Functionalities realisable through the ESDK system:
- exchange of settlement documents;
- exchange of documents in providing services for the payment of benefits from securities.
Formal basis for using the system
The ESDK system may be used by organisations cooperating with KDPW after the Agreement on the making of statements and sending documents by electronic transmission is entered into between KDPW and the institution using the ESDK system. The said Agreement regulates the rules applicable to, and scope of, using the ESDK system in communication between the parties to the Agreement, the liability of the parties, minimum technical requirements and model authorisation documents for the representatives of the parties.
System availability
The ESDK electronic communications system is available during the business hours of the Depository-Settlement System (kdpw_stream) from 6.00 AM to 9.00 PM.
Messages availability
The contents of participants’ MQ queues are deleted at the close of operational processing each day.
Technical support
Problems connected with running and operation of the electronic communication system to the ESDK should be reported by e-mail address: di_serwis@kdpw.pl or by phone to the System Operator (004822) 537 9415 weekdays from 7.00 AM to 8.00 PM.
Processing during emergencies
- in the event of unavailability of the ESDK electronic communication system, preventing the exchange of system messages between KDPW and its Participants, Participants will be notified of this via e-mail, using contact addresses to person authorised to communicate with KDPW;
- in the event of unavailability of the ESDK electronic communication system, preventing the exchange of system messages between KDPW and its Participants, KDPW will initiate a reconfiguration of the SWI (Information Exchange Systems) so that messages can be sent using the ESDI electronic communication system;
- once the ESDK electronic communication system is online again, Participants will be notified of this via e-mail, using contact addresses to person authorised to communicate with KDPW;
- a reconfiguration of the SWI aimed at restoring the exchange of system messages based on the ESDK electronic communication system is performed automatically at the close of business processing at 21.00, or at another time determined by participants;
- The SWI (Information Exchange Systems) architecture allows for participants to send system messages (unit instructions) to the depository-settlement system (kdpw_stream) via an electronic communication channel of their choice: ESDI, ESDK or the SWIFT Message Processing System. System messages generated by the kdpw_stream (unit messages) are sent to participants via the channel of their choice.
The ESDK system comprises the following elements:
- ESDK Server - a communication node (interface) between KDPW's Depository-Settlement System and the participants' IT systems; implemented under the WebSphere MQ Server platform, the ESDK Server performs the signing and sending, to participants' incoming queues, messages generated by the Depository-Settlement System, as well as the receipt and verification of messages from participants' outgoing queues and sending them to the Depository-Settlement System.
- ESDK Client - a software platform operating within the participants' IT system, enabling the exchange of messages with the ESDK Server via incoming and outgoing queues. Message queues are accessible at client's application level through Websphere MQ's programming interface. In addition, KDPW provides participants with programming components enabling the signing and sending of messages in accordance with the ESDK Communication Protocol, and the verification of incoming messages' electronic signature.
Security
In order to ensure the credibility of messages sent through the ESDK system, cryptographic methods based on PKI solutions and electronic certificates have been implemented. The inclusion of electronic signature in the message structure enables the verification of the message's integrity and non-repudiation of the sender. Electronic signature is generated for a data buffer comprising a content message and data identifying the sender, the recipient, message number and type and creation date and time. Only those messages which successfully passed the electronic signature verification are accepted for further processing in the Depository-Settlement System.
The existing Public Key Infrastructure (KDPW Certification Authority) will be used for the purposes of the issuance and management of public key certificates. Digital certificates issued by the KDPW Certification Authority are compliant with the X.509 v.3 standard.
User authentication and authorisation for the purposes of message queues in the ESDK system is based on the SSL protocol and public key certificates identifying the user in the system.
In order to ensure data transmission security, communication within the ESDK system between participants' systems and KDPW is effected through VPN channels (IPSec protocol). The IPSec protocol supports user authentication and guarantees data confidentiality and integrity at transport layer level. At KDPW side, VPN channels are terminated at a VPN concentrator which performs the function of an access node, and at participant side - at any network device supporting the IPSec protocol (router, VPN box, firewall), or directly at a PC station on which the relevant client software (Cisco VPN Client), which is provided to participants free of charge, is installed.
Terms of telecommunications
The ESDK system uses the following teletransmission measures:
In the Primary Location:
- Frame Relay – Orange network,
- Frame Relay - Exatel network,
- the Internet;
In the Backup Location:
- Frame Relay – Orange network,
- Frame Relay - Exatel network,
- the Internet.
Owing to the specific nature of the solution, KDPW as the communications interface between the various IT systems of participants, does not provide client software. The components of the IBM Websphere MQ software necessary for configuring the client environment need to be consulted with the IBM Websphere MQ software provider.
- sdkclt Java classes package - available for participants in the manner provided for under the SWI Agreement
- CSAPI32 library - available for participants in the manner provided for under the SWI Agreement
- Cisco Systems VPN Client v. 4.8.
Current documentation of the electronic communication system ESDK is below.
Specific configuration parameters are available only to persons authorized by the Participant. Current documentation of IBM Websphere MQ can be found on www.ibm.com.
Formats of the system documents exchanged between the Participants and KDPW are published on www.kdpw.pl.
Period of validity of certificates:
- Production environment - 2 years
- Test environment - 5 years
- VPN communication - 2 years.
- Office of IT Systems Department - (004822) 537 9452
- System Operator - (004822) 537 9415
- Chief Guarantor - (004822) 537 9117
- Network Engineer - (004822) 537 9371