Batch Transmitting Guide

June 2014

This guide replaces the previous version published in November 2013.

Table of Contents


Note: Content in this section may require additional software to view. Consult our Help page.

Batch Transmitting Guide (PDF version, 189 KB)

Before You Start

Batch reporting is the submission of multiple reports in one file. To use this you have to create the batch file and format the information according to specifications from Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). FINTRAC will provide you with batch transmission software to encrypt and transmit the batch file. That software is called SecureLane and this guide is about how to use it to transmit reports to FINTRAC.

Before you can download the batch transmission software, you have to be enrolled with FINTRAC for electronic reporting. You also need to have obtained a public key infrastructure (PKI) certificate.

For information about the batch file format or about how to obtain a PKI certificate, see the technical documentation area on the Publications page of FINTRAC's Web site at www.fintrac-canafe.gc.ca.

Securelane version 4.0.89 currently supports Java 1.6 and Java 1.7.

1. Introduction

1.1 Overview

The batch transmission software allows the secure and reliable exchange of data between you and FINTRAC.

You will send data in the form of a message. The messages will be secure due to the use of PKI encryption and reliable due to the tracking process through which all messages are sent.

You will use "channels" to send messages to FINTRAC. A channel is a secure connection through which you send messages to and receive messages from FINTRAC. FINTRAC manages profiles, users and channels.

1.2. Message security

The batch transmission software ensures that your data is secure throughout the message sending process by using data encryption on all messages when they are sent. This ensures that no unintended outside party can view the data within your message. The only party who will be able to properly view the data is the party for whom the message was intended.

2. Installation of the Batch Transmission Software

2.1 Initial installation

As explained at the beginning of this guide, before you can download the batch transmission software, you have to have applied for a PKI certificate and related user access information. FINTRAC will notify you by email once your PKI subscriber application has been approved. We will also send you a personal identification number (PIN) that you will need to go through the PKI user creation process and download the batch transmission software.

Once you have your PIN, FINTRAC will contact you to provide a PKI certificate number. You will need it and your PIN to complete the following steps in downloading the batch transmission software.

The PKI user creation process described below only needs to be done once, for the initial installation of the batch transmission software. For any subsequent installations, whether to reinstall it on the same machine or to install it on other machines, you will need to go through the process explained in section 2.2.

  1. Go to the "PKI User Creation" screen
    Version 4 https://www20.fintrac-canafe.gc.ca/UserRegistration/cr-eng.html
  2. Enter your PKI certificate number and your PIN (both these are provided by FINTRAC, as explained above).
  3. Select which question you want to have for security purposes, and provide an answer. You will need to use this question and answer if you need to install the software after this initial installation.
  4. In each of the New Password fields, enter the password that you will use to login to the batch transmission software once it is installed. Any others in your organization that will be using the same PKI key will also need to use this same password.
  5. Select "Submit" to complete the PKI user creation. The batch transmission software installation process will then begin. Just follow the onscreen instructions.

The batch transmission software will self-install at <WindowsDrive>:\SecureLane, with WindowsDrive being the drive where Windows OS is installed. Your PKI certificate will be placed under the above folder as <WindowsDrive>:\SecureLane\121137****.epf, with 121137**** being thePKI certificate number FINTRAC assigned to you.

Before logging into Securelane, please ensure to copy the following files to your Java Security folder.

If you are currently using Java 1.6, then go to c:\SecureLane\jce-6

  1. Copy local_policy.jar and US_export_policy.jar
  2. Place the two files in your Java Security folder %Program Files%\Java\jre6\lib\security\

If you are currently using Java 1.7 then go to c:\SecureLane\jce-7

  1. Copy local_policy.jar and US_export_policy.jar
  2. Place the two files in your Java Security folder %Program Files%\Java\jre7\lib\security\

Once this initial installation is complete, you need to confirm or change your new batch transmission software configuration. Please refer to section 4 for more information about this.

2.2. Subsequent installations

Follow these instructions if you have already successfully completed the initial installation process explained above and you need to do one of the following:

  • reinstall the batch transmission software on the original machine; or
  • install the batch transmission software on another machine.

With password and security question and answer

If you remember your password as well as the question and answer used in the PKI user creation process, complete the following steps:

  1. Go to the "PKI User: Subsequent Installation" screen at
    Version 4 https://www20.fintrac-canafe.gc.ca/UserRegistration/rq-eng.html.
  2. Enter your PKI certificate number, select the appropriate security question and enter the answer. You will also need to enter your password in both password fields.
  3. Select "Submit" and the batch transmission installation process will begin.

