The SWIFTAlliance Starter Set

1
The SWIFTAlliance Starter Set

• Alex Bagin
• September 2005

2
SWIFTAlliance portfolio in 2005 Access the
entire range of SWIFTNet Services
Appli. Integration and Desktop
Messaging Integration
Communication Integration
Network Integration
SWIFTNet Services
Back-office (MT MX)
SWIFTAlliance Access / Entry
New
SWIFTAlliance Workstation
SWIFTAlliance Starter Set
SWIFTAlliance Messenger
SWIFTNet FIN (MT standards)
New
Browser
New
Dial Up
New
SWIFTSolutions (MX standards)
VPN box
SWIFTNet
SWIFTAlliance WebStation
SWIFTSolutions (proprietary) and Market
Infrastructures
SWIFTAlliance Gateway Single Window
Leased line
SWIFTSolutions (FileAct)
Back-office
Service Specific Interface
Back-office
SWIFTAlliance Portfolio
3
SWIFTAlliance Starter SetWhat is it?

• A software package that leverages the SAE/SAA
  platform to provide out-of-the-box file transfer
  and browsing capabilities

4
SWIFTAlliance Starter Set

• Enables access to the SWIFTNet single window
• FileAct or Browse-based SWIFTSolutions, Market
  Infrastructure services and participation in
  MA-CUG
• Includes a SWIFTAlliance WebStation
• Manual file transfer and browsing capabilities
• Upgrade path no additional software is required
• All the software to implement additional features
  is included. Activation is just a matter of
  purchasing one of the three SWIFTAlliance Gateway
  profiles

5
SWIFTAlliance Starter SetEnabling the single
window
SWIFTAlliance Entry or Access
SWIFT Alliance Starter Set opens the entire
single window for you

• SWIFTNet

SWIFTNet FIN
SWIFTNet
FileAct
InterAct
Browse
when used in conjunction with SWIFTNet Browse
6
SAS waiver programThree clear benefits

• Access SWIFTSolutions
• Preparing for Market infrastructures (Target2)
• Anticipating SWIFTNet Phase 2

7
SWIFTAlliance Starter Set (SAS)Waiver program

• SWIFT is waiving the one-time license fee for the
  SAS interface software (list price USD 4,750)
• SWIFT will not charge any maintenance fee (USD
  1,850/year) in 2005 and 2006 for all orders
  received before 30th November 2005
• The maintenance fee for the SAS will be charged
  as of 1 January 2007

We recognise that for smaller users, total cost
of ownership is often more important an issue
than traffic costs, which was one of the reasons
for this initiative. And larger users will
benefit indirectly, since more counterparties
will be enabled to receive traffic.
Kosta Peric, Director, Marketing, SWIFT
8
SAS waiver programDetails

• Who is eligible?
• SWIFTAlliance Access or Entry customers
• Who do not have a SWIFTAlliance Gateway
• Who have a valid SNL on the same platform
• Timeline
• Start date 9th June 2005
• Customer must use e-ordering before 30th November
  2005 at the latest
• After this date, the SAS licence will be charged
  as per standard price list
• Customers will receive the software by the end of
  2005
• To benefit from the waiver and the associated
  incentive (please refer to the next slide), the
  SAS must be installed by the end of 2006

9
SAS waiver programVoucher

• Integral part of the SAS waiver program
• The voucher is an incentive for the installation
  use of the SAS
• The voucher can be redeemed against one of the
  two options described on www.swift.com
• Voucher is sent by SWIFT upon SAS e-ordering
• Voucher program valid for services delivered
  until end 2006
• Voucher can not be used for services delivered
  and invoiced previously no retroactivity

10
WebStation used to manually download files
11
Monitoring the file transfers using SWIFTAlliance
WebStation
12
(No Transcript)
13
A practical guide to SWIFTNet Phase 2

• Kees Hozee,
• SWIFT

14
Agenda

• What is Phase 2 all about?
• Impact overview
• Migration mechanics
• Migration planning strategy

