Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 www.mpi.govt.nz Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA.

Published byPreston Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "1 www.mpi.govt.nz Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA."— Presentation transcript:

1 1 www.mpi.govt.nz Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA

2 2 Contents: Drivers ePhyto transmission options 1. Direct NPPO to NPPO ePhyto exchange (Many to many via Bi-lateral agreement) 2. Overview of Cloud/Hub Communication (one to Many) Key difference between “Direct NPPO to NPPO” versus “Cloud/Hub” What’s in the Hub/Cloud Concept Hub Prototype: Portal access System to System and Portal Access Hub Prototype: “Security Mechanisms” Hub Prototype: “Transaction Types” Prototype: “Examples of Transactions” (Information Flows) Next Steps

3 3 Drivers Provide an effective, efficient & secure method for information exchange between participating NPPOs by eliminating the need for other countries to access exporting countries systems directly. E.g. Exporting NPPO push the export certificate information to the hub, importing NPPO pulls it from the hub. Reduce the complexity and cost of having multiple “Many to Many” interfaces for information exchanges with trading partners. E.g. One standardised, secure interface to the hub for all electronic information exchange activities between participating NPPOs. Ability to provide Portal solution to enable countries to receive Ephyto certificate information.

4 4 Direct NPPO to NPPO ePhyto exchange (Many to Many via Bi-Lateral Agreement)

5 5 Overview of Cloud/Hub Communication (One to Many)

6 6 Differences between “Direct NPPO to NPPO” versus “Cloud/Hub” communications “Direct NPPO to NPPO communication” : multiple interfaces resulting in complexity and increased cost to manage & maintain challenges firewall security relies on pull technology “Cloud/Hub communication”: Reduced complexity and rigidity Simpler setup and ongoing maintenance for participating countries = lower cost. Improved visibility of certificate exchanges. Able to separate the message carrier (envelope) from the actual certificate information payload making it more flexible and modular – not hard coded together. Use of internet standard SSL certificates = lower cost for participating countries.

7 7 What’s in the basic Prototype of the Hub concept? Utilises modern Cloud technology. A secure folder for each countries’ certificate information. Consideration for a linked folder for attachments (i.e. Re-export phytosanitary certificate message situations). Portal Access – enabling countries without “software to software” capability to receive an electronic XML phytosanitary certificate message Secure information exchange mechanisms – using the security SSL certificate (X.509 certificate)

8 8 Hub Prototype: Portal access Provides basic functionality for member countries that don’t have the software functionality or enough trade volume to justify building a software to software solution. Allows exporting NPPO to push certificate messages to the Hub prototype rather than having to host them on their own websites. Importing NPPOs operating through the Portal benefit by not having to go to several different websites to look up certificate messages. Allows Portal participating member country NPPOs to do basic lookups and potentially could provide some standardised reporting capabilities – for example, allow exporting NPPO to see when an importing NPPO last retrieved its certificates. Can be used to provide status information and notifications of any upgrades/changes.

9 9 Hub Prototype: Software-to-Software and Portal Access Hub Country B Country G Software to Software Country D Portal User Access Portal Potential for User Access “Portal” providing “receiving” access to countries who cannot access Software to Software. Software to Software Certificate Information Exchange.

10 10 Hub Prototype: Security Mechanism “Envelope” to deliver certificate information: Involves a message “carrier or envelope” similar to the traditional postage envelope – identifies; - the sender, - the receiver, and - where the envelope actually originated from. Separates the delivery (transport) “carrier/envelope message” from the actual content (certificate information payload) of the message – taking care & enhancing the security element. Message Carrier/Envelope Contains: Protocol-type Receiver ID Sender ID Transaction ID Security SSL Certificate (X.509 certificate) Encryption Mechanism

11 11 Hub Prototype: Security Mechanism Message Contains: Message Header - System level information includes security credentials, transaction context, & session identifiers. Message Body – Actual encrypted XML message contents (as per ePhyto XML data map) using SSL certificate. Attachments – Original certificate in Re- Export certificate situations. Certificate information inside the “Envelope”: Contains the specific certificate information being exchanged Accommodates exchanges of; - normal/standard phytosanitary certificate information, and - Re-export phytosanitary certificate information ( includes ability to attach the original certificate).

12 12 Hub Prototype: Transaction Types Operational TransactionsDescription SubmitSubmit an approved certificate data set to the hub. RevokeRevoke an existing certificate data set. ReplaceReplace an existing certificate data set with an updated one. RetrieveRetrieve a list of certificate data sets based on: country status date range Commodity RejectImporting country rejects a certificate set it receives via the hub. Polling QueryPolls to check if there are any new certificate data sets for a specific country.