Without password or security question and answer

If you do not remember your password or the question and answer used in the PKI user creation process, complete the following steps:

  1. Contact FINTRAC, as explained in section 7, to get a personal identification number (PIN).
  2. Go to the "PKI User Recovery" screen at
    Version 4 https://www20.fintrac-canafe.gc.ca/UserRegistration/rec-eng.html.
  3. Enter your PKI certificate number and the PIN provided to you by FINTRAC.
  4. Select which question you want to have for security purposes, and provide an answer. You will need to use this question and answer if you need to install the software again after this installation.
  5. In the New Password field, enter the password that you will use to login to the batch transmission software. Any others in your organization that are using the same PKI key will also need to use this new password.
  6. Select "Submit" and the installation process will begin.

Before logging into Securelane, please ensure to copy the following files to your Java Security folder.

If you are currently using Java 1.6, then go to c:\SecureLane\jce-6

  1. Copy local_policy.jar and US_export_policy.jar
  2. Place the two files in your Java Security folder %Program Files%\Java\jre6\lib\security\

If you are currently using Java 1.7 then go to c:\SecureLane\jce-7

  1. Copy local_policy.jar and US_export_policy.jar
  2. Place the two files in your Java Security folder %Program Files%\Java\jre7\lib\security\

3. Operation

3.1. How to log on to or log off of the batch transmission software

You can access the batch transmission software log on screen, Version 4, at https://www20.fintrac-canafe.gc.ca/SecureLane/index_v4_gov.jsp

In the field called "Name", select your PKI certificate number in the drop-down menu. Enter your password and select "Login" to access the batch transmission software main window.

Example of the batch transmission software log on screen

To log off, select the "Logout" button on right of the top menu bar on the main window. The main window is shown in section 3.2.

If you have forgotten your password, or if you need to change it, follow the instructions in section 2.2, depending on whether or not you remember you security question and answer. This will result in a new installation of the batch transmission software, but will also provide you with a new password.

3.2. Batch transmission software main window

Batch transmission software main window

At the top of the main window, on the top menu bar from right to left, you will find the "Logout button" which will have you log out from your session, the 'Settings' button which will help you manage your settings, the 'Report Types' button which will help view your Securelane files, and the "Mode" button that will give you the option to change the mode you would like to process your files in.

Immediately below the main window menu bar, on the top left of the screen, you will find the "Home" button" for you to return to the home page. When on the "Home" page, in the middle section, you will find the "Log on information" and right below you will find your "User ID". Following that is the information on the credential (whether it is up to date), and key dates, that is, the encryption creation date and its expiry and the signing key creation date and its expiry. Below the log on information you will find the "Report Types" that reads "To view your Securelane files, select one of the report types from the navigation menu. Below the "Report Types" there is the "Mode" button which reads "To change the mode you would like to process your files in, select one of the mode types from the navigation menu". Below the "Mode" button, you will find the "Settings" button. Under the "Settings" button it reads "You can manage your Securelane settings". Finally, below the "Settings" button, there is the "Logout" button and below it reads "Logout confirmation".

On the left side of the screen you will find the navigation menu. The first button on the top is "Mode". Below this button you will find two sub-sections. The first sub-section button is "Production" and the second sub-section button is "Test". Then you will find the "Report Types" section. Below the "Report Types" section you will find eight report type options to choose from. These options are, in order from top to bottom, "ALT LCTR", "CBSA QA", "CDR", "EFTS, "EFTNS", "LCTR", "CBSA", "STR" and "OrgXML". The next section is "Settings". Below this section are three links. The first one is "Change Password", the second is "Service Management" and the third is "Channel Setup". The last button is the "Logout".

At the bottom right of the main window, you will find the date modified and version indications. Below that, on the left, you will find the "Terms and Conditions" and the "Transparency" links. Below those two links, you will find, from left to right, the buttons "About Us", "News", "Contact Us" and "Stay Connected".

4. Configuration

The batch transmission software Web interface provides you with a simple way to configure your system. Your actual configuration will be saved as part of a secure repository at FINTRAC. This allows your configuration to be maintained across multiple installations.

4.1 Channels

When you first log on, the batch transmission software will present all of the available channels to you. These channels are grouped and listed on the left side of the main screen.

You will need to contact FINTRAC to activate your access to training channels so that you can go through acceptance procedures (certification) for each report type that you want to submit by batch.

Acceptance procedures

Your test reports for acceptance procedures should be sent on the training channel, according to the type of report. As soon as you have sent in the required number of batch files with test reports, contact FINTRAC as explained in Section 7. Once you have successfully completed the acceptance procedures, you will be given access to submit real reports in the appropriate production channel.

