [1..1] Fresh challenge TM Challenge 1 generated by the TM.
KeyEnciphermentCertificate [1..*] Certificate chain containing the signed public key encryption key of the
Terminal Manager CCA-TM(KTM-Enc), used by the POI to send a session key
encryption key.
The certificate chain must ordered by starting with the higher certificate level
and ending with the leaf.
ErrorAction [0..*] see ManagementPlanReplacement

2191
2192 This message may be protected in the SecurityTrailer:
2193  by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2194  by a digital signature (SignedData) of the message, signed by by the TM authentication
2195 key KTM-Sig.
2196
2197

8 Download of Cryptographic Keys Page 109


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2198 8.3.4 Status Report to Request Key Downloading


2199
2200 According to condition described in the TimeCondition of the action sent in the management plan, the POI
2201 sends a StatusReport message to the Terminal Manager with the following structure:
2202
2203 The Multiplicity in the following table should be considered to manage key download and not according to
2204 the definition of the protocol.
2205
StatusReport/DataSet Mult. Usage

Content [1..1] Content of the status report.

POIComponent [1..*] see section 8.3.2 Key Status

DataSetRequired [1..1] Data set provided in the related action of the management plan.
Identification [1..1] Identification of the set of key to download.
Name [0..1] Copy of Action.DataSetIdentification.Name.
Type [1..1] “SecurityParameters”
Version [0..1] Copy of Action.DataSetIdentification.Version.
CreationDateTime [0..1] Copy of Action.DataSetIdentification.CreationDateTime.
POIChallenge [1..1] A fresh challenge POI Challenge, generated by the POI
TMChallenge [1..1] The challenge TM Challenge 1 sent by the TM in the management plan.
SessionKey [1..1]
Identification [1..1] Temporary name used during Key Exchange
AdditionalIdentification [0..1] See StatusReport
Version [1..1] Temporary version used during Key Exchange
Type [1..1] See StatusReport
Function [1..1] “KeyExport”
ActivationDate [0..1] See StatusReport
DeactivationDate [0..1] See StatusReport
KeyValue [1..1] Key encryption key KEK, encrypted by the public key KTM-Enc of the TM.
ContentType [1..1] “EnvelopedData”
EnvelopedData [1..1] Encrypted key: Enc[KTM-Enc](KEK)

2206
2207 This message may be protected in the SecurityTrailer:
2208  by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2209  by a digital signature (SignedData) of the message, signed by by the POI authentication
2210 key KPOI-Sig.
2211
2212

8 Download of Cryptographic Keys Page 110


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2213 8.3.5 Configuration Update to Inject Keys


2214
2215 The TM sends a AcceptorConfigurationUpdate message containing the key to inject in the POI with
2216 following structure:
2217
2218 The Multiplicity in the following table should be considered to manage key download and not according to
2219 the definition of the protocol.
2220
AcceptorConfigurationUpdate/ Mult. Usage
DataSet/Content
HostCommunicationParameters [0..*] Cryptographic symmetric keys to download
ActionType [1..1] see AcceptorConfigurationUpdate
HostIdentification [1..1] see AcceptorConfigurationUpdate
Address [0..1] see AcceptorConfigurationUpdate

Key [0..*] Identification of the symmetric keys shared between the POI and this host
see AcceptorConfigurationUpdate

SecurityParameters [1..1] Cryptographic symmetric keys to download
ActionType [1..1] “Create”
Version [1..1] see AcceptorConfigurationUpdate
POIChallenge [1..1] Challenge generated by the POI and sent in the StatusReport requesting
security parameters data set.
TMChallenge [1..1] A second fresh challenge TM Challenge 2 generated by the TM to be sent by
the POI in the StatusReport reporting the result of the security parameters
data set download and installation.
SymmetricKey [0..*] For each symetric key to inject in the POI.
Identification [1..1] see AcceptorConfigurationUpdate
AdditionalIdentification [0..1] see AcceptorConfigurationUpdate
Version [1..1] see AcceptorConfigurationUpdate
Type [1..1] see AcceptorConfigurationUpdate
Function [1..*] see AcceptorConfigurationUpdate
ActivationDate [0..1] see AcceptorConfigurationUpdate
The key is implicitly activated if absent.
DeactivationDate [0..1] see AcceptorConfigurationUpdate
KeyValue [1..1] Key to store Kxx, encrypted by KEK, sent in the status report.
ContentType [1..1] “EnvelopedData”
EnvelopedData [1..1] Encrypted key: Enc[KEK](Kxx)
KEK key is identified by the Name "KeyEncryptionKey" and the Version of the
SecurityParameter data set, provided in the Action of the management plan,
truncated to 10 digits.

2221
2222 This message may be protected in the SecurityTrailer:
2223  by a MAC (AnthenticatedData), if the POI own a shared symmetric MAC key,or
2224  by a digital signature (SignedData) of the message, signed by by the TM authentication
2225 key KTM-Sig.
2226
2227

8 Download of Cryptographic Keys Page 111


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2228 8.3.6 Key Download Result


2229
2230 The POI sends a StatusReport message to report the result of the key download action with the following
2231 structure:
2232
2233 The Multiplicity in the following table should be considered to manage status of keys and not according to
2234 the definition of the protocol.
2235
StatusReport/DataSet Mult. Usage

Content [1..1] Content of the status report.

POIComponent [1..*] see section 8.3.2 Key Status
Type [1..1] “SecurityParameters”
Identification [1..1] see section 8.3.2 Key Status
ItemNumber [0..1] see section 8.3.2 Key Status
ProviderIdentification [0..1] see section 8.3.2 Key Status
Identification [1..1] see section 8.3.2 Key Status
SerialNumber [0..1] see StatusReport
Status [1..1] see section 8.3.2 Key Status
VersionNumber [1..1] see section 8.3.2 Key Status
Status [0..1] see section 8.3.2 Key Status
ExpiryDate [0..1] Expiry date of the Key
Characteristics [0..1] Key detail, if the key has been downloaded.
KeyCheckValue [0..1] Result of the encryption of a null block: Enc[Kxx](00…00).
DataSetRequired [1..1] Data set to request a management plan.
Identification [1..1] see ManagementPlanReplacement
Name [0..1] see ManagementPlanReplacement
Type [1..1] see ManagementPlanReplacement
Version [0..1] see ManagementPlanReplacement
CreationDateTime [0..1] see ManagementPlanReplacement
TMChallenge [0..1] The challenge TM Challenge 2 sent by the TM in the
AcceptorConfigurationUpdate, if the key download was successfull.
Event [1..*] Result of the action of downloading the secutity parameters.
… see StatusReport

2236
2237 This message may be protected in the SecurityTrailer:
2238  by a MAC (AuthenticatedData), if the POI own a shared symmetric MAC key,or
2239  by a digital signature (SignedData) of the message, signed by by the POI authentication
2240 key KPOI-Sig.
2241
2242 Then the Terminal Manager sends a ManagementPlanReplacement message containing other action to
2243 perform.
2244
2245

8 Download of Cryptographic Keys Page 112


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2246 8.4 Example

2247 8.4.1 Introduction


2248 The section provides an example of key download from a TM manager to a POI.
2249
2250 There are no symetric keys dedicated to this TMS communication loaded in the POI. Following a manual
2251 command or a response to a message requesting to contact the key injection server, the related TM must
2252 download an initial DUKPT key in the POI:
2253 EE3AE644 1C2EEE18 3F3B4179 2DBCD318
2254 with the following identification:
2255
Message Item Value
Keydentification
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
KeyDerivation 398725A501E29020

2256

2257 8.4.2 RSA Keys and Certificate


2258 There are 3 RSA keys:
2259 For the POI, the authentication RSA key KPOI-Sign,
2260 For the TM Host, the authentication RSA key KTM-Sign,
2261 For the TM Host, the key encryption RSA key KTM-Enc,
2262
2263 To simplify the example, the public part of these 3 RSA keys are authenticated by the same certificate
2264 authority as described in the figure below.
common
PKI

Root CRoot

Key
Authentication Authentication
Encryption

CCA-POI(KPOI-Sig) CCA-TM(KTM-Sig) CCA-TM(KTM-Enc)


2265
2266 Figure 13: PKI used by the Key Download Example
2267
2268

8 Download of Cryptographic Keys Page 113


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2269 The RSA root key to sign the certificates has a key length of 4096 bits with the components dumped
2270 below:
RSA Key Component Value
Modulus A97F45122196E7353C89C240F5D163CF7B9B6A0899440C3D3F3C431BF898BFDE
121407E57E4B6EA2A85E52742659E05087CBC69E2EF6A301B9000A9DA4216951
B793B70B3D27EA9BD6E80584929C55AA5D315CF691F789E677E52105065CC79C
20C58384DF934640A80E7F970088650663610B80B478B17E5863B910332C89DF
3F1FEE47E8A96E9A413CD69410693FECBA0388D2DDB4B6B33341CF9D523AC561
729C5854512EDE984AEB1D937E3C8F74F527FFEFE710CBD2A6819CA0A3C8C7CB
C237E1B60A66D790E5DFFCE5EF1B8BA241E284FBF32345AC74D179382DA7D714
E63CE04084FD904C3AAE0CAC44CCB17A4DFB4B5917971BE12B24FBC17E1E20DD
DC363E45D1659C80D5FF087C51FBED5846C43C0D3580C1C7E8BE91629FDE96F7
A5E531E0166AFE88CC3AFE4EB642F9E51F02E007CB482B4E91D588965F53C73D
8CA2A2D4F7A8663F492CB1623906417A553C9D4DFB2CF55CE6290956C5E80009
7F0E8C974E879BCB981977377FA6A3750DBF478F57C0C7338F45BA83F54670E3
5DDBAC4E30665338A75C0D61DF6918721E885054C85BC3CACD2206468C8A84BB
8B3432CE2D8B2F46B3E25124E956E401AA4194066C01ADC9E633DD2BFE794C87
10F3B94766986465135B8B395F832166A17F9E7EDD8DCB0D19125307CC32B76B
7009113A1BD91C5A2815E0A5A533B8A6ABFC47F0D11A668A2791E9F2F6088A5D
Public Exponent 010001
Private Exponent 2329168FF34DD57A92AB55139AAAAC14CF6466F38FAFB1064786DDB900B1D723
5F06AEB8A9A1463B11C8373C86F41FF734A44DF8646F9F52ED28980B299010C3
F5DBFB9DA63B108CF160C23C45198F1FBF234D508CE917BF2A61EA9E9B3A45E2
1A5E3EB1229BEF77DC24DDCCDA3C7110892F096ED28132F8ADA74A2D9520091D
B97F8B33798D2437758F044844BB409A7FDFD9D33C508F91CEF138FB3EA2986D
65940F32B6808D86740C1FDF87D1524505D21D628BC14D36CE79969F303AA74F
9A63733C0B1E585B63843A770C49DF86723A6631C9B7286DE4F1CB3E9F21F119
11C5D1133143545AABD58D2573442F10DAFA651FFF27C68DC8206CE52F9F5A5B
B51BEDC9E488312A3B6FEB3C3F216C06B1DEAC0EEFBF0923146338A642D98136
45AD19BA6F057946FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E7
4C3B3339B312D350DF8CB61DED711FCDC184F06FB9D8F89E68BAC2ABBFADDF52
88946DE053723075CD4F429B413D7FD870A104145A6ACE893A20258864FAD2A8
6A1F5AD252269AF71283593929304F86D9720A43161E26ABA6B19E9E870B1B39
952B6D97EAA88904F8D5D33BC00C87AC207D30EB07FC90FC5EA1423AA7AED534
30DAA12A68E5FA78CC42336D34273F6530BFA098085990EA2A12252E68B5E166
67086DB85B22FF747ECC0AA74F3687A9C058ABF9B891CE423FDE410D6E3CE121
Prime 1 C68BEBAFB00F0A1B7150AB24BDFC6E9ACCB413951857EEF62EC81D78B7F4E432
CF653F969F81F6C26FB6ACC300302F583853C654B823E48EA617540F2EAE10A9
D46C005A539F270AFC86E8A1FDA9B66960B5C4B6D1746F5B616A6B90D8B1E822
C3AF0ED1097550D87B55C5B6651CBFE769A16051FAA4F416DEECBA79FD9252BC
D99694FEA3981A50E329ECB367988A5FAEEB7C81FDAD8276B11CFC3AD0A85E65
53AB5D661EFA4D26A30157BD9FEA3428EB452F20D33525B2A9151BF542885B38
BF2FDAFA3CD3C3B48754822A5EF648D91A4CB3F98BCD222CC1497CB530A91B29
F1C52ED3F3242E1D6AB0A790708A3CB96D6DD718A7F1B4579EE6D0941DC06CE5
Prime 2 DA8B67A93CB27D2F5B7D2F86454FD2A57D20258058B3AE74999665E03C8A95A4
739D338B1312AD7E39EDBECADB3151A5172D198ABA2D1D6C88DFBA3462D52805
ADCF44070423098B0DC7D12CC767109860B1D1674F37CA2A3E03A425A76ECAB5
2737392460DB0221E90E099F02623FC93631E34C146B8DBD7367C0365C329704
C6D2304E0B4A8519737162556E0D36952D24A830DC8BDB1EDE7062C0DA000C26
44653F9F6043452EC676F51E3CF8EC2AC4B9249630CE522E2E754D5A0629612D
5D7180EBA39802E9DA665C6EA661A8483AB688D5B525B2EB0521BFF5E37211FA
7E882FE3F2FA109CC53800A902296BA6E4C3CCDC84E8EBAAB9EB59A03CCFC819
Exponent 1 9D26A8D1319865D69CD54DF1521358F45BEC78C77D3234A95513FE07CC0B2108
7A91D847FF4EDE22BE4BA7E8DCE046C91C246B0A2989F7615563879C50C563D9
1892B7A0C72964BCD46E6FF9B00EC19C1CF9228FD5AFC4685EEDDDE0133495D9
D66B5C5DE68F9E030B74337F0FFF36821360B11D923738205628A7DCE0F10D5D
FF17AA2CF70DF05E6FBF8263EA2E99EFEC42E614F9D6793A3B2C0715028D11D2
3FEC968BBB1F412BC0BFD253FC1C6356B409D9A8B0A413879B3F6316B8A7B714
6E77916A99F4BFA5C7AC032F4864C5FA594FB6F0615067A96700249E41BAC80E
66183DDD734902DB33D4497D1126C9B3B742C68AF47B62D42BA8E415288B6365

8 Download of Cryptographic Keys Page 114


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Exponent 2 483FC1FB5F079AFF26FDD1D24FE3BDBDDC09DE9BF9B71D3B8AF2FFA70C1CBCAF
EB50D3136D30C58E6F543BB91091D36E02A574463A9A6399D7FE2EAED6E5A51F
8B8073FAE5D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608F3F
2841C770515CD5EDA4007209D15DEDBC756034C698119E803D40D578A32E4E62
D3DFF4FC381B60B933430EC1336AC6DAB65BE2069542DF23EB61B8240D6DEA96
54122CE061909BB485041AB0EE735490270D161D58F13C95EBE1F7BA8542F4CF
6C8EF391F33973ED1FB8AB62213B33C8FD300F38A774591BFD4C550BD32F88E6
0922B8C261376E7A8570A8373771BE172495DE8A209E681ABEF0216729F37F31
Coefficient 6978A387C201384A23F0E0BCD73737787364460ACF34F2B103AE60181A3E2DAF
D4F26B819F4B1ED7CD9E8CF225922365ACFB408ACC2E87207E339CF72059B94B
09552BFFAED96E486CE29AABDC8B95DA948B19F26CE702FD4D40867B50F5CFF5
7361BD181A7B4AFF4D80C547A5CBF9D2D51E9A1D1C729FF12E84129DCB132DC9
DCEE79F45456A05F232E1B3C31CA02D56EBDBC031C81A85DDE3CA2A5E4CD2F5B
C7D6394AA7F20022B74ED11A730C8C7024053C36500658D10C0622668C41E627
AF714A6EB76BCDC0B888F8AB4046DC5F158D08A5D7F388C76C7F022CE1834FDE
2B443126A9209274DED029D7D4FF7AC4B5AB0C88E8DEFD592D440AE254FBB422

2271
2272 The root X.509 certificate contains the following information:
Certificate Information Value
serialNumber 5087 CBC6 9E2E F6
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418084958+0100
notAfter 20181001182005+0200
Subject
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Extensions
keyUsage KeyCertSign CRLSign
basicConstraints 3

2273
2274 The dump of the X.509 certificate CRoot is:
2275 0000 30 82 05 7D 30 82 03 65 A0 03 02 01 02 02 07 50 |0..}0..e.......P|
2276 0010 87 CB C6 9E 2E F6 30 0D 06 09 2A 86 48 86 F7 0D |......0...*.H...|
2277 0020 01 01 0B 05 00 30 68 31 0B 30 09 06 03 55 04 06 |.....0h1.0...U..|
2278 0030 0C 02 42 45 31 10 30 0E 06 03 55 04 0A 0C 07 45 |..BE1.0...U....E|
2279 0040 50 41 53 4F 72 67 31 26 30 24 06 03 55 04 0B 0C |PASOrg1&0$..U...|
2280 0050 1D 54 65 63 68 6E 69 63 61 6C 20 43 65 6E 74 65 |.Technical Cente|
2281 0060 72 20 6F 66 20 45 78 70 65 72 74 69 73 65 31 1F |r of Expertise1.|
2282 0070 30 1D 06 03 55 04 03 0C 16 45 50 41 53 20 50 72 |0...U....EPAS Pr|
2283 0080 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 43 41 30 |otocols Test CA0|
2284 0090 2A 18 13 32 30 31 33 30 34 31 38 30 38 34 39 35 |*..2013041808495|
2285 00A0 38 2B 30 31 30 30 18 13 32 30 31 38 31 30 30 31 |8+0100..20181001|
2286 00B0 31 38 32 30 30 35 2B 30 32 30 30 30 68 31 0B 30 |182005+02000h1.0|
2287 00C0 09 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 |...U....BE1.0...|
2288 00D0 55 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 |U....EPASOrg1&0$|
2289 00E0 06 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C |..U....Technical|
2290 00F0 20 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 | Center of Exper|
2291 0100 74 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 |tise1.0...U....E|
2292 0110 50 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 |PAS Protocols Te|
2293 0120 73 74 20 43 41 30 82 02 22 30 0D 06 09 2A 86 48 |st CA0.."0...*.H|
2294 0130 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 |.............0..|
2295 0140 0A 02 82 02 01 00 A9 7F 45 12 21 96 E7 35 3C 89 |........E.!..5<.|

8 Download of Cryptographic Keys Page 115


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2296 0150 C2 40 F5 D1 63 CF 7B 9B 6A 08 99 44 0C 3D 3F 3C |.@..c.{.j..D.=?<|


2297 0160 43 1B F8 98 BF DE 12 14 07 E5 7E 4B 6E A2 A8 5E |C.........~Kn..^|
2298 0170 52 74 26 59 E0 50 87 CB C6 9E 2E F6 A3 01 B9 00 |Rt&Y.P..........|
2299 0180 0A 9D A4 21 69 51 B7 93 B7 0B 3D 27 EA 9B D6 E8 |...!iQ....='....|
2300 0190 05 84 92 9C 55 AA 5D 31 5C F6 91 F7 89 E6 77 E5 |....U.]1\.....w.|
2301 01A0 21 05 06 5C C7 9C 20 C5 83 84 DF 93 46 40 A8 0E |!..\.. .....F@..|
2302 01B0 7F 97 00 88 65 06 63 61 0B 80 B4 78 B1 7E 58 63 |....e.ca...x.~Xc|
2303 01C0 B9 10 33 2C 89 DF 3F 1F EE 47 E8 A9 6E 9A 41 3C |..3,..?..G..n.A<|
2304 01D0 D6 94 10 69 3F EC BA 03 88 D2 DD B4 B6 B3 33 41 |...i?.........3A|
2305 01E0 CF 9D 52 3A C5 61 72 9C 58 54 51 2E DE 98 4A EB |..R:.ar.XTQ...J.|
2306 01F0 1D 93 7E 3C 8F 74 F5 27 FF EF E7 10 CB D2 A6 81 |..~<.t.'........|
2307 0200 9C A0 A3 C8 C7 CB C2 37 E1 B6 0A 66 D7 90 E5 DF |.......7...f....|
2308 0210 FC E5 EF 1B 8B A2 41 E2 84 FB F3 23 45 AC 74 D1 |......A....#E.t.|
2309 0220 79 38 2D A7 D7 14 E6 3C E0 40 84 FD 90 4C 3A AE |y8-....<.@...L:.|
2310 0230 0C AC 44 CC B1 7A 4D FB 4B 59 17 97 1B E1 2B 24 |..D..zM.KY....+$|
2311 0240 FB C1 7E 1E 20 DD DC 36 3E 45 D1 65 9C 80 D5 FF |..~. ..6>E.e....|
2312 0250 08 7C 51 FB ED 58 46 C4 3C 0D 35 80 C1 C7 E8 BE |.|Q..XF.<.5.....|
2313 0260 91 62 9F DE 96 F7 A5 E5 31 E0 16 6A FE 88 CC 3A |.b......1..j...:|
2314 0270 FE 4E B6 42 F9 E5 1F 02 E0 07 CB 48 2B 4E 91 D5 |.N.B.......H+N..|
2315 0280 88 96 5F 53 C7 3D 8C A2 A2 D4 F7 A8 66 3F 49 2C |.._S.=......f?I,|
2316 0290 B1 62 39 06 41 7A 55 3C 9D 4D FB 2C F5 5C E6 29 |.b9.AzU<.M.,.\.)|
2317 02A0 09 56 C5 E8 00 09 7F 0E 8C 97 4E 87 9B CB 98 19 |.V........N.....|
2318 02B0 77 37 7F A6 A3 75 0D BF 47 8F 57 C0 C7 33 8F 45 |w7...u..G.W..3.E|
2319 02C0 BA 83 F5 46 70 E3 5D DB AC 4E 30 66 53 38 A7 5C |...Fp.]..N0fS8.\|
2320 02D0 0D 61 DF 69 18 72 1E 88 50 54 C8 5B C3 CA CD 22 |.a.i.r..PT.[..."|
2321 02E0 06 46 8C 8A 84 BB 8B 34 32 CE 2D 8B 2F 46 B3 E2 |.F.....42.-./F..|
2322 02F0 51 24 E9 56 E4 01 AA 41 94 06 6C 01 AD C9 E6 33 |Q$.V...A..l....3|
2323 0300 DD 2B FE 79 4C 87 10 F3 B9 47 66 98 64 65 13 5B |.+.yL....Gf.de.[|
2324 0310 8B 39 5F 83 21 66 A1 7F 9E 7E DD 8D CB 0D 19 12 |.9_.!f...~......|
2325 0320 53 07 CC 32 B7 6B 70 09 11 3A 1B D9 1C 5A 28 15 |S..2.kp..:...Z(.|
2326 0330 E0 A5 A5 33 B8 A6 AB FC 47 F0 D1 1A 66 8A 27 91 |...3....G...f.'.|
2327 0340 E9 F2 F6 08 8A 5D 02 03 01 00 01 A3 20 30 1E 30 |.....]...... 0.0|
2328 0350 0B 06 03 55 1D 0F 04 04 03 02 01 06 30 0F 06 03 |...U........0...|
2329 0360 55 1D 13 04 08 30 06 01 01 FF 02 01 03 30 0D 06 |U....0.......0..|
2330 0370 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 02 01 |.*.H............|
2331 0380 00 68 D3 BC 80 13 AC BC E2 14 B4 21 15 E8 C6 FF |.h.........!....|
2332 0390 DF E7 86 7D C7 03 5F 6E 2D 16 42 8F 61 03 EB CA |...}.._n-.B.a...|
2333 03A0 1E E6 60 3B AA 4D AC FB 48 8E 00 3C 40 E9 48 48 |..`;.M..H..<@.HH|
2334 03B0 3D EE C3 28 C2 F1 C4 68 D0 59 4F 9D 0B 31 50 37 |=..(...h.YO..1P7|
2335 03C0 9E BB 7C 29 8B D9 C9 15 FE D0 D8 B2 1E 03 2B 56 |..|)..........+V|
2336 03D0 EC 13 C2 11 F7 9E F3 A9 A0 90 62 C9 3E B4 09 9A |..........b.>...|
2337 03E0 8F A2 5E 91 EE 04 D8 CF 94 6B D3 0D 27 49 ED 1D |..^......k..'I..|
2338 03F0 DF 0C AB E9 95 CD 4D B7 12 8B 9B B0 29 FE 9C 77 |......M.....)..w|
2339 0400 2F 5A 84 44 48 16 44 00 5C 23 B9 97 BE 94 75 FB |/Z.DH.D.\#....u.|
2340 0410 AB 54 CF AE D7 8C 96 4D CD FA E4 B8 C4 9F D9 BB |.T.....M........|
2341 0420 00 7A AD E0 AE E6 DC 3B 08 E7 E8 B7 62 EA A0 7F |.z.....;....b...|
2342 0430 9C 68 20 11 B2 A4 30 8D 35 15 3F A7 AB 2D 8E 29 |.h ...0.5.?..-.)|
2343 0440 A3 28 00 0A 1E 1D 10 CC ED F6 F7 FB 12 AC 33 0C |.(............3.|
2344 0450 F5 AA 35 E3 78 77 26 42 14 40 CF C6 64 A5 98 81 |..5.xw&B.@..d...|
2345 0460 07 1C 46 3A 3B 38 E4 E1 73 CE F3 D3 7A 0A DB D5 |..F:;8..s...z...|
2346 0470 C9 F7 93 22 2A 3B 83 BD DD 68 D3 0D 8F D2 13 87 |..."*;...h......|
2347 0480 FB C2 9B 29 94 0B 4A 91 A8 46 8B 16 C0 9A B7 2E |...)..J..F......|
2348 0490 74 D8 EB 41 3C 16 7A 28 3C 44 1A D4 B8 2E F8 6A |t..A<.z(<D.....j|
2349 04A0 29 6B 46 1B B7 91 45 0F 78 EA 83 B3 AD 92 BB 00 |)kF...E.x.......|
2350 04B0 6B 42 5A 5E D6 DC DD 5C 58 EC E4 A4 D6 00 F0 68 |kBZ^...\X......h|
2351 04C0 4C 47 79 5C 81 70 17 CE 50 FE 03 29 34 95 F9 45 |LGy\.p..P..)4..E|
2352 04D0 C4 AC B9 CE 2A 76 22 4F 81 66 76 E5 46 83 0A E5 |....*v"O.fv.F...|
2353 04E0 8A E0 35 1B C5 CD 17 14 1E 82 8B 7B B2 5C 02 87 |..5........{.\..|
2354 04F0 33 27 0E E1 62 6B 4B 6A 01 F5 28 EC C3 A0 19 B9 |3'..bkKj..(.....|
2355 0500 E6 9B 7A EB A3 ED 4B E2 04 38 74 FA 91 0C 3D 3D |..z...K..8t...==|
2356 0510 1F E3 6E D3 0B 8C 10 6D E2 C1 CB CB DC 3A 53 15 |..n....m.....:S.|
2357 0520 E9 D7 B0 2B D1 AD 7D 81 20 67 23 4B 31 67 E4 8F |...+..}. g#K1g..|
2358 0530 9A 6C 8B 93 DA 33 A9 33 AB AE 8A BE EA 1C 3E 13 |.l...3.3......>.|
2359 0540 C9 68 F4 E7 07 78 93 CE D3 A4 D0 7C 68 70 D4 78 |.h...x.....|hp.x|
2360 0550 4D AF A0 12 F8 EA A9 A8 7F 5E DE 19 0E 0C BE 45 |M........^.....E|
2361 0560 D3 36 5B 6A AC 5C 0F 6A 01 A4 4F 4B AD AA 1A 9A |.6[j.\.j..OK....|
2362 0570 06 33 91 46 71 EC 44 A7 93 70 8B 6B 2B 2E 00 87 |.3.Fq.D..p.k+...|
2363 0580 B6 |. |
2364

8 Download of Cryptographic Keys Page 116


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2365 The POI RSA authentication key KPOI-Sign to generate the digital signature has a key length of 2048 bits
2366 with the components dumped below:
RSA Key Component Value
Modulus C22511390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8
FB00071293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B
8F16270E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9
E6647000B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9
844BD79AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4
D385C48D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050
B41DB5FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E
8FE5D8B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867
Public Exponent 010001
Private Exponent 1F11BF87D9883A6523F85BE307DC153B2F58689582B27811D2D38A2D8EEAD00C
12DF1642AAD5BA8FAA4DF7E29C1A6994F8AD8F6C0B43153AC6F3E3E0B714A7AB
DD62362DD1E88E068250F877EB2A7E542682791DA7BAC153AC71E23DC125F229
6DED74DF27B39A566D9BEB08E8F0F2D419502CABC5B35CD2899DC5D48840291B
65D1825915B19EC667600AF9EC1F677D2F9D8D5C54DFDAAF316FD291706361C2
852CA6DF00A651BC043312059F37891B7C83F66414E692DA58AD9A0DA19AF9BE
167F3A4CDC60618AF309565345D0B5D699208F84CA07ECDC5F1A082FB54791DD
03F4B3689738C821C824047F5C9441D112BBC9DF909724D5359956AE546AAA41
Prime 1 EBAB12EB45E933B2062E1FC1AAF81A987844DD504B10D4B493EAC90AD3882284
4DF24AA38F2C08C59FDE8FCBD80EC75E507B66A032FA7965A0EBF387BC75691E
C0BC961C5A24E12D894ACEEA239C0320F52CD034276D746691EC2652115157BD
B222A8B040DCE87731793A86BE01A00D31108135259F560C48B256521C73A3F3
Prime 2 D2E4E9EB2BDB7CEA1618A9C49DCDAC3BA0CEFC832DC06DB281A21597D0B2B9A2
5AA2FFC78654FECEC883937DB43847EDD391A0F209867BFE0F7C69C6D4CA1E4F
0A4AA6229249F6F961685EDEF250F86B9884256EC44D03980DD934CEA16A4471
9D79F9FDE018999B977E43F31412FD4D04FF8E06DB718A10848B0085388B4ABD
Exponent 1 673260747A06A6467C825211A266466F21AB362664D897EC0321BAAB6CF99DF3
C59625ACFD92D0BC8947123CB6FDB1BBD10E58602A32985A325F6022BE19C3D0
5DA1B731EF1F5B236F8D3C9236C9A86D142F6D7489175AF3574ECB710078582D
8F05B24C8BFAB0291196FE53E67C1BB3EB1A491A16C17112ABFABBE5F4E38695
Exponent 2 D006EA0F0635FDA3D2A4056262DEAC542D2DBFBB8DF7D0BD524E15CAA91C832C
79076C12DE991CB7D0E6A928480B74384E87CA20B5F0A88255B83D86DA037D9E
2DE2B0BA4D5F1475ADF60C0F132B77C07AB36F5131E55DF43144DE682CA4EC5A
BE21C1CD01AE82670E2A88D0502EE3198422A9706E2A332C53F1E15388112E69
Coefficient 389861E483F93CA0FC53D9D73FCC8C28F5F1213ECE23D23B9A6F8E546BC8C0A8
C16ECE7A75F4CB1056F07638FBA8D4040AEB6AFA005102B06C243E67FA317B66
4E587BFC0F4481017E06D6669096805B043CB806503FB703DF1D31550E591659
35DE699BF055426A490333EAA4AA88A1C7F05106813340D6EB0398A2565E0310

2367
2368
2369

8 Download of Cryptographic Keys Page 117


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2370 This RSA public key KPOI-Sign is authenticated by a certificate authority with the X.509 certificate
2371 CCA-POI(KPOI-Sign) containing the following information:
Certificate Information Value
serialNumber 2225 A8FB 0007 1293 D464 1C3C
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418102546+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Client Authentication
Extensions
keyUsage DigitalSign

2372
2373 The dump of the X.509 certificate CCA-POI(KPOI-Sign) is:
2374 0000 30 82 04 83 30 82 02 6B A0 03 02 01 02 02 0C 22 |0...0..k......."|
2375 0010 25 A8 FB 00 07 12 93 D4 64 1C 3C 30 0D 06 09 2A |%.......d.<0...*|
2376 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
2377 0030 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
2378 0040 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
2379 0050 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
2380 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
2381 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 |ise1.0...U....EP|
2382 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
2383 0090 74 20 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
2384 00A0 31 30 32 35 34 36 2B 30 31 30 30 18 13 32 30 31 |102546+0100..201|
2385 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
2386 00C0 30 7A 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 |0z1.0...U....FR1|
2387 00D0 10 30 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 |.0...U....EPASOr|
2388 00E0 67 31 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 |g1&0$..U....Tech|
2389 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
2390 0100 45 78 70 65 72 74 69 73 65 31 31 30 2F 06 03 55 |Expertise110/..U|
2391 0110 04 03 0C 28 45 50 41 53 20 50 72 6F 74 6F 63 6F |...(EPAS Protoco|
2392 0120 6C 20 54 65 73 74 20 43 6C 69 65 6E 74 20 41 75 |l Test Client Au|
2393 0130 74 68 65 6E 74 69 63 61 74 69 6F 6E 30 82 01 22 |thentication0.."|
2394 0140 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 |0...*.H.........|
2395 0150 82 01 0F 00 30 82 01 0A 02 82 01 01 00 C2 25 11 |....0.........%.|
2396 0160 39 0B 85 DB 39 90 A2 76 38 B8 50 61 6C 18 B1 1B |9...9..v8.Pal...|
2397 0170 DF 78 49 4B 48 B6 1F 8F 8D 03 22 25 A8 FB 00 07 |.xIKH....."%....|
2398 0180 12 93 D4 64 1C 3C DD E1 8D 47 33 7E B7 38 1A C1 |...d.<...G3~.8..|
2399 0190 29 76 82 0F F5 C0 B3 21 E4 ED F8 8C 9B 8F 16 27 |)v.....!.......'|
2400 01A0 0E 0F C6 FA B4 70 44 9B A7 0B 94 71 39 55 1A BE |.....pD....q9U..|
2401 01B0 32 66 86 F5 38 C4 F7 F6 3A 45 FF 4C B9 E6 64 70 |2f..8...:E.L..dp|
2402 01C0 00 B2 8B 79 1E 12 05 AD B6 AC DC 29 85 46 98 D9 |...y.......).F..|
2403 01D0 0A CC 3B 6C 84 F0 F8 C2 EF BE E4 E3 F9 84 4B D7 |..;l..........K.|
2404 01E0 9A B1 4C 1F 22 37 61 98 C1 3B EA C5 60 DD C8 35 |..L."7a..;..`..5|
2405 01F0 10 41 76 72 9C 7E 62 FB F4 EC 35 0D E4 D3 85 C4 |.Avr.~b...5.....|
2406 0200 8D 3E A4 0A 90 D7 AA 58 38 FA ED 3E 3C 76 0D 19 |.>.....X8..><v..|
2407 0210 BB 84 D1 99 70 77 C7 23 31 F3 AD F0 50 B4 1D B5 |....pw.#1...P...|
2408 0220 FF D1 9D 12 9E 88 C7 53 31 DA 13 26 4B E4 C2 F0 |.......S1..&K...|
2409 0230 B0 A0 AA 09 F7 7E ED 2C 80 1F AD 23 9E 8F E5 D8 |.....~.,...#....|
2410 0240 B4 3F 10 70 8F C3 D6 05 4B 91 56 C5 B5 51 84 F1 |.?.p....K.V..Q..|
2411 0250 A2 94 DA B8 F8 26 71 62 BE 9B B5 48 67 02 03 01 |.....&qb...Hg...|
2412 0260 00 01 A3 0F 30 0D 30 0B 06 03 55 1D 0F 04 04 03 |....0.0...U.....|
2413 0270 02 07 80 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B |...0...*.H......|

8 Download of Cryptographic Keys Page 118


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2414 0280 05 00 03 82 02 01 00 54 0D B4 CC CA 78 C5 B7 2E |.......T....x...|


2415 0290 C3 4D 6A 55 EE 7C 15 2E D5 44 09 41 9E 0B 7B C7 |.MjU.|...D.A..{.|
2416 02A0 83 B8 55 95 57 C0 2C CA 5E 81 B6 CC A8 54 A3 62 |..U.W.,.^....T.b|
2417 02B0 50 AD CA 0C D5 5C 96 F4 2F 01 97 99 B5 A1 00 C9 |P....\../.......|
2418 02C0 72 D3 F2 41 1C B2 67 63 00 F1 B0 9E 46 AE 4F 29 |r..A..gc....F.O)|
2419 02D0 3A 24 CB 71 EE A5 46 7C B9 19 33 71 3E 55 6F FC |:$.q..F|..3q>Uo.|
2420 02E0 C0 B5 58 DA 34 4F F4 F8 AB 30 A2 F8 03 BD 97 BB |..X.4O...0......|
2421 02F0 56 81 00 BA C6 B6 FA E8 84 F8 31 BF 85 5C 4E E8 |V.........1..\N.|
2422 0300 23 FE 3B AC 3B A2 D8 B6 15 F6 2C 1C 16 85 B9 BC |#.;.;.....,.....|
2423 0310 59 DF CB E1 CF BD FD B2 9F 37 73 FD 46 68 56 88 |Y........7s.FhV.|
2424 0320 BF 65 66 70 F5 BB 9C E5 6B 02 9E 36 E7 29 16 29 |.efp....k..6.).)|
2425 0330 DE 69 FA 85 83 67 61 9D 8D E4 FB 9F 08 60 85 18 |.i...ga......`..|
2426 0340 85 A4 28 94 AD C9 7D CB 51 D4 CE BF 9F 52 08 3D |..(...}.Q....R.=|
2427 0350 D5 11 37 1B 15 7E 3D 16 F9 34 69 EE D0 B7 FF 01 |..7..~=..4i.....|
2428 0360 BC 13 7D 50 65 E2 66 A8 EA 3C 82 99 9E F3 62 63 |..}Pe.f..<....bc|
2429 0370 A8 63 ED 5F E2 2A 69 E4 87 4F DF 41 A1 9F A4 57 |.c._.*i..O.A...W|
2430 0380 B1 2C F6 A5 2B 08 F7 3B D3 BD 9C 2F D1 33 52 EC |.,..+..;.../.3R.|
2431 0390 EE 4E EF 63 23 82 6B F7 24 40 FC 14 9E BD 58 91 |.N.c#.k.$@....X.|
2432 03A0 A8 D6 D0 E5 DA 50 54 77 08 52 5C A4 02 1B 51 05 |.....PTw.R\...Q.|
2433 03B0 9B 52 B5 0E 61 B1 76 C1 F9 62 AA 7A C2 80 99 34 |.R..a.v..b.z...4|
2434 03C0 31 DD 5B F3 D6 C1 46 AD BA 76 2B 3E 67 29 F1 7F |1.[...F..v+>g)..|
2435 03D0 A6 39 D9 8D 5C BF DC AE 55 6A 2F C0 B2 37 54 E4 |.9..\...Uj/..7T.|
2436 03E0 91 F9 7B F1 7A 18 D8 42 A8 7F 8D E4 FB A5 8B 56 |..{.z..B.......V|
2437 03F0 51 72 13 BC 59 C5 12 D4 F0 44 7F 0C 19 7B 38 78 |Qr..Y....D...{8x|
2438 0400 5A 45 7E 0A 0E 7D D4 48 06 C4 BA 16 F8 11 B7 A2 |ZE~..}.H........|
2439 0410 50 24 79 1E D7 42 E7 43 92 C9 D4 BA BA 75 4F 09 |P$y..B.C.....uO.|
2440 0420 B6 1D D8 EC 2A BB F6 73 7E 49 2B BC 37 18 50 72 |....*..s~I+.7.Pr|
2441 0430 AC 9E BE A3 DE F2 FB D5 6E 83 6B 88 D0 80 9F 96 |........n.k.....|
2442 0440 A4 B2 AC A1 A5 B5 9D 19 8F 94 99 0B A4 D2 A1 B5 |................|
2443 0450 0C F6 4C 5E 83 91 D6 DC AD B5 8C 9E 07 4E 60 8D |..L^.........N`.|
2444 0460 7D 01 23 09 A9 2F FD CE FD 96 CD AE A4 F6 BE 5E |}.#../.........^|
2445 0470 57 2A 20 16 1C 3D 6F D8 38 FF AE 96 6B B2 C6 71 |W* ..=o.8...k..q|
2446 0480 E7 C8 36 FB 36 9C 28 |..6.6.( |

2447
2448

8 Download of Cryptographic Keys Page 119


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2449 The TM Host RSA authentication key KTM-Sign to generate the digital signature has a key length of 3072
2450 bits with the components dumped below:
RSA Key Component Value
Modulus BD095898F981BAF42BE20E19339B396C59626690BDF396D20C503CA57C688AF4
1E50552CF1B9DDC4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B
8F835AE60D9E057EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40
F4D482F5EBC9754F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27
457693B41E7BF2CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98D
BA3047F2C0CDCD9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70
A9548D7804B5E4A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659
D828A94C5544AEBBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD
810E43D574DD7BE664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD
791AB5718F1FA19673EBAF7ABF3CCD732F31D397FCE790869D2A682DF2324514
181CCE1CDB4E7A4036DABAC26276EE0A3A2D2BE04FB52E58128FF4086C7417CD
ECE75B18783DFA2C05D4A51899307FDCC4A00701300D73B45FFD52E396758CC5
Public Exponent 010001
Private Exponent 17D112A18B6605E8F7926E964C433553EA5B14730E0B9FA7ED373ABCDAD4CD14
FEB0BE5A80461BA3B550F5CF2B665363D9C3215071A4DF795A556ABA51DF99BD
E121FA94DB885A46E6AD9FE84FED25F10C224F86E22E71ADB632C78E61B057B1
936726ECD6FD35D3862B10D9B706732D16DC98C8D53D82841617151935E6B58E
FA187B798911B2C06826AE2CD89F75B96483D3FF4201410E25815DAA59F70C4B
D7F6774A2572888228DDF7B0F778D0537A038B245C21FA3E37C69D17D92CEFAE
0999568D7ED81EE98DD3529FD19C52E890CABB99538A8AAD768E2CA7A1F2191A
8A4C0D1C1431A90C7A8AD3240349E7B30344E9F946EBF9CA556B1348936C04C0
24D45C87204F7E04C828A6A781085E5541451C4111A0AA63F807E32D0F941611
8E9F395E936D5AE530F490B05F76337B4AD6C79CACBFB65A12BC137A5B98F02B
8E7456A123F4C43AC50E2244344A3D86402B74E2A66A28EF69095D0A044D14D9
E164F9F67561B462EB95B65A6298BA636BD9E4A150D02357FB293F0B5CF0C5AD
Prime 1 E67D8DC159476C2CB803BA39BBF3606B3F45434FC07AF91368406B57095D205B
AC88BFAF9462B458F9B4DCC26078B27040766510A19F317021AC87B5BDD618BE
95850BC5A895787F6D134C578F9218EAD686EFED14EAA84804F749794288E24C
EA2A955AA3473EF99A0D536A7AA13E0DFAD7739A42F46C98C55C8066FBA20EDB
91D587A966F061351A46141CEBCFD944E766FBCAA19F251A09BF6BD7E3B8A8FD
F3AD572B7B7FEC9B160C8F8A6FDE5E029D7942A45F5572BD40B04F3CF59F4BF7
Prime 2 D1F548FB2D1A25B094040F6B26B051F99F6E7C9DB34148A458393C08BC2232EB
CDB9E98BD8CB7E1E1A5D133F668E535E1A27FAF807C253057438ADF7846AA656
7E03A4879248DF06A9A8E413F8125CAC14B2093EB043AB4831F16EF7DB04FD34
855D525A6C5BE4E7D2C6B6F02C97BF975BE971C5F8515BBE2FE9BD894B39DF74
CED4BE6BEEF5D35C5D420BDD29111EDCE556D1DC38669AC9D5136FAF44951381
BE2B1F51DD150EB1A591C46242E54715550710E7AB20BAFC50B6D31469F4A623
Exponent 1 5E579BD33D40DFC53A18C47BE7338A0EBBDA14E02AEFEACD87C97E6624BE0A85
9B8C69B16B722F518FFBF8B4531A7427402B75D8A5DEEC34728415144DBCB96A
20F751473966DCE88373F7B68B5C88786F10D259DF4AE150813FDAC2187AC0EE
2C96FB851AFA098BCF038F56311598B9CE27ABF8C3591AAE3972505856BD1189
CC1A73A9E22998104D4DCBE3BE9DD7D7BD43C8E23ADF5227634007DB5929777A
62E85B9ABFB52FDA96DED34E1DD60DF2D214153404958C1E6CC0FDDDFCC79427
Exponent 2 80A494A9E9B19AA43D9CDB41A0FBE9CE53E463905093D08979D0DFBACE62F9E6
4730012C0192755CC6747EE59AD5DBB8CDB7EF6AE77E26563226C458E3166182
9F45661AF703953B44DAC99C7EA3E98A3A47F7A82461E1E1A35035D8C1A6A5E9
F748FDBB8FA72272F44F732967793717EB65F6A3010A0077606E0C06C243DC69
7A8D197B9277A6A07237948356B539BEC8FA502D69955C840BFD13B245083E62
817D747C3944BCB3162A61347F9E71D65D39AE1EF4586299546F2097E26FD717
Coefficient D175B7C635A4E77C5140848E541B1F75EF83ADEDF347B1727A332FC292142080
8225783A23F9475692A0E14425BEDD0CD72342F243AC24D0901778B91C58A9A2
515F72538BC0F1DC7167FF598247F1CE2A475967256AA3FA63EC1008C8B7FF90
51DF38D7B9B7AC0B86CBDFA141DC22D755898FB471818202734F761D3464C9B0
5E7F0119E80F7BD4F205233B020DB1EEA7CC8DE11BB68CF8A0F82CE8CD3E33C5
2472FC11229F8C0A56F85189D0B7868958E1987D7B7819EB85C5B05FB1CD0448

2451
2452
2453

8 Download of Cryptographic Keys Page 120


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2454 This RSA public key KTM-Sign is authenticated by a certificate authority with the X.509 certificate
2455 CCA-TM(KTM-Sign) containing the following information:
Certificate Information Value
serialNumber 2ABC 40F4 D482 F5EB C975
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418100646+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Authentication
Extensions
keyUsage DigitalSign

2456
2457 The dump of the X.509 certificate CCA-TM(KTM-Sign) is:
2458 0: 30 82 04 FF 30 82 02 E7 A0 03 02 01 02 02 0A 2A |0 0 *|
2459 10: BC 40 F4 D4 82 F5 EB C9 75 30 0D 06 09 2A 86 48 | @ u0 * H|
2460 20: 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 06 03 | 0h1 0 |
2461 30: 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 04 0A |U BE1 0 U |
2462 40: 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 03 55 | EPASOrg1&0$ U|
2463 50: 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 43 65 | Technical Ce|
2464 60: 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 69 73 |nter of Expertis|
2465 70: 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 41 53 |e1 0 U EPAS|
2466 80: 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 | Protocols Test |
2467 90: 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 31 30 |CA0* 2013041810|
2468 A0: 30 36 34 36 2B 30 31 30 30 18 13 32 30 31 38 31 |0646+0100 20181|
2469 B0: 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 30 78 |001182005+01000x|
2470 C0: 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 10 30 |1 0 U FR1 0|
2471 D0: 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 67 31 | U EPASOrg1|
2472 E0: 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 6E 69 |&0$ U Techni|
2473 F0: 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 45 78 |cal Center of Ex|
2474 100: 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 04 03 |pertise1/0- U |
2475 110: 0C 26 45 50 41 53 20 50 72 6F 74 6F 63 6F 6C 20 | &EPAS Protocol |
2476 120: 54 65 73 74 20 48 6F 73 74 20 41 75 74 68 65 6E |Test Host Authen|
2477 130: 74 69 63 61 74 69 6F 6E 30 82 01 A2 30 0D 06 09 |tication0 0 |
2478 140: 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 8F 00 |* H |
2479 150: 30 82 01 8A 02 82 01 81 00 BD 09 58 98 F9 81 BA |0 X |
2480 160: F4 2B E2 0E 19 33 9B 39 6C 59 62 66 90 BD F3 96 | + 3 9lYbf |
2481 170: D2 0C 50 3C A5 7C 68 8A F4 1E 50 55 2C F1 B9 DD | P< |h PU, |
2482 180: C4 11 62 09 DD 00 C2 6B 67 3F 7E DE E7 D0 CA 6D | b kg?~ m|
2483 190: C2 DA A9 FF 2F 8C 3A 86 0B 8F 83 5A E6 0D 9E 05 | / : Z |
2484 1A0: 7E DD F1 62 5F AC 55 A1 02 83 7F C1 C7 EF 8C 0A |~ b_ U |
2485 1B0: 6C 13 7C 59 73 97 2A BC 40 F4 D4 82 F5 EB C9 75 |l |Ys * @ u|
2486 1C0: 4F 96 4B 6E EC ED BE 66 DB 62 AD 0D A7 B3 8E 05 |O Kn f b |
2487 1D0: 91 75 62 E8 99 DF 71 7D 27 45 76 93 B4 1E 7B F2 | ub q}'Ev { |
2488 1E0: CB A9 88 55 AE 2C 97 DE 4B 48 FD 81 2A 52 0D 6D | U , KH *R m|
2489 1F0: 35 60 10 F6 E8 35 5E C9 8D BA 30 47 F2 C0 CD CD |5` 5^ 0G |
2490 200: 9B E6 55 27 7F 3E D6 9A 78 8D D8 0A 6A 12 BC A3 | U' > x j |
2491 210: D4 C7 F0 86 62 B9 9D 3F 70 A9 54 8D 78 04 B5 E4 | b ?p T x |
2492 220: A2 91 3A 3E C0 25 25 BE 63 9E D7 D9 B9 86 55 6C | :> %% c Ul|
2493 230: 59 32 67 56 42 FC C4 E6 59 D8 28 A9 4C 55 44 AE |Y2gVB Y ( LUD |
2494 240: BB C5 44 6E E6 B9 6A 04 A0 18 54 70 29 6D FC 2F | Dn j Tp)m /|
2495 250: FB A7 3D 40 74 93 09 68 DD 81 0E 43 D5 74 DD 7B | =@t h C t {|
2496 260: E6 64 89 9D A6 E4 8E B4 B3 B5 90 E2 CA A9 7C 75 | d |u|
2497 270: 01 5C 73 50 93 AD 62 E3 FD 79 1A B5 71 8F 1F A1 | \sP b y q |
2498 280: 96 73 EB AF 7A BF 3C CD 73 2F 31 D3 97 FC E7 90 | s z < s/1 |

8 Download of Cryptographic Keys Page 121


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2499 290: 86 9D 2A 68 2D F2 32 45 14 18 1C CE 1C DB 4E 7A | *h- 2E Nz|


2500 2A0: 40 36 DA BA C2 62 76 EE 0A 3A 2D 2B E0 4F B5 2E |@6 bv :-+ O .|
2501 2B0: 58 12 8F F4 08 6C 74 17 CD EC E7 5B 18 78 3D FA |X lt [ x= |
2502 2C0: 2C 05 D4 A5 18 99 30 7F DC C4 A0 07 01 30 0D 73 |, 0 0 s|
2503 2D0: B4 5F FD 52 E3 96 75 8C C5 02 03 01 00 01 A3 0F | _ R u |
2504 2E0: 30 0D 30 0B 06 03 55 1D 0F 04 04 03 02 07 80 30 |0 0 U 0|
2505 2F0: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 | * H |
2506 300: 02 01 00 76 04 AD 89 65 54 B8 D7 1E 07 07 69 70 | v eT ip|
2507 310: E1 4C 3F 42 E6 63 8B 75 8E 50 C3 05 C3 E1 DD 8A | L?B c u P |
2508 320: BC 3E CA 02 15 0A F5 10 1D 36 81 46 38 15 0E 4F | > 6 F8 O|
2509 330: A7 3E 5D 92 E5 79 98 3B 49 8B DA 29 FB E9 CE 14 | >] y ;I ) |
2510 340: A7 93 F1 2F 5F B0 89 61 B7 3D C1 C8 3F B3 74 67 | /_ a = ? tg|
2511 350: B2 C5 BA FF F6 1C F6 1B 79 36 38 EA 21 E3 41 8B | y68 ! A |
2512 360: CA B5 C7 1E BA 20 25 23 0C EC F6 A0 B9 89 30 13 | %# 0 |
2513 370: F7 F5 B4 E6 64 19 A6 04 55 CC 90 C5 FE F5 96 B7 | d U |
2514 380: 6F A9 14 F3 5A DF E0 88 E1 52 5B 34 E1 C3 F1 19 |o Z R[4 |
2515 390: 2B F8 1D 59 FF 67 F3 11 A1 F7 E6 14 E9 33 2F 9C |+ Y g 3/ |
2516 3A0: 6C EA 0D DB 9F 0C 0E EB 57 08 AC 2D B2 0F 01 7F |l W - |
2517 3B0: 06 07 9A 1B 7C 03 25 4F 25 BB A1 3E 21 41 85 A0 | | %O% >!A |
2518 3C0: 56 7A AC 72 20 03 50 48 88 AB 4A 9F 5A CF D0 C3 |Vz r PH J Z |
2519 3D0: AC D4 D4 C3 C3 A7 5D 83 0B 96 B1 79 20 77 DD 6F | ] y w o|
2520 3E0: F0 0C 6F DA 53 CC B1 FA 6A 2F F1 C8 56 F7 79 8B | o S j/ V y |
2521 3F0: F8 31 32 F6 23 84 0F B2 12 E7 10 C6 FE 50 5A C6 | 12 # PZ |
2522 400: 45 38 03 83 E5 EB A7 EC CF 08 E2 26 22 CC D8 74 |E8 &" t|
2523 410: 8D D0 4C D6 EC DA 35 08 D8 3A 4D EB A9 6D 05 23 | L 5 :M m #|
2524 420: DB 87 64 39 5E DA B5 9A 42 42 17 80 5B D8 D7 15 | d9^ BB [ |
2525 430: F4 01 D5 44 27 27 B0 6D 07 CB C2 D6 05 E0 CA 4E | D'' m N|
2526 440: 47 F7 52 7A 3E 30 0E A6 96 75 EB 77 71 45 98 97 |G Rz>0 u wqE |
2527 450: 1B 26 53 DD 0B 73 40 43 36 5F AF A4 59 09 31 4A | &S s@C6_ Y 1J|
2528 460: 85 FF B4 6B A3 4F 88 B2 28 E9 9D 53 73 9D 3F 00 | k O ( Ss ? |
2529 470: E7 8D 3C EA DE E7 36 DA AE 11 5C E5 0A C1 0E BF | < 6 \ |
2530 480: B0 AC 58 71 24 4B BA 07 11 07 1B 1E 40 FA 1C C6 | Xq$K @ |
2531 490: 0E 12 58 D6 D4 97 88 F7 23 B1 4E 04 F4 8D 58 89 | X # N X |
2532 4A0: 82 61 C3 73 98 B5 51 0D C4 7F 5C 5E F6 D7 D2 7B | a s Q \^ {|
2533 4B0: 0C 80 F2 87 6F 2B 02 57 1C 8B AC E2 91 74 22 1B | o+ W t" |
2534 4C0: DC B5 64 70 42 B4 B6 7D F7 D1 31 E9 32 46 70 CB | dpB } 1 2Fp |
2535 4D0: 64 D2 E1 B1 59 77 D6 51 FC A4 8F EF 62 8E A2 B1 |d Yw Q b |
2536 4E0: 37 A9 23 6F EB 7C 34 E1 9D 8F DF 43 7C 84 08 A5 |7 #o |4 C| |
2537 4F0: 6C E0 62 B2 CC 43 5D 85 EC 65 A2 5D 8B 41 B5 12 |l b C] e ] A |
2538 500: 06 7C AB | | |

2539
2540

8 Download of Cryptographic Keys Page 122


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2541 The TM Host RSA key encryption key KTM-Enc to protect the key encryption key, has a key length of 3072
2542 bits with the components dumped below:
RSA Key Component Value
Modulus D72CCF63FB2F866A18F219DC919316495FF66C906F904D7B266525C37FABE7D4
ED99EA0424336D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB90
6AA75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE042216
FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA44DB6BE51A6358C
AA3CCB8528E58B55540ED22325233333D3D6D2B82ED7A58D499F445FF835C3EB
D5B515379A7C2B5B41D35F3DFD5A1A2D61491038FDD19E18EF678FD794872ACC
8B8129AFA0D02FCD6E4ADE9184D5FEC2386441293B16BB76B8E2E4F8E8027636
6855A880E0EFAC449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E153
0E11F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B7D222
1F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC81489469C17DA2DFAF7AB
496EE7C24E43951FFE28006BFF96E2D15838AC7252F3D45E8FEBEF0F7EEF974F
FE0A38C38926CFA0683198CA8FD08C8B2427B91A0B16F79A7186DE7DAB9DFF3D
Public Exponent 010001
Private Exponent 70CA3357D446202E232F5CB10AB9D017DC2E7ECFE33AFFF24AB900678ED7DC68
F7B7133CE280F6B57635764B32F0E1C979B8D28EACA82C96FF5F87CB64D56A43
2434DFF1F4ED305C3D9D8B2C9FCCB3B66091EAFFE5E4A7D16753204FB782F11F
9C6D774FA0D5128ADCE69CFFFBD49FE67EEED01D0E3E3F5248FBD78BC19EDF39
01CF665B4189B9549C003CD461562733C69A37D085F551F9529B22AB2F9F7738
7AC835FBF4859BF074FBC853E526C2CC00CFDCAA131A3AC6154FF2CD6D34C110
8A903DDA424D8A689EBCCFDB05FCAC0B9FC16C3091D284506661F52D4A2FAB8C
A519B79C882E1E1DA6E04BC292D8C86A073BBB4DD354FE9A068F59621AD2739C
F0C7C1536187337B758F0CA31CE1381EC81D61EF92F7251BA60ABC2F3732C0CB
31979282D7B96866CAD0CFD4842A1041E2A8BC720FB2B9147DED36BAD36E323E
21482BD5A5416E3FA2DB23355B19A3534910DA8A03FC41B2DCA278796D98E9A3
BE44410361825CBA24ACC5E0D5276FE55A6AD20E0F8FE1F3BFBE7DC5E1D5F581
Prime 1 FA00B40D29723058B33EB625A4B52D9B9F010360F739135E4A6AB13A24780D7C
D577657B3E6DB0043C4B1422384D4023E2F901B922D188C5AE0365B816DCF8AF
7E62E4ECF2D0AB3EA21B362B811873661BFF476DD123509F07D8D633CC373F7A
EF59894385BF9FC7E82BBD84DC148922A00558DD365A47B6A384BF91EAF440F4
E05D4BC95481AEFB61A1706C1E4B62A482A0A5AE9E3A87ED64826896CDD52B00
355FDF2D81B649E553D412205C0EFB4E075C2526FDDFA885F94AAFA323C4601D
Prime 2 DC5639C6AE9A6BD28746623C4D86C4A4E0212A1BE44EC34054FEEC65C101DC1E
0F45183CEC4CECB367E250D69A1B4ADE858BD67CE8CDCFAE182369B7B86D2DC0
F1159429A29E1293ADAFC66C5A8673D789D589AA66D0C25AE6B5325D1477B47A
713DC43842E22A36AEB738A893D17CFEAC4F9F0FF25DCD5D7DAD3AF7346B88EA
D4E5C86ECC970BC67BE142C53534788006AA1D8FADE91EE6D988BDB6D57775C7
3F8C41AAEF83508E836A92083B571D52E2904D0592A34900787C9650A41831A1
Exponent 1 D72FA7CAF473BF3D79FB6E98F42EA6B51EA5A69CDDEF18C6BE531B7D2A4AD381
31D4755B219F14347119469935D0F8766B355DD05731F801FF081993DCCA129C
2BB33FCCDC2BD45A32FA2D24411824AC2D490BD8707D6F35937186DE4AD6FB22
FBC61BAA2D0385AA7222C41C09BAFB56FC59DDE57A9536C8F3F29D5A21DC5FD4
E71226DB828BA56BE6DB2883478827BDE65A14823ADBB288194D4E6D0F7A7E6A
CD8659F9377F0A180491B3907AECC24EA57320DF710204725CE3764E7BC8D9D9
Exponent 2 5826F73E92249DF6C0C05C151C3F4AF55BE668DE77DD3B28C5D8A7E39DF08C8C
4A37AE96D143857FD1942E1B6DD47583C99244E1FC923B00C00F8B0041FD0C4D
21272CFBEB5FAAB702CA4C6C955B2D859253A89C503E3D43F9018D80C7EB8C7D
604901F4306E23CD74E140FDD106032830F03A073B4464217F628B30D3FC21EF
31F62CD6876BF6FE1619ED88D0DC89494F61482A6FBDD0EB33250E21D40DD345
401B713A5E50FF2DC54E21D6C146FD286814AB7C0B4AE0AE1B865CED2E79AF81
Coefficient BF2571D99CCC8D31ECEE0DE36E8C591043C371D01052AE0DF46DD35118031F5E
4AAB2948761A9BFCE909047EA5143B03EAD08A65B9F0E96F525ABF014A121E4C
E7935EDB7F0244357B1E20E106066A2E0BF326D82BFE6EDD2A283174D6E9A865
D3FD60D3FACC1D1B8F82FD32A9DAE2CEFC92C0BA4A3D66872A82FB1E67608565
3EDF96B096766729824F4C2B050494C7CE6ADEE376379558E3DA58CC608558CD
A2C4257398C03A973B9790ADAE2E3D4FD18A551DBC847E632455BB55633698EF

2543
2544
2545

8 Download of Cryptographic Keys Page 123


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2546 This RSA public key KTM-Enc is authenticated by a certificate authority with the X.509 certificate
2547 CCA-TM(KTM-Enc) containing the following information:
Certificate Information Value
serialNumber 7895 CA35 014C 3D2F 1E11 B10D
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418101823+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Key Encryption
Extensions
keyUsage KeyEncipherment

2548
2549 The dump of the X.509 certificate CCA-TM(KTM-Enc) is:
2550 0000 30 82 05 01 30 82 02 E9 A0 03 02 01 02 02 0C 78 |0...0..........x|
2551 0010 95 CA 35 01 4C 3D 2F 1E 11 B1 0D 30 0D 06 09 2A |..5.L=/....0...*|
2552 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
2553 0030 06 03 55 04 06 0C 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
2554 0040 04 0A 0C 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
2555 0050 03 55 04 0B 0C 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
2556 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
2557 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 0C 16 45 50 |ise1.0...U....EP|
2558 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
2559 0090 74 20 43 41 30 2A 18 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
2560 00A0 31 30 31 38 32 33 2B 30 31 30 30 18 13 32 30 31 |101823+0100..201|
2561 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
2562 00C0 30 78 31 0B 30 09 06 03 55 04 06 0C 02 46 52 31 |0x1.0...U....FR1|
2563 00D0 10 30 0E 06 03 55 04 0A 0C 07 45 50 41 53 4F 72 |.0...U....EPASOr|
2564 00E0 67 31 26 30 24 06 03 55 04 0B 0C 1D 54 65 63 68 |g1&0$..U....Tech|
2565 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
2566 0100 45 78 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 |Expertise1/0-..U|
2567 0110 04 03 0C 26 45 50 41 53 20 50 72 6F 74 6F 63 6F |...&EPAS Protoco|
2568 0120 6C 20 54 65 73 74 20 48 6F 73 74 20 4B 65 79 20 |l Test Host Key |
2569 0130 45 6E 63 72 79 70 74 69 6F 6E 30 82 01 A2 30 0D |Encryption0...0.|
2570 0140 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 |..*.H...........|
2571 0150 8F 00 30 82 01 8A 02 82 01 81 00 D7 2C CF 63 FB |..0.........,.c.|
2572 0160 2F 86 6A 18 F2 19 DC 91 93 16 49 5F F6 6C 90 6F |/.j.......I_.l.o|
2573 0170 90 4D 7B 26 65 25 C3 7F AB E7 D4 ED 99 EA 04 24 |.M{&e%.........$|
2574 0180 33 6D 99 B0 B7 97 9D E1 76 4E 7C D1 6B 64 B9 BA |3m......vN|.kd..|
2575 0190 95 46 10 BC AC BB 6C FD A4 CB 90 6A A7 5B ED 58 |.F....l....j.[.X|
2576 01A0 B9 A0 03 71 52 54 1E B1 DC 3D D0 B6 21 4E B3 1B |...qRT...=..!N..|
2577 01B0 E9 7A 4F 91 07 34 12 DE 04 22 16 FA 8F 82 6D 24 |.zO..4..."....m$|
2578 01C0 C7 F2 D3 05 D4 BF 63 46 5B F8 99 DC 6F 07 3F F6 |......cF[...o.?.|
2579 01D0 AA 33 8E A4 4D B6 BE 51 A6 35 8C AA 3C CB 85 28 |.3..M..Q.5..<..(|
2580 01E0 E5 8B 55 54 0E D2 23 25 23 33 33 D3 D6 D2 B8 2E |..UT..#%#33.....|
2581 01F0 D7 A5 8D 49 9F 44 5F F8 35 C3 EB D5 B5 15 37 9A |...I.D_.5.....7.|
2582 0200 7C 2B 5B 41 D3 5F 3D FD 5A 1A 2D 61 49 10 38 FD ||+[A._=.Z.-aI.8.|
2583 0210 D1 9E 18 EF 67 8F D7 94 87 2A CC 8B 81 29 AF A0 |....g....*...)..|
2584 0220 D0 2F CD 6E 4A DE 91 84 D5 FE C2 38 64 41 29 3B |./.nJ......8dA);|
2585 0230 16 BB 76 B8 E2 E4 F8 E8 02 76 36 68 55 A8 80 E0 |..v......v6hU...|
2586 0240 EF AC 44 9E 76 12 4C 4B F7 FF 2B A1 5E 67 4B 62 |..D.v.LK..+.^gKb|
2587 0250 A5 63 7D 26 60 0A A3 A0 13 E1 53 0E 11 F4 BF 98 |.c}&`.....S.....|
2588 0260 4E 53 3F 52 0A 2E 74 BD 82 6D D5 07 C2 83 D2 F5 |NS?R..t..m......|
2589 0270 63 C2 28 48 E0 5D 84 D2 B7 D2 22 1F 4B 63 B5 67 |c.(H.]....".Kc.g|
2590 0280 97 E6 AF B4 25 D5 67 E5 F9 16 E3 AB 4E 2C 48 6E |....%.g.....N,Hn|

