Professional Documents
Culture Documents
Host to Host(H2H) is an automated solution for secure electronic data transfer between the Oracle
system and bank. H2H connectivity enables the Oracle system to exchange the payment data to the bank
in their specified file format, network protocol and security standard.
H2H connectivity is created in Oracle Fusion through creating Transmission Configuration. The
Transmission Configuration is attached to a Payment Process Profile which is specific to a bank. The
connectivity between Oracle and Bank is established using Secure Shell Key (.ssh).
While setting up the transmission configuration, the outbound messages is secured using payload
security. Payload security is the securing of payment files using payment file encryption and digital
signature based on the open PGP standard.
In order to use the encryption and digital signature in the Transmission Configuration, keys need to be
generated in Oracle and the Bank end. Encryption and digital signature verification require a public key.
Conversely, decryption and signing a digital signature requires a private key. A private key and public key
pair are known as the Key Pair. The party who generates the key pair retains the private key and shares
the
public key with the other party.
Before Creating the Transmission Configuration, the following needs to be done:
1. Client Private Key (SSH Key) and PGP Signing Key needs to be generated in Oracle and
corresponding Public Keys need to be shared with the Bank
To do this perform the following steps:
a) Go to Setup and Maintenance-->Tasks. Search for the task Manage Transmission
Configuration and click on it.
b) From the Select Protocol dropdown, select the appropriate protocol (Secure File
Transfer Protocol for Static File Names) and click on the create button.
c) Give the appropriate Configuration name. In the Client Private Key Password field,
enter the password that you want to set.
d) Now click on the dropdown for the Client Private Key File and then click on the
Quick Create link.
e) An SSH key will be created along with the timestamp and instance name. Note this
key name for future reference
2. The PGP Public Encryption Key received from the bank needs to be imported to Oracle cloud
through UCM. To do this, perform the following steps:
a) Rename the bank-provided key file by including “public.key” as the suffix. Ensure
that the key file name doesn't have any special characters other than the
underscore.
b) Navigate to: Navigator > Tools > File Import and Export.
c) Import the bank-provided key file into account fin/payments/import.
d) While Creating the Transmission Configuration, From the Value choice list for the
applicable parameter, select the uploaded key file. The key name in the choice list is
the same as the one you uploaded using UCM. After you select the key and save the
transmission configuration, the key is automatically imported into the Payments.
Setup Transmission Configuration
To create the Transmission Configuration, below steps need to be followed:
1. Go to Setup and Maintenance-->Tasks. Search for the task Manage Transmission Configuration
and click on it.
2. From the Select Protocol dropdown, select the appropriate protocol (SFTP for Static File Names)
and click on the create button.
3. You will be taken to the Create Transmission Configuration page where the details need to be
filled.
Remote File Directory: This is the remote file directory where the file will be transmitted (should be
obtained from the bank)
Sent File Name: Name of the sent file (should be obtained from the bank)
PGP Public Encryption Key: PGP Public Encryption Key generated at the bank end. This needs to be
uploaded in UCM first in order to have it in the dropdown list (should be obtained from the bank)
PGP Private Signing Key: PGP Private Signing key generated at Oracle (The corresponding Public key to
this needs to be shared with the bank)
PGP Private Key Password: Password corresponding to the PGP Private Signing Key generated at Oracle.
4. Once all the details are entered, click on the Test button on the top right corner to ensure the
connection
5. Click on Save and Close. The Transmission Configuration is now created successfully. Now it
needs to be attached to the corresponding Payment Process Profile from the below screen
6. Now a payment needs to be done using this Payment Process Profile. Once the payment is
successfully completed, the payment file will be transmitted to the bank server.
Note: For communication with bank, the list of details that need to be shared with the bank and
obtained from the bank are given in the appendix in a tabular format.
Common Issues
1. The Test Connectivity is getting successful, but the transmission is failing after a
payment is done.
Please check whether the correct value is given in the Sent File Name field or not. If this field is left
blank, then Oracle will not be able to transmit the file.
2. The Test Connectivity is getting successful, all the relevant details are provided in the
transmission configuration, still the transmission is failing after a payment is done.
Please ensure that you have the write permission in the remote directory. Without the write
permission, Oracle will not be able to transmit the file to the remote path.
Key Findings
The outbound payment file is pushed to the bank through the following flow:
1. Oracle Sign the payload using Oracle Private key(.key) and Oracle encrypt using Bank public key
2. Bank decrypt using the Bank private key and Bank verify payload using Oracle Public key
Conclusion
Using H2H connectivity provides the client with the following edge:
1. It replaces tedious manual payment transfer process with end-to-end automation of payment
process.
2. It allows the client to transmit the payment file securely to the bank with PGP Encryption and
Signing.
3. It provides a seamless file transfer experience between the two systems.
Appendix
Details to be obtained from the Bank
FTP Server IP Address
FTP Server Port Number
FTP Account Username
FTP Account Password
Remote File Directory
Sent File Name
PGP Public Encryption Key