swift certificate centre - getting started with your ... · swift certificate centre getting...
TRANSCRIPT
SWIFT Certificate Centre
Getting Started with your Personal Token
This document is for security officers, systems administrators and personal token users. It provides a high-level end-to-end view of how to order, to install and to activate the personal token. It also refers to other documentation for moredetailed procedures when necessary.
15 December 2017
Table of Contents
Preface............................................................................................................................................................... 3
1 Get Started............................................................................................................................................... 4
2 Order Personal Tokens from SWIFT...................................................................................................... 5
3 Install Token Software.............................................................................................................................7
4 Define a new SWIFTNet user.................................................................................................................. 8
5 Activate Token....................................................................................................................................... 11
Legal Notices...................................................................................................................................................13
SWIFT Certificate Centre Getting Started with your Personal Token Table of Contents
15 December 2017 2
PrefaceAccess to some services on SWIFT is protected by means of personal tokens. This documentdescribes how to order, to install and to activate the personal token. It also refers to otherdocumentation for more detailed procedures when necessary.
Audience
This document is for the following audience:
• personal token users
• security officers
• systems administrators
Significant changes
The following table lists the main changes since the previous publication of this document, but doesnot include general edits and minor updates.
New information Location
Personal token passwords are now subjected to apassword policy that determines the minimumcomplexity requirements for a valid password. Asecurity officer selects this policy for the token beforegenerating the activation secrets.
Activate Token on page 11
Define a new SWIFTNet user on page 8
SWIFTNet Online Operations Manager is nowavailable to personal token users over the Internet.Users require the appropiate roles to access thisservice.
Define a new SWIFTNet user on page 8
Related documentation
• SWIFT Certificate Centre Personal Token Software Installation Guide
• SWIFTNet Online Operations Manager User Guide
• Secure Channel User Guide
SWIFT Certificate Centre Getting Started with your Personal Token Preface
15 December 2017 3
1 Get StartedOrder and use personal tokens from SWIFT.
About this task
SWIFT provides tokens that enable strong authentication for individual users when accessingcertain SWIFT services. The token includes PKI credentials which the owner of the token hasgenerated. The PKI credentials are used to create digital signatures that allow the owner of thetoken to be identified. The token is personal and must not be shared with another user. It isprotected by a password that the owner of the token must keep private.
The SWIFT Certificate Centre is a portal that allows owners of personal tokens to manage theirtoken or PKI credentials stored on it. Users need their tokens to access the SWIFT CertificateCentre. The portal allows a user to activate a token, set its password and other such operations.
Get started process overview
Token Administrator
SWIFT
Security Officer
WHO
Install token
software
User’s PC2
Send the tokens to administrator
1
Order personal tokens
from SWIFT
swift.com
Token User
Send activation code to users
Define a new SN user
SWIFTNet OnlineOperations Manager
3
Activate token
SWIFT CertificateCentre
4
System Administrator
D13
600
01
WHEN
Procedure
1. Order Personal Tokens from SWIFT on page 5
2. Install Token Software on page 7
3. Define a new SWIFTNet user on page 8
4. Activate Token on page 11
SWIFT Certificate Centre Getting Started with your Personal Token Get Started
15 December 2017 4
2 Order Personal Tokens from SWIFTYou need to evaluate the number of tokens required for your institution, taking into account thenumber of users who will use them. Plan also for sufficient spare tokens in case of replacement.
About this task
Note Some services include an initial pack of personal tokens as part of the subscription.
If you need to order personal tokens, refer to the procedure below.
Procedure
1. Navigate to www.swift.com.
On the Ordering & Support menu, select Order Products and Services.
2. Select Personal tokens.
Click Order Personal Tokens and log in to www.swift.com with the SWIFT Customer log in screen.
The Personal Tokens order form appears.
Personal tokens are delivered in packs of ten. You must order at least one pack. In the Tokensordering section above, ten tokens have been ordered as one pack.