15
SWIFTNet FIN today
SLS FIN Access control MAC e2e security BKE
relationship mgt.
IP protocol
SWIFTNet
FIN
SCR/ICC
SCR/ICC
SWIFTNet FIN interface
FINinterface
MAC BKE
X.25 protocol
16
SWIFTNet FIN Phase 2
PKI FIN Access control PKI e2e security RMA
relationship mgt.
SWIFTNet
PKI
FIN
HSM
PKI
PKI
HSM
SWIFTNet FIN interface
SWIFTNet FIN interface
PKI
RMA
17
Upgrading SWIFTNet FIN securityStarting point
CUST A
CUST B
CBT
CBT
SCR/ICC
SCR/ICC
FIN access control security
SLS (via ICC)
FIN user-to-user security
MAC
Relationship management
BKE
18
Upgrading SWIFTNet FIN security FIN access
control and user-to-user security
CUST A
CUST B
CBT
CBT
SCR/ICC
SCR/ICC
FIN access control security
SLS (via ICC)
X
PKI
FIN user-to-user security
X
MAC
PKI
19
PKI for SWIFTNet FIN

• Secure Login/Select will not disappear
• Authentication code in LOGIN/SELECT from ICC is
  replaced by a digital signature
• MAC/PAC replaced with digital signature
• Sending BIC8 Signing BIC8

1F01AAAABBCC PKI-signed by
cnfincbt1,oaaaabbcc,oswift
20
Upgrading SWIFTNet FIN security Security hardware
CUST A
CUST B
CBT
CBT
X
X
SCR/ICC
SCR/ICC
HSM
HSM
FIN access control security
PKI
FIN user-to-user security
PKI
21
Hardware Security Module (HSM)

• Tamper-resistant hardwareto secure PKI secrets
• Dedicated device for PKI signing operations
• Ordered at SWIFT

USB connected HSM Windows SNL
LAN connected HSM-box Unix and Windows SNL
500
15,000
Note indicative price range
22
HSM devices overview
23
New relationship management
CUST A
CUST B
CBT
CBT
HSM
HSM
FIN access control security
PKI
FIN user-to-user security
PKI
Relationship management
BKE
RMA
X
24
Relationship management application (RMA)

• Managing correspondents in a many-to-many world
• RMA as mechanism to control WHO can send you
  traffic
• Preventing unwanted traffic
• Managing the correspondents business
• RMA as mechanism to control WHAT a correspondent
  can send to you
• Example, for FIN
• RMA authorisations only apply to authenticated
  traffic
• RMA authorisations can be granular to the level
  of MT/MT category

25
RMA interfaceRMA - Correspondents exchanging
authorisations
BANKBEBB
AAAAUS33
canreceive from
cansend to
canreceive from
cansend to
DEUTDEFF
DEUTDEFF
DEUTDEFF
DEUTDEFF
4
2
BACDGB2L
BACDGB2L
BOFAGB2L
BOFAGB2L
ABNANL2A
ABNANL2A
ABNANL2A
ABNANL2A
CITIITRR
CITIITRR
CITIITRR
CITIITRR
AAAAUS33
2) Authorisation is sent to B
4) If accepted, B stores authorisation
26
FIN interfaceMessage filtering - B sends message
to A
AAAAUS33
BANKBEBB
Back office
Back office
Send
Receive
DEUTDEFF
INGBNL2A
BACDGB2L
DEUTDEFF
ABNANL2A
ABNANL2A
If OK, process Otherwise failure queue
If OK, send Otherwise failure queue
CITIITRR
CITIITRR
BANKBEBB
AAAAUS33
27
Relationship Management Application (RMA) -
Future Proofing

• RMA service is designed for all SWIFTNet services
• to control counterparts and traffic
• define what will be allowed (in/out) per
  correspondent
• criteria vary from application to application
  (e.g. MTs, Request types, XML types, )
• For SWIFTNet FIN service
• RMA filtering only applies to authenticated
  traffic
• Filtering on a BIC8 level
• Optional granularity message categories/types

28
Agenda

• What is Phase 2 all about?
• Impact overview
• Migration mechanics
• Migration planning strategy

29
SWIFTNet FIN Phase 2 customer impact overview
FIN
RMA

• Whats required
• R6 SNL/SAG... upgrade
• FIN Interface upgrade
• New RMA interface
• HSMs
• Certificates Security Officers (if not existing)

Communication Interface (SAG/SAS/)
SNL

• Check impact on Back-office
• Aware of MAC/PAC?
• Correspondent file based on key file?