8 Download of Cryptographic Keys Page 124


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2591 0290 C8 14 89 46 9C 17 DA 2D FA F7 AB 49 6E E7 C2 4E |...F...-...In..N|


2592 02A0 43 95 1F FE 28 00 6B FF 96 E2 D1 58 38 AC 72 52 |C...(.k....X8.rR|
2593 02B0 F3 D4 5E 8F EB EF 0F 7E EF 97 4F FE 0A 38 C3 89 |..^....~..O..8..|
2594 02C0 26 CF A0 68 31 98 CA 8F D0 8C 8B 24 27 B9 1A 0B |&..h1......$'...|
2595 02D0 16 F7 9A 71 86 DE 7D AB 9D FF 3D 02 03 01 00 01 |...q..}...=.....|
2596 02E0 A3 0F 30 0D 30 0B 06 03 55 1D 0F 04 04 03 02 05 |..0.0...U.......|
2597 02F0 20 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 | 0...*.H........|
2598 0300 03 82 02 01 00 26 ED 5F 4E 11 5A 9E 2D 10 F0 7B |.....&._N.Z.-..{|
2599 0310 35 D1 0F 35 D8 BD 3B B4 0D 48 1E 5F 0D 2E 08 C8 |5..5..;..H._....|
2600 0320 02 41 D7 00 02 BA 5C 73 07 49 1C E2 89 53 CB 70 |.A....\s.I...S.p|
2601 0330 D4 9D 85 D2 0D 0B BA FD BD C4 04 EF B7 AE DD 2B |...............+|
2602 0340 5E 92 92 EA 76 84 78 3E 02 DC 98 95 5C FB 1D 94 |^...v.x>....\...|
2603 0350 17 19 E1 E4 8F F8 3F 11 74 10 24 35 B3 52 59 E7 |......?.t.$5.RY.|
2604 0360 50 9F 8F B6 7C 30 DD BE E7 B5 F5 40 AD 89 00 35 |P...|0.....@...5|
2605 0370 D6 04 B9 8D 2F 08 14 E7 8F 8F 9D E9 D4 B7 7A F7 |..../.........z.|
2606 0380 26 DB 66 7C CA F7 0A 17 5A F8 7F 71 69 79 CA 87 |&.f|....Z..qiy..|
2607 0390 83 A8 24 7E 3C F3 6B D8 DC 31 6F E1 D6 31 A2 48 |..$~<.k..1o..1.H|
2608 03A0 96 25 3D 12 42 AE 65 9E 3E A1 5A 82 E7 3C 4B 29 |.%=.B.e.>.Z..<K)|
2609 03B0 64 57 AF 5F 08 8B 00 F6 EF 51 73 0E E5 E4 FA 9B |dW._.....Qs.....|
2610 03C0 AF 6E D8 E4 CC 34 F0 FB 90 FF 44 42 D4 55 F3 61 |.n...4....DB.U.a|
2611 03D0 9A 50 59 CA 82 DD 15 CB 40 13 02 E7 0F 12 4B DE |.PY.....@.....K.|
2612 03E0 6D 51 41 56 FB 42 DD E6 AD A6 20 EF 2D 27 B7 F2 |mQAV.B.... .-'..|
2613 03F0 18 9B 4F CA B9 F4 48 7D A2 6E D4 41 8F 00 EA 4C |..O...H}.n.A...L|
2614 0400 7A 89 30 8E AC 88 E5 86 59 43 F9 5F 08 7A 6F B7 |z.0.....YC._.zo.|
2615 0410 74 9B DB 78 3E 2A E2 8F F7 C4 10 AD C9 35 F4 16 |t..x>*.......5..|
2616 0420 58 F3 6C D9 0F 2C C8 95 A2 7D B5 AD 1E F1 47 AA |X.l..,...}....G.|
2617 0430 60 63 4A 65 91 C3 43 AC 7F F9 5C 6D 7D 7C B8 8E |`cJe..C...\m}|..|
2618 0440 BB 36 16 91 FD A5 86 55 1D 6F 0C AD 7F E5 F0 37 |.6.....U.o.....7|
2619 0450 46 03 50 E5 D0 A6 50 D6 27 EB 0C 1B 53 15 B0 49 |F.P...P.'...S..I|
2620 0460 24 14 68 42 30 BB A2 39 D5 CA B9 89 42 07 9D AB |$.hB0..9....B...|
2621 0470 4F 0C BB CE B2 D8 81 D0 FF E8 B2 E1 9D B8 F9 4A |O..............J|
2622 0480 E9 D9 9B AC 6B E2 C4 8E 5F E4 5D EE C2 FF E8 FA |....k..._.].....|
2623 0490 F5 2B 43 25 6B C5 0E 17 F0 CE F1 AB 8B 86 94 FC |.+C%k...........|
2624 04A0 34 93 62 7C F2 85 22 83 B2 51 76 DD AF EE 8F BA |4.b|.."..Qv.....|
2625 04B0 49 F4 34 D2 B7 F1 BC AF 79 CC B3 EA D1 5F 3A 6D |I.4.....y...._:m|
2626 04C0 11 93 9E DC 40 63 52 DF 6A 68 F1 20 18 31 CE D0 |....@cR.jh. .1..|
2627 04D0 FE 20 5E 1F 38 15 F4 6E 01 E6 E5 F5 79 8D E2 EF |. ^.8..n....y...|
2628 04E0 B7 CF 6E FE 57 8B A3 3A ED BB 3E D9 C4 EF 39 EA |..n.W..:..>...9.|
2629 04F0 5E 9A 68 99 CE 00 DB 6C 89 22 45 0A A1 82 27 54 |^.h....l."E...'T|
2630 0500 9D B4 3F 16 43 |..?.C |

2631
2632

8 Download of Cryptographic Keys Page 125


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2633 8.4.3 Initial Status of the Keys


2634 The POI contact the key injection server, sending the StatusReport message containing the header and
2635 the body presented in the table below:
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 001
CreationDateTime 2013-12-06:13:53:49.00+02:00
InitiatingParty
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-12-06:13:53:49.00+02:00
Content
POIComponent
Type Terminal
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
Identification Counter Top E41
SerialNumber 7825410759
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Status
VersionNumber 1.01
StandardCompliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-12-06:13:53:49.00+02:00

2636

8 Download of Cryptographic Keys Page 126


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2637 The POI has no symmetric key shared usable by the key injection, so the pre-loaded authentication RSA
2638 key is used to provide a digital signature of the message body.
2639 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
2640 body is:
2641 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
2642 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
2643 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
2644 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
2645 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
2646 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
2647 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
2648 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
2649 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
2650 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
2651 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
2652 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 34 |13-12-06T13:53:4|
2653 00C0 39 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |9.00+02:00</CreD|
2654 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
2655 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
2656 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
2657 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
2658 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
2659 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
2660 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
2661 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
2662 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
2663 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
2664 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
2665 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
2666 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
2667 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
2668 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
2669 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
2670 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|
2671 01E0 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 45 50 41 2D |dCmplc><Id>SEPA-|
2672 01F0 46 41 53 54 3C 2F 49 64 3E 3C 56 72 73 6E 3E 33 |FAST</Id><Vrsn>3|
2673 0200 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 73 72 3E 43 |.0</Vrsn><Issr>C|
2674 0210 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 74 64 43 6D |IR</Issr></StdCm|
2675 0220 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |plc></POICmpnt><|
2676 0230 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 |AttndncCntxt>ATT|
2677 0240 44 3C 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E |D</AttndncCntxt>|
2678 0250 3C 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 31 32 |<POIDtTm>2013-12|
2679 0260 2D 30 36 54 31 33 3A 35 33 3A 34 39 2E 30 30 2B |-06T13:53:49.00+|
2680 0270 30 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C |02:00</POIDtTm><|
2681 0280 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E |/Cntt></DataSet>|
2682 0290 3C 2F 53 74 73 52 70 74 3E |</StsRpt> |
2683
2684
2685 The SHA256 digest of the StatusReport message body is:
2686 0000 A1 1B 8D 78 72 94 2C 4A C5 9E 7C A8 41 5F A2 9F |...xr.,J..|.A_..|
2687 0010 05 15 24 81 26 DB D1 47 62 AF B5 EE 7E B1 B2 5E |..$.&..Gb...~..^|
2688
2689
2690
8 Download of Cryptographic Keys Page 127
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2691 Applying the padding process for the digital signature, the block result is dumped below:
2692 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2693 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2694 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2695 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2696 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2697 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2698 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2699 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2700 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2701 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2702 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2703 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2704 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
2705 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
2706 00E0 A1 1B 8D 78 72 94 2C 4A C5 9E 7C A8 41 5F A2 9F |...xr.,J..|.A_..|
2707 00F0 05 15 24 81 26 DB D1 47 62 AF B5 EE 7E B1 B2 5E |..$.&..Gb...~..^|
2708
2709
2710 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
2711 body:
2712 0000 6E 0E 57 07 DF E9 8A 0A F8 D5 7D B7 55 60 12 5C |n.W.......}.U`.\|
2713 0010 49 7A 90 98 4F E7 4E 06 A2 54 20 1A B6 F6 A9 C5 |Iz..O.N..T .....|
2714 0020 0D 04 C2 9D EB FA 16 D1 55 51 E3 73 1B 70 1D C3 |........UQ.s.p..|
2715 0030 CA 3C 7D CA 37 13 2F C5 B0 B3 7D 49 32 BE 13 10 |.<}.7./...}I2...|
2716 0040 CE 79 CF 0D 2F A8 4A D7 6D B8 7D 05 FC 02 70 63 |.y../.J.m.}...pc|
2717 0050 B2 4D FE A1 88 92 A5 02 1C E5 3D 24 E6 86 D8 56 |.M........=$...V|
2718 0060 45 B7 74 3F E4 A8 2D 15 CA AD DD 72 5C AD 38 1E |E.t?..-....r\.8.|
2719 0070 C7 A1 AD E7 A7 A7 DB 83 79 5C BD F4 41 3D C3 AD |........y\..A=..|
2720 0080 A4 D6 65 C8 9B AD 9A D9 EE 68 A1 08 00 27 5F 9F |..e......h...'_.|
2721 0090 D0 4E 4D C1 F0 1B B1 5C EE 02 A0 7F F0 5A FE 8E |.NM....\.....Z..|
2722 00A0 3E 71 F3 E7 30 40 0A 56 41 D1 72 95 2D A0 72 8E |>q..0@.VA.r.-.r.|
2723 00B0 D6 73 D4 51 A6 0D 97 FF FD AF A0 52 18 5E 84 43 |.s.Q.......R.^.C|
2724 00C0 8D 24 FE D3 29 3D AF 64 25 43 E0 E6 3C 2D DE D0 |.$..)=.d%C..<-..|
2725 00D0 DA 6A 10 65 A0 D3 A2 8A F9 04 48 6A 90 BF 43 D2 |.j.e......Hj..C.|
2726 00E0 AA 23 58 0D D2 FA 39 16 CB 59 39 4A 40 E4 55 9A |.#X...9..Y9J@.U.|
2727 00F0 D9 FE EE 08 45 00 D0 C6 E0 41 DF BA 24 F2 07 19 |....E....A..$...|
2728
2729
2730
2731
2732

8 Download of Cryptographic Keys Page 128


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2733 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise

8 Download of Cryptographic Keys Page 129


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 6E0E5707DFE98A0AF8D57DB75560125C497A90984FE74E06A254201AB6F6A9C5
0D04C29DEBFA16D15551E3731B701DC3CA3C7DCA37132FC5B0B37D4932BE1310
CE79CF0D2FA84AD76DB87D05FC027063B24DFEA18892A5021CE53D24E686D856
45B7743FE4A82D15CAADDD725CAD381EC7A1ADE7A7A7DB83795CBDF4413DC3AD
A4D665C89BAD9AD9EE68A10800275F9FD04E4DC1F01BB15CEE02A07FF05AFE8E
3E71F3E730400A5641D172952DA0728ED673D451A60D97FFFDAFA052185E8443
8D24FED3293DAF642543E0E63C2DDED0DA6A1065A0D3A28AF904486A90BF43D2
AA23580DD2FA3916CB59394A40E4559AD9FEEE084500D0C6E041DFBA24F20719

2734
2735 The XML encoded structure of the StatusReport message is:
2736
2737 <?xml version="1.0" encoding="UTF-8"?>
2738 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2739 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
2740 <StsRpt>
2741 <Hdr>
2742 <DwnldTrf>false</DwnldTrf>
2743 <FrmtVrsn>5.0</FrmtVrsn>
2744 <XchgId>001</XchgId>
2745 <CreDtTm>2013-12-06T13:53:49.00+02:00</CreDtTm>
2746 <InitgPty>
2747 <Id>66000001</Id>
2748 <Tp>OPOI</Tp>
2749 <Issr>MTMG</Issr>
2750 </InitgPty>
2751 <RcptPty>
2752 <Id>epas-keyDownload-TM1</Id>
2753 <Tp>MTMG</Tp>
2754 </RcptPty>
2755 </Hdr>
2756 <StsRpt>
2757 <POIId>
2758 <Id>66000001</Id>
2759 <Tp>OPOI</Tp>
2760 <Issr>MTMG</Issr>
2761 </POIId>
2762 <TermnlMgrId>
2763 <Id>epas-keyDownload-TM1</Id>
2764 <Tp>MTMG</Tp>
2765 </TermnlMgrId>
2766 <DataSet>
2767 <Id>
2768 <Tp>STRP</Tp>
2769 <CreDtTm>2013-12-06T13:53:49.00+02:00</CreDtTm>
2770 </Id>
2771 <Cntt>
2772 <POICmpnt>
2773 <Tp>TERM</Tp>
2774 <Id>
2775 <ItmNb>1</ItmNb>
2776 <PrvdrId>EPASVendor001</PrvdrId>
2777 <Id>Counter Top E41</Id>
2778 <SrlNb>7825410759</SrlNb>
2779 </Id>
2780 </POICmpnt>
2781 <POICmpnt>

8 Download of Cryptographic Keys Page 130


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2782 <Tp>APLI</Tp>
2783 <Id>
2784 <ItmNb>1.1</ItmNb>
2785 <PrvdrId>EPASVendor001</PrvdrId>
2786 </Id>
2787 <Sts>
2788 <VrsnNb>1.01</VrsnNb>
2789 </Sts>
2790 <StdCmplc>
2791 <Id>SEPA-FAST</Id>
2792 <Vrsn>3.0</Vrsn>
2793 <Issr>CIR</Issr>
2794 </StdCmplc>
2795 </POICmpnt>
2796 <AttndncCntxt>ATTD</AttndncCntxt>
2797 <POIDtTm>2013-12-06T13:53:49.00+02:00</POIDtTm>
2798 </Cntt>
2799 </DataSet>
2800 </StsRpt>
2801 <SctyTrlr>
2802 <CnttTp>SIGN</CnttTp>
2803 <SgndData>
2804 <DgstAlgo>
2805 <Algo>HS25</Algo>
2806 </DgstAlgo>
2807 <NcpsltdCntt>
2808 <CnttTp>DATA</CnttTp>
2809 </NcpsltdCntt>
2810 <Cert>
2811 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
2812 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
2813 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
2814 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
2815 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
2816 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
2817 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
2818 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
2819 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
2820 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
2821 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
2822 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
2823 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
2824 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
2825 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
2826 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
2827 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
2828 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
2829 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
2830 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
2831 </Cert>
2832 <Sgnr>
2833 <SgnrId>
2834 <IssrAndSrlNb>
2835 <Issr>
2836 <RltvDstngshdNm>
2837 <AttrTp>CATT</AttrTp>
2838 <AttrVal>BE</AttrVal>
2839 </RltvDstngshdNm>
2840 <RltvDstngshdNm>
2841 <AttrTp>OATT</AttrTp>
2842 <AttrVal>EPASOrg</AttrVal>
2843 </RltvDstngshdNm>
2844 <RltvDstngshdNm>
2845 <AttrTp>OUAT</AttrTp>
2846 <AttrVal>Technical Center of Expertise</AttrVal>
2847 </RltvDstngshdNm>
2848 <RltvDstngshdNm>
2849 <AttrTp>CNAT</AttrTp>
2850 <AttrVal>EPAS Protocols Test CA</AttrVal>

8 Download of Cryptographic Keys Page 131


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2851 </RltvDstngshdNm>
2852 </Issr>
2853 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
2854 </IssrAndSrlNb>
2855 </SgnrId>
2856 <DgstAlgo>
2857 <Algo>HS25</Algo>
2858 </DgstAlgo>
2859 <SgntrAlgo>
2860 <Algo>ERS2</Algo>
2861 </SgntrAlgo>
2862 <Sgntr>
2863 bg5XB9/pigr41X23VWASXEl6kJhP504GolQgGrb2qcUNBMKd6/oW0VVR43MbcB3Dyjx9yjcTL
2864 8Wws31JMr4TEM55zw0vqErXbbh9BfwCcGOyTf6hiJKlAhzlPSTmhthWRbd0P+SoLRXKrd1yXK
2865 04Hsehreenp9uDeVy99EE9w62k1mXIm62a2e5ooQgAJ1+f0E5NwfAbsVzuAqB/8Fr+jj5x8+c
2866 wQApWQdFylS2gco7Wc9RRpg2X//2voFIYXoRDjST+0yk9r2QlQ+DmPC3e0NpqEGWg06KK+QRI
2867 apC/Q9KqI1gN0vo5FstZOUpA5FWa2f7uCEUA0MbgQd+6JPIHGQ==
2868
2869 </Sgntr>
2870 </Sgnr>
2871 </SgndData>
2872 </SctyTrlr>
2873 </StsRpt>
2874 </Document>

2875
2876

8 Download of Cryptographic Keys Page 132


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2877 Once unnecessary spaces and carriage returns are removed, the XML encoded SecurityTrailer structure
2878 is:
2879 0000 3C 53 63 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 |<SctyTrlr><CnttT|
2880 0010 70 3E 53 49 47 4E 3C 2F 43 6E 74 74 54 70 3E 3C |p>SIGN</CnttTp><|
2881 0020 53 67 6E 64 44 61 74 61 3E 3C 44 67 73 74 41 6C |SgndData><DgstAl|
2882 0030 67 6F 3E 3C 41 6C 67 6F 3E 48 53 32 35 3C 2F 41 |go><Algo>HS25</A|
2883 0040 6C 67 6F 3E 3C 2F 44 67 73 74 41 6C 67 6F 3E 3C |lgo></DgstAlgo><|
2884 0050 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 |NcpsltdCntt><Cnt|
2885 0060 74 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 |tTp>DATA</CnttTp|
2886 0070 3E 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C |></NcpsltdCntt><|
2887 0080 43 65 72 74 3E 4D 49 49 45 67 7A 43 43 41 6D 75 |Cert>MIIEgzCCAmu|
2888 0090 67 41 77 49 42 41 67 49 4D 49 69 57 6F 2B 77 41 |gAwIBAgIMIiWo+wA|
2889 00A0 48 45 70 50 55 5A 42 77 38 4D 41 30 47 43 53 71 |HEpPUZBw8MA0GCSq|
2890 00B0 47 53 49 62 33 44 51 45 42 43 77 55 41 4D 47 67 |GSIb3DQEBCwUAMGg|
2891 00C0 78 43 7A 41 4A 42 67 4E 56 42 41 59 4D 41 6B 4A |xCzAJBgNVBAYMAkJ|
2892 00D0 46 4D 52 41 77 44 67 59 44 56 51 51 4B 44 41 64 |FMRAwDgYDVQQKDAd|
2893 00E0 46 55 45 46 54 54 33 4A 6E 4D 53 59 77 4A 41 59 |FUEFTT3JnMSYwJAY|
2894 00F0 44 56 51 51 4C 44 42 31 55 5A 57 4E 6F 62 6D 6C |DVQQLDB1UZWNobml|
2895 0100 6A 59 57 77 67 51 32 56 75 64 47 56 79 49 47 39 |jYWwgQ2VudGVyIG9|
2896 0110 6D 49 45 56 34 63 47 56 79 64 47 6C 7A 5A 54 45 |mIEV4cGVydGlzZTE|
2897 0120 66 4D 42 30 47 41 31 55 45 41 77 77 57 52 56 42 |fMB0GA1UEAwwWRVB|
2898 0130 42 55 79 42 51 63 6D 39 30 62 32 4E 76 62 48 4D |BUyBQcm90b2NvbHM|
2899 0140 67 56 47 56 7A 64 43 42 44 51 54 41 71 47 42 4D |gVGVzdCBDQTAqGBM|
2900 0150 79 4D 44 45 7A 4D 44 51 78 4F 44 45 77 4D 6A 55 |yMDEzMDQxODEwMjU|
2901 0160 30 4E 69 73 77 4D 54 41 77 47 42 4D 79 4D 44 45 |0NiswMTAwGBMyMDE|
2902 0170 34 4D 54 41 77 4D 54 45 34 4D 6A 41 77 4E 53 73 |4MTAwMTE4MjAwNSs|
2903 0180 77 4D 54 41 77 4D 48 6F 78 43 7A 41 4A 42 67 4E |wMTAwMHoxCzAJBgN|
2904 0190 56 42 41 59 4D 41 6B 5A 53 4D 52 41 77 44 67 59 |VBAYMAkZSMRAwDgY|
2905 01A0 44 56 51 51 4B 44 41 64 46 55 45 46 54 54 33 4A |DVQQKDAdFUEFTT3J|
2906 01B0 6E 4D 53 59 77 4A 41 59 44 56 51 51 4C 44 42 31 |nMSYwJAYDVQQLDB1|
2907 01C0 55 5A 57 4E 6F 62 6D 6C 6A 59 57 77 67 51 32 56 |UZWNobmljYWwgQ2V|
2908 01D0 75 64 47 56 79 49 47 39 6D 49 45 56 34 63 47 56 |udGVyIG9mIEV4cGV|
2909 01E0 79 64 47 6C 7A 5A 54 45 78 4D 43 38 47 41 31 55 |ydGlzZTExMC8GA1U|
2910 01F0 45 41 77 77 6F 52 56 42 42 55 79 42 51 63 6D 39 |EAwwoRVBBUyBQcm9|
2911 0200 30 62 32 4E 76 62 43 42 55 5A 58 4E 30 49 45 4E |0b2NvbCBUZXN0IEN|
2912 0210 73 61 57 56 75 64 43 42 42 64 58 52 6F 5A 57 35 |saWVudCBBdXRoZW5|
2913 0220 30 61 57 4E 68 64 47 6C 76 62 6A 43 43 41 53 49 |0aWNhdGlvbjCCASI|
2914 0230 77 44 51 59 4A 4B 6F 5A 49 68 76 63 4E 41 51 45 |wDQYJKoZIhvcNAQE|
2915 0240 42 42 51 41 44 67 67 45 50 41 44 43 43 41 51 6F |BBQADggEPADCCAQo|
2916 0250 43 67 67 45 42 41 4D 49 6C 45 54 6B 4C 68 64 73 |CggEBAMIlETkLhds|
2917 0260 35 6B 4B 4A 32 4F 4C 68 51 59 57 77 59 73 52 76 |5kKJ2OLhQYWwYsRv|
2918 0270 66 65 45 6C 4C 53 4C 59 66 6A 34 30 44 49 69 57 |feElLSLYfj40DIiW|
2919 0280 6F 2B 77 41 48 45 70 50 55 5A 42 77 38 33 65 47 |o+wAHEpPUZBw83eG|
2920 0290 4E 52 7A 4E 2B 74 7A 67 61 77 53 6C 32 67 67 2F |NRzN+tzgawSl2gg/|
2921 02A0 31 77 4C 4D 68 35 4F 33 34 6A 4A 75 50 46 69 63 |1wLMh5O34jJuPFic|
2922 02B0 4F 44 38 62 36 74 48 42 45 6D 36 63 4C 6C 48 45 |OD8b6tHBEm6cLlHE|
2923 02C0 35 56 52 71 2B 4D 6D 61 47 39 54 6A 45 39 2F 59 |5VRq+MmaG9TjE9/Y|
2924 02D0 36 52 66 39 4D 75 65 5A 6B 63 41 43 79 69 33 6B |6Rf9MueZkcACyi3k|
2925 02E0 65 45 67 57 74 74 71 7A 63 4B 59 56 47 6D 4E 6B |eEgWttqzcKYVGmNk|
2926 02F0 4B 7A 44 74 73 68 50 44 34 77 75 2B 2B 35 4F 50 |KzDtshPD4wu++5OP|
2927 0300 35 68 45 76 58 6D 72 46 4D 48 79 49 33 59 5A 6A |5hEvXmrFMHyI3YZj|
2928 0310 42 4F 2B 72 46 59 4E 33 49 4E 52 42 42 64 6E 4B |BO+rFYN3INRBBdnK|
2929 0320 63 66 6D 4C 37 39 4F 77 31 44 65 54 54 68 63 53 |cfmL79Ow1DeTThcS|
2930 0330 4E 50 71 51 4B 6B 4E 65 71 57 44 6A 36 37 54 34 |NPqQKkNeqWDj67T4|
2931 0340 38 64 67 30 5A 75 34 54 52 6D 58 42 33 78 79 4D |8dg0Zu4TRmXB3xyM|
2932 0350 78 38 36 33 77 55 4C 51 64 74 66 2F 52 6E 52 4B |x863wULQdtf/RnRK|
2933 0360 65 69 4D 64 54 4D 64 6F 54 4A 6B 76 6B 77 76 43 |eiMdTMdoTJkvkwvC|
2934 0370 77 6F 4B 6F 4A 39 33 37 74 4C 49 41 66 72 53 4F |woKoJ937tLIAfrSO|
2935 0380 65 6A 2B 58 59 74 44 38 51 63 49 2F 44 31 67 56 |ej+XYtD8QcI/D1gV|
2936 0390 4C 6B 56 62 46 74 56 47 45 38 61 4B 55 32 72 6A |LkVbFtVGE8aKU2rj|
2937 03A0 34 4A 6E 46 69 76 70 75 31 53 47 63 43 41 77 45 |4JnFivpu1SGcCAwE|
2938 03B0 41 41 61 4D 50 4D 41 30 77 43 77 59 44 56 52 30 |AAaMPMA0wCwYDVR0|
2939 03C0 50 42 41 51 44 41 67 65 41 4D 41 30 47 43 53 71 |PBAQDAgeAMA0GCSq|
2940 03D0 47 53 49 62 33 44 51 45 42 43 77 55 41 41 34 49 |GSIb3DQEBCwUAA4I|
2941 03E0 43 41 51 42 55 44 62 54 4D 79 6E 6A 46 74 79 37 |CAQBUDbTMynjFty7|
2942 03F0 44 54 57 70 56 37 6E 77 56 4C 74 56 45 43 55 47 |DTWpV7nwVLtVECUG|
2943 0400 65 43 33 76 48 67 37 68 56 6C 56 66 41 4C 4D 70 |eC3vHg7hVlVfALMp|
2944 0410 65 67 62 62 4D 71 46 53 6A 59 6C 43 74 79 67 7A |egbbMqFSjYlCtygz|
2945 0420 56 58 4A 62 30 4C 77 47 58 6D 62 57 68 41 4D 6C |VXJb0LwGXmbWhAMl|

8 Download of Cryptographic Keys Page 133


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

2946 0430 79 30 2F 4A 42 48 4C 4A 6E 59 77 44 78 73 4A 35 |y0/JBHLJnYwDxsJ5|


2947 0440 47 72 6B 38 70 4F 69 54 4C 63 65 36 6C 52 6E 79 |Grk8pOiTLce6lRny|
2948 0450 35 47 54 4E 78 50 6C 56 76 2F 4D 43 31 57 4E 6F |5GTNxPlVv/MC1WNo|
2949 0460 30 54 2F 54 34 71 7A 43 69 2B 41 4F 39 6C 37 74 |0T/T4qzCi+AO9l7t|
2950 0470 57 67 51 43 36 78 72 62 36 36 49 54 34 4D 62 2B |WgQC6xrb66IT4Mb+|
2951 0480 46 58 45 37 6F 49 2F 34 37 72 44 75 69 32 4C 59 |FXE7oI/47rDui2LY|
2952 0490 56 39 69 77 63 46 6F 57 35 76 46 6E 66 79 2B 48 |V9iwcFoW5vFnfy+H|
2953 04A0 50 76 66 32 79 6E 7A 64 7A 2F 55 5A 6F 56 6F 69 |Pvf2ynzdz/UZoVoi|
2954 04B0 2F 5A 57 5A 77 39 62 75 63 35 57 73 43 6E 6A 62 |/ZWZw9buc5WsCnjb|
2955 04C0 6E 4B 52 59 70 33 6D 6E 36 68 59 4E 6E 59 5A 32 |nKRYp3mn6hYNnYZ2|
2956 04D0 4E 35 50 75 66 43 47 43 46 47 49 57 6B 4B 4A 53 |N5PufCGCFGIWkKJS|
2957 04E0 74 79 58 33 4C 55 64 54 4F 76 35 39 53 43 44 33 |tyX3LUdTOv59SCD3|
2958 04F0 56 45 54 63 62 46 58 34 39 46 76 6B 30 61 65 37 |VETcbFX49Fvk0ae7|
2959 0500 51 74 2F 38 42 76 42 4E 39 55 47 58 69 5A 71 6A |Qt/8BvBN9UGXiZqj|
2960 0510 71 50 49 4B 5A 6E 76 4E 69 59 36 68 6A 37 56 2F |qPIKZnvNiY6hj7V/|
2961 0520 69 4B 6D 6E 6B 68 30 2F 66 51 61 47 66 70 46 65 |iKmnkh0/fQaGfpFe|
2962 0530 78 4C 50 61 6C 4B 77 6A 33 4F 39 4F 39 6E 43 2F |xLPalKwj3O9O9nC/|
2963 0540 52 4D 31 4C 73 37 6B 37 76 59 79 4F 43 61 2F 63 |RM1Ls7k7vYyOCa/c|
2964 0550 6B 51 50 77 55 6E 72 31 59 6B 61 6A 57 30 4F 58 |kQPwUnr1YkajW0OX|
2965 0560 61 55 46 52 33 43 46 4A 63 70 41 49 62 55 51 57 |aUFR3CFJcpAIbUQW|
2966 0570 62 55 72 55 4F 59 62 46 32 77 66 6C 69 71 6E 72 |bUrUOYbF2wfliqnr|
2967 0580 43 67 4A 6B 30 4D 64 31 62 38 39 62 42 52 71 32 |CgJk0Md1b89bBRq2|
2968 0590 36 64 69 73 2B 5A 79 6E 78 66 36 59 35 32 59 31 |6dis+Zynxf6Y52Y1|
2969 05A0 63 76 39 79 75 56 57 6F 76 77 4C 49 33 56 4F 53 |cv9yuVWovwLI3VOS|
2970 05B0 52 2B 58 76 78 65 68 6A 59 51 71 68 2F 6A 65 54 |R+XvxehjYQqh/jeT|
2971 05C0 37 70 59 74 57 55 58 49 54 76 46 6E 46 45 74 54 |7pYtWUXITvFnFEtT|
2972 05D0 77 52 48 38 4D 47 58 73 34 65 46 70 46 66 67 6F |wRH8MGXs4eFpFfgo|
2973 05E0 4F 66 64 52 49 42 73 53 36 46 76 67 52 74 36 4A |OfdRIBsS6FvgRt6J|
2974 05F0 51 4A 48 6B 65 31 30 4C 6E 51 35 4C 4A 31 4C 71 |QJHke10LnQ5LJ1Lq|
2975 0600 36 64 55 38 4A 74 68 33 59 37 43 71 37 39 6E 4E |6dU8Jth3Y7Cq79nN|
2976 0610 2B 53 53 75 38 4E 78 68 51 63 71 79 65 76 71 50 |+SSu8NxhQcqyevqP|
2977 0620 65 38 76 76 56 62 6F 4E 72 69 4E 43 41 6E 35 61 |e8vvVboNriNCAn5a|
2978 0630 6B 73 71 79 68 70 62 57 64 47 59 2B 55 6D 51 75 |ksqyhpbWdGY+UmQu|
2979 0640 6B 30 71 47 31 44 50 5A 4D 58 6F 4F 52 31 74 79 |k0qG1DPZMXoOR1ty|
2980 0650 74 74 59 79 65 42 30 35 67 6A 58 30 42 49 77 6D |ttYyeB05gjX0BIwm|
2981 0660 70 4C 2F 33 4F 2F 5A 62 4E 72 71 54 32 76 6C 35 |pL/3O/ZbNrqT2vl5|
2982 0670 58 4B 69 41 57 48 44 31 76 32 44 6A 2F 72 70 5A |XKiAWHD1v2Dj/rpZ|
2983 0680 72 73 73 5A 78 35 38 67 32 2B 7A 61 63 4B 41 3D |rssZx58g2+zacKA=|
2984 0690 3D 3C 2F 43 65 72 74 3E 3C 53 67 6E 72 3E 3C 53 |=</Cert><Sgnr><S|
2985 06A0 67 6E 72 49 64 3E 3C 49 73 73 72 41 6E 64 53 72 |gnrId><IssrAndSr|
2986 06B0 6C 4E 62 3E 3C 49 73 73 72 3E 3C 52 6C 74 76 44 |lNb><Issr><RltvD|
2987 06C0 73 74 6E 67 73 68 64 4E 6D 3E 3C 41 74 74 72 54 |stngshdNm><AttrT|
2988 06D0 70 3E 43 41 54 54 3C 2F 41 74 74 72 54 70 3E 3C |p>CATT</AttrTp><|
2989 06E0 41 74 74 72 56 61 6C 3E 42 45 3C 2F 41 74 74 72 |AttrVal>BE</Attr|
2990 06F0 56 61 6C 3E 3C 2F 52 6C 74 76 44 73 74 6E 67 73 |Val></RltvDstngs|
2991 0700 68 64 4E 6D 3E 3C 52 6C 74 76 44 73 74 6E 67 73 |hdNm><RltvDstngs|
2992 0710 68 64 4E 6D 3E 3C 41 74 74 72 54 70 3E 4F 41 54 |hdNm><AttrTp>OAT|
2993 0720 54 3C 2F 41 74 74 72 54 70 3E 3C 41 74 74 72 56 |T</AttrTp><AttrV|
2994 0730 61 6C 3E 45 50 41 53 4F 72 67 3C 2F 41 74 74 72 |al>EPASOrg</Attr|
2995 0740 56 61 6C 3E 3C 2F 52 6C 74 76 44 73 74 6E 67 73 |Val></RltvDstngs|
2996 0750 68 64 4E 6D 3E 3C 52 6C 74 76 44 73 74 6E 67 73 |hdNm><RltvDstngs|
2997 0760 68 64 4E 6D 3E 3C 41 74 74 72 54 70 3E 4F 55 41 |hdNm><AttrTp>OUA|
2998 0770 54 3C 2F 41 74 74 72 54 70 3E 3C 41 74 74 72 56 |T</AttrTp><AttrV|
2999 0780 61 6C 3E 54 65 63 68 6E 69 63 61 6C 20 43 65 6E |al>Technical Cen|
3000 0790 74 65 72 20 6F 66 20 45 78 70 65 72 74 69 73 65 |ter of Expertise|
3001 07A0 3C 2F 41 74 74 72 56 61 6C 3E 3C 2F 52 6C 74 76 |</AttrVal></Rltv|
3002 07B0 44 73 74 6E 67 73 68 64 4E 6D 3E 3C 52 6C 74 76 |DstngshdNm><Rltv|
3003 07C0 44 73 74 6E 67 73 68 64 4E 6D 3E 3C 41 74 74 72 |DstngshdNm><Attr|
3004 07D0 54 70 3E 43 4E 41 54 3C 2F 41 74 74 72 54 70 3E |Tp>CNAT</AttrTp>|
3005 07E0 3C 41 74 74 72 56 61 6C 3E 45 50 41 53 20 50 72 |<AttrVal>EPAS Pr|
3006 07F0 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 43 41 3C |otocols Test CA<|
3007 0800 2F 41 74 74 72 56 61 6C 3E 3C 2F 52 6C 74 76 44 |/AttrVal></RltvD|
3008 0810 73 74 6E 67 73 68 64 4E 6D 3E 3C 2F 49 73 73 72 |stngshdNm></Issr|
3009 0820 3E 3C 53 72 6C 4E 62 3E 49 69 57 6F 2B 77 41 48 |><SrlNb>IiWo+wAH|
3010 0830 45 70 50 55 5A 42 77 38 3C 2F 53 72 6C 4E 62 3E |EpPUZBw8</SrlNb>|
3011 0840 3C 2F 49 73 73 72 41 6E 64 53 72 6C 4E 62 3E 3C |</IssrAndSrlNb><|
3012 0850 2F 53 67 6E 72 49 64 3E 3C 44 67 73 74 41 6C 67 |/SgnrId><DgstAlg|
3013 0860 6F 3E 3C 41 6C 67 6F 3E 48 53 32 35 3C 2F 41 6C |o><Algo>HS25</Al|
3014 0870 67 6F 3E 3C 2F 44 67 73 74 41 6C 67 6F 3E 3C 53 |go></DgstAlgo><S|

8 Download of Cryptographic Keys Page 134


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3015 0880 67 6E 74 72 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 45 |gntrAlgo><Algo>E|


3016 0890 52 53 32 3C 2F 41 6C 67 6F 3E 3C 2F 53 67 6E 74 |RS2</Algo></Sgnt|
3017 08A0 72 41 6C 67 6F 3E 3C 53 67 6E 74 72 3E 62 67 35 |rAlgo><Sgntr>bg5|
3018 08B0 58 42 39 2F 70 69 67 72 34 31 58 32 33 56 57 41 |XB9/pigr41X23VWA|
3019 08C0 53 58 45 6C 36 6B 4A 68 50 35 30 34 47 6F 6C 51 |SXEl6kJhP504GolQ|
3020 08D0 67 47 72 62 32 71 63 55 4E 42 4D 4B 64 36 2F 6F |gGrb2qcUNBMKd6/o|
3021 08E0 57 30 56 56 52 34 33 4D 62 63 42 33 44 79 6A 78 |W0VVR43MbcB3Dyjx|
3022 08F0 39 79 6A 63 54 4C 38 57 77 73 33 31 4A 4D 72 34 |9yjcTL8Wws31JMr4|
3023 0900 54 45 4D 35 35 7A 77 30 76 71 45 72 58 62 62 68 |TEM55zw0vqErXbbh|
3024 0910 39 42 66 77 43 63 47 4F 79 54 66 36 68 69 4A 4B |9BfwCcGOyTf6hiJK|
3025 0920 6C 41 68 7A 6C 50 53 54 6D 68 74 68 57 52 62 64 |lAhzlPSTmhthWRbd|
3026 0930 30 50 2B 53 6F 4C 52 58 4B 72 64 31 79 58 4B 30 |0P+SoLRXKrd1yXK0|
3027 0940 34 48 73 65 68 72 65 65 6E 70 39 75 44 65 56 79 |4Hsehreenp9uDeVy|
3028 0950 39 39 45 45 39 77 36 32 6B 31 6D 58 49 6D 36 32 |99EE9w62k1mXIm62|
3029 0960 61 32 65 35 6F 6F 51 67 41 4A 31 2B 66 30 45 35 |a2e5ooQgAJ1+f0E5|
3030 0970 4E 77 66 41 62 73 56 7A 75 41 71 42 2F 38 46 72 |NwfAbsVzuAqB/8Fr|
3031 0980 2B 6A 6A 35 78 38 2B 63 77 51 41 70 57 51 64 46 |+jj5x8+cwQApWQdF|
3032 0990 79 6C 53 32 67 63 6F 37 57 63 39 52 52 70 67 32 |ylS2gco7Wc9RRpg2|
3033 09A0 58 2F 2F 32 76 6F 46 49 59 58 6F 52 44 6A 53 54 |X//2voFIYXoRDjST|
3034 09B0 2B 30 79 6B 39 72 32 51 6C 51 2B 44 6D 50 43 33 |+0yk9r2QlQ+DmPC3|
3035 09C0 65 30 4E 70 71 45 47 57 67 30 36 4B 4B 2B 51 52 |e0NpqEGWg06KK+QR|
3036 09D0 49 61 70 43 2F 51 39 4B 71 49 31 67 4E 30 76 6F |IapC/Q9KqI1gN0vo|
3037 09E0 35 46 73 74 5A 4F 55 70 41 35 46 57 61 32 66 37 |5FstZOUpA5FWa2f7|
3038 09F0 75 43 45 55 41 30 4D 62 67 51 64 2B 36 4A 50 49 |uCEUA0MbgQd+6JPI|
3039 0A00 48 47 51 3D 3D 3C 2F 53 67 6E 74 72 3E 3C 2F 53 |HGQ==</Sgntr></S|
3040 0A10 67 6E 72 3E 3C 2F 53 67 6E 64 44 61 74 61 3E 3C |gnr></SgndData><|
3041 0A20 2F 53 63 74 79 54 72 6C 72 3E |/SctyTrlr> |
3042
3043
3044

8 Download of Cryptographic Keys Page 135


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3045 8.4.4 Management Plan with Key Download Action


3046 In response to the StatusReport message containing no keys, the TM Host send a
3047 ManagementPlanReplacement message containing one immediate action to download the DUKPT initial
3048 key.
3049 The header and the body of the ManagementPlanReplacement message is presented in the table below:
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 001
CreationDateTime 2013-12-06:13:53:52.00+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
ManagementPlan
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type ManagementPlan
CreationDateTime 2013-12-06:13:53:52.00+02:00
Content
Action
Type Download
DataSetIdentification
Name epas-acquirer-TM1-TIK
Type SecurityParameters
Version 20131206135352
Trigger DateTime
AdditionalProcess Restart
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2013-12-06:13:53:49
TMChallenge E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991
B7852B855
KeyEnciphrementCertificate 30820501308202E9A003020102020C7895CA35014C3D2F1E11B10D3
00D06092A864886F70D01010B05003068310B300906035504060C02
42453110300E060355040A0C07455041534F7267312630240603550
40B0C1D546563686E6963616C2043656E746572206F662045787065
7274697365311F301D06035504030C16455041532050726F746F636
F6C732054657374204341302A181332303133303431383130313832
332B30313030181332303138313030313138323030352B303130303

8 Download of Cryptographic Keys Page 136


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

078310B300906035504060C0246523110300E060355040A0C074550
41534F726731263024060355040B0C1D546563686E6963616C20436
56E746572206F6620457870657274697365312F302D06035504030C
26455041532050726F746F636F6C205465737420486F7374204B657
920456E6372797074696F6E308201A2300D06092A864886F70D0101
0105000382018F003082018A0282018100D72CCF63FB2F866A18F21
9DC919316495FF66C906F904D7B266525C37FABE7D4ED99EA042433
6D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB906AA
75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE
042216FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA
44DB6BE51A6358CAA3CCB8528E58B55540ED22325233333D3D6D2B8
2ED7A58D499F445FF835C3EBD5B515379A7C2B5B41D35F3DFD5A1A2
D61491038FDD19E18EF678FD794872ACC8B8129AFA0D02FCD6E4ADE
9184D5FEC2386441293B16BB76B8E2E4F8E80276366855A880E0EFA
C449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E1530E11
F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B
7D2221F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC8148946
9C17DA2DFAF7AB496EE7C24E43951FFE28006BFF96E2D15838AC725
2F3D45E8FEBEF0F7EEF974FFE0A38C38926CFA0683198CA8FD08C8B
2427B91A0B16F79A7186DE7DAB9DFF3D0203010001A30F300D300B0
603551D0F040403020520300D06092A864886F70D01010B05000382
02010026ED5F4E115A9E2D10F07B35D10F35D8BD3BB40D481E5F0D2
E08C80241D70002BA5C7307491CE28953CB70D49D85D20D0BBAFDBD
C404EFB7AEDD2B5E9292EA7684783E02DC98955CFB1D941719E1E48
FF83F1174102435B35259E7509F8FB67C30DDBEE7B5F540AD890035
D604B98D2F0814E78F8F9DE9D4B77AF726DB667CCAF70A175AF87F7
16979CA8783A8247E3CF36BD8DC316FE1D631A24896253D1242AE65
9E3EA15A82E73C4B296457AF5F088B00F6EF51730EE5E4FA9BAF6ED
8E4CC34F0FB90FF4442D455F3619A5059CA82DD15CB401302E70F12
4BDE6D514156FB42DDE6ADA620EF2D27B7F2189B4FCAB9F4487DA26
ED4418F00EA4C7A89308EAC88E5865943F95F087A6FB7749BDB783E
2AE28FF7C410ADC935F41658F36CD90F2CC895A27DB5AD1EF147AA6
0634A6591C343AC7FF95C6D7D7CB88EBB361691FDA586551D6F0CAD
7FE5F037460350E5D0A650D627EB0C1B5315B0492414684230BBA23
9D5CAB98942079DAB4F0CBBCEB2D881D0FFE8B2E19DB8F94AE9D99B
AC6BE2C48E5FE45DEEC2FFE8FAF52B43256BC50E17F0CEF1AB8B869
4FC3493627CF2852283B25176DDAFEE8FBA49F434D2B7F1BCAF79CC
B3EAD15F3A6D11939EDC406352DF6A68F1201831CED0FE205E1F381
5F46E01E6E5F5798DE2EFB7CF6EFE578BA33AEDBB3ED9C4EF39EA5E
9A6899CE00DB6C8922450AA18227549DB43F1643

3050
3051

8 Download of Cryptographic Keys Page 137


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3052 As for the previous message, the POI has no symmetric key shared usable by the key injection, so the
3053 TM authentication RSA key is used to provide a digital signature of the message body.
3054
3055 Once unnecessary spaces and carriage returns are removed, the XML encoded
3056 ManagementPlanReplacement message body is:
3057 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
3058 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
3059 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
3060 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
3061 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
3062 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 |grId><Id>epas-ke|
3063 0060 79 44 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 |yDownload-TM1</I|
3064 0070 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
3065 0080 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 |/TermnlMgrId><Da|
3066 0090 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 41 51 |taSet><Id><Tp>AQ|
3067 00A0 50 52 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E |PR</Tp><CreDtTm>|
3068 00B0 32 30 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 |2013-12-06T13:53|
3069 00C0 3A 35 32 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 |:52.00+02:00</Cr|
3070 00D0 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 |eDtTm></Id><Cntt|
3071 00E0 3E 3C 41 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C |><Actn><Tp>DWNL<|
3072 00F0 2F 54 70 3E 3C 44 61 74 61 53 65 74 49 64 3E 3C |/Tp><DataSetId><|
3073 0100 4E 6D 3E 65 70 61 73 2D 61 63 71 75 69 72 65 72 |Nm>epas-acquirer|
3074 0110 2D 54 4D 31 2D 54 49 4B 3C 2F 4E 6D 3E 3C 54 70 |-TM1-TIK</Nm><Tp|
3075 0120 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E |>SCPR</Tp><Vrsn>|
3076 0130 32 30 31 33 31 32 30 36 31 33 35 33 35 32 3C 2F |20131206135352</|
3077 0140 56 72 73 6E 3E 3C 2F 44 61 74 61 53 65 74 49 64 |Vrsn></DataSetId|
3078 0150 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 |><Trggr>DATE</Tr|
3079 0160 67 67 72 3E 3C 41 64 64 74 6C 50 72 63 3E 52 53 |ggr><AddtlPrc>RS|
3080 0170 52 54 3C 2F 41 64 64 74 6C 50 72 63 3E 3C 52 65 |RT</AddtlPrc><Re|
3081 0180 54 72 79 3E 3C 44 65 6C 79 3E 31 30 3C 2F 44 65 |Try><Dely>10</De|
3082 0190 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C 2F 4D 61 78 |ly><MaxNb>2</Max|
3083 01A0 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C 54 6D 43 6F |Nb></ReTry><TmCo|
3084 01B0 6E 64 3E 3C 53 74 61 72 74 54 6D 3E 32 30 31 33 |nd><StartTm>2013|
3085 01C0 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 34 39 3C |-12-06T13:53:49<|
3086 01D0 2F 53 74 61 72 74 54 6D 3E 3C 2F 54 6D 43 6F 6E |/StartTm></TmCon|
3087 01E0 64 3E 3C 54 4D 43 68 6C 6C 6E 67 3E 34 37 44 45 |d><TMChllng>47DE|
3088 01F0 51 70 6A 38 48 42 53 61 2B 2F 54 49 6D 57 2B 35 |Qpj8HBSa+/TImW+5|
3089 0200 4A 43 65 75 51 65 52 6B 6D 35 4E 4D 70 4A 57 5A |JCeuQeRkm5NMpJWZ|
3090 0210 47 33 68 53 75 46 55 3D 3C 2F 54 4D 43 68 6C 6C |G3hSuFU=</TMChll|
3091 0220 6E 67 3E 3C 4B 65 79 4E 63 70 68 72 6D 6E 74 43 |ng><KeyNcphrmntC|
3092 0230 65 72 74 3E 4D 49 49 46 41 54 43 43 41 75 6D 67 |ert>MIIFATCCAumg|
3093 0240 41 77 49 42 41 67 49 4D 65 4A 58 4B 4E 51 46 4D |AwIBAgIMeJXKNQFM|
3094 0250 50 53 38 65 45 62 45 4E 4D 41 30 47 43 53 71 47 |PS8eEbENMA0GCSqG|
3095 0260 53 49 62 33 44 51 45 42 43 77 55 41 4D 47 67 78 |SIb3DQEBCwUAMGgx|
3096 0270 43 7A 41 4A 42 67 4E 56 42 41 59 4D 41 6B 4A 46 |CzAJBgNVBAYMAkJF|
3097 0280 4D 52 41 77 44 67 59 44 56 51 51 4B 44 41 64 46 |MRAwDgYDVQQKDAdF|
3098 0290 55 45 46 54 54 33 4A 6E 4D 53 59 77 4A 41 59 44 |UEFTT3JnMSYwJAYD|
3099 02A0 56 51 51 4C 44 42 31 55 5A 57 4E 6F 62 6D 6C 6A |VQQLDB1UZWNobmlj|
3100 02B0 59 57 77 67 51 32 56 75 64 47 56 79 49 47 39 6D |YWwgQ2VudGVyIG9m|
3101 02C0 49 45 56 34 63 47 56 79 64 47 6C 7A 5A 54 45 66 |IEV4cGVydGlzZTEf|
3102 02D0 4D 42 30 47 41 31 55 45 41 77 77 57 52 56 42 42 |MB0GA1UEAwwWRVBB|
3103 02E0 55 79 42 51 63 6D 39 30 62 32 4E 76 62 48 4D 67 |UyBQcm90b2NvbHMg|
3104 02F0 56 47 56 7A 64 43 42 44 51 54 41 71 47 42 4D 79 |VGVzdCBDQTAqGBMy|

8 Download of Cryptographic Keys Page 138


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3105 0300 4D 44 45 7A 4D 44 51 78 4F 44 45 77 4D 54 67 79 |MDEzMDQxODEwMTgy|


3106 0310 4D 79 73 77 4D 54 41 77 47 42 4D 79 4D 44 45 34 |MyswMTAwGBMyMDE4|
3107 0320 4D 54 41 77 4D 54 45 34 4D 6A 41 77 4E 53 73 77 |MTAwMTE4MjAwNSsw|
3108 0330 4D 54 41 77 4D 48 67 78 43 7A 41 4A 42 67 4E 56 |MTAwMHgxCzAJBgNV|
3109 0340 42 41 59 4D 41 6B 5A 53 4D 52 41 77 44 67 59 44 |BAYMAkZSMRAwDgYD|
3110 0350 56 51 51 4B 44 41 64 46 55 45 46 54 54 33 4A 6E |VQQKDAdFUEFTT3Jn|
3111 0360 4D 53 59 77 4A 41 59 44 56 51 51 4C 44 42 31 55 |MSYwJAYDVQQLDB1U|
3112 0370 5A 57 4E 6F 62 6D 6C 6A 59 57 77 67 51 32 56 75 |ZWNobmljYWwgQ2Vu|
3113 0380 64 47 56 79 49 47 39 6D 49 45 56 34 63 47 56 79 |dGVyIG9mIEV4cGVy|
3114 0390 64 47 6C 7A 5A 54 45 76 4D 43 30 47 41 31 55 45 |dGlzZTEvMC0GA1UE|
3115 03A0 41 77 77 6D 52 56 42 42 55 79 42 51 63 6D 39 30 |AwwmRVBBUyBQcm90|
3116 03B0 62 32 4E 76 62 43 42 55 5A 58 4E 30 49 45 68 76 |b2NvbCBUZXN0IEhv|
3117 03C0 63 33 51 67 53 32 56 35 49 45 56 75 59 33 4A 35 |c3QgS2V5IEVuY3J5|
3118 03D0 63 48 52 70 62 32 34 77 67 67 47 69 4D 41 30 47 |cHRpb24wggGiMA0G|
3119 03E0 43 53 71 47 53 49 62 33 44 51 45 42 41 51 55 41 |CSqGSIb3DQEBAQUA|
3120 03F0 41 34 49 42 6A 77 41 77 67 67 47 4B 41 6F 49 42 |A4IBjwAwggGKAoIB|
3121 0400 67 51 44 58 4C 4D 39 6A 2B 79 2B 47 61 68 6A 79 |gQDXLM9j+y+Gahjy|
3122 0410 47 64 79 52 6B 78 5A 4A 58 2F 5A 73 6B 47 2B 51 |GdyRkxZJX/ZskG+Q|
3123 0420 54 58 73 6D 5A 53 58 44 66 36 76 6E 31 4F 32 5A |TXsmZSXDf6vn1O2Z|
3124 0430 36 67 51 6B 4D 32 32 5A 73 4C 65 58 6E 65 46 32 |6gQkM22ZsLeXneF2|
3125 0440 54 6E 7A 52 61 32 53 35 75 70 56 47 45 4C 79 73 |TnzRa2S5upVGELys|
3126 0450 75 32 7A 39 70 4D 75 51 61 71 64 62 37 56 69 35 |u2z9pMuQaqdb7Vi5|
3127 0460 6F 41 4E 78 55 6C 51 65 73 64 77 39 30 4C 59 68 |oANxUlQesdw90LYh|
3128 0470 54 72 4D 62 36 58 70 50 6B 51 63 30 45 74 34 45 |TrMb6XpPkQc0Et4E|
3129 0480 49 68 62 36 6A 34 4A 74 4A 4D 66 79 30 77 58 55 |Ihb6j4JtJMfy0wXU|
3130 0490 76 32 4E 47 57 2F 69 5A 33 47 38 48 50 2F 61 71 |v2NGW/iZ3G8HP/aq|
3131 04A0 4D 34 36 6B 54 62 61 2B 55 61 59 31 6A 4B 6F 38 |M46kTba+UaY1jKo8|
3132 04B0 79 34 55 6F 35 59 74 56 56 41 37 53 49 79 55 6A |y4Uo5YtVVA7SIyUj|
3133 04C0 4D 7A 50 54 31 74 4B 34 4C 74 65 6C 6A 55 6D 66 |MzPT1tK4LteljUmf|
3134 04D0 52 46 2F 34 4E 63 50 72 31 62 55 56 4E 35 70 38 |RF/4NcPr1bUVN5p8|
3135 04E0 4B 31 74 42 30 31 38 39 2F 56 6F 61 4C 57 46 4A |K1tB0189/VoaLWFJ|
3136 04F0 45 44 6A 39 30 5A 34 59 37 32 65 50 31 35 53 48 |EDj90Z4Y72eP15SH|
3137 0500 4B 73 79 4C 67 53 6D 76 6F 4E 41 76 7A 57 35 4B |KsyLgSmvoNAvzW5K|
3138 0510 33 70 47 45 31 66 37 43 4F 47 52 42 4B 54 73 57 |3pGE1f7COGRBKTsW|
3139 0520 75 33 61 34 34 75 54 34 36 41 4A 32 4E 6D 68 56 |u3a44uT46AJ2NmhV|
3140 0530 71 49 44 67 37 36 78 45 6E 6E 59 53 54 45 76 33 |qIDg76xEnnYSTEv3|
3141 0540 2F 79 75 68 58 6D 64 4C 59 71 56 6A 66 53 5A 67 |/yuhXmdLYqVjfSZg|
3142 0550 43 71 4F 67 45 2B 46 54 44 68 48 30 76 35 68 4F |CqOgE+FTDhH0v5hO|
3143 0560 55 7A 39 53 43 69 35 30 76 59 4A 74 31 51 66 43 |Uz9SCi50vYJt1QfC|
3144 0570 67 39 4C 31 59 38 49 6F 53 4F 42 64 68 4E 4B 33 |g9L1Y8IoSOBdhNK3|
3145 0580 30 69 49 66 53 32 4F 31 5A 35 66 6D 72 37 51 6C |0iIfS2O1Z5fmr7Ql|
3146 0590 31 57 66 6C 2B 52 62 6A 71 30 34 73 53 47 37 49 |1Wfl+Rbjq04sSG7I|
3147 05A0 46 49 6C 47 6E 42 66 61 4C 66 72 33 71 30 6C 75 |FIlGnBfaLfr3q0lu|
3148 05B0 35 38 4A 4F 51 35 55 66 2F 69 67 41 61 2F 2B 57 |58JOQ5Uf/igAa/+W|
3149 05C0 34 74 46 59 4F 4B 78 79 55 76 50 55 58 6F 2F 72 |4tFYOKxyUvPUXo/r|
3150 05D0 37 77 39 2B 37 35 64 50 2F 67 6F 34 77 34 6B 6D |7w9+75dP/go4w4km|
3151 05E0 7A 36 42 6F 4D 5A 6A 4B 6A 39 43 4D 69 79 51 6E |z6BoMZjKj9CMiyQn|
3152 05F0 75 52 6F 4C 46 76 65 61 63 59 62 65 66 61 75 64 |uRoLFveacYbefaud|
3153 0600 2F 7A 30 43 41 77 45 41 41 61 4D 50 4D 41 30 77 |/z0CAwEAAaMPMA0w|
3154 0610 43 77 59 44 56 52 30 50 42 41 51 44 41 67 55 67 |CwYDVR0PBAQDAgUg|
3155 0620 4D 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 |MA0GCSqGSIb3DQEB|
3156 0630 43 77 55 41 41 34 49 43 41 51 41 6D 37 56 39 4F |CwUAA4ICAQAm7V9O|
3157 0640 45 56 71 65 4C 52 44 77 65 7A 58 52 44 7A 58 59 |EVqeLRDwezXRDzXY|
3158 0650 76 54 75 30 44 55 67 65 58 77 30 75 43 4D 67 43 |vTu0DUgeXw0uCMgC|

8 Download of Cryptographic Keys Page 139


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3159 0660 51 64 63 41 41 72 70 63 63 77 64 4A 48 4F 4B 4A |QdcAArpccwdJHOKJ|


3160 0670 55 38 74 77 31 4A 32 46 30 67 30 4C 75 76 32 39 |U8tw1J2F0g0Luv29|
3161 0680 78 41 54 76 74 36 37 64 4B 31 36 53 6B 75 70 32 |xATvt67dK16Skup2|
3162 0690 68 48 67 2B 41 74 79 59 6C 56 7A 37 48 5A 51 58 |hHg+AtyYlVz7HZQX|
3163 06A0 47 65 48 6B 6A 2F 67 2F 45 58 51 51 4A 44 57 7A |GeHkj/g/EXQQJDWz|
3164 06B0 55 6C 6E 6E 55 4A 2B 50 74 6E 77 77 33 62 37 6E |UlnnUJ+Ptnww3b7n|
3165 06C0 74 66 56 41 72 59 6B 41 4E 64 59 45 75 59 30 76 |tfVArYkANdYEuY0v|
3166 06D0 43 42 54 6E 6A 34 2B 64 36 64 53 33 65 76 63 6D |CBTnj4+d6dS3evcm|
3167 06E0 32 32 5A 38 79 76 63 4B 46 31 72 34 66 33 46 70 |22Z8yvcKF1r4f3Fp|
3168 06F0 65 63 71 48 67 36 67 6B 66 6A 7A 7A 61 39 6A 63 |ecqHg6gkfjzza9jc|
3169 0700 4D 57 2F 68 31 6A 47 69 53 4A 59 6C 50 52 4A 43 |MW/h1jGiSJYlPRJC|
3170 0710 72 6D 57 65 50 71 46 61 67 75 63 38 53 79 6C 6B |rmWePqFaguc8Sylk|
3171 0720 56 36 39 66 43 49 73 41 39 75 39 52 63 77 37 6C |V69fCIsA9u9Rcw7l|
3172 0730 35 50 71 62 72 32 37 59 35 4D 77 30 38 50 75 51 |5Pqbr27Y5Mw08PuQ|
3173 0740 2F 30 52 43 31 46 58 7A 59 5A 70 51 57 63 71 43 |/0RC1FXzYZpQWcqC|
3174 0750 33 52 58 4C 51 42 4D 43 35 77 38 53 53 39 35 74 |3RXLQBMC5w8SS95t|
3175 0760 55 55 46 57 2B 30 4C 64 35 71 32 6D 49 4F 38 74 |UUFW+0Ld5q2mIO8t|
3176 0770 4A 37 66 79 47 4A 74 50 79 72 6E 30 53 48 32 69 |J7fyGJtPyrn0SH2i|
3177 0780 62 74 52 42 6A 77 44 71 54 48 71 4A 4D 49 36 73 |btRBjwDqTHqJMI6s|
3178 0790 69 4F 57 47 57 55 50 35 58 77 68 36 62 37 64 30 |iOWGWUP5Xwh6b7d0|
3179 07A0 6D 39 74 34 50 69 72 69 6A 2F 66 45 45 4B 33 4A |m9t4Pirij/fEEK3J|
3180 07B0 4E 66 51 57 57 50 4E 73 32 51 38 73 79 4A 57 69 |NfQWWPNs2Q8syJWi|
3181 07C0 66 62 57 74 48 76 46 48 71 6D 42 6A 53 6D 57 52 |fbWtHvFHqmBjSmWR|
3182 07D0 77 30 4F 73 66 2F 6C 63 62 58 31 38 75 49 36 37 |w0Osf/lcbX18uI67|
3183 07E0 4E 68 61 52 2F 61 57 47 56 52 31 76 44 4B 31 2F |NhaR/aWGVR1vDK1/|
3184 07F0 35 66 41 33 52 67 4E 51 35 64 43 6D 55 4E 59 6E |5fA3RgNQ5dCmUNYn|
3185 0800 36 77 77 62 55 78 57 77 53 53 51 55 61 45 49 77 |6wwbUxWwSSQUaEIw|
3186 0810 75 36 49 35 31 63 71 35 69 55 49 48 6E 61 74 50 |u6I51cq5iUIHnatP|
3187 0820 44 4C 76 4F 73 74 69 42 30 50 2F 6F 73 75 47 64 |DLvOstiB0P/osuGd|
3188 0830 75 50 6C 4B 36 64 6D 62 72 47 76 69 78 49 35 66 |uPlK6dmbrGvixI5f|
3189 0840 35 46 33 75 77 76 2F 6F 2B 76 55 72 51 79 56 72 |5F3uwv/o+vUrQyVr|
3190 0850 78 51 34 58 38 4D 37 78 71 34 75 47 6C 50 77 30 |xQ4X8M7xq4uGlPw0|
3191 0860 6B 32 4A 38 38 6F 55 69 67 37 4A 52 64 74 32 76 |k2J88oUig7JRdt2v|
3192 0870 37 6F 2B 36 53 66 51 30 30 72 66 78 76 4B 39 35 |7o+6SfQ00rfxvK95|
3193 0880 7A 4C 50 71 30 56 38 36 62 52 47 54 6E 74 78 41 |zLPq0V86bRGTntxA|
3194 0890 59 31 4C 66 61 6D 6A 78 49 42 67 78 7A 74 44 2B |Y1LfamjxIBgxztD+|
3195 08A0 49 46 34 66 4F 42 58 30 62 67 48 6D 35 66 56 35 |IF4fOBX0bgHm5fV5|
3196 08B0 6A 65 4C 76 74 38 39 75 2F 6C 65 4C 6F 7A 72 74 |jeLvt89u/leLozrt|
3197 08C0 75 7A 37 5A 78 4F 38 35 36 6C 36 61 61 4A 6E 4F |uz7ZxO856l6aaJnO|
3198 08D0 41 4E 74 73 69 53 4A 46 43 71 47 43 4A 31 53 64 |ANtsiSJFCqGCJ1Sd|
3199 08E0 74 44 38 57 51 77 3D 3D 3C 2F 4B 65 79 4E 63 70 |tD8WQw==</KeyNcp|
3200 08F0 68 72 6D 6E 74 43 65 72 74 3E 3C 2F 41 63 74 6E |hrmntCert></Actn|
3201 0900 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 |></Cntt></DataSe|
3202 0910 74 3E 3C 2F 4D 67 6D 74 50 6C 61 6E 3E |t></MgmtPlan> |