13 13 Prototype Transaction: Submit certificate information Steps: 1.Export NPPO ePhyto system contacts the Hub. 2.Hub authenticates and authorises the export country, validates Certificate XML Schema. 3.Export NPPO ePhyto system pushes/sends approved certificate information to Hub 4.Hub puts certificate information into importing NPPO’s secure storage folder (and in re-export certification situations, strips off the original certificate attachment and puts this into the import NPPO’s attachment container). 5. Hub sends confirmation and hub transaction ID to Export NPPO ePhyto system Import Country Export Country Hub Export NPPO ePhyto system & Hub activity:

14 14 Prototype Transaction: Revoke certificate information Steps: 1.Export NPPO ePhyto system contacts the Hub 2.Hub authenticates and authorises the export country. 3.Validates Certificate XML information to ephyto XML data map 4.Updates event in transaction database with the ‘revoked’ status. 5. Hub sends confirmation of status update to Export NPPO ePhyto system. Hub Import Country Export Country Revoke Update with Transaction ID. Export NPPO ePhyto system & Hub activity:

15 15 Prototype Transaction: “Replacement” certificate information Replacement certificate data set with Transaction ID of original. Steps: 1.Export NPPO ePhyto system contacts the Hub 2.Hub authenticates and authorises the export country. 3.Hub validates certificate XML inforamation to ePhyto XMl data map. 4.Hub creates a new transaction database entry 5.Hub looks up original certificate data set and flag as ‘replaced’ and link to new transaction. 6.Hub puts certificate information and any “original certificate attachments” (Re-export situations) into the country container. 7. Hub sends confirmation and new transaction ID to Export NPPO ePhyto system. Hub Import Country Export Country Export NPPO ePhyto system & Hub activity:

16 16 Prototype Transaction:“Polling Query” Request for list of certificates for a exporting country based on certificate status, commodity type and date/time range. Steps: 1.Import NPPO ePhyto system contacts the Hub. 2.Hub authenticates and authorises the import country. 3.Hub looks up events for that country based on date range, certificate status and/or commodity type. 4.Hub returns relevant entries (i.e. list of certificates and transaction IDs falling within the query parameters. Hub Import Country Export Country Import NPPO ePhyto system & Hub activity:

17 17 Prototype Transaction: “Retrieve” certificate information Request certificate data set (and Re-export original attachments if required) based the hub transaction ID or certificate ID. Steps: 1.Import NPPO ePhyto system contacts & “Polls” the Hub for certificate information. 2.Hub authenticates and authorises the import country. 3.Hub looks up hub transaction ID and/or certificate data set ID in the hub database and find any Re-export original certificate attachments associated with the certificate if requested. 4.Hub sends requested certificate information to importing country ePhyto system (including any attachments). Hub Import Country Import NPPO ePhyto system & Hub activity:

18 18 Prototype transaction: “Reject” certificate information Request certificate (and attachments if required) based the hub transaction ID or certificate ID. Steps: 1.Import NPPO ePhyto system contacts the Hub. 2.Hub authenticates and authorises the import country. 3.Hub looks up the hub transaction ID and/or certificate ID in the hub database (and find any Re-export certificate information & attachment of the original certificate) 4.Hub sends requested certificate information (and attachment in a Re-export certification situation) to the Import NPPO ePhyto system. Reject certificate and provide reason why rejected. Steps: 1.Import NPPO ePhyto system contacts the Hub which in turn authenticates and authorises the import country. 2.Hub looks up the hub transaction ID and/or certificate ID in hub database and flags certificate information as rejected and put reason into database. 3.Hub sends official interception reject/notification to exporting country. Hub acknowledges rejection to Import NPPO ePhyto system. Hub Import Country Export Country Import NPPO ePhyto system & Hub activity:

19 19 Next Steps! Agree on the basics associated with the Cloud/Hub Concept Set up and complete feasibility study: (e.g. Use of a ‘cloud’ based platform to provide cost effective, scalable and secure IT hardware/software. Use of commercial SSL certificates to make it easier, more secure and less costly to join. Use of a systems integrator/support organisation to provide service & support for the global hub. Initial business rules regards data retention, archive requirements, audit / activity reporting, service levels for hub) Set up a proof of concept: Support pilot testing between small group of countries Share experiences obtained to inform feasibility study

20 20 Questions Lukasz Zawilski lukasz.zawilski@mpi.govt.nz Peter Johnston peter.johnston@mpi.govt.nz

Download ppt "1 www.mpi.govt.nz Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA."

Similar presentations

Electronic certification

Electronic certification
Customer First : Strategic Context and Opportunities Rory Mair.

Customer First : Strategic Context and Opportunities Rory Mair.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.
Altman IM Ltd | | capture | index | organise | workflow Enterprise document & content management … for all types & size.

Altman IM Ltd | | capture | index | organise | workflow Enterprise document & content management … for all types & size.
Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.

Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that Web services are likely.

A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
PROACTIS: Supplier User Guide Contract Management.

PROACTIS: Supplier User Guide Contract Management.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
UIS EDEN Workflow Engine Overview of workflow engine for IU’s OneStart portal.

UIS EDEN Workflow Engine Overview of workflow engine for IU’s OneStart portal.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Objectives of the Lecture :

Objectives of the Lecture :
Users' Meeting San Francisco, CA April 18 th, 2006 RCRAInfo Network Exchange.

Users' Meeting San Francisco, CA April 18 th, 2006 RCRAInfo Network Exchange.
Trimble Connected Community

Trimble Connected Community
SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.

SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.

Similar presentations

Ads by Google