30
SWIFTNet Phase 2 for a SWIFTAlliance user

• SAA/SAE R6 upgrade for the FIN changes
• PKI
• HSM support
• Relationship migration
• Basic RMA functionality
• SAS (Starter Set) or SAG needed
• Extended RMA functionality in optional SAA/SAE
  license
• RMA Plus
• SA RMA stand-alone product

SAE/SAA
RMA
FIN
MX
SAS/SAG
SNL
31
TCO components

• HSM equipment
• PKI certificates
• Migration project
• Interface (FIN RMA)
• HSM maintenance
• RMA messaging
• PKI and SO
• Interface
• BKE messaging
• FIN messaging
• BKE admin

Objective Reduced or neutral TCO impact
One-timeinvestment
annualcharges
SWIFTNet Phase 2 elements and TCO impact will be
proposed to the October Board
annualsavings
32
SWIFTNet FIN Phase 2 Value proposition

• PKI Security
• Better and simpler
• State of the art
• HSM hardware
• RMA
• Insurance against unwanted traffic and their side
  effects (for FIN authenticated traffic)
• audits, regulatory reporting, reputation damage
• Better and simpler control over correspondents
  TCO reduction

33
Agenda

• What is Phase 2 all about?
• Impact overview
• Migration mechanics
• Migration planning strategy

34
Migration Principles

• No big bang
• Migrate BIC8 by BIC8
• Migrate independently of correspondents and of
  central institution
• Must have fall back capability
• Co-existence of Phase 1 security and Phase 2
  security
• Current key file transformed into RMA filter
• No need to manually recreate authorisations for
  existing correspondents
• Spread workload to maintain quality

35
Technical migration approach

• Security
• Use digital signature in LOGIN/SELECT
• Use digital signature instead of MAC
• Relationship Management
• Use RMA instead of BKE

36
From MAC to PKI - phases
Start
? MAC ? MAC
Phase 1
? MAC Signature ? MAC or Signature
Phase 2 ready
Phase 2 ready
? MAC Signature? Signature
Phase 2 Complete
? Signature ? Signature
MAC rejected by SWIFT
End
37
From BKE to RMA

• Key file is the source for the RMA file
• RMA file build-up (RMA recording process)
• Based on existing bilateral key file and traffic
• Traffic recording will be done over time and RMA
  file will be created at the end
• Sender and receiver do this independently
• Shared keys will only generate BIC8-BIC8 RMA
  records actually used
• Only RMA records for valid correspondents
• Automatic clean-up of key file

38
FIN interfaceRMA file build-up (recording
process)
39
Migration Interoperability
40
Agenda

• What is Phase 2 all about?
• Impact overview
• Migration mechanics
• Migration planning strategy

41
Migration Milestones
42
Migration Timeline
Pilot
Prepare
Infrastructure upgrade
RMA usage
43
Customer schedulingInfrastructure upgrade
completed milestone
C1
44
Customer SchedulingRMA milestones
C1
C2
45
What should you do next

• Plan resources to prepare the migration in 2006
• Design your solution (architecture)
• Ensure readiness of your FIN interface vendor
• Prepare for ordering
• Consider pilot participation

46
Where to find help

• www.swift.com/swiftnetphase2
• How to prepare, what to budget
• Information paper and Overview document
• In 2006
• Awareness sessions and SWIFT Training
• Planning Guide and wallchart planner
• Configurator on swift.com
• Check with your interface provider
• Check with your service partner
• Come and see us at the SWIFT stand
• HSM theatre session Wed 2 pm, Thu 11 am

47
(No Transcript)