Overview – Host-to-host (H2H)

Host to Host(H2H) is an automated solution for secure electronic data transfer between the Oracle
system and bank. H2H connectivity enables the Oracle system to exchange the payment data to the bank
in their specified file format, network protocol and security standard.

H2H Connectivity in Oracle Cloud ERP

H2H connectivity is created in Oracle Fusion through creating Transmission Configuration. The
Transmission Configuration is attached to a Payment Process Profile which is specific to a bank. The
connectivity between Oracle and Bank is established using Secure Shell Key (.ssh).
While setting up the transmission configuration, the outbound messages is secured using payload
security. Payload security is the securing of payment files using payment file encryption and digital
signature based on the open PGP standard.
In order to use the encryption and digital signature in the Transmission Configuration, keys need to be
generated in Oracle and the Bank end. Encryption and digital signature verification require a public key.
Conversely, decryption and signing a digital signature requires a private key. A private key and public key
pair are known as the Key Pair. The party who generates the key pair retains the private key and shares
the
public key with the other party.
Before Creating the Transmission Configuration, the following needs to be done:

Configuration of Secure File Transfer (SFTP) with the Bank Server

This section illustrates the process to setup the communication between Oracle Cloud and the Bank
server by configuring the SFTP and secure authentication and encryption keys.

1. Client Private Key (SSH Key) and PGP Signing Key needs to be generated in Oracle and
corresponding Public Keys need to be shared with the Bank
To do this perform the following steps:
a) Go to Setup and Maintenance-->Tasks. Search for the task Manage Transmission
Configuration and click on it.
b) From the Select Protocol dropdown, select the appropriate protocol (Secure File
Transfer Protocol for Static File Names) and click on the create button.

c) Give the appropriate Configuration name. In the Client Private Key Password field,
enter the password that you want to set.

d) Now click on the dropdown for the Client Private Key File and then click on the
Quick Create link.
e) An SSH key will be created along with the timestamp and instance name. Note this
key name for future reference

f) Now open another window and go to Navigator>Tools>File Import and Export

g) In the Search criteria enter the account name fin/payments/import and perform a
Search. The public key corresponding to the SSH key generated earlier will appear in
the search results.
 h) Click on the keyname.pub file and the public key will be downloaded. This key needs
to be shared with the bank.
i) For creation of PGP Private Signing key you need to go back to the transmission
configuration and follow the similar steps as mentioned above. Once you put the
password and quick create the key, a “secret.key” file will be generated, and the
corresponding public key can be downloaded from the File Import and Export
screen. This public key also needs to be shared with the bank.
j) Please note that you will not be able to save the transmission configuration at this
stage as it is missing the Remote file directory, FTP IP Address and FTP Username.
You can either provide dummy information in these fields or Save the Configuration.
Alternatively, you can note the key names and cancel the configuration. Once you
receive all the necessary information from bank then you can create the
configuration with the actual values.

2. The PGP Public Encryption Key received from the bank needs to be imported to Oracle cloud
through UCM. To do this, perform the following steps:
a) Rename the bank-provided key file by including “public.key” as the suffix. Ensure
that the key file name doesn't have any special characters other than the
underscore.
b) Navigate to: Navigator > Tools > File Import and Export.
c) Import the bank-provided key file into account fin/payments/import.

d) While Creating the Transmission Configuration, From the Value choice list for the
applicable parameter, select the uploaded key file. The key name in the choice list is
the same as the one you uploaded using UCM. After you select the key and save the
transmission configuration, the key is automatically imported into the Payments.
Setup Transmission Configuration
To create the Transmission Configuration, below steps need to be followed:

1. Go to Setup and Maintenance-->Tasks. Search for the task Manage Transmission Configuration
and click on it.

2. From the Select Protocol dropdown, select the appropriate protocol (SFTP for Static File Names)
and click on the create button.

3. You will be taken to the Create Transmission Configuration page where the details need to be
filled.

Configuration: This is the name of the transmission configuration.

From Date: Date from which the transmission configuration is active.
FTP Server IP Address: This is the IP address to which the payment file will be transmitted (should be
obtained from the bank)
FTP Server Port Number: This is the address of the service within the IP (should be obtained from the
bank)
FTP Account Username: Username to login to the IP address (should be obtained from the bank)
FTP Account Password: Corresponding password (should be obtained from the bank)
Client Private Key File: The private key file that was generated in Oracle. (corresponding Public Key needs
to be shared with the bank)
Client Private Key Password: Password corresponding to the Private key

Remote File Directory: This is the remote file directory where the file will be transmitted (should be
obtained from the bank)
Sent File Name: Name of the sent file (should be obtained from the bank)
PGP Public Encryption Key: PGP Public Encryption Key generated at the bank end. This needs to be
uploaded in UCM first in order to have it in the dropdown list (should be obtained from the bank)
PGP Private Signing Key: PGP Private Signing key generated at Oracle (The corresponding Public key to
this needs to be shared with the bank)
PGP Private Key Password: Password corresponding to the PGP Private Signing Key generated at Oracle.

4. Once all the details are entered, click on the Test button on the top right corner to ensure the
connection

5. Click on Save and Close. The Transmission Configuration is now created successfully. Now it
needs to be attached to the corresponding Payment Process Profile from the below screen
 6. Now a payment needs to be done using this Payment Process Profile. Once the payment is
successfully completed, the payment file will be transmitted to the bank server.

Note: For communication with bank, the list of details that need to be shared with the bank and
obtained from the bank are given in the appendix in a tabular format.

Common Issues
1. The Test Connectivity is getting successful, but the transmission is failing after a
payment is done.
Please check whether the correct value is given in the Sent File Name field or not. If this field is left
blank, then Oracle will not be able to transmit the file.
2. The Test Connectivity is getting successful, all the relevant details are provided in the
transmission configuration, still the transmission is failing after a payment is done.
Please ensure that you have the write permission in the remote directory. Without the write
permission, Oracle will not be able to transmit the file to the remote path.

Key Findings
The outbound payment file is pushed to the bank through the following flow:
1. Oracle Sign the payload using Oracle Private key(.key) and Oracle encrypt using Bank public key
2. Bank decrypt using the Bank private key and Bank verify payload using Oracle Public key
Conclusion
Using H2H connectivity provides the client with the following edge:
1. It replaces tedious manual payment transfer process with end-to-end automation of payment
process.
2. It allows the client to transmit the payment file securely to the bank with PGP Encryption and
Signing.
3. It provides a seamless file transfer experience between the two systems.

Appendix
Details to be obtained from the Bank
FTP Server IP Address
FTP Server Port Number
FTP Account Username
FTP Account Password
Remote File Directory
Sent File Name
PGP Public Encryption Key

Details to be shared with the bank

Public Key for Client Private Key File
Public key for PGP Private Signing Key