Professional Documents
Culture Documents
Version Control
Version Author Date Change
2.0 Victor Martinez May 9th, 2018 Document updated with correct template and versioning
3.0 Victor Martinez Jan, 25t, 2019 Adaptations required after first certification process
4.0 Álvaro Ferraz Torres Nov 28th, 2019 Adapt print log
5.0 Patricia San Juan Oct 30th, 2020 Minor versions updated and correct listing of LNE Protocol rev 1.4
requirements
6.0 Patricia San Juan Jan 25th, 2021 Fiscal Module “major” version explanation
Table of Contents
Version Control
Table of Contents
Introduction
Purpose of the document
Overview
General solution
New module
Tax Authority access
Hashed blockchain as security mechanism
Securizing blockchains
Ticket flow in online mode
Ticket flow in offline mode
Ticket hash authenticity
Terminal online/offline monitor log
Ticket print log
Closing and Aggregation of data per Tax Rate and POS Terminal
Data export
Archiving
Robustness and auditor’s checks
I. Introduction
A. Purpose of the document
This document describes the way “Openbravo Commerce Suite 3.0RR19Q3:1.8.4503 version” will
be adapted to support Article 286-I-3 bis of the French Tax Code (FTC) requirements, to be certified
in France.
Openbravo Commerce Suite is the Openbravo solution for retailers. It is a responsive web and
mobile POS, backed by a complete back office functionality.
B. Overview
French Certification functionality is designed to provide Openbravo Commerce Suite starting from
3.0RR19Q3:1.8.4503 version, with the features to fulfill conditions of immutability, security, retention
and archiving of data, as per French Tax Code law, starting from 1st of January of 2018.
This new module will be named as “French Fiscal”, as it will enable Openbravo Commerce Suite to
support inalterability, security, retention and archiving conditions required by French Tax Authorities.
The source code of “French Fiscal v 1.0.1000” module will be the code to certify by the accredited
body located in France, “Laboratoire National de Métrologie et D’essais (LNE), according to LNE
standard version 1.4.
Openbravo will use the source code and the obfuscated jar library of the parts that controls
inalterability, security, retention, and archiving; to generate a hash code that will be displayed as
part of “French Fiscal v 1.0.1000” module.
The source code of “French Fiscal '' module is the code to be certified by the LNE, and therefore
represents the fiscal scope of Openbravo cash register system.
For additional information, please review the OB Technical Specification File version 7.0, where the
source code and all technical details of the French Fiscal module are described.
This role will be the one to associate to tax authorities auditor users, and it will mainly allow to:
● Access and review each sales ticket, payment information, print log and terminal monitor log
created since January 1st, 2018.
● Access and review cumulative and perpetual information available by day, month and year
(fiscal or natural year).
● Export any of the sales tickets or cumulative/perpetual information.
● Verify the integrity and inalterability of the exported data.
● Verify the integrity and inalterability of the archived data.
In order to access the archives, the tax administration will have to contact
"support@openbravo.com" to make the request which will be treated within 3 working days.
This methodology ensures from one side that the record itself hasn’t been altered, and from the
other side that the record history is always constant.
Each entity (ticket, ticket print log, closure by day, closure by month, closure by year and terminal
monitor log) will have a unique chain per terminal.
SHA256 hash is generated using DigestUtils and javax.crypto in Java, and forge library in
JavaScript.
D. Securizing blockchains
Database triggers in charge of controlling the blockchains are not compromised into the instance.
However there could be the case where a user could try to recreate the blockchains in a separate
database and dump & restore into the production instance.
To avoid this Openbravo runs a background process scheduled on a daily basis that saves into a
hidden and signed file in the filesystem the first and last hashes of each blockchain.
The process also verifies whether these hashes are still available into the database. If they are not
found, it might represent an external alteration of the chain, so an alert is raised to inform about the
security breach.
It is important to understand that while in offline mode, POS terminal does not allow to modify
tickets, but to create new ones.
Web POS terminal is not able to work offline more than 72 hours straight.
Companies have the ability to disable offline mode and to work only in online mode.
That means that the system always keeps track of the POS terminal status (online, offline).
“French Fiscal v 1.0.1000” module will store online/offline log in the database for each Web POS
Terminal, by using the blockchain methodology explained before, therefore this information is
secured and always accessible to the Tax Authorities.
This information will also be available for the “Tax Authorities”, therefore “Tax Authorities” can know
how many times and when a ticket was printed, as well as from where it was printed.