3203
3204 The SHA256 digest of the ManagementPlanReplacement message body is:
3205 0000 23 46 28 92 72 B2 B4 C5 A8 03 09 2B 35 5A 1A 9F |#F(.r......+5Z..|
3206 0010 4F 3E 67 5D 2C CF 55 21 F6 21 FA 47 40 DE 74 7B |O>g],.U!.!.G@.t{|

3207
3208 Applying the padding process for the digital signature, the block result is dumped below:
3209 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3210 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|

8 Download of Cryptographic Keys Page 140


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3211 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|


3212 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3213 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3214 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3215 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3216 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3217 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3218 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3219 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3220 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3221 00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3222 00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3223 00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3224 00F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3225 0100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3226 0110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3227 0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3228 0130 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3229 0140 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
3230 0150 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
3231 0160 23 46 28 92 72 B2 B4 C5 A8 03 09 2B 35 5A 1A 9F |#F(.r......+5Z..|
3232 0170 4F 3E 67 5D 2C CF 55 21 F6 21 FA 47 40 DE 74 7B |O>g],.U!.!.G@.t{|

3233
3234

8 Download of Cryptographic Keys Page 141


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3235 After encryption by the private key of KTM-Sign, we have the digital signature of the
3236 ManagementPlanReplacement message body:
3237 0000 B0 12 54 74 89 27 2F 01 97 2C 60 9D D4 9E AC 34 |..Tt.'/..,`....4|
3238 0010 3C EA 57 00 93 01 AA 86 10 0C D8 99 A3 2B 05 56 |<.W..........+.V|
3239 0020 48 E7 1A 3A 20 B5 C0 22 AD 05 C6 75 22 80 15 86 |H..: .."...u"...|
3240 0030 3E 92 1C 97 23 18 D1 F9 95 2B A2 FA 63 AE 09 F0 |>...#....+..c...|
3241 0040 01 42 38 7F 3F 16 E8 2D CD D9 DF B3 BC AD F0 DF |.B8.?..-........|
3242 0050 27 B1 A4 85 06 0E F5 F4 BF 4C 34 58 C7 16 8D D6 |'........L4X....|
3243 0060 44 C3 50 B9 7A 11 14 2D B5 68 99 10 F6 6D B3 82 |D.P.z..-.h...m..|
3244 0070 44 69 8F E8 65 DB 94 D7 13 94 8A F3 9D 21 84 CF |Di..e........!..|
3245 0080 9A EF 06 04 33 98 AA 0F E0 CE 6A 71 92 C4 C2 66 |....3.....jq...f|
3246 0090 E6 28 A1 0C B7 BC 0C E1 02 0D F4 9E E7 82 42 1E |.(............B.|
3247 00A0 79 70 B1 7E 4B 02 A1 9A C6 66 98 C8 73 41 36 57 |yp.~K....f..sA6W|
3248 00B0 6C E8 D9 B1 6E 4F 4B D7 F4 E9 69 96 B4 AF 12 4D |l...nOK...i....M|
3249 00C0 75 48 9A DA 9C DC 7A DE 2A F2 1A 90 62 0F 40 B5 |uH....z.*...b.@.|
3250 00D0 42 F9 BC 94 54 43 DB 63 62 BC E1 52 55 7E 11 39 |B...TC.cb..RU~.9|
3251 00E0 08 65 A2 3E 69 94 C7 FF EC 0A 78 04 0F 23 1B 77 |.e.>i.....x..#.w|
3252 00F0 C5 25 A4 F1 64 0C 59 93 1B 6D 49 0A 48 FA 84 EB |.%..d.Y..mI.H...|
3253 0100 FE A4 EF 27 9A 3B 4E 90 86 FA F5 4C F8 55 20 C4 |...'.;N....L.U .|
3254 0110 3B 79 90 10 7C 64 C1 2C 1F 4A A0 D4 09 8F 04 97 |;y..|d.,.J......|
3255 0120 01 29 1A 4B 38 3D 30 1C E2 A4 DD 8D 08 F2 3B 11 |.).K8=0.......;.|
3256 0130 F3 8D 60 C4 C7 4B 3E FC 67 E3 E4 70 09 E4 F0 B1 |..`..K>.g..p....|
3257 0140 8B E0 38 0C 2F F9 79 EB F6 D2 7C 0B 6D 26 A9 8E |..8./.y...|.m&..|
3258 0150 F7 12 3D D8 AC 6B 4C 6C 2E 55 C0 48 78 9F 04 16 |..=..kLl.U.Hx...|
3259 0160 E4 77 EA C7 34 FC 0A AE E0 2B 1E 4A DE 0A 50 90 |.w..4....+.J..P.|
3260 0170 28 BC B8 DC 34 B9 82 0E 8C E3 FB 2C 25 9A 42 0A |(...4......,%.B.|

3261
3262

8 Download of Cryptographic Keys Page 142


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3263 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204FF308202E7A003020102020A2ABC40F4D482F5EBC975300D06092A8648
86F70D01010B05003068310B300906035504060C0242453110300E060355040A
0C07455041534F726731263024060355040B0C1D546563686E6963616C204365
6E746572206F6620457870657274697365311F301D06035504030C1645504153
2050726F746F636F6C732054657374204341302A181332303133303431383130
303634362B30313030181332303138313030313138323030352B303130303078
310B300906035504060C0246523110300E060355040A0C07455041534F726731
263024060355040B0C1D546563686E6963616C2043656E746572206F66204578
70657274697365312F302D06035504030C26455041532050726F746F636F6C20
5465737420486F73742041757468656E7469636174696F6E308201A2300D0609
2A864886F70D01010105000382018F003082018A0282018100BD095898F981BA
F42BE20E19339B396C59626690BDF396D20C503CA57C688AF41E50552CF1B9DD
C4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B8F835AE60D9E05
7EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40F4D482F5EBC975
4F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27457693B41E7BF2
CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98DBA3047F2C0CDCD
9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70A9548D7804B5E4
A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659D828A94C5544AE
BBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD810E43D574DD7B
E664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD791AB5718F1FA1
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2ABC40F4D482F5EBC975
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA

8 Download of Cryptographic Keys Page 143


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Signature B012547489272F01972C609DD49EAC343CEA57009301AA86100CD899A32B0556
48E71A3A20B5C022AD05C675228015863E921C972318D1F9952BA2FA63AE09F0
0142387F3F16E82DCDD9DFB3BCADF0DF27B1A485060EF5F4BF4C3458C7168DD6
44C350B97A11142DB5689910F66DB38244698FE865DB94D713948AF39D2184CF
9AEF06043398AA0FE0CE6A7192C4C266E628A10CB7BC0CE1020DF49EE782421E
7970B17E4B02A19AC66698C8734136576CE8D9B16E4F4BD7F4E96996B4AF124D
75489ADA9CDC7ADE2AF21A90620F40B542F9BC945443DB6362BCE152557E1139
0865A23E6994C7FFEC0A78040F231B77C525A4F1640C59931B6D490A48FA84EB
FEA4EF279A3B4E9086FAF54CF85520C43B7990107C64C12C1F4AA0D4098F0497
01291A4B383D301CE2A4DD8D08F23B11F38D60C4C74B3EFC67E3E47009E4F0B1
8BE0380C2FF979EBF6D27C0B6D26A98EF7123DD8AC6B4C6C2E55C048789F0416
E477EAC734FC0AAEE02B1E4ADE0A509028BCB8DC34B9820E8CE3FB2C259A420A

3264
3265 The XML encoded structure of the StatusReport message is:
3266
3267 <?xml version="1.0" encoding="UTF-8"?>
3268 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3269 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.002.001.05">
3270 <MgmtPlanRplcmnt>
3271 <Hdr>
3272 <DwnldTrf>true</DwnldTrf>
3273 <FrmtVrsn>5.0</FrmtVrsn>
3274 <XchgId>001</XchgId>
3275 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3276 <InitgPty>
3277 <Id>66000001</Id>
3278 <Tp>OPOI</Tp>
3279 <Issr>MTMG</Issr>
3280 </InitgPty>
3281 <RcptPty>
3282 <Id>epas-keyDownload-TM1</Id>
3283 <Tp>MTMG</Tp>
3284 </RcptPty>
3285 </Hdr>
3286 <MgmtPlan>
3287 <POIId>
3288 <Id>66000001</Id>
3289 <Tp>OPOI</Tp>
3290 <Issr>MTMG</Issr>
3291 </POIId>
3292 <TermnlMgrId>
3293 <Id>epas-keyDownload-TM1</Id>
3294 <Tp>MTMG</Tp>
3295 </TermnlMgrId>
3296 <DataSet>
3297 <Id>
3298 <Tp>AQPR</Tp>
3299 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3300 </Id>
3301 <Cntt>
3302 <Actn>
3303 <Tp>DWNL</Tp>
3304 <DataSetId>
3305 <Nm>epas-acquirer-TM1-TIK</Nm>
3306 <Tp>SCPR</Tp>
3307 <Vrsn>20131206135352</Vrsn>
3308 </DataSetId>
3309 <Trggr>DATE</Trggr>
3310 <AddtlPrc>RSRT</AddtlPrc>
3311 <ReTry>
3312 <Dely>10</Dely>
3313 <MaxNb>2</MaxNb>
3314 </ReTry>
3315 <TmCond>
3316 <StartTm>2013-12-06T13:53:49</StartTm>
3317 </TmCond>
3318 <TMChllng>

8 Download of Cryptographic Keys Page 144


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3319 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
3320 </TMChllng>
3321 <KeyNcphrmntCert>
3322 MIIFATCCAumgAwIBAgIMeJXKNQFMPS8eEbENMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYM
3323 AkJFMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4
3324 cGVydGlzZTEfMB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEw
3325 MTgyMyswMTAwGBMyMDE4MTAwMTE4MjAwNSswMTAwMHgxCzAJBgNVBAYMAkZSMRAwDgYDVQQK
3326 DAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEvMC0G
3327 A1UEAwwmRVBBUyBQcm90b2NvbCBUZXN0IEhvc3QgS2V5IEVuY3J5cHRpb24wggGiMA0GCSqG
3328 SIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXLM9j+y+GahjyGdyRkxZJX/ZskG+QTXsmZSXDf6vn
3329 1O2Z6gQkM22ZsLeXneF2TnzRa2S5upVGELysu2z9pMuQaqdb7Vi5oANxUlQesdw90LYhTrMb
3330 6XpPkQc0Et4EIhb6j4JtJMfy0wXUv2NGW/iZ3G8HP/aqM46kTba+UaY1jKo8y4Uo5YtVVA7S
3331 IyUjMzPT1tK4LteljUmfRF/4NcPr1bUVN5p8K1tB0189/VoaLWFJEDj90Z4Y72eP15SHKsyL
3332 gSmvoNAvzW5K3pGE1f7COGRBKTsWu3a44uT46AJ2NmhVqIDg76xEnnYSTEv3/yuhXmdLYqVj
3333 fSZgCqOgE+FTDhH0v5hOUz9SCi50vYJt1QfCg9L1Y8IoSOBdhNK30iIfS2O1Z5fmr7Ql1Wfl
3334 +Rbjq04sSG7IFIlGnBfaLfr3q0lu58JOQ5Uf/igAa/+W4tFYOKxyUvPUXo/r7w9+75dP/go4
3335 w4kmz6BoMZjKj9CMiyQnuRoLFveacYbefaud/z0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMA0G
3336 CSqGSIb3DQEBCwUAA4ICAQAm7V9OEVqeLRDwezXRDzXYvTu0DUgeXw0uCMgCQdcAArpccwdJ
3337 HOKJU8tw1J2F0g0Luv29xATvt67dK16Skup2hHg+AtyYlVz7HZQXGeHkj/g/EXQQJDWzUlnn
3338 UJ+Ptnww3b7ntfVArYkANdYEuY0vCBTnj4+d6dS3evcm22Z8yvcKF1r4f3FpecqHg6gkfjzz
3339 a9jcMW/h1jGiSJYlPRJCrmWePqFaguc8SylkV69fCIsA9u9Rcw7l5Pqbr27Y5Mw08PuQ/0RC
3340 1FXzYZpQWcqC3RXLQBMC5w8SS95tUUFW+0Ld5q2mIO8tJ7fyGJtPyrn0SH2ibtRBjwDqTHqJ
3341 MI6siOWGWUP5Xwh6b7d0m9t4Pirij/fEEK3JNfQWWPNs2Q8syJWifbWtHvFHqmBjSmWRw0Os
3342 f/lcbX18uI67NhaR/aWGVR1vDK1/5fA3RgNQ5dCmUNYn6wwbUxWwSSQUaEIwu6I51cq5iUIH
3343 natPDLvOstiB0P/osuGduPlK6dmbrGvixI5f5F3uwv/o+vUrQyVrxQ4X8M7xq4uGlPw0k2J8
3344 8oUig7JRdt2v7o+6SfQ00rfxvK95zLPq0V86bRGTntxAY1LfamjxIBgxztD+IF4fOBX0bgHm
3345 5fV5jeLvt89u/leLozrtuz7ZxO856l6aaJnOANtsiSJFCqGCJ1SdtD8WQw==
3346 </KeyNcphrmntCert>
3347 </Actn>
3348 </Cntt>
3349 </DataSet>
3350 </MgmtPlan>
3351 <SctyTrlr>
3352 <CnttTp>SIGN</CnttTp>
3353 <SgndData>
3354 <DgstAlgo>
3355 <Algo>HS25</Algo>
3356 </DgstAlgo>
3357 <NcpsltdCntt>
3358 <CnttTp>DATA</CnttTp>
3359 </NcpsltdCntt>
3360 <Cert>
3361 MIIE/zCCAuegAwIBAgIKKrxA9NSC9evJdTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGDAJCRTEQMA
3362 4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwdVGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxHzAd
3363 BgNVBAMMFkVQQVMgUHJvdG9jb2xzIFRlc3QgQ0EwKhgTMjAxMzA0MTgxMDA2NDYrMDEwMBgTMjAxOD
3364 EwMDExODIwMDUrMDEwMDB4MQswCQYDVQQGDAJGUjEQMA4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwd
3365 VGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxLzAtBgNVBAMMJkVQQVMgUHJvdG9jb2wgVGVzdC
3366 BIb3N0IEF1dGhlbnRpY2F0aW9uMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvQlYmPmB
3367 uvQr4g4ZM5s5bFliZpC985bSDFA8pXxoivQeUFUs8bndxBFiCd0AwmtnP37e59DKbcLaqf8vjDqGC4
3368 +DWuYNngV+3fFiX6xVoQKDf8HH74wKbBN8WXOXKrxA9NSC9evJdU+WS27s7b5m22KtDaezjgWRdWLo
3369 md9xfSdFdpO0Hnvyy6mIVa4sl95LSP2BKlINbTVgEPboNV7JjbowR/LAzc2b5lUnfz7WmniN2ApqEr
3370 yj1MfwhmK5nT9wqVSNeAS15KKROj7AJSW+Y57X2bmGVWxZMmdWQvzE5lnYKKlMVUSuu8VEbua5agSg
3371 GFRwKW38L/unPUB0kwlo3YEOQ9V03XvmZImdpuSOtLO1kOLKqXx1AVxzUJOtYuP9eRq1cY8foQ==
3372 </Cert>
3373 <Sgnr>
3374 <SgnrId>
3375 <IssrAndSrlNb>
3376 <Issr>
3377 <RltvDstngshdNm>
3378 <AttrTp>CATT</AttrTp>
3379 <AttrVal>BE</AttrVal>
3380 </RltvDstngshdNm>
3381 <RltvDstngshdNm>
3382 <AttrTp>OATT</AttrTp>
3383 <AttrVal>EPASOrg</AttrVal>
3384 </RltvDstngshdNm>
3385 <RltvDstngshdNm>
3386 <AttrTp>OUAT</AttrTp>
3387 <AttrVal>Technical Center of Expertise</AttrVal>

8 Download of Cryptographic Keys Page 145


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3388 </RltvDstngshdNm>
3389 <RltvDstngshdNm>
3390 <AttrTp>CNAT</AttrTp>
3391 <AttrVal>EPAS Protocols Test CA</AttrVal>
3392 </RltvDstngshdNm>
3393 </Issr>
3394 <SrlNb>KrxA9NSC9evJdQ==</SrlNb>
3395 </IssrAndSrlNb>
3396 </SgnrId>
3397 <DgstAlgo>
3398 <Algo>HS25</Algo>
3399 </DgstAlgo>
3400 <SgntrAlgo>
3401 <Algo>ERS2</Algo>
3402 </SgntrAlgo>
3403 <Sgntr>
3404 sBJUdIknLwGXLGCd1J6sNDzqVwCTAaqGEAzYmaMrBVZI5xo6ILXAIq0FxnUigBWGPpIclyMY0
3405 fmVK6L6Y64J8AFCOH8/Fugtzdnfs7yt8N8nsaSFBg719L9MNFjHFo3WRMNQuXoRFC21aJkQ9m
3406 2zgkRpj+hl25TXE5SK850hhM+a7wYEM5iqD+DOanGSxMJm5iihDLe8DOECDfSe54JCHnlwsX5
3407 LAqGaxmaYyHNBNlds6Nmxbk9L1/TpaZa0rxJNdUia2pzcet4q8hqQYg9AtUL5vJRUQ9tjYrzh
3408 UlV+ETkIZaI+aZTH/+wKeAQPIxt3xSWk8WQMWZMbbUkKSPqE6/6k7yeaO06Qhvr1TPhVIMQ7e
3409 ZAQfGTBLB9KoNQJjwSXASkaSzg9MBzipN2NCPI7EfONYMTHSz78Z+PkcAnk8LGL4DgML/l56/
3410 bSfAttJqmO9xI92KxrTGwuVcBIeJ8EFuR36sc0/Aqu4CseSt4KUJAovLjcNLmCDozj+ywlmkI
3411 K
3412 </Sgntr>
3413 </Sgnr>
3414 </SgndData>
3415 </SctyTrlr>
3416 </MgmtPlanRplcmnt>
3417 </Document>

3418
3419
3420

8 Download of Cryptographic Keys Page 146


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3421 8.4.5 Status Report to Request a Key Download


3422 To perform the action of the Management Plan, the POI requests the Security Parameters sending the
3423 StatusReport message containing the session key to encrypt the keys to download.
3424
3425 The POI generates a triple DES 112 bits session key (SK) to encrypt the key encryption key, denoted
3426 KEK:
3427 0000 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|

3428
3429 The POI generate the following seed:
3430 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |?.].w.0}`..lo;.=|
3431 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C |...]d.Lg.;......|

3432
3433 With the previous seed, the OAEP encryption of this session key Enc[KTM-Enc](SK) is :
3434 0000: 0E 8E 47 09 FA 83 A3 2B 80 63 5B D7 D0 F7 F8 B9 | G + c[ |
3435 0010: EE A8 14 E9 D2 B7 7A 34 95 84 F5 24 DB DF 60 76 | z4 $ `v|
3436 0020: 4B 16 CE 42 71 5F 01 D7 49 FC B4 EF B2 51 77 11 |K Bq_ I Qw |
3437 0030: A4 9D FD 6D 6F 8E 81 87 51 9C 8F A7 B7 FF 92 8E | mo Q |
3438 0040: C1 78 3E D7 07 DB C7 D5 79 BC 08 9A 6E AA 87 6C | x> y n l|
3439 0050: DD 06 16 E9 32 2C 0A CF 43 18 B4 2B 58 35 DD 5B | 2, C +X5 [|
3440 0060: 2C 2F FA E5 46 26 4D 61 5F 79 88 E0 D4 DC 53 F6 |,/ F&Ma_y S |
3441 0070: 20 4B D6 35 B1 B7 24 F0 51 F8 46 93 9E D1 13 B1 | K 5 $ Q F |
3442 0080: A3 90 EE 6B 02 E1 14 12 BB D2 4D 5F 73 65 32 05 | k M_se2 |
3443 0090: 9D 54 E4 8C 9A 67 39 C1 CE 5D 48 B0 A6 90 67 EA | T g9 ]H g |
3444 00A0: 76 24 CF A4 4B D8 BD 7E FD 2D 3E BE 58 76 39 89 |v$ K ~ -> Xv9 |
3445 00B0: C7 4A CA 5B 38 F3 8D D0 C8 EE FF EE 7F EC A8 A5 | J [8 |
3446 00C0: 47 5E 0E 3D 32 98 00 7A C6 E9 44 2A 6D D3 1B 7D |G^ =2 z D*m }|
3447 00D0: 3C 1B AE F5 A6 DE B3 37 AA FF A4 83 6E 8D 09 1E |< 7 n |
3448 00E0: EF 98 2A EC C0 BA 5F B0 5E 48 6B 51 DA 82 02 64 | * _ ^HkQ d|
3449 00F0: 20 26 1A 8F 05 5C 40 B4 F3 60 8D 7B 07 FF C2 0C | & \@ ` { |
3450 0100: 71 69 4A 9E DC 2A 54 8B 72 CA C2 DC 38 2D B1 AF |qiJ *T r 8- |
3451 0110: F7 E0 F6 1F F9 06 86 01 CA 90 3A 1F 2C 59 8F FF | : ,Y |
3452 0120: D8 86 EC 23 A9 25 F6 F3 4E 49 BE AC 43 83 6D 76 | # % NI C mv|
3453 0130: EF C8 B3 88 F4 F2 CB E6 45 AD 10 14 C3 29 E8 09 | E ) |
3454 0140: 2C A3 71 7C 88 4D A8 6A 7F A5 8E 8D 96 DB 31 57 |, q| M j 1W|
3455 0150: 85 1A 56 98 F5 5D BA 0C 4D 26 21 A0 E1 58 AE 06 | V ] M&! X |
3456 0160: 87 86 95 31 AF 1C 6B 1F E4 CA 99 B1 C5 D2 1E 11 | 1 k |
3457 0170: 69 23 B9 09 42 7D 5B 94 96 B5 82 C6 2D 15 BA 69 |i# B}[ - i|

3458
3459 The POI generates the triple DES 112 bits KEK key:
3460 0000 A7 5D 20 F7 04 51 75 45 3E 29 25 9D 3B 08 A7 2A |.] ..QuE>)%.;..*|

3461
3462 Applying the padding process, the hexadecimal byte 80 is appended, followed by 7 null bytes:
3463 0000 A7 5D 20 F7 04 51 75 45 3E 29 25 9D 3B 08 A7 2A |.] ..QuE>)%.;..*|
3464 0010 80 00 00 00 00 00 00 00 |........ |

3465
3466 Using the Initialisation Vector value A27BB46D1C306E09, the Triple DES CBC encryption by SK of the
3467 padded KEK provides the values below:
3468 0000 9F 04 15 02 7B 61 F4 6C 85 1D A5 35 96 89 4E 25 |....{a.l...5..N%|
3469 0010 AD 20 A8 F1 EE 6B A1 38 |. ...k.8 |

3470
3471
3472

8 Download of Cryptographic Keys Page 147


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3473 The StatusReport message containing the header and the body presented in the table below:
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 002
CreationDateTime 2013-12-06:13:53:53.00+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-12-06:13:53:53.00+02:00
Content
POIComponent
Type Terminal
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
Identification Counter Top E41
SerialNumber 7825410759
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Status
VersionNumber 1.01
StandardCompliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-12-06:13:53:53.00+02:00
DataSetRequired
Identification
Name epas-acquirer-TM1-TIK
Type SecurityParameters
Version 20131206135352

8 Download of Cryptographic Keys Page 148


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

CreationDateTime 2013-12-06T13:53:52.00+02:00
POIChallenge D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608
F3F2841C77051
TMChallenge E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA49
5991B7852B855
SessionKey
Identification Key Encryption Key KEK
Version 01
Type DES112
Function KeyExport
KeyValue
EnvelopedData
Recipient
KeyTransport
Version 0
RecipientIdentification
IssuerAndSerial-
Number
Issuer
Relative-
Distinguished-
Name
AtributeType CountryName
AttributeName BE
Relative-
Distinguished-
Name
AtributeType OrganisationName
AttributeName EPASOrg
Relative-
Distinguished-
Name
AtributeType OrganisationUnitName
AttributeName Technical Center of Expertise
Relative-
Distinguished-
Name
AtributeType CommonName
AttributeName EPAS Protocols Test CA
SerialNumber 7895CA35014C3D2F1E11B10D
KeyEncryptionAlgorithm
Algorithm RSAES-OAEP
Parameter
DigestAlgorithm SHA256
MaskGenerator-
Algorithm
Algorithm MGF1
Parameter
SHA256
DigestAlgorithm

8 Download of Cryptographic Keys Page 149


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

EncryptedKey 0E8E4709FA83A32B80635BD7D0F7F8B9EEA814E9D2B77A34958
4F524DBDF60764B16CE42715F01D749FCB4EFB2517711A49DFD
6D6F8E8187519C8FA7B7FF928EC1783ED707DBC7D579BC089A6
EAA876CDD0616E9322C0ACF4318B42B5835DD5B2C2FFAE54626
4D615F7988E0D4DC53F6204BD635B1B724F051F846939ED113B
1A390EE6B02E11412BBD24D5F736532059D54E48C9A6739C1CE
5D48B0A69067EA7624CFA44BD8BD7EFD2D3EBE58763989C74AC
A5B38F38DD0C8EEFFEE7FECA8A5475E0E3D3298007AC6E9442A
6DD31B7D3C1BAEF5A6DEB337AAFFA4836E8D091EEF982AECC0B
A5FB05E486B51DA82026420261A8F055C40B4F3608D7B07FFC2
0C71694A9EDC2A548B72CAC2DC382DB1AFF7E0F61FF9068601C
A903A1F2C598FFFD886EC23A925F6F34E49BEAC43836D76EFC8
B388F4F2CBE645AD1014C329E8092CA3717C884DA86A7FA58E8
D96DB3157851A5698F55DBA0C4D2621A0E158AE0687869531AF
1C6B1FE4CA99B1C5D21E116923B909427D5B9496B582C62D15B
A69
EncryptedContent
ContentType PlainData
ContentEncryptionAlgorithm
Algorithm DES112CBC
Parameter
InitialisationVector A27BB46D1C306E09
EncryptedData 9F0415027B61F46C851DA53596894E25AD20A8F1EE6BA138

3474
3475 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
3476 body is:
3477 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
3478 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
3479 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
3480 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
3481 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
3482 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
3483 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
3484 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
3485 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
3486 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
3487 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
3488 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 35 |13-12-06T13:53:5|
3489 00C0 33 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |3.00+02:00</CreD|
3490 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
3491 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
3492 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
3493 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
3494 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
3495 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
3496 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
3497 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
3498 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
3499 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
3500 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
3501 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
3502 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
3503 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
3504 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
3505 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
3506 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|

8 Download of Cryptographic Keys Page 150


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3507 01E0 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 45 50 41 2D |dCmplc><Id>SEPA-|


3508 01F0 46 41 53 54 3C 2F 49 64 3E 3C 56 72 73 6E 3E 33 |FAST</Id><Vrsn>3|
3509 0200 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 73 72 3E 43 |.0</Vrsn><Issr>C|
3510 0210 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 74 64 43 6D |IR</Issr></StdCm|
3511 0220 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |plc></POICmpnt><|
3512 0230 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 |AttndncCntxt>ATT|
3513 0240 44 3C 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E |D</AttndncCntxt>|
3514 0250 3C 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 31 32 |<POIDtTm>2013-12|
3515 0260 2D 30 36 54 31 33 3A 35 33 3A 35 33 2E 30 30 2B |-06T13:53:53.00+|
3516 0270 30 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C |02:00</POIDtTm><|
3517 0280 44 61 74 61 53 65 74 52 65 71 72 64 3E 3C 49 64 |DataSetReqrd><Id|
3518 0290 3E 3C 4E 6D 3E 65 70 61 73 2D 61 63 71 75 69 72 |><Nm>epas-acquir|
3519 02A0 65 72 2D 54 4D 31 2D 54 49 4B 3C 2F 4E 6D 3E 3C |er-TM1-TIK</Nm><|
3520 02B0 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 73 |Tp>SCPR</Tp><Vrs|
3521 02C0 6E 3E 32 30 31 33 31 32 30 36 31 33 35 33 35 32 |n>20131206135352|
3522 02D0 3C 2F 56 72 73 6E 3E 3C 43 72 65 44 74 54 6D 3E |</Vrsn><CreDtTm>|
3523 02E0 32 30 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 |2013-12-06T13:53|
3524 02F0 3A 35 32 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 |:52.00+02:00</Cr|
3525 0300 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 50 4F 49 43 |eDtTm></Id><POIC|
3526 0310 68 6C 6C 6E 67 3E 30 54 64 38 63 77 66 57 44 54 |hllng>0Td8cwfWDT|
3527 0320 6D 32 78 76 4F 35 4D 39 41 49 6D 56 58 57 54 66 |m2xvO5M9AImVXWTf|
3528 0330 54 47 65 32 4F 2F 59 49 38 2F 4B 45 48 48 63 46 |TGe2O/YI8/KEHHcF|
3529 0340 45 3D 3C 2F 50 4F 49 43 68 6C 6C 6E 67 3E 3C 54 |E=</POIChllng><T|
3530 0350 4D 43 68 6C 6C 6E 67 3E 34 37 44 45 51 70 6A 38 |MChllng>47DEQpj8|
3531 0360 48 42 53 61 2B 2F 54 49 6D 57 2B 35 4A 43 65 75 |HBSa+/TImW+5JCeu|
3532 0370 51 65 52 6B 6D 35 4E 4D 70 4A 57 5A 47 33 68 53 |QeRkm5NMpJWZG3hS|
3533 0380 75 46 55 3D 3C 2F 54 4D 43 68 6C 6C 6E 67 3E 3C |uFU=</TMChllng><|
3534 0390 53 73 6E 4B 65 79 3E 3C 49 64 3E 4B 65 79 20 45 |SsnKey><Id>Key E|
3535 03A0 6E 63 72 79 70 74 69 6F 6E 20 4B 65 79 20 4B 45 |ncryption Key KE|
3536 03B0 4B 3C 2F 49 64 3E 3C 56 72 73 6E 3E 30 31 3C 2F |K</Id><Vrsn>01</|
3537 03C0 56 72 73 6E 3E 3C 54 70 3E 45 44 45 33 3C 2F 54 |Vrsn><Tp>EDE3</T|
3538 03D0 70 3E 3C 46 63 74 6E 3E 4B 45 59 58 3C 2F 46 63 |p><Fctn>KEYX</Fc|
3539 03E0 74 6E 3E 3C 4B 65 79 56 61 6C 3E 3C 43 6E 74 74 |tn><KeyVal><Cntt|
3540 03F0 54 70 3E 45 56 4C 50 3C 2F 43 6E 74 74 54 70 3E |Tp>EVLP</CnttTp>|
3541 0400 3C 45 6E 76 6C 70 64 44 61 74 61 3E 3C 52 63 70 |<EnvlpdData><Rcp|
3542 0410 74 3E 3C 4B 65 79 54 72 6E 73 70 72 74 3E 3C 56 |t><KeyTrnsprt><V|
3543 0420 72 73 6E 3E 30 3C 2F 56 72 73 6E 3E 3C 52 63 70 |rsn>0</Vrsn><Rcp|
3544 0430 74 49 64 3E 3C 49 73 73 72 41 6E 64 53 72 6C 4E |tId><IssrAndSrlN|
3545 0440 62 3E 3C 49 73 73 72 3E 3C 52 6C 74 76 44 73 74 |b><Issr><RltvDst|
3546 0450 6E 67 73 68 64 4E 6D 3E 3C 41 74 74 72 54 70 3E |ngshdNm><AttrTp>|
3547 0460 43 41 54 54 3C 2F 41 74 74 72 54 70 3E 3C 41 74 |CATT</AttrTp><At|
3548 0470 74 72 56 61 6C 3E 42 45 3C 2F 41 74 74 72 56 61 |trVal>BE</AttrVa|
3549 0480 6C 3E 3C 2F 52 6C 74 76 44 73 74 6E 67 73 68 64 |l></RltvDstngshd|
3550 0490 4E 6D 3E 3C 52 6C 74 76 44 73 74 6E 67 73 68 64 |Nm><RltvDstngshd|
3551 04A0 4E 6D 3E 3C 41 74 74 72 54 70 3E 4F 41 54 54 3C |Nm><AttrTp>OATT<|
3552 04B0 2F 41 74 74 72 54 70 3E 3C 41 74 74 72 56 61 6C |/AttrTp><AttrVal|
3553 04C0 3E 45 50 41 53 4F 72 67 3C 2F 41 74 74 72 56 61 |>EPASOrg</AttrVa|
3554 04D0 6C 3E 3C 2F 52 6C 74 76 44 73 74 6E 67 73 68 64 |l></RltvDstngshd|
3555 04E0 4E 6D 3E 3C 52 6C 74 76 44 73 74 6E 67 73 68 64 |Nm><RltvDstngshd|
3556 04F0 4E 6D 3E 3C 41 74 74 72 54 70 3E 4F 55 41 54 3C |Nm><AttrTp>OUAT<|
3557 0500 2F 41 74 74 72 54 70 3E 3C 41 74 74 72 56 61 6C |/AttrTp><AttrVal|
3558 0510 3E 54 65 63 68 6E 69 63 61 6C 20 43 65 6E 74 65 |>Technical Cente|
3559 0520 72 20 6F 66 20 45 78 70 65 72 74 69 73 65 3C 2F |r of Expertise</|
3560 0530 41 74 74 72 56 61 6C 3E 3C 2F 52 6C 74 76 44 73 |AttrVal></RltvDs|

8 Download of Cryptographic Keys Page 151


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3561 0540 74 6E 67 73 68 64 4E 6D 3E 3C 52 6C 74 76 44 73 |tngshdNm><RltvDs|


3562 0550 74 6E 67 73 68 64 4E 6D 3E 3C 41 74 74 72 54 70 |tngshdNm><AttrTp|
3563 0560 3E 43 4E 41 54 3C 2F 41 74 74 72 54 70 3E 3C 41 |>CNAT</AttrTp><A|
3564 0570 74 74 72 56 61 6C 3E 45 50 41 53 20 50 72 6F 74 |ttrVal>EPAS Prot|
3565 0580 6F 63 6F 6C 73 20 54 65 73 74 20 43 41 3C 2F 41 |ocols Test CA</A|
3566 0590 74 74 72 56 61 6C 3E 3C 2F 52 6C 74 76 44 73 74 |ttrVal></RltvDst|
3567 05A0 6E 67 73 68 64 4E 6D 3E 3C 2F 49 73 73 72 3E 3C |ngshdNm></Issr><|
3568 05B0 53 72 6C 4E 62 3E 65 4A 58 4B 4E 51 46 4D 50 53 |SrlNb>eJXKNQFMPS|
3569 05C0 38 65 45 62 45 4E 3C 2F 53 72 6C 4E 62 3E 3C 2F |8eEbEN</SrlNb></|
3570 05D0 49 73 73 72 41 6E 64 53 72 6C 4E 62 3E 3C 2F 52 |IssrAndSrlNb></R|
3571 05E0 63 70 74 49 64 3E 3C 4B 65 79 4E 63 72 70 74 6E |cptId><KeyNcrptn|
3572 05F0 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 52 53 41 4F 3C |Algo><Algo>RSAO<|
3573 0600 2F 41 6C 67 6F 3E 3C 50 61 72 61 6D 3E 3C 44 67 |/Algo><Param><Dg|
3574 0610 73 74 41 6C 67 6F 3E 48 53 32 35 3C 2F 44 67 73 |stAlgo>HS25</Dgs|
3575 0620 74 41 6C 67 6F 3E 3C 4D 73 6B 47 6E 72 74 72 41 |tAlgo><MskGnrtrA|
3576 0630 6C 67 6F 3E 3C 41 6C 67 6F 3E 4D 47 46 31 3C 2F |lgo><Algo>MGF1</|
3577 0640 41 6C 67 6F 3E 3C 50 61 72 61 6D 3E 3C 44 67 73 |Algo><Param><Dgs|
3578 0650 74 41 6C 67 6F 3E 48 53 32 35 3C 2F 44 67 73 74 |tAlgo>HS25</Dgst|
3579 0660 41 6C 67 6F 3E 3C 2F 50 61 72 61 6D 3E 3C 2F 4D |Algo></Param></M|
3580 0670 73 6B 47 6E 72 74 72 41 6C 67 6F 3E 3C 2F 50 61 |skGnrtrAlgo></Pa|
3581 0680 72 61 6D 3E 3C 2F 4B 65 79 4E 63 72 70 74 6E 41 |ram></KeyNcrptnA|
3582 0690 6C 67 6F 3E 3C 4E 63 72 70 74 64 4B 65 79 3E 44 |lgo><NcrptdKey>D|
3583 06A0 6F 35 48 43 66 71 44 6F 79 75 41 59 31 76 58 30 |o5HCfqDoyuAY1vX0|
3584 06B0 50 66 34 75 65 36 6F 46 4F 6E 53 74 33 6F 30 6C |Pf4ue6oFOnSt3o0l|
3585 06C0 59 54 31 4A 4E 76 66 59 48 5A 4C 46 73 35 43 63 |YT1JNvfYHZLFs5Cc|
3586 06D0 56 38 42 31 30 6E 38 74 4F 2B 79 55 58 63 52 70 |V8B10n8tO+yUXcRp|
3587 06E0 4A 33 39 62 57 2B 4F 67 59 64 52 6E 49 2B 6E 74 |J39bW+OgYdRnI+nt|
3588 06F0 2F 2B 53 6A 73 46 34 50 74 63 48 32 38 66 56 65 |/+SjsF4PtcH28fVe|
3589 0700 62 77 49 6D 6D 36 71 68 32 7A 64 42 68 62 70 4D |bwImm6qh2zdBhbpM|
3590 0710 69 77 4B 7A 30 4D 59 74 43 74 59 4E 64 31 62 4C |iwKz0MYtCtYNd1bL|
3591 0720 43 2F 36 35 55 59 6D 54 57 46 66 65 59 6A 67 31 |C/65UYmTWFfeYjg1|
3592 0730 4E 78 54 39 69 42 4C 31 6A 57 78 74 79 54 77 55 |NxT9iBL1jWxtyTwU|
3593 0740 66 68 47 6B 35 37 52 45 37 47 6A 6B 4F 35 72 41 |fhGk57RE7GjkO5rA|
3594 0750 75 45 55 45 72 76 53 54 56 39 7A 5A 54 49 46 6E |uEUErvSTV9zZTIFn|
3595 0760 56 54 6B 6A 4A 70 6E 4F 63 48 4F 58 55 69 77 70 |VTkjJpnOcHOXUiwp|
3596 0770 70 42 6E 36 6E 59 6B 7A 36 52 4C 32 4C 31 2B 2F |pBn6nYkz6RL2L1+/|
3597 0780 53 30 2B 76 6C 68 32 4F 59 6E 48 53 73 70 62 4F |S0+vlh2OYnHSspbO|
3598 0790 50 4F 4E 30 4D 6A 75 2F 2B 35 2F 37 4B 69 6C 52 |PON0Mju/+5/7KilR|
3599 07A0 31 34 4F 50 54 4B 59 41 48 72 47 36 55 51 71 62 |14OPTKYAHrG6UQqb|
3600 07B0 64 4D 62 66 54 77 62 72 76 57 6D 33 72 4D 33 71 |dMbfTwbrvWm3rM3q|
3601 07C0 76 2B 6B 67 32 36 4E 43 52 37 76 6D 43 72 73 77 |v+kg26NCR7vmCrsw|
3602 07D0 4C 70 66 73 46 35 49 61 31 48 61 67 67 4A 6B 49 |LpfsF5Ia1HaggJkI|
3603 07E0 43 59 61 6A 77 56 63 51 4C 54 7A 59 49 31 37 42 |CYajwVcQLTzYI17B|
3604 07F0 2F 2F 43 44 48 46 70 53 70 37 63 4B 6C 53 4C 63 |//CDHFpSp7cKlSLc|
3605 0800 73 72 43 33 44 67 74 73 61 2F 33 34 50 59 66 2B |srC3Dgtsa/34PYf+|
3606 0810 51 61 47 41 63 71 51 4F 68 38 73 57 59 2F 2F 32 |QaGAcqQOh8sWY//2|
3607 0820 49 62 73 49 36 6B 6C 39 76 4E 4F 53 62 36 73 51 |IbsI6kl9vNOSb6sQ|
3608 0830 34 4E 74 64 75 2F 49 73 34 6A 30 38 73 76 6D 52 |4Ntdu/Is4j08svmR|
3609 0840 61 30 51 46 4D 4D 70 36 41 6B 73 6F 33 46 38 69 |a0QFMMp6Akso3F8i|
3610 0850 45 32 6F 61 6E 2B 6C 6A 6F 32 57 32 7A 46 58 68 |E2oan+ljo2W2zFXh|
3611 0860 52 70 57 6D 50 56 64 75 67 78 4E 4A 69 47 67 34 |RpWmPVdugxNJiGg4|
3612 0870 56 69 75 42 6F 65 47 6C 54 47 76 48 47 73 66 35 |ViuBoeGlTGvHGsf5|
3613 0880 4D 71 5A 73 63 58 53 48 68 46 70 49 37 6B 4A 51 |MqZscXSHhFpI7kJQ|
3614 0890 6E 31 62 6C 4A 61 31 67 73 59 74 46 62 70 70 3C |n1blJa1gsYtFbpp<|

8 Download of Cryptographic Keys Page 152


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3615 08A0 2F 4E 63 72 70 74 64 4B 65 79 3E 3C 2F 4B 65 79 |/NcrptdKey></Key|


3616 08B0 54 72 6E 73 70 72 74 3E 3C 2F 52 63 70 74 3E 3C |Trnsprt></Rcpt><|
3617 08C0 4E 63 72 70 74 64 43 6E 74 74 3E 3C 43 6E 74 74 |NcrptdCntt><Cntt|
3618 08D0 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 3E |Tp>DATA</CnttTp>|
3619 08E0 3C 43 6E 74 74 4E 63 72 70 74 6E 41 6C 67 6F 3E |<CnttNcrptnAlgo>|
3620 08F0 3C 41 6C 67 6F 3E 45 33 44 43 3C 2F 41 6C 67 6F |<Algo>E3DC</Algo|
3621 0900 3E 3C 50 61 72 61 6D 3E 3C 49 6E 69 74 6C 73 74 |><Param><Initlst|
3622 0910 6E 56 63 74 72 3E 6F 6E 75 30 62 52 77 77 62 67 |nVctr>onu0bRwwbg|
3623 0920 6B 3D 3C 2F 49 6E 69 74 6C 73 74 6E 56 63 74 72 |k=</InitlstnVctr|
3624 0930 3E 3C 2F 50 61 72 61 6D 3E 3C 2F 43 6E 74 74 4E |></Param></CnttN|
3625 0940 63 72 70 74 6E 41 6C 67 6F 3E 3C 4E 63 72 70 74 |crptnAlgo><Ncrpt|
3626 0950 64 44 61 74 61 3E 6E 77 51 56 41 6E 74 68 39 47 |dData>nwQVAnth9G|
3627 0960 79 46 48 61 55 31 6C 6F 6C 4F 4A 61 30 67 71 50 |yFHaU1lolOJa0gqP|
3628 0970 48 75 61 36 45 34 3C 2F 4E 63 72 70 74 64 44 61 |Hua6E4</NcrptdDa|
3629 0980 74 61 3E 3C 2F 4E 63 72 70 74 64 43 6E 74 74 3E |ta></NcrptdCntt>|
3630 0990 3C 2F 45 6E 76 6C 70 64 44 61 74 61 3E 3C 2F 4B |</EnvlpdData></K|
3631 09A0 65 79 56 61 6C 3E 3C 2F 53 73 6E 4B 65 79 3E 3C |eyVal></SsnKey><|
3632 09B0 2F 44 61 74 61 53 65 74 52 65 71 72 64 3E 3C 2F |/DataSetReqrd></|
3633 09C0 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E 3C |Cntt></DataSet><|
3634 09D0 2F 53 74 73 52 70 74 3E |/StsRpt> |

3635
3636 The SHA256 digest of the StatusReport message body is:
3637 0000 08 A6 49 61 C5 4E C2 79 14 C2 2D 9C AE C9 B9 F8 |..Ia.N.y..-.....|
3638 0010 14 F9 1B 39 5A 7F 2C 30 AC 38 04 47 75 31 7D 46 |...9Z.,0.8.Gu1}F|

3639
3640

8 Download of Cryptographic Keys Page 153


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3641 Applying the padding process for the digital signature, the block result is dumped below:
3642 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3643 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3644 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3645 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3646 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3647 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3648 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3649 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3650 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3651 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3652 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3653 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
3654 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
3655 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
3656 00E0 08 A6 49 61 C5 4E C2 79 14 C2 2D 9C AE C9 B9 F8 |..Ia.N.y..-.....|
3657 00F0 14 F9 1B 39 5A 7F 2C 30 AC 38 04 47 75 31 7D 46 |...9Z.,0.8.Gu1}F|

3658
3659 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
3660 body:
3661 0000 52 5E 91 3C D2 62 6D 6D F5 CB 67 85 A3 24 01 D1 |R^.<.bmm..g..$..|
3662 0010 AB 3C 5A 57 C3 B7 1F 10 73 A7 A1 5A C4 12 FF 8D |.<ZW....s..Z....|
3663 0020 4C 53 4B 3F E4 7C B5 6A 0C 9B C7 2F A2 22 79 D0 |LSK?.|.j.../."y.|
3664 0030 1F 74 76 B5 40 C5 BA BF 48 AE 39 11 4E 5B 67 4B |.tv.@...H.9.N[gK|
3665 0040 D2 6B F5 46 36 57 FE 16 5B E4 53 D2 BB F5 31 F3 |.k.F6W..[.S...1.|
3666 0050 F2 56 B7 09 B2 8E DF 63 1D AD AD 57 59 3F D4 67 |.V.....c...WY?.g|
3667 0060 18 78 79 30 2D CB 9E 35 FC A7 4C FC 5C E9 2B 6E |.xy0-..5..L.\.+n|
3668 0070 12 2A E9 3D A5 7A 0B 27 91 D4 5D F3 00 6A DF 72 |.*.=.z.'..]..j.r|
3669 0080 18 37 BB AB CB E8 91 FD 9E B9 BD 11 FA F4 1F 1B |.7..............|
3670 0090 6F 31 C9 79 67 B5 4B 76 F2 90 42 60 FA E4 51 B0 |o1.yg.Kv..B`..Q.|
3671 00A0 BC 59 6D 60 D0 AF C7 82 AC 0B 89 19 D5 2B 24 A6 |.Ym`.........+$.|
3672 00B0 D7 1C F1 1F EA 08 23 81 FD EB BF EC AE E5 7F CB |......#.........|
3673 00C0 4B 17 7C 1A B0 F1 6D 62 7D FE CE AF D9 D7 A9 B8 |K.|...mb}.......|
3674 00D0 06 31 E0 C3 3A FA 7D 26 F2 F8 AA 76 AE 46 8A C1 |.1..:.}&...v.F..|
3675 00E0 59 07 F3 F5 F1 D9 BF 03 0F 49 C9 C0 0D C8 6E 10 |Y........I....n.|
3676 00F0 24 60 49 EB C4 85 E1 BA 2B 44 B2 A9 87 60 D7 0E |$`I.....+D...`..|

3677
3678
3679
3680

8 Download of Cryptographic Keys Page 154


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3681 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise

8 Download of Cryptographic Keys Page 155


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 525E913CD2626D6DF5CB6785A32401D1AB3C5A57C3B71F1073A7A15AC412FF8D
4C534B3FE47CB56A0C9BC72FA22279D01F7476B540C5BABF48AE39114E5B674B
D26BF5463657FE165BE453D2BBF531F3F256B709B28EDF631DADAD57593FD467
187879302DCB9E35FCA74CFC5CE92B6E122AE93DA57A0B2791D45DF3006ADF72
1837BBABCBE891FD9EB9BD11FAF41F1B6F31C97967B54B76F2904260FAE451B0
BC596D60D0AFC782AC0B8919D52B24A6D71CF11FEA082381FDEBBFECAEE57FCB
4B177C1AB0F16D627DFECEAFD9D7A9B80631E0C33AFA7D26F2F8AA76AE468AC1
5907F3F5F1D9BF030F49C9C00DC86E10246049EBC485E1BA2B44B2A98760D70E

3682
3683 The XML encoded structure of the StatusReport message is:
3684
3685 <?xml version="1.0" encoding="UTF-8"?>
3686 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3687 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
3688 <StsRpt>
3689 <Hdr>
3690 <DwnldTrf>false</DwnldTrf>
3691 <FrmtVrsn>5.0</FrmtVrsn>
3692 <XchgId>002</XchgId>
3693 <CreDtTm>2013-12-06T13:53:53.00+02:00</CreDtTm>
3694 <InitgPty>
3695 <Id>66000001</Id>
3696 <Tp>OPOI</Tp>
3697 <Issr>MTMG</Issr>
3698 </InitgPty>
3699 <RcptPty>
3700 <Id>epas-keyDownload-TM1</Id>
3701 <Tp>MTMG</Tp>
3702 </RcptPty>
3703 </Hdr>
3704 <StsRpt>
3705 <POIId>
3706 <Id>66000001</Id>
3707 <Tp>OPOI</Tp>
3708 <Issr>MTMG</Issr>
3709 </POIId>
3710 <TermnlMgrId>
3711 <Id>epas-keyDownload-TM1</Id>
3712 <Tp>MTMG</Tp>
3713 </TermnlMgrId>
3714 <DataSet>
3715 <Id>
3716 <Tp>STRP</Tp>
3717 <CreDtTm>2013-12-06T13:53:53.00+02:00</CreDtTm>
3718 </Id>
3719 <Cntt>
3720 <POICmpnt>
3721 <Tp>TERM</Tp>
3722 <Id>
3723 <ItmNb>1</ItmNb>
3724 <PrvdrId>EPASVendor001</PrvdrId>
3725 <Id>Counter Top E41</Id>
3726 <SrlNb>7825410759</SrlNb>
3727 </Id>
3728 </POICmpnt>
3729 <POICmpnt>

8 Download of Cryptographic Keys Page 156


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3730 <Tp>APLI</Tp>
3731 <Id>
3732 <ItmNb>1.1</ItmNb>
3733 <PrvdrId>EPASVendor001</PrvdrId>
3734 </Id>
3735 <Sts>
3736 <VrsnNb>1.01</VrsnNb>
3737 </Sts>
3738 <StdCmplc>
3739 <Id>SEPA-FAST</Id>
3740 <Vrsn>3.0</Vrsn>
3741 <Issr>CIR</Issr>
3742 </StdCmplc>
3743 </POICmpnt>
3744 <AttndncCntxt>ATTD</AttndncCntxt>
3745 <POIDtTm>2013-12-06T13:53:53.00+02:00</POIDtTm>
3746 <DataSetReqrd>
3747 <Id>
3748 <Nm>epas-acquirer-TM1-TIK</Nm>
3749 <Tp>SCPR</Tp>
3750 <Vrsn>20131206135352</Vrsn>
3751 <CreDtTm>2013-12-06T13:53:52.00+02:00</CreDtTm>
3752 </Id>
3753 <POIChllng>
3754 0Td8cwfWDTm2xvO5M9AImVXWTfTGe2O/YI8/KEHHcFE=
3755 </POIChllng>
3756 <TMChllng>
3757 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
3758 </TMChllng>
3759 <SsnKey>
3760 <Id>Key Encryption Key KEK</Id>
3761 <Vrsn>01</Vrsn>
3762 <Tp>EDE3</Tp>
3763 <Fctn>KEYX</Fctn>
3764 <KeyVal> <CnttTp>EVLP</CnttTp>
3765 <EnvlpdData>
3766 <Rcpt>
3767 <KeyTrnsprt>
3768 <Vrsn>0</Vrsn>
3769 <RcptId>
3770 <IssrAndSrlNb>
3771 <Issr>
3772 <RltvDstngshdNm>
3773 <AttrTp>CATT</AttrTp>
3774 <AttrVal>BE</AttrVal>
3775 </RltvDstngshdNm>
3776 <RltvDstngshdNm>
3777 <AttrTp>OATT</AttrTp>
3778 <AttrVal>EPASOrg</AttrVal>
3779 </RltvDstngshdNm>
3780 <RltvDstngshdNm>
3781 <AttrTp>OUAT</AttrTp>
3782 <AttrVal>Technical Center of Expertise</AttrVal>
3783 </RltvDstngshdNm>
3784 <RltvDstngshdNm>
3785 <AttrTp>CNAT</AttrTp>
3786 <AttrVal>EPAS Protocols Test CA</AttrVal>
3787 </RltvDstngshdNm>
3788 </Issr>
3789 <SrlNb>eJXKNQFMPS8eEbEN</SrlNb>
3790 </IssrAndSrlNb>
3791 </RcptId>
3792 <KeyNcrptnAlgo>
3793 <Algo>RSAO</Algo>
3794 <Param>
3795 <DgstAlgo>HS25</DgstAlgo>
3796 <MskGnrtrAlgo>
3797 <Algo>MGF1</Algo>
3798 <Param>

8 Download of Cryptographic Keys Page 157


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3799 <DgstAlgo>HS25</DgstAlgo>
3800 </Param>
3801 </MskGnrtrAlgo>
3802 </Param>
3803 </KeyNcrptnAlgo>
3804 <NcrptdKey>
3805 Do5HCfqDoyuAY1vX0Pf4ue6oFOnSt3o0lYT1JNvfYHZLFs5CcV8B10n8tO+yUXcR
3806 pJ39bW+OgYdRnI+nt/+SjsF4PtcH28fVebwImm6qh2zdBhbpMiwKz0MYtCtYNd1b
3807 LC/65UYmTWFfeYjg1NxT9iBL1jWxtyTwUfhGk57RE7GjkO5rAuEUErvSTV9zZTIF
3808 nVTkjJpnOcHOXUiwppBn6nYkz6RL2L1+/S0+vlh2OYnHSspbOPON0Mju/+5/7Kil
3809 R14OPTKYAHrG6UQqbdMbfTwbrvWm3rM3qv+kg26NCR7vmCrswLpfsF5Ia1HaggJk
3810 ICYajwVcQLTzYI17B//CDHFpSp7cKlSLcsrC3Dgtsa/34PYf+QaGAcqQOh8sWY//
3811 2IbsI6kl9vNOSb6sQ4Ntdu/Is4j08svmRa0QFMMp6Akso3F8iE2oan+ljo2W2zFX
3812 hRpWmPVdugxNJiGg4ViuBoeGlTGvHGsf5MqZscXSHhFpI7kJQn1blJa1gsYtFbpp
3813 </NcrptdKey>
3814 </KeyTrnsprt>
3815 </Rcpt>
3816 <NcrptdCntt>
3817 <CnttTp>DATA</CnttTp>
3818 <CnttNcrptnAlgo>
3819 <Algo>E3DC</Algo>
3820 <Param>
3821 <InitlstnVctr>onu0bRwwbgk=</InitlstnVctr>
3822 </Param>
3823 </CnttNcrptnAlgo>
3824 <NcrptdData>nwQVAnth9GyFHaU1lolOJa0gqPHua6E4</NcrptdData>
3825 </NcrptdCntt>
3826 </EnvlpdData>
3827 </KeyVal>
3828
3829 </SsnKey>
3830 </DataSetReqrd>
3831 </Cntt>
3832 </DataSet>
3833 </StsRpt>
3834 <SctyTrlr>
3835 <CnttTp>SIGN</CnttTp>
3836 <SgndData>
3837 <DgstAlgo>
3838 <Algo>HS25</Algo>
3839 </DgstAlgo>
3840 <NcpsltdCntt>
3841 <CnttTp>DATA</CnttTp>
3842 </NcpsltdCntt>
3843 <Cert>
3844 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
3845 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
3846 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
3847 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
3848 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
3849 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
3850 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
3851 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
3852 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
3853 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
3854 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
3855 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
3856 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
3857 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
3858 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
3859 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
3860 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
3861 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
3862 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
3863 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
3864 </Cert>
3865 <Sgnr>
3866 <SgnrId>
3867 <IssrAndSrlNb>

8 Download of Cryptographic Keys Page 158


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3868 <Issr>
3869 <RltvDstngshdNm>
3870 <AttrTp>CATT</AttrTp>
3871 <AttrVal>BE</AttrVal>
3872 </RltvDstngshdNm>
3873 <RltvDstngshdNm>
3874 <AttrTp>OATT</AttrTp>
3875 <AttrVal>EPASOrg</AttrVal>
3876 </RltvDstngshdNm>
3877 <RltvDstngshdNm>
3878 <AttrTp>OUAT</AttrTp>
3879 <AttrVal>Technical Center of Expertise</AttrVal>
3880 </RltvDstngshdNm>
3881 <RltvDstngshdNm>
3882 <AttrTp>CNAT</AttrTp>
3883 <AttrVal>EPAS Protocols Test CA</AttrVal>
3884 </RltvDstngshdNm>
3885 </Issr>
3886 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
3887 </IssrAndSrlNb>
3888 </SgnrId>
3889 <DgstAlgo>
3890 <Algo>HS25</Algo>
3891 </DgstAlgo>
3892 <SgntrAlgo>
3893 <Algo>ERS2</Algo>
3894 </SgntrAlgo>
3895 <Sgntr>
3896 Ul6RPNJibW31y2eFoyQB0as8WlfDtx8Qc6ehWsQS/41MU0s/5Hy1agybxy+iInnQH3R2tUDFu
3897 r9IrjkRTltnS9Jr9UY2V/4WW+RT0rv1MfPyVrcJso7fYx2trVdZP9RnGHh5MC3LnjX8p0z8XO
3898 krbhIq6T2legsnkdRd8wBq33IYN7ury+iR/Z65vRH69B8bbzHJeWe1S3bykEJg+uRRsLxZbWD
3899 Qr8eCrAuJGdUrJKbXHPEf6ggjgf3rv+yu5X/LSxd8GrDxbWJ9/s6v2depuAYx4MM6+n0m8viq
3900 dq5GisFZB/P18dm/Aw9JycANyG4QJGBJ68SF4borRLKph2DXDg==
3901 </Sgntr>
3902 </Sgnr>
3903 </SgndData>
3904 </SctyTrlr>
3905 </StsRpt>
3906 </Document>

3907
3908
3909
3910
3911

8 Download of Cryptographic Keys Page 159


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3912 8.4.6 Configuration Update to Inject Keys


3913
3914 For the following elements, we assume that the TM will use the KEK key sent by the POI to generate
3915 through the UKPT algorithm a Session Key. Then this Session key will be used to encipher through a
3916 triple DES CBC algorithm the DUKPT initial key to be activated in the POI.
3917
3918 So the security parameters of the TM contain the DUKPT initial key to be activated in the POI:
3919 EE3AE644 1C2EEE18 3F3B4179 2DBCD318
3920
3921 First, the TM will use the triple DES 112 bits KEK key sent in the previous StatusReport requesting the
3922 security parameters data set:
3923 A75D20F7 04517545 3E29259D 3B08A72A
3924 This TM Host uses the triple DES UKPT transport key mechanism, generating the random string:
3925 F5DBFB9D 229BEF77 758F0448 87D15245
3926 The triple DES decryption of the two 64 bits blocks of this random string by the KEK key is:
3927 A93CBC7A D2303E31 24133B53 A3072276
3928 Applying the odd parity to this session key provides the following UKPT key:
3929 A83DBC7A D3313E31 25133B52 A2072376
3930 The triple DES CBC encryption of the DUKPT initial key by this UKPT key is:
3931 8F611CC 30B12BF75 3EA31B1B 7BBC3DDE
3932
3933 The header and the body of the AcceptorConfigurationUpdate message is presented in the table below:
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 002
CreationDateTime 2013-12-06:13:53:54.00+02:00
InitiatingParty
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
AcceptorConfiguration
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type SecurityParameters
Version 20131206135352
Content
HostCommunicationParameters
ActionType Create
HostIdentification AcquirerHost1
Key

8 Download of Cryptographic Keys Page 160


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

KeyIdentification SpecV1TestKey
KeyVersion 2010060715
SecurityParameters
ActionType Create
Version 1.1.01
POIChallenge D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608
F3F2841C77051
TMChallenge 46FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E74
C3B3339B312D3
SymetricKey
Identification SpecV1TestKey
AdditionalIdentification 398725A501E29020
Version 2010060715
Type DUKP9
Function DataEncryption
Function DataDecryption
Function PINEncryption
ActivationDate 2013-12-06:13:00:00
KeyValue
ContentType EnvelopedData
EnvelopedData
Recipient
KEK
KEKIdentification
KeyIdentification KeyEncryptionKey
KeyVersion 2013120613
KeyEncryption-
Algorithm
Algorithm UKPT
EncryptedKey F5DBFB9D229BEF77758F044887D15245
EncryptedContent
ContentType PlainData
ContentEncryption-
Algorithm
Algorithm DES112CBC
EncryptedData 8F611CC30B12BF753EA31B1B7BBC3DDE

