Skip to main content

Communication Protocol

The DuitNow system supports communication via Web (HTTPS) and TCP/IP where participants are able to establish connectivity to the system securely. This section provides information on the two protocols and explanation on how the connectivity flow works in the RPP DuitNow system.

HTTP

HTTP is short for "Hypertext Transfer Protocol" and it is a request-response protocol that allows users to communicate data over web servers. HTTP works similar to other application services like SMTP and FTP. Like the performance of FTP, it transfers a document using service of TCP port. But it uses just one TCP connection (usually at Port 80) i.e. at data link and no individual Control Connection is used.

HTTP is a protocol which fetches resources such as HTML documents. It is used for exchanging data on the Web and is a client-server protocol which means requests are initiated by the recipient usually the Web browser.

The controls from the client-side delivered in a request message into the webserver. The web server sends the requested content at a response message. The HTTP doesn’t provide any security and makes use of SSL (Secure Socket layer) to club security in its communication.

How HTTP Works

HTTP provides users a way by distributing hypertext messages between servers and clients to interact. HTTP clients generally use Transmission Control Protocol (TCP) connection to communicate with servers.

The HTTP can carry out various tasks to be performed by Request methods such as but not limited to:

  • GET: Requests a specific source in its entirety.
  • HEAD: A specific resource with no body content.
  • POST: Adds articles, messages and information to another page under an existing web resource.
  • PUT: Directly modifies a current web source and creates a new URL if need be.
  • DELETE: Eliminates a specified source.

Additional resources regarding HTTP:

TCP/IP

TCP (Transmission Control Protocol) provides reliable, ordered, and error-checked delivery of a stream of bytes between applications running on hosts. It states that a connection is established and maintained until the application data at each end have finished exchange. TCP breaks application data into packets. This packet delivers to the transport layer. Layer 4 manages flow control and provide error free data transmission and handles retransmission of dropped or garbled packets and acknowledges all packets that arrive.

IP (Internet Protocol) is the protocol for shifting packets around between hosts in the network layer.

note

Prior to using this, participant is required to engage with PayNet on arrangement for the TCP/IP client connector to be installed at client site.

How TCP Works

TCP’s job is to ensure that all data sent in a stream moves from client to server in a correct order and is intact. TCP uses a technique known as positive acknowledgement with retransmission, requiring the receiving end of a transmission to give a response as to what data has been received. The bytes sent can exactly match the bytes received. No data is altered or lost along the way.

Connection is established and a 3-way handshake is made. First, the source sends a SYN request packet to the server in order to start session establishment process. Then, the server sends a SYN-ACK packet to agree to the process. Lastly, the source sends an ACK packet to the target to confirm the process, after which the data can be sent.

Additional resources regarding TCP/IP:

TCP/IP Client Server Model

Connection will be created at server side which is listening to specified port for client to establish the connection. FI will be a client side to establish the connection in order to send and receive message to/from RPP hub.

The following is the connectivity diagram for both client and server:

Connectivity Diagram

Messaging Flow

Connection Type

FI is required to create socket and establish a persistent connection (keep alive) to RPP Hub on the specified port given. Every message must be sent and received via the existing socket established before and it is not recommended to establish single-use connection every time sending the request.

Message Length

Messaging to RPP Hub should be started with sending the message length in the first four bytes, followed by the real message. This is required for every message format sent to RPP respectively.

This messaging format is not only limited to the request from client, but the same format will also be used by any message coming from Hub itself. Client side must be designed to handle this kind of message format in order to process messages from Hub.

Sending and Receiving Message

To send and receive message to/from hub, client should be running synchronize write and read to the existing connection stream.

Connection Handling

Connection Structure

Every FI will be assigned n number of ports (currently n=4). An FI can use up to 4 clients (1 port = 1 client) to connect to the RPP server. RPP Hub has 4 servers and every client must connect to every server and send messages on a round-robin basis to all 4 servers subject to availability of the servers.

The diagram below shows the sample connections for each PayNet server:

Sample Connection Diagram

For FI that has 4 clients, the total number of connections will be 16. It is up to the FI to decide how many clients they would like to have depending on their requirements such as primary site and DR site.

Persistent Connection

As described in Connection Type, clients must be using the same keep-alive connection and should not close the connection every time they send a message to the Hub.

Connection Drop

Clients must be configured with an ability to re-connect if the connection is dropped.

Request Messages

All request messages must be sent on a round-robin basis to all 4 RPP servers from each client. E.g. When the first message goes via Port C01, the second message should go via C02, therefore the third and fourth will go via C03 and C04 respectively. The fifth message will be sent out via C01 again and so on.

Response Messages

Response messages from both RPP server and client must follow the same route/connection where the request/response was sent. E.g. if a request message from RPP server was sent via Port C01, client must send the response to that request via C01 only. If the connection through C01 is somehow broken or lost, all pending messages can only be further continued when C01 is active again or otherwise those messages will be considered as lost. To handle timeouts for lost messages, please refer to latest FSD.

Message Timeout - Expired

Client should maintain a table of all requests sent to RPP server and received from RPP server. All requests must be dropped upon a configurable timeout. No responses must be sent or received if corresponding request is not found.

Incoming Request Messages:

Incoming Request MessageChannelRequest TimestampRequest Drop Interval
Incoming message 01C0120190101235900+10,000ms
Incoming message 02C0220190101235901+10,000ms
Incoming message 03C0320190101235902+10,000ms
Incoming message 04C0420190101235903+10,000ms
Incoming message 05C0420190101235904+10,000ms
Incoming message 06C0320190101235905+10,000ms
Incoming message 07C0220190101235906+10,000ms
Incoming message 08C0120190101235907+10,000ms
Outgoing Messages:
Outgoing MessageChannelRequest TimestampRequest Drop Interval
Outgoing message 01C0120190101235900+10,000ms
Outgoing message 02C0220190101235901+10,000ms
Outgoing message 03C0320190101235902+10,000ms
Outgoing message 04C0420190101235903+10,000ms
Outgoing message 05C0520190101235904+10,000ms
Outgoing message 06C0620190101235905+10,000ms
Outgoing message 07C0720190101235906+10,000ms
Outgoing message 08C0820190101235907+10,000ms

Digital Signature

All messages shall be signed using an Asymmetric (public key) Cryptography Mechanism. This involves calculating of RSA signatures on outbound messages and verifying RSA signatures on inbound messages. Signature and Public Key information of certificate used for signing must be placed in XML header (AppHdr) in the 'Sgntr' block. The signature digest is the encapsulated signature transformed in the general XML context. This would require PKI Management.

As RPP messages are in XML format, RPP require signature adhering to XML Signature which signatures are generated from a hash over the canonical form of a signature manifest. Requirements for the signature are:

  • Syntax: XML Signature
  • Type: Enveloped
  • Canonicalization Method: Exclusive XML Canonicalization
  • Signature Type: RSA
  • Hash Algorithm: SHA256
note

PayNet has 2 appointed vendors for procuring certificates. FI and PayNet must exchange Public Key (Certificates) beforehand.