J. Closing and Aggregation of data per Tax Rate and POS Terminal
Daily aggregation will be automatically launched when running the cash up process from the POS
terminal. Web POS terminals will be forced to run cash up and daily aggregation every day.
“French Fiscal v 1.0.1000” will also allow the user to manually run “periodical” closing by month
and/or year. In case of year aggregation, the user can either select the closing to be executed by
fiscal year or by natural year.
“French Fiscal v 1.0.1000” module will provide a new window where the user can select the desired
closing period and date.
The process will generate cumulative information with the following dimensions:
● POS terminal
● VAT rate
Above means that cumulative information will be calculated by terminal and VAT Rate, up to a
concrete day/month/year.
As part of the aggregation, “French Fiscal v 1.0.1000” module will calculate and store the
“perpetual” amount (i.e. grand total sales amount from January 1st, 2018 to the closing date) per
terminal and VAT Rate.
The aggregated records will be secured in a blockchain structure by terminal, with the same
mechanism as the one explained before for sales tickets.
K. Data export
Any record secured in a blockchain can be exported as XML if required. This includes:
● Tickets with payment and taxes information.
● Print log records.
● Online/Offline monitor records.
● Aggregated/Cumulative information.
Export process will be executed directly in the UI, by using a specific button placed in the window
where the record is shown.
While exporting a record, the user has the possibility to automatically check the record’s integrity
and authenticity. If so the system will automatically:
1. Concatenate previous hash in the blockchain with the XML content to be exported and the
timestamp logged along with the HMAC authentication code.
2. Calculate on the fly the hash of this record using the SHA256 based HMAC algorithm
3. Compare it with the hash stored in the blockchain
4. Show an error in case of mismatch, that would mean that the record has been modified.
L. Archiving
Records created in Openbravo are always accessible directly in the UI. It’s important to understand
that Openbravo never deletes or purges records that are inside a blockchain. Once a record is
saved in the database inside a blockchain structure, it is kept there forever. This behavior allows the
user to easily browse and check old records in the same way as current ones.
Additionally, a new process is included within “French Fiscal v 1.0.0” module to allow:
1. Run an archiving process for a selected date range (maximum of one year).
2. Verify the archiving files integrity & authenticity.
3. In this window he must enter the SHA256 message digest for the ZIP/CSV file to verify.
Please note that the SHA256 message digest can also be easily gotten using external tools
if necessary.
4. Optionally he can enter also the expected HMAC available either in the ZIP file name, or in
the TXT file
5. When pressing Done, the system will calculate & print the HMAC for the introduced SHA256
message digest, so the user can easily compare it with the expected one. If both matches, it
means the file hasn’t been compromised.
Database triggers ensure that blockchains are never altered, by updating or deleting existing
records, or by adding new records in the middle of a chain.
“French Fiscal v 1.0.1000” module will provide five mechanisms to ensure the robustness of the
blockchain and the inalterability of the stored data:
1. A record integrity check while exporting, as explained before.
2. A new window where the user/auditor can enter a stored hash, the content of the record
(XML/JSON) and the timestamp. Once done, the system will calculate the hash and
compare it with the stored one.
3. A new window where the user/auditor can enter SHA256 checksum of any archiving file (ZIP
or CSV) and, optionally, the expected HMAC. Once done, the system will calculate the hash
and compare it with the entered value. Thus the user/auditor can easily check if the archiving
file is correct.
4. A process that will recalculate, for a concrete chain, all of the block hashes based on the
block data, and check that the block hashes stored are valid.
5. A background process always running that detects any corruption or alteration of the
blockchain records in the database. The process stores the first and last hashes in a secret
location in the filesystem and checks whether these hashes are still available in the
database. If the hashes are not found in the database it might represent a security issue, so
an alert is created and sent by email.
Besides, each time a blockchain record is added to the database, the integrity of this record will be
automatically checked as follows:
1. Concatenate previous hash in the blockchain with the record JSON/XML and the timestamp
logged.
2. Calculate on the fly the hash of this record using HMAC.
3. Compare it with the hash stored in the blockchain.
4. Create an alert in the system in case of mismatch, that would mean that the record has been
modified.
5. System Administrator will receive a mail in case an alert has been created.
For a better understanding of this section, it is highly recommended to read the first section of this
document, as it provides a global vision of our proposed solution.
Please also note that some requirements are duplicates or added details of previous ones. In those
cases the answer given will refer to previous answers.