3934
3935

8 Download of Cryptographic Keys Page 161


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3936 As for the previous message, the POI has no symmetric key shared usable by the key injection, so the
3937 TM authentication RSA key is used to provide a digital signature of the message body.
3938 Once unnecessary spaces and carriage returns are removed, the XML encoded
3939 AcceptorConfigurationUpdate message body is:
3940 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
3941 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
3942 0020 61 73 2D 6B 65 79 44 6F 77 6E 6C 6F 61 64 2D 54 |as-keyDownload-T|
3943 0030 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C |M1</Id><Tp>MTMG<|
3944 0040 2F 54 70 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 |/Tp></TermnlMgrI|
3945 0050 64 3E 3C 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C |d><DataSet><Id><|
3946 0060 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 73 |Tp>SCPR</Tp><Vrs|
3947 0070 6E 3E 32 30 31 33 31 32 30 36 31 33 35 33 35 32 |n>20131206135352|
3948 0080 3C 2F 56 72 73 6E 3E 3C 2F 49 64 3E 3C 43 6E 74 |</Vrsn></Id><Cnt|
3949 0090 74 3E 3C 48 73 74 43 6F 6D 50 61 72 61 6D 73 3E |t><HstComParams>|
3950 00A0 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 |<ActnTp>CREA</Ac|
3951 00B0 74 6E 54 70 3E 3C 48 73 74 49 64 3E 41 63 71 75 |tnTp><HstId>Acqu|
3952 00C0 69 72 65 72 48 6F 73 74 31 3C 2F 48 73 74 49 64 |irerHost1</HstId|
3953 00D0 3E 3C 4B 65 79 3E 3C 4B 65 79 49 64 3E 53 70 65 |><Key><KeyId>Spe|
3954 00E0 63 56 31 54 65 73 74 4B 65 79 3C 2F 4B 65 79 49 |cV1TestKey</KeyI|
3955 00F0 64 3E 3C 4B 65 79 56 72 73 6E 3E 32 30 31 30 30 |d><KeyVrsn>20100|
3956 0100 36 30 37 31 35 3C 2F 4B 65 79 56 72 73 6E 3E 3C |60715</KeyVrsn><|
3957 0110 2F 4B 65 79 3E 3C 2F 48 73 74 43 6F 6D 50 61 72 |/Key></HstComPar|
3958 0120 61 6D 73 3E 3C 53 63 74 79 50 61 72 61 6D 73 3E |ams><SctyParams>|
3959 0130 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 |<ActnTp>CREA</Ac|
3960 0140 74 6E 54 70 3E 3C 56 72 73 6E 3E 31 2E 31 2E 30 |tnTp><Vrsn>1.1.0|
3961 0150 31 3C 2F 56 72 73 6E 3E 3C 50 4F 49 43 68 6C 6C |1</Vrsn><POIChll|
3962 0160 6E 67 3E 30 54 64 38 63 77 66 57 44 54 6D 32 78 |ng>0Td8cwfWDTm2x|
3963 0170 76 4F 35 4D 39 41 49 6D 56 58 57 54 66 54 47 65 |vO5M9AImVXWTfTGe|
3964 0180 32 4F 2F 59 49 38 2F 4B 45 48 48 63 46 45 3D 3C |2O/YI8/KEHHcFE=<|
3965 0190 2F 50 4F 49 43 68 6C 6C 6E 67 3E 3C 54 4D 43 68 |/POIChllng><TMCh|
3966 01A0 6C 6C 6E 67 3E 52 76 74 39 31 73 57 51 34 6A 4C |llng>Rvt91sWQ4jL|
3967 01B0 74 69 33 74 42 51 78 31 70 63 44 59 76 44 55 32 |ti3tBQx1pcDYvDU2|
3968 01C0 38 76 5A 73 6B 35 30 77 37 4D 7A 6D 7A 45 74 4D |8vZsk50w7MzmzEtM|
3969 01D0 3D 3C 2F 54 4D 43 68 6C 6C 6E 67 3E 3C 53 6D 6D |=</TMChllng><Smm|
3970 01E0 74 72 63 4B 65 79 3E 3C 49 64 3E 53 70 65 63 56 |trcKey><Id>SpecV|
3971 01F0 31 54 65 73 74 4B 65 79 3C 2F 49 64 3E 3C 41 64 |1TestKey</Id><Ad|
3972 0200 64 74 6C 49 64 3E 4F 59 63 6C 70 51 48 69 6B 43 |dtlId>OYclpQHikC|
3973 0210 41 3D 3C 2F 41 64 64 74 6C 49 64 3E 3C 56 72 73 |A=</AddtlId><Vrs|
3974 0220 6E 3E 32 30 31 30 30 36 30 37 31 35 3C 2F 56 72 |n>2010060715</Vr|
3975 0230 73 6E 3E 3C 54 70 3E 44 4B 50 39 3C 2F 54 70 3E |sn><Tp>DKP9</Tp>|
3976 0240 3C 46 63 74 6E 3E 44 45 4E 43 3C 2F 46 63 74 6E |<Fctn>DENC</Fctn|
3977 0250 3E 3C 46 63 74 6E 3E 44 44 45 43 3C 2F 46 63 74 |><Fctn>DDEC</Fct|
3978 0260 6E 3E 3C 46 63 74 6E 3E 50 49 4E 45 3C 2F 46 63 |n><Fctn>PINE</Fc|
3979 0270 74 6E 3E 3C 41 63 74 76 74 6E 44 74 3E 32 30 31 |tn><ActvtnDt>201|
3980 0280 33 2D 31 32 2D 30 36 54 31 33 3A 30 30 3A 30 30 |3-12-06T13:00:00|
3981 0290 3C 2F 41 63 74 76 74 6E 44 74 3E 3C 4B 65 79 56 |</ActvtnDt><KeyV|
3982 02A0 61 6C 3E 3C 43 6E 74 74 54 70 3E 45 56 4C 50 3C |al><CnttTp>EVLP<|
3983 02B0 2F 43 6E 74 74 54 70 3E 3C 45 6E 76 6C 70 64 44 |/CnttTp><EnvlpdD|
3984 02C0 61 74 61 3E 3C 52 63 70 74 3E 3C 4B 45 4B 3E 3C |ata><Rcpt><KEK><|
3985 02D0 4B 45 4B 49 64 3E 3C 4B 65 79 49 64 3E 4B 65 79 |KEKId><KeyId>Key|
3986 02E0 45 6E 63 72 79 70 74 69 6F 6E 4B 65 79 3C 2F 4B |EncryptionKey</K|
3987 02F0 65 79 49 64 3E 3C 4B 65 79 56 72 73 6E 3E 32 30 |eyId><KeyVrsn>20|
3988 0300 31 33 31 32 30 36 31 33 3C 2F 4B 65 79 56 72 73 |13120613</KeyVrs|

8 Download of Cryptographic Keys Page 162


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

3989 0310 6E 3E 3C 2F 4B 45 4B 49 64 3E 3C 4B 65 79 4E 63 |n></KEKId><KeyNc|


3990 0320 72 70 74 6E 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 55 |rptnAlgo><Algo>U|
3991 0330 4B 50 54 3C 2F 41 6C 67 6F 3E 3C 2F 4B 65 79 4E |KPT</Algo></KeyN|
3992 0340 63 72 70 74 6E 41 6C 67 6F 3E 3C 4E 63 72 70 74 |crptnAlgo><Ncrpt|
3993 0350 64 4B 65 79 3E 39 64 76 37 6E 53 4B 62 37 33 64 |dKey>9dv7nSKb73d|
3994 0360 31 6A 77 52 49 68 39 46 53 52 51 3D 3D 3C 2F 4E |1jwRIh9FSRQ==</N|
3995 0370 63 72 70 74 64 4B 65 79 3E 3C 2F 4B 45 4B 3E 3C |crptdKey></KEK><|
3996 0380 2F 52 63 70 74 3E 3C 4E 63 72 70 74 64 43 6E 74 |/Rcpt><NcrptdCnt|
3997 0390 74 3E 3C 43 6E 74 74 54 70 3E 44 41 54 41 3C 2F |t><CnttTp>DATA</|
3998 03A0 43 6E 74 74 54 70 3E 3C 43 6E 74 74 4E 63 72 70 |CnttTp><CnttNcrp|
3999 03B0 74 6E 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 45 33 44 |tnAlgo><Algo>E3D|
4000 03C0 43 3C 2F 41 6C 67 6F 3E 3C 2F 43 6E 74 74 4E 63 |C</Algo></CnttNc|
4001 03D0 72 70 74 6E 41 6C 67 6F 3E 3C 4E 63 72 70 74 64 |rptnAlgo><Ncrptd|
4002 03E0 44 61 74 61 3E 6A 32 45 63 77 77 73 53 76 33 55 |Data>j2EcwwsSv3U|
4003 03F0 2B 6F 78 73 62 65 37 77 39 33 67 3D 3D 3C 2F 4E |+oxsbe7w93g==</N|
4004 0400 63 72 70 74 64 44 61 74 61 3E 3C 2F 4E 63 72 70 |crptdData></Ncrp|
4005 0410 74 64 43 6E 74 74 3E 3C 2F 45 6E 76 6C 70 64 44 |tdCntt></EnvlpdD|
4006 0420 61 74 61 3E 3C 2F 4B 65 79 56 61 6C 3E 3C 2F 53 |ata></KeyVal></S|
4007 0430 6D 6D 74 72 63 4B 65 79 3E 3C 2F 53 63 74 79 50 |mmtrcKey></SctyP|
4008 0440 61 72 61 6D 73 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 |arams></Cntt></D|
4009 0450 61 74 61 53 65 74 3E 3C 2F 41 63 63 70 74 72 43 |ataSet></AccptrC|
4010 0460 66 67 74 6E 3E |fgtn> |

4011 The SHA256 digest of the ManagementPlanReplacement message body is:


4012 0000 65 A4 BB 73 A5 6D 05 65 42 EC 8C 19 C5 CB 88 B0 |e..s.m.eB.......|
4013 0010 A7 6B 46 41 4F 72 26 44 A7 C9 ED 3C EB 34 BF 7D |.kFAOr&D...<.4.}|

4014
4015 Applying the padding process for the digital signature, the block result is dumped below:
4016 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4017 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4018 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4019 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4020 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4021 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4022 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4023 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4024 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4025 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4026 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4027 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4028 00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4029 00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4030 00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4031 00F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4032 0100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4033 0110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4034 0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4035 0130 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4036 0140 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
4037 0150 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
4038 0160 65 A4 BB 73 A5 6D 05 65 42 EC 8C 19 C5 CB 88 B0 |e..s.m.eB.......|
4039 0170 A7 6B 46 41 4F 72 26 44 A7 C9 ED 3C EB 34 BF 7D |.kFAOr&D...<.4.}|

4040
4041
8 Download of Cryptographic Keys Page 163
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4042 After encryption by the private key of KTM-Sign, we have the digital signature of the
4043 ManagementPlanReplacement message body:
4044 0000 84 7D 10 C8 50 F7 A8 D9 6B 6F FB 3A A5 01 3F 17 |.}..P...ko.:..?.|
4045 0010 11 6B E9 A4 C2 AC 04 7B DB 2E 8C DA BB 06 41 99 |.k.....{......A.|
4046 0020 02 00 A5 FD 38 20 B3 01 9E A5 F3 D6 C8 FF 92 35 |....8 .........5|
4047 0030 F5 93 AD EA 43 1C F1 AC 5F F5 AA 4A C2 86 94 91 |....C..._..J....|
4048 0040 93 47 B5 21 3D 6D 5A D9 6A 44 C3 C0 91 68 98 4C |.G.!=mZ.jD...h.L|
4049 0050 EA 0A 00 15 37 9E DD 84 8F 4F 44 E0 6C 3B 1D B6 |....7....OD.l;..|
4050 0060 4A F1 99 C4 45 02 AC 10 34 B9 42 06 3C FA 66 E3 |J...E...4.B.<.f.|
4051 0070 4C 2F 19 FE 67 90 CA DF 67 CE 14 6C BB 17 FB D3 |L/..g...g..l....|
4052 0080 B2 D6 6A F0 C9 A7 A9 B1 B4 74 3E BD DB F2 2D A7 |..j......t>...-.|
4053 0090 B9 8A 14 93 8E 2A C0 1D C8 34 EE 4A 8C 79 75 1B |.....*...4.J.yu.|
4054 00A0 CE E8 1D 1A 26 B0 16 8E 69 6F 1A D1 A8 96 54 66 |....&...io....Tf|
4055 00B0 5A 2B 86 59 1F 65 06 3B 27 1E A8 97 36 E3 A7 DC |Z+.Y.e.;'...6...|
4056 00C0 F5 4D 6D B9 69 72 A8 6B 4C BE 5C D7 B7 AC 70 43 |.Mm.ir.kL.\...pC|
4057 00D0 C4 B4 5F F9 FA 57 A9 13 60 F2 FE 45 EF 07 24 1A |.._..W..`..E..$.|
4058 00E0 C1 F5 0A F2 73 5D 78 EE 99 58 76 13 FF 55 9C 01 |....s]x..Xv..U..|
4059 00F0 4A CC E5 C7 39 CE 8E DE C0 AF E9 68 FD 02 2D E7 |J...9......h..-.|
4060 0100 A5 D7 58 18 3E E2 A4 6B 91 6F 3B 41 22 52 7F 7B |..X.>..k.o;A"R.{|
4061 0110 2C B2 1E 76 5A 0C 7C 8B A2 A2 D0 9B 40 B8 77 5B |,..vZ.|.....@.w[|
4062 0120 F0 32 4B 1B 54 C3 75 8D 8E DB 3F BA 8A 2A 33 B5 |.2K.T.u...?..*3.|
4063 0130 C1 76 C2 8C AE 1B B9 6A 3E BB 7D 3C F7 AE 35 6F |.v.....j>.}<..5o|
4064 0140 74 A3 DD B7 CD 3C 17 03 8D B7 C1 4D 18 A5 64 93 |t....<.....M..d.|
4065 0150 DE 14 60 42 F7 6A 6C AE A1 24 83 73 D3 7F 12 B0 |..`B.jl..$.s....|
4066 0160 29 43 EE 5D 66 DE 11 79 1A ED 5F 39 FA 4E B3 B0 |)C.]f..y.._9.N..|
4067 0170 7F 49 A7 A7 A9 A1 2C D0 C5 D8 BD 71 33 A3 57 25 |.I....,....q3.W%|

4068
4069

8 Download of Cryptographic Keys Page 164


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4070 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204FF308202E7A003020102020A2ABC40F4D482F5EBC975300D06092A8648
86F70D01010B05003068310B300906035504060C0242453110300E060355040A
0C07455041534F726731263024060355040B0C1D546563686E6963616C204365
6E746572206F6620457870657274697365311F301D06035504030C1645504153
2050726F746F636F6C732054657374204341302A181332303133303431383130
303634362B30313030181332303138313030313138323030352B303130303078
310B300906035504060C0246523110300E060355040A0C07455041534F726731
263024060355040B0C1D546563686E6963616C2043656E746572206F66204578
70657274697365312F302D06035504030C26455041532050726F746F636F6C20
5465737420486F73742041757468656E7469636174696F6E308201A2300D0609
2A864886F70D01010105000382018F003082018A0282018100BD095898F981BA
F42BE20E19339B396C59626690BDF396D20C503CA57C688AF41E50552CF1B9DD
C4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B8F835AE60D9E05
7EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40F4D482F5EBC975
4F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27457693B41E7BF2
CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98DBA3047F2C0CDCD
9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70A9548D7804B5E4
A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659D828A94C5544AE
BBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD810E43D574DD7B
E664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD791AB5718F1FA1
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2ABC40F4D482F5EBC975
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA

8 Download of Cryptographic Keys Page 165


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Signature 847D10C850F7A8D96B6FFB3AA5013F17116BE9A4C2AC047BDB2E8CDABB064199
0200A5FD3820B3019EA5F3D6C8FF9235F593ADEA431CF1AC5FF5AA4AC2869491
9347B5213D6D5AD96A44C3C09168984CEA0A0015379EDD848F4F44E06C3B1DB6
4AF199C44502AC1034B942063CFA66E34C2F19FE6790CADF67CE146CBB17FBD3
B2D66AF0C9A7A9B1B4743EBDDBF22DA7B98A14938E2AC01DC834EE4A8C79751B
CEE81D1A26B0168E696F1AD1A89654665A2B86591F65063B271EA89736E3A7DC
F54D6DB96972A86B4CBE5CD7B7AC7043C4B45FF9FA57A91360F2FE45EF07241A
C1F50AF2735D78EE99587613FF559C014ACCE5C739CE8EDEC0AFE968FD022DE7
A5D758183EE2A46B916F3B4122527F7B2CB21E765A0C7C8BA2A2D09B40B8775B
F0324B1B54C3758D8EDB3FBA8A2A33B5C176C28CAE1BB96A3EBB7D3CF7AE356F
74A3DDB7CD3C17038DB7C14D18A56493DE146042F76A6CAEA1248373D37F12B0
2943EE5D66DE11791AED5F39FA4EB3B07F49A7A7A9A12CD0C5D8BD7133A35725

4071
4072
4073
4074

8 Download of Cryptographic Keys Page 166


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4075 The XML encoded structure of the AcceptorConfigurationUpdate message is:


4076 <?xml version="1.0" encoding="UTF-8"?>
4077 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4078 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.003.001.05">
4079 <AccptrCfgtnUpd>
4080 <Hdr>
4081 <DwnldTrf>false</DwnldTrf>
4082 <FrmtVrsn>5.0</FrmtVrsn>
4083 <XchgId>002</XchgId>
4084 <CreDtTm>2013-12-06T13:53:54.00+02:00</CreDtTm>
4085 <InitgPty>
4086 <Id>66000001</Id>
4087 <Tp>OPOI</Tp>
4088 <Issr>MTMG</Issr>
4089 </InitgPty>
4090 <RcptPty>
4091 <Id>epas-keyDownload-TM1</Id>
4092 <Tp>MTMG</Tp>
4093 </RcptPty>
4094 </Hdr>
4095 <AccptrCfgtn>
4096 <TermnlMgrId>
4097 <Id>epas-keyDownload-TM1</Id>
4098 <Tp>MTMG</Tp>
4099 </TermnlMgrId>
4100 <DataSet>
4101 <Id>
4102 <Tp>SCPR</Tp>
4103 <Vrsn>20131206135352</Vrsn>
4104 </Id>
4105 <Cntt>
4106 <HstComParams>
4107 <ActnTp>CREA</ActnTp>
4108 <HstId>AcquirerHost1</HstId>
4109 <Key>
4110 <KeyId>SpecV1TestKey</KeyId>
4111 <KeyVrsn>2010060715</KeyVrsn>
4112 </Key>
4113 </HstComParams>
4114 <SctyParams>
4115 <ActnTp>CREA</ActnTp>
4116 <Vrsn>1.1.01</Vrsn>
4117 <POIChllng>0Td8cwfWDTm2xvO5M9AImVXWTfTGe2O/YI8/KEHHcFE=</POIChllng>
4118 <TMChllng>Rvt91sWQ4jLti3tBQx1pcDYvDU28vZsk50w7MzmzEtM=</TMChllng>
4119 <SmmtrcKey>
4120 <Id>SpecV1TestKey</Id>
4121 <AddtlId>OYclpQHikCA=</AddtlId>
4122 <Vrsn>2010060715</Vrsn>
4123 <Tp>DKP9</Tp>
4124 <Fctn>DENC</Fctn>
4125 <Fctn>DDEC</Fctn>
4126 <Fctn>PINE</Fctn>
4127 <ActvtnDt>2013-12-06T13:00:00</ActvtnDt>
4128 <KeyVal>
4129 <CnttTp>EVLP</CnttTp>
4130 <EnvlpdData>
4131 <Rcpt>
4132 <KEK>
4133 <KEKId>
4134 <KeyId>KeyEncryptionKey</KeyId>
4135 <KeyVrsn>2013120613</KeyVrsn>
4136 </KEKId>
4137 <KeyNcrptnAlgo>
4138 <Algo>UKPT</Algo>
4139 </KeyNcrptnAlgo>
4140 <NcrptdKey>9dv7nSKb73d1jwRIh9FSRQ==</NcrptdKey>
4141 </KEK>
4142 </Rcpt>

8 Download of Cryptographic Keys Page 167


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4143 <NcrptdCntt>
4144 <CnttTp>DATA</CnttTp>
4145 <CnttNcrptnAlgo>
4146 <Algo>E3DC</Algo>
4147 </CnttNcrptnAlgo>
4148 <NcrptdData>j2EcwwsSv3U+oxsbe7w93g==</NcrptdData>
4149 </NcrptdCntt>
4150 </EnvlpdData>
4151 </KeyVal>
4152 </SmmtrcKey>
4153 </SctyParams>
4154 </Cntt>
4155 </DataSet>
4156 </AccptrCfgtn>
4157 <SctyTrlr>
4158 <CnttTp>SIGN</CnttTp>
4159 <SgndData>
4160 <DgstAlgo>
4161 <Algo>HS25</Algo>
4162 </DgstAlgo>
4163 <NcpsltdCntt>
4164 <CnttTp>DATA</CnttTp>
4165 </NcpsltdCntt>
4166 <Cert>
4167 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
4168 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
4169 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
4170 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
4171 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
4172 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
4173 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
4174 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
4175 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
4176 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
4177 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
4178 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
4179 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
4180 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
4181 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
4182 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
4183 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
4184 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
4185 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
4186 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
4187 </Cert>
4188 <Sgnr>
4189 <SgnrId>
4190 <IssrAndSrlNb>
4191 <Issr>
4192 <RltvDstngshdNm>
4193 <AttrTp>CATT</AttrTp>
4194 <AttrVal>BE</AttrVal>
4195 </RltvDstngshdNm>
4196 <RltvDstngshdNm>
4197 <AttrTp>OATT</AttrTp>
4198 <AttrVal>EPASOrg</AttrVal>
4199 </RltvDstngshdNm>
4200 <RltvDstngshdNm>
4201 <AttrTp>OUAT</AttrTp>
4202 <AttrVal>Technical Center of Expertise</AttrVal>
4203 </RltvDstngshdNm>
4204 <RltvDstngshdNm>
4205 <AttrTp>CNAT</AttrTp>
4206 <AttrVal>EPAS Protocols Test CA</AttrVal>
4207 </RltvDstngshdNm>
4208 </Issr>
4209 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
4210 </IssrAndSrlNb>
4211 </SgnrId>

8 Download of Cryptographic Keys Page 168


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4212 <DgstAlgo>
4213 <Algo>HS25</Algo>
4214 </DgstAlgo>
4215 <SgntrAlgo>
4216 <Algo>ERS2</Algo>
4217 </SgntrAlgo>
4218 <Sgntr>
4219 hH0QyFD3qNlrb/s6pQE/FxFr6aTCrAR72y6M2rsGQZkCAKX9OCCzAZ6l89bI/5I19ZOt6kMc8
4220 axf9apKwoaUkZNHtSE9bVrZakTDwJFomEzqCgAVN57dhI9PROBsOx22SvGZxEUCrBA0uUIGPP
4221 pm40wvGf5nkMrfZ84UbLsX+9Oy1mrwyaepsbR0Pr3b8i2nuYoUk44qwB3INO5KjHl1G87oHRo
4222 msBaOaW8a0aiWVGZaK4ZZH2UGOyceqJc246fc9U1tuWlyqGtMvlzXt6xwQ8S0X/n6V6kTYPL+
4223 Re8HJBrB9Qryc1147plYdhP/VZwBSszlxznOjt7Ar+lo/QIt56XXWBg+4qRrkW87QSJSf3sss
4224 h52Wgx8i6Ki0JtAuHdb8DJLG1TDdY2O2z+6iioztcF2woyuG7lqPrt9PPeuNW90o923zTwXA4
4225 23wU0YpWST3hRgQvdqbK6hJINz038SsClD7l1m3hF5Gu1fOfpOs7B/SaenqaEs0MXYvXEzo1c
4226 l
4227 </Sgntr>
4228 </Sgnr>
4229 </SgndData>
4230 </SctyTrlr>
4231 </AccptrCfgtnUpd>
4232 </Document>

4233
4234

8 Download of Cryptographic Keys Page 169


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4235 8.4.7 Key Download Result


4236
4237 The POI sends a StatusReport message to report the result of the key download action with the new
4238 activated key.
4239
4240 The triple DES CBC encryption of 8 null bytes with the key EE3AE644 1C2EEE18 3F3B4179 2DBCD318
4241 (without extension) is:
4242 4E06B7DB F79A7705
4243
4244 The StatusReport message containing the header and the body presented in the table below:
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 003
CreationDateTime 2013-12-06:13:53:55.00+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-keyDownload-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-keyDownload-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-12-06:13:53:55.00+02:00
Content
Component
Type Terminal
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
Identification Counter Top E41
SerialNumber 7825410759
Component
Type PaymentApplication
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Status
VersionNumber 1.01

8 Download of Cryptographic Keys Page 170


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

StandardCompliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
Component
Type SecurityParameters
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Identification SpecV1TestKey
Status
VersionNumber 2010060715
Status InOperation
Characteristics
KeyCheckValue 4E06B7DBF79A7705
AttendanceContext Attended
POIDateTime 2013-12-06T13:53:55.00+02:00

4245
4246

8 Download of Cryptographic Keys Page 171


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4247 Once unnecessary spaces and carriage returns are removed, the XML encoded StatusReport message
4248 body is:
4249 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
4250 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
4251 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
4252 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
4253 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
4254 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 6B 65 79 44 |Id><Id>epas-keyD|
4255 0060 6F 77 6E 6C 6F 61 64 2D 54 4D 31 3C 2F 49 64 3E |ownload-TM1</Id>|
4256 0070 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 |<Tp>MTMG</Tp></T|
4257 0080 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 |ermnlMgrId><Data|
4258 0090 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 |Set><Id><Tp>STRP|
4259 00A0 3C 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |</Tp><CreDtTm>20|
4260 00B0 31 33 2D 31 32 2D 30 36 54 31 33 3A 35 33 3A 35 |13-12-06T13:53:5|
4261 00C0 35 2E 30 30 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |5.00+02:00</CreD|
4262 00D0 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C |tTm></Id><Cntt><|
4263 00E0 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 |POICmpnt><Tp>TER|
4264 00F0 4D 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |M</Tp><Id><ItmNb|
4265 0100 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 |>1</ItmNb><Prvdr|
4266 0110 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 |Id>EPASVendor001|
4267 0120 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F |</PrvdrId><Id>Co|
4268 0130 75 6E 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 |unter Top E41</I|
4269 0140 64 3E 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 |d><SrlNb>7825410|
4270 0150 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E |759</SrlNb></Id>|
4271 0160 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
4272 0170 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 3C 2F 54 |mpnt><Tp>APLI</T|
4273 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
4274 0190 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
4275 01A0 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
4276 01B0 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 |PrvdrId></Id><St|
4277 01C0 73 3E 3C 56 72 73 6E 4E 62 3E 31 2E 30 31 3C 2F |s><VrsnNb>1.01</|
4278 01D0 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 53 74 |VrsnNb></Sts><St|
4279 01E0 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 45 50 41 2D |dCmplc><Id>SEPA-|
4280 01F0 46 41 53 54 3C 2F 49 64 3E 3C 56 72 73 6E 3E 33 |FAST</Id><Vrsn>3|
4281 0200 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 73 72 3E 43 |.0</Vrsn><Issr>C|
4282 0210 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 74 64 43 6D |IR</Issr></StdCm|
4283 0220 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |plc></POICmpnt><|
4284 0230 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 53 43 50 |POICmpnt><Tp>SCP|
4285 0240 52 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 |R</Tp><Id><ItmNb|
4286 0250 3E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 |>1.1</ItmNb><Prv|
4287 0260 64 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 |drId>EPASVendor0|
4288 0270 30 31 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E |01</PrvdrId><Id>|
4289 0280 53 70 65 63 56 31 54 65 73 74 4B 65 79 3C 2F 49 |SpecV1TestKey</I|
4290 0290 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 |d></Id><Sts><Vrs|
4291 02A0 6E 4E 62 3E 32 30 31 30 30 36 30 37 31 35 3C 2F |nNb>2010060715</|
4292 02B0 56 72 73 6E 4E 62 3E 3C 53 74 73 3E 4F 50 45 52 |VrsnNb><Sts>OPER|
4293 02C0 3C 2F 53 74 73 3E 3C 2F 53 74 73 3E 3C 43 68 72 |</Sts></Sts><Chr|
4294 02D0 74 63 73 3E 3C 4B 65 79 43 68 63 6B 56 61 6C 3E |tcs><KeyChckVal>|
4295 02E0 54 67 61 33 32 2F 65 61 64 77 55 3D 3C 2F 4B 65 |Tga32/eadwU=</Ke|
4296 02F0 79 43 68 63 6B 56 61 6C 3E 3C 2F 43 68 72 74 63 |yChckVal></Chrtc|
4297 0300 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 41 74 |s></POICmpnt><At|
4298 0310 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 44 3C |tndncCntxt>ATTD<|
4299 0320 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 3C 50 |/AttndncCntxt><P|
4300 0330 4F 49 44 74 54 6D 3E 32 30 31 33 2D 31 32 2D 30 |OIDtTm>2013-12-0|

8 Download of Cryptographic Keys Page 172


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4301 0340 36 54 31 33 3A 35 33 3A 34 39 2E 30 30 2B 30 32 |6T13:53:49.00+02|


4302 0350 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C 2F 43 |:00</POIDtTm></C|
4303 0360 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E 3C 2F |ntt></DataSet></|
4304 0370 53 74 73 52 70 74 3E |StsRpt> |

4305
4306 The SHA256 digest of the StatusReport message body is:
4307 0000 D2 ED A4 7B FE FF 0A E7 8A BD 7A 7D CE 6E AC 2A |...{......z}.n.*|
4308 0010 D3 82 05 46 5B BF B1 64 85 80 38 DF B6 3B 9B A5 |...F[..d..8..;..|

4309
4310

8 Download of Cryptographic Keys Page 173


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4311 Applying the padding process for the digital signature, the block result is dumped below:
4312 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4313 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4314 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4315 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4316 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4317 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4318 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4319 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4320 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4321 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4322 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4323 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4324 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
4325 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
4326 00E0 D2 ED A4 7B FE FF 0A E7 8A BD 7A 7D CE 6E AC 2A |...{......z}.n.*|
4327 00F0 D3 82 05 46 5B BF B1 64 85 80 38 DF B6 3B 9B A5 |...F[..d..8..;..|

4328
4329 After encryption by the private key of KPOI-Sign, we have the digital signature of the StatusReport message
4330 body:
4331 0000 88 CF CD B0 F9 C4 EE 5E DD 6F BF 98 BA 09 56 40 |.......^.o....V@|
4332 0010 FE 9A BC F3 5C 98 25 22 DD 31 4B 32 D1 84 6E 85 |....\.%".1K2..n.|
4333 0020 A0 A4 D2 BC 88 D5 48 3C 76 BD A6 A5 E7 E3 B7 D6 |......H<v.......|
4334 0030 CB DA 91 51 63 62 D3 26 27 A9 2F A7 91 EF FB E1 |...Qcb.&'./.....|
4335 0040 A4 CE 7B 58 D5 55 00 8E 48 BE 66 55 8F EB 12 1A |..{X.U..H.fU....|
4336 0050 B9 C6 E2 95 C2 BA 49 8D 6B D3 78 B2 68 AC C0 7E |......I.k.x.h..~|
4337 0060 7E 7F 95 BB 5D 7B 03 EA DC D4 1D ED 81 38 80 21 |~...]{.......8.!|
4338 0070 F5 54 D6 41 58 C8 BD 80 4E 0A B6 05 0D 49 DC 0E |.T.AX...N....I..|
4339 0080 45 65 54 76 69 41 FC 4C 4A FF 26 5C 24 F0 77 BA |EeTviA.LJ.&\$.w.|
4340 0090 A9 09 97 F5 7C 95 22 B7 01 CE 21 82 47 07 98 92 |....|."...!.G...|
4341 00A0 48 9D F9 DE D1 E7 0B 05 43 66 CE 0D B4 3F B8 3D |H.......Cf...?.=|
4342 00B0 BC 01 5D 79 72 60 7A C4 B2 06 DD 95 6E C9 73 0C |..]yr`z.....n.s.|
4343 00C0 4B 23 B1 22 B0 47 45 AB 06 10 27 10 1C 48 4B 09 |K#.".GE...'..HK.|
4344 00D0 AF 3F 4E F5 FB 05 DB 2F 39 D6 C2 8D 41 11 02 28 |.?N..../9...A..(|
4345 00E0 E5 DE D9 48 95 F7 97 15 D8 07 58 A9 31 FE 15 AB |...H......X.1...|
4346 00F0 D3 BC FE 00 1A 2A DC F0 74 42 17 BE 36 8D A3 15 |.....*..tB..6...|
4347
4348
4349
4350
4351

8 Download of Cryptographic Keys Page 174


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4352 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204833082026BA003020102020C2225A8FB00071293D4641C3C300D06092A
864886F70D01010B05003068310B300906035504060C0242453110300E060355
040A0C07455041534F726731263024060355040B0C1D546563686E6963616C20
43656E746572206F6620457870657274697365311F301D06035504030C164550
41532050726F746F636F6C732054657374204341302A18133230313330343138
3130323534362B30313030181332303138313030313138323030352B30313030
307A310B300906035504060C0246523110300E060355040A0C07455041534F72
6731263024060355040B0C1D546563686E6963616C2043656E746572206F6620
4578706572746973653131302F06035504030C28455041532050726F746F636F
6C205465737420436C69656E742041757468656E7469636174696F6E30820122
300D06092A864886F70D01010105000382010F003082010A0282010100C22511
390B85DB3990A27638B850616C18B11BDF78494B48B61F8F8D032225A8FB0007
1293D4641C3CDDE18D47337EB7381AC12976820FF5C0B321E4EDF88C9B8F1627
0E0FC6FAB470449BA70B947139551ABE326686F538C4F7F63A45FF4CB9E66470
00B28B791E1205ADB6ACDC29854698D90ACC3B6C84F0F8C2EFBEE4E3F9844BD7
9AB14C1F22376198C13BEAC560DDC835104176729C7E62FBF4EC350DE4D385C4
8D3EA40A90D7AA5838FAED3E3C760D19BB84D1997077C72331F3ADF050B41DB5
FFD19D129E88C75331DA13264BE4C2F0B0A0AA09F77EED2C801FAD239E8FE5D8
B43F10708FC3D6054B9156C5B55184F1A294DAB8F8267162BE9BB54867020301
0001A30F300D300B0603551D0F040403020780300D06092A864886F70D01010B
05000382020100540DB4CCCA78C5B72EC34D6A55EE7C152ED54409419E0B7BC7
83B8559557C02CCA5E81B6CCA854A36250ADCA0CD55C96F42F019799B5A100C9
72D3F2411CB2676300F1B09E46AE4F293A24CB71EEA5467CB91933713E556FFC
C0B558DA344FF4F8AB30A2F803BD97BB568100BAC6B6FAE884F831BF855C4EE8
23FE3BAC3BA2D8B615F62C1C1685B9BC59DFCBE1CFBDFDB29F3773FD46685688
BF656670F5BB9CE56B029E36E7291629DE69FA858367619D8DE4FB9F08608518
85A42894ADC97DCB51D4CEBF9F52083DD511371B157E3D16F93469EED0B7FF01
BC137D5065E266A8EA3C82999EF36263A863ED5FE22A69E4874FDF41A19FA457
B12CF6A52B08F73BD3BD9C2FD13352ECEE4EEF6323826BF72440FC149EBD5891
A8D6D0E5DA50547708525CA4021B51059B52B50E61B176C1F962AA7AC2809934
31DD5BF3D6C146ADBA762B3E6729F17FA639D98D5CBFDCAE556A2FC0B23754E4
91F97BF17A18D842A87F8DE4FBA58B56517213BC59C512D4F0447F0C197B3878
5A457E0A0E7DD44806C4BA16F811B7A25024791ED742E74392C9D4BABA754F09
B61DD8EC2ABBF6737E492BBC37185072AC9EBEA3DEF2FBD56E836B88D0809F96
A4B2ACA1A5B59D198F94990BA4D2A1B50CF64C5E8391D6DCADB58C9E074E608D
7D012309A92FFDCEFD96CDAEA4F6BE5E572A20161C3D6FD838FFAE966BB2C671
E7C836FB369C28
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer
RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise

8 Download of Cryptographic Keys Page 175


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2225A8FB00071293D4641C3C
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 88CFCDB0F9C4EE5EDD6FBF98BA095640FE9ABCF35C982522DD314B32D1846E85
A0A4D2BC88D5483C76BDA6A5E7E3B7D6CBDA91516362D32627A92FA791EFFBE1
A4CE7B58D555008E48BE66558FEB121AB9C6E295C2BA498D6BD378B268ACC07E
7E7F95BB5D7B03EADCD41DED81388021F554D64158C8BD804E0AB6050D49DC0E
456554766941FC4C4AFF265C24F077BAA90997F57C9522B701CE218247079892
489DF9DED1E70B054366CE0DB43FB83DBC015D7972607AC4B206DD956EC9730C
4B23B122B04745AB061027101C484B09AF3F4EF5FB05DB2F39D6C28D41110228
E5DED94895F79715D80758A931FE15ABD3BCFE001A2ADCF0744217BE368DA315

4353
4354 The XML encoded structure of the StatusReport message is:
4355
4356 <?xml version="1.0" encoding="UTF-8"?>
4357 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4358 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
4359 <StsRpt>
4360 <Hdr>
4361 <DwnldTrf>false</DwnldTrf>
4362 <FrmtVrsn>5.0</FrmtVrsn>
4363 <XchgId>003</XchgId>
4364 <CreDtTm>2013-12-06T13:53:55.00+02:00</CreDtTm>
4365 <InitgPty>
4366 <Id>66000001</Id>
4367 <Tp>OPOI</Tp>
4368 <Issr>MTMG</Issr>
4369 </InitgPty>
4370 <RcptPty>
4371 <Id>epas-keyDownload-TM1</Id>
4372 <Tp>MTMG</Tp>
4373 </RcptPty>
4374 </Hdr>
4375 <StsRpt>
4376 <POIId>
4377 <Id>66000001</Id>
4378 <Tp>OPOI</Tp>
4379 <Issr>MTMG</Issr>
4380 </POIId>
4381 <TermnlMgrId>
4382 <Id>epas-keyDownload-TM1</Id>
4383 <Tp>MTMG</Tp>
4384 </TermnlMgrId>
4385 <DataSet>
4386 <Id>
4387 <Tp>STRP</Tp>
4388 <CreDtTm>2013-12-06T13:53:55.00+02:00</CreDtTm>
4389 </Id>
4390 <Cntt>
4391 <POICmpnt>
4392 <Tp>TERM</Tp>
4393 <Id>
4394 <ItmNb>1</ItmNb>
4395 <PrvdrId>EPASVendor001</PrvdrId>
4396 <Id>Counter Top E41</Id>
4397 <SrlNb>7825410759</SrlNb>
4398 </Id>
4399 </POICmpnt>
4400 <POICmpnt>

8 Download of Cryptographic Keys Page 176


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4401 <Tp>APLI</Tp>
4402 <Id>
4403 <ItmNb>1.1</ItmNb>
4404 <PrvdrId>EPASVendor001</PrvdrId>
4405 </Id>
4406 <Sts>
4407 <VrsnNb>1.01</VrsnNb>
4408 </Sts>
4409 <StdCmplc>
4410 <Id>SEPA-FAST</Id>
4411 <Vrsn>3.0</Vrsn>
4412 <Issr>CIR</Issr>
4413 </StdCmplc>
4414 </POICmpnt>
4415 <POICmpnt>
4416 <Tp>SCPR</Tp>
4417 <Id>
4418 <ItmNb>1.1</ItmNb>
4419 <PrvdrId>EPASVendor001</PrvdrId>
4420 <Id>SpecV1TestKey</Id>
4421 </Id>
4422 <Sts>
4423 <VrsnNb>2010060715</VrsnNb>
4424 <Sts>OPER</Sts>
4425 </Sts>
4426 <Chrtcs>
4427 <KeyChckVal>Tga32/eadwU=</KeyChckVal>
4428 </Chrtcs>
4429 </POICmpnt>
4430 <AttndncCntxt>ATTD</AttndncCntxt>
4431 <POIDtTm>2013-12-06T13:53:49.00+02:00</POIDtTm>
4432 </Cntt>
4433 </DataSet>
4434 </StsRpt>
4435 <SctyTrlr>
4436 <CnttTp>SIGN</CnttTp>
4437 <SgndData>
4438 <DgstAlgo>
4439 <Algo>HS25</Algo>
4440 </DgstAlgo>
4441 <NcpsltdCntt>
4442 <CnttTp>DATA</CnttTp>
4443 </NcpsltdCntt>
4444 <Cert>
4445 MIIEgzCCAmugAwIBAgIMIiWo+wAHEpPUZBw8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYMAkJFMR
4446 AwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQLDB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTEf
4447 MB0GA1UEAwwWRVBBUyBQcm90b2NvbHMgVGVzdCBDQTAqGBMyMDEzMDQxODEwMjU0NiswMTAwGBMyMD
4448 E4MTAwMTE4MjAwNSswMTAwMHoxCzAJBgNVBAYMAkZSMRAwDgYDVQQKDAdFUEFTT3JnMSYwJAYDVQQL
4449 DB1UZWNobmljYWwgQ2VudGVyIG9mIEV4cGVydGlzZTExMC8GA1UEAwwoRVBBUyBQcm90b2NvbCBUZX
4450 N0IENsaWVudCBBdXRoZW50aWNhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIl
4451 ETkLhds5kKJ2OLhQYWwYsRvfeElLSLYfj40DIiWo+wAHEpPUZBw83eGNRzN+tzgawSl2gg/1wLMh5O
4452 34jJuPFicOD8b6tHBEm6cLlHE5VRq+MmaG9TjE9/Y6Rf9MueZkcACyi3keEgWttqzcKYVGmNkKzDts
4453 hPD4wu++5OP5hEvXmrFMHyI3YZjBO+rFYN3INRBBdnKcfmL79Ow1DeTThcSNPqQKkNeqWDj67T48dg
4454 0Zu4TRmXB3xyMx863wULQdtf/RnRKeiMdTMdoTJkvkwvCwoKoJ937tLIAfrSOej+XYtD8QcI/D1gVL
4455 kVbFtVGE8aKU2rj4JnFivpu1SGcCAwEAAaMPMA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4
4456 ICAQBUDbTMynjFty7DTWpV7nwVLtVECUGeC3vHg7hVlVfALMpegbbMqFSjYlCtygzVXJb0LwGXmbWh
4457 AMly0/JBHLJnYwDxsJ5Grk8pOiTLce6lRny5GTNxPlVv/MC1WNo0T/T4qzCi+AO9l7tWgQC6xrb66I
4458 T4Mb+FXE7oI/47rDui2LYV9iwcFoW5vFnfy+HPvf2ynzdz/UZoVoi/ZWZw9buc5WsCnjbnKRYp3mn6
4459 hYNnYZ2N5PufCGCFGIWkKJStyX3LUdTOv59SCD3VETcbFX49Fvk0ae7Qt/8BvBN9UGXiZqjqPIKZnv
4460 NiY6hj7V/iKmnkh0/fQaGfpFexLPalKwj3O9O9nC/RM1Ls7k7vYyOCa/ckQPwUnr1YkajW0OXaUFR3
4461 CFJcpAIbUQWbUrUOYbF2wfliqnrCgJk0Md1b89bBRq26dis+Zynxf6Y52Y1cv9yuVWovwLI3VOSR+X
4462 vxehjYQqh/jeT7pYtWUXITvFnFEtTwRH8MGXs4eFpFfgoOfdRIBsS6FvgRt6JQJHke10LnQ5LJ1Lq6
4463 dU8Jth3Y7Cq79nN+SSu8NxhQcqyevqPe8vvVboNriNCAn5aksqyhpbWdGY+UmQuk0qG1DPZMXoOR1t
4464 yttYyeB05gjX0BIwmpL/3O/ZbNrqT2vl5XKiAWHD1v2Dj/rpZrssZx58g2+zacKA==
4465 </Cert>
4466 <Sgnr>
4467 <SgnrId>
4468 <IssrAndSrlNb>
4469 <Issr>

8 Download of Cryptographic Keys Page 177


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4470 <RltvDstngshdNm>
4471 <AttrTp>CATT</AttrTp>
4472 <AttrVal>BE</AttrVal>
4473 </RltvDstngshdNm>
4474 <RltvDstngshdNm>
4475 <AttrTp>OATT</AttrTp>
4476 <AttrVal>EPASOrg</AttrVal>
4477 </RltvDstngshdNm>
4478 <RltvDstngshdNm>
4479 <AttrTp>OUAT</AttrTp>
4480 <AttrVal>Technical Center of Expertise</AttrVal>
4481 </RltvDstngshdNm>
4482 <RltvDstngshdNm>
4483 <AttrTp>CNAT</AttrTp>
4484 <AttrVal>EPAS Protocols Test CA</AttrVal>
4485 </RltvDstngshdNm>
4486 </Issr>
4487 <SrlNb>IiWo+wAHEpPUZBw8</SrlNb>
4488 </IssrAndSrlNb>
4489 </SgnrId>
4490 <DgstAlgo>
4491 <Algo>HS25</Algo>
4492 </DgstAlgo>
4493 <SgntrAlgo>
4494 <Algo>ERS2</Algo>
4495 </SgntrAlgo>
4496 <Sgntr>
4497 iM/NsPnE7l7db7+YuglWQP6avPNcmCUi3TFLMtGEboWgpNK8iNVIPHa9pqXn47fWy9qRUWNi0
4498 yYnqS+nke/74aTOe1jVVQCOSL5mVY/rEhq5xuKVwrpJjWvTeLJorMB+fn+Vu117A+rc1B3tgT
4499 iAIfVU1kFYyL2ATgq2BQ1J3A5FZVR2aUH8TEr/Jlwk8He6qQmX9XyVIrcBziGCRweYkkid+d7
4500 R5wsFQ2bODbQ/uD28AV15cmB6xLIG3ZVuyXMMSyOxIrBHRasGECcQHEhLCa8/TvX7BdsvOdbC
4501 jUERAijl3tlIlfeXFdgHWKkx/hWr07z+ABoq3PB0Qhe+No2jFQ==
4502
4503 </Sgntr>
4504 </Sgnr>
4505 </SgndData>
4506 </SctyTrlr>
4507 </StsRpt>
4508 </Document>

4509
4510
4511

8 Download of Cryptographic Keys Page 178


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4512 9 Message Examples


4513 9.1 Presentation of the Example
4514 The section provides the following sequence of message examples between a POI and the Terminal
4515 Manager in charge of the configuration of the POI:
4516 1) The current management plan of the POI dedicated to the TM contains a cyclic call action to
4517 contact periodically the TM.
4518 When the time conditions of the cyclic call are reached, the POI sends to the TM a StatusReport
4519 message to declare the version of the parameters in use in the POI, and to get a possible new
4520 management plan.
4521 2) The version of the acquirer parameters of the POI is obsolete, so the TM sends a new
4522 management plan requiring a download of the new version, in addition to the cyclic call to contact
4523 periodically the TM.
4524 3) At the reception of the ManagementPlanReplacement message, the POI replaces the current
4525 management plan by the new one received in the message.
4526 4) An immediate action of the new management requests the download of the new version of the
4527 acquirer parameters. The POI requests the download of this version sending a StatusReport
4528 message, and installs this new version contained in the AcceptorConfigurationUpdate response
4529 message.
4530 5) At the next activation of the cyclic call, the POI sends a StatusReport containing the result of the
4531 download, and declaring having the new version of the acquirer parameters. The TM does not
4532 send in response a new management plan in the ManagementPlanReplacement message.
4533 This sequence of exchange is summarized in the figure below.
POI TM

cyclic call to the TM 1 StatusReport

the version of the


parameters is obsolete
send a new
2
t management plan
lanReplacemen
replace the 3 ManagementP
management plan

request the StatusReport


4
Acquirer parameters new version of the
Acquirer paramaters
e
AcceptorConf igurationUpdat

cyclic call to the TM 5


StatusReport
keep the same
management plan
Replacement
ManagementPlan

4534
4535 Figure 14: Sequence of Message Exchanges
4536

9 Message Examples Page 179


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4537 9.1.1 Partners Identification


4538 The POI is identified by the TM by the identifier 66000001, and the TM by the identifier epas-acquirer-
4539 TM1.
4540
Message Item Value
POIIdentification
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager

4541
4542 The resulting XML encoded structure is:
4543 <POIId>
4544 <Id>66000001</Id>
4545 <Tp>OPOI</Tp>
4546 <Issr>MTMG</Issr>
4547 </POIId>
4548 <TermnlMgrId>
4549 <Id>epas-acquirer-TM1</Id>
4550 <Tp>MTMG</Tp>
4551 </TermnlMgrId>
4552
4553

9 Message Examples Page 180


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4554 9.1.2 POI Information


4555 The CardReadingCapabilities of the POI are "ICC" and "MagneticStripe".
4556 The architecture of the POI presented in the figure below, is composed of a PIN Pad connected to a
4557 countertop terminal inserted in a POI system:
POI
TM Host Server Acquirers
1

1.1

Countertop
Terminal

1.1.1 1.1.2
SEPA-FAST
PIN Pad
Application

SEPA-FAST
EMV Kernel
Parameters
1.1.1.1 1.1.2.1
4558
4559 Figure 15: POI Architecture for Message Examples
4560
4561
Message Item Value
POICapabilities
CardReadingCapabilities ICC
CardReadingCapabilities MagneticStripe
POIComponent
Type Server
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
POIComponent
Type Terminal
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Model Counter Top E41
SerialNumber 7825410759
POIComponent
Type Device
Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent

9 Message Examples Page 181


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Message Item Value


Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20110807143500

4562
4563 The resulting XML encoded structure is:
4564 <POICpblties>
4565 <CardRdngCpblties>CICC</CardRdngCpblties>
4566 <CardRdngCpblties>MGST</CardRdngCpblties>
4567 </POICpblties>
4568 <Cmpnt>
4569 <Tp>SERV</Tp>
4570 <Id>
4571 <ItmNb>1</ItmNb>
4572 <PrvdrId>EPASVendor001</PrvdrId>
4573 </Id>
4574 </Cmpnt>
4575 <Cmpnt>
4576 <Tp>TERM</Tp>
4577 <Id>
4578 <ItmNb>1.1</ItmNb>
4579 <PrvdrId>EPASVendor001</PrvdrId>
4580 <Id>Counter Top E41</Id>
4581 <SrlNb>7825410759</SrlNb>
4582 </Id>
4583 </Cmpnt>
4584 <Cmpnt>
4585 <Tp>DVCE</Tp>
4586 <Id>
4587 <ItmNb>1.1.1</ItmNb>
4588 <PrvdrId>EPASVendor001</PrvdrId>
4589 <Id>PIN Pad T25</Id>
4590 <SrlNb>1825410759</SrlNb>
4591 </Id>
4592 </Cmpnt>
4593 <Cmpnt>
4594 <Tp>EMVK</Tp>
4595 <Id>
4596 <ItmNb>1.1.1.1</ItmNb>
4597 <PrvdrId>EPASVendor003</PrvdrId>
4598 </Id>
4599 <Sts>
4600 <VrsnNb>7.1</VrsnNb>
4601 </Sts>
4602 </Cmpnt>
4603 <Cmpnt>
4604 <Tp>APLI</Tp>
4605 <Id>

9 Message Examples Page 182


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4606 <ItmNb>1.1.2</ItmNb>
4607 <PrvdrId>EPASVendor002</PrvdrId>
4608 </Id>
4609 <Sts>
4610 <VrsnNb>1.0</VrsnNb>
4611 </Sts>
4612 <StdCmplc>
4613 <Id>SEPA-FAST</Id>
4614 <Vrsn>3.0</Vrsn>
4615 <Issr>CIR</Issr>
4616 </StdCmplc>
4617 </Cmpnt>
4618 <Cmpnt>
4619 <Tp>APPR</Tp>
4620 <Id>
4621 <ItmNb>1.1.2.1</ItmNb>
4622 <PrvdrId>EPASAcquirer01</PrvdrId>
4623 </Id>
4624 <Sts>
4625 <VrsnNb>20110807143500</VrsnNb>
4626 </Sts>
4627 </Cmpnt>
4628
4629

9 Message Examples Page 183


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4630 9.1.3 Initial Management Plan in Use


4631 The management plan in use at the POI contains only one action:
4632 The request of a management plan every day at 22h45 with a maximum of 2 possible retries in case of
4633 incident.
4634
DataSet Type Action Type Trigger StartTime WaitingTime Period
ManagementPlan Download DateTime 2011-08-21T22:45:00 1 day

4635
4636 The content of the message component Action related to this action is presented below.
4637 The Address includes only one address,
4638 the DataSetIdentification of the management plan only the Type,
4639 the Trigger is "DateTime" as a endless cyclic action,
4640 the MaximumNumber is “0” for endless,
4641 the time (StartTime) to request the management plan is "22:45",
4642 the period is 1 day: Period = "10000" in the MMDDhhmm format,
4643 a maximum of 2 retries are allowed (MaximumNumber), and
4644 the delay between 2 retries is 10 minutes: Delay = "10" in the MMDDhhmm format,
4645 No ErrorAction is defined, as in case of error the POI waits for the next day.
4646
Message Item Value
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2011-08-21T22:45:00
Period 10000
MaximumNumber 0

4647
4648 The resulting XML encoded structure for this Action is:
4649 <Actn>
4650 ___ <Tp>DWNL</Tp>
4651 <RmotAccs>
4652 <Adr>
4653 <NtwkTp>IPNW</NtwkTp>
4654 <AdrVal>TM1.Test.EPASOrg.eu:5001</AdrVal>
4655 </Adr>
4656 </RmotAccs>
4657 <DataSetId>
4658 <Tp>MGTP</Tp>
4659 </DataSetId>
4660 <Trggr>DATE</Trggr>
4661 <ReTry>
4662 <Dely>10</Dely>
4663 <MaxNb>2</MaxNb>
4664 </ReTry>

9 Message Examples Page 184


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4665 <TmCond>
4666 <StartTm>2011-08-21T22:45:00</StartTm>
4667 <Prd>10000</Prd>
4668 <MaxNb>0</MaxNb>
4669 </TmCond>
4670 </Actn>
4671

9 Message Examples Page 185


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4672 9.1.4 Security


4673 The Key Encryption Key is the DUKPT test key, named SpecV1TesKey, with the version 2010060715,
4674 and the following input:
4675 BDK (Base Derivation Key): 37233E89 0B0104E9 BC943D0E 45EAE5A7
4676 KSN (Key Serial Number)5: 398725A501 E290200017
4677 Providing the following keys:
4678 TIK (Terminal Initial Key): EE3AE644 1C2EEE18 3F3B4179 2DBCD318
4679 MAC Computation Key for Request: 5E64F1AB F25D3BA1 7F629EC2 B302F8EA
4680
4681
4682

5 The same KSN is used for all messages.

9 Message Examples Page 186


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4683 9.2 Periodic Contact to the TMS Host

4684 9.2.1 StatusReport Message


4685
4686 Conforming to the cyclic call action of the management plan presented in the section 9.1.3 Initial
4687 Management Plan, the information described in the other sections of 9.1, and the fact that there are no
4688 performed actions since the last StatusReport message, the status report is presented below:
4689
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 549
CreationDateTime 2013-08-23T22:45:00.01+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-08-23T22:45:00.01+02:00
Content
POICapabilities
CardReadingCapabilities ICC
CardReadingCapabilities MagneticStripe
POIComponent
Type Server
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
POIComponent
Type Terminal
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Model Counter Top E41
SerialNumber 7825410759
POIComponent
Type Device

9 Message Examples Page 187


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Message Item Value


Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20110807143500
DataSetRequired
Identification
Type ManagementPlan
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC 4923B786829793A5
4690

9 Message Examples Page 188


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4691 The XML encoded StatusReport message is presented below.


4692
4693 <?xml version="1.0" encoding="UTF-8"?>
4694 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4695 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
4696 <StsRpt>
4697 <Hdr>
4698 <DwnldTrf>false</DwnldTrf>
4699 <FrmtVrsn>5.0</FrmtVrsn>
4700 <XchgId>549</XchgId>
4701 <CreDtTm>2013-08-23T22:45:00.01+02:00</CreDtTm>
4702 <InitgPty>
4703 <Id>66000001</Id>
4704 <Tp>OPOI</Tp>
4705 <Issr>MTMG</Issr>
4706 </InitgPty>
4707 <RcptPty>
4708 <Id>epas-acquirer-TM1</Id>
4709 <Tp>MTMG</Tp>
4710 </RcptPty>
4711 </Hdr>
4712 <StsRpt>
4713 <POIId>
4714 <Id>66000001</Id>
4715 <Tp>OPOI</Tp>
4716 <Issr>MTMG</Issr>
4717 </POIId>
4718 <TermnlMgrId>
4719 <Id>epas-acquirer-TM1</Id>
4720 <Tp>MTMG</Tp>
4721 </TermnlMgrId>
4722 <DataSet>
4723 <Id>
4724 <Tp>STRP</Tp>
4725 <CreDtTm>2013-08-23T22:45:00.01+02:00</CreDtTm>
4726 </Id>
4727 <Cntt>
4728 <POICpblties>
4729 <CardRdngCpblties>CICC</CardRdngCpblties>
4730 <CardRdngCpblties>MGST</CardRdngCpblties>
4731 </POICpblties>
4732 <POICmpnt>
4733 <Tp>SERV</Tp>
4734 <Id>
4735 <ItmNb>1</ItmNb>
4736 <PrvdrId>EPASVendor001</PrvdrId>
4737 </Id>
4738 </POICmpnt>
4739 <POICmpnt>
4740 <Tp>TERM</Tp>
4741 <Id>
4742 <ItmNb>1.1</ItmNb>
4743 <PrvdrId>EPASVendor001</PrvdrId>
4744 <Id>Counter Top E41</Id>
4745 <SrlNb>7825410759</SrlNb>
4746 </Id>
4747 </POICmpnt>
4748 <POICmpnt>
4749 <Tp>DVCE</Tp>
4750 <Id>
4751 <ItmNb>1.1.1</ItmNb>
4752 <PrvdrId>EPASVendor001</PrvdrId>
4753 <Id>PIN Pad T25</Id>
4754 <SrlNb>1825410759</SrlNb>
4755 </Id>
4756 </POICmpnt>
4757 <POICmpnt>
4758 <Tp>EMVK</Tp>

9 Message Examples Page 189


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4759 <Id>
4760 <ItmNb>1.1.1.1</ItmNb>
4761 <PrvdrId>EPASVendor003</PrvdrId>
4762 </Id>
4763 <Sts>
4764 <VrsnNb>7.1</VrsnNb>
4765 </Sts>
4766 </POICmpnt>
4767 <POICmpnt>
4768 <Tp>APLI</Tp>
4769 <Id>
4770 <ItmNb>1.1.2</ItmNb>
4771 <PrvdrId>EPASVendor002</PrvdrId>
4772 </Id>
4773 <Sts>
4774 <VrsnNb>1.0</VrsnNb>
4775 </Sts>
4776 <StdCmplc>
4777 <Id>SEPA-FAST</Id>
4778 <Vrsn>3.0</Vrsn>
4779 <Issr>CIR</Issr>
4780 </StdCmplc>
4781 </POICmpnt>
4782 <POICmpnt>
4783 <Tp>APPR</Tp>
4784 <Id>
4785 <ItmNb>1.1.2.1</ItmNb>
4786 <PrvdrId>EPASAcquirer01</PrvdrId>
4787 </Id>
4788 <Sts>
4789 <VrsnNb>20110807143500</VrsnNb>
4790 </Sts>
4791 </POICmpnt>
4792 <POIDtTm>2013-08-23T22:45:00.01+02:00</POIDtTm>
4793 <DataSetReqrd>
4794 <Id>
4795 <Tp>MGTP</Tp>
4796 </Id>
4797 </DataSetReqrd>
4798 </Cntt>
4799 </DataSet>
4800 </StsRpt>
4801 <SctyTrlr>
4802 <CnttTp>AUTH</CnttTp>
4803 <AuthntcdData>
4804 <Rcpt>
4805 <KEK>
4806 <KEKId>
4807 <KeyId>SpecV1TestKey</KeyId>
4808 <KeyVrsn>2010060715</KeyVrsn>
4809 <DerivtnId>OYclpQE=</DerivtnId>
4810 </KEKId>
4811 <KeyNcrptnAlgo>
4812 <Algo>DKP9</Algo>
4813 </KeyNcrptnAlgo>
4814 <NcrptdKey>4pAgABc=</NcrptdKey>
4815 </KEK>
4816 </Rcpt>
4817 <MACAlgo>
4818 <Algo>MCCS</Algo>
4819 </MACAlgo>
4820 <NcpsltdCntt>
4821 <CnttTp>DATA</CnttTp>
4822 </NcpsltdCntt>
4823 <MAC> SSO3hoKXk6U=</MAC>
4824 </AuthntcdData>
4825 </SctyTrlr>
4826 </StsRpt>
4827 </Document>
4828
9 Message Examples Page 190
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4829 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
4830 or line breaks) is dumped below:
4831 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
4832 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
4833 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
4834 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
4835 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
4836 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
4837 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
4838 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
4839 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
4840 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
4841 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
4842 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 30 2E 30 |08-23T22:45:00.0|
4843 00C0 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |1+02:00</CreDtTm|
4844 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
4845 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
4846 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
4847 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
4848 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
4849 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
4850 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
4851 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
4852 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
4853 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
4854 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
4855 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
4856 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
4857 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
4858 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
4859 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
4860 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
4861 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
4862 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
4863 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
4864 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
4865 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
4866 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
4867 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
4868 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
4869 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
4870 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
4871 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
4872 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
4873 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
4874 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
4875 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
4876 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
4877 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
4878 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|
4879 0300 6F 72 30 30 33 3C 2F 50 72 76 64 72 49 64 3E 3C |or003</PrvdrId><|
4880 0310 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 |/Id><Sts><VrsnNb|
4881 0320 3E 37 2E 31 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 |>7.1</VrsnNb></S|

9 Message Examples Page 191


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4882 0330 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |ts></POICmpnt><P|


4883 0340 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 |OICmpnt><Tp>APLI|
4884 0350 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
4885 0360 31 2E 31 2E 32 3C 2F 49 74 6D 4E 62 3E 3C 50 72 |1.1.2</ItmNb><Pr|
4886 0370 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 |vdrId>EPASVendor|
4887 0380 30 30 32 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 |002</PrvdrId></I|
4888 0390 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 31 |d><Sts><VrsnNb>1|
4889 03A0 2E 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 |.0</VrsnNb></Sts|
4890 03B0 3E 3C 53 74 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 |><StdCmplc><Id>S|
4891 03C0 45 50 41 2D 46 41 53 54 3C 2F 49 64 3E 3C 56 72 |EPA-FAST</Id><Vr|
4892 03D0 73 6E 3E 33 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 |sn>3.0</Vrsn><Is|
4893 03E0 73 72 3E 43 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 |sr>CIR</Issr></S|
4894 03F0 74 64 43 6D 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 |tdCmplc></POICmp|
4895 0400 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 |nt><POICmpnt><Tp|
4896 0410 3E 41 50 50 52 3C 2F 54 70 3E 3C 49 64 3E 3C 49 |>APPR</Tp><Id><I|
4897 0420 74 6D 4E 62 3E 31 2E 31 2E 32 2E 31 3C 2F 49 74 |tmNb>1.1.2.1</It|
4898 0430 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
4899 0440 53 41 63 71 75 69 72 65 72 30 31 3C 2F 50 72 76 |SAcquirer01</Prv|
4900 0450 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C |drId></Id><Sts><|
4901 0460 56 72 73 6E 4E 62 3E 32 30 31 31 30 38 30 37 31 |VrsnNb>201108071|
4902 0470 34 33 35 30 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F |43500</VrsnNb></|
4903 0480 53 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |Sts></POICmpnt><|
4904 0490 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 30 38 2D |POIDtTm>2013-08-|
4905 04A0 32 33 54 32 32 3A 34 35 3A 30 30 2E 30 31 2B 30 |23T22:45:00.01+0|
4906 04B0 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C 44 |2:00</POIDtTm><D|
4907 04C0 61 74 61 53 65 74 52 65 71 72 64 3E 3C 49 64 3E |ataSetReqrd><Id>|
4908 04D0 3C 54 70 3E 4D 47 54 50 3C 2F 54 70 3E 3C 2F 49 |<Tp>MGTP</Tp></I|
4909 04E0 64 3E 3C 2F 44 61 74 61 53 65 74 52 65 71 72 64 |d></DataSetReqrd|
4910 04F0 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 |></Cntt></DataSe|
4911 0500 74 3E 3C 2F 53 74 73 52 70 74 3E |t></StsRpt> |
4912
4913
4914 The SHA-256 digest of the message body StsRpt is:
4915 0000 96 46 43 17 D0 34 FA D1 B7 6E 50 B1 D3 46 85 A0 |.FC..4...nP..F..|
4916 0010 B7 B9 9B 2F BC F0 BB 94 4A 2A 5E B7 24 E0 EE 4B |.../....J*^.$..K|
4917
4918
4919 After padding, the digest becomes:
4920 0000 96 46 43 17 D0 34 FA D1 B7 6E 50 B1 D3 46 85 A0 |.FC..4...nP..F..|
4921 0010 B7 B9 9B 2F BC F0 BB 94 4A 2A 5E B7 24 E0 EE 4B |.../....J*^.$..K|
4922 0020 80 00 00 00 00 00 00 00 |........ |
4923
4924
4925 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
4926 we obtain the MAC of the StatusReport 4923B786829793A5 and after conversion in base64 "
4927 SSO3hoKXk6U=".
4928 0000 82 85 DD 13 BF F0 B1 EB 09 40 E9 04 B3 F4 45 B0 |.........@....E.|
4929 0010 CD EC EB F5 42 EE C1 07 55 72 E2 73 BC 65 66 1A |....B...Ur.s.ef.|
4930 0020 49 23 B7 86 82 97 93 A5 |I#...... |
4931
4932
4933

9 Message Examples Page 192


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4934 The message sent by the transport protocol is:


