Using AUTACK with Sterling B2B Integrator

Edit online

The following conditions apply when using AUTACK in Sterling B2B Integrator:

  • Certificates along with all other security features exist at the transaction or group level.
  • An AUTACK can be used to secure either a group or a transaction, but it cannot be used to secure both within a single interchange.
  • Only one AUTACK can exist in an interchange.
  • You can use AUTACK in Sterling B2B Integrator in two ways within an interchange:
    • At the transaction level, AUTACK messages can secure one or multiple transactions in the interchange.
    • At the group level, AUTACK messages can secure multiple groups.

When an AUTACK message is used, the security occurs on the transaction envelope for transactions and the group envelopes for groups. Security must be on by selecting Use Security on the envelope wizard to view the security screens.

For outbound envelopes, two parameters control what type of functionality is used: Security and message body and Whole related message, package, group, or interchange. These determine whether the AUTACK is embedded in the transaction or if it is referencing the data transaction or group it is securing. If referencing the data transaction or group, AUTACKs require their own group enveloping. An envelope parameter in the group envelope, AutackGroupEnvelope, indicates (when selected) that this is an AUTACK Group Envelope.

For inbound envelopes, you need two transaction envelopes: one for the message data to turn security on, and one for the AUTACK message where additional security settings are configured. Authentication for inbound and outbound messages using AUTACK works as follows:

For Inbound Messages using AUTACK:

  1. Reads the scope on the AUTACK transaction envelope to determine which functionality to reference.
  2. Reads a specific certificate on the AUTACK transaction envelope, or generates a certificate name from the data.
  3. Verifies the signature in the USY segment.
    Note: Hash total is built into signature in the USY segment. The hash total and signature are verified, and it is the hash total that authenticates document content.

For Outbound Messages using AUTACK:

  1. Reads the envelope parameters
  2. Calculates hash total of interchange content, which is used as input when calculating digital signature. The results are then encrypted using the originator's private key.

    AUTACK messages use security header groups (USH) and security trailer groups (UST).

To use AUTACK with Sterling B2B Integrator, you must complete the following tasks:

  1. Create the appropriate inbound and outbound envelopes with security for each message type you are sending and receiving. To initiate AUTACK, follow these steps:
    • For inbound and outbound UNG/UNE envelopes select Yes for the Use Security option in the envelope wizard.
    • Create a group envelope for AUTACK and select Yes for both security and AutackGroupEnvelope options.
    • For inbound and outbound UNH/UNT envelopes, create an envelope for the AUTACK message by typing AUTACK in the Message Type field, and select Yes for the Use Security option.
  2. If you are creating an inbound UNH/UNT transaction envelope with a message type of AUTACK you can configure the trusted certificate you want to use when validating the digital signature. You must select one of two options in the Scope of Security Application list. If you are configuring a non-AUTACK message type envelope, then the security configuration ends.
    • 1 - Security and message body. Use this option if you want the AUTACK embedded in the transaction that it is securing.
    • 3 - Whole related message, package, group, or interchange. Use this option if you want the AUTACK to reference the data transaction or the group it is securing. When selecting this option, you have two options for selecting the name of the certificate:

      - Use a certificate in USC segment or generate a certificate name. Use this option to generate a certificate name based on security configurations that you specify.

      - Use a specified certificate only