1: Regulatory documentation.
The cash register system must be accompanied by documentation describing its design,
operation, maintenance and use. The documents listed below are covered by the tax
authorities access rights and are written in French, separately and entitled as follows.
- the OB General Design File version 3.0
- the OB Functional Specifications File version 5.0
- the OB Technical Specification File version 7.0
- the OB Organisational File version 1.0
- the OB Maintenance File version 4.0
- the OB Operational File version 5.0
- the OB User Guide version 8.0
- the OB Tax Authority Guide version 6.0
2: Additional documentation.
Additional documentation comprises all documentation meeting the technical requirements
of the LNE standards version 1.4, that is not part of the regulatory documentation. It is
written in English.
Besides this, a main document is provided, French Certification Master Document v 1.0,
describing the organisation of the documentation and listing the relevant documents,
paragraphs and page numbers for each technical requirement.
- a description of the entire product can be found in the OB General Design File version 4.0
- a description of the part of the sw concerned by the certification can be found in the OB
Technical Specification File version 7.0
- unambiguous identification of the sw can be found in all documentation
- a description of the algorithm used for integrity, security, and unalterability functions can be
found in the OB Functional Specifications File version 5.0
- a description of the user interface, menus, and dialogue boxes can be found in the
Openbravo Web POS User Guide v 2.0
3: Data to be recorded
The cash register system must record all payment data related to the execution of a
transaction and its payment. The data must be recorded, at the latest, at the point of
calculating the total amount for the transaction prior to the payment.
To review where to find data relating to payments, visit the OB User Guide version 8.0, section
“Ticket Creation”, page 11, and the OB Technical Specification version 7, sections “New Ticket”,
“Ticket Taxes” and “Ticket Reprint”.
4: corrections
If corrections (changes or cancellations) are made to transactions in any way, these
corrections are effected by recording new payment data through “more” or “less”
operations, rather than through direct changes to the payment data recorded.
The way to modify a ticket will be using the existing "Cancel and Replace" functionality, where the
original ticket is kept as it is.
This functionality creates two new tickets:
1. A copy of the original ticket with all the amounts in negative. This is the ticket that cancels
the original one (minus).
2. A new ticket with the correct positive amounts (plus).
Note that the original ticket is already in the blockchain for this terminal so it is never updated. The
two new tickets will also be added to the blockchain ensuring its inalterability.
5: Training/Test mode
Data generated or simulated through a “training”, “test”, “acceptance”, “pre-production” or
other mode or environment that permits the recording of fictitious transactions must be
recorded and secured as payment data but explicitly identified as being issues from this
mode
There is no training/test mode in the Openbravo Commerce suite, therefore this requirement is not
applicable.
Openbravo will implement new process that allows the user to accumulate data for the following
frequencies:
● Day.
● Month.
● Year (natural or fiscal year).
For example if we close up to February 3rd, 2018, as daily closing, Openbravo will generate:
1. As many records as terminals.
2. For each terminal, as many records as tax rates.
3. And finally for each of the records by terminal and tax rate, the system will store:
a. February 3rd, 2018 cumulative data.
b. Perpetual data from January 1st, 2018 to February 3rd, 2018 (February 3rd, 2018
included).
Monthly and annual closures must be done manually by the user. The user is notified of the need to
perform the monthly and annual closures in the OB User Guide version 8.0.
For cumulative data we will also use the same algorithm for hash calculation and blockchain
explained in the next section (see #8 ).
See #6 for an example about calculating cumulative and perpetual data.
Closures include cumulative total for the period and perpetual total.
8: Data inalterability
All payment data defined in the previous requirements must be conserved and secured in
such a way that it cannot be altered.
The mechanism we use to ensure inalterability of data is blockchain methodology, where each
record is linked to the previous record within each POS terminal. Besides, database triggers will
ensure no modifications in the blockchain are allowed.
This process will be automatically executed when synchronizing a ticket from the POS terminal to
the central server.
In offline mode the hashing of the ticket is executed as soon as the ticket is printed, but the
synchronization and storage in the backend database will be executed as soon as the terminal is
back to online mode. Web POS terminal is not able to work offline more than 72 hours straight.
Data is conserved and secured in a hash chain using a fingerprint mechanism with key
(HMAC-SHA-256).
Several mechanisms are included to verify the integrity of the recorded data. Also a protective
mechanism against data being restored to a previous state is included.
There will be a process that checks from the beginning of the chain, that each record in the chain
hasn’t been altered.