4935 0000 00 00 08 42 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | B<?xml versio|
4936 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
4937 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
4938 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
4939 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
4940 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
4941 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
4942 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
4943 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
4944 0090 63 61 74 6D 2E 30 30 31 2E 30 30 31 2E 30 35 22 |catm.001.001.05"|
4945 00A0 3E 3C 53 74 73 52 70 74 3E 3C 48 64 72 3E 3C 44 |><StsRpt><Hdr><D|
4946 00B0 77 6E 6C 64 54 72 66 3E 66 61 6C 73 65 3C 2F 44 |wnldTrf>false</D|
4947 00C0 77 6E 6C 64 54 72 66 3E 3C 46 72 6D 74 56 72 73 |wnldTrf><FrmtVrs|
4948 00D0 6E 3E 35 2E 30 3C 2F 46 72 6D 74 56 72 73 6E 3E |n>5.0</FrmtVrsn>|
4949 00E0 3C 58 63 68 67 49 64 3E 35 34 39 3C 2F 58 63 68 |<XchgId>549</Xch|
4950 00F0 67 49 64 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |gId><CreDtTm>201|
4951 0100 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 30 |3-08-23T22:45:00|
4952 0110 2E 30 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.01+02:00</CreDt|
4953 0120 54 6D 3E 3C 49 6E 69 74 67 50 74 79 3E 3C 49 64 |Tm><InitgPty><Id|
4954 0130 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
4955 0140 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
4956 0150 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F 49 6E |>MTMG</Issr></In|
4957 0160 69 74 67 50 74 79 3E 3C 52 63 70 74 50 74 79 3E |itgPty><RcptPty>|
4958 0170 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 69 72 65 |<Id>epas-acquire|
4959 0180 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 |r-TM1</Id><Tp>MT|
4960 0190 4D 47 3C 2F 54 70 3E 3C 2F 52 63 70 74 50 74 79 |MG</Tp></RcptPty|
4961 01A0 3E 3C 2F 48 64 72 3E 3C 53 74 73 52 70 74 3E 3C |></Hdr><StsRpt><|
4962 01B0 50 4F 49 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 |POIId><Id>660000|
4963 01C0 30 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C |01</Id><Tp>OPOI<|
4964 01D0 2F 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F |/Tp><Issr>MTMG</|
4965 01E0 49 73 73 72 3E 3C 2F 50 4F 49 49 64 3E 3C 54 65 |Issr></POIId><Te|
4966 01F0 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
4967 0200 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
4968 0210 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
4969 0220 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
4970 0230 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|
4971 0240 53 54 52 50 3C 2F 54 70 3E 3C 43 72 65 44 74 54 |STRP</Tp><CreDtT|
4972 0250 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 32 3A |m>2013-08-23T22:|
4973 0260 34 35 3A 30 30 2E 30 31 2B 30 32 3A 30 30 3C 2F |45:00.01+02:00</|
4974 0270 43 72 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E |CreDtTm></Id><Cn|
4975 0280 74 74 3E 3C 50 4F 49 43 70 62 6C 74 69 65 73 3E |tt><POICpblties>|
4976 0290 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |<CardRdngCpbltie|
4977 02A0 73 3E 43 49 43 43 3C 2F 43 61 72 64 52 64 6E 67 |s>CICC</CardRdng|
4978 02B0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
4979 02C0 6E 67 43 70 62 6C 74 69 65 73 3E 4D 47 53 54 3C |ngCpblties>MGST<|
4980 02D0 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
4981 02E0 73 3E 3C 2F 50 4F 49 43 70 62 6C 74 69 65 73 3E |s></POICpblties>|
4982 02F0 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 53 45 |<POICmpnt><Tp>SE|
4983 0300 52 56 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E |RV</Tp><Id><ItmN|
4984 0310 62 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |b>1</ItmNb><Prvd|
4985 0320 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 |rId>EPASVendor00|
4986 0330 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E |1</PrvdrId></Id>|

9 Message Examples Page 193


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

4987 0340 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|


4988 0350 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 |mpnt><Tp>TERM</T|
4989 0360 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
4990 0370 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
4991 0380 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
4992 0390 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F 75 6E |PrvdrId><Id>Coun|
4993 03A0 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 64 3E |ter Top E41</Id>|
4994 03B0 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 37 35 |<SrlNb>782541075|
4995 03C0 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F |9</SrlNb></Id></|
4996 03D0 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 |POICmpnt><POICmp|
4997 03E0 6E 74 3E 3C 54 70 3E 44 56 43 45 3C 2F 54 70 3E |nt><Tp>DVCE</Tp>|
4998 03F0 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 |<Id><ItmNb>1.1.1|
4999 0400 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
5000 0410 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
5001 0420 50 72 76 64 72 49 64 3E 3C 49 64 3E 50 49 4E 20 |PrvdrId><Id>PIN |
5002 0430 50 61 64 20 54 32 35 3C 2F 49 64 3E 3C 53 72 6C |Pad T25</Id><Srl|
5003 0440 4E 62 3E 31 38 32 35 34 31 30 37 35 39 3C 2F 53 |Nb>1825410759</S|
5004 0450 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 |rlNb></Id></POIC|
5005 0460 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
5006 0470 54 70 3E 45 4D 56 4B 3C 2F 54 70 3E 3C 49 64 3E |Tp>EMVK</Tp><Id>|
5007 0480 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 2E 31 3C 2F |<ItmNb>1.1.1.1</|
5008 0490 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 |ItmNb><PrvdrId>E|
5009 04A0 50 41 53 56 65 6E 64 6F 72 30 30 33 3C 2F 50 72 |PASVendor003</Pr|
5010 04B0 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E |vdrId></Id><Sts>|
5011 04C0 3C 56 72 73 6E 4E 62 3E 37 2E 31 3C 2F 56 72 73 |<VrsnNb>7.1</Vrs|
5012 04D0 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 43 |nNb></Sts></POIC|
5013 04E0 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
5014 04F0 54 70 3E 41 50 4C 49 3C 2F 54 70 3E 3C 49 64 3E |Tp>APLI</Tp><Id>|
5015 0500 3C 49 74 6D 4E 62 3E 31 2E 31 2E 32 3C 2F 49 74 |<ItmNb>1.1.2</It|
5016 0510 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
5017 0520 53 56 65 6E 64 6F 72 30 30 32 3C 2F 50 72 76 64 |SVendor002</Prvd|
5018 0530 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 |rId></Id><Sts><V|
5019 0540 72 73 6E 4E 62 3E 31 2E 30 3C 2F 56 72 73 6E 4E |rsnNb>1.0</VrsnN|
5020 0550 62 3E 3C 2F 53 74 73 3E 3C 53 74 64 43 6D 70 6C |b></Sts><StdCmpl|
5021 0560 63 3E 3C 49 64 3E 53 45 50 41 2D 46 41 53 54 3C |c><Id>SEPA-FAST<|
5022 0570 2F 49 64 3E 3C 56 72 73 6E 3E 33 2E 30 3C 2F 56 |/Id><Vrsn>3.0</V|
5023 0580 72 73 6E 3E 3C 49 73 73 72 3E 43 49 52 3C 2F 49 |rsn><Issr>CIR</I|
5024 0590 73 73 72 3E 3C 2F 53 74 64 43 6D 70 6C 63 3E 3C |ssr></StdCmplc><|
5025 05A0 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D |/POICmpnt><POICm|
5026 05B0 70 6E 74 3E 3C 54 70 3E 41 50 50 52 3C 2F 54 70 |pnt><Tp>APPR</Tp|
5027 05C0 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E |><Id><ItmNb>1.1.|
5028 05D0 32 2E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |2.1</ItmNb><Prvd|
5029 05E0 72 49 64 3E 45 50 41 53 41 63 71 75 69 72 65 72 |rId>EPASAcquirer|
5030 05F0 30 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 |01</PrvdrId></Id|
5031 0600 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 32 30 |><Sts><VrsnNb>20|
5032 0610 31 31 30 38 30 37 31 34 33 35 30 30 3C 2F 56 72 |110807143500</Vr|
5033 0620 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 |snNb></Sts></POI|
5034 0630 43 6D 70 6E 74 3E 3C 50 4F 49 44 74 54 6D 3E 32 |Cmpnt><POIDtTm>2|
5035 0640 30 31 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A |013-08-23T22:45:|
5036 0650 30 30 2E 30 31 2B 30 32 3A 30 30 3C 2F 50 4F 49 |00.01+02:00</POI|
5037 0660 44 74 54 6D 3E 3C 44 61 74 61 53 65 74 52 65 71 |DtTm><DataSetReq|
5038 0670 72 64 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C |rd><Id><Tp>MGTP<|
5039 0680 2F 54 70 3E 3C 2F 49 64 3E 3C 2F 44 61 74 61 53 |/Tp></Id></DataS|
5040 0690 65 74 52 65 71 72 64 3E 3C 2F 43 6E 74 74 3E 3C |etReqrd></Cntt><|

9 Message Examples Page 194


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5041 06A0 2F 44 61 74 61 53 65 74 3E 3C 2F 53 74 73 52 70 |/DataSet></StsRp|


5042 06B0 74 3E 3C 53 63 74 79 54 72 6C 72 3E 3C 43 6E 74 |t><SctyTrlr><Cnt|
5043 06C0 74 54 70 3E 41 55 54 48 3C 2F 43 6E 74 74 54 70 |tTp>AUTH</CnttTp|
5044 06D0 3E 3C 41 75 74 68 6E 74 63 64 44 61 74 61 3E 3C |><AuthntcdData><|
5045 06E0 52 63 70 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 64 |Rcpt><KEK><KEKId|
5046 06F0 3E 3C 4B 65 79 49 64 3E 53 70 65 63 56 31 54 65 |><KeyId>SpecV1Te|
5047 0700 73 74 4B 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B 65 |stKey</KeyId><Ke|
5048 0710 79 56 72 73 6E 3E 32 30 31 30 30 36 30 37 31 35 |yVrsn>2010060715|
5049 0720 3C 2F 4B 65 79 56 72 73 6E 3E 3C 44 65 72 69 76 |</KeyVrsn><Deriv|
5050 0730 74 6E 49 64 3E 4F 59 63 6C 70 51 45 3D 3C 2F 44 |tnId>OYclpQE=</D|
5051 0740 65 72 69 76 74 6E 49 64 3E 3C 2F 4B 45 4B 49 64 |erivtnId></KEKId|
5052 0750 3E 3C 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E |><KeyNcrptnAlgo>|
5053 0760 3C 41 6C 67 6F 3E 44 4B 50 39 3C 2F 41 6C 67 6F |<Algo>DKP9</Algo|
5054 0770 3E 3C 2F 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F |></KeyNcrptnAlgo|
5055 0780 3E 3C 4E 63 72 70 74 64 4B 65 79 3E 34 70 41 67 |><NcrptdKey>4pAg|
5056 0790 41 42 63 3D 3C 2F 4E 63 72 70 74 64 4B 65 79 3E |ABc=</NcrptdKey>|
5057 07A0 3C 2F 4B 45 4B 3E 3C 2F 52 63 70 74 3E 3C 4D 41 |</KEK></Rcpt><MA|
5058 07B0 43 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 4D 43 43 53 |CAlgo><Algo>MCCS|
5059 07C0 3C 2F 41 6C 67 6F 3E 3C 2F 4D 41 43 41 6C 67 6F |</Algo></MACAlgo|
5060 07D0 3E 3C 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 43 |><NcpsltdCntt><C|
5061 07E0 6E 74 74 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 |nttTp>DATA</Cntt|
5062 07F0 54 70 3E 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 74 |Tp></NcpsltdCntt|
5063 0800 3E 3C 4D 41 43 3E 53 53 4F 33 68 6F 4B 58 6B 36 |><MAC>SSO3hoKXk6|
5064 0810 55 3D 3C 2F 4D 41 43 3E 3C 2F 41 75 74 68 6E 74 |U=</MAC></Authnt|
5065 0820 63 64 44 61 74 61 3E 3C 2F 53 63 74 79 54 72 6C |cdData></SctyTrl|
5066 0830 72 3E 3C 2F 53 74 73 52 70 74 3E 3C 2F 44 6F 63 |r></StsRpt></Doc|
5067 0840 75 6D 65 6E 74 3E |ument> |
5068
5069
5070

9 Message Examples Page 195


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5071 9.2.2 ManagementPlanReplacement Message


5072
5073 The version of the acquirer parameters of the POI sent in the StatusReport is obsolete (Version
5074 "20110807143500" of the POIComponentType "AcquirerParameters").
5075 The TM sends a new management plan with, in addition to the cyclic call to contact periodically the TM,
5076 the download of the acquirer parameters.
5077
DataSet Type Action Type Trigger StartTime WaitingTime Period
AcquirerParameters Download DateTime 2013-08-23T10:28:00
ManagementPlan Download DateTime 0 1 day

5078
5079 The ManagementPlanReplacement message body contains these two actions presented below:
5080
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 549
CreationDateTime 2013-08-23T22:45:01.61+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
ManagementPlan
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type ManagementPlan
CreationDateTime 2013-08-23T22:45:01.61+02:00
Content
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Name “MyParameter”
Type AcquirerParameters
Version 20130822181900
Trigger DateTime

9 Message Examples Page 196


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AdditionalProcess Restart
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2013-08-23T10:28:00

Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
WaitingTime 0
Period 10000
MaximumNumber 0
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC 137BC5E629E830F6

5081
5082

9 Message Examples Page 197


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5083 The XML encoded ManagementPlanReplacement message is presented below.


5084
5085 <?xml version="1.0" encoding="UTF-8"?>
5086 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5087 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.002.001.05">
5088 <MgmtPlanRplcmnt>
5089 <Hdr>
5090 <DwnldTrf>true</DwnldTrf>
5091 <FrmtVrsn>5.0</FrmtVrsn>
5092 <XchgId>549</XchgId>
5093 <CreDtTm>2013-08-23T22:45:01.61+02:00</CreDtTm>
5094 <InitgPty>
5095 <Id>66000001</Id>
5096 <Tp>OPOI</Tp>
5097 <Issr>MTMG</Issr>
5098 </InitgPty>
5099 <RcptPty>
5100 <Id>epas-acquirer-TM1</Id>
5101 <Tp>MTMG</Tp>
5102 </RcptPty>
5103 </Hdr>
5104 <MgmtPlan>
5105 <POIId>
5106 <Id>66000001</Id>
5107 <Tp>OPOI</Tp>
5108 <Issr>MTMG</Issr>
5109 </POIId>
5110 <TermnlMgrId>
5111 <Id>epas-acquirer-TM1</Id>
5112 <Tp>MTMG</Tp>
5113 </TermnlMgrId>
5114 <DataSet>
5115 <Id>
5116 <Tp>MGTP</Tp>
5117 <CreDtTm>2013-08-23T22:45:01.61+02:00</CreDtTm>
5118 </Id>
5119 <Cntt>
5120 <Actn>
5121 <Tp>DWNL</Tp>
5122 <RmotAccs>
5123 <Adr>
5124 <NtwkTp>IPNW</NtwkTp>
5125 <AdrVal>TM1.Test.EPASOrg.eu:5001</AdrVal>
5126 </Adr>
5127 </RmotAccs>
5128 <DataSetId>
5129 <Nm>MyParameter</Nm>
5130 <Tp>AQPR</Tp>
5131 <Vrsn>20130822181900</Vrsn>
5132 </DataSetId>
5133 <Trggr>DATE</Trggr>
5134 <AddtlPrc>RSRT</AddtlPrc>
5135 <ReTry>
5136 <Dely>10</Dely>
5137 <MaxNb>2</MaxNb>
5138 </ReTry>
5139 <TmCond>
5140 <StartTm>2013-08-23T10:28:00</StartTm>
5141 </TmCond>
5142 </Actn>
5143 <Actn>
5144 <Tp>DWNL</Tp>
5145 <RmotAccs>
5146 <Adr>
5147 <NtwkTp>IPNW</NtwkTp>
5148 <AdrVal>TM1.Test.EPASOrg.eu:5001</AdrVal>
5149 </Adr>
5150 </RmotAccs>

9 Message Examples Page 198


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5151 <DataSetId>
5152 <Tp>MGTP</Tp>
5153 </DataSetId>
5154 <Trggr>DATE</Trggr>
5155 <ReTry>
5156 <Dely>10</Dely>
5157 <MaxNb>2</MaxNb>
5158 </ReTry>
5159 <TmCond>
5160 <WtgTm>0</WtgTm>
5161 <Prd>10000</Prd>
5162 <MaxNb>0</MaxNb>
5163 </TmCond>
5164 </Actn>
5165 </Cntt>
5166 </DataSet>
5167 </MgmtPlan>
5168 <SctyTrlr>
5169 <CnttTp>AUTH</CnttTp>
5170 <AuthntcdData>
5171 <Rcpt>
5172 <KEK>
5173 <KEKId>
5174 <KeyId>SpecV1TestKey</KeyId>
5175 <KeyVrsn>2010060715</KeyVrsn>
5176 <DerivtnId>OYclpQE=</DerivtnId>
5177 </KEKId>
5178 <KeyNcrptnAlgo>
5179 <Algo>DKP9</Algo>
5180 </KeyNcrptnAlgo>
5181 <NcrptdKey>4pAgABc=</NcrptdKey>
5182 </KEK>
5183 </Rcpt>
5184 <MACAlgo>
5185 <Algo>MCCS</Algo>
5186 </MACAlgo>
5187 <NcpsltdCntt>
5188 <CnttTp>DATA</CnttTp>
5189 </NcpsltdCntt>
5190 <MAC> E3vF5inoMPY=</MAC>
5191 </AuthntcdData>
5192 </SctyTrlr>
5193 </MgmtPlanRplcmnt>
5194 </Document>

5195
5196

9 Message Examples Page 199


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5197 Once unnecessary spaces and carriage returns are removed, the message body MgmtPlan (without
5198 spaces or line breaks) is dumped below:
5199 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
5200 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
5201 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
5202 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
5203 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
5204 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 |grId><Id>epas-ac|
5205 0060 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C |quirer-TM1</Id><|
5206 0070 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 |Tp>MTMG</Tp></Te|
5207 0080 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 |rmnlMgrId><DataS|
5208 0090 65 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C |et><Id><Tp>MGTP<|
5209 00A0 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |/Tp><CreDtTm>201|
5210 00B0 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 |3-08-23T22:45:01|
5211 00C0 2E 36 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.61+02:00</CreDt|
5212 00D0 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 |Tm></Id><Cntt><A|
5213 00E0 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 |ctn><Tp>DWNL</Tp|
5214 00F0 3E 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E |><RmotAccs><Adr>|
5215 0100 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 |<NtwkTp>IPNW</Nt|
5216 0110 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 |wkTp><AdrVal>TM1|
5217 0120 2E 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 |.Test.EPASOrg.eu|
5218 0130 3A 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F |:5001</AdrVal></|
5219 0140 41 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C |Adr></RmotAccs><|
5220 0150 44 61 74 61 53 65 74 49 64 3E 3C 4E 6D 3E 4D 79 |DataSetId><Nm>My|
5221 0160 50 61 72 61 6D 65 74 65 72 3C 2F 4E 6D 3E 3C 54 |Parameter</Nm><T|
5222 0170 70 3E 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E |p>AQPR</Tp><Vrsn|
5223 0180 3E 32 30 31 33 30 38 32 32 31 38 31 39 30 30 3C |>20130822181900<|
5224 0190 2F 56 72 73 6E 3E 3C 2F 44 61 74 61 53 65 74 49 |/Vrsn></DataSetI|
5225 01A0 64 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 |d><Trggr>DATE</T|
5226 01B0 72 67 67 72 3E 3C 41 64 64 74 6C 50 72 63 3E 52 |rggr><AddtlPrc>R|
5227 01C0 53 52 54 3C 2F 41 64 64 74 6C 50 72 63 3E 3C 52 |SRT</AddtlPrc><R|
5228 01D0 65 54 72 79 3E 3C 44 65 6C 79 3E 31 30 3C 2F 44 |eTry><Dely>10</D|
5229 01E0 65 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C 2F 4D 61 |ely><MaxNb>2</Ma|
5230 01F0 78 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C 54 6D 43 |xNb></ReTry><TmC|
5231 0200 6F 6E 64 3E 3C 53 74 61 72 74 54 6D 3E 32 30 31 |ond><StartTm>201|
5232 0210 33 2D 30 38 2D 32 33 54 31 30 3A 32 38 3A 30 30 |3-08-23T10:28:00|
5233 0220 3C 2F 53 74 61 72 74 54 6D 3E 3C 2F 54 6D 43 6F |</StartTm></TmCo|
5234 0230 6E 64 3E 3C 2F 41 63 74 6E 3E 3C 41 63 74 6E 3E |nd></Actn><Actn>|
5235 0240 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E 3C 52 6D |<Tp>DWNL</Tp><Rm|
5236 0250 6F 74 41 63 63 73 3E 3C 41 64 72 3E 3C 4E 74 77 |otAccs><Adr><Ntw|
5237 0260 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 6B 54 70 |kTp>IPNW</NtwkTp|
5238 0270 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 2E 54 65 73 |><AdrVal>TM1.Tes|
5239 0280 74 2E 45 50 41 53 4F 72 67 2E 65 75 3A 35 30 30 |t.EPASOrg.eu:500|
5240 0290 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 64 72 3E |1</AdrVal></Adr>|
5241 02A0 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C 44 61 74 61 |</RmotAccs><Data|
5242 02B0 53 65 74 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F |SetId><Tp>MGTP</|
5243 02C0 54 70 3E 3C 2F 44 61 74 61 53 65 74 49 64 3E 3C |Tp></DataSetId><|
5244 02D0 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 67 67 |Trggr>DATE</Trgg|
5245 02E0 72 3E 3C 52 65 54 72 79 3E 3C 44 65 6C 79 3E 31 |r><ReTry><Dely>1|
5246 02F0 30 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E 62 3E 32 |0</Dely><MaxNb>2|
5247 0300 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 72 79 3E |</MaxNb></ReTry>|
5248 0310 3C 54 6D 43 6F 6E 64 3E 3C 57 74 67 54 6D 3E 30 |<TmCond><WtgTm>0|
5249 0320 3C 2F 57 74 67 54 6D 3E 3C 50 72 64 3E 31 30 30 |</WtgTm><Prd>100|

9 Message Examples Page 200


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5250 0330 30 30 3C 2F 50 72 64 3E 3C 4D 61 78 4E 62 3E 30 |00</Prd><MaxNb>0|


5251 0340 3C 2F 4D 61 78 4E 62 3E 3C 2F 54 6D 43 6F 6E 64 |</MaxNb></TmCond|
5252 0350 3E 3C 2F 41 63 74 6E 3E 3C 2F 43 6E 74 74 3E 3C |></Actn></Cntt><|
5253 0360 2F 44 61 74 61 53 65 74 3E 3C 2F 4D 67 6D 74 50 |/DataSet></MgmtP|
5254 0370 6C 61 6E 3E |lan> |
5255
5256 The SHA-256 digest of the message body MgmtPlan is:
5257 0000 48 3E 95 23 78 AF 1A 88 69 D1 0D 11 C4 71 DF B3 |H>.#x...i....q..|
5258 0010 C1 8B A9 53 44 AA 38 BE 68 86 F7 A9 2A 27 A7 E0 |...SD.8.h...*'..|
5259
5260 After padding, the digest becomes:
5261 0000 48 3E 95 23 78 AF 1A 88 69 D1 0D 11 C4 71 DF B3 |H>.#x...i....q..|
5262 0010 C1 8B A9 53 44 AA 38 BE 68 86 F7 A9 2A 27 A7 E0 |...SD.8.h...*'..|
5263 0020 80 00 00 00 00 00 00 00 |........ |
5264
5265

9 Message Examples Page 201


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5266 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
5267 we obtain the MAC of the ManagementPlan 137BC5E629E830F6 and after conversion in base64 "
5268 E3vF5inoMPY=".
5269 0000 0C A0 B6 35 D2 8E 1E 6B 9C 2D 36 A7 5E C8 DF A1 |...5...k.-6.^...|
5270 0010 22 83 7D 38 F8 0E 62 8A 2C 64 FC 44 0D 08 DA 9B |".}8..b.,d.D....|
5271 0020 13 7B C5 E6 29 E8 30 F6 |.{..).0. |
5272
5273
5274 The message sent by the transport protocol is:
5275 0000 00 00 06 BB 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | - <?xml versio|
5276 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
5277 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
5278 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
5279 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
5280 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
5281 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
5282 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
5283 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
5284 0090 63 61 74 6D 2E 30 30 32 2E 30 30 31 2E 30 35 22 |catm.002.001.05"|
5285 00A0 3E 3C 4D 67 6D 74 50 6C 61 6E 52 70 6C 63 6D 6E |><MgmtPlanRplcmn|
5286 00B0 74 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 |t><Hdr><DwnldTrf|
5287 00C0 3E 74 72 75 65 3C 2F 44 77 6E 6C 64 54 72 66 3E |>true</DwnldTrf>|
5288 00D0 3C 46 72 6D 74 56 72 73 6E 3E 35 2E 30 3C 2F 46 |<FrmtVrsn>5.0</F|
5289 00E0 72 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E |rmtVrsn><XchgId>|
5290 00F0 35 34 39 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 |549</XchgId><Cre|
5291 0100 44 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 |DtTm>2013-08-23T|
5292 0110 32 32 3A 34 35 3A 30 31 2E 36 31 2B 30 32 3A 30 |22:45:01.61+02:0|
5293 0120 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 |0</CreDtTm><Init|
5294 0130 67 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 |gPty><Id>6600000|
5295 0140 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F |1</Id><Tp>OPOI</|
5296 0150 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 |Tp><Issr>MTMG</I|
5297 0160 73 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C |ssr></InitgPty><|
5298 0170 52 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 |RcptPty><Id>epas|
5299 0180 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
5300 0190 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
5301 01A0 2F 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C |/RcptPty></Hdr><|
5302 01B0 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 3E |MgmtPlan><POIId>|
5303 01C0 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 |<Id>66000001</Id|
5304 01D0 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 |><Tp>OPOI</Tp><I|
5305 01E0 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C |ssr>MTMG</Issr><|
5306 01F0 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 |/POIId><TermnlMg|
5307 0200 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 |rId><Id>epas-acq|
5308 0210 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |uirer-TM1</Id><T|
5309 0220 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 |p>MTMG</Tp></Ter|
5310 0230 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
5311 0240 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F |t><Id><Tp>MGTP</|
5312 0250 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 |Tp><CreDtTm>2013|
5313 0260 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 2E |-08-23T22:45:01.|
5314 0270 36 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 |61+02:00</CreDtT|
5315 0280 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 |m></Id><Cntt><Ac|
5316 0290 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E |tn><Tp>DWNL</Tp>|
5317 02A0 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E 3C |<RmotAccs><Adr><|

9 Message Examples Page 202


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5318 02B0 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 |NtwkTp>IPNW</Ntw|


5319 02C0 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 2E |kTp><AdrVal>TM1.|
5320 02D0 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 3A |Test.EPASOrg.eu:|
5321 02E0 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 |5001</AdrVal></A|
5322 02F0 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C 44 |dr></RmotAccs><D|
5323 0300 61 74 61 53 65 74 49 64 3E 3C 4E 6D 3E 4D 79 50 |ataSetId><Nm>MyP|
5324 0310 61 72 61 6D 65 74 65 72 3C 2F 4E 6D 3E 3C 54 70 |arameter</Nm><Tp|
5325 0320 3E 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E |>AQPR</Tp><Vrsn>|
5326 0330 32 30 31 33 30 38 32 32 31 38 31 39 30 30 3C 2F |20130822181900</|
5327 0340 56 72 73 6E 3E 3C 2F 44 61 74 61 53 65 74 49 64 |Vrsn></DataSetId|
5328 0350 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 |><Trggr>DATE</Tr|
5329 0360 67 67 72 3E 3C 41 64 64 74 6C 50 72 63 3E 52 53 |ggr><AddtlPrc>RS|
5330 0370 52 54 3C 2F 41 64 64 74 6C 50 72 63 3E 3C 52 65 |RT</AddtlPrc><Re|
5331 0380 54 72 79 3E 3C 44 65 6C 79 3E 31 30 3C 2F 44 65 |Try><Dely>10</De|
5332 0390 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C 2F 4D 61 78 |ly><MaxNb>2</Max|
5333 03A0 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C 54 6D 43 6F |Nb></ReTry><TmCo|
5334 03B0 6E 64 3E 3C 53 74 61 72 74 54 6D 3E 32 30 31 33 |nd><StartTm>2013|
5335 03C0 2D 30 38 2D 32 33 54 31 30 3A 32 38 3A 30 30 3C |-08-23T10:28:00<|
5336 03D0 2F 53 74 61 72 74 54 6D 3E 3C 2F 54 6D 43 6F 6E |/StartTm></TmCon|
5337 03E0 64 3E 3C 2F 41 63 74 6E 3E 3C 41 63 74 6E 3E 3C |d></Actn><Actn><|
5338 03F0 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E 3C 52 6D 6F |Tp>DWNL</Tp><Rmo|
5339 0400 74 41 63 63 73 3E 3C 41 64 72 3E 3C 4E 74 77 6B |tAccs><Adr><Ntwk|
5340 0410 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 6B 54 70 3E |Tp>IPNW</NtwkTp>|
5341 0420 3C 41 64 72 56 61 6C 3E 54 4D 31 2E 54 65 73 74 |<AdrVal>TM1.Test|
5342 0430 2E 45 50 41 53 4F 72 67 2E 65 75 3A 35 30 30 31 |.EPASOrg.eu:5001|
5343 0440 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 64 72 3E 3C |</AdrVal></Adr><|
5344 0450 2F 52 6D 6F 74 41 63 63 73 3E 3C 44 61 74 61 53 |/RmotAccs><DataS|
5345 0460 65 74 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F 54 |etId><Tp>MGTP</T|
5346 0470 70 3E 3C 2F 44 61 74 61 53 65 74 49 64 3E 3C 54 |p></DataSetId><T|
5347 0480 72 67 67 72 3E 44 41 54 45 3C 2F 54 72 67 67 72 |rggr>DATE</Trggr|
5348 0490 3E 3C 52 65 54 72 79 3E 3C 44 65 6C 79 3E 31 30 |><ReTry><Dely>10|
5349 04A0 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E 62 3E 32 3C |</Dely><MaxNb>2<|
5350 04B0 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 72 79 3E 3C |/MaxNb></ReTry><|
5351 04C0 54 6D 43 6F 6E 64 3E 3C 57 74 67 54 6D 3E 30 3C |TmCond><WtgTm>0<|
5352 04D0 2F 57 74 67 54 6D 3E 3C 50 72 64 3E 31 30 30 30 |/WtgTm><Prd>1000|
5353 04E0 30 3C 2F 50 72 64 3E 3C 4D 61 78 4E 62 3E 30 3C |0</Prd><MaxNb>0<|
5354 04F0 2F 4D 61 78 4E 62 3E 3C 2F 54 6D 43 6F 6E 64 3E |/MaxNb></TmCond>|
5355 0500 3C 2F 41 63 74 6E 3E 3C 2F 43 6E 74 74 3E 3C 2F |</Actn></Cntt></|
5356 0510 44 61 74 61 53 65 74 3E 3C 2F 4D 67 6D 74 50 6C |DataSet></MgmtPl|
5357 0520 61 6E 3E 3C 53 63 74 79 54 72 6C 72 3E 3C 43 6E |an><SctyTrlr><Cn|
5358 0530 74 74 54 70 3E 41 55 54 48 3C 2F 43 6E 74 74 54 |ttTp>AUTH</CnttT|
5359 0540 70 3E 3C 41 75 74 68 6E 74 63 64 44 61 74 61 3E |p><AuthntcdData>|
5360 0550 3C 52 63 70 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 |<Rcpt><KEK><KEKI|
5361 0560 64 3E 3C 4B 65 79 49 64 3E 53 70 65 63 56 31 54 |d><KeyId>SpecV1T|
5362 0570 65 73 74 4B 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B |estKey</KeyId><K|
5363 0580 65 79 56 72 73 6E 3E 32 30 31 30 30 36 30 37 31 |eyVrsn>201006071|
5364 0590 35 3C 2F 4B 65 79 56 72 73 6E 3E 3C 44 65 72 69 |5</KeyVrsn><Deri|
5365 05A0 76 74 6E 49 64 3E 4F 59 63 6C 70 51 45 3D 3C 2F |vtnId>OYclpQE=</|
5366 05B0 44 65 72 69 76 74 6E 49 64 3E 3C 2F 4B 45 4B 49 |DerivtnId></KEKI|
5367 05C0 64 3E 3C 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F |d><KeyNcrptnAlgo|
5368 05D0 3E 3C 41 6C 67 6F 3E 44 4B 50 39 3C 2F 41 6C 67 |><Algo>DKP9</Alg|
5369 05E0 6F 3E 3C 2F 4B 65 79 4E 63 72 70 74 6E 41 6C 67 |o></KeyNcrptnAlg|
5370 05F0 6F 3E 3C 4E 63 72 70 74 64 4B 65 79 3E 34 70 41 |o><NcrptdKey>4pA|
5371 0600 67 41 42 63 3D 3C 2F 4E 63 72 70 74 64 4B 65 79 |gABc=</NcrptdKey|

9 Message Examples Page 203


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5372 0610 3E 3C 2F 4B 45 4B 3E 3C 2F 52 63 70 74 3E 3C 4D |></KEK></Rcpt><M|


5373 0620 41 43 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 4D 43 43 |ACAlgo><Algo>MCC|
5374 0630 53 3C 2F 41 6C 67 6F 3E 3C 2F 4D 41 43 41 6C 67 |S</Algo></MACAlg|
5375 0640 6F 3E 3C 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C |o><NcpsltdCntt><|
5376 0650 43 6E 74 74 54 70 3E 44 41 54 41 3C 2F 43 6E 74 |CnttTp>DATA</Cnt|
5377 0660 74 54 70 3E 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 |tTp></NcpsltdCnt|
5378 0670 74 3E 3C 4D 41 43 3E 45 33 76 46 35 69 6E 6F 4D |t><MAC>E3vF5inoM|
5379 0680 50 59 3D 3C 2F 4D 41 43 3E 3C 2F 41 75 74 68 6E |PY=</MAC></Authn|
5380 0690 74 63 64 44 61 74 61 3E 3C 2F 53 63 74 79 54 72 |tcdData></SctyTr|
5381 06A0 6C 72 3E 3C 2F 4D 67 6D 74 50 6C 61 6E 52 70 6C |lr></MgmtPlanRpl|
5382 06B0 63 6D 6E 74 3E 3C 2F 44 6F 63 75 6D 65 6E 74 3E |cmnt></Document>|
5383
5384

9 Message Examples Page 204


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5385 9.3 Download of the Acquirer Parameters

5386 9.3.1 StatusReport Message


5387
5388 The first action of the new management plan, the download of a new version of the Acquirer parameters,
5389 contains a StartTime which is passed. This action has to be excecuted immediately. The POI sends a
5390 StatusReport message with DataSetRequired containing the DataSetIdentification of this action:
5391
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 550
CreationDateTime 2013-08-23T22:45:01.86+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-08-23T22:45:01.86+02:00
Content
POICapabilities
CardReadingCapabilities ICC
CardReadingCapabilities MagneticStripe
POIComponent
Type Server
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
POIComponent
Type Terminal
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Model Counter Top E41
SerialNumber 7825410759
POIComponent
Type Device

9 Message Examples Page 205


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20110807143500
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-08-23T15:16:08.13+02:00
DataSetRequired
Identification
Type AcquirerParameters
Version 20130822181900
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017

9 Message Examples Page 206


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC BF38EEF2EC94A3FB

5392
5393

9 Message Examples Page 207


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5394 The XML encoded StatusReport message is presented below.


5395
5396 <?xml version="1.0" encoding="UTF-8"?>
5397 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5398 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
5399 <StsRpt>
5400 <Hdr>
5401 <DwnldTrf>false</DwnldTrf>
5402 <FrmtVrsn>5.0</FrmtVrsn>
5403 <XchgId>550</XchgId>
5404 <CreDtTm>2013-08-23T22:45:01.86+02:00</CreDtTm>
5405 <InitgPty>
5406 <Id>66000001</Id>
5407 <Tp>OPOI</Tp>
5408 <Issr>MTMG</Issr>
5409 </InitgPty>
5410 <RcptPty>
5411 <Id>epas-acquirer-TM1</Id>
5412 <Tp>MTMG</Tp>
5413 </RcptPty>
5414 </Hdr>
5415 <StsRpt>
5416 <POIId>
5417 <Id>66000001</Id>
5418 <Tp>OPOI</Tp>
5419 <Issr>MTMG</Issr>
5420 </POIId>
5421 <TermnlMgrId>
5422 <Id>epas-acquirer-TM1</Id>
5423 <Tp>MTMG</Tp>
5424 </TermnlMgrId>
5425 <DataSet>
5426 <Id>
5427 <Tp>STRP</Tp>
5428 <CreDtTm>2013-08-23T22:45:01.86+02:00</CreDtTm>
5429 </Id>
5430 <Cntt>
5431 <POICpblties>
5432 <CardRdngCpblties>CICC</CardRdngCpblties>
5433 <CardRdngCpblties>MGST</CardRdngCpblties>
5434 </POICpblties>
5435 <POICmpnt>
5436 <Tp>SERV</Tp>
5437 <Id>
5438 <ItmNb>1</ItmNb>
5439 <PrvdrId>EPASVendor001</PrvdrId>
5440 </Id>
5441 </POICmpnt>
5442 <POICmpnt>
5443 <Tp>TERM</Tp>
5444 <Id>
5445 <ItmNb>1.1</ItmNb>
5446 <PrvdrId>EPASVendor001</PrvdrId>
5447 <Id>Counter Top E41</Id>
5448 <SrlNb>7825410759</SrlNb>
5449 </Id>
5450 </POICmpnt>
5451 <POICmpnt>
5452 <Tp>DVCE</Tp>
5453 <Id>
5454 <ItmNb>1.1.1</ItmNb>
5455 <PrvdrId>EPASVendor001</PrvdrId>
5456 <Id>PIN Pad T25</Id>
5457 <SrlNb>1825410759</SrlNb>
5458 </Id>
5459 </POICmpnt>
5460 <POICmpnt>
5461 <Tp>EMVK</Tp>

9 Message Examples Page 208


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5462 <Id>
5463 <ItmNb>1.1.1.1</ItmNb>
5464 <PrvdrId>EPASVendor003</PrvdrId>
5465 </Id>
5466 <Sts>
5467 <VrsnNb>7.1</VrsnNb>
5468 </Sts>
5469 </POICmpnt>
5470 <POICmpnt>
5471 <Tp>APLI</Tp>
5472 <Id>
5473 <ItmNb>1.1.2</ItmNb>
5474 <PrvdrId>EPASVendor002</PrvdrId>
5475 </Id>
5476 <Sts>
5477 <VrsnNb>1.0</VrsnNb>
5478 </Sts>
5479 <StdCmplc>
5480 <Id>SEPA-FAST</Id>
5481 <Vrsn>3.0</Vrsn>
5482 <Issr>CIR</Issr>
5483 </StdCmplc>
5484 </POICmpnt>
5485 <POICmpnt>
5486 <Tp>APPR</Tp>
5487 <Id>
5488 <ItmNb>1.1.2.1</ItmNb>
5489 <PrvdrId>EPASAcquirer01</PrvdrId>
5490 </Id>
5491 <Sts>
5492 <VrsnNb>20110807143500</VrsnNb>
5493 </Sts>
5494 </POICmpnt>
5495 <AttndncCntxt>ATTD</AttndncCntxt>
5496 <POIDtTm>2013-08-23T15:16:08.13+02:00</POIDtTm>
5497 <DataSetReqrd>
5498 <Id>
5499 <Tp>AQPR</Tp>
5500 <Vrsn>20130822181900</Vrsn>
5501 </Id>
5502 </DataSetReqrd>
5503 </Cntt>
5504 </DataSet>
5505 </StsRpt>
5506 <SctyTrlr>
5507 <CnttTp>AUTH</CnttTp>
5508 <AuthntcdData>
5509 <Rcpt>
5510 <KEK>
5511 <KEKId>
5512 <KeyId>SpecV1TestKey</KeyId>
5513 <KeyVrsn>2010060715</KeyVrsn>
5514 <DerivtnId>OYclpQE=</DerivtnId>
5515 </KEKId>
5516 <KeyNcrptnAlgo>
5517 <Algo>DKP9</Algo>
5518 </KeyNcrptnAlgo>
5519 <NcrptdKey>4pAgABc=</NcrptdKey>
5520 </KEK>
5521 </Rcpt>
5522 <MACAlgo>
5523 <Algo>MCCS</Algo>
5524 </MACAlgo>
5525 <NcpsltdCntt>
5526 <CnttTp>DATA</CnttTp>
5527 </NcpsltdCntt>
5528 <MAC>vzju8uyUo/s=</MAC>
5529 </AuthntcdData>
5530 </SctyTrlr>

9 Message Examples Page 209


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5531 </StsRpt>
5532 </Document>
5533
5534 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
5535 or line breaks) is dumped below:
5536 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
5537 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
5538 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
5539 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
5540 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
5541 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
5542 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
5543 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
5544 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
5545 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
5546 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
5547 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 2E 38 |08-23T22:45:01.8|
5548 00C0 36 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |6+02:00</CreDtTm|
5549 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
5550 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
5551 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
5552 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
5553 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
5554 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
5555 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
5556 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
5557 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
5558 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
5559 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
5560 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
5561 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
5562 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
5563 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
5564 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
5565 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
5566 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
5567 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
5568 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
5569 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
5570 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
5571 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
5572 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
5573 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
5574 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
5575 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
5576 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
5577 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
5578 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
5579 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
5580 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
5581 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
5582 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
5583 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|

9 Message Examples Page 210


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5584 0300 6F 72 30 30 33 3C 2F 50 72 76 64 72 49 64 3E 3C |or003</PrvdrId><|


5585 0310 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 |/Id><Sts><VrsnNb|
5586 0320 3E 37 2E 31 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 |>7.1</VrsnNb></S|
5587 0330 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |ts></POICmpnt><P|
5588 0340 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 |OICmpnt><Tp>APLI|
5589 0350 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
5590 0360 31 2E 31 2E 32 3C 2F 49 74 6D 4E 62 3E 3C 50 72 |1.1.2</ItmNb><Pr|
5591 0370 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 |vdrId>EPASVendor|
5592 0380 30 30 32 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 |002</PrvdrId></I|
5593 0390 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 31 |d><Sts><VrsnNb>1|
5594 03A0 2E 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 |.0</VrsnNb></Sts|
5595 03B0 3E 3C 53 74 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 |><StdCmplc><Id>S|
5596 03C0 45 50 41 2D 46 41 53 54 3C 2F 49 64 3E 3C 56 72 |EPA-FAST</Id><Vr|
5597 03D0 73 6E 3E 33 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 |sn>3.0</Vrsn><Is|
5598 03E0 73 72 3E 43 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 |sr>CIR</Issr></S|
5599 03F0 74 64 43 6D 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 |tdCmplc></POICmp|
5600 0400 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 |nt><POICmpnt><Tp|
5601 0410 3E 41 50 50 52 3C 2F 54 70 3E 3C 49 64 3E 3C 49 |>APPR</Tp><Id><I|
5602 0420 74 6D 4E 62 3E 31 2E 31 2E 32 2E 31 3C 2F 49 74 |tmNb>1.1.2.1</It|
5603 0430 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
5604 0440 53 41 63 71 75 69 72 65 72 30 31 3C 2F 50 72 76 |SAcquirer01</Prv|
5605 0450 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C |drId></Id><Sts><|
5606 0460 56 72 73 6E 4E 62 3E 32 30 31 31 30 38 30 37 31 |VrsnNb>201108071|
5607 0470 34 33 35 30 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F |43500</VrsnNb></|
5608 0480 53 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |Sts></POICmpnt><|
5609 0490 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 |AttndncCntxt>ATT|
5610 04A0 44 3C 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E |D</AttndncCntxt>|
5611 04B0 3C 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 30 38 |<POIDtTm>2013-08|
5612 04C0 2D 32 33 54 31 35 3A 31 36 3A 30 38 2E 31 33 2B |-23T15:16:08.13+|
5613 04D0 30 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C |02:00</POIDtTm><|
5614 04E0 44 61 74 61 53 65 74 52 65 71 72 64 3E 3C 49 64 |DataSetReqrd><Id|
5615 04F0 3E 3C 54 70 3E 41 51 50 52 3C 2F 54 70 3E 3C 56 |><Tp>AQPR</Tp><V|
5616 0500 72 73 6E 3E 32 30 31 33 30 38 32 32 31 38 31 39 |rsn>201308221819|
5617 0510 30 30 3C 2F 56 72 73 6E 3E 3C 2F 49 64 3E 3C 2F |00</Vrsn></Id></|
5618 0520 44 61 74 61 53 65 74 52 65 71 72 64 3E 3C 2F 43 |DataSetReqrd></C|
5619 0530 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E 3C 2F |ntt></DataSet></|
5620 0540 53 74 73 52 70 74 3E |StsRpt> |
5621
5622
5623 The SHA-256 digest of the message body StsRpt is:
5624 0000 3B 47 A3 84 63 28 45 54 F3 D3 9C 5D 6D E2 C1 A2 |;G..c(ET...]m...|
5625 0010 31 2C BD F6 A6 FE BF 21 C3 04 DA AA 29 6D E2 49 |1,.....!....)m.I|
5626
5627 After padding, the digest becomes:
5628 0000 3B 47 A3 84 63 28 45 54 F3 D3 9C 5D 6D E2 C1 A2 |;G..c(ET...]m...|
5629 0010 31 2C BD F6 A6 FE BF 21 C3 04 DA AA 29 6D E2 49 |1,.....!....)m.I|
5630 0020 80 00 00 00 00 00 00 00 |........ |
5631
5632 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
5633 we obtain the MAC of the StatusReport BF38EEF2EC94A3FB and after conversion in base64 "
5634 vzju8uyUo/s= ".
5635 0000 09 FD D6 26 95 09 F8 75 E2 19 EA 44 1E 97 F6 70 |...&...u...D...p|

9 Message Examples Page 211


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5636 0010 95 E1 78 A1 0F 0B FE 59 EB 65 77 8E 54 A3 39 B6 |..x....Y.ew.T.9.|


5637 0020 BF 38 EE F2 EC 94 A3 FB |.8...... |
5638
5639
5640 The message sent by the transport protocol is:
5641 0000 00 00 08 7D 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | }<?xml versio|
5642 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
5643 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
5644 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
5645 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
5646 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
5647 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
5648 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
5649 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
5650 0090 63 61 74 6D 2E 30 30 31 2E 30 30 31 2E 30 35 22 |catm.001.001.05"|
5651 00A0 3E 3C 53 74 73 52 70 74 3E 3C 48 64 72 3E 3C 44 |><StsRpt><Hdr><D|
5652 00B0 77 6E 6C 64 54 72 66 3E 66 61 6C 73 65 3C 2F 44 |wnldTrf>false</D|
5653 00C0 77 6E 6C 64 54 72 66 3E 3C 46 72 6D 74 56 72 73 |wnldTrf><FrmtVrs|
5654 00D0 6E 3E 35 2E 30 3C 2F 46 72 6D 74 56 72 73 6E 3E |n>5.0</FrmtVrsn>|
5655 00E0 3C 58 63 68 67 49 64 3E 35 35 30 3C 2F 58 63 68 |<XchgId>550</Xch|
5656 00F0 67 49 64 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |gId><CreDtTm>201|
5657 0100 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 31 |3-08-23T22:45:01|
5658 0110 2E 38 36 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.86+02:00</CreDt|
5659 0120 54 6D 3E 3C 49 6E 69 74 67 50 74 79 3E 3C 49 64 |Tm><InitgPty><Id|
5660 0130 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
5661 0140 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
5662 0150 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F 49 6E |>MTMG</Issr></In|
5663 0160 69 74 67 50 74 79 3E 3C 52 63 70 74 50 74 79 3E |itgPty><RcptPty>|
5664 0170 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 69 72 65 |<Id>epas-acquire|
5665 0180 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 |r-TM1</Id><Tp>MT|
5666 0190 4D 47 3C 2F 54 70 3E 3C 2F 52 63 70 74 50 74 79 |MG</Tp></RcptPty|
5667 01A0 3E 3C 2F 48 64 72 3E 3C 53 74 73 52 70 74 3E 3C |></Hdr><StsRpt><|
5668 01B0 50 4F 49 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 |POIId><Id>660000|
5669 01C0 30 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C |01</Id><Tp>OPOI<|
5670 01D0 2F 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F |/Tp><Issr>MTMG</|
5671 01E0 49 73 73 72 3E 3C 2F 50 4F 49 49 64 3E 3C 54 65 |Issr></POIId><Te|
5672 01F0 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
5673 0200 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
5674 0210 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
5675 0220 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
5676 0230 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|
5677 0240 53 54 52 50 3C 2F 54 70 3E 3C 43 72 65 44 74 54 |STRP</Tp><CreDtT|
5678 0250 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 32 3A |m>2013-08-23T22:|
5679 0260 34 35 3A 30 31 2E 38 36 2B 30 32 3A 30 30 3C 2F |45:01.86+02:00</|
5680 0270 43 72 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E |CreDtTm></Id><Cn|
5681 0280 74 74 3E 3C 50 4F 49 43 70 62 6C 74 69 65 73 3E |tt><POICpblties>|
5682 0290 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |<CardRdngCpbltie|
5683 02A0 73 3E 43 49 43 43 3C 2F 43 61 72 64 52 64 6E 67 |s>CICC</CardRdng|
5684 02B0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
5685 02C0 6E 67 43 70 62 6C 74 69 65 73 3E 4D 47 53 54 3C |ngCpblties>MGST<|
5686 02D0 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
5687 02E0 73 3E 3C 2F 50 4F 49 43 70 62 6C 74 69 65 73 3E |s></POICpblties>|

9 Message Examples Page 212


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5688 02F0 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 53 45 |<POICmpnt><Tp>SE|


5689 0300 52 56 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E |RV</Tp><Id><ItmN|
5690 0310 62 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |b>1</ItmNb><Prvd|
5691 0320 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 |rId>EPASVendor00|
5692 0330 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E |1</PrvdrId></Id>|
5693 0340 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
5694 0350 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 |mpnt><Tp>TERM</T|
5695 0360 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
5696 0370 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
5697 0380 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
5698 0390 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F 75 6E |PrvdrId><Id>Coun|
5699 03A0 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 64 3E |ter Top E41</Id>|
5700 03B0 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 37 35 |<SrlNb>782541075|
5701 03C0 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F |9</SrlNb></Id></|
5702 03D0 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 |POICmpnt><POICmp|
5703 03E0 6E 74 3E 3C 54 70 3E 44 56 43 45 3C 2F 54 70 3E |nt><Tp>DVCE</Tp>|
5704 03F0 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 |<Id><ItmNb>1.1.1|
5705 0400 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
5706 0410 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
5707 0420 50 72 76 64 72 49 64 3E 3C 49 64 3E 50 49 4E 20 |PrvdrId><Id>PIN |
5708 0430 50 61 64 20 54 32 35 3C 2F 49 64 3E 3C 53 72 6C |Pad T25</Id><Srl|
5709 0440 4E 62 3E 31 38 32 35 34 31 30 37 35 39 3C 2F 53 |Nb>1825410759</S|
5710 0450 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 |rlNb></Id></POIC|
5711 0460 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
5712 0470 54 70 3E 45 4D 56 4B 3C 2F 54 70 3E 3C 49 64 3E |Tp>EMVK</Tp><Id>|
5713 0480 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 2E 31 3C 2F |<ItmNb>1.1.1.1</|
5714 0490 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 |ItmNb><PrvdrId>E|
5715 04A0 50 41 53 56 65 6E 64 6F 72 30 30 33 3C 2F 50 72 |PASVendor003</Pr|
5716 04B0 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E |vdrId></Id><Sts>|
5717 04C0 3C 56 72 73 6E 4E 62 3E 37 2E 31 3C 2F 56 72 73 |<VrsnNb>7.1</Vrs|
5718 04D0 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 43 |nNb></Sts></POIC|
5719 04E0 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
5720 04F0 54 70 3E 41 50 4C 49 3C 2F 54 70 3E 3C 49 64 3E |Tp>APLI</Tp><Id>|
5721 0500 3C 49 74 6D 4E 62 3E 31 2E 31 2E 32 3C 2F 49 74 |<ItmNb>1.1.2</It|
5722 0510 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
5723 0520 53 56 65 6E 64 6F 72 30 30 32 3C 2F 50 72 76 64 |SVendor002</Prvd|
5724 0530 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 |rId></Id><Sts><V|
5725 0540 72 73 6E 4E 62 3E 31 2E 30 3C 2F 56 72 73 6E 4E |rsnNb>1.0</VrsnN|
5726 0550 62 3E 3C 2F 53 74 73 3E 3C 53 74 64 43 6D 70 6C |b></Sts><StdCmpl|
5727 0560 63 3E 3C 49 64 3E 53 45 50 41 2D 46 41 53 54 3C |c><Id>SEPA-FAST<|
5728 0570 2F 49 64 3E 3C 56 72 73 6E 3E 33 2E 30 3C 2F 56 |/Id><Vrsn>3.0</V|
5729 0580 72 73 6E 3E 3C 49 73 73 72 3E 43 49 52 3C 2F 49 |rsn><Issr>CIR</I|
5730 0590 73 73 72 3E 3C 2F 53 74 64 43 6D 70 6C 63 3E 3C |ssr></StdCmplc><|
5731 05A0 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D |/POICmpnt><POICm|
5732 05B0 70 6E 74 3E 3C 54 70 3E 41 50 50 52 3C 2F 54 70 |pnt><Tp>APPR</Tp|
5733 05C0 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E |><Id><ItmNb>1.1.|
5734 05D0 32 2E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |2.1</ItmNb><Prvd|
5735 05E0 72 49 64 3E 45 50 41 53 41 63 71 75 69 72 65 72 |rId>EPASAcquirer|
5736 05F0 30 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 |01</PrvdrId></Id|
5737 0600 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 32 30 |><Sts><VrsnNb>20|
5738 0610 31 31 30 38 30 37 31 34 33 35 30 30 3C 2F 56 72 |110807143500</Vr|
5739 0620 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 |snNb></Sts></POI|
5740 0630 43 6D 70 6E 74 3E 3C 41 74 74 6E 64 6E 63 43 6E |Cmpnt><AttndncCn|
5741 0640 74 78 74 3E 41 54 54 44 3C 2F 41 74 74 6E 64 6E |txt>ATTD</Attndn|

9 Message Examples Page 213


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5742 0650 63 43 6E 74 78 74 3E 3C 50 4F 49 44 74 54 6D 3E |cCntxt><POIDtTm>|


5743 0660 32 30 31 33 2D 30 38 2D 32 33 54 31 35 3A 31 36 |2013-08-23T15:16|
5744 0670 3A 30 38 2E 31 33 2B 30 32 3A 30 30 3C 2F 50 4F |:08.13+02:00</PO|
5745 0680 49 44 74 54 6D 3E 3C 44 61 74 61 53 65 74 52 65 |IDtTm><DataSetRe|
5746 0690 71 72 64 3E 3C 49 64 3E 3C 54 70 3E 41 51 50 52 |qrd><Id><Tp>AQPR|
5747 06A0 3C 2F 54 70 3E 3C 56 72 73 6E 3E 32 30 31 33 30 |</Tp><Vrsn>20130|
5748 06B0 38 32 32 31 38 31 39 30 30 3C 2F 56 72 73 6E 3E |822181900</Vrsn>|
5749 06C0 3C 2F 49 64 3E 3C 2F 44 61 74 61 53 65 74 52 65 |</Id></DataSetRe|
5750 06D0 71 72 64 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 |qrd></Cntt></Dat|
5751 06E0 61 53 65 74 3E 3C 2F 53 74 73 52 70 74 3E 3C 53 |aSet></StsRpt><S|
5752 06F0 63 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 70 3E |ctyTrlr><CnttTp>|
5753 0700 41 55 54 48 3C 2F 43 6E 74 74 54 70 3E 3C 41 75 |AUTH</CnttTp><Au|
5754 0710 74 68 6E 74 63 64 44 61 74 61 3E 3C 52 63 70 74 |thntcdData><Rcpt|
5755 0720 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 64 3E 3C 4B 65 |><KEK><KEKId><Ke|
5756 0730 79 49 64 3E 53 70 65 63 56 31 54 65 73 74 4B 65 |yId>SpecV1TestKe|
5757 0740 79 3C 2F 4B 65 79 49 64 3E 3C 4B 65 79 56 72 73 |y</KeyId><KeyVrs|
5758 0750 6E 3E 32 30 31 30 30 36 30 37 31 35 3C 2F 4B 65 |n>2010060715</Ke|
5759 0760 79 56 72 73 6E 3E 3C 44 65 72 69 76 74 6E 49 64 |yVrsn><DerivtnId|
5760 0770 3E 4F 59 63 6C 70 51 45 3D 3C 2F 44 65 72 69 76 |>OYclpQE=</Deriv|
5761 0780 74 6E 49 64 3E 3C 2F 4B 45 4B 49 64 3E 3C 4B 65 |tnId></KEKId><Ke|
5762 0790 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 41 6C 67 |yNcrptnAlgo><Alg|
5763 07A0 6F 3E 44 4B 50 39 3C 2F 41 6C 67 6F 3E 3C 2F 4B |o>DKP9</Algo></K|
5764 07B0 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 4E 63 |eyNcrptnAlgo><Nc|
5765 07C0 72 70 74 64 4B 65 79 3E 34 70 41 67 41 42 63 3D |rptdKey>4pAgABc=|
5766 07D0 3C 2F 4E 63 72 70 74 64 4B 65 79 3E 3C 2F 4B 45 |</NcrptdKey></KE|
5767 07E0 4B 3E 3C 2F 52 63 70 74 3E 3C 4D 41 43 41 6C 67 |K></Rcpt><MACAlg|
5768 07F0 6F 3E 3C 41 6C 67 6F 3E 4D 43 43 53 3C 2F 41 6C |o><Algo>MCCS</Al|
5769 0800 67 6F 3E 3C 2F 4D 41 43 41 6C 67 6F 3E 3C 4E 63 |go></MACAlgo><Nc|
5770 0810 70 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 74 54 |psltdCntt><CnttT|
5771 0820 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 3E 3C |p>DATA</CnttTp><|
5772 0830 2F 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 4D 41 |/NcpsltdCntt><MA|
5773 0840 43 3E 76 7A 6A 75 38 75 79 55 6F 2F 73 3D 3C 2F |C>vzju8uyUo/s=</|
5774 0850 4D 41 43 3E 3C 2F 41 75 74 68 6E 74 63 64 44 61 |MAC></AuthntcdDa|
5775 0860 74 61 3E 3C 2F 53 63 74 79 54 72 6C 72 3E 3C 2F |ta></SctyTrlr></|
5776 0870 53 74 73 52 70 74 3E 3C 2F 44 6F 63 75 6D 65 6E |StsRpt></Documen|
5777 0880 74 3E |t> |
5778
5779

9 Message Examples Page 214


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5780 9.3.2 AcceptorConfigurationUpdate Message


5781
5782 The version of the acquirer parameters includes the Acquirer protocol parameters and the application
5783 parameters.
5784 The Acquirer is composed of two hosts identified by "AcquirerHost1" and "AcquirerHost2", the first one
5785 performing all messages, at the exception of the AcceptorReconciliationRequest being performed by
5786 "AcquirerHost2". The CancellationRequest is not part of the message list for the "AcquirerHost1" because
5787 the Reconciliation exchange initiates the clearing of the Acquirer.
5788 The Acquirer has the identification "12", and manages only one application identified "SEPA-FAST".
5789 The POI has the identification "66000001" for this Acquirer.
5790
5791 Online transactions realise the financial data capture with the online authorisation. A Completion advice is
5792 sent by the POI at the end of the transaction if the Acquirer requests it in the Authorisation response
5793 message.
5794 Offline transactions realise the financial data capture at the end of the transaction, sending a Completion
5795 advice immediately after the end of the transaction.
5796
5797 A Reconciliation exchange is initiated by the POI every day at 23h 35, with a maximum of 3 retries if the
5798 exchange fails, waiting 5 minutes between two attempts.
5799 Identification of the reconciliation period is performed by the POI, totals are exchanged per currency, the
5800 failed offline transactions are notified by a Completion advice, and the card data sent to the Acquirer must
5801 be protected.
5802
5803 The POI must send a RecipientParty message component in the message headers, but no traceability
5804 information. The Acquirer and Merchant identifications are required in the environment.
5805
5806 The configuration parameters of the application "SEPA-FAST" have the same version as the data set (the
5807 value provided in this example do not represent a complete configuration of the application).
5808
5809 The complete AcceptorConfigurationUpdate message is presented below:
5810
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 550
CreationDateTime 2013-08-23T22:45:02.31+02:00
InitiatingParty
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
AcceptorConfiguration

9 Message Examples Page 215


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type AcquirerParameters
Version 20130822181900
CreationDateTime 2013-08-23T22:45:02.31+02:00
POIIdentification
Identification 66000001
Type OriginationgPOI
Content
AcquirerProtocolParameters
ActionType Create
AcquirerIdentification
Identification 12
Issuer Acquirer
Version 123e4567-e89b-12d3-a456-426655440000
ApplicationIdentification SEPA-FAST
Host
HostIdentification AcquirerHost1
MessageTosend FinancialAuthorisationRequest
MessageTosend FinancialCompletionAdvice
MessageTosend CompletionAdvice
MessageTosend FinancialReversalAdvice
MessageTosend CancellationAdvice
Host
HostIdentification AcquirerHost2
MessageTosend ReconciliationRequest
OnlineTransaction
FinancialCapture Authorisation
CompletionExchange
ExchangePolicy OnDemand
OfflineTransaction
FinancialCapture Completion
CompletionExchange
ExchangePolicy Immediately
ReconciliationExchange
ExchangePolicy Cyclic
Retry
Delay 5
MaximumNumber 3
TimeCondition
StartTime 2013-08-23T23:35:00
Period 10000

ReconciliationByAcquirer False
TotalsPerCurrency True
BatchTransferContent Failed
MessageItem

9 Message Examples Page 216


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

ItemIdentification Hdr/InitgPty/Id
Condition ConfiguredValue
Value 66000001
MessageItem
ItemIdentification Hdr/RcptPty
Condition Mandatory
MessageItem
ItemIdentification Hdr/RcptPty/Id
Condition ConfiguredValue
Value epas-acquirer-1
MessageItem
ItemIdentification Hdr/Tracblt
Condition NotSupported
MessageItem
ItemIdentification Envt/Acqrr/Id
Condition Mandatory
MessageItem
ItemIdentification Envt/Acqrr/Id/Id
Condition Mandatory
MessageItem
ItemIdentification Envt/Mrchnt/Id
Condition Mandatory
ProtectCardData True
ApplicationParameters
ActionType Create
ApplicationIdentification SEPA-FAST
Version 20130822181900
Parameters E01E9F1E088531029885310298DF1401
01DF150102DF160103DF3304656E6672
E1259F4005A00090F0019F330360A040
9F3501329F1A020250DF12024652DF13
02E000DF170101
HostCommunicationParameters
ActionType Create
HostIdentification AcquirerHost1
Address
Address
NetworkType InternetProtocol
AddressValue AcquirerHost1.Test.EPASOrg.eu:5001

HostCommunicationParameters
HostIdentification AcquirerHost2
ActionType Create
Address
Address
NetworkType InternetProtocol
AddressValue AcquirerHost2.Test.EPASOrg.eu:5002

SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData

9 Message Examples Page 217


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC D80D8B1257E8378A

5811
5812

9 Message Examples Page 218


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5813 The XML encoded AcceptorConfigurationUpdate message is presented below.


