Teledin

EDI solution for small and enterprise Business

  • Increase font size
  • Default font size
  • Decrease font size

Global Automotive standards – EDI protocol

Basic EDI Automotive protocol principles:

  1. The aim of the ODETTE-FTP is to facilitate the transmission of a file between one or more locations in a way that is independent of the data communication network, system hardware and software environment
  2. In designing and specifying the protocol, the following factors were considered :
    1. The possible differences of size and sophistication of file storage and small and large systems
    2. The necessity to work with existing systems (reduce changes to existing products and allow easy implementation)
    3. To respect IT systems of different ages
    4. To respect IT systems of different manufactures
    5. To create a potential for growth in sophistication (limit impact and avoid changes at other locations at EDI partners)

OFTP protokol - ODETTE File Transfer Protocol

  1. The ODETTE File Transfer Protocol (ODETTE-FTP) was defined in 1986 by the Organisation for Data Exchange by Tele Transmission in Europe (ODETTE) to address the electronic data interchange (EDI) requirements of the European automotive industry
  2. Over the last ten years ODETTE-FTP has been widely deployed on systems of all sizes from personal computers to large mainframes while the Internet has emerged as the dominant international network
  3. The speed of the communication has increased at steadily lower cost. To match the demand for EDI over the Internet, ODETTE has decided to extend the scope of its file transfer protocol to incorporate security functions and advanced compression techniques to ensure that it remains at the forefront of information exchange technology with this goal :
    • The protocol OFTP2 shall support secure and authenticated communication over the Internet using Transport Layer Security, providing file encryption, signing and compression using Cryptographic Message Syntax and signed receipts for the acknowledgement of received files
    • The protocol shall support both direct peer to peer communication and indirect communication via a Value Added Network and may be used with TCP/IP, X.25 and ISDN based networks

    OFTP2 - ODETTE File Transfer Protocol version 2 – new features

    • File level encryption
    • Session level encryption
    • Secure authentication
    • File compression
    • Maximum permitted file size increased to 9PB (petabytes)
    • Long virtual name of a file
    • Negative End Response (NERP)
    • Extended Date and Timestamp
    • Signed EERP
    • Signed NERP
    • Extended error codes
  4. Increase of security features to the full :
    • Confidentiality
    • Integrity
    • Non repudiation of receipt
    • Non repudiation of origin
    • Secure Authentication
  5. Security features are based on X.509 certificates

Algorithms of the symetric and asymetric crypting and hash function of OFTP2:

(2 security solutions)

Sec. solution symetric crypting asymetric crypting hash function
1. 3DES_EDE_CBC_3KEY RSA_PKCS1_15 SHA-1
2. AES_256_CBC RSA_PKCS1_15 SHA-1
  1. Support of both security solutions obligatory
  2. Used certificates must be the [X.509] certificates
  3. Algorithm TripleDES works under the CBC mode (Cyclic Block Chaining) and uses the EDE process (Encryption Decryption Encryption) with 3 different 64 bit keys
  4. RSA application under the [PKCS #1] definition
  5. AES uses the 256 bit key in the CBC mode

OFTP2 - automatic certificates exchange

Prerequisite

  • Root certificates from well known CA‘s (I.CA) are collected and loaded in the OFTP software
  • The identification data of the partner's certificate has been received (usually with the other Odette parameters e.g. ODETTE ID) and has been entered in the system :
    • Certificates Issuer
    • Serial Number

OFTP2 - automatic certificates exchange

Preparation

Step 0 (has to be carried out once):

  • Create key pairs (private and public key)
  • Get certificates (from CA or equivalent instance - I.CA)

OFTP2 - automatic certificates exchange

Step 1

Establish OFTP connection, first a TLS/SSL session is established

  • TLS protocol: exchange certificates
  • TLS protocol: check chain of trust
  • TLS protocol: maintain secure session

OFTP2 - automatic certificates exchange

Step 2

Exchange Certificates and transfer encrypted files

  1. Request certificate (only once, if certificate is not yet installed)
  2. Receive certificate, check chain of trust, check issuer and serial number, install certificate locally (only once)
  3. Encrypt file
  4. Send file

Almost as easy as OFTP version 1!

OFTP2 - automatic certificates exchange

What does it mean ?

  • Safe OFTP Ver. 2 connection requires only marginal more effort than OFTP Ver. 1 (once a certificate has to be obtained)
  • A new option, not a constraint
  • Manual exchange of self signed certificates on a safe „enough“ way is still (technically) possible
  • When partners agreed to use self signed certificates they can exchange their root certificates once instead of repeatedly exchange the single certificates
  • Mutually signed certificates can be exchanged automatically too, after the signer‘s certificates are installed in the key store
 

Login

Contact

Teledin s. r. o.
Seifertova 85
130 00 Praha 3
Tel. (+420) 221 015 250
Fax. (+420) 221 015 289
Email: