The Bolero Core Messaging Platform (CMP) is the Secure Messaging Channel at the heart of the Bolero infrastructure (Bolero Open4Trade) and therefore the foundation of all Bolero services. The CMP supports a number of critical objectives:
Security and Messaging:
The CMP guarantees delivery and originality of all documents. Transport and message format protocols adhere to the Internet standards of smtp, hCMPs, IMAP and S/MIME. The messaging protocol, designed by SWIFT, provides acknowledgement and notification of document delivery.
Bolero’s security architecture is based upon a Public Key Infrastructure and adheres to the ISO standard X.509v3 and IECC standard PKCS# protocols. Registration authority services are provided through banks, and the Certification Authority is operated by SWIFT. All Bolero messages and acknowledgements are digitally signed with 1024 bit keys and optionally encrypted at 128 bits, based upon the 3DES protocol. All interactive communication is encrypted at 128 bits.
Open Technology
A key requirement of the Core Messaging Platform (CMP) is to ensure that all companies, regardless of size, can easily adopt and integrate the technology. To meet this requirement, the CMP uses Internet protocols for document transport, message formats and security. These are the same protocols that are used in standard browsers and e-mail clients, such as Internet Explorer and Outlook.
Security
To secure trade documents sent through the system, the Bolero CMP service relies on digital signatures and encryption. These techniques provide security far superior to what exists in both the paper world and the Internet.
For example, a confidential paper document can be copied and presented to outside parties without the knowledge of its sender. It can also be forged and successfully passed on as an original. The same things can happen to Internet-delivered messages, such as e-mail. However, none of these scenarios are possible with the CMP security: encryption prevents viewing of a document by any party other than the intended receiver while digital signatures provide proof of document’s origin and ensure that signed documents cannot be altered.
Guaranteed Delivery
While Internet protocols enable rapid, inexpensive implementation, they do not guarantee the delivery of information. While e-mail has proved reliable, there is no guarantee that your mail will be delivered to its recipient. This is perfectly acceptable for most communication, but it is not good enough when payment is reliant on the delivery of trade documents.
The CMP solves this problem with a standard acknowledgement protocol. Each document that is sent through the Bolero service is logged and acknowledged by the CMP, providing the sender with a guarantee that the document will be delivered to the recipient. When the recipient receives the document, the CMP notifies the sender of delivery.
Speed
Many critical trade processes are dependent upon the delivery of documents. Moving paper often creates a bottleneck that prevents the clearance of goods or the transfer of payment.
The CMP provides a near-real-time environment for the exchange of trade information and documents. Companies no longer need to wait for the courier delivery of documents and can even request re-submission of documents while still meeting cut-off times. To ensure that documents are received according to business requirements, the CMP warns the sender if the receiver has not processed documents within a designated period of time.
Logging
As a neutral, trusted third party to a transaction, the CMP maintains a full log of all messages sent and received. These logs are securely maintained in the Bolero operations centre and are stored for up to three years. The logs include the digital signatures used in each message and can be used in the event of dispute.
Transport
The Transport tier governs the way computers send and receive data to and from Bolero. The tier is made up entirely of Internet standard transport protocols:
All messages and documents are exchanged using smtp.
All on-line communication is based upon the hCMPs protocol.
Message Protocol
The message protocol enables guaranteed delivery. Bolero uses an acknowledgement protocol, developed by SWIFT, to achieve this:
- Each message sent to the Core Messaging Platform (CMP) is acknowledged to the sender when received and validated.
- Each message forwarded to a receiver is acknowledged to the CMP as received.
- With each received acknowledgement, the CMP sends a delivery notification to the sender. If no acknowledgement is received within a configurable “timeout” period, the CMP sends a warning notification to the sender.
All acknowledgements and notifications are digitally signed (see below) and logged to provide non-repudiable proof of the message sequence.
Message Format
The message format tier defines how messages should be structured for exchange between the back-office and the CMP. Bolero uses the Internet standard message format MIME exclusively. This is the same format that is used in most e-mail clients (eg, Outlook) and mail servers (eg, Exchange). With added security (see below), the format is known as S/MIME.
Security
The security layer defines how messages and documents should be secured to ensure authentication, non-repudiation, data integrity and confidentiality. Bolero uses a Public Key Infrastructure (PKI) in which each operator/computer has a “private” key that is used to sign or decrypt messages, while the CMP maintains a “public” key that is used to validate a signature or encrypt a message. Each public/private key pair is certified by the Bolero Certification Authority, operated by SWIFT.
Bolero’s PKI is based upon Internet standard protocols:
- PKCS# protocols to request certificates and sign messages
- X.509v3 protocol, defining the certificate format
- S/MIME protocol for secure messaging
- 3DES protocol for encryption
- SSL protocol for authentication and encryption of interactive communication
Document Format
The CMP uses standard XML as the native syntax for processing and managing information. Bolero has created an end-to-end set of trade document standards, called BoleroXML, which together comprise the Bolero Collaboration Libraries. For customers who have already invested in EDI standardisation, or use local or proprietary formats, Bolero provides complete translation services for data in and out of the back-office to limit changes and speed the integration process.