5814
5815 <?xml version="1.0" encoding="UTF-8"?>
5816 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5817 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.003.001.05">
5818 <AccptrCfgtnUpd>
5819 <Hdr>
5820 <DwnldTrf>true</DwnldTrf>
5821 <FrmtVrsn>5.0</FrmtVrsn>
5822 <XchgId>550</XchgId>
5823 <CreDtTm>2013-08-23T22:45:02.31+02:00</CreDtTm>
5824 <InitgPty>
5825 <Id>66000001</Id>
5826 <Tp>OPOI</Tp>
5827 <Issr>MTMG</Issr>
5828 </InitgPty>
5829 <RcptPty>
5830 <Id>epas-acquirer-TM1</Id>
5831 <Tp>MTMG</Tp>
5832 </RcptPty>
5833 </Hdr>
5834 <AccptrCfgtn>
5835 <TermnlMgrId>
5836 <Id>epas-acquirer-TM1</Id>
5837 <Tp>MTMG</Tp>
5838 </TermnlMgrId>
5839 <DataSet>
5840 <Id>
5841 <Tp>AQPR</Tp>
5842 <Vrsn>20130822181900</Vrsn>
5843 <CreDtTm>2011-08-23T22:45:02.31+02:00</CreDtTm>
5844 </Id>
5845 <POIId>
5846 <Id>66000001</Id>
5847 <Tp>OPOI</Tp>
5848 <Issr>ACQR</Issr>
5849 </POIId>
5850 <Cntt>
5851 <AcqrrPrtcolParams>
5852 <ActnTp>CREA</ActnTp>
5853 <AcqrrId>
5854 <Id>12</Id>
5855 <Tp>ACQR</Tp>
5856 </AcqrrId>
5857 <Vrsn>123e4567-e89b-12d3-a456-426655440000</Vrsn>
5858 <ApplId>SEPA-FAST</ApplId>
5859 <Hst>
5860 <HstId>AcquirerHost1</HstId>
5861 <MsgToSnd>FAUQ</MsgToSnd>
5862 <MsgToSnd>FCMV</MsgToSnd>
5863 <MsgToSnd>CMPV</MsgToSnd>
5864 <MsgToSnd>FRVA</MsgToSnd>
5865 <MsgToSnd>CCAV</MsgToSnd>
5866 </Hst>
5867 <Hst>
5868 <HstId>AcquirerHost2</HstId>
5869 <MsgToSnd>RCLQ</MsgToSnd>
5870 </Hst>
5871 <OnLineTx>
5872 <FinCaptr>AUTH</FinCaptr>
5873 <CmpltnXchg>
5874 <XchgPlcy>ONDM</XchgPlcy>
5875 </CmpltnXchg>
5876 </OnLineTx>
5877 <OffLineTx>
5878 <FinCaptr>COMP</FinCaptr>
5879 <CmpltnXchg>
5880 <XchgPlcy>IMMD</XchgPlcy>

9 Message Examples Page 219


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5881 </CmpltnXchg>
5882 </OffLineTx>
5883 <RcncltnXchg>
5884 <XchgPlcy>CYCL</XchgPlcy>
5885 <ReTry>
5886 <Dely>5</Dely>
5887 <MaxNb>3</MaxNb>
5888 </ReTry>
5889 <TmCond>
5890 <StartTm>2013-08-23T23:35:00</StartTm>
5891 <Prd>10000</Prd>
5892 </TmCond>
5893 </RcncltnXchg>
5894 <RcncltnByAcqrr>false</RcncltnByAcqrr>
5895 <TtlsPerCcy>true</TtlsPerCcy>
5896 <BtchTrfCntt>FAIL</BtchTrfCntt>
5897 <MsgItm>
5898 <ItmId>Hdr/InitgPty/Id</ItmId>
5899 <Cond>CFVL</Cond>
5900 <Val>66000001</Val>
5901 </MsgItm>
5902 <MsgItm>
5903 <ItmId>Hdr/InitgPty/Id</ItmId>
5904 <Cond>CFVL</Cond>
5905 <Val>66000001</Val>
5906 </MsgItm>
5907 <MsgItm>
5908 <ItmId>Hdr/RcptPty</ItmId>
5909 <Cond>MNDT</Cond>
5910 </MsgItm>
5911 <MsgItm>
5912 <ItmId>Hdr/RcptPty/Id</ItmId>
5913 <Cond>CFVL</Cond>
5914 <Val>epas-acquirer-1</Val>
5915 </MsgItm>
5916 <MsgItm>
5917 <ItmId>Hdr/Tracblt</ItmId>
5918 <Cond>UNSP</Cond>
5919 </MsgItm>
5920 <MsgItm>
5921 <ItmId>Envt/Acqrr/Id</ItmId>
5922 <Cond>MNDT</Cond>
5923 </MsgItm>
5924 <MsgItm>
5925 <ItmId>Envt/Acqrr/Id/Id</ItmId>
5926 <Cond>MNDT</Cond>
5927 </MsgItm>
5928 <MsgItm>
5929 <ItmId>Envt/Mrchnt/Id</ItmId>
5930 <Cond>MNDT</Cond>
5931 </MsgItm>
5932 <PrtctCardData>true</PrtctCardData>
5933 </AcqrrPrtcolParams>
5934 <ApplParams>
5935 <ActnTp>CREA</ActnTp>
5936 <ApplId>SEPA-FAST</ApplId>
5937 <Vrsn>20130822181900</Vrsn>
5938 <Params>
5939 4B6fHgiFMQKYhTECmN8UAQHfFQEC3xYBA98zBGVuZnLhJZ9A
5940 BaAAkPABnzMDYKBAnzUBMp8aAgJQ3xICRlLfEwLgAN8XAQE=
5941 </Params>
5942 </ApplParams>
5943 <HstComParams>
5944 <ActnTp>CREA</ActnTp>
5945 <HstId>AcquirerHost1</HstId>
5946 <Adr>
5947 <Adr>
5948 <NtwkTp>IPNW</NtwkTp>
5949 <AdrVal>AcquirerHost1.Test.EPASOrg.eu:5001</AdrVal>

9 Message Examples Page 220


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5950 </Adr>
5951 </Adr>
5952 </HstComParams>
5953 <HstComParams>
5954 <ActnTp>CREA</ActnTp>
5955 <HstId>AcquirerHost2</HstId>
5956 <Adr>
5957 <Adr>
5958 <NtwkTp>IPNW</NtwkTp>
5959 <AdrVal>AcquirerHost2.Test.EPASOrg.eu:5002</AdrVal>
5960 </Adr>
5961 </Adr>
5962 </HstComParams>
5963 </Cntt>
5964 </DataSet>
5965 </AccptrCfgtn>
5966 <SctyTrlr>
5967 <CnttTp>AUTH</CnttTp>
5968 <AuthntcdData>
5969 <Rcpt>
5970 <KEK>
5971 <KEKId>
5972 <KeyId>SpecV1TestKey</KeyId>
5973 <KeyVrsn>2010060715</KeyVrsn>
5974 <DerivtnId>OYclpQE=</DerivtnId>
5975 </KEKId>
5976 <KeyNcrptnAlgo>
5977 <Algo>DKP9</Algo>
5978 </KeyNcrptnAlgo>
5979 <NcrptdKey>4pAgABc=</NcrptdKey>
5980 </KEK>
5981 </Rcpt>
5982 <MACAlgo>
5983 <Algo>MCCS</Algo>
5984 </MACAlgo>
5985 <NcpsltdCntt>
5986 <CnttTp>DATA</CnttTp>
5987 </NcpsltdCntt>
5988 <MAC> 2A2LElfoN4o=</MAC>
5989 </AuthntcdData>
5990 </SctyTrlr>
5991 </AccptrCfgtnUpd>
5992 </Document>

5993
5994

9 Message Examples Page 221


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

5995 Once unnecessary spaces and carriage returns are removed, the message body AccptrCfgtn (without
5996 spaces or line breaks) is dumped below:
5997 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
5998 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
5999 0020 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
6000 0030 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
6001 0040 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
6002 0050 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|
6003 0060 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E 32 |AQPR</Tp><Vrsn>2|
6004 0070 30 31 33 30 38 32 32 31 38 31 39 30 30 3C 2F 56 |0130822181900</V|
6005 0080 72 73 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |rsn><CreDtTm>201|
6006 0090 31 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 |1-08-23T22:45:02|
6007 00A0 2E 33 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.31+02:00</CreDt|
6008 00B0 54 6D 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 3E 3C |Tm></Id><POIId><|
6009 00C0 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
6010 00D0 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
6011 00E0 73 72 3E 41 43 51 52 3C 2F 49 73 73 72 3E 3C 2F |sr>ACQR</Issr></|
6012 00F0 50 4F 49 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 71 |POIId><Cntt><Acq|
6013 0100 72 72 50 72 74 63 6F 6C 50 61 72 61 6D 73 3E 3C |rrPrtcolParams><|
6014 0110 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 74 |ActnTp>CREA</Act|
6015 0120 6E 54 70 3E 3C 41 63 71 72 72 49 64 3E 3C 49 64 |nTp><AcqrrId><Id|
6016 0130 3E 31 32 3C 2F 49 64 3E 3C 54 70 3E 41 43 51 52 |>12</Id><Tp>ACQR|
6017 0140 3C 2F 54 70 3E 3C 2F 41 63 71 72 72 49 64 3E 3C |</Tp></AcqrrId><|
6018 0150 56 72 73 6E 3E 31 32 33 65 34 35 36 37 2D 65 38 |Vrsn>123e4567-e8|
6019 0160 39 62 2D 31 32 64 33 2D 61 34 35 36 2D 34 32 36 |9b-12d3-a456-426|
6020 0170 36 35 35 34 34 30 30 30 30 3C 2F 56 72 73 6E 3E |655440000</Vrsn>|
6021 0180 3C 41 70 70 6C 49 64 3E 53 45 50 41 2D 46 41 53 |<ApplId>SEPA-FAS|
6022 0190 54 3C 2F 41 70 70 6C 49 64 3E 3C 48 73 74 3E 3C |T</ApplId><Hst><|
6023 01A0 48 73 74 49 64 3E 41 63 71 75 69 72 65 72 48 6F |HstId>AcquirerHo|
6024 01B0 73 74 31 3C 2F 48 73 74 49 64 3E 3C 4D 73 67 54 |st1</HstId><MsgT|
6025 01C0 6F 53 6E 64 3E 46 41 55 51 3C 2F 4D 73 67 54 6F |oSnd>FAUQ</MsgTo|
6026 01D0 53 6E 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E 46 43 |Snd><MsgToSnd>FC|
6027 01E0 4D 56 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C 4D 73 |MV</MsgToSnd><Ms|
6028 01F0 67 54 6F 53 6E 64 3E 43 4D 50 56 3C 2F 4D 73 67 |gToSnd>CMPV</Msg|
6029 0200 54 6F 53 6E 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E |ToSnd><MsgToSnd>|
6030 0210 46 52 56 41 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C |FRVA</MsgToSnd><|
6031 0220 4D 73 67 54 6F 53 6E 64 3E 43 43 41 56 3C 2F 4D |MsgToSnd>CCAV</M|
6032 0230 73 67 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 48 |sgToSnd></Hst><H|
6033 0240 73 74 3E 3C 48 73 74 49 64 3E 41 63 71 75 69 72 |st><HstId>Acquir|
6034 0250 65 72 48 6F 73 74 32 3C 2F 48 73 74 49 64 3E 3C |erHost2</HstId><|
6035 0260 4D 73 67 54 6F 53 6E 64 3E 52 43 4C 51 3C 2F 4D |MsgToSnd>RCLQ</M|
6036 0270 73 67 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 4F |sgToSnd></Hst><O|
6037 0280 6E 4C 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 74 |nLineTx><FinCapt|
6038 0290 72 3E 41 55 54 48 3C 2F 46 69 6E 43 61 70 74 72 |r>AUTH</FinCaptr|
6039 02A0 3E 3C 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 63 |><CmpltnXchg><Xc|
6040 02B0 68 67 50 6C 63 79 3E 4F 4E 44 4D 3C 2F 58 63 68 |hgPlcy>ONDM</Xch|
6041 02C0 67 50 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 63 |gPlcy></CmpltnXc|
6042 02D0 68 67 3E 3C 2F 4F 6E 4C 69 6E 65 54 78 3E 3C 4F |hg></OnLineTx><O|
6043 02E0 66 66 4C 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 |ffLineTx><FinCap|
6044 02F0 74 72 3E 43 4F 4D 50 3C 2F 46 69 6E 43 61 70 74 |tr>COMP</FinCapt|
6045 0300 72 3E 3C 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 |r><CmpltnXchg><X|
6046 0310 63 68 67 50 6C 63 79 3E 49 4D 4D 44 3C 2F 58 63 |chgPlcy>IMMD</Xc|
6047 0320 68 67 50 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 |hgPlcy></CmpltnX|

9 Message Examples Page 222


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6048 0330 63 68 67 3E 3C 2F 4F 66 66 4C 69 6E 65 54 78 3E |chg></OffLineTx>|


6049 0340 3C 52 63 6E 63 6C 74 6E 58 63 68 67 3E 3C 58 63 |<RcncltnXchg><Xc|
6050 0350 68 67 50 6C 63 79 3E 43 59 43 4C 3C 2F 58 63 68 |hgPlcy>CYCL</Xch|
6051 0360 67 50 6C 63 79 3E 3C 52 65 54 72 79 3E 3C 44 65 |gPlcy><ReTry><De|
6052 0370 6C 79 3E 35 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E |ly>5</Dely><MaxN|
6053 0380 62 3E 33 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 |b>3</MaxNb></ReT|
6054 0390 72 79 3E 3C 54 6D 43 6F 6E 64 3E 3C 53 74 61 72 |ry><TmCond><Star|
6055 03A0 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 |tTm>2013-08-23T2|
6056 03B0 33 3A 33 35 3A 30 30 3C 2F 53 74 61 72 74 54 6D |3:35:00</StartTm|
6057 03C0 3E 3C 50 72 64 3E 31 30 30 30 30 3C 2F 50 72 64 |><Prd>10000</Prd|
6058 03D0 3E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 52 63 6E 63 |></TmCond></Rcnc|
6059 03E0 6C 74 6E 58 63 68 67 3E 3C 52 63 6E 63 6C 74 6E |ltnXchg><Rcncltn|
6060 03F0 42 79 41 63 71 72 72 3E 66 61 6C 73 65 3C 2F 52 |ByAcqrr>false</R|
6061 0400 63 6E 63 6C 74 6E 42 79 41 63 71 72 72 3E 3C 54 |cncltnByAcqrr><T|
6062 0410 74 6C 73 50 65 72 43 63 79 3E 74 72 75 65 3C 2F |tlsPerCcy>true</|
6063 0420 54 74 6C 73 50 65 72 43 63 79 3E 3C 42 74 63 68 |TtlsPerCcy><Btch|
6064 0430 54 72 66 43 6E 74 74 3E 46 41 49 4C 3C 2F 42 74 |TrfCntt>FAIL</Bt|
6065 0440 63 68 54 72 66 43 6E 74 74 3E 3C 4D 73 67 49 74 |chTrfCntt><MsgIt|
6066 0450 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 2F 49 6E 69 |m><ItmId>Hdr/Ini|
6067 0460 74 67 50 74 79 2F 49 64 3C 2F 49 74 6D 49 64 3E |tgPty/Id</ItmId>|
6068 0470 3C 43 6F 6E 64 3E 43 46 56 4C 3C 2F 43 6F 6E 64 |<Cond>CFVL</Cond|
6069 0480 3E 3C 56 61 6C 3E 36 36 30 30 30 30 30 31 3C 2F |><Val>66000001</|
6070 0490 56 61 6C 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D 73 |Val></MsgItm><Ms|
6071 04A0 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 2F |gItm><ItmId>Hdr/|
6072 04B0 49 6E 69 74 67 50 74 79 2F 49 64 3C 2F 49 74 6D |InitgPty/Id</Itm|
6073 04C0 49 64 3E 3C 43 6F 6E 64 3E 43 46 56 4C 3C 2F 43 |Id><Cond>CFVL</C|
6074 04D0 6F 6E 64 3E 3C 56 61 6C 3E 36 36 30 30 30 30 30 |ond><Val>6600000|
6075 04E0 31 3C 2F 56 61 6C 3E 3C 2F 4D 73 67 49 74 6D 3E |1</Val></MsgItm>|
6076 04F0 3C 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 48 |<MsgItm><ItmId>H|
6077 0500 64 72 2F 52 63 70 74 50 74 79 3C 2F 49 74 6D 49 |dr/RcptPty</ItmI|
6078 0510 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C 2F 43 6F |d><Cond>MNDT</Co|
6079 0520 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D 73 67 |nd></MsgItm><Msg|
6080 0530 49 74 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 2F 52 |Itm><ItmId>Hdr/R|
6081 0540 63 70 74 50 74 79 2F 49 64 3C 2F 49 74 6D 49 64 |cptPty/Id</ItmId|
6082 0550 3E 3C 43 6F 6E 64 3E 43 46 56 4C 3C 2F 43 6F 6E |><Cond>CFVL</Con|
6083 0560 64 3E 3C 56 61 6C 3E 65 70 61 73 2D 61 63 71 75 |d><Val>epas-acqu|
6084 0570 69 72 65 72 2D 31 3C 2F 56 61 6C 3E 3C 2F 4D 73 |irer-1</Val></Ms|
6085 0580 67 49 74 6D 3E 3C 4D 73 67 49 74 6D 3E 3C 49 74 |gItm><MsgItm><It|
6086 0590 6D 49 64 3E 48 64 72 2F 54 72 61 63 62 6C 74 3C |mId>Hdr/Tracblt<|
6087 05A0 2F 49 74 6D 49 64 3E 3C 43 6F 6E 64 3E 55 4E 53 |/ItmId><Cond>UNS|
6088 05B0 50 3C 2F 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D |P</Cond></MsgItm|
6089 05C0 3E 3C 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E |><MsgItm><ItmId>|
6090 05D0 45 6E 76 74 2F 41 63 71 72 72 2F 49 64 3C 2F 49 |Envt/Acqrr/Id</I|
6091 05E0 74 6D 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C |tmId><Cond>MNDT<|
6092 05F0 2F 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C |/Cond></MsgItm><|
6093 0600 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 45 6E |MsgItm><ItmId>En|
6094 0610 76 74 2F 41 63 71 72 72 2F 49 64 2F 49 64 3C 2F |vt/Acqrr/Id/Id</|
6095 0620 49 74 6D 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 |ItmId><Cond>MNDT|
6096 0630 3C 2F 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E |</Cond></MsgItm>|
6097 0640 3C 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 45 |<MsgItm><ItmId>E|
6098 0650 6E 76 74 2F 4D 72 63 68 6E 74 2F 49 64 3C 2F 49 |nvt/Mrchnt/Id</I|
6099 0660 74 6D 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C |tmId><Cond>MNDT<|
6100 0670 2F 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C |/Cond></MsgItm><|
6101 0680 50 72 74 63 74 43 61 72 64 44 61 74 61 3E 74 72 |PrtctCardData>tr|

9 Message Examples Page 223


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6102 0690 75 65 3C 2F 50 72 74 63 74 43 61 72 64 44 61 74 |ue</PrtctCardDat|


6103 06A0 61 3E 3C 2F 41 63 71 72 72 50 72 74 63 6F 6C 50 |a></AcqrrPrtcolP|
6104 06B0 61 72 61 6D 73 3E 3C 41 70 70 6C 50 61 72 61 6D |arams><ApplParam|
6105 06C0 73 3E 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F |s><ActnTp>CREA</|
6106 06D0 41 63 74 6E 54 70 3E 3C 41 70 70 6C 49 64 3E 53 |ActnTp><ApplId>S|
6107 06E0 45 50 41 2D 46 41 53 54 3C 2F 41 70 70 6C 49 64 |EPA-FAST</ApplId|
6108 06F0 3E 3C 56 72 73 6E 3E 32 30 31 33 30 38 32 32 31 |><Vrsn>201308221|
6109 0700 38 31 39 30 30 3C 2F 56 72 73 6E 3E 3C 50 61 72 |81900</Vrsn><Par|
6110 0710 61 6D 73 3E 34 42 36 66 48 67 69 46 4D 51 4B 59 |ams>4B6fHgiFMQKY|
6111 0720 68 54 45 43 6D 4E 38 55 41 51 48 66 46 51 45 43 |hTECmN8UAQHfFQEC|
6112 0730 33 78 59 42 41 39 38 7A 42 47 56 75 5A 6E 4C 68 |3xYBA98zBGVuZnLh|
6113 0740 4A 5A 39 41 42 61 41 41 6B 50 41 42 6E 7A 4D 44 |JZ9ABaAAkPABnzMD|
6114 0750 59 4B 42 41 6E 7A 55 42 4D 70 38 61 41 67 4A 51 |YKBAnzUBMp8aAgJQ|
6115 0760 33 78 49 43 52 6C 4C 66 45 77 4C 67 41 4E 38 58 |3xICRlLfEwLgAN8X|
6116 0770 41 51 45 3D 3C 2F 50 61 72 61 6D 73 3E 3C 2F 41 |AQE=</Params></A|
6117 0780 70 70 6C 50 61 72 61 6D 73 3E 3C 48 73 74 43 6F |pplParams><HstCo|
6118 0790 6D 50 61 72 61 6D 73 3E 3C 41 63 74 6E 54 70 3E |mParams><ActnTp>|
6119 07A0 43 52 45 41 3C 2F 41 63 74 6E 54 70 3E 3C 48 73 |CREA</ActnTp><Hs|
6120 07B0 74 49 64 3E 41 63 71 75 69 72 65 72 48 6F 73 74 |tId>AcquirerHost|
6121 07C0 31 3C 2F 48 73 74 49 64 3E 3C 41 64 72 3E 3C 41 |1</HstId><Adr><A|
6122 07D0 64 72 3E 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C |dr><NtwkTp>IPNW<|
6123 07E0 2F 4E 74 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E |/NtwkTp><AdrVal>|
6124 07F0 41 63 71 75 69 72 65 72 48 6F 73 74 31 2E 54 65 |AcquirerHost1.Te|
6125 0800 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 3A 35 30 |st.EPASOrg.eu:50|
6126 0810 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 64 72 |01</AdrVal></Adr|
6127 0820 3E 3C 2F 41 64 72 3E 3C 2F 48 73 74 43 6F 6D 50 |></Adr></HstComP|
6128 0830 61 72 61 6D 73 3E 3C 48 73 74 43 6F 6D 50 61 72 |arams><HstComPar|
6129 0840 61 6D 73 3E 3C 41 63 74 6E 54 70 3E 43 52 45 41 |ams><ActnTp>CREA|
6130 0850 3C 2F 41 63 74 6E 54 70 3E 3C 48 73 74 49 64 3E |</ActnTp><HstId>|
6131 0860 41 63 71 75 69 72 65 72 48 6F 73 74 32 3C 2F 48 |AcquirerHost2</H|
6132 0870 73 74 49 64 3E 3C 41 64 72 3E 3C 41 64 72 3E 3C |stId><Adr><Adr><|
6133 0880 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 |NtwkTp>IPNW</Ntw|
6134 0890 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 41 63 71 75 |kTp><AdrVal>Acqu|
6135 08A0 69 72 65 72 48 6F 73 74 32 2E 54 65 73 74 2E 45 |irerHost2.Test.E|
6136 08B0 50 41 53 4F 72 67 2E 65 75 3A 35 30 30 32 3C 2F |PASOrg.eu:5002</|
6137 08C0 41 64 72 56 61 6C 3E 3C 2F 41 64 72 3E 3C 2F 41 |AdrVal></Adr></A|
6138 08D0 64 72 3E 3C 2F 48 73 74 43 6F 6D 50 61 72 61 6D |dr></HstComParam|
6139 08E0 73 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 |s></Cntt></DataS|
6140 08F0 65 74 3E 3C 2F 41 63 63 70 74 72 43 66 67 74 6E |et></AccptrCfgtn|
6141 0900 3E |> |
6142
6143 The SHA-256 digest of the message body AccptrCfgtn is:
6144 0000 4D A9 AE BD 35 7B 82 B3 83 FC 83 4F DF 81 71 88 |M...5{.....O..q.|
6145 0010 EA 0F DA F2 35 99 A1 8F E6 2D D0 6F C6 C5 AE 6D |....5....-.o...m|
6146
6147 After padding, the digest becomes:
6148 0000 4D A9 AE BD 35 7B 82 B3 83 FC 83 4F DF 81 71 88 |M...5{.....O..q.|
6149 0010 EA 0F DA F2 35 99 A1 8F E6 2D D0 6F C6 C5 AE 6D |....5....-.o...m|
6150 0020 80 00 00 00 00 00 00 00 |........ |
6151

9 Message Examples Page 224


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6152 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6153 we obtain the MAC of the AcceptorConfigurationUpdate D80D8B1257E8378A and after conversion in
6154 base64 " 2A2LElfoN4o= ".
6155 0000 B1 8F 6A C6 F1 AD 84 CC 77 5B 76 8A CF 36 6E 54 |..j.....w[v..6nT|
6156 0010 6B AB 51 AD 1E 77 7A 30 39 2F CB 22 C3 F7 11 46 |k.Q..wz09/."...F|
6157 0020 D8 0D 8B 12 57 E8 37 8A |....W.7. |
6158
6159
6160 The message sent by the transport protocol is:
6161 0000 00 00 0C 46 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | F<?xml versio|
6162 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6163 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6164 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
6165 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
6166 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
6167 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
6168 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
6169 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
6170 0090 63 61 74 6D 2E 30 30 33 2E 30 30 31 2E 30 35 22 |catm.003.001.05"|
6171 00A0 3E 3C 41 63 63 70 74 72 43 66 67 74 6E 55 70 64 |><AccptrCfgtnUpd|
6172 00B0 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 3E |><Hdr><DwnldTrf>|
6173 00C0 74 72 75 65 3C 2F 44 77 6E 6C 64 54 72 66 3E 3C |true</DwnldTrf><|
6174 00D0 46 72 6D 74 56 72 73 6E 3E 35 2E 30 3C 2F 46 72 |FrmtVrsn>5.0</Fr|
6175 00E0 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E 35 |mtVrsn><XchgId>5|
6176 00F0 35 30 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 44 |50</XchgId><CreD|
6177 0100 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 |tTm>2013-08-23T2|
6178 0110 32 3A 34 35 3A 30 32 2E 33 31 2B 30 32 3A 30 30 |2:45:02.31+02:00|
6179 0120 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 67 |</CreDtTm><Initg|
6180 0130 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 |Pty><Id>66000001|
6181 0140 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 |</Id><Tp>OPOI</T|
6182 0150 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 |p><Issr>MTMG</Is|
6183 0160 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C 52 |sr></InitgPty><R|
6184 0170 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 2D |cptPty><Id>epas-|
6185 0180 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 |acquirer-TM1</Id|
6186 0190 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F |><Tp>MTMG</Tp></|
6187 01A0 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C 41 |RcptPty></Hdr><A|
6188 01B0 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 72 6D |ccptrCfgtn><Term|
6189 01C0 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 |nlMgrId><Id>epas|
6190 01D0 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
6191 01E0 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
6192 01F0 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 |/TermnlMgrId><Da|
6193 0200 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E 41 51 |taSet><Id><Tp>AQ|
6194 0210 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E 32 30 31 |PR</Tp><Vrsn>201|
6195 0220 33 30 38 32 32 31 38 31 39 30 30 3C 2F 56 72 73 |30822181900</Vrs|
6196 0230 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 31 2D |n><CreDtTm>2011-|
6197 0240 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 2E 33 |08-23T22:45:02.3|
6198 0250 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |1+02:00</CreDtTm|
6199 0260 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 3E 3C 49 64 |></Id><POIId><Id|
6200 0270 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
6201 0280 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
6202 0290 3E 41 43 51 52 3C 2F 49 73 73 72 3E 3C 2F 50 4F |>ACQR</Issr></PO|
6203 02A0 49 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 71 72 72 |IId><Cntt><Acqrr|

9 Message Examples Page 225


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6204 02B0 50 72 74 63 6F 6C 50 61 72 61 6D 73 3E 3C 41 63 |PrtcolParams><Ac|


6205 02C0 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 74 6E 54 |tnTp>CREA</ActnT|
6206 02D0 70 3E 3C 41 63 71 72 72 49 64 3E 3C 49 64 3E 31 |p><AcqrrId><Id>1|
6207 02E0 32 3C 2F 49 64 3E 3C 54 70 3E 41 43 51 52 3C 2F |2</Id><Tp>ACQR</|
6208 02F0 54 70 3E 3C 2F 41 63 71 72 72 49 64 3E 3C 56 72 |Tp></AcqrrId><Vr|
6209 0300 73 6E 3E 31 32 33 65 34 35 36 37 2D 65 38 39 62 |sn>123e4567-e89b|
6210 0310 2D 31 32 64 33 2D 61 34 35 36 2D 34 32 36 36 35 |-12d3-a456-42665|
6211 0320 35 34 34 30 30 30 30 3C 2F 56 72 73 6E 3E 3C 41 |5440000</Vrsn><A|
6212 0330 70 70 6C 49 64 3E 53 45 50 41 2D 46 41 53 54 3C |pplId>SEPA-FAST<|
6213 0340 2F 41 70 70 6C 49 64 3E 3C 48 73 74 3E 3C 48 73 |/ApplId><Hst><Hs|
6214 0350 74 49 64 3E 41 63 71 75 69 72 65 72 48 6F 73 74 |tId>AcquirerHost|
6215 0360 31 3C 2F 48 73 74 49 64 3E 3C 4D 73 67 54 6F 53 |1</HstId><MsgToS|
6216 0370 6E 64 3E 46 41 55 51 3C 2F 4D 73 67 54 6F 53 6E |nd>FAUQ</MsgToSn|
6217 0380 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E 46 43 4D 56 |d><MsgToSnd>FCMV|
6218 0390 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C 4D 73 67 54 |</MsgToSnd><MsgT|
6219 03A0 6F 53 6E 64 3E 43 4D 50 56 3C 2F 4D 73 67 54 6F |oSnd>CMPV</MsgTo|
6220 03B0 53 6E 64 3E 3C 4D 73 67 54 6F 53 6E 64 3E 46 52 |Snd><MsgToSnd>FR|
6221 03C0 56 41 3C 2F 4D 73 67 54 6F 53 6E 64 3E 3C 4D 73 |VA</MsgToSnd><Ms|
6222 03D0 67 54 6F 53 6E 64 3E 43 43 41 56 3C 2F 4D 73 67 |gToSnd>CCAV</Msg|
6223 03E0 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 48 73 74 |ToSnd></Hst><Hst|
6224 03F0 3E 3C 48 73 74 49 64 3E 41 63 71 75 69 72 65 72 |><HstId>Acquirer|
6225 0400 48 6F 73 74 32 3C 2F 48 73 74 49 64 3E 3C 4D 73 |Host2</HstId><Ms|
6226 0410 67 54 6F 53 6E 64 3E 52 43 4C 51 3C 2F 4D 73 67 |gToSnd>RCLQ</Msg|
6227 0420 54 6F 53 6E 64 3E 3C 2F 48 73 74 3E 3C 4F 6E 4C |ToSnd></Hst><OnL|
6228 0430 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 74 72 3E |ineTx><FinCaptr>|
6229 0440 41 55 54 48 3C 2F 46 69 6E 43 61 70 74 72 3E 3C |AUTH</FinCaptr><|
6230 0450 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 63 68 67 |CmpltnXchg><Xchg|
6231 0460 50 6C 63 79 3E 4F 4E 44 4D 3C 2F 58 63 68 67 50 |Plcy>ONDM</XchgP|
6232 0470 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 63 68 67 |lcy></CmpltnXchg|
6233 0480 3E 3C 2F 4F 6E 4C 69 6E 65 54 78 3E 3C 4F 66 66 |></OnLineTx><Off|
6234 0490 4C 69 6E 65 54 78 3E 3C 46 69 6E 43 61 70 74 72 |LineTx><FinCaptr|
6235 04A0 3E 43 4F 4D 50 3C 2F 46 69 6E 43 61 70 74 72 3E |>COMP</FinCaptr>|
6236 04B0 3C 43 6D 70 6C 74 6E 58 63 68 67 3E 3C 58 63 68 |<CmpltnXchg><Xch|
6237 04C0 67 50 6C 63 79 3E 49 4D 4D 44 3C 2F 58 63 68 67 |gPlcy>IMMD</Xchg|
6238 04D0 50 6C 63 79 3E 3C 2F 43 6D 70 6C 74 6E 58 63 68 |Plcy></CmpltnXch|
6239 04E0 67 3E 3C 2F 4F 66 66 4C 69 6E 65 54 78 3E 3C 52 |g></OffLineTx><R|
6240 04F0 63 6E 63 6C 74 6E 58 63 68 67 3E 3C 58 63 68 67 |cncltnXchg><Xchg|
6241 0500 50 6C 63 79 3E 43 59 43 4C 3C 2F 58 63 68 67 50 |Plcy>CYCL</XchgP|
6242 0510 6C 63 79 3E 3C 52 65 54 72 79 3E 3C 44 65 6C 79 |lcy><ReTry><Dely|
6243 0520 3E 35 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E 62 3E |>5</Dely><MaxNb>|
6244 0530 33 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 72 79 |3</MaxNb></ReTry|
6245 0540 3E 3C 54 6D 43 6F 6E 64 3E 3C 53 74 61 72 74 54 |><TmCond><StartT|
6246 0550 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 33 3A |m>2013-08-23T23:|
6247 0560 33 35 3A 30 30 3C 2F 53 74 61 72 74 54 6D 3E 3C |35:00</StartTm><|
6248 0570 50 72 64 3E 31 30 30 30 30 3C 2F 50 72 64 3E 3C |Prd>10000</Prd><|
6249 0580 2F 54 6D 43 6F 6E 64 3E 3C 2F 52 63 6E 63 6C 74 |/TmCond></Rcnclt|
6250 0590 6E 58 63 68 67 3E 3C 52 63 6E 63 6C 74 6E 42 79 |nXchg><RcncltnBy|
6251 05A0 41 63 71 72 72 3E 66 61 6C 73 65 3C 2F 52 63 6E |Acqrr>false</Rcn|
6252 05B0 63 6C 74 6E 42 79 41 63 71 72 72 3E 3C 54 74 6C |cltnByAcqrr><Ttl|
6253 05C0 73 50 65 72 43 63 79 3E 74 72 75 65 3C 2F 54 74 |sPerCcy>true</Tt|
6254 05D0 6C 73 50 65 72 43 63 79 3E 3C 42 74 63 68 54 72 |lsPerCcy><BtchTr|
6255 05E0 66 43 6E 74 74 3E 46 41 49 4C 3C 2F 42 74 63 68 |fCntt>FAIL</Btch|
6256 05F0 54 72 66 43 6E 74 74 3E 3C 4D 73 67 49 74 6D 3E |TrfCntt><MsgItm>|
6257 0600 3C 49 74 6D 49 64 3E 48 64 72 2F 49 6E 69 74 67 |<ItmId>Hdr/Initg|

9 Message Examples Page 226


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6258 0610 50 74 79 2F 49 64 3C 2F 49 74 6D 49 64 3E 3C 43 |Pty/Id</ItmId><C|


6259 0620 6F 6E 64 3E 43 46 56 4C 3C 2F 43 6F 6E 64 3E 3C |ond>CFVL</Cond><|
6260 0630 56 61 6C 3E 36 36 30 30 30 30 30 31 3C 2F 56 61 |Val>66000001</Va|
6261 0640 6C 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D 73 67 49 |l></MsgItm><MsgI|
6262 0650 74 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 2F 49 6E |tm><ItmId>Hdr/In|
6263 0660 69 74 67 50 74 79 2F 49 64 3C 2F 49 74 6D 49 64 |itgPty/Id</ItmId|
6264 0670 3E 3C 43 6F 6E 64 3E 43 46 56 4C 3C 2F 43 6F 6E |><Cond>CFVL</Con|
6265 0680 64 3E 3C 56 61 6C 3E 36 36 30 30 30 30 30 31 3C |d><Val>66000001<|
6266 0690 2F 56 61 6C 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D |/Val></MsgItm><M|
6267 06A0 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 |sgItm><ItmId>Hdr|
6268 06B0 2F 52 63 70 74 50 74 79 3C 2F 49 74 6D 49 64 3E |/RcptPty</ItmId>|
6269 06C0 3C 43 6F 6E 64 3E 4D 4E 44 54 3C 2F 43 6F 6E 64 |<Cond>MNDT</Cond|
6270 06D0 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D 73 67 49 74 |></MsgItm><MsgIt|
6271 06E0 6D 3E 3C 49 74 6D 49 64 3E 48 64 72 2F 52 63 70 |m><ItmId>Hdr/Rcp|
6272 06F0 74 50 74 79 2F 49 64 3C 2F 49 74 6D 49 64 3E 3C |tPty/Id</ItmId><|
6273 0700 43 6F 6E 64 3E 43 46 56 4C 3C 2F 43 6F 6E 64 3E |Cond>CFVL</Cond>|
6274 0710 3C 56 61 6C 3E 65 70 61 73 2D 61 63 71 75 69 72 |<Val>epas-acquir|
6275 0720 65 72 2D 31 3C 2F 56 61 6C 3E 3C 2F 4D 73 67 49 |er-1</Val></MsgI|
6276 0730 74 6D 3E 3C 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 |tm><MsgItm><ItmI|
6277 0740 64 3E 48 64 72 2F 54 72 61 63 62 6C 74 3C 2F 49 |d>Hdr/Tracblt</I|
6278 0750 74 6D 49 64 3E 3C 43 6F 6E 64 3E 55 4E 53 50 3C |tmId><Cond>UNSP<|
6279 0760 2F 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C |/Cond></MsgItm><|
6280 0770 4D 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 45 6E |MsgItm><ItmId>En|
6281 0780 76 74 2F 41 63 71 72 72 2F 49 64 3C 2F 49 74 6D |vt/Acqrr/Id</Itm|
6282 0790 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C 2F 43 |Id><Cond>MNDT</C|
6283 07A0 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D 73 |ond></MsgItm><Ms|
6284 07B0 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 45 6E 76 74 |gItm><ItmId>Envt|
6285 07C0 2F 41 63 71 72 72 2F 49 64 2F 49 64 3C 2F 49 74 |/Acqrr/Id/Id</It|
6286 07D0 6D 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C 2F |mId><Cond>MNDT</|
6287 07E0 43 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 4D |Cond></MsgItm><M|
6288 07F0 73 67 49 74 6D 3E 3C 49 74 6D 49 64 3E 45 6E 76 |sgItm><ItmId>Env|
6289 0800 74 2F 4D 72 63 68 6E 74 2F 49 64 3C 2F 49 74 6D |t/Mrchnt/Id</Itm|
6290 0810 49 64 3E 3C 43 6F 6E 64 3E 4D 4E 44 54 3C 2F 43 |Id><Cond>MNDT</C|
6291 0820 6F 6E 64 3E 3C 2F 4D 73 67 49 74 6D 3E 3C 50 72 |ond></MsgItm><Pr|
6292 0830 74 63 74 43 61 72 64 44 61 74 61 3E 74 72 75 65 |tctCardData>true|
6293 0840 3C 2F 50 72 74 63 74 43 61 72 64 44 61 74 61 3E |</PrtctCardData>|
6294 0850 3C 2F 41 63 71 72 72 50 72 74 63 6F 6C 50 61 72 |</AcqrrPrtcolPar|
6295 0860 61 6D 73 3E 3C 41 70 70 6C 50 61 72 61 6D 73 3E |ams><ApplParams>|
6296 0870 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 |<ActnTp>CREA</Ac|
6297 0880 74 6E 54 70 3E 3C 41 70 70 6C 49 64 3E 53 45 50 |tnTp><ApplId>SEP|
6298 0890 41 2D 46 41 53 54 3C 2F 41 70 70 6C 49 64 3E 3C |A-FAST</ApplId><|
6299 08A0 56 72 73 6E 3E 32 30 31 33 30 38 32 32 31 38 31 |Vrsn>20130822181|
6300 08B0 39 30 30 3C 2F 56 72 73 6E 3E 3C 50 61 72 61 6D |900</Vrsn><Param|
6301 08C0 73 3E 34 42 36 66 48 67 69 46 4D 51 4B 59 68 54 |s>4B6fHgiFMQKYhT|
6302 08D0 45 43 6D 4E 38 55 41 51 48 66 46 51 45 43 33 78 |ECmN8UAQHfFQEC3x|
6303 08E0 59 42 41 39 38 7A 42 47 56 75 5A 6E 4C 68 4A 5A |YBA98zBGVuZnLhJZ|
6304 08F0 39 41 42 61 41 41 6B 50 41 42 6E 7A 4D 44 59 4B |9ABaAAkPABnzMDYK|
6305 0900 42 41 6E 7A 55 42 4D 70 38 61 41 67 4A 51 33 78 |BAnzUBMp8aAgJQ3x|
6306 0910 49 43 52 6C 4C 66 45 77 4C 67 41 4E 38 58 41 51 |ICRlLfEwLgAN8XAQ|
6307 0920 45 3D 3C 2F 50 61 72 61 6D 73 3E 3C 2F 41 70 70 |E=</Params></App|
6308 0930 6C 50 61 72 61 6D 73 3E 3C 48 73 74 43 6F 6D 50 |lParams><HstComP|
6309 0940 61 72 61 6D 73 3E 3C 41 63 74 6E 54 70 3E 43 52 |arams><ActnTp>CR|
6310 0950 45 41 3C 2F 41 63 74 6E 54 70 3E 3C 48 73 74 49 |EA</ActnTp><HstI|
6311 0960 64 3E 41 63 71 75 69 72 65 72 48 6F 73 74 31 3C |d>AcquirerHost1<|

9 Message Examples Page 227


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6312 0970 2F 48 73 74 49 64 3E 3C 41 64 72 3E 3C 41 64 72 |/HstId><Adr><Adr|


6313 0980 3E 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E |><NtwkTp>IPNW</N|
6314 0990 74 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 41 63 |twkTp><AdrVal>Ac|
6315 09A0 71 75 69 72 65 72 48 6F 73 74 31 2E 54 65 73 74 |quirerHost1.Test|
6316 09B0 2E 45 50 41 53 4F 72 67 2E 65 75 3A 35 30 30 31 |.EPASOrg.eu:5001|
6317 09C0 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 64 72 3E 3C |</AdrVal></Adr><|
6318 09D0 2F 41 64 72 3E 3C 2F 48 73 74 43 6F 6D 50 61 72 |/Adr></HstComPar|
6319 09E0 61 6D 73 3E 3C 48 73 74 43 6F 6D 50 61 72 61 6D |ams><HstComParam|
6320 09F0 73 3E 3C 41 63 74 6E 54 70 3E 43 52 45 41 3C 2F |s><ActnTp>CREA</|
6321 0A00 41 63 74 6E 54 70 3E 3C 48 73 74 49 64 3E 41 63 |ActnTp><HstId>Ac|
6322 0A10 71 75 69 72 65 72 48 6F 73 74 32 3C 2F 48 73 74 |quirerHost2</Hst|
6323 0A20 49 64 3E 3C 41 64 72 3E 3C 41 64 72 3E 3C 4E 74 |Id><Adr><Adr><Nt|
6324 0A30 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 6B 54 |wkTp>IPNW</NtwkT|
6325 0A40 70 3E 3C 41 64 72 56 61 6C 3E 41 63 71 75 69 72 |p><AdrVal>Acquir|
6326 0A50 65 72 48 6F 73 74 32 2E 54 65 73 74 2E 45 50 41 |erHost2.Test.EPA|
6327 0A60 53 4F 72 67 2E 65 75 3A 35 30 30 32 3C 2F 41 64 |SOrg.eu:5002</Ad|
6328 0A70 72 56 61 6C 3E 3C 2F 41 64 72 3E 3C 2F 41 64 72 |rVal></Adr></Adr|
6329 0A80 3E 3C 2F 48 73 74 43 6F 6D 50 61 72 61 6D 73 3E |></HstComParams>|
6330 0A90 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 |</Cntt></DataSet|
6331 0AA0 3E 3C 2F 41 63 63 70 74 72 43 66 67 74 6E 3E 3C |></AccptrCfgtn><|
6332 0AB0 53 63 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 70 |SctyTrlr><CnttTp|
6333 0AC0 3E 41 55 54 48 3C 2F 43 6E 74 74 54 70 3E 3C 41 |>AUTH</CnttTp><A|
6334 0AD0 75 74 68 6E 74 63 64 44 61 74 61 3E 3C 52 63 70 |uthntcdData><Rcp|
6335 0AE0 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 64 3E 3C 4B |t><KEK><KEKId><K|
6336 0AF0 65 79 49 64 3E 53 70 65 63 56 31 54 65 73 74 4B |eyId>SpecV1TestK|
6337 0B00 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B 65 79 56 72 |ey</KeyId><KeyVr|
6338 0B10 73 6E 3E 32 30 31 30 30 36 30 37 31 35 3C 2F 4B |sn>2010060715</K|
6339 0B20 65 79 56 72 73 6E 3E 3C 44 65 72 69 76 74 6E 49 |eyVrsn><DerivtnI|
6340 0B30 64 3E 4F 59 63 6C 70 51 45 3D 3C 2F 44 65 72 69 |d>OYclpQE=</Deri|
6341 0B40 76 74 6E 49 64 3E 3C 2F 4B 45 4B 49 64 3E 3C 4B |vtnId></KEKId><K|
6342 0B50 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 41 6C |eyNcrptnAlgo><Al|
6343 0B60 67 6F 3E 44 4B 50 39 3C 2F 41 6C 67 6F 3E 3C 2F |go>DKP9</Algo></|
6344 0B70 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 4E |KeyNcrptnAlgo><N|
6345 0B80 63 72 70 74 64 4B 65 79 3E 34 70 41 67 41 42 63 |crptdKey>4pAgABc|
6346 0B90 3D 3C 2F 4E 63 72 70 74 64 4B 65 79 3E 3C 2F 4B |=</NcrptdKey></K|
6347 0BA0 45 4B 3E 3C 2F 52 63 70 74 3E 3C 4D 41 43 41 6C |EK></Rcpt><MACAl|
6348 0BB0 67 6F 3E 3C 41 6C 67 6F 3E 4D 43 43 53 3C 2F 41 |go><Algo>MCCS</A|
6349 0BC0 6C 67 6F 3E 3C 2F 4D 41 43 41 6C 67 6F 3E 3C 4E |lgo></MACAlgo><N|
6350 0BD0 63 70 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 74 |cpsltdCntt><Cntt|
6351 0BE0 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 3E |Tp>DATA</CnttTp>|
6352 0BF0 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 4D |</NcpsltdCntt><M|
6353 0C00 41 43 3E 32 41 32 4C 45 6C 66 6F 4E 34 6F 3D 3C |AC>2A2LElfoN4o=<|
6354 0C10 2F 4D 41 43 3E 3C 2F 41 75 74 68 6E 74 63 64 44 |/MAC></AuthntcdD|
6355 0C20 61 74 61 3E 3C 2F 53 63 74 79 54 72 6C 72 3E 3C |ata></SctyTrlr><|
6356 0C30 2F 41 63 63 70 74 72 43 66 67 74 6E 55 70 64 3E |/AccptrCfgtnUpd>|
6357 0C40 3C 2F 44 6F 63 75 6D 65 6E 74 3E |</Document> |
6358
6359
6360

9 Message Examples Page 228


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6361 9.4 Maintenance Report

6362 9.4.1 StatusReport Message


6363
6364 After the successfull downloading of the AcceptorConfigurationUpdate, the next action of the
6365 management plan is the download of a new management plan, to be performed just after the previous
6366 action (StartTime absent, WaitingTime="0").
6367 The StatusReport to request the management plan includes the status of the previous maintenance
6368 action, and notifies the new version of the parameters:
6369
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 551
CreationDateTime 2013-08-23T22:45:02.07+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
StatusReport
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type StatusReport
CreationDateTime 2013-08-23T22:45:02.07+02:00
Content
POICapabilities
CardReadingCapabilities ICC
CardReadingCapabilities MagneticStripe
POIComponent
Type Server
Identification
ItemNumber 1
ProviderIdentification EPASVendor001
POIComponent
Type Terminal
Identification
ItemNumber 1.1
ProviderIdentification EPASVendor001
Model Counter Top E41
SerialNumber 7825410759

9 Message Examples Page 229


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

POIComponent
Type Device
Identification
ItemNumber 1.1.1
ProviderIdentification EPASVendor001
Model PIN Pad T25
SerialNumber 1825410759
POIComponent
Type EMVKernel
Identification
ItemNumber 1.1.1.1
ProviderIdentification EPASVendor003
Status
VersionNumber 7.1
POIComponent
Type PaymentApplication
Identification
ItemNumber 1.1.2
ProviderIdentification EPASVendor002
Status
VersionNumber 1.51
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
POIComponent
Type ApplicationParameters
Identification
ItemNumber 1.1.2.1
ProviderIdentification EPASAcquirer01
Status
VersionNumber 20130822181900
Compliance
Identification SEPA-FAST
VersionNumber 3.0
Issuer CIR
AttendanceContext Attended
POIDateTime 2013-08-23T22:45:02.07+02:00
DataSetRequired
Identification
Type ManagementPlan
Event
TimeStamp 2011-08-23T22:45:02.03+02:00
Result Success
ActionIdentification
ActionType Download
DataSetIdentification
Type AcquirerParameters
Version 20130822181900
CreationDateTime 2013-08-23T22:45:02.31+02:00
SecurityTrailer
ContentType AuthenticatedData

9 Message Examples Page 230


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC E9C98FA226CA1E4A

6370
6371

9 Message Examples Page 231


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6372 The XML encoded StatusReport message is presented below.


6373
6374 <?xml version="1.0" encoding="UTF-8"?>
6375 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6376 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05">
6377 <StsRpt>
6378 <Hdr>
6379 <DwnldTrf>false</DwnldTrf>
6380 <FrmtVrsn>5.0</FrmtVrsn>
6381 <XchgId>551</XchgId>
6382 <CreDtTm>2013-08-23T22:45:02.07+02:00</CreDtTm>
6383 <InitgPty>
6384 <Id>66000001</Id>
6385 <Tp>OPOI</Tp>
6386 <Issr>MTMG</Issr>
6387 </InitgPty>
6388 <RcptPty>
6389 <Id>epas-acquirer-TM1</Id>
6390 <Tp>MTMG</Tp>
6391 </RcptPty>
6392 </Hdr>
6393 <StsRpt>
6394 <POIId>
6395 <Id>66000001</Id>
6396 <Tp>OPOI</Tp>
6397 <Issr>MTMG</Issr>
6398 </POIId>
6399 <TermnlMgrId>
6400 <Id>epas-acquirer-TM1</Id>
6401 <Tp>MTMG</Tp>
6402 </TermnlMgrId>
6403 <DataSet>
6404 <Id>
6405 <Tp>STRP</Tp>
6406 <CreDtTm>2013-08-23T22:45:02.07+02:00</CreDtTm>
6407 </Id>
6408 <Cntt>
6409 <POICpblties>
6410 <CardRdngCpblties>CICC</CardRdngCpblties>
6411 <CardRdngCpblties>MGST</CardRdngCpblties>
6412 </POICpblties>
6413 <POICmpnt>
6414 <Tp>SERV</Tp>
6415 <Id>
6416 <ItmNb>1</ItmNb>
6417 <PrvdrId>EPASVendor001</PrvdrId>
6418 </Id>
6419 </POICmpnt>
6420 <POICmpnt>
6421 <Tp>TERM</Tp>
6422 <Id>
6423 <ItmNb>1.1</ItmNb>
6424 <PrvdrId>EPASVendor001</PrvdrId>
6425 <Id>Counter Top E41</Id>
6426 <SrlNb>7825410759</SrlNb>
6427 </Id>
6428 </POICmpnt>
6429 <POICmpnt>
6430 <Tp>DVCE</Tp>
6431 <Id>
6432 <ItmNb>1.1.1</ItmNb>
6433 <PrvdrId>EPASVendor001</PrvdrId>
6434 <Id>PIN Pad T25</Id>
6435 <SrlNb>1825410759</SrlNb>
6436 </Id>
6437 </POICmpnt>
6438 <POICmpnt>
6439 <Tp>EMVK</Tp>

9 Message Examples Page 232


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6440 <Id>
6441 <ItmNb>1.1.1.1</ItmNb>
6442 <PrvdrId>EPASVendor003</PrvdrId>
6443 </Id>
6444 <Sts>
6445 <VrsnNb>7.1</VrsnNb>
6446 </Sts>
6447 </POICmpnt>
6448 <POICmpnt>
6449 <Tp>APLI</Tp>
6450 <Id>
6451 <ItmNb>1.1.2</ItmNb>
6452 <PrvdrId>EPASVendor002</PrvdrId>
6453 </Id>
6454 <Sts>
6455 <VrsnNb>1.0</VrsnNb>
6456 </Sts>
6457 <StdCmplc>
6458 <Id>SEPA-FAST</Id>
6459 <Vrsn>3.0</Vrsn>
6460 <Issr>CIR</Issr>
6461 </StdCmplc>
6462 </POICmpnt>
6463 <POICmpnt>
6464 <Tp>APPR</Tp>
6465 <Id>
6466 <ItmNb>1.1.2.1</ItmNb>
6467 <PrvdrId>EPASAcquirer01</PrvdrId>
6468 </Id>
6469 <Sts>
6470 <VrsnNb>20110822181900</VrsnNb>
6471 </Sts>
6472 </POICmpnt>
6473 <AttndncCntxt>ATTD</AttndncCntxt>
6474 <POIDtTm>2013-08-23T22:45:02.07+02:00</POIDtTm>
6475 <DataSetReqrd>
6476 <Id>
6477 <Tp>MGTP</Tp>
6478 </Id>
6479 </DataSetReqrd>
6480 <Evt>
6481 <TmStmp>2011-08-23T22:45:02.03+02:00</TmStmp>
6482 <Rslt>SUCC</Rslt>
6483 <ActnId>
6484 <ActnTp>DWNL</ActnTp>
6485 <DataSetId>
6486 <Tp>AQPR</Tp>
6487 <Vrsn>20130822181900</Vrsn>
6488 <CreDtTm>2013-08-23T22:45:02.31+02:00</CreDtTm>
6489 </DataSetId>
6490 </ActnId>
6491 </Evt>
6492 </Cntt>
6493 </DataSet>
6494 </StsRpt>
6495 <SctyTrlr>
6496 <CnttTp>AUTH</CnttTp>
6497 <AuthntcdData>
6498 <Rcpt>
6499 <KEK>
6500 <KEKId>
6501 <KeyId>SpecV1TestKey</KeyId>
6502 <KeyVrsn>2010060715</KeyVrsn>
6503 <DerivtnId>OYclpQE=</DerivtnId>
6504 </KEKId>
6505 <KeyNcrptnAlgo>
6506 <Algo>DKP9</Algo>
6507 </KeyNcrptnAlgo>
6508 <NcrptdKey>4pAgABc=</NcrptdKey>

9 Message Examples Page 233


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6509 </KEK>
6510 </Rcpt>
6511 <MACAlgo>
6512 <Algo>MCCS</Algo>
6513 </MACAlgo>
6514 <NcpsltdCntt>
6515 <CnttTp>DATA</CnttTp>
6516 </NcpsltdCntt>
6517 <MAC>6cmPoibKHko=</MAC>
6518 </AuthntcdData>
6519 </SctyTrlr>
6520 </StsRpt>
6521 </Document>

6522
6523

9 Message Examples Page 234


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6524 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
6525 or line breaks) is dumped below:
6526 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
6527 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
6528 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
6529 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
6530 0040 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |POIId><TermnlMgr|
6531 0050 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 |Id><Id>epas-acqu|
6532 0060 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 |irer-TM1</Id><Tp|
6533 0070 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 6D |>MTMG</Tp></Term|
6534 0080 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 |nlMgrId><DataSet|
6535 0090 3E 3C 49 64 3E 3C 54 70 3E 53 54 52 50 3C 2F 54 |><Id><Tp>STRP</T|
6536 00A0 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 2D |p><CreDtTm>2013-|
6537 00B0 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 2E 30 |08-23T22:45:02.0|
6538 00C0 37 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 6D |7+02:00</CreDtTm|
6539 00D0 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 |></Id><Cntt><POI|
6540 00E0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
6541 00F0 6E 67 43 70 62 6C 74 69 65 73 3E 43 49 43 43 3C |ngCpblties>CICC<|
6542 0100 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
6543 0110 73 3E 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 |s><CardRdngCpblt|
6544 0120 69 65 73 3E 4D 47 53 54 3C 2F 43 61 72 64 52 64 |ies>MGST</CardRd|
6545 0130 6E 67 43 70 62 6C 74 69 65 73 3E 3C 2F 50 4F 49 |ngCpblties></POI|
6546 0140 43 70 62 6C 74 69 65 73 3E 3C 50 4F 49 43 6D 70 |Cpblties><POICmp|
6547 0150 6E 74 3E 3C 54 70 3E 53 45 52 56 3C 2F 54 70 3E |nt><Tp>SERV</Tp>|
6548 0160 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
6549 0170 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
6550 0180 53 56 65 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 |SVendor001</Prvd|
6551 0190 72 49 64 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D |rId></Id></POICm|
6552 01A0 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 |pnt><POICmpnt><T|
6553 01B0 70 3E 54 45 52 4D 3C 2F 54 70 3E 3C 49 64 3E 3C |p>TERM</Tp><Id><|
6554 01C0 49 74 6D 4E 62 3E 31 2E 31 3C 2F 49 74 6D 4E 62 |ItmNb>1.1</ItmNb|
6555 01D0 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
6556 01E0 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
6557 01F0 3E 3C 49 64 3E 43 6F 75 6E 74 65 72 20 54 6F 70 |><Id>Counter Top|
6558 0200 20 45 34 31 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E | E41</Id><SrlNb>|
6559 0210 37 38 32 35 34 31 30 37 35 39 3C 2F 53 72 6C 4E |7825410759</SrlN|
6560 0220 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E |b></Id></POICmpn|
6561 0230 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E |t><POICmpnt><Tp>|
6562 0240 44 56 43 45 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 |DVCE</Tp><Id><It|
6563 0250 6D 4E 62 3E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 |mNb>1.1.1</ItmNb|
6564 0260 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 |><PrvdrId>EPASVe|
6565 0270 6E 64 6F 72 30 30 31 3C 2F 50 72 76 64 72 49 64 |ndor001</PrvdrId|
6566 0280 3E 3C 49 64 3E 50 49 4E 20 50 61 64 20 54 32 35 |><Id>PIN Pad T25|
6567 0290 3C 2F 49 64 3E 3C 53 72 6C 4E 62 3E 31 38 32 35 |</Id><SrlNb>1825|
6568 02A0 34 31 30 37 35 39 3C 2F 53 72 6C 4E 62 3E 3C 2F |410759</SrlNb></|
6569 02B0 49 64 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |Id></POICmpnt><P|
6570 02C0 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 45 4D 56 4B |OICmpnt><Tp>EMVK|
6571 02D0 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
6572 02E0 31 2E 31 2E 31 2E 31 3C 2F 49 74 6D 4E 62 3E 3C |1.1.1.1</ItmNb><|
6573 02F0 50 72 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 |PrvdrId>EPASVend|
6574 0300 6F 72 30 30 33 3C 2F 50 72 76 64 72 49 64 3E 3C |or003</PrvdrId><|
6575 0310 2F 49 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 |/Id><Sts><VrsnNb|
6576 0320 3E 37 2E 31 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 |>7.1</VrsnNb></S|

9 Message Examples Page 235


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6577 0330 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 |ts></POICmpnt><P|


6578 0340 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 41 50 4C 49 |OICmpnt><Tp>APLI|
6579 0350 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E |</Tp><Id><ItmNb>|
6580 0360 31 2E 31 2E 32 3C 2F 49 74 6D 4E 62 3E 3C 50 72 |1.1.2</ItmNb><Pr|
6581 0370 76 64 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 |vdrId>EPASVendor|
6582 0380 30 30 32 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 |002</PrvdrId></I|
6583 0390 64 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 31 |d><Sts><VrsnNb>1|
6584 03A0 2E 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 |.0</VrsnNb></Sts|
6585 03B0 3E 3C 53 74 64 43 6D 70 6C 63 3E 3C 49 64 3E 53 |><StdCmplc><Id>S|
6586 03C0 45 50 41 2D 46 41 53 54 3C 2F 49 64 3E 3C 56 72 |EPA-FAST</Id><Vr|
6587 03D0 73 6E 3E 33 2E 30 3C 2F 56 72 73 6E 3E 3C 49 73 |sn>3.0</Vrsn><Is|
6588 03E0 73 72 3E 43 49 52 3C 2F 49 73 73 72 3E 3C 2F 53 |sr>CIR</Issr></S|
6589 03F0 74 64 43 6D 70 6C 63 3E 3C 2F 50 4F 49 43 6D 70 |tdCmplc></POICmp|
6590 0400 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 |nt><POICmpnt><Tp|
6591 0410 3E 41 50 50 52 3C 2F 54 70 3E 3C 49 64 3E 3C 49 |>APPR</Tp><Id><I|
6592 0420 74 6D 4E 62 3E 31 2E 31 2E 32 2E 31 3C 2F 49 74 |tmNb>1.1.2.1</It|
6593 0430 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
6594 0440 53 41 63 71 75 69 72 65 72 30 31 3C 2F 50 72 76 |SAcquirer01</Prv|
6595 0450 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C |drId></Id><Sts><|
6596 0460 56 72 73 6E 4E 62 3E 32 30 31 31 30 38 32 32 31 |VrsnNb>201108221|
6597 0470 38 31 39 30 30 3C 2F 56 72 73 6E 4E 62 3E 3C 2F |81900</VrsnNb></|
6598 0480 53 74 73 3E 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C |Sts></POICmpnt><|
6599 0490 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E 41 54 54 |AttndncCntxt>ATT|
6600 04A0 44 3C 2F 41 74 74 6E 64 6E 63 43 6E 74 78 74 3E |D</AttndncCntxt>|
6601 04B0 3C 50 4F 49 44 74 54 6D 3E 32 30 31 33 2D 30 38 |<POIDtTm>2013-08|
6602 04C0 2D 32 33 54 32 32 3A 34 35 3A 30 32 2E 30 37 2B |-23T22:45:02.07+|
6603 04D0 30 32 3A 30 30 3C 2F 50 4F 49 44 74 54 6D 3E 3C |02:00</POIDtTm><|
6604 04E0 44 61 74 61 53 65 74 52 65 71 72 64 3E 3C 49 64 |DataSetReqrd><Id|
6605 04F0 3E 3C 54 70 3E 4D 47 54 50 3C 2F 54 70 3E 3C 2F |><Tp>MGTP</Tp></|
6606 0500 49 64 3E 3C 2F 44 61 74 61 53 65 74 52 65 71 72 |Id></DataSetReqr|
6607 0510 64 3E 3C 45 76 74 3E 3C 54 6D 53 74 6D 70 3E 32 |d><Evt><TmStmp>2|
6608 0520 30 31 31 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A |011-08-23T22:45:|
6609 0530 30 32 2E 30 33 2B 30 32 3A 30 30 3C 2F 54 6D 53 |02.03+02:00</TmS|
6610 0540 74 6D 70 3E 3C 52 73 6C 74 3E 53 55 43 43 3C 2F |tmp><Rslt>SUCC</|
6611 0550 52 73 6C 74 3E 3C 41 63 74 6E 49 64 3E 3C 41 63 |Rslt><ActnId><Ac|
6612 0560 74 6E 54 70 3E 44 57 4E 4C 3C 2F 41 63 74 6E 54 |tnTp>DWNL</ActnT|
6613 0570 70 3E 3C 44 61 74 61 53 65 74 49 64 3E 3C 54 70 |p><DataSetId><Tp|
6614 0580 3E 41 51 50 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E |>AQPR</Tp><Vrsn>|
6615 0590 32 30 31 33 30 38 32 32 31 38 31 39 30 30 3C 2F |20130822181900</|
6616 05A0 56 72 73 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |Vrsn><CreDtTm>20|
6617 05B0 31 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 |13-08-23T22:45:0|
6618 05C0 32 2E 33 31 2B 30 32 3A 30 30 3C 2F 43 72 65 44 |2.31+02:00</CreD|
6619 05D0 74 54 6D 3E 3C 2F 44 61 74 61 53 65 74 49 64 3E |tTm></DataSetId>|
6620 05E0 3C 2F 41 63 74 6E 49 64 3E 3C 2F 45 76 74 3E 3C |</ActnId></Evt><|
6621 05F0 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 74 3E |/Cntt></DataSet>|
6622 0600 3C 2F 53 74 73 52 70 74 3E |</StsRpt> |
6623
6624
6625 The SHA-256 digest of the message body StsRpt is:
6626 0000 64 3D BE 99 79 64 44 0D 87 E6 E3 EA 08 AC 6F 42 |d=..ydD.......oB|
6627 0010 F0 ED 45 84 4E F1 13 00 F5 1D 43 28 73 EB 3A DB |..E.N.....C(s.:.|
6628