The way to do this is to calculate the hash of the very first record in the chain and keep on
calculating the hash of the rest of the records, by following the chain order,
This process will be a manual process that can be launched at any time.
Besides, a new window will be available where the user can manually specify:
● Previous HASH (mandatory field)
● XML content (mandatory field)
● Timestamp (mandatory field)
● HASH (optional field)
● Calculated HASH (read only field). Openbravo will calculate the HASH with the algorithm
explained in previous points.
The user can either manually check it is the same as the original hash or he can enter the expected
HASH so the system can compare it with the calculated one and show an error if mismatch.
Finally, there is a background process always running that tries to detect any alterability in the
database. It stores the first and last hashes for each entity in a secret place on the filesystem and
tries to find them back in the database. If not found it might represent a database alteration, so an
alert is created.
9: Securing receipts
The cash register system must allow to unequivocally identify and distinguish receipts
issued prior to payment between those issued after the payment has been made. Any receipt
that is reprinted should bear the word “duplicata” [duplicate]. The system must provide
secure traceability of receipts (both definitive and provisional) printed and reprinted. The
information included in the receipts must be consistent with the payment data recorded
securely by the cash register system.
Receipt template has been modified to highlight and therefore distinguish "unpaid" receipts, from
"paid" receipts". Same way receipts template has also been modified to add the word “duplicate”
whenever a receipt is re-print.
Every time a provisional or definitive ticket is printed or reprinted, a new record is added to the
blockchain structure and secured as explained in section #8. This record includes the POS terminal
from where the ticket was printed, the datetime and the ticket itself.
Each record (either individual or aggregated) always has creation and update dates by default.
All records are stored in the database using an immutable blockchain structure. See Hashed
blockchain as security mechanism section.
Old records are always available and linked to the same blockchain and tables than current records.
Records are never deleted.
Openbravo will provide an archiving process. When the archiving process is run, a log is created in
the database using the blockchain structure. This log stores the date range that has been archived,
the ZIP file name created, the previous hash and timestamp used in the hashing of this archiving
and the HMAC generated for this archiving.
Archiving ZIP file also includes a TXT file with information about the system and the date and time
when this archiving was run.
Each archiving is logged in a database using a blockchain structure, storing the range dates
archived (always less or equal than a year), the path of the archiving file created and the date and
time when the archiving was run. The archiving file name also provides, as part of the name, the
range date that includes.
The integrity and security of the records in the blockchain can always be checked in three different
ways: when exporting the records, by using a window where the hash is calculated on the fly and
can be compared to the stored one, and by checking the blockchain integrity from the first to the last
record in the chain. See Robustness and auditor’s checks and condition #10 for details.
It is also possible to verify the integrity of an archiving file at any moment, generating again the
SHA256 hash for it and comparing with the hash stored in the Archiving Log blockchain through the
Archiving Verification window.
The archives can be accessed and downloaded directly by the Openbravo UI in the POS Archiving
Log window, or alternatively connecting to the server by a system administrator and a secure SSH
connection.
Archiving exports database records to CSV files, in a format that is readable by a human. CSV files
are compressed in a ZIP file in the system itself.
In case of an audit, it is possible to download the ZIP file from the system, extract it using the
original password and read the CSV files.
The tickets are visible in JSON format contained in the CSV mentioned above.
The JSON can be made easily readable by using the site http://jsonviewer.stach.hu by clicking on
the "Format" tab.
The following variables correspond to the important data contained in the tickets:
● "Product" for products
● "Deletedlines" for add / delete movements.
● “Deletedpayments” for add / delete payments.
13: Purge
If the cash register system has a payment data purge function associated with the need to
free up memory, this must compulsorily generate an archive containing all of the payment
data to be purged and conserve it pursuant to Requirement 17 below, prior to performance of
the purge.
Openbravo never deletes data. No purge procedure exists.
Archiving operations are recorded in the system including the date and time when the operation was
done, as well as the POS used.
This archiving log data is conserved and secured in a hash chain using a fingerprint mechanism
with key (HMAC-SHA-256).
Several mechanisms are included to verify the integrity of the recorded data.
Individual records (payment data), cumulative, summary and traceability data is never removed from
the system. Besides that all of them are secured by the blockchain algorithm. See previous points
for details (#8 and #6 ). Same applies to archiving records. See Archiving section for details.
Besides the above, Openbravo never deletes old data. Old records are always available in the
database and UI.