For more information about acceptance procedures, see FINTRAC's specification documents available from the technical documentation area of the Publications page on FINTRAC's Web site.

Folders

The batch transmission software provides a single Data Root parameter representing the parent directory under which channel folders will be created following the FINTRAC naming convention.

You can change the location of all channel folders in a single step, by simply changing the Data Root parameter through the Web interface as follows:

  1. Select "Settings" from the top menu.
  2. Select "Channel Setup".
  3. Modify the Data Root parameter as required.
  4. Select "Apply".

You will not be able to change the naming convention under Data Root.

The default folder structure will automatically be created when files are sent in the respective channels, as follows:

This table shows the default folder structure for each production channel and each training channel. The first column shows the channel type, the next column shows whether the channel is for production or training, and the last column shows the default path for files sent on each channel.

Channel Type

Purpose

Path

ALT LCTR

Production

C:\SecureLane\121137****\PROD\ALT LCTR\

CDR

Production

C:\SecureLane\121137****\PROD\CDR\

CDR

Training

C:\SecureLane\121137****\TEST\CDR\

EFTNS

Production

C:\SecureLane\121137****\PROD\EFTNS\

EFTNS

Training

C:\SecureLane\121137****\TEST\EFTNS\

EFTS

Production

C:\SecureLane\121137****\PROD\EFTS\

EFTS

Training

C:\SecureLane\121137****\TEST\EFTS\

LCTR

Production

C:\SecureLane\121137****\PROD\LCTR\

LCTR

Training

C:\SecureLane\121137****\TEST\LCTR\

OrgXML

Production

C:\SecureLane\121137****\PROD\OrgXML\

STR

Production

C:\SecureLane\121137****\PROD\STR\

STR

Training

C:\SecureLane\121137****\TEST\STR\

4.2. Service mode

You can configure the batch transmission software through its Web interface to run as a Windows service. If you operate in service mode, there is no need to log on for the transmittal of files. You will simply drop the files for transmission in the appropriate folders. There is also no need to log off, as the service stays running until you stop it.

To install the batch transmission software Windows service, proceed as follows:

  1. Select "Settings" from the top menu.
  2. Select "Service Management".
  3. Enter your PKI user password.
  4. Select "Install SecureLane Service".

Even if you use the batch transmission software in service mode, you can still log on if you wish to view particular information. However, you would not be able to transmit files while logged on.

For more information about service mode, see section 5.1. If you do not operate in service mode, you have to log on to send files. This is called user mode and for more information about it, see section 5.2.

If you ever need to uninstall the Windows service, proceed as follows. For example, you would need to do this if you ever need to change the server running the service.

  1. Select "Settings" from the top menu.
  2. Select "Service Management".
  3. Enter your PKI user password.
  4. Select "Uninstall SecureLane Service".

4.3. Viewing station

In some cases, you may wish to operate the batch transmission software in service mode and connect to view your messages or your files transmitted to FINTRAC from a different computer. This "viewing station" will not allow you to submit or receive messages.

To configure a viewing station, perform the following:

  1. Install the batch transmission software on the computer you wish to use as a viewing station through the subsequent installation process described in section 2.2.
  2. Copy the new EPF file (<WindowsDrive>:\SecureLane\121137****.epf) that was installed on the viewing station to the computer that is running the batch transmission software service. In other words, overwrite the EPF file on the computer that is running the service with the new EPF file.
  3. Restart the batch transmission software service.

4.4. Proxy server

You can configure the batch transmission software to operate through a proxy server. To do this, configure Java to use a proxy server in the "Network Settings" on the Java Control Panel.

In some cases, you will need to edit the "net.properties" file to include your proxy settings. The file is located in "C:\Program Files\Java\<java version>\lib", where <java version> is the name of the Java version you have installed. For example, the file could be called "C:\Program Files\Java\jre6\lib\net.properties".

Remove the hash symbol ("#") from the "https.proxyHost=" and "https.proxyPort=" lines so that those lines will no longer be ignored, and include your proxy information.

Example:
The following shows what needs to be edited in net.properties for a proxy server named 192.168.1.100, using the default port number. The excerpts start at a point that is several lines down from the top of net.properties.

Before editing

# HTTPS Proxy Settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 443). The HTTPS protocol handlers use the http nonProxyHosts list.
#
# https.proxyHost=
# https.proxyPort=443
#

After (once editing done)

# HTTPS Proxy Settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 443). The HTTPS protocol handlers use the http nonProxyHosts list.
#
https.proxyHost=192.168.1.100
https.proxyPort=443
#

Please note that the batch transmission software does not support proxy server user authentication.