9 Message Examples Page 236


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6629
6630 After padding, the digest becomes:
6631 0000 64 3D BE 99 79 64 44 0D 87 E6 E3 EA 08 AC 6F 42 |d=..ydD.......oB|
6632 0010 F0 ED 45 84 4E F1 13 00 F5 1D 43 28 73 EB 3A DB |..E.N.....C(s.:.|
6633 0020 80 00 00 00 00 00 00 00 |........ |
6634
6635 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6636 we obtain the MAC of the StatusReport E9C98FA226CA1E4A and after conversion in base64
6637 "6cmPoibKHko=".
6638 0000 F7 A9 10 E2 44 4A 1C 2B E3 82 51 F2 57 F0 ED 59 |....DJ.+..Q.W..Y|
6639 0010 45 CD E7 29 D5 55 45 91 C4 3F 7B 21 3A 9C 02 4B |E..).UE..?{!:..K|
6640 0020 E9 C9 8F A2 26 CA 1E 4A |....&..J |
6641
6642
6643 The message sent by the transport protocol is:
6644 0000 00 00 09 3F 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | ?<?xml versio|
6645 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6646 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6647 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
6648 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
6649 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
6650 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
6651 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
6652 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
6653 0090 63 61 74 6D 2E 30 30 31 2E 30 30 31 2E 30 35 22 |catm.001.001.05"|
6654 00A0 3E 3C 53 74 73 52 70 74 3E 3C 48 64 72 3E 3C 44 |><StsRpt><Hdr><D|
6655 00B0 77 6E 6C 64 54 72 66 3E 66 61 6C 73 65 3C 2F 44 |wnldTrf>false</D|
6656 00C0 77 6E 6C 64 54 72 66 3E 3C 46 72 6D 74 56 72 73 |wnldTrf><FrmtVrs|
6657 00D0 6E 3E 35 2E 30 3C 2F 46 72 6D 74 56 72 73 6E 3E |n>5.0</FrmtVrsn>|
6658 00E0 3C 58 63 68 67 49 64 3E 35 35 31 3C 2F 58 63 68 |<XchgId>551</Xch|
6659 00F0 67 49 64 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |gId><CreDtTm>201|
6660 0100 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 3A 30 32 |3-08-23T22:45:02|
6661 0110 2E 30 37 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.07+02:00</CreDt|
6662 0120 54 6D 3E 3C 49 6E 69 74 67 50 74 79 3E 3C 49 64 |Tm><InitgPty><Id|
6663 0130 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
6664 0140 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
6665 0150 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F 49 6E |>MTMG</Issr></In|
6666 0160 69 74 67 50 74 79 3E 3C 52 63 70 74 50 74 79 3E |itgPty><RcptPty>|
6667 0170 3C 49 64 3E 65 70 61 73 2D 61 63 71 75 69 72 65 |<Id>epas-acquire|
6668 0180 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 4D 54 |r-TM1</Id><Tp>MT|
6669 0190 4D 47 3C 2F 54 70 3E 3C 2F 52 63 70 74 50 74 79 |MG</Tp></RcptPty|
6670 01A0 3E 3C 2F 48 64 72 3E 3C 53 74 73 52 70 74 3E 3C |></Hdr><StsRpt><|
6671 01B0 50 4F 49 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 |POIId><Id>660000|
6672 01C0 30 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C |01</Id><Tp>OPOI<|
6673 01D0 2F 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F |/Tp><Issr>MTMG</|
6674 01E0 49 73 73 72 3E 3C 2F 50 4F 49 49 64 3E 3C 54 65 |Issr></POIId><Te|
6675 01F0 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 65 70 |rmnlMgrId><Id>ep|
6676 0200 61 73 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C |as-acquirer-TM1<|
6677 0210 2F 49 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 |/Id><Tp>MTMG</Tp|
6678 0220 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 3E 3C |></TermnlMgrId><|
6679 0230 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 70 3E |DataSet><Id><Tp>|

9 Message Examples Page 237


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6680 0240 53 54 52 50 3C 2F 54 70 3E 3C 43 72 65 44 74 54 |STRP</Tp><CreDtT|


6681 0250 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 32 32 3A |m>2013-08-23T22:|
6682 0260 34 35 3A 30 32 2E 30 37 2B 30 32 3A 30 30 3C 2F |45:02.07+02:00</|
6683 0270 43 72 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 43 6E |CreDtTm></Id><Cn|
6684 0280 74 74 3E 3C 50 4F 49 43 70 62 6C 74 69 65 73 3E |tt><POICpblties>|
6685 0290 3C 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |<CardRdngCpbltie|
6686 02A0 73 3E 43 49 43 43 3C 2F 43 61 72 64 52 64 6E 67 |s>CICC</CardRdng|
6687 02B0 43 70 62 6C 74 69 65 73 3E 3C 43 61 72 64 52 64 |Cpblties><CardRd|
6688 02C0 6E 67 43 70 62 6C 74 69 65 73 3E 4D 47 53 54 3C |ngCpblties>MGST<|
6689 02D0 2F 43 61 72 64 52 64 6E 67 43 70 62 6C 74 69 65 |/CardRdngCpbltie|
6690 02E0 73 3E 3C 2F 50 4F 49 43 70 62 6C 74 69 65 73 3E |s></POICpblties>|
6691 02F0 3C 50 4F 49 43 6D 70 6E 74 3E 3C 54 70 3E 53 45 |<POICmpnt><Tp>SE|
6692 0300 52 56 3C 2F 54 70 3E 3C 49 64 3E 3C 49 74 6D 4E |RV</Tp><Id><ItmN|
6693 0310 62 3E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |b>1</ItmNb><Prvd|
6694 0320 72 49 64 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 |rId>EPASVendor00|
6695 0330 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 3E |1</PrvdrId></Id>|
6696 0340 3C 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 |</POICmpnt><POIC|
6697 0350 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 |mpnt><Tp>TERM</T|
6698 0360 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 |p><Id><ItmNb>1.1|
6699 0370 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
6700 0380 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
6701 0390 50 72 76 64 72 49 64 3E 3C 49 64 3E 43 6F 75 6E |PrvdrId><Id>Coun|
6702 03A0 74 65 72 20 54 6F 70 20 45 34 31 3C 2F 49 64 3E |ter Top E41</Id>|
6703 03B0 3C 53 72 6C 4E 62 3E 37 38 32 35 34 31 30 37 35 |<SrlNb>782541075|
6704 03C0 39 3C 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F |9</SrlNb></Id></|
6705 03D0 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 |POICmpnt><POICmp|
6706 03E0 6E 74 3E 3C 54 70 3E 44 56 43 45 3C 2F 54 70 3E |nt><Tp>DVCE</Tp>|
6707 03F0 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 |<Id><ItmNb>1.1.1|
6708 0400 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 |</ItmNb><PrvdrId|
6709 0410 3E 45 50 41 53 56 65 6E 64 6F 72 30 30 31 3C 2F |>EPASVendor001</|
6710 0420 50 72 76 64 72 49 64 3E 3C 49 64 3E 50 49 4E 20 |PrvdrId><Id>PIN |
6711 0430 50 61 64 20 54 32 35 3C 2F 49 64 3E 3C 53 72 6C |Pad T25</Id><Srl|
6712 0440 4E 62 3E 31 38 32 35 34 31 30 37 35 39 3C 2F 53 |Nb>1825410759</S|
6713 0450 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 |rlNb></Id></POIC|
6714 0460 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
6715 0470 54 70 3E 45 4D 56 4B 3C 2F 54 70 3E 3C 49 64 3E |Tp>EMVK</Tp><Id>|
6716 0480 3C 49 74 6D 4E 62 3E 31 2E 31 2E 31 2E 31 3C 2F |<ItmNb>1.1.1.1</|
6717 0490 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 |ItmNb><PrvdrId>E|
6718 04A0 50 41 53 56 65 6E 64 6F 72 30 30 33 3C 2F 50 72 |PASVendor003</Pr|
6719 04B0 76 64 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E |vdrId></Id><Sts>|
6720 04C0 3C 56 72 73 6E 4E 62 3E 37 2E 31 3C 2F 56 72 73 |<VrsnNb>7.1</Vrs|
6721 04D0 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 43 |nNb></Sts></POIC|
6722 04E0 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
6723 04F0 54 70 3E 41 50 4C 49 3C 2F 54 70 3E 3C 49 64 3E |Tp>APLI</Tp><Id>|
6724 0500 3C 49 74 6D 4E 62 3E 31 2E 31 2E 32 3C 2F 49 74 |<ItmNb>1.1.2</It|
6725 0510 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 45 50 41 |mNb><PrvdrId>EPA|
6726 0520 53 56 65 6E 64 6F 72 30 30 32 3C 2F 50 72 76 64 |SVendor002</Prvd|
6727 0530 72 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 |rId></Id><Sts><V|
6728 0540 72 73 6E 4E 62 3E 31 2E 30 3C 2F 56 72 73 6E 4E |rsnNb>1.0</VrsnN|
6729 0550 62 3E 3C 2F 53 74 73 3E 3C 53 74 64 43 6D 70 6C |b></Sts><StdCmpl|
6730 0560 63 3E 3C 49 64 3E 53 45 50 41 2D 46 41 53 54 3C |c><Id>SEPA-FAST<|
6731 0570 2F 49 64 3E 3C 56 72 73 6E 3E 33 2E 30 3C 2F 56 |/Id><Vrsn>3.0</V|
6732 0580 72 73 6E 3E 3C 49 73 73 72 3E 43 49 52 3C 2F 49 |rsn><Issr>CIR</I|
6733 0590 73 73 72 3E 3C 2F 53 74 64 43 6D 70 6C 63 3E 3C |ssr></StdCmplc><|

9 Message Examples Page 238


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6734 05A0 2F 50 4F 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D |/POICmpnt><POICm|


6735 05B0 70 6E 74 3E 3C 54 70 3E 41 50 50 52 3C 2F 54 70 |pnt><Tp>APPR</Tp|
6736 05C0 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 2E 31 2E |><Id><ItmNb>1.1.|
6737 05D0 32 2E 31 3C 2F 49 74 6D 4E 62 3E 3C 50 72 76 64 |2.1</ItmNb><Prvd|
6738 05E0 72 49 64 3E 45 50 41 53 41 63 71 75 69 72 65 72 |rId>EPASAcquirer|
6739 05F0 30 31 3C 2F 50 72 76 64 72 49 64 3E 3C 2F 49 64 |01</PrvdrId></Id|
6740 0600 3E 3C 53 74 73 3E 3C 56 72 73 6E 4E 62 3E 32 30 |><Sts><VrsnNb>20|
6741 0610 31 31 30 38 32 32 31 38 31 39 30 30 3C 2F 56 72 |110822181900</Vr|
6742 0620 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 2F 50 4F 49 |snNb></Sts></POI|
6743 0630 43 6D 70 6E 74 3E 3C 41 74 74 6E 64 6E 63 43 6E |Cmpnt><AttndncCn|
6744 0640 74 78 74 3E 41 54 54 44 3C 2F 41 74 74 6E 64 6E |txt>ATTD</Attndn|
6745 0650 63 43 6E 74 78 74 3E 3C 50 4F 49 44 74 54 6D 3E |cCntxt><POIDtTm>|
6746 0660 32 30 31 33 2D 30 38 2D 32 33 54 32 32 3A 34 35 |2013-08-23T22:45|
6747 0670 3A 30 32 2E 30 37 2B 30 32 3A 30 30 3C 2F 50 4F |:02.07+02:00</PO|
6748 0680 49 44 74 54 6D 3E 3C 44 61 74 61 53 65 74 52 65 |IDtTm><DataSetRe|
6749 0690 71 72 64 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 |qrd><Id><Tp>MGTP|
6750 06A0 3C 2F 54 70 3E 3C 2F 49 64 3E 3C 2F 44 61 74 61 |</Tp></Id></Data|
6751 06B0 53 65 74 52 65 71 72 64 3E 3C 45 76 74 3E 3C 54 |SetReqrd><Evt><T|
6752 06C0 6D 53 74 6D 70 3E 32 30 31 31 2D 30 38 2D 32 33 |mStmp>2011-08-23|
6753 06D0 54 32 32 3A 34 35 3A 30 32 2E 30 33 2B 30 32 3A |T22:45:02.03+02:|
6754 06E0 30 30 3C 2F 54 6D 53 74 6D 70 3E 3C 52 73 6C 74 |00</TmStmp><Rslt|
6755 06F0 3E 53 55 43 43 3C 2F 52 73 6C 74 3E 3C 41 63 74 |>SUCC</Rslt><Act|
6756 0700 6E 49 64 3E 3C 41 63 74 6E 54 70 3E 44 57 4E 4C |nId><ActnTp>DWNL|
6757 0710 3C 2F 41 63 74 6E 54 70 3E 3C 44 61 74 61 53 65 |</ActnTp><DataSe|
6758 0720 74 49 64 3E 3C 54 70 3E 41 51 50 52 3C 2F 54 70 |tId><Tp>AQPR</Tp|
6759 0730 3E 3C 56 72 73 6E 3E 32 30 31 33 30 38 32 32 31 |><Vrsn>201308221|
6760 0740 38 31 39 30 30 3C 2F 56 72 73 6E 3E 3C 43 72 65 |81900</Vrsn><Cre|
6761 0750 44 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 |DtTm>2013-08-23T|
6762 0760 32 32 3A 34 35 3A 30 32 2E 33 31 2B 30 32 3A 30 |22:45:02.31+02:0|
6763 0770 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 2F 44 61 74 |0</CreDtTm></Dat|
6764 0780 61 53 65 74 49 64 3E 3C 2F 41 63 74 6E 49 64 3E |aSetId></ActnId>|
6765 0790 3C 2F 45 76 74 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 |</Evt></Cntt></D|
6766 07A0 61 74 61 53 65 74 3E 3C 2F 53 74 73 52 70 74 3E |ataSet></StsRpt>|
6767 07B0 3C 53 63 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 |<SctyTrlr><CnttT|
6768 07C0 70 3E 41 55 54 48 3C 2F 43 6E 74 74 54 70 3E 3C |p>AUTH</CnttTp><|
6769 07D0 41 75 74 68 6E 74 63 64 44 61 74 61 3E 3C 52 63 |AuthntcdData><Rc|
6770 07E0 70 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 64 3E 3C |pt><KEK><KEKId><|
6771 07F0 4B 65 79 49 64 3E 53 70 65 63 56 31 54 65 73 74 |KeyId>SpecV1Test|
6772 0800 4B 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B 65 79 56 |Key</KeyId><KeyV|
6773 0810 72 73 6E 3E 32 30 31 30 30 36 30 37 31 35 3C 2F |rsn>2010060715</|
6774 0820 4B 65 79 56 72 73 6E 3E 3C 44 65 72 69 76 74 6E |KeyVrsn><Derivtn|
6775 0830 49 64 3E 4F 59 63 6C 70 51 45 3D 3C 2F 44 65 72 |Id>OYclpQE=</Der|
6776 0840 69 76 74 6E 49 64 3E 3C 2F 4B 45 4B 49 64 3E 3C |ivtnId></KEKId><|
6777 0850 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 41 |KeyNcrptnAlgo><A|
6778 0860 6C 67 6F 3E 44 4B 50 39 3C 2F 41 6C 67 6F 3E 3C |lgo>DKP9</Algo><|
6779 0870 2F 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C |/KeyNcrptnAlgo><|
6780 0880 4E 63 72 70 74 64 4B 65 79 3E 34 70 41 67 41 42 |NcrptdKey>4pAgAB|
6781 0890 63 3D 3C 2F 4E 63 72 70 74 64 4B 65 79 3E 3C 2F |c=</NcrptdKey></|
6782 08A0 4B 45 4B 3E 3C 2F 52 63 70 74 3E 3C 4D 41 43 41 |KEK></Rcpt><MACA|
6783 08B0 6C 67 6F 3E 3C 41 6C 67 6F 3E 4D 43 43 53 3C 2F |lgo><Algo>MCCS</|
6784 08C0 41 6C 67 6F 3E 3C 2F 4D 41 43 41 6C 67 6F 3E 3C |Algo></MACAlgo><|
6785 08D0 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 |NcpsltdCntt><Cnt|
6786 08E0 74 54 70 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 |tTp>DATA</CnttTp|
6787 08F0 3E 3C 2F 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C |></NcpsltdCntt><|

9 Message Examples Page 239


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6788 0900 4D 41 43 3E 36 63 6D 50 6F 69 62 4B 48 6B 6F 3D |MAC>6cmPoibKHko=|


6789 0910 3C 2F 4D 41 43 3E 3C 2F 41 75 74 68 6E 74 63 64 |</MAC></Authntcd|
6790 0920 44 61 74 61 3E 3C 2F 53 63 74 79 54 72 6C 72 3E |Data></SctyTrlr>|
6791 0930 3C 2F 53 74 73 52 70 74 3E 3C 2F 44 6F 63 75 6D |</StsRpt></Docum|
6792 0940 65 6E 74 3E |ent> |

6793

9 Message Examples Page 240


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6794 9.4.2 ManagementPlanReplacement Message


6795
6796 The TM sends the cyclic management plan for the POI which contains only one action:
6797 The request of a management plan every day at 22h45 with a maximum of 2 possible retries in case of
6798 incident.
6799
DataSet Type Action Type Trigger StartTime WaitingTime Period
ManagementPlan Download DateTime 2013-08-24T22:45:00 1 day

6800
6801 The ManagementPlanReplacement message body contains the action presented below:
6802
Message Item Value
Header
DownloadTransfer True
FormatVersion 5.0
ExchangeIdentification 551
CreationDateTime 2013-08-23T23:45:03.95+02:00
InitiatingParty
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
ManagementPlan
POIIdentification
Identification 66000001
Type OriginationgPOI
Issuer MasterTerminalManager
TerminalManagerdentification
Identification epas-acquirer-TM1
Type MasterTerminalManager
DataSet
Identification
Type ManagementPlan
CreationDateTime 2013-08-23T23:45:03.95+02:00
Content
Action
Type Download
RemoteAccess
Address
NetworkType InternetProtocol
AddressValue TM1.Test.EPASOrg.eu:5001
DataSetIdentification
Type ManagementPlan
Trigger DateTime
Retry
Delay 10
MaximumNumber 2
TimeCondition
StartTime 2013-08-24T22:45:00

9 Message Examples Page 241


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

Period 10000
MaximumNumber 0
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2011010715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC F953790159FB9E35

6803
6804

9 Message Examples Page 242


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6805 The XML encoded ManagementPlanReplacement message is presented below.


6806
6807 <?xml version="1.0" encoding="UTF-8"?>
6808 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6809 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.002.001.05">
6810 <MgmtPlanRplcmnt>
6811 <Hdr>
6812 <DwnldTrf>true</DwnldTrf>
6813 <FrmtVrsn>5.0</FrmtVrsn>
6814 <XchgId>551</XchgId>
6815 <CreDtTm>2013-08-23T23:45:03.95+02:00</CreDtTm>
6816 <InitgPty>
6817 <Id>66000001</Id>
6818 <Tp>OPOI</Tp>
6819 <Issr>MTMG</Issr>
6820 </InitgPty>
6821 <RcptPty>
6822 <Id>epas-acquirer-TM1</Id>
6823 <Tp>MTMG</Tp>
6824 </RcptPty>
6825 </Hdr>
6826 <MgmtPlan>
6827 <POIId>
6828 <Id>66000001</Id>
6829 <Tp>OPOI</Tp>
6830 <Issr>MTMG</Issr>
6831 </POIId>
6832 <TermnlMgrId>
6833 <Id>epas-acquirer-TM1</Id>
6834 <Tp>MTMG</Tp>
6835 </TermnlMgrId>
6836 <DataSet>
6837 <Id>
6838 <Tp>MGTP</Tp>
6839 <CreDtTm>2013-08-23T23:45:03.95+02:00</CreDtTm>
6840 </Id>
6841 <Cntt>
6842 <Actn>
6843 <Tp>DWNL</Tp>
6844 <RmotAccs>
6845 <Adr>
6846 <NtwkTp>IPNW</NtwkTp>
6847 <AdrVal>TM1.Test.EPASOrg.eu:5001</AdrVal>
6848 </Adr>
6849 </RmotAccs>
6850 <DataSetId>
6851 <Tp>MGTP</Tp>
6852 </DataSetId>
6853 <Trggr>DATE</Trggr>
6854 <ReTry>
6855 <Dely>10</Dely>
6856 <MaxNb>2</MaxNb>
6857 </ReTry>
6858 <TmCond>
6859 <StartTm>2013-08-24T22:45:00</StartTm>
6860 <Prd>10000</Prd>
6861 <MaxNb>0</MaxNb>
6862 </TmCond>
6863 </Actn>
6864 </Cntt>
6865 </DataSet>
6866 </MgmtPlan>
6867 <SctyTrlr>
6868 <CnttTp>AUTH</CnttTp>
6869 <AuthntcdData>
6870 <Rcpt>
6871 <KEK>
6872 <KEKId>

9 Message Examples Page 243


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6873 <KeyId>SpecV1TestKey</KeyId>
6874 <KeyVrsn>2010060715</KeyVrsn>
6875 <DerivtnId>OYclpQE=</DerivtnId>
6876 </KEKId>
6877 <KeyNcrptnAlgo>
6878 <Algo>DKP9</Algo>
6879 </KeyNcrptnAlgo>
6880 <NcrptdKey>4pAgABc=</NcrptdKey>
6881 </KEK>
6882 </Rcpt>
6883 <MACAlgo>
6884 <Algo>MCCS</Algo>
6885 </MACAlgo>
6886 <NcpsltdCntt>
6887 <CnttTp>DATA</CnttTp>
6888 </NcpsltdCntt>
6889 <MAC>+VN5AVn7njU=</MAC>
6890 </AuthntcdData>
6891 </SctyTrlr>
6892 </MgmtPlanRplcmnt>
6893 </Document>

6894
6895

9 Message Examples Page 244


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6896 Once unnecessary spaces and carriage returns are removed, the message body MgmtPlan (without
6897 spaces or line breaks) is dumped below:
6898 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 |<MgmtPlan><POIId|
6899 0010 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
6900 0020 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
6901 0030 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
6902 0040 3C 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D |</POIId><TermnlM|
6903 0050 67 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 |grId><Id>epas-ac|
6904 0060 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C |quirer-TM1</Id><|
6905 0070 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 |Tp>MTMG</Tp></Te|
6906 0080 72 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 |rmnlMgrId><DataS|
6907 0090 65 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C |et><Id><Tp>MGTP<|
6908 00A0 2F 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 |/Tp><CreDtTm>201|
6909 00B0 33 2D 30 38 2D 32 33 54 32 33 3A 34 35 3A 30 33 |3-08-23T23:45:03|
6910 00C0 2E 39 35 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 |.95+02:00</CreDt|
6911 00D0 54 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 |Tm></Id><Cntt><A|
6912 00E0 63 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 |ctn><Tp>DWNL</Tp|
6913 00F0 3E 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E |><RmotAccs><Adr>|
6914 0100 3C 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 |<NtwkTp>IPNW</Nt|
6915 0110 77 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 |wkTp><AdrVal>TM1|
6916 0120 2E 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 |.Test.EPASOrg.eu|
6917 0130 3A 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F |:5001</AdrVal></|
6918 0140 41 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C |Adr></RmotAccs><|
6919 0150 44 61 74 61 53 65 74 49 64 3E 3C 54 70 3E 4D 47 |DataSetId><Tp>MG|
6920 0160 54 50 3C 2F 54 70 3E 3C 2F 44 61 74 61 53 65 74 |TP</Tp></DataSet|
6921 0170 49 64 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F |Id><Trggr>DATE</|
6922 0180 54 72 67 67 72 3E 3C 52 65 54 72 79 3E 3C 44 65 |Trggr><ReTry><De|
6923 0190 6C 79 3E 31 30 3C 2F 44 65 6C 79 3E 3C 4D 61 78 |ly>10</Dely><Max|
6924 01A0 4E 62 3E 32 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 |Nb>2</MaxNb></Re|
6925 01B0 54 72 79 3E 3C 54 6D 43 6F 6E 64 3E 3C 53 74 61 |Try><TmCond><Sta|
6926 01C0 72 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 34 54 |rtTm>2013-08-24T|
6927 01D0 32 32 3A 34 35 3A 30 30 3C 2F 53 74 61 72 74 54 |22:45:00</StartT|
6928 01E0 6D 3E 3C 50 72 64 3E 31 30 30 30 30 3C 2F 50 72 |m><Prd>10000</Pr|
6929 01F0 64 3E 3C 4D 61 78 4E 62 3E 30 3C 2F 4D 61 78 4E |d><MaxNb>0</MaxN|
6930 0200 62 3E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 63 74 |b></TmCond></Act|
6931 0210 6E 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 |n></Cntt></DataS|
6932 0220 65 74 3E 3C 2F 4D 67 6D 74 50 6C 61 6E 3E |et></MgmtPlan> |
6933 The SHA-256 digest of the message body MgmtPlan is:
6934 0000 94 4B AC B6 48 23 A4 27 72 68 9E EE 82 78 7C BD |.K..H#.'rh...x|.|
6935 0010 3B 84 7A 2A 94 03 EF 7E 38 FA 7B 66 33 1E 92 5C |;.z*...~8.{f3..\|
6936 After padding, the digest becomes:
6937 0000 94 4B AC B6 48 23 A4 27 72 68 9E EE 82 78 7C BD |.K..H#.'rh...x|.|
6938 0010 3B 84 7A 2A 94 03 EF 7E 38 FA 7B 66 33 1E 92 5C |;.z*...~8.{f3..\|
6939 0020 80 00 00 00 00 00 00 00 |........ |
6940
6941 Retail CBC encryption with the MAC Computation test Key (5E64F1AB F25D3BA1 7F629EC2 B302F8EA),
6942 we obtain the MAC of the ManagementPlan F953790159FB9E35 and after conversion in base64
6943 "+VN5AVn7njU=".
6944 0000 E8 E9 31 74 3A B7 11 08 B8 3D 31 51 24 7F 5A 05 |..1t:....=1Q$.Z.|
6945 0010 C2 2A 5C B3 33 57 A4 78 47 C4 51 74 B3 24 40 A6 |.*\.3W.xG.Qt.$@.|
6946 0020 F9 53 79 01 59 FB 9E 35 |.Sy.Y..5 |
6947
6948
9 Message Examples Page 245
CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

6949 The message sent by the transport protocol is:


6950 0000 00 00 05 75 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | u<?xml versio|
6951 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6952 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6953 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
6954 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
6955 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
6956 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
6957 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
6958 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
6959 0090 63 61 74 6D 2E 30 30 32 2E 30 30 31 2E 30 35 22 |catm.002.001.05"|
6960 00A0 3E 3C 4D 67 6D 74 50 6C 61 6E 52 70 6C 63 6D 6E |><MgmtPlanRplcmn|
6961 00B0 74 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 |t><Hdr><DwnldTrf|
6962 00C0 3E 74 72 75 65 3C 2F 44 77 6E 6C 64 54 72 66 3E |>true</DwnldTrf>|
6963 00D0 3C 46 72 6D 74 56 72 73 6E 3E 35 2E 30 3C 2F 46 |<FrmtVrsn>5.0</F|
6964 00E0 72 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E |rmtVrsn><XchgId>|
6965 00F0 35 35 31 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 |551</XchgId><Cre|
6966 0100 44 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 33 54 |DtTm>2013-08-23T|
6967 0110 32 33 3A 34 35 3A 30 33 2E 39 35 2B 30 32 3A 30 |23:45:03.95+02:0|
6968 0120 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 |0</CreDtTm><Init|
6969 0130 67 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 |gPty><Id>6600000|
6970 0140 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F |1</Id><Tp>OPOI</|
6971 0150 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 |Tp><Issr>MTMG</I|
6972 0160 73 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C |ssr></InitgPty><|
6973 0170 52 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 |RcptPty><Id>epas|
6974 0180 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
6975 0190 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
6976 01A0 2F 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C |/RcptPty></Hdr><|
6977 01B0 4D 67 6D 74 50 6C 61 6E 3E 3C 50 4F 49 49 64 3E |MgmtPlan><POIId>|
6978 01C0 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 |<Id>66000001</Id|
6979 01D0 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 |><Tp>OPOI</Tp><I|
6980 01E0 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C |ssr>MTMG</Issr><|
6981 01F0 2F 50 4F 49 49 64 3E 3C 54 65 72 6D 6E 6C 4D 67 |/POIId><TermnlMg|
6982 0200 72 49 64 3E 3C 49 64 3E 65 70 61 73 2D 61 63 71 |rId><Id>epas-acq|
6983 0210 75 69 72 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |uirer-TM1</Id><T|
6984 0220 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C 2F 54 65 72 |p>MTMG</Tp></Ter|
6985 0230 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
6986 0240 74 3E 3C 49 64 3E 3C 54 70 3E 4D 47 54 50 3C 2F |t><Id><Tp>MGTP</|
6987 0250 54 70 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 33 |Tp><CreDtTm>2013|
6988 0260 2D 30 38 2D 32 33 54 32 33 3A 34 35 3A 30 33 2E |-08-23T23:45:03.|
6989 0270 39 35 2B 30 32 3A 30 30 3C 2F 43 72 65 44 74 54 |95+02:00</CreDtT|
6990 0280 6D 3E 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 41 63 |m></Id><Cntt><Ac|
6991 0290 74 6E 3E 3C 54 70 3E 44 57 4E 4C 3C 2F 54 70 3E |tn><Tp>DWNL</Tp>|
6992 02A0 3C 52 6D 6F 74 41 63 63 73 3E 3C 41 64 72 3E 3C |<RmotAccs><Adr><|
6993 02B0 4E 74 77 6B 54 70 3E 49 50 4E 57 3C 2F 4E 74 77 |NtwkTp>IPNW</Ntw|
6994 02C0 6B 54 70 3E 3C 41 64 72 56 61 6C 3E 54 4D 31 2E |kTp><AdrVal>TM1.|
6995 02D0 54 65 73 74 2E 45 50 41 53 4F 72 67 2E 65 75 3A |Test.EPASOrg.eu:|
6996 02E0 35 30 30 31 3C 2F 41 64 72 56 61 6C 3E 3C 2F 41 |5001</AdrVal></A|
6997 02F0 64 72 3E 3C 2F 52 6D 6F 74 41 63 63 73 3E 3C 44 |dr></RmotAccs><D|
6998 0300 61 74 61 53 65 74 49 64 3E 3C 54 70 3E 4D 47 54 |ataSetId><Tp>MGT|
6999 0310 50 3C 2F 54 70 3E 3C 2F 44 61 74 61 53 65 74 49 |P</Tp></DataSetI|
7000 0320 64 3E 3C 54 72 67 67 72 3E 44 41 54 45 3C 2F 54 |d><Trggr>DATE</T|
7001 0330 72 67 67 72 3E 3C 52 65 54 72 79 3E 3C 44 65 6C |rggr><ReTry><Del|

9 Message Examples Page 246


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7002 0340 79 3E 31 30 3C 2F 44 65 6C 79 3E 3C 4D 61 78 4E |y>10</Dely><MaxN|


7003 0350 62 3E 32 3C 2F 4D 61 78 4E 62 3E 3C 2F 52 65 54 |b>2</MaxNb></ReT|
7004 0360 72 79 3E 3C 54 6D 43 6F 6E 64 3E 3C 53 74 61 72 |ry><TmCond><Star|
7005 0370 74 54 6D 3E 32 30 31 33 2D 30 38 2D 32 34 54 32 |tTm>2013-08-24T2|
7006 0380 32 3A 34 35 3A 30 30 3C 2F 53 74 61 72 74 54 6D |2:45:00</StartTm|
7007 0390 3E 3C 50 72 64 3E 31 30 30 30 30 3C 2F 50 72 64 |><Prd>10000</Prd|
7008 03A0 3E 3C 4D 61 78 4E 62 3E 30 3C 2F 4D 61 78 4E 62 |><MaxNb>0</MaxNb|
7009 03B0 3E 3C 2F 54 6D 43 6F 6E 64 3E 3C 2F 41 63 74 6E |></TmCond></Actn|
7010 03C0 3E 3C 2F 43 6E 74 74 3E 3C 2F 44 61 74 61 53 65 |></Cntt></DataSe|
7011 03D0 74 3E 3C 2F 4D 67 6D 74 50 6C 61 6E 3E 3C 53 63 |t></MgmtPlan><Sc|
7012 03E0 74 79 54 72 6C 72 3E 3C 43 6E 74 74 54 70 3E 41 |tyTrlr><CnttTp>A|
7013 03F0 55 54 48 3C 2F 43 6E 74 74 54 70 3E 3C 41 75 74 |UTH</CnttTp><Aut|
7014 0400 68 6E 74 63 64 44 61 74 61 3E 3C 52 63 70 74 3E |hntcdData><Rcpt>|
7015 0410 3C 4B 45 4B 3E 3C 4B 45 4B 49 64 3E 3C 4B 65 79 |<KEK><KEKId><Key|
7016 0420 49 64 3E 53 70 65 63 56 31 54 65 73 74 4B 65 79 |Id>SpecV1TestKey|
7017 0430 3C 2F 4B 65 79 49 64 3E 3C 4B 65 79 56 72 73 6E |</KeyId><KeyVrsn|
7018 0440 3E 32 30 31 30 30 36 30 37 31 35 3C 2F 4B 65 79 |>2010060715</Key|
7019 0450 56 72 73 6E 3E 3C 44 65 72 69 76 74 6E 49 64 3E |Vrsn><DerivtnId>|
7020 0460 4F 59 63 6C 70 51 45 3D 3C 2F 44 65 72 69 76 74 |OYclpQE=</Derivt|
7021 0470 6E 49 64 3E 3C 2F 4B 45 4B 49 64 3E 3C 4B 65 79 |nId></KEKId><Key|
7022 0480 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 41 6C 67 6F |NcrptnAlgo><Algo|
7023 0490 3E 44 4B 50 39 3C 2F 41 6C 67 6F 3E 3C 2F 4B 65 |>DKP9</Algo></Ke|
7024 04A0 79 4E 63 72 70 74 6E 41 6C 67 6F 3E 3C 4E 63 72 |yNcrptnAlgo><Ncr|
7025 04B0 70 74 64 4B 65 79 3E 34 70 41 67 41 42 63 3D 3C |ptdKey>4pAgABc=<|
7026 04C0 2F 4E 63 72 70 74 64 4B 65 79 3E 3C 2F 4B 45 4B |/NcrptdKey></KEK|
7027 04D0 3E 3C 2F 52 63 70 74 3E 3C 4D 41 43 41 6C 67 6F |></Rcpt><MACAlgo|
7028 04E0 3E 3C 41 6C 67 6F 3E 4D 43 43 53 3C 2F 41 6C 67 |><Algo>MCCS</Alg|
7029 04F0 6F 3E 3C 2F 4D 41 43 41 6C 67 6F 3E 3C 4E 63 70 |o></MACAlgo><Ncp|
7030 0500 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 74 54 70 |sltdCntt><CnttTp|
7031 0510 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 3E 3C 2F |>DATA</CnttTp></|
7032 0520 4E 63 70 73 6C 74 64 43 6E 74 74 3E 3C 4D 41 43 |NcpsltdCntt><MAC|
7033 0530 3E 2B 56 4E 35 41 56 6E 37 6E 6A 55 3D 3C 2F 4D |>+VN5AVn7njU=</M|
7034 0540 41 43 3E 3C 2F 41 75 74 68 6E 74 63 64 44 61 74 |AC></AuthntcdDat|
7035 0550 61 3E 3C 2F 53 63 74 79 54 72 6C 72 3E 3C 2F 4D |a></SctyTrlr></M|
7036 0560 67 6D 74 50 6C 61 6E 52 70 6C 63 6D 6E 74 3E 3C |gmtPlanRplcmnt><|
7037 0570 2F 44 6F 63 75 6D 65 6E 74 3E |/Document> |
7038
7039
7040

9 Message Examples Page 247


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7041 9.5 TerminalManagementRejection Message


7042
7043 For this example, we will assume that Terminal Manager (TM) sends a TerminalManagementRejection
7044 message to a POI to indicate that the TM could not process a StatusReport example of section 9.2.1,
7045 because the key version referenced in the security trailer was not available.
7046
7047 The complete TerminalManagementRejection message is presented below:
7048
Message Item Value
Header
DownloadTransfer False
FormatVersion 5.0
ExchangeIdentification 549
CreationDateTime 2011-08-23T22:45:02.31+02:00
InitiatingParty
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
RecipientParty
Identification epas-acquirer-TM1
Type MasterTerminalManager
Reject
RejectReason Security
AdditionalInformation Invalid SecurityTrailer/KeyIdentification/KeyVersion
MessageInError <?xml version="1.0" encoding="UTF-8"?><Document
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="urn:iso:std:iso:20022:tech:xsd:catm.001.001.05"><StsRpt><Hdr><Dwnl
dTrf>false</DwnldTrf><FrmtVrsn>5.0</FrmtVrsn><XchgId>549</XchgId><Cre
DtTm>2013-08-
23T22:45:00.01+02:00</CreDtTm><InitgPty><Id>66000001</Id><Tp>OPOI</T
p><Issr>MTMG</Issr></InitgPty><RcptPty><Id>epas-acquirer-
TM1</Id><Tp>MTMG</Tp></RcptPty></Hdr><StsRpt><POIId><Id>66000001<
/Id><Tp>OPOI</Tp><Issr>MTMG</Issr></POIId><TermnlMgrId><Id>epas-
acquirer-
TM1</Id><Tp>MTMG</Tp></TermnlMgrId><DataSet><Id><Tp>STRP</Tp><Cr
eDtTm>2013-08-
23T22:45:00.01+02:00</CreDtTm></Id><Cntt><POICpblties><CardRdngCpblti
es>CICC</CardRdngCpblties><CardRdngCpblties>MGST</CardRdngCpblties
></POICpblties><POICmpnt><Tp>SERV</Tp><Id><ItmNb>1</ItmNb><PrvdrId
>EPASVendor001</PrvdrId></Id></POICmpnt><POICmpnt><Tp>TERM</Tp><
Id><ItmNb>1.1</ItmNb><PrvdrId>EPASVendor001</PrvdrId><Id>Counter Top
E41</Id><SrlNb>7825410759</SrlNb></Id></POICmpnt><POICmpnt><Tp>DV
CE</Tp><Id><ItmNb>1.1.1</ItmNb><PrvdrId>EPASVendor001</PrvdrId><Id>
PIN Pad
T25</Id><SrlNb>1825410759</SrlNb></Id></POICmpnt><POICmpnt><Tp>EM
VK</Tp><Id><ItmNb>1.1.1.1</ItmNb><PrvdrId>EPASVendor003</PrvdrId></Id
><Sts><VrsnNb>7.1</VrsnNb></Sts></POICmpnt><POICmpnt><Tp>APLI</Tp
><Id><ItmNb>1.1.2</ItmNb><PrvdrId>EPASVendor002</PrvdrId></Id><Sts><
VrsnNb>1.0</VrsnNb></Sts><StdCmplc><Id>SEPA-
FAST</Id><Vrsn>3.0</Vrsn><Issr>CIR</Issr></StdCmplc></POICmpnt><POIC
mpnt><Tp>APPR</Tp><Id><ItmNb>1.1.2.1</ItmNb><PrvdrId>EPASAcquirer01
</PrvdrId></Id><Sts><VrsnNb>20110807143500</VrsnNb></Sts></POICmpnt
><POIDtTm>2013-08-
23T22:45:00.01+02:00</POIDtTm><DataSetReqrd><Id><Tp>MGTP</Tp></Id>
</DataSetReqrd></Cntt></DataSet></StsRpt><SctyTrlr><CnttTp>AUTH</CnttT
p><AuthntcdData><Rcpt><KEK><KEKId><KeyId>SpecV1TestKey</KeyId><K
eyVrsn>2010060715</KeyVrsn><DerivtnId>OYclpQE=</DerivtnId></KEKId><K
eyNcrptnAlgo><Algo>DKP9</Algo></KeyNcrptnAlgo><NcrptdKey>4pAgABc=</
NcrptdKey></KEK></Rcpt><MACAlgo><Algo>MCCS</Algo></MACAlgo><Ncp
sltdCntt><CnttTp>DATA</CnttTp></NcpsltdCntt><MAC>
SSO3hoKXk6U=</MAC></AuthntcdData></SctyTrlr></StsRpt></Document>

7049
7050

9 Message Examples Page 248


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7051 The base64 representation of the StatusReport message example (without transport protocol header –
7052 e.g. the 4 bytes of length with TCP) is:
7053
7054 0000 50 44 39 34 62 57 77 67 64 6D 56 79 63 32 6C 76 |PD94bWwgdmVyc2lv|
7055 0010 62 6A 30 69 4D 53 34 77 49 69 42 6C 62 6D 4E 76 |bj0iMS4wIiBlbmNv|
7056 0020 5A 47 6C 75 5A 7A 30 69 56 56 52 47 4C 54 67 69 |ZGluZz0iVVRGLTgi|
7057 0030 50 7A 34 38 52 47 39 6A 64 57 31 6C 62 6E 51 67 |Pz48RG9jdW1lbnQg|
7058 0040 65 47 31 73 62 6E 4D 36 65 48 4E 70 50 53 4A 6F |eG1sbnM6eHNpPSJo|
7059 0050 64 48 52 77 4F 69 38 76 64 33 64 33 4C 6E 63 7A |dHRwOi8vd3d3Lncz|
7060 0060 4C 6D 39 79 5A 79 38 79 4D 44 41 78 4C 31 68 4E |Lm9yZy8yMDAxL1hN|
7061 0070 54 46 4E 6A 61 47 56 74 59 53 31 70 62 6E 4E 30 |TFNjaGVtYS1pbnN0|
7062 0080 59 57 35 6A 5A 53 49 67 65 47 31 73 62 6E 4D 39 |YW5jZSIgeG1sbnM9|
7063 0090 49 6E 56 79 62 6A 70 70 63 32 38 36 63 33 52 6B |InVybjppc286c3Rk|
7064 00A0 4F 6D 6C 7A 62 7A 6F 79 4D 44 41 79 4D 6A 70 30 |OmlzbzoyMDAyMjp0|
7065 00B0 5A 57 4E 6F 4F 6E 68 7A 5A 44 70 6A 59 58 52 74 |ZWNoOnhzZDpjYXRt|
7066 00C0 4C 6A 41 77 4D 53 34 77 4D 44 45 75 4D 44 55 69 |LjAwMS4wMDEuMDUi|
7067 00D0 50 6A 78 54 64 48 4E 53 63 48 51 2B 50 45 68 6B |PjxTdHNScHQ+PEhk|
7068 00E0 63 6A 34 38 52 48 64 75 62 47 52 55 63 6D 59 2B |cj48RHdubGRUcmY+|
7069 00F0 5A 6D 46 73 63 32 55 38 4C 30 52 33 62 6D 78 6B |ZmFsc2U8L0R3bmxk|
7070 0100 56 48 4A 6D 50 6A 78 47 63 6D 31 30 56 6E 4A 7A |VHJmPjxGcm10VnJz|
7071 0110 62 6A 34 31 4C 6A 41 38 4C 30 5A 79 62 58 52 57 |bj41LjA8L0ZybXRW|
7072 0120 63 6E 4E 75 50 6A 78 59 59 32 68 6E 53 57 51 2B |cnNuPjxYY2hnSWQ+|
7073 0130 4E 54 51 35 50 43 39 59 59 32 68 6E 53 57 51 2B |NTQ5PC9YY2hnSWQ+|
7074 0140 50 45 4E 79 5A 55 52 30 56 47 30 2B 4D 6A 41 78 |PENyZUR0VG0+MjAx|
7075 0150 4D 79 30 77 4F 43 30 79 4D 31 51 79 4D 6A 6F 30 |My0wOC0yM1QyMjo0|
7076 0160 4E 54 6F 77 4D 43 34 77 4D 53 73 77 4D 6A 6F 77 |NTowMC4wMSswMjow|
7077 0170 4D 44 77 76 51 33 4A 6C 52 48 52 55 62 54 34 38 |MDwvQ3JlRHRUbT48|
7078 0180 53 57 35 70 64 47 64 51 64 48 6B 2B 50 45 6C 6B |SW5pdGdQdHk+PElk|
7079 0190 50 6A 59 32 4D 44 41 77 4D 44 41 78 50 43 39 4A |PjY2MDAwMDAxPC9J|
7080 01A0 5A 44 34 38 56 48 41 2B 54 31 42 50 53 54 77 76 |ZD48VHA+T1BPSTwv|
7081 01B0 56 48 41 2B 50 45 6C 7A 63 33 49 2B 54 56 52 4E |VHA+PElzc3I+TVRN|
7082 01C0 52 7A 77 76 53 58 4E 7A 63 6A 34 38 4C 30 6C 75 |RzwvSXNzcj48L0lu|
7083 01D0 61 58 52 6E 55 48 52 35 50 6A 78 53 59 33 42 30 |aXRnUHR5PjxSY3B0|
7084 01E0 55 48 52 35 50 6A 78 4A 5A 44 35 6C 63 47 46 7A |UHR5PjxJZD5lcGFz|
7085 01F0 4C 57 46 6A 63 58 56 70 63 6D 56 79 4C 56 52 4E |LWFjcXVpcmVyLVRN|
7086 0200 4D 54 77 76 53 57 51 2B 50 46 52 77 50 6B 31 55 |MTwvSWQ+PFRwPk1U|
7087 0210 54 55 63 38 4C 31 52 77 50 6A 77 76 55 6D 4E 77 |TUc8L1RwPjwvUmNw|
7088 0220 64 46 42 30 65 54 34 38 4C 30 68 6B 63 6A 34 38 |dFB0eT48L0hkcj48|
7089 0230 55 33 52 7A 55 6E 42 30 50 6A 78 51 54 30 6C 4A |U3RzUnB0PjxQT0lJ|
7090 0240 5A 44 34 38 53 57 51 2B 4E 6A 59 77 4D 44 41 77 |ZD48SWQ+NjYwMDAw|
7091 0250 4D 44 45 38 4C 30 6C 6B 50 6A 78 55 63 44 35 50 |MDE8L0lkPjxUcD5P|
7092 0260 55 45 39 4A 50 43 39 55 63 44 34 38 53 58 4E 7A |UE9JPC9UcD48SXNz|
7093 0270 63 6A 35 4E 56 45 31 48 50 43 39 4A 63 33 4E 79 |cj5NVE1HPC9Jc3Ny|
7094 0280 50 6A 77 76 55 45 39 4A 53 57 51 2B 50 46 52 6C |PjwvUE9JSWQ+PFRl|
7095 0290 63 6D 31 75 62 45 31 6E 63 6B 6C 6B 50 6A 78 4A |cm1ubE1ncklkPjxJ|
7096 02A0 5A 44 35 6C 63 47 46 7A 4C 57 46 6A 63 58 56 70 |ZD5lcGFzLWFjcXVp|
7097 02B0 63 6D 56 79 4C 56 52 4E 4D 54 77 76 53 57 51 2B |cmVyLVRNMTwvSWQ+|
7098 02C0 50 46 52 77 50 6B 31 55 54 55 63 38 4C 31 52 77 |PFRwPk1UTUc8L1Rw|
7099 02D0 50 6A 77 76 56 47 56 79 62 57 35 73 54 57 64 79 |PjwvVGVybW5sTWdy|
7100 02E0 53 57 51 2B 50 45 52 68 64 47 46 54 5A 58 51 2B |SWQ+PERhdGFTZXQ+|
7101 02F0 50 45 6C 6B 50 6A 78 55 63 44 35 54 56 46 4A 51 |PElkPjxUcD5TVFJQ|
7102 0300 50 43 39 55 63 44 34 38 51 33 4A 6C 52 48 52 55 |PC9UcD48Q3JlRHRU|
7103 0310 62 54 34 79 4D 44 45 7A 4C 54 41 34 4C 54 49 7A |bT4yMDEzLTA4LTIz|
7104 0320 56 44 49 79 4F 6A 51 31 4F 6A 41 77 4C 6A 41 78 |VDIyOjQ1OjAwLjAx|
7105 0330 4B 7A 41 79 4F 6A 41 77 50 43 39 44 63 6D 56 45 |KzAyOjAwPC9DcmVE|
7106 0340 64 46 52 74 50 6A 77 76 53 57 51 2B 50 45 4E 75 |dFRtPjwvSWQ+PENu|
7107 0350 64 48 51 2B 50 46 42 50 53 55 4E 77 59 6D 78 30 |dHQ+PFBPSUNwYmx0|
7108 0360 61 57 56 7A 50 6A 78 44 59 58 4A 6B 55 6D 52 75 |aWVzPjxDYXJkUmRu|
7109 0370 5A 30 4E 77 59 6D 78 30 61 57 56 7A 50 6B 4E 4A |Z0NwYmx0aWVzPkNJ|
7110 0380 51 30 4D 38 4C 30 4E 68 63 6D 52 53 5A 47 35 6E |Q0M8L0NhcmRSZG5n|
7111 0390 51 33 42 69 62 48 52 70 5A 58 4D 2B 50 45 4E 68 |Q3BibHRpZXM+PENh|
7112 03A0 63 6D 52 53 5A 47 35 6E 51 33 42 69 62 48 52 70 |cmRSZG5nQ3BibHRp|
7113 03B0 5A 58 4D 2B 54 55 64 54 56 44 77 76 51 32 46 79 |ZXM+TUdTVDwvQ2Fy|
7114 03C0 5A 46 4A 6B 62 6D 64 44 63 47 4A 73 64 47 6C 6C |ZFJkbmdDcGJsdGll|
7115 03D0 63 7A 34 38 4C 31 42 50 53 55 4E 77 59 6D 78 30 |cz48L1BPSUNwYmx0|
7116 03E0 61 57 56 7A 50 6A 78 51 54 30 6C 44 62 58 42 75 |aWVzPjxQT0lDbXBu|
7117 03F0 64 44 34 38 56 48 41 2B 55 30 56 53 56 6A 77 76 |dD48VHA+U0VSVjwv|
7118 0400 56 48 41 2B 50 45 6C 6B 50 6A 78 4A 64 47 31 4F |VHA+PElkPjxJdG1O|

9 Message Examples Page 249


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7119 0410 59 6A 34 78 50 43 39 4A 64 47 31 4F 59 6A 34 38 |Yj4xPC9JdG1OYj48|


7120 0420 55 48 4A 32 5A 48 4A 4A 5A 44 35 46 55 45 46 54 |UHJ2ZHJJZD5FUEFT|
7121 0430 56 6D 56 75 5A 47 39 79 4D 44 41 78 50 43 39 51 |VmVuZG9yMDAxPC9Q|
7122 0440 63 6E 5A 6B 63 6B 6C 6B 50 6A 77 76 53 57 51 2B |cnZkcklkPjwvSWQ+|
7123 0450 50 43 39 51 54 30 6C 44 62 58 42 75 64 44 34 38 |PC9QT0lDbXBudD48|
7124 0460 55 45 39 4A 51 32 31 77 62 6E 51 2B 50 46 52 77 |UE9JQ21wbnQ+PFRw|
7125 0470 50 6C 52 46 55 6B 30 38 4C 31 52 77 50 6A 78 4A |PlRFUk08L1RwPjxJ|
7126 0480 5A 44 34 38 53 58 52 74 54 6D 49 2B 4D 53 34 78 |ZD48SXRtTmI+MS4x|
7127 0490 50 43 39 4A 64 47 31 4F 59 6A 34 38 55 48 4A 32 |PC9JdG1OYj48UHJ2|
7128 04A0 5A 48 4A 4A 5A 44 35 46 55 45 46 54 56 6D 56 75 |ZHJJZD5FUEFTVmVu|
7129 04B0 5A 47 39 79 4D 44 41 78 50 43 39 51 63 6E 5A 6B |ZG9yMDAxPC9QcnZk|
7130 04C0 63 6B 6C 6B 50 6A 78 4A 5A 44 35 44 62 33 56 75 |cklkPjxJZD5Db3Vu|
7131 04D0 64 47 56 79 49 46 52 76 63 43 42 46 4E 44 45 38 |dGVyIFRvcCBFNDE8|
7132 04E0 4C 30 6C 6B 50 6A 78 54 63 6D 78 4F 59 6A 34 33 |L0lkPjxTcmxOYj43|
7133 04F0 4F 44 49 31 4E 44 45 77 4E 7A 55 35 50 43 39 54 |ODI1NDEwNzU5PC9T|
7134 0500 63 6D 78 4F 59 6A 34 38 4C 30 6C 6B 50 6A 77 76 |cmxOYj48L0lkPjwv|
7135 0510 55 45 39 4A 51 32 31 77 62 6E 51 2B 50 46 42 50 |UE9JQ21wbnQ+PFBP|
7136 0520 53 55 4E 74 63 47 35 30 50 6A 78 55 63 44 35 45 |SUNtcG50PjxUcD5E|
7137 0530 56 6B 4E 46 50 43 39 55 63 44 34 38 53 57 51 2B |VkNFPC9UcD48SWQ+|
7138 0540 50 45 6C 30 62 55 35 69 50 6A 45 75 4D 53 34 78 |PEl0bU5iPjEuMS4x|
7139 0550 50 43 39 4A 64 47 31 4F 59 6A 34 38 55 48 4A 32 |PC9JdG1OYj48UHJ2|
7140 0560 5A 48 4A 4A 5A 44 35 46 55 45 46 54 56 6D 56 75 |ZHJJZD5FUEFTVmVu|
7141 0570 5A 47 39 79 4D 44 41 78 50 43 39 51 63 6E 5A 6B |ZG9yMDAxPC9QcnZk|
7142 0580 63 6B 6C 6B 50 6A 78 4A 5A 44 35 51 53 55 34 67 |cklkPjxJZD5QSU4g|
7143 0590 55 47 46 6B 49 46 51 79 4E 54 77 76 53 57 51 2B |UGFkIFQyNTwvSWQ+|
7144 05A0 50 46 4E 79 62 45 35 69 50 6A 45 34 4D 6A 55 30 |PFNybE5iPjE4MjU0|
7145 05B0 4D 54 41 33 4E 54 6B 38 4C 31 4E 79 62 45 35 69 |MTA3NTk8L1NybE5i|
7146 05C0 50 6A 77 76 53 57 51 2B 50 43 39 51 54 30 6C 44 |PjwvSWQ+PC9QT0lD|
7147 05D0 62 58 42 75 64 44 34 38 55 45 39 4A 51 32 31 77 |bXBudD48UE9JQ21w|
7148 05E0 62 6E 51 2B 50 46 52 77 50 6B 56 4E 56 6B 73 38 |bnQ+PFRwPkVNVks8|
7149 05F0 4C 31 52 77 50 6A 78 4A 5A 44 34 38 53 58 52 74 |L1RwPjxJZD48SXRt|
7150 0600 54 6D 49 2B 4D 53 34 78 4C 6A 45 75 4D 54 77 76 |TmI+MS4xLjEuMTwv|
7151 0610 53 58 52 74 54 6D 49 2B 50 46 42 79 64 6D 52 79 |SXRtTmI+PFBydmRy|
7152 0620 53 57 51 2B 52 56 42 42 55 31 5A 6C 62 6D 52 76 |SWQ+RVBBU1ZlbmRv|
7153 0630 63 6A 41 77 4D 7A 77 76 55 48 4A 32 5A 48 4A 4A |cjAwMzwvUHJ2ZHJJ|
7154 0640 5A 44 34 38 4C 30 6C 6B 50 6A 78 54 64 48 4D 2B |ZD48L0lkPjxTdHM+|
7155 0650 50 46 5A 79 63 32 35 4F 59 6A 34 33 4C 6A 45 38 |PFZyc25OYj43LjE8|
7156 0660 4C 31 5A 79 63 32 35 4F 59 6A 34 38 4C 31 4E 30 |L1Zyc25OYj48L1N0|
7157 0670 63 7A 34 38 4C 31 42 50 53 55 4E 74 63 47 35 30 |cz48L1BPSUNtcG50|
7158 0680 50 6A 78 51 54 30 6C 44 62 58 42 75 64 44 34 38 |PjxQT0lDbXBudD48|
7159 0690 56 48 41 2B 51 56 42 4D 53 54 77 76 56 48 41 2B |VHA+QVBMSTwvVHA+|
7160 06A0 50 45 6C 6B 50 6A 78 4A 64 47 31 4F 59 6A 34 78 |PElkPjxJdG1OYj4x|
7161 06B0 4C 6A 45 75 4D 6A 77 76 53 58 52 74 54 6D 49 2B |LjEuMjwvSXRtTmI+|
7162 06C0 50 46 42 79 64 6D 52 79 53 57 51 2B 52 56 42 42 |PFBydmRySWQ+RVBB|
7163 06D0 55 31 5A 6C 62 6D 52 76 63 6A 41 77 4D 6A 77 76 |U1ZlbmRvcjAwMjwv|
7164 06E0 55 48 4A 32 5A 48 4A 4A 5A 44 34 38 4C 30 6C 6B |UHJ2ZHJJZD48L0lk|
7165 06F0 50 6A 78 54 64 48 4D 2B 50 46 5A 79 63 32 35 4F |PjxTdHM+PFZyc25O|
7166 0700 59 6A 34 78 4C 6A 41 38 4C 31 5A 79 63 32 35 4F |Yj4xLjA8L1Zyc25O|
7167 0710 59 6A 34 38 4C 31 4E 30 63 7A 34 38 55 33 52 6B |Yj48L1N0cz48U3Rk|
7168 0720 51 32 31 77 62 47 4D 2B 50 45 6C 6B 50 6C 4E 46 |Q21wbGM+PElkPlNF|
7169 0730 55 45 45 74 52 6B 46 54 56 44 77 76 53 57 51 2B |UEEtRkFTVDwvSWQ+|
7170 0740 50 46 5A 79 63 32 34 2B 4D 79 34 77 50 43 39 57 |PFZyc24+My4wPC9W|
7171 0750 63 6E 4E 75 50 6A 78 4A 63 33 4E 79 50 6B 4E 4A |cnNuPjxJc3NyPkNJ|
7172 0760 55 6A 77 76 53 58 4E 7A 63 6A 34 38 4C 31 4E 30 |UjwvSXNzcj48L1N0|
7173 0770 5A 45 4E 74 63 47 78 6A 50 6A 77 76 55 45 39 4A |ZENtcGxjPjwvUE9J|
7174 0780 51 32 31 77 62 6E 51 2B 50 46 42 50 53 55 4E 74 |Q21wbnQ+PFBPSUNt|
7175 0790 63 47 35 30 50 6A 78 55 63 44 35 42 55 46 42 53 |cG50PjxUcD5BUFBS|
7176 07A0 50 43 39 55 63 44 34 38 53 57 51 2B 50 45 6C 30 |PC9UcD48SWQ+PEl0|
7177 07B0 62 55 35 69 50 6A 45 75 4D 53 34 79 4C 6A 45 38 |bU5iPjEuMS4yLjE8|
7178 07C0 4C 30 6C 30 62 55 35 69 50 6A 78 51 63 6E 5A 6B |L0l0bU5iPjxQcnZk|
7179 07D0 63 6B 6C 6B 50 6B 56 51 51 56 4E 42 59 33 46 31 |cklkPkVQQVNBY3F1|
7180 07E0 61 58 4A 6C 63 6A 41 78 50 43 39 51 63 6E 5A 6B |aXJlcjAxPC9QcnZk|
7181 07F0 63 6B 6C 6B 50 6A 77 76 53 57 51 2B 50 46 4E 30 |cklkPjwvSWQ+PFN0|
7182 0800 63 7A 34 38 56 6E 4A 7A 62 6B 35 69 50 6A 49 77 |cz48VnJzbk5iPjIw|
7183 0810 4D 54 45 77 4F 44 41 33 4D 54 51 7A 4E 54 41 77 |MTEwODA3MTQzNTAw|
7184 0820 50 43 39 57 63 6E 4E 75 54 6D 49 2B 50 43 39 54 |PC9WcnNuTmI+PC9T|
7185 0830 64 48 4D 2B 50 43 39 51 54 30 6C 44 62 58 42 75 |dHM+PC9QT0lDbXBu|
7186 0840 64 44 34 38 55 45 39 4A 52 48 52 55 62 54 34 79 |dD48UE9JRHRUbT4y|
7187 0850 4D 44 45 7A 4C 54 41 34 4C 54 49 7A 56 44 49 79 |MDEzLTA4LTIzVDIy|

9 Message Examples Page 250


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7188 0860 4F 6A 51 31 4F 6A 41 77 4C 6A 41 78 4B 7A 41 79 |OjQ1OjAwLjAxKzAy|


7189 0870 4F 6A 41 77 50 43 39 51 54 30 6C 45 64 46 52 74 |OjAwPC9QT0lEdFRt|
7190 0880 50 6A 78 45 59 58 52 68 55 32 56 30 55 6D 56 78 |PjxEYXRhU2V0UmVx|
7191 0890 63 6D 51 2B 50 45 6C 6B 50 6A 78 55 63 44 35 4E |cmQ+PElkPjxUcD5N|
7192 08A0 52 31 52 51 50 43 39 55 63 44 34 38 4C 30 6C 6B |R1RQPC9UcD48L0lk|
7193 08B0 50 6A 77 76 52 47 46 30 59 56 4E 6C 64 46 4A 6C |PjwvRGF0YVNldFJl|
7194 08C0 63 58 4A 6B 50 6A 77 76 51 32 35 30 64 44 34 38 |cXJkPjwvQ250dD48|
7195 08D0 4C 30 52 68 64 47 46 54 5A 58 51 2B 50 43 39 54 |L0RhdGFTZXQ+PC9T|
7196 08E0 64 48 4E 53 63 48 51 2B 50 46 4E 6A 64 48 6C 55 |dHNScHQ+PFNjdHlU|
7197 08F0 63 6D 78 79 50 6A 78 44 62 6E 52 30 56 48 41 2B |cmxyPjxDbnR0VHA+|
7198 0900 51 56 56 55 53 44 77 76 51 32 35 30 64 46 52 77 |QVVUSDwvQ250dFRw|
7199 0910 50 6A 78 42 64 58 52 6F 62 6E 52 6A 5A 45 52 68 |PjxBdXRobnRjZERh|
7200 0920 64 47 45 2B 50 46 4A 6A 63 48 51 2B 50 45 74 46 |dGE+PFJjcHQ+PEtF|
7201 0930 53 7A 34 38 53 30 56 4C 53 57 51 2B 50 45 74 6C |Sz48S0VLSWQ+PEtl|
7202 0940 65 55 6C 6B 50 6C 4E 77 5A 57 4E 57 4D 56 52 6C |eUlkPlNwZWNWMVRl|
7203 0950 63 33 52 4C 5A 58 6B 38 4C 30 74 6C 65 55 6C 6B |c3RLZXk8L0tleUlk|
7204 0960 50 6A 78 4C 5A 58 6C 57 63 6E 4E 75 50 6A 49 77 |PjxLZXlWcnNuPjIw|
7205 0970 4D 54 41 77 4E 6A 41 33 4D 54 55 38 4C 30 74 6C |MTAwNjA3MTU8L0tl|
7206 0980 65 56 5A 79 63 32 34 2B 50 45 52 6C 63 6D 6C 32 |eVZyc24+PERlcml2|
7207 0990 64 47 35 4A 5A 44 35 50 57 57 4E 73 63 46 46 46 |dG5JZD5PWWNscFFF|
7208 09A0 50 54 77 76 52 47 56 79 61 58 5A 30 62 6B 6C 6B |PTwvRGVyaXZ0bklk|
7209 09B0 50 6A 77 76 53 30 56 4C 53 57 51 2B 50 45 74 6C |PjwvS0VLSWQ+PEtl|
7210 09C0 65 55 35 6A 63 6E 42 30 62 6B 46 73 5A 32 38 2B |eU5jcnB0bkFsZ28+|
7211 09D0 50 45 46 73 5A 32 38 2B 52 45 74 51 4F 54 77 76 |PEFsZ28+REtQOTwv|
7212 09E0 51 57 78 6E 62 7A 34 38 4C 30 74 6C 65 55 35 6A |QWxnbz48L0tleU5j|
7213 09F0 63 6E 42 30 62 6B 46 73 5A 32 38 2B 50 45 35 6A |cnB0bkFsZ28+PE5j|
7214 0A00 63 6E 42 30 5A 45 74 6C 65 54 34 30 63 45 46 6E |cnB0ZEtleT40cEFn|
7215 0A10 51 55 4A 6A 50 54 77 76 54 6D 4E 79 63 48 52 6B |QUJjPTwvTmNycHRk|
7216 0A20 53 32 56 35 50 6A 77 76 53 30 56 4C 50 6A 77 76 |S2V5PjwvS0VLPjwv|
7217 0A30 55 6D 4E 77 64 44 34 38 54 55 46 44 51 57 78 6E |UmNwdD48TUFDQWxn|
7218 0A40 62 7A 34 38 51 57 78 6E 62 7A 35 4E 51 30 4E 54 |bz48QWxnbz5NQ0NT|
7219 0A50 50 43 39 42 62 47 64 76 50 6A 77 76 54 55 46 44 |PC9BbGdvPjwvTUFD|
7220 0A60 51 57 78 6E 62 7A 34 38 54 6D 4E 77 63 32 78 30 |QWxnbz48TmNwc2x0|
7221 0A70 5A 45 4E 75 64 48 51 2B 50 45 4E 75 64 48 52 55 |ZENudHQ+PENudHRU|
7222 0A80 63 44 35 45 51 56 52 42 50 43 39 44 62 6E 52 30 |cD5EQVRBPC9DbnR0|
7223 0A90 56 48 41 2B 50 43 39 4F 59 33 42 7A 62 48 52 6B |VHA+PC9OY3BzbHRk|
7224 0AA0 51 32 35 30 64 44 34 38 54 55 46 44 50 69 42 54 |Q250dD48TUFDPiBT|
7225 0AB0 55 30 38 7A 61 47 39 4C 57 47 73 32 56 54 30 38 |U08zaG9LWGs2VT08|
7226 0AC0 4C 30 31 42 51 7A 34 38 4C 30 46 31 64 47 68 75 |L01BQz48L0F1dGhu|
7227 0AD0 64 47 4E 6B 52 47 46 30 59 54 34 38 4C 31 4E 6A |dGNkRGF0YT48L1Nj|
7228 0AE0 64 48 6C 55 63 6D 78 79 50 6A 77 76 55 33 52 7A |dHlUcmxyPjwvU3Rz|
7229 0AF0 55 6E 42 30 50 6A 77 76 52 47 39 6A 64 57 31 6C |UnB0PjwvRG9jdW1l|
7230 0B00 62 6E 51 2B |bnQ+ |
7231
7232 The XML encoded TerminalManagementRejection message is presented below.
7233
7234 <?xml version="1.0" encoding="UTF-8"?>
7235 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
7236 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.004.001.04">
7237 <TermnlMgmtRjctn>
7238 <Hdr>
7239 <DwnldTrf>false</DwnldTrf>
7240 <FrmtVrsn>4.0</FrmtVrsn>
7241 <XchgId>549</XchgId>
7242 <CreDtTm>2011-08-23T22:45:02.31+02:00</CreDtTm>
7243 <InitgPty>
7244 <Id>66000001</Id>
7245 <Tp>OPOI</Tp>
7246 <Issr>MTMG</Issr>
7247 </InitgPty>
7248 <RcptPty>
7249 <Id>epas-acquirer-TM1</Id>
7250 <Tp>MTMG</Tp>
7251 </RcptPty>
7252 </Hdr>
7253 <Rjct>
7254 <RjctRsn>SECU</RjctRsn>