3. Scroll down to the Shipping details section.
SWIFT Certificate Centre Getting Started with your Personal Token Order Personal Tokens from SWIFT
15 December 2017 5
4. Fill in the appropriate fields and click Continue .
You will receive an acknowledgement e-mail at the address you provide in the E-mail field inthe shipping details. This e-mail confirms that your order has been received.
Note Only an administrator or a security officer can order personal tokens for the institutionswithin his scope of authority.
For more information on how to designate your security officer see the SecureChannel User Guide or visit the Secure Channel home page.
Important Allow a few weeks for delivery of the personal tokens.
Related information
Ordering
SWIFT Certificate Centre Getting Started with your Personal Token Order Personal Tokens from SWIFT
15 December 2017 6
3 Install Token SoftwareBefore you can use your personal token, you must install the token software. Each computer onwhich you will use your personal token requires an installation of token software.
Before you beginToken software installation requires your computer to meet minimum configuration requirements.
Minimum configuration requirements
Type Description
Browser Token software requires the 32-bit version of Internet Explorer.
SWIFT recommends Internet Explorer 11.0.
Operating System For personal computer operating systems, SWIFT recommends aWindows 7 PC or newer (32-bit or 64-bit).
For server operating systems, SWIFT recommends WindowsServer 2008 R2 or newer (32-bit or 64-bit).
Java Token software requires the 32-bit version of Java.
SWIFT recommends the latest Java version 8 with thecorresponding Critical Patch Update.
Important • Token software and Java installation requires you to have administrator rights.
• You must use the 32-bit versions of Internet Explorer and Java RuntimeEnvironment, even if you have a 64-bit Windows operating system.
• Windows 8 users must switch to desktop mode before launching Internet Explorer.
Procedure
1. Open Internet Explorer and navigate to SWIFT Certificate Centre.
Download the token installation program.
The zip file contains the token installer package.
2. Download the SWIFT Certificate Centre Personal Token Software Installation Guide for theprocedure on how to install the token software on your PC.
When the token software is installed, the PC is ready for the personal token.
Next, the SWIFTNet security officer must define a new SWIFTNet user for each personal tokenuser.
Related information
SWIFT Certificate Centre Personal Token Software Installation Guide
SWIFT Certificate Centre Getting Started with your Personal Token Install Token Software
15 December 2017 7
4 Define a new SWIFTNet userYour SWIFTNet security officer must assign a distinguished name (DN) for each personal tokenuser. To create a new DN, your security officer must complete the following steps:
Procedure
1. Log in to the SWIFTNet Online Operations Manager (O2M) service.
URL Description
https://www.o2m.swiftnet.sipn.swift.com Use this URL for connection with an HSM orpersonal token certificate over the MV-SIPNnetwork.
https://www.o2m.browse.swiftnet.sipn.swift.com
Use this URL for connection with a personaltoken certificate over the Internet
.
2. Go to Security > Certificate Management - User and click the User certs tab.
3. In the tree view, determine where in the hierarchy the new user is to be positioned. Thisposition in the tree determines the unique distinguished name created for the new user. SWIFTrecommends that you minimise the number of levels used in the tree to facilitate maintenanceof the tree. Put the user under an existing node by clicking that node to select it. The DN has asize limit of 100 characters.
Example of a DN: cn=john-smith,ou=departmentname,o=bankbebb,o=swift, where:
• the cn= segment has the name of the token holder
• the ou= segment allows you to group multiple users under the same organisation unit in yourtree
• the o= segment contains your live BIC
4. Click New .
The New window appears.
SWIFT Certificate Centre Getting Started with your Personal Token Define a new SWIFTNet user
15 December 2017 8
Type a name for the new user and select the type Human or Application.
The rules for entering the name are as follows:
• Minimum length is four characters (maximum is 20 characters)
• First character must be alphabetic, but can be lowercase or uppercase
• Subsequent characters, in any order, can be:
- alphabetic (lowercase or uppercase)
- digits (0-9)
- hyphen (-)
5. Click OK .
6. A confirmation window appears and asks you if you want to set up the user for certification.
7. Click OK
The Setup for Certification window appears.