You can find more information about proxy settings on the Java Web site at:
http://www.java.com/en/download/help/proxy_setup.xml

4.5. How to submit messages

You can submit files to FINTRAC using the batch transmission software in either of the following ways:

  • In user mode, select the "Upload" button in the main window and select the file to be submitted.
  • In service mode, place the file in the appropriate drop folder.

After you have sent an outbound file, you will receive an inbound file representing your acknowledgement file from FINTRAC concerning processing results. For more information about acknowledgement files, see FINTRAC's specification documents available from the technical documentation area of the Publications page on FINTRAC's Web site at www.fintrac-canafe.gc.ca.

4.6. Message status

The following explains what the message states mean.

This table shows a description (column 2) for each message status (column 1).

Message status

Description

Pending

The file is waiting to be sent or received.

Encoding

The file is being signed, compressed and encrypted.

Encoded

The file has been signed, compressed and encrypted.

Transferring

The file has been encoded and is being transferred.

Transferred

The file has been received and is ready to be decoded.

Decoding

The file is being decrypted, decompressed and verified.

Decoded

The file has been decrypted, decompressed and verified.

Acknowledged

The file has been received, its signature is valid, and the file has been processed.

Refused

The file has not been accepted because of the signature, sender, encryption, file size, or file extension were invalid. See the "Details" section in the GUI for more information.

Aborted

The file has been rejected and retried for the maximum number of times without success.


5. Understanding Sending and Receiving of Files

Each channel has at least the following folders defined:

This table shows the description (column 2) of each defined folder (column 1).

Name

Description

Out\Drop

Polled for outbound messages.

Out\Prog
In\Prog

Appears on both inbound and outbound messages. It contains any messages that are currently in progress.

Out\Done
In\Done

Appears on both inbound and outbound messages. It contains any messages that have been completed.

Out\Rejected
In\Rejected

Appears on both inbound and outbound messages. It contains any messages that have failed.

5.1. Sending and receiving in service mode

If you are operating in service mode, the batch transmission software is polling the out\drop folder for new outbound messages. The service is also polling the transport server for new inbound messages.

When the batch transmission software detects a new outbound message, it creates a new message, copies the message to the "prog" folder, and submits the data to the transport server. The batch transmission software then waits for a receipt from the receiving party. When the receipt arrives, it processes the message and moves the file to the "done" folder. If at any point the message fails, the batch transmission software will move the file to the "rejected" folder.

When the batch transmission software detects a new inbound message, it begins downloading the data from the transport server to the "prog" folder. After the download is complete, the data is validated and a receipt is sent to the party who sent the message. If at any point the message fails, it will move the file to the "rejected" folder.

5.2. Sending in user mode

If you are not operating the batch transmission software in service mode, you have to log on to send the files.

From the main window select the "Upload" button in the bottom left of the screen. Select the message you wish to send from the dialogue box and select open. Refresh the view using the batch transmission software refresh button to show your file in the message view area.

6. Message Tracking

The batch transmission software provides a message tracking Web interface. Key features are listed below.

6.1. Search filters

Search filters are provided directly above the Message View Area in the main window. This allows for quick searches to be performed without switching pages. The search filter fields allow you to filter for the following information.

This table shows the description (column 2) for each search filter field.
Filter Field Description

Name

Filter by file name

Status

Filter by message status: All (any status), Acknowledged, Failed (refused or aborted) or In progress (includes any status from pending to decoded)

Direction

Filter by message direction: All, Inbound or Outbound

Calendar

Filter by date range. Select the "From date" and "To date"

6.2. Applying filters to production or training messages

The search filters described above will apply to messages for a particular channel, in a particular mode, as selected at the left of the message view area. For example, if you apply search filters with the mode selector on production and the STR channel selected, this will apply only to messages on the STR production channel. If you change the mode selector from production to training, the filters will be applied to messages for the STR training channel only.

7. How to Contact FINTRAC

If you have questions or comments about the batch transmission software, you can contact FINTRAC for technical help as follows:

  • Toll-free: 1-866-346-8722 (After making your language selection, press the option for technical help.)
  • Email: tech@fintrac-canafe.gc.ca

8. Glossary

Channel
A channel is a connection between a batch transmitter and FINTRAC used to send and receive messages.

Message
A message is data sent through a channel to or from FINTRAC.

Receipt
A receipt sent from a message';s receiving party to the sending party denoting whether the message has been successfully received (positive receipt) or has failed for some reason (negative receipt).

Service mode
Service mode is the mode in which the batch transmission software is configured to run automatically on a user';s system, as a service on Windows network.

User
mode
User mode is the mode in which the batch transmission software is only started when the user manually starts the service after logging on.