9 Message Examples Page 251


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7255 <AddtlInf>Key version not available</AddtlInf>


7256 <MsgInErr>
7257 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48RG9jdW1lbnQgeG1sbnM6e
7258 HNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM9In
7259 Vybjppc286c3RkOmlzbzoyMDAyMjp0ZWNoOnhzZDpjYXRtLjAwMS4wMDEuMDUiPjxTdHNScHQ
7260 +PEhkcj48RHdubGRUcmY+ZmFsc2U8L0R3bmxkVHJmPjxGcm10VnJzbj41LjA8L0ZybXRWcnNu
7261 PjxYY2hnSWQ+NTQ5PC9YY2hnSWQ+PENyZUR0VG0+MjAxMy0wOC0yM1QyMjo0NTowMC4wMSswM
7262 jowMDwvQ3JlRHRUbT48SW5pdGdQdHk+PElkPjY2MDAwMDAxPC9JZD48VHA+T1BPSTwvVHA+PE
7263 lzc3I+TVRNRzwvSXNzcj48L0luaXRnUHR5PjxSY3B0UHR5PjxJZD5lcGFzLWFjcXVpcmVyLVR
7264 NMTwvSWQ+PFRwPk1UTUc8L1RwPjwvUmNwdFB0eT48L0hkcj48U3RzUnB0PjxQT0lJZD48SWQ+
7265 NjYwMDAwMDE8L0lkPjxUcD5PUE9JPC9UcD48SXNzcj5NVE1HPC9Jc3NyPjwvUE9JSWQ+PFRlc
7266 m1ubE1ncklkPjxJZD5lcGFzLWFjcXVpcmVyLVRNMTwvSWQ+PFRwPk1UTUc8L1RwPjwvVGVybW
7267 5sTWdySWQ+PERhdGFTZXQ+PElkPjxUcD5TVFJQPC9UcD48Q3JlRHRUbT4yMDEzLTA4LTIzVDI
7268 yOjQ1OjAwLjAxKzAyOjAwPC9DcmVEdFRtPjwvSWQ+PENudHQ+PFBPSUNwYmx0aWVzPjxDYXJk
7269 UmRuZ0NwYmx0aWVzPkNJQ0M8L0NhcmRSZG5nQ3BibHRpZXM+PENhcmRSZG5nQ3BibHRpZXM+T
7270 UdTVDwvQ2FyZFJkbmdDcGJsdGllcz48L1BPSUNwYmx0aWVzPjxQT0lDbXBudD48VHA+U0VSVj
7271 wvVHA+PElkPjxJdG1OYj4xPC9JdG1OYj48UHJ2ZHJJZD5FUEFTVmVuZG9yMDAxPC9QcnZkckl
7272 kPjwvSWQ+PC9QT0lDbXBudD48UE9JQ21wbnQ+PFRwPlRFUk08L1RwPjxJZD48SXRtTmI+MS4x
7273 PC9JdG1OYj48UHJ2ZHJJZD5FUEFTVmVuZG9yMDAxPC9QcnZkcklkPjxJZD5Db3VudGVyIFRvc
7274 CBFNDE8L0lkPjxTcmxOYj43ODI1NDEwNzU5PC9TcmxOYj48L0lkPjwvUE9JQ21wbnQ+PFBPSU
7275 NtcG50PjxUcD5EVkNFPC9UcD48SWQ+PEl0bU5iPjEuMS4xPC9JdG1OYj48UHJ2ZHJJZD5FUEF
7276 TVmVuZG9yMDAxPC9QcnZkcklkPjxJZD5QSU4gUGFkIFQyNTwvSWQ+PFNybE5iPjE4MjU0MTA3
7277 NTk8L1NybE5iPjwvSWQ+PC9QT0lDbXBudD48UE9JQ21wbnQ+PFRwPkVNVks8L1RwPjxJZD48S
7278 XRtTmI+MS4xLjEuMTwvSXRtTmI+PFBydmRySWQ+RVBBU1ZlbmRvcjAwMzwvUHJ2ZHJJZD48L0
7279 lkPjxTdHM+PFZyc25OYj43LjE8L1Zyc25OYj48L1N0cz48L1BPSUNtcG50PjxQT0lDbXBudD4
7280 8VHA+QVBMSTwvVHA+PElkPjxJdG1OYj4xLjEuMjwvSXRtTmI+PFBydmRySWQ+RVBBU1ZlbmRv
7281 cjAwMjwvUHJ2ZHJJZD48L0lkPjxTdHM+PFZyc25OYj4xLjA8L1Zyc25OYj48L1N0cz48U3RkQ
7282 21wbGM+PElkPlNFUEEtRkFTVDwvSWQ+PFZyc24+My4wPC9WcnNuPjxJc3NyPkNJUjwvSXNzcj
7283 48L1N0ZENtcGxjPjwvUE9JQ21wbnQ+PFBPSUNtcG50PjxUcD5BUFBSPC9UcD48SWQ+PEl0bU5
7284 iPjEuMS4yLjE8L0l0bU5iPjxQcnZkcklkPkVQQVNBY3F1aXJlcjAxPC9QcnZkcklkPjwvSWQ+
7285 PFN0cz48VnJzbk5iPjIwMTEwODA3MTQzNTAwPC9WcnNuTmI+PC9TdHM+PC9QT0lDbXBudD48U
7286 E9JRHRUbT4yMDEzLTA4LTIzVDIyOjQ1OjAwLjAxKzAyOjAwPC9QT0lEdFRtPjxEYXRhU2V0Um
7287 VxcmQ+PElkPjxUcD5NR1RQPC9UcD48L0lkPjwvRGF0YVNldFJlcXJkPjwvQ250dD48L0RhdGF
7288 TZXQ+PC9TdHNScHQ+PFNjdHlUcmxyPjxDbnR0VHA+QVVUSDwvQ250dFRwPjxBdXRobnRjZERh
7289 dGE+PFJjcHQ+PEtFSz48S0VLSWQ+PEtleUlkPlNwZWNWMVRlc3RLZXk8L0tleUlkPjxLZXlWc
7290 nNuPjIwMTAwNjA3MTU8L0tleVZyc24+PERlcml2dG5JZD5PWWNscFFFPTwvRGVyaXZ0bklkPj
7291 wvS0VLSWQ+PEtleU5jcnB0bkFsZ28+PEFsZ28+REtQOTwvQWxnbz48L0tleU5jcnB0bkFsZ28
7292 +PE5jcnB0ZEtleT40cEFnQUJjPTwvTmNycHRkS2V5PjwvS0VLPjwvUmNwdD48TUFDQWxnbz48
7293 QWxnbz5NQ0NTPC9BbGdvPjwvTUFDQWxnbz48TmNwc2x0ZENudHQ+PENudHRUcD5EQVRBPC9Db
7294 nR0VHA+PC9OY3BzbHRkQ250dD48TUFDPiBTU08zaG9LWGs2VT08L01BQz48L0F1dGhudGNkRG
7295 F0YT48L1NjdHlUcmxyPjwvU3RzUnB0PjwvRG9jdW1lbnQ+</MsgInErr>
7296 </Rjct>
7297 </TermnlMgmtRjctn>
7298 </Document>
7299

9 Message Examples Page 252


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7300 The message sent by the transport protocol is:


7301 0000 00 00 0D 33 3C 3F 78 6D 6C 20 76 65 72 73 69 6F | 3<?xml versio|
7302 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
7303 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
7304 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
7305 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
7306 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
7307 0060 69 6E 73 74 61 6E 63 65 22 78 6D 6C 6E 73 3D 22 |instance"xmlns="|
7308 0070 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F 3A |urn:iso:std:iso:|
7309 0080 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A 63 |20022:tech:xsd:c|
7310 0090 61 74 6D 2E 30 30 34 2E 30 30 31 2E 30 34 22 3E |atm.004.001.04">|
7311 00A0 3C 54 65 72 6D 6E 6C 4D 67 6D 74 52 6A 63 74 6E |<TermnlMgmtRjctn|
7312 00B0 3E 3C 48 64 72 3E 3C 44 77 6E 6C 64 54 72 66 3E |><Hdr><DwnldTrf>|
7313 00C0 66 61 6C 73 65 3C 2F 44 77 6E 6C 64 54 72 66 3E |false</DwnldTrf>|
7314 00D0 3C 46 72 6D 74 56 72 73 6E 3E 34 2E 30 3C 2F 46 |<FrmtVrsn>4.0</F|
7315 00E0 72 6D 74 56 72 73 6E 3E 3C 58 63 68 67 49 64 3E |rmtVrsn><XchgId>|
7316 00F0 35 34 39 3C 2F 58 63 68 67 49 64 3E 3C 43 72 65 |549</XchgId><Cre|
7317 0100 44 74 54 6D 3E 32 30 31 31 2D 30 38 2D 32 33 54 |DtTm>2011-08-23T|
7318 0110 32 32 3A 34 35 3A 30 32 2E 33 31 2B 30 32 3A 30 |22:45:02.31+02:0|
7319 0120 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 49 6E 69 74 |0</CreDtTm><Init|
7320 0130 67 50 74 79 3E 3C 49 64 3E 36 36 30 30 30 30 30 |gPty><Id>6600000|
7321 0140 31 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F |1</Id><Tp>OPOI</|
7322 0150 54 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 |Tp><Issr>MTMG</I|
7323 0160 73 73 72 3E 3C 2F 49 6E 69 74 67 50 74 79 3E 3C |ssr></InitgPty><|
7324 0170 52 63 70 74 50 74 79 3E 3C 49 64 3E 65 70 61 73 |RcptPty><Id>epas|
7325 0180 2D 61 63 71 75 69 72 65 72 2D 54 4D 31 3C 2F 49 |-acquirer-TM1</I|
7326 0190 64 3E 3C 54 70 3E 4D 54 4D 47 3C 2F 54 70 3E 3C |d><Tp>MTMG</Tp><|
7327 01A0 2F 52 63 70 74 50 74 79 3E 3C 2F 48 64 72 3E 3C |/RcptPty></Hdr><|
7328 01B0 52 6A 63 74 3E 3C 52 6A 63 74 52 73 6E 3E 53 45 |Rjct><RjctRsn>SE|
7329 01C0 43 55 3C 2F 52 6A 63 74 52 73 6E 3E 3C 41 64 64 |CU</RjctRsn><Add|
7330 01D0 74 6C 49 6E 66 3E 4B 65 79 20 76 65 72 73 69 6F |tlInf>Key versio|
7331 01E0 6E 20 6E 6F 74 20 61 76 61 69 6C 61 62 6C 65 3C |n not available<|
7332 01F0 2F 41 64 64 74 6C 49 6E 66 3E 3C 4D 73 67 49 6E |/AddtlInf><MsgIn|
7333 0200 45 72 72 3E 20 50 44 39 34 62 57 77 67 64 6D 56 |Err> PD94bWwgdmV|
7334 0210 79 63 32 6C 76 62 6A 30 69 4D 53 34 77 49 69 42 |yc2lvbj0iMS4wIiB|
7335 0220 6C 62 6D 4E 76 5A 47 6C 75 5A 7A 30 69 56 56 52 |lbmNvZGluZz0iVVR|
7336 0230 47 4C 54 67 69 50 7A 34 38 52 47 39 6A 64 57 31 |GLTgiPz48RG9jdW1|
7337 0240 6C 62 6E 51 67 65 47 31 73 62 6E 4D 36 65 48 4E |lbnQgeG1sbnM6eHN|
7338 0250 70 50 53 4A 6F 64 48 52 77 4F 69 38 76 64 33 64 |pPSJodHRwOi8vd3d|
7339 0260 33 4C 6E 63 7A 4C 6D 39 79 5A 79 38 79 4D 44 41 |3LnczLm9yZy8yMDA|
7340 0270 78 4C 31 68 4E 54 46 4E 6A 61 47 56 74 59 53 31 |xL1hNTFNjaGVtYS1|
7341 0280 70 62 6E 4E 30 59 57 35 6A 5A 53 49 67 65 47 31 |pbnN0YW5jZSIgeG1|
7342 0290 73 62 6E 4D 39 49 6E 56 79 62 6A 70 70 63 32 38 |sbnM9InVybjppc28|
7343 02A0 36 63 33 52 6B 4F 6D 6C 7A 62 7A 6F 79 4D 44 41 |6c3RkOmlzbzoyMDA|
7344 02B0 79 4D 6A 70 30 5A 57 4E 6F 4F 6E 68 7A 5A 44 70 |yMjp0ZWNoOnhzZDp|
7345 02C0 6A 59 58 52 74 4C 6A 41 77 4D 53 34 77 4D 44 45 |jYXRtLjAwMS4wMDE|
7346 02D0 75 4D 44 55 69 50 6A 78 54 64 48 4E 53 63 48 51 |uMDUiPjxTdHNScHQ|
7347 02E0 2B 50 45 68 6B 63 6A 34 38 52 48 64 75 62 47 52 |+PEhkcj48RHdubGR|
7348 02F0 55 63 6D 59 2B 5A 6D 46 73 63 32 55 38 4C 30 52 |UcmY+ZmFsc2U8L0R|
7349 0300 33 62 6D 78 6B 56 48 4A 6D 50 6A 78 47 63 6D 31 |3bmxkVHJmPjxGcm1|
7350 0310 30 56 6E 4A 7A 62 6A 34 31 4C 6A 41 38 4C 30 5A |0VnJzbj41LjA8L0Z|
7351 0320 79 62 58 52 57 63 6E 4E 75 50 6A 78 59 59 32 68 |ybXRWcnNuPjxYY2h|
7352 0330 6E 53 57 51 2B 4E 54 51 35 50 43 39 59 59 32 68 |nSWQ+NTQ5PC9YY2h|
7353 0340 6E 53 57 51 2B 50 45 4E 79 5A 55 52 30 56 47 30 |nSWQ+PENyZUR0VG0|
7354 0350 2B 4D 6A 41 78 4D 79 30 77 4F 43 30 79 4D 31 51 |+MjAxMy0wOC0yM1Q|
7355 0360 79 4D 6A 6F 30 4E 54 6F 77 4D 43 34 77 4D 53 73 |yMjo0NTowMC4wMSs|
7356 0370 77 4D 6A 6F 77 4D 44 77 76 51 33 4A 6C 52 48 52 |wMjowMDwvQ3JlRHR|
7357 0380 55 62 54 34 38 53 57 35 70 64 47 64 51 64 48 6B |UbT48SW5pdGdQdHk|
7358 0390 2B 50 45 6C 6B 50 6A 59 32 4D 44 41 77 4D 44 41 |+PElkPjY2MDAwMDA|
7359 03A0 78 50 43 39 4A 5A 44 34 38 56 48 41 2B 54 31 42 |xPC9JZD48VHA+T1B|
7360 03B0 50 53 54 77 76 56 48 41 2B 50 45 6C 7A 63 33 49 |PSTwvVHA+PElzc3I|
7361 03C0 2B 54 56 52 4E 52 7A 77 76 53 58 4E 7A 63 6A 34 |+TVRNRzwvSXNzcj4|
7362 03D0 38 4C 30 6C 75 61 58 52 6E 55 48 52 35 50 6A 78 |8L0luaXRnUHR5Pjx|
7363 03E0 53 59 33 42 30 55 48 52 35 50 6A 78 4A 5A 44 35 |SY3B0UHR5PjxJZD5|
7364 03F0 6C 63 47 46 7A 4C 57 46 6A 63 58 56 70 63 6D 56 |lcGFzLWFjcXVpcmV|
7365 0400 79 4C 56 52 4E 4D 54 77 76 53 57 51 2B 50 46 52 |yLVRNMTwvSWQ+PFR|
7366 0410 77 50 6B 31 55 54 55 63 38 4C 31 52 77 50 6A 77 |wPk1UTUc8L1RwPjw|
7367 0420 76 55 6D 4E 77 64 46 42 30 65 54 34 38 4C 30 68 |vUmNwdFB0eT48L0h|
7368 0430 6B 63 6A 34 38 55 33 52 7A 55 6E 42 30 50 6A 78 |kcj48U3RzUnB0Pjx|

9 Message Examples Page 253


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7369 0440 51 54 30 6C 4A 5A 44 34 38 53 57 51 2B 4E 6A 59 |QT0lJZD48SWQ+NjY|


7370 0450 77 4D 44 41 77 4D 44 45 38 4C 30 6C 6B 50 6A 78 |wMDAwMDE8L0lkPjx|
7371 0460 55 63 44 35 50 55 45 39 4A 50 43 39 55 63 44 34 |UcD5PUE9JPC9UcD4|
7372 0470 38 53 58 4E 7A 63 6A 35 4E 56 45 31 48 50 43 39 |8SXNzcj5NVE1HPC9|
7373 0480 4A 63 33 4E 79 50 6A 77 76 55 45 39 4A 53 57 51 |Jc3NyPjwvUE9JSWQ|
7374 0490 2B 50 46 52 6C 63 6D 31 75 62 45 31 6E 63 6B 6C |+PFRlcm1ubE1nckl|
7375 04A0 6B 50 6A 78 4A 5A 44 35 6C 63 47 46 7A 4C 57 46 |kPjxJZD5lcGFzLWF|
7376 04B0 6A 63 58 56 70 63 6D 56 79 4C 56 52 4E 4D 54 77 |jcXVpcmVyLVRNMTw|
7377 04C0 76 53 57 51 2B 50 46 52 77 50 6B 31 55 54 55 63 |vSWQ+PFRwPk1UTUc|
7378 04D0 38 4C 31 52 77 50 6A 77 76 56 47 56 79 62 57 35 |8L1RwPjwvVGVybW5|
7379 04E0 73 54 57 64 79 53 57 51 2B 50 45 52 68 64 47 46 |sTWdySWQ+PERhdGF|
7380 04F0 54 5A 58 51 2B 50 45 6C 6B 50 6A 78 55 63 44 35 |TZXQ+PElkPjxUcD5|
7381 0500 54 56 46 4A 51 50 43 39 55 63 44 34 38 51 33 4A |TVFJQPC9UcD48Q3J|
7382 0510 6C 52 48 52 55 62 54 34 79 4D 44 45 7A 4C 54 41 |lRHRUbT4yMDEzLTA|
7383 0520 34 4C 54 49 7A 56 44 49 79 4F 6A 51 31 4F 6A 41 |4LTIzVDIyOjQ1OjA|
7384 0530 77 4C 6A 41 78 4B 7A 41 79 4F 6A 41 77 50 43 39 |wLjAxKzAyOjAwPC9|
7385 0540 44 63 6D 56 45 64 46 52 74 50 6A 77 76 53 57 51 |DcmVEdFRtPjwvSWQ|
7386 0550 2B 50 45 4E 75 64 48 51 2B 50 46 42 50 53 55 4E |+PENudHQ+PFBPSUN|
7387 0560 77 59 6D 78 30 61 57 56 7A 50 6A 78 44 59 58 4A |wYmx0aWVzPjxDYXJ|
7388 0570 6B 55 6D 52 75 5A 30 4E 77 59 6D 78 30 61 57 56 |kUmRuZ0NwYmx0aWV|
7389 0580 7A 50 6B 4E 4A 51 30 4D 38 4C 30 4E 68 63 6D 52 |zPkNJQ0M8L0NhcmR|
7390 0590 53 5A 47 35 6E 51 33 42 69 62 48 52 70 5A 58 4D |SZG5nQ3BibHRpZXM|
7391 05A0 2B 50 45 4E 68 63 6D 52 53 5A 47 35 6E 51 33 42 |+PENhcmRSZG5nQ3B|
7392 05B0 69 62 48 52 70 5A 58 4D 2B 54 55 64 54 56 44 77 |ibHRpZXM+TUdTVDw|
7393 05C0 76 51 32 46 79 5A 46 4A 6B 62 6D 64 44 63 47 4A |vQ2FyZFJkbmdDcGJ|
7394 05D0 73 64 47 6C 6C 63 7A 34 38 4C 31 42 50 53 55 4E |sdGllcz48L1BPSUN|
7395 05E0 77 59 6D 78 30 61 57 56 7A 50 6A 78 51 54 30 6C |wYmx0aWVzPjxQT0l|
7396 05F0 44 62 58 42 75 64 44 34 38 56 48 41 2B 55 30 56 |DbXBudD48VHA+U0V|
7397 0600 53 56 6A 77 76 56 48 41 2B 50 45 6C 6B 50 6A 78 |SVjwvVHA+PElkPjx|
7398 0610 4A 64 47 31 4F 59 6A 34 78 50 43 39 4A 64 47 31 |JdG1OYj4xPC9JdG1|
7399 0620 4F 59 6A 34 38 55 48 4A 32 5A 48 4A 4A 5A 44 35 |OYj48UHJ2ZHJJZD5|
7400 0630 46 55 45 46 54 56 6D 56 75 5A 47 39 79 4D 44 41 |FUEFTVmVuZG9yMDA|
7401 0640 78 50 43 39 51 63 6E 5A 6B 63 6B 6C 6B 50 6A 77 |xPC9QcnZkcklkPjw|
7402 0650 76 53 57 51 2B 50 43 39 51 54 30 6C 44 62 58 42 |vSWQ+PC9QT0lDbXB|
7403 0660 75 64 44 34 38 55 45 39 4A 51 32 31 77 62 6E 51 |udD48UE9JQ21wbnQ|
7404 0670 2B 50 46 52 77 50 6C 52 46 55 6B 30 38 4C 31 52 |+PFRwPlRFUk08L1R|
7405 0680 77 50 6A 78 4A 5A 44 34 38 53 58 52 74 54 6D 49 |wPjxJZD48SXRtTmI|
7406 0690 2B 4D 53 34 78 50 43 39 4A 64 47 31 4F 59 6A 34 |+MS4xPC9JdG1OYj4|
7407 06A0 38 55 48 4A 32 5A 48 4A 4A 5A 44 35 46 55 45 46 |8UHJ2ZHJJZD5FUEF|
7408 06B0 54 56 6D 56 75 5A 47 39 79 4D 44 41 78 50 43 39 |TVmVuZG9yMDAxPC9|
7409 06C0 51 63 6E 5A 6B 63 6B 6C 6B 50 6A 78 4A 5A 44 35 |QcnZkcklkPjxJZD5|
7410 06D0 44 62 33 56 75 64 47 56 79 49 46 52 76 63 43 42 |Db3VudGVyIFRvcCB|
7411 06E0 46 4E 44 45 38 4C 30 6C 6B 50 6A 78 54 63 6D 78 |FNDE8L0lkPjxTcmx|
7412 06F0 4F 59 6A 34 33 4F 44 49 31 4E 44 45 77 4E 7A 55 |OYj43ODI1NDEwNzU|
7413 0700 35 50 43 39 54 63 6D 78 4F 59 6A 34 38 4C 30 6C |5PC9TcmxOYj48L0l|
7414 0710 6B 50 6A 77 76 55 45 39 4A 51 32 31 77 62 6E 51 |kPjwvUE9JQ21wbnQ|
7415 0720 2B 50 46 42 50 53 55 4E 74 63 47 35 30 50 6A 78 |+PFBPSUNtcG50Pjx|
7416 0730 55 63 44 35 45 56 6B 4E 46 50 43 39 55 63 44 34 |UcD5EVkNFPC9UcD4|
7417 0740 38 53 57 51 2B 50 45 6C 30 62 55 35 69 50 6A 45 |8SWQ+PEl0bU5iPjE|
7418 0750 75 4D 53 34 78 50 43 39 4A 64 47 31 4F 59 6A 34 |uMS4xPC9JdG1OYj4|
7419 0760 38 55 48 4A 32 5A 48 4A 4A 5A 44 35 46 55 45 46 |8UHJ2ZHJJZD5FUEF|
7420 0770 54 56 6D 56 75 5A 47 39 79 4D 44 41 78 50 43 39 |TVmVuZG9yMDAxPC9|
7421 0780 51 63 6E 5A 6B 63 6B 6C 6B 50 6A 78 4A 5A 44 35 |QcnZkcklkPjxJZD5|
7422 0790 51 53 55 34 67 55 47 46 6B 49 46 51 79 4E 54 77 |QSU4gUGFkIFQyNTw|
7423 07A0 76 53 57 51 2B 50 46 4E 79 62 45 35 69 50 6A 45 |vSWQ+PFNybE5iPjE|
7424 07B0 34 4D 6A 55 30 4D 54 41 33 4E 54 6B 38 4C 31 4E |4MjU0MTA3NTk8L1N|
7425 07C0 79 62 45 35 69 50 6A 77 76 53 57 51 2B 50 43 39 |ybE5iPjwvSWQ+PC9|
7426 07D0 51 54 30 6C 44 62 58 42 75 64 44 34 38 55 45 39 |QT0lDbXBudD48UE9|
7427 07E0 4A 51 32 31 77 62 6E 51 2B 50 46 52 77 50 6B 56 |JQ21wbnQ+PFRwPkV|
7428 07F0 4E 56 6B 73 38 4C 31 52 77 50 6A 78 4A 5A 44 34 |NVks8L1RwPjxJZD4|
7429 0800 38 53 58 52 74 54 6D 49 2B 4D 53 34 78 4C 6A 45 |8SXRtTmI+MS4xLjE|
7430 0810 75 4D 54 77 76 53 58 52 74 54 6D 49 2B 50 46 42 |uMTwvSXRtTmI+PFB|
7431 0820 79 64 6D 52 79 53 57 51 2B 52 56 42 42 55 31 5A |ydmRySWQ+RVBBU1Z|
7432 0830 6C 62 6D 52 76 63 6A 41 77 4D 7A 77 76 55 48 4A |lbmRvcjAwMzwvUHJ|
7433 0840 32 5A 48 4A 4A 5A 44 34 38 4C 30 6C 6B 50 6A 78 |2ZHJJZD48L0lkPjx|
7434 0850 54 64 48 4D 2B 50 46 5A 79 63 32 35 4F 59 6A 34 |TdHM+PFZyc25OYj4|
7435 0860 33 4C 6A 45 38 4C 31 5A 79 63 32 35 4F 59 6A 34 |3LjE8L1Zyc25OYj4|
7436 0870 38 4C 31 4E 30 63 7A 34 38 4C 31 42 50 53 55 4E |8L1N0cz48L1BPSUN|
7437 0880 74 63 47 35 30 50 6A 78 51 54 30 6C 44 62 58 42 |tcG50PjxQT0lDbXB|

9 Message Examples Page 254


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7438 0890 75 64 44 34 38 56 48 41 2B 51 56 42 4D 53 54 77 |udD48VHA+QVBMSTw|


7439 08A0 76 56 48 41 2B 50 45 6C 6B 50 6A 78 4A 64 47 31 |vVHA+PElkPjxJdG1|
7440 08B0 4F 59 6A 34 78 4C 6A 45 75 4D 6A 77 76 53 58 52 |OYj4xLjEuMjwvSXR|
7441 08C0 74 54 6D 49 2B 50 46 42 79 64 6D 52 79 53 57 51 |tTmI+PFBydmRySWQ|
7442 08D0 2B 52 56 42 42 55 31 5A 6C 62 6D 52 76 63 6A 41 |+RVBBU1ZlbmRvcjA|
7443 08E0 77 4D 6A 77 76 55 48 4A 32 5A 48 4A 4A 5A 44 34 |wMjwvUHJ2ZHJJZD4|
7444 08F0 38 4C 30 6C 6B 50 6A 78 54 64 48 4D 2B 50 46 5A |8L0lkPjxTdHM+PFZ|
7445 0900 79 63 32 35 4F 59 6A 34 78 4C 6A 41 38 4C 31 5A |yc25OYj4xLjA8L1Z|
7446 0910 79 63 32 35 4F 59 6A 34 38 4C 31 4E 30 63 7A 34 |yc25OYj48L1N0cz4|
7447 0920 38 55 33 52 6B 51 32 31 77 62 47 4D 2B 50 45 6C |8U3RkQ21wbGM+PEl|
7448 0930 6B 50 6C 4E 46 55 45 45 74 52 6B 46 54 56 44 77 |kPlNFUEEtRkFTVDw|
7449 0940 76 53 57 51 2B 50 46 5A 79 63 32 34 2B 4D 79 34 |vSWQ+PFZyc24+My4|
7450 0950 77 50 43 39 57 63 6E 4E 75 50 6A 78 4A 63 33 4E |wPC9WcnNuPjxJc3N|
7451 0960 79 50 6B 4E 4A 55 6A 77 76 53 58 4E 7A 63 6A 34 |yPkNJUjwvSXNzcj4|
7452 0970 38 4C 31 4E 30 5A 45 4E 74 63 47 78 6A 50 6A 77 |8L1N0ZENtcGxjPjw|
7453 0980 76 55 45 39 4A 51 32 31 77 62 6E 51 2B 50 46 42 |vUE9JQ21wbnQ+PFB|
7454 0990 50 53 55 4E 74 63 47 35 30 50 6A 78 55 63 44 35 |PSUNtcG50PjxUcD5|
7455 09A0 42 55 46 42 53 50 43 39 55 63 44 34 38 53 57 51 |BUFBSPC9UcD48SWQ|
7456 09B0 2B 50 45 6C 30 62 55 35 69 50 6A 45 75 4D 53 34 |+PEl0bU5iPjEuMS4|
7457 09C0 79 4C 6A 45 38 4C 30 6C 30 62 55 35 69 50 6A 78 |yLjE8L0l0bU5iPjx|
7458 09D0 51 63 6E 5A 6B 63 6B 6C 6B 50 6B 56 51 51 56 4E |QcnZkcklkPkVQQVN|
7459 09E0 42 59 33 46 31 61 58 4A 6C 63 6A 41 78 50 43 39 |BY3F1aXJlcjAxPC9|
7460 09F0 51 63 6E 5A 6B 63 6B 6C 6B 50 6A 77 76 53 57 51 |QcnZkcklkPjwvSWQ|
7461 0A00 2B 50 46 4E 30 63 7A 34 38 56 6E 4A 7A 62 6B 35 |+PFN0cz48VnJzbk5|
7462 0A10 69 50 6A 49 77 4D 54 45 77 4F 44 41 33 4D 54 51 |iPjIwMTEwODA3MTQ|
7463 0A20 7A 4E 54 41 77 50 43 39 57 63 6E 4E 75 54 6D 49 |zNTAwPC9WcnNuTmI|
7464 0A30 2B 50 43 39 54 64 48 4D 2B 50 43 39 51 54 30 6C |+PC9TdHM+PC9QT0l|
7465 0A40 44 62 58 42 75 64 44 34 38 55 45 39 4A 52 48 52 |DbXBudD48UE9JRHR|
7466 0A50 55 62 54 34 79 4D 44 45 7A 4C 54 41 34 4C 54 49 |UbT4yMDEzLTA4LTI|
7467 0A60 7A 56 44 49 79 4F 6A 51 31 4F 6A 41 77 4C 6A 41 |zVDIyOjQ1OjAwLjA|
7468 0A70 78 4B 7A 41 79 4F 6A 41 77 50 43 39 51 54 30 6C |xKzAyOjAwPC9QT0l|
7469 0A80 45 64 46 52 74 50 6A 78 45 59 58 52 68 55 32 56 |EdFRtPjxEYXRhU2V|
7470 0A90 30 55 6D 56 78 63 6D 51 2B 50 45 6C 6B 50 6A 78 |0UmVxcmQ+PElkPjx|
7471 0AA0 55 63 44 35 4E 52 31 52 51 50 43 39 55 63 44 34 |UcD5NR1RQPC9UcD4|
7472 0AB0 38 4C 30 6C 6B 50 6A 77 76 52 47 46 30 59 56 4E |8L0lkPjwvRGF0YVN|
7473 0AC0 6C 64 46 4A 6C 63 58 4A 6B 50 6A 77 76 51 32 35 |ldFJlcXJkPjwvQ25|
7474 0AD0 30 64 44 34 38 4C 30 52 68 64 47 46 54 5A 58 51 |0dD48L0RhdGFTZXQ|
7475 0AE0 2B 50 43 39 54 64 48 4E 53 63 48 51 2B 50 46 4E |+PC9TdHNScHQ+PFN|
7476 0AF0 6A 64 48 6C 55 63 6D 78 79 50 6A 78 44 62 6E 52 |jdHlUcmxyPjxDbnR|
7477 0B00 30 56 48 41 2B 51 56 56 55 53 44 77 76 51 32 35 |0VHA+QVVUSDwvQ25|
7478 0B10 30 64 46 52 77 50 6A 78 42 64 58 52 6F 62 6E 52 |0dFRwPjxBdXRobnR|
7479 0B20 6A 5A 45 52 68 64 47 45 2B 50 46 4A 6A 63 48 51 |jZERhdGE+PFJjcHQ|
7480 0B30 2B 50 45 74 46 53 7A 34 38 53 30 56 4C 53 57 51 |+PEtFSz48S0VLSWQ|
7481 0B40 2B 50 45 74 6C 65 55 6C 6B 50 6C 4E 77 5A 57 4E |+PEtleUlkPlNwZWN|
7482 0B50 57 4D 56 52 6C 63 33 52 4C 5A 58 6B 38 4C 30 74 |WMVRlc3RLZXk8L0t|
7483 0B60 6C 65 55 6C 6B 50 6A 78 4C 5A 58 6C 57 63 6E 4E |leUlkPjxLZXlWcnN|
7484 0B70 75 50 6A 49 77 4D 54 41 77 4E 6A 41 33 4D 54 55 |uPjIwMTAwNjA3MTU|
7485 0B80 38 4C 30 74 6C 65 56 5A 79 63 32 34 2B 50 45 52 |8L0tleVZyc24+PER|
7486 0B90 6C 63 6D 6C 32 64 47 35 4A 5A 44 35 50 57 57 4E |lcml2dG5JZD5PWWN|
7487 0BA0 73 63 46 46 46 50 54 77 76 52 47 56 79 61 58 5A |scFFFPTwvRGVyaXZ|
7488 0BB0 30 62 6B 6C 6B 50 6A 77 76 53 30 56 4C 53 57 51 |0bklkPjwvS0VLSWQ|
7489 0BC0 2B 50 45 74 6C 65 55 35 6A 63 6E 42 30 62 6B 46 |+PEtleU5jcnB0bkF|
7490 0BD0 73 5A 32 38 2B 50 45 46 73 5A 32 38 2B 52 45 74 |sZ28+PEFsZ28+REt|
7491 0BE0 51 4F 54 77 76 51 57 78 6E 62 7A 34 38 4C 30 74 |QOTwvQWxnbz48L0t|
7492 0BF0 6C 65 55 35 6A 63 6E 42 30 62 6B 46 73 5A 32 38 |leU5jcnB0bkFsZ28|
7493 0C00 2B 50 45 35 6A 63 6E 42 30 5A 45 74 6C 65 54 34 |+PE5jcnB0ZEtleT4|
7494 0C10 30 63 45 46 6E 51 55 4A 6A 50 54 77 76 54 6D 4E |0cEFnQUJjPTwvTmN|
7495 0C20 79 63 48 52 6B 53 32 56 35 50 6A 77 76 53 30 56 |ycHRkS2V5PjwvS0V|
7496 0C30 4C 50 6A 77 76 55 6D 4E 77 64 44 34 38 54 55 46 |LPjwvUmNwdD48TUF|
7497 0C40 44 51 57 78 6E 62 7A 34 38 51 57 78 6E 62 7A 35 |DQWxnbz48QWxnbz5|
7498 0C50 4E 51 30 4E 54 50 43 39 42 62 47 64 76 50 6A 77 |NQ0NTPC9BbGdvPjw|
7499 0C60 76 54 55 46 44 51 57 78 6E 62 7A 34 38 54 6D 4E |vTUFDQWxnbz48TmN|
7500 0C70 77 63 32 78 30 5A 45 4E 75 64 48 51 2B 50 45 4E |wc2x0ZENudHQ+PEN|
7501 0C80 75 64 48 52 55 63 44 35 45 51 56 52 42 50 43 39 |udHRUcD5EQVRBPC9|
7502 0C90 44 62 6E 52 30 56 48 41 2B 50 43 39 4F 59 33 42 |DbnR0VHA+PC9OY3B|
7503 0CA0 7A 62 48 52 6B 51 32 35 30 64 44 34 38 54 55 46 |zbHRkQ250dD48TUF|
7504 0CB0 44 50 69 42 54 55 30 38 7A 61 47 39 4C 57 47 73 |DPiBTU08zaG9LWGs|
7505 0CC0 32 56 54 30 38 4C 30 31 42 51 7A 34 38 4C 30 46 |2VT08L01BQz48L0F|
7506 0CD0 31 64 47 68 75 64 47 4E 6B 52 47 46 30 59 54 34 |1dGhudGNkRGF0YT4|

9 Message Examples Page 255


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7507 0CE0 38 4C 31 4E 6A 64 48 6C 55 63 6D 78 79 50 6A 77 |8L1NjdHlUcmxyPjw|


7508 0CF0 76 55 33 52 7A 55 6E 42 30 50 6A 77 76 52 47 39 |vU3RzUnB0PjwvRG9|
7509 0D00 6A 64 57 31 6C 62 6E 51 2B 3C 2F 4D 73 67 49 6E |jdW1lbnQ+</MsgIn|
7510 0D10 45 72 72 3E 3C 2F 52 6A 63 74 3E 3C 2F 54 65 72 |Err></Rjct></Ter|
7511 0D20 6D 6E 6C 4D 67 6D 74 52 6A 63 74 6E 3E 3C 2F 44 |mnlMgmtRjctn></D|
7512 0D30 6F 63 75 6D 65 6E 74 3E |ocument> |
7513
7514
7515

9 Message Examples Page 256


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7516 10 Alternative Message Exchanges


7517 The Message Definition Report of the TMS protocol is describing the TMS messages without mentioning
7518 the transport mechanism used to exchange the data.
7519 The transport mechanism used may vary for each message but only the following alternatives are
7520 described in the document:
7521 1. Message Exchange only (see section 10.1):
7522 o StatusReport as request and ManagementPlanReplacement as response message
7523 o StatusReport as request and AcceptorConfigurationUpdate as response message
7524 2. File Transfer only (see section 10.2):
7525 o StatusReport uploaded per file transfer protocol
7526 o ManagementPlanReplacement downloaded per file transfer protocol
7527 o AcceptorConfigurationUpdate downloaded per file transfer protocol
7528 3. Message Exchange and File Transfer (see section 10.3):
7529 o StatusReport as request and ManagementPlanReplacement as response message
7530 o AcceptorConfigurationUpdate downloaded per file transfer protocol
7531 Depending on the applied transport protocol the contents of some message element may differ (e.g.
7532 DataSetRequired in the StatusReport, Action.DataSetIdentification.Name in the
7533 ManagementPlanReplacement and the cryptographic mechanism used in the SecurityTrailer).
7534
7535 Currently, the following messages are Message Exchange only.
7536  MaintenanceDelegationRequest
7537  MaintenanceDelegationResponse
7538  CertificateManagement
7539  CertificateManagementResponse,
7540  TerminalManagementRejection.
7541

7542 10.1 Message Exchange only


7543 This section describes the TMS protocol and the handling of the messages by the POI and TMS if the
7544 StatusReport, the ManagementPlanReplacement and the AcceptorConfigurationUpdate are exchanged
7545 as messages only.
7546 The StatusReport message is used to request either the response messages
7547  ManagementPlanReplacement or
7548  AcceptorConfigurationUpdate.
7549 The ManagementPlanReplacement response message is requested by the POI using the StatusReport
7550 message containing the message element DataSetRequired. The type of message in the
7551 DataSetIdentification is "ManagementPlan" then.
7552 The AcceptorConfigurationUpdate response message is requested by the POI using the StatusReport
7553 message containing the message element DataSetRequired. The Type of dataset in the
7554 DataSetIdentification is e.g "AcquirerParameters" or "ApplicationParameters".
7555 The diagram in figure 16 shows the scenario described above. The card acceptor establishes a
7556 communication session manually.
7557 The POI sends the StatusReport to inform the MTM about the parameter versions already installed and
7558 receives in the response the management plan generated by the MTM. The new management plan
7559 contains a list of actions to be performed:

10 Alternative Message Exchanges Page 257


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7560 1. The StatusReport as request for AcceptorConfigurationUpdate containing the new acquirer
7561 parameters.
7562 2. The StatusReport as request for a new management plan.
7563 If the trigger of the first action is reached the POI sends the StatusReport and receives the new acquirer
7564 parameters in the response. Afterwards the POI sends a StatusReport as request message with the
7565 result of the parameter update and gets back the new management plan in the response.
7566
7567
7568
POI MTM
POI initiates terminal StatusReport
1
management
2
lan Replacement
ManagementP

StatusReport
3

4
rationU pdate
AcceptorConfigu

StatusReport
5

6
lan Replacement
ManagementP

7569
7570 Figure 16: TMS messages transferred as message exchanges
7571

7572 10.1.1 Upload StatusReport


7573 A StatusReport is sent when:
7574 The action Upload StatusReport is initiated when the StartTime in the message element TimeCondition is
7575 reached.
7576 The action requests the download of a management plan or a parameters download.
7577 The POI processing for sending a StatusReport to a Terminal Manager is the following one:
7578 1. The timing conditions of all outstanding TMS actions are analysed.
7579 2. If a StartTime is reached for the upload of the StatusReport, this action is initiated.
7580 3. The POI builds MessageBody, optionally the SecurityTrailer and MessageHeader of the
7581 StatusReport file as described in section 2.2.
7582 4. The POI sends the message to the TMS using the address defined in the TMS action or the local
7583 configuration of the POI.
7584

7585 10.1.2 ManagementPlanReplacement


7586 The response message contains the new management plan. The POI replaces the current management
7587 plan and analyses the new one.
7588 The new Management plan may contain several actions:
7589  actions to request new parameters with an absolute start time.
7590  the sending of a status report after WaitingTime

10 Alternative Message Exchanges Page 258


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7591  the sending of a status report at a given StartTime


7592  the last action instructs to request a new management plan

7593 10.1.2.1 Processing of the ManagementPlanReplacement


7594
7595 1. The POI checks the optional signature of the received message.
7596 2. The POI stores the version of the management plan in the log of Event.
7597 3. CreationDate is used to identify the management plan.
7598 4. The list of TMS actions in Action is analysed:
7599  The actions are analysed for correctness
7600  The presence of mandatory data elements is checked
7601  All existing data elements have to be correctly formatted.
7602  The validation of the dataset is performed according to section 3.2 but the data element
7603
7604 Identification.Name must exist for each download.

10 Alternative Message Exchanges Page 259


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7605 10.1.2.2 Excecution of the ManagementPlanReplacement


7606 The ManagementPlanReplacement contents complies with the contents described in section 3.
7607
7608 ManagementPlanReplacement (example 1)
7609
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - - Download AcquirerParameters
D1 Download ManagementPlan
7610
7611 1. The POI requests acquirer parameters when the StartTime T0 is reached.
7612 2. If the response message containing the acquirer parameters is processed by the POI the POI sends
7613 the result of the parameter update to the TMS after a waiting time D1 and receives a new
7614 management plan in the response message.
7615
7616 ManagementPlanReplacement (example 2).
7617
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - Cycle1 Download - AcquirerParameters
D1 - Download - MerchantParameters
D2 - Download - ManagementPlan
7618
7619 1. The POI requests acquirer parameters when the StartTime T0 is reached.
7620 2. If the response message containing the acquirer parameters is processed the POI requests merchant
7621 parameters after a waiting time D1.
7622 3. If the response message containing the merchant parameters is processed by the POI the POI sends
7623 the result of the parameter update to the TMS after a waiting time D2 and receives a new
7624 management plan in the response message.
7625

7626 10.2 File Transfer only


7627 This section describes the differences of the TMS protocol and the handling of the messages by the POI
7628 and TMS if the StatusReport and the ManagementPlanReplacement are exchanged as files using FTP.
7629 If the ManagementPlanReplacement file is requested by the POI by the StatusReport the message
7630 element DataSetRequired has to be present to inform the TMS to provide the new
7631 ManagementPlanReplacement file on the corresponding file directory.
7632 If the ManagementPlanReplacement file is downloaded by a file transfer to the POI there is no request
7633 necessary. The message element DataSetRequired is not needed then.
7634 The diagram in figure 17 shows the scenario described above.
7635 The card acceptor establishes a FTP session with the MTM. The POI uploads the StatusReport and
7636 downloads a new management plan.
7637 The new management plan of the MTM contains a list of actions to be performed:
7638 1. The download of several AcceptorConfigurationUpdate files (illustrated as loop of actions)
7639 containing new vendor parameters. The acceptor parameters issued by the vendor are
7640 identified by their file name in the definition of the TMS action.
7641 2. The upload of the StatusReport to the MTM for sending the status of the new parameters.

10 Alternative Message Exchanges Page 260


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7642 3. The upload of the StatusReport to one TM for sending the status of the new parameters.
7643 4. The download of the management plan of the TM after a period.
7644 If the trigger of the first action is reached the POI downloads several files containing new acquirer
7645 parameters. Afterwards the POI uploads a StatusReport to the MTM with the result of the download
7646 including the actual version of the acquirer parameter set.
7647 If the trigger of the third action is reached the POI establishes a FTP session with the TM, uploads a
7648 StatusReport and downloads a management plan generated by the TM. The management plan of the TM
7649 contains a list of actions to be performed:
7650 1. The download of several AcceptorConfigurationUpdate files (illustrated as loop of actions)
7651 containing new acquirer parameters. The acceptor parameters issued by the Acquirer are
7652 identified by their file name in the definition of the TMS action.
7653 2. The upload of the StatusReport to the TM for sending the status of the new parameters.
POI MTM TM
POI initiates terminal StatusReport
1
management session
2
lan Replacement
ManagementP

Loop (1,*) 1
rationUpdate
AcceptorConfigu

StatusReport
3

POI initiates terminal


management session using 4 StatusReport
TMS action defined by MTM
5
ManagementPlanReplacement

Loop (1,*) 1
te
AcceptorConfigurationUpda

StatusReport
6

7654
7655
7656
7657 Figure 17: TMS messages transferred as files
7658

10 Alternative Message Exchanges Page 261


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7659 10.2.1 Upload of a StatusReport


7660 The action Upload StatusReport is initiated when StartTime in TimeCondition is reached (StartTime =
7661 dd.mm.yyyy hh.mm.ss).
7662 The POI processing for sending a StatusReport to a Terminal Manager is the following one:
7663 1. The timing conditions of all outstanding TMS actions are analysed.
7664 2. If a StartTime is reached for the upload of the "StatusReport" this action must be started. The
7665 StatusReport contains the log of Event containing at least the last twenty events (Last in, first out)
7666 if already existing. The log must never be erased completely.
7667 3. The POI builds the MessageBody and the optional SecurityTrailer of the StatusReport file as
7668 described in section 2.2.
7669 4. The POI builds the header of the file and generates the file name of the report as follows: "SR"
7670 concatenated with the counter converted to six characters (range '0'-'F') and ".XML".
7671 5. The POI performs the login into the TMS FTP server.
7672 a) If the POI is not able to establish the FTP session, it tries it again according to the
7673 definition in ReTry or saves the error directly in the log of Event with the Result
7674 "ConnectionError", if no retry is defined.
7675 b) If a username and AccessCode is needed to login, the POI uses the corresponding data
7676 in the component Address of the TMS action. If the FTP server denies the access the
7677 POI saves the error in the log of Event with the Result "AccessDenied".
7678 c) If the login was successful the POI changes the directory to Rep. This directory may be
7679 presented by the FTP server as a physical or virtual directory dedicated for this POI.
7680 6. The POI uploads the StatusReport to this directory.
7681 7. If the StartTime or WaitingTime of the next action is shorter than in internally defined period for
7682 the session the FTP session is kept open for the next action.
7683 8. The timing conditions of the remaining actions are analysed. If a StartTime is expired or the delay
7684 to the previous action is reached the action must be started if allowed.
7685 9. If the TimeCondition of the action done contains a Period, the new StartTime is calculated (New
7686 StartTime = StartTime + Period) and stored in the management plan.
7687 10. If no other StartTime is reached the session must be closed.
7688

7689 10.2.2 Download of a ManagementPlanReplacement


7690 The action Download the management plan is initiated when the WaitingTime after the previous action is
7691 reached. The POI analyses the new management plan and replaces the current one if no error has been found .
7692 The new management plan contains several actions:
7693  Actions to download the parameter files with an absolute start time. Usually the parameter
7694 files are downloaded immediately.
7695  Upload of the status report after WaitingTime
7696  Upload of the status report at a given StartTime
7697  The last action instructs to download a new management Plan

7698 10.2.2.1 Processing of a ManagementPlanReplacement


7699
7700 1. The POI performs a login to the TMS FTP server and changes the directory to MgtPlan. The error
7701 handling is performed according to section 10.2.1.
7702 2. The POI downloads the management plan with the file name taken from the specific action or the
7703 default management plan named MP000000.XML if existing and the file to be downloaded does not

10 Alternative Message Exchanges Page 262


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7704 exist. If neither the default management plan nor the specific one exists the POI logs the error in the
7705 log of Event with the Result "MissingFile".
7706 3. The POI checks the optional signature of the received message.
7707 4. The POI checks whether the dataset category present in the Type in the identification corresponds to
7708 the type of file name.
7709 5. The POI stores the version of the management plan in the log of Event.
7710 6. CreationDate is used to identify the management plan.
7711 7. SequenceCounter is used by the TMS to identify all dataset structures with the same CreationDate. It
7712 is used if the dataset is split into several files. SequenceCounter starts with `1`. The last dataset of
7713 the series is identified by the maximum value of the SequenceCounter `9999`.
7714 8. Subsequently the list of Action is analysed.
7715  The actions are analysed for correctness
7716  The presence of mandatory data elements is checked
7717  All existing data elements have to be correctly formatted.
7718  The validation of the files is performed according to section 3.2 but the data element
7719 Identification.Name must exist for each download.

7720

7721 10.2.2.2 Execution of a ManagementPlanReplacement


7722 A ManagementPlanReplacement complies to the contents described in section 3 with two exceptions:
7723 Rule 7 The Upload of the StatusReport and the Download of the ManagementPlanReplacement are
7724 separate actions, so that the ManagementPlanReplacement is not downloaded after each
7725 StatusReport upload.
7726 Rule 8 The message element Identification.Name must always contain the filename to be downloaded.
7727 ManagementPlanReplacement (example 1)
7728
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - - Upload - StatusReport
D1 - Download PA345678.XML AcquirerParameters
D2 - Download MP123456.XML ManagementPlan
7729 The delays D1 and D2 are set according to the reaction time of the TMS for building the files
7730 AcceptorConfigurationUpdate and ManagementReplacement if the content of these files depend on the
7731 StatusReport.
7732
7733 ManagementPlanReplacement (example 2)
7734
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - - Upload - StatusReport
D1 - Download PA345678.XML AcquirerParameters
T1 - - Upload - StatusReport
D2 - Download MP123456.XML ManagementPlan
7735

10 Alternative Message Exchanges Page 263


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7736 ManagementPlanReplacement (example 3)


7737
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - Cycle1 Upload - StatusReport
D1 - Download PA345678.XML AcquirerParameters
D2 - Download PA567890.XML MerchantParameters
T1 - - Upload - StatusReport
D3 - Download MP123456.XML ManagementPlan
7738
7739 ManagementPlanReplacement (example 4)
7740
StartTime WaitingTime Period Type Identification.Name Identification.Type
T0 - Download PA345678.XML MerchantParameters
- D1 Download PA567890.XML AcquirerParameters
- D2 Upload - StatusReport
T1=T0+D4 - Cycle1 Upload - StatusReport
D3 - Download MP123456.XML ManagementPlan
7741

10 Alternative Message Exchanges Page 264


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7742 10.3 Message Exchange and File Transfer


7743 The POI may also use different transport protocols for the exchange of the TMS messages.
7744 Figure 18: TMS messages transferred as both messages and fileshows a scenario where the POI sends
7745 a StatusReport as requested and receives a ManagementPlanReplacement as a response. The
7746 AcceptorConfigurationUpdate is downloaded by the POI as a file using the File Transport Protocol. This
7747 TMS session is initiated by the card acceptor since a TMSTrigger in the response message of the
7748 acquirer has been received.
7749
7750 In this scenario the rules for building a management plan by the MTM - as described in section 10.1 for
7751 the StatusReport and ManagementPlanReplacement apply. The rules of section 5.2 for
7752 AcceptorConfigurationUpdate apply as well.
POI MTM Acquirer
AcceptorAuthorisationR
1 equ est

AcquirerParameters
2 version expired
AcceptorAuthorisationResponse
TMS Trigger sent
StatusReport
3
4
acement
ManagementPlanRepl

Download of the new 5


ionUpdate
acquirer parameters is AcceptorConfigurat
initiated by POI using an
FTP session

StatusReport
( If defined 1
as final
2
action ) acement
ManagementPlanRepl

7753
7754
7755
7756 Figure 18: TMS messages transferred as both messages and file
7757

10 Alternative Message Exchanges Page 265


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7758 11 Error Handling


7759 Below are some basic rules for handling errors:
7760 ERR1: Ignored if the recipient cannot interpret the message components or elements (actually, not to be
7761 considered as an error).
7762 ERR2: The complete message to be discarded and the event to be logged as "FormatError" (e.g.
7763 alphanumeric or binary instead of numeric) if a component or a message element has the wrong format.
7764 ERR3: The complete message to be discarded and the event to be logged as "SyntaxError" (e.g. missing
7765 ending Tag, missing mandatory element, unexpected attributes) if a parsing error occurs.
7766 ERR4: The complete message to be discarded and the event to be logged as "LengthError" if the
7767 message element or the complete message does not respect the defined length (element or component
7768 exceeding the length or being to short).
7769 ERR5: If a message is requested by the POI and the response is not received after a defined period the
7770 event is logged as "Timeout".

7771

7772

11 Error Handling Page 266


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7773 12 Transport Protocol Services


7774 For the nexo TMS Protocol the transport protocol TCP (Transmission Control Protocol, specified in the
7775 RFC 793) or the File Transfer Protocol (FTP) must be used for the transfer of data between the POI and
7776 the TMS. A secure layer on top of these protocols should be used.
7777 FTP is used as download and upload mechanism of the messages described in this document. The POI
7778 System represents the FTP client. The TMS represents the FTP server.
7779 The same filename conventions and structures should be used for other file transport mechanisms (e.g.
7780 for a local update using a USB memory stick).
7781

7782 12.1 File Transfer Protocol


7783 The File Transfer Protocol (FTP6) is the protocol used by the nexo application protocols to transfer files.
7784 This chapter contains the specification of the services of FTP to be implemented by the nexo application
7785 protocols using file transfers.
7786

7787 12.1.1.1 The FTP Model


7788 FTP is a typical client/server protocol, where the client is the POI and the server the TMS host. The FTP
7789 specifications call the client the user in relation to the person who gets file transfer services.
7790 FTP uses two types of transport connections to provide the file transfer services:
7791 1. The Control Connection, which is established at the creation of the FTP session, and carry on the
7792 command request by the client and the response from the server after the processing of the
7793 service.
7794 2. The Data Connection, which is established each time a file has to be exchanged or any data like
7795 the content of a directory. The data connection is release at the end of the transfer.
7796 The set of components of the FTP client and of the FTP server are respectively called User-FTP Process
7797 and Server-FTP Process.

FTP Client
User-FTP Process

User
User Interface
FTP Server
Server-FTP Process

User Protocol Control Connection Server Protocol


Interpreter Interpreter
(User-PI) (Server-PI)

User Data Server Data


File Data Connection File
Transfer Process Transfer Process
System (User-DTP) (Server-DTP) System

7798
7799 Figure 19: The FTP Model
7800

7801 12.1.1.2 FTP Client Components


7802 The User-FTP Process contains the following components:

6 RFC 959, October 1985, by Jon Postel and Joyce Reynolds

12 Transport Protocol Services Page 267


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7803 The User Interface, which provides an interface to the application protocol. An interface to a human user
7804 is not required.
7805 The User Protocol Interpreter (User-PI), which manages the control connection. After the establishment of
7806 the connection, it processes the command requested by the User Interface and send them to the Server
7807 Protocol Interpreter. In addition, it manages the User Data Transfer Process.
7808 The User Data Transfer Process (User-DTP), which establishes or listens to the data connection at the
7809 request of the User Protocol Interpreter. It sends or receive data using the local file transfer where is
7810 implanted the User-FTP Process.
7811

7812 12.1.1.3 FTP Server Components


7813 The Server-FTP Process contains the following components:
7814 The Server Protocol Interpreter (Server-PI), which manages the control connection. It listens to the FTP
7815 reserved port for incoming connection requests coming from clients. It processes the command requested
7816 by the Client, send response on the control connection, and manages the Server Data Transfer Process.
7817 The Server Data Transfer Process (Server -DTP), which establishes or listens to the data connection at
7818 the request of the Server Protocol Interpreter. It sends or receive data using the local file transfer where is
7819 implanted the Server-FTP Process.
7820
7821
7822

12 Transport Protocol Services Page 268


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7823 12.2 File Transfer Services

7824 12.2.1 Access Commands

7825 12.2.1.1 Login Sequence


7826 The command USER UserName is the first command transmitted by the client after the establishment of
7827 the control connection.
7828 This UserName must uniquely identify a POI. For instance, UserName may be based on the identification
7829 of the POI as described in the organisation unit and common name (OU used as Modelname
7830 concatenated with CN used as serial number with a possible separator) of the POI certificate subject
7831 name also used in the message header element InitiatingParty.ShortName.
7832
7833 The command PASS Password is not mandatory, other and more appropriate authentication method has
7834 to be employed. Usually the password is equal to the username (e.g. the password is built by the serial
7835 number of the POI terminal concatenated with the merchant identifier).
7836
7837 The command ACCT Account is not used.
7838

7839 12.2.1.2 FTP Session Termination


7840 The command QUIT is used to close the FTP session and is followed by the release of the control
7841 connection by the client after reception of the response.
7842
7843 The command REIN reinitialises the FTP session without closing it. This command is used when a POI
7844 Server managing several POI, needs to exchange different types of files on the behalf of these POI
7845 Terminals.
7846

7847 12.2.1.3 Directory Positioning


7848 The command CWD DirName is the command the client use to go to the directory where a file has to be
7849 downloaded or uploaded. The directory structure shown below is presented by the TM to POI. The
7850 presented directories may be physical or virtual.
7851 DirName is the path name of the target directory to go to. The structure of an example of the file directory
7852 reachable is presented in the figure below.

UserRoot
/

Acqu TMS

Auth Capt Soft MgtPlan Param Rep


Authorisations Captures Software Management Plan Report

Vendor Mer Acq


Vendor Merchant Acquirer
7853
7854 Figure 20: FTP Server Directory Structure for TMS
7855
7856

12 Transport Protocol Services Page 269


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7857 12.2.2 FTP Transfer Parameter Commands

7858 12.2.2.1 Data Connection


7859 The command PASV to pass the server in a passive data connection mode is used by default to avoid the
7860 problem of firewall, Network Address Translation, and port change by the client 7. The response at the
7861 command informs to the client the server port to connect to.
7862
7863 The command PORT DataPort and the active data mode is not used.
7864

7865 12.2.2.2 File Type


7866 The binary file type is used for the transfer. The command TYPE is not used.
7867

7868 12.2.2.3 Transfer Mode


7869 The file transfer mode which might be used are:
7870  The stream mode if the exchange of data does not require restart of the transfer after the
7871 beginning of the file.
7872  The block mode, if restart might be used if the file transfer does not terminate correctly.
7873 The POI must support the stream mode. The block mode may be used in addition for the file transfer.
7874 The command MODE TransferMode is sent by the Client to inform the stream or block mode to use for
7875 the next transfer.
7876 There is no recommendation for the position of the marker. The stream mode is the preferred solution.
7877

7878 12.2.2.4 File Structure


7879 The file (no record structure) structure is used for the transfer, so the command STRU is not used.
7880

7881 12.2.2.5 File Naming Conventions


7882 The file names contain the following information that are concatenated (min. 8 and max. 32 characters):
7883 - File Type
7884 o "SR" for Status report
7885 o "MP" for Management Plan
7886 o "SW" for Software Modules
7887 o "PA" for Acceptor Configuration (e.g. Vendor, Merchant or Acquirer Parameter)
7888 o "DD" for Delegation Data (e.g. TM certificate)
7889 - Value for the SequenceNumber (Default "00…00")
7890 - ".ASN" for ASN.1 coded and ".XML" for XML coded files.
7891 The sequence number is used to check if a file has to be downloaded:
7892 1. If the sequence number is higher than the existing one the file has to be downloaded.
7893 2. If the sequence number is equal or lower than the last number stored by the POI this sequence
7894 number is not acceptable.

7 See RFC 1579, Firewall-Friendly FTP

12 Transport Protocol Services Page 270


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7895 If there is no file with an acceptable sequence number the POI looks for a file with the default
7896 sequence number that can be downloaded instead of.
7897 Therefore the default value for the SequenceNumber is used to synchronise the sequence
7898 numbers present in the POI and TMS (This means that the default sequence number must reset
7899 the sequence number to "00…00"). If the maximum number is reached the TMS system resets
7900 the sequence number also with the default value.
7901
7902 The following example illustrates the naming convention for a sequence of files if always the default name
7903 for the Management Plan is used:
7904
7905  Download first Management Plan MP000000 containing the Cyclic Call with two TMS actions:
7906 o Upload StatusReport and
7907 o Download Management Plan MP000000 (StartTime plus Period defined).
7908  For a foreseen download of a parameter set the TMS server generates a new Management Plan
7909 MP000000 containing three actions:
7910 1. Upload StatusReport
7911 2. Download Acceptor configuration PA000001
7912 3. Download new Management Plan MP00000 containing only the default actions Upload
7913 StatusReport and Download Management Plan MP000000
7914  For the next download of a new parameter set the TMS server generates a new Management
7915 Plan MP000000 containing three actions:
7916 1. Upload StatusReport
7917 2. Download parameter set PA000002
7918 3. Download new Management Plan MP00000 containing only the default actions Upload
7919 StatusReport and Download Management Plan MP000000
7920

12 Transport Protocol Services Page 271


CAPE Terminal Management Message Usage Guide Version 5.2 - 22 March 2017

7921 12.2.3 FTP Protocol Service Commands

7922 12.2.3.1 File Transfer


7923 The commands RETR and STOR are used to download and upload files.
7924
7925 The command ALLO is necessary to allocate storage at the server before the transfer of files.
7926
7927 The command REST Mark is used to restart the transfer from the specific marker Mark. This command
7928 has to be immediately followed by a RETR or a STOR command. For the stream mode the restart is not
7929 possible.
7930
7931 The command ABOR is used to abort a transfer or a command.
7932

7933 12.2.3.2 Directory Management


7934 The command LIST is used to get the content of a directory.
7935
7936

12 Transport Protocol Services Page 272

You might also like