Anyway, hardware minimum requirements are described in OB Operations Manual v 4.0 document
to ensure data is retained with no disk space problem for both Openbravo deployment options
“Cloud” and “On-Premise”. The size of the estimated database for a 6-year period is about 3.25 TB
for the largest client of the "Cloud" version. This one is managed internally and can not arrive at
saturation, the storage space being monitored every day internally with a margin of error
consequence of several GB.
On the "On-Premise" version it is up to the customer to check the available disk space on the server
and the terminals. This must comply with the minimum technical requirements specified in the
documentation (see Operating Manual v4.0).
In the rarest cases, a server with 160 GB of disk space for 10 terminals can cover 6 years of data at
a rate of 5 MB per day and per terminal (which gives about 11GB).
Openbravo never deletes data. All records are always available in the database. No purge
procedure exists. Archives are retained in the system itself. The archives can be accessed and
downloaded directly by the Openbravo UI in the POS Archiving Log window, or alternatively
connecting to the server by a system administrator and a secure SSH connection.
Communications between the terminals and the main server must be done via secure HTTPS
connection.
The system provides a log about the online/offline status per terminal (see Terminal monitor
online/offline log section).
In online mode, sales tickets are immediately synchronized with the backend (see Ticket flow in
online mode section).
In offline mode, sales tickets are synchronized with the backend as soon as the terminal is back
online.During the offline mode it’s not allowed to modify or delete tickets.
Web POS terminal is not able to work offline more than 72 hours straight.
See Ticket flow in offline mode section for details
By definition, ticket document sequence by terminal can’t have gaps, so ticket numbers are always
correlative. Backend stores the timestamp when the ticket was created in the POS terminal and the
timestamp when it was synchronized with the backend.
The authorities will be provided with a role (see Tax Authority access for details), that allows full and
real time access to the synchronized tickets and the online/offline monitor log, both stored in a
secure blockchain structure. With this information tax authorities can verify current and past status
for each terminal.
A new role for Tax Authorities will be created with read only access to all payment data. This role
will also be allowed to run every integrity verification mechanism.
When exporting data, such a role will have the possibility to check the integrity of the exported
records. To do that, when exporting each record, the exporting system will calculate on the fly the
hash using our hashing algorithm based on HMAC, and it will compare it with the hash stored in the
database. In case both hashes are not equal, the process will throw an exception informing the user
about the inconsistency.
Finally, a user manual in French will be provided, describing all details of the procedures for
accessing the data as well as a clear description on how to access this data and check its integrity.
For additional information please review OB Tax Authority Guide version 6.0
See New Module section for details, and the OB Technical Specification File version 7.0.
Any change to the code in the fiscal scope or configuration affecting compliance with the
requirements in this standard must result in an increase of the major version number. The
editor must generate and provide the fingerprint of each major version.
Openbravo solutions are released on a quarterly basis. In the case of the Openbravo Commercial
Suite (Openbravo for Retail) versions are released as 3.0RRXXQY, where:
● XX is the year
● and QY the quarter of the year.
Each of those quarterly releases are linked to a corresponding major version and minor version as
“1.8.XXXX”, where:
● 1.8 is the major version
● and XXX are the minor versions
For additional information, review the Openbravo Release Notes wiki page.
Openbravo solutions are built on a platform that provides a core set of technologies that allow
extending Openbravo to fit business needs or even legal requirements, through modularity.
A module is a piece of additional functionality that can be deployed on top of Openbravo solutions.
Examples of modules are those required to properly adapt Openbravo to different languages and
legal or fiscal requirements.
Therefore, and as already mentioned in the section "New Module", all the requirements related to
the French Finance Law mentioned above, will be implemented and therefore distributed as a
module to be installed by any retail company operating in France.
This new module will be named “French Fiscal” module. Starting from its version 1.0.0, French
Fiscal module will enable Openbravo Commerce Suite, starting from its version 3.0RR18Q4:
1.8.3901, to support inalterability, security, retention and archiving conditions required by the French
Tax Authorities.
The source code of the “French Fiscal'' module is the code certified by the LNE, and therefore
represents the fiscal scope of Openbravo cash register system.
A verification mechanism will be included to check that no change has been done in the fiscal scope
of the module. For additional information see the OB Technical Specification File version 7.0,
section Module Verification.
These version numbers can be accessible from the cash register system’s standard user interface,
after log in, by using the menu option “Backoffice”. Once in there, the user will have to navigate to
the menu options “Help” and then “About”.