SWIFT Certificate Centre Getting Started with your Personal Token Define a new SWIFTNet user
15 December 2017 9
8. Select the certificate class:
Personal token.
9. Select the password policy. Choose from Level 6, Level 8, and Level 12. The password policydetermines the minimum password complexity for a user when a token is activated or reset.
For guidance on choosing a password policy, see the SWIFTNet PKI Certificate AdministrationGuide.
10. Click OK .
After a few moments, the information for the user is updated.
11. Click + to display the activation code. Then copy it and pass it securely to the personal tokenuser.
12. [Optional] Enter a description of the new user and DN in the Description field.
13. Click Log off to quit the SWIFTNet Online Operations Manager.
SWIFT Certificate Centre Getting Started with your Personal Token Define a new SWIFTNet user
15 December 2017 10
5 Activate TokenA token requires activation before use. Activation requires you to have your token, activation codesand access to the SWIFT Certificate Centre from a PC that has an installation of token software.
About this task
When you first receive your personal token, the token is inactive because it does not yet containthe private key to your digital certificate. Activation generates a public and private key pair. Youmust activate your token on the SWIFT Certificate Centre before you can use it for SWIFT services.The public key is sent for registration with the SWIFTNet PKI authority. The private key neverleaves the token.
Procedure
1. Open Internet Explorer and navigate to http://www.swift.com/certificates for connection over theInternet, or to https://scc.swiftnet.sipn.swift.com for connection over MV-SIPN.
The SWIFT Certificate Centre window appears.
2. Insert your token into a free USB port of your computer.
3. Click Login .
The Confirm Certificate window appears.
4. Select the certificate and click OK .
The Log on to eToken window appears.
5. Type the initial password that was supplied with the token in the Password field and click OK .
6. You may have to provide the password a second time.
The SWIFT Certificate Centre Login window appears.
7. Type the initial password that was supplied with the token in the Enter your token passwordfield and click Login .
The Token Activation window appears.
8. In the Enter Activation Code window, type the activation code that you received from SWIFT,or enter it using copy-and-paste and click Validate .
If there is a problem with the activation code, then re-enter the code and click Validate again.
Note The activation code is required only once to complete the activation. Afteractivation is complete, this code cannot be reused.
9. You must now set your own password for the token. Read the password policy rules on theChange password window, then complete the following fields:
Current Password Enter the initial password that was supplied with the token.
SWIFT Certificate Centre Getting Started with your Personal Token Activate Token
15 December 2017 11
New Password Provide a strong password. Use the following guidelines when creating apassword:
• the minimum length varies according to the password policy
• the maximum possible password length is twenty characters
• You can use the following characters:
- 0-9 A-Z a-z and space
- ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ]^ _ ` { | } ~
• you cannot use accented characters (for example, é or ö)
Confirm new password Re-enter the new password.
Note Passwords expire. The token password policy determines how often you mustchange your password.
10. Click Change .
Your private key is now being generated on the token and the public key is being certified bySWIFT.
The Activation complete window appears.
Your personal token is ready for use now that it a stores your certificate and a private key that ispassword protected.
The Activation complete window displays the following information about the certificate on yourtoken:
DN The Distinguished Name of your certificate.
Expires The date and time at which the certificate expires.
Click Logout to quit the SWIFT Certificate Centre.
Related information
SWIFT Certificate Centre Portal User Guide
SWIFT Certificate Centre Getting Started with your Personal Token Activate Token
15 December 2017 12
Legal NoticesCopyright
SWIFT © 2017. All rights reserved.
Disclaimer
The information in this publication may change from time to time. You must always refer to thelatest available version.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:the SWIFT logo, SWIFT, SWIFTNet, Sibos, 3SKey, Innotribe, the Standards Forum logo,MyStandards, and SWIFT Institute. Other product, service, or company names in this publicationare trade names, trademarks, or registered trademarks of their respective owners.
SWIFT Certificate Centre Getting Started with your Personal Token Legal Notices
15 December 2017 13