Banks Tupas Certification Service for Service Providers

Banks Tupas Certification Service for Service Providers Service description and guidelines Version 2.1 3 October 2005

SERVICE DESCRIPTION 2 (21) CHANGE LOG Version Page Comment V2.0 All Message structure changed V2.1 New banks added, some wordings changed APPROVAL Version code Date Approved by V2.0 13.6.2002 Payment Transactions Subcommittee V2.1 3.10.2005 Payment Transactions Subcommittee

SERVICE DESCRIPTION 3 (21) FINNISH BANKS CERTIFICATION SERVICE FOR SERVICE PROVIDERS SERVICE DESCRIPTION AND GUIDELINE FOR SERVICE PROVIDERS Contents: 1 SERVICE... 4 1.1 Online/Electronic banking codes and customer authentication... 4 1.1.1 Online banking codes for personal customers... 4 1.1.2 Online banking codes for businesses and organisations... 4 1.2 Agreement on the use of the Tupas service... 5 1.3 General description of the Tupas service...5 1.4 Service functionality... 6 1.5 Service security... 6 1.6 Definition of strong authentication... 7 2 FUNCTIONAL SERVICE DESCRIPTION... 8 3 SERVICE MESSAGES AND THEIR CONTENT... 10 3.1 Certification request... 10 3.2 Certification request s field descriptions:... 10 3.3 Forming of the MAC for a certification request (A01Y_MAC)... 11 3.4 Certificate and identifier... 12 3.5 Certificate message field descriptions... 13 3.6 MAC calculation for the certificate... 13 3.7 Identifier type... 14 3.7.1 Plain-text identifier... 14 3.7.2 Encrypted identifier... 14 3.8 Encrypted identifier comparison and customer authentication... 14 3.9 Bank-specific buttons... 15 3.10 Exceptional situations... 15 4 CHANGING THE MAC key... 16 5 CHARACTER SET USED IN THE SERVICE... 17 APPENDIX 1 BANKs CONTACT INFORMATION... 18 APPENDIX 2 CERTIFICATE REQUEST TYPE... 20 APPENDIX 3 CUSTOMER IDENTIFIER IN THE CERTIFICATE... 21

SERVICE DESCRIPTION 4 (21) 1 SERVICE Finnish banks Tupas certification service (hereafter the Tupas service ) allows businesses and organisations (hereafter service providers ) providing Internet services to authenticate their customers with Tupas certificates issued by the Tupas service. In the Tupas service a bank authenticates a customer by a strong authentication method (see section 1.6). The Tupas certificates issued by the service can also be used for signing documents electronically if so agreed by the customer and the service provider. The Tupas service is jointly defined by Finnish banks. Each bank authenticates its customers with the same bank-specific identifiers that the customer uses in the bank s own services. 1.1 Online/Electronic banking codes and customer authentication The Tupas service is used with online banking codes created and issued by a bank to its customers. The online banking codes can be a combination of a user ID and one-time passwords. Banking codes are always personal, regardless of whether they are issued to a personal customer, business or organisation. Banks can use subcontractors and agents in their operations as long as the models of cooperation are compliant with the Credit Institutions Act and the standards issued by the Finnish Financial Supervision Authority by virtue of the Act. 1.1.1 Online banking codes for personal customers A customer receives personal online banking codes after signing an agreement. The agreement must be signed personally by the customer; he or she cannot authorise another person to sign the agreement on his or her behalf. Banks have a statutory obligation to identify their customers. When a customer comes to a bank branch or an office of the bank s subcontractor or agent, his or her identity is verified from an official document approved by the bank, such as a driving licence, personal identity card, passport or social insurance card with photo, as required by the Financial Supervision Authority. The first set of online banking codes must be collected in person so that the customer can be reliably identified. Subsequent one-time banking codes can then be mailed to the customer. 1.1.2 Online banking codes for businesses and organisations When an agreement on banking codes is made with a business or organisation (hereinafter corporate customer ), it is required that the bank identifies the corporate customer and that the person signing the agreement has a mandate to do that. The corporate customer must provide the bank with its registration documents or similar clarification, unless this has been provided previously in the course of the customer relationship. The mandate of the signatory must be verified from a decision of the customer s board of directors or corresponding body, specific power of attorney or a

SERVICE DESCRIPTION 5 (21) document indicating the person s authorisation to sign for the corporate customer. The signatory s personal identity must also be verified. The distribution of banking codes is subject to the provisions of section 1.1.1 above as applicable. 1.2 Agreement on the use of the Tupas service A service provider must make a Tupas service agreement with all the banks whose services it wants to use. A separate agreement must be made with each bank. The banks contact information is given in Appendix 1 to this service description. The Tupas service implementation date is agreed upon when the agreement is made. The service provider s information is registered separately in each bank. The service provider notifies each bank separately in the event of changes to its information. Once the agreement has been signed, the bank provides the service provider with a bank-specific service identifier/customer ID and pass phrase/message Authentication Code (MAC) key. These are delivered to the service provider electronically or in paper format, depending on the bank. The bank-specific data used in the testing phase is available in the service descriptions of each bank. The service provider can test the service in a production environment by using bank-specific test codes before signing the agreement. 1.3 General description of the Tupas service The key player in the use of the Tupas service is the customer who wants to authenticate him- or herself towards a service provider. The customer controls the transmission of data between the service provider and the bank. The bank and the service provider are not in direct contact with each other during the service. When a service provider needs to authenticate a customer, the service provider sends a certification request to the customer, who clicks a link/button leading to the Tupas service of the customer s bank. The service provider s certification request is transmitted from the customer to the bank s Tupas service, which sends a response message (hereinafter the Tupas certificate or the certificate ) to the customer. The customer checks the Tupas certificate s data. If the customer approves it, he or she returns to the service provider s service and the certificate is transmitted to the service provider. The customer can cancel the authentication transaction before authenticating him- or herself to the bank, and he or she can also reject the bank s certificate. The service provider and customer can agree on using the Tupas certificate as a component in an electronic signature used for a legal transaction between the customer and the service provider. In such transactions the bank is only responsible for authenticating the customer as specified in this service description. The bank is not responsible for the validity or content of the legal transaction between the customer and the service provider.

SERVICE DESCRIPTION 6 (21) 1.4 Service functionality The certificate provided by a bank is unique and tied with a time stamp to the service transaction and to the customer. The Tupas service has different functionalities and usage alternatives depending on the type of the certificate agreed upon by the service provider and the bank. The Tupas certificate issued by a bank always includes the name of the customer. Any additional identification data can be either in plain text or encrypted. If the identification data is in plain text, the bank may transmit the customer s personal identity number, the last four characters of the personal identity number, a Business ID or other electronic transaction identifier in accordance with the service agreement. The bank only transmits personal identity numbers in plain text to service providers authorised to register them. If the identification data is encrypted, the bank transmits an identifier derived from the customer s personal identity number, Business ID or other electronic transaction identifier. The actual personal identity number or other identifier is not transmitted with the response message. For this reason the service provider should have in its data system the customer s personal identity number, Business ID or other electronic transaction identifier so that it can reliably authenticate the customer against the bank s response message. If the service provider does not have the customer s ID, it should be requested before sending the certification request. This functionality is suitable for verifying the validity of the customer s data by comparing it with the data stored at the bank. The Tupas service is mainly applicable to consumer services. Some banks are able to identify a corporate user by the Business Identity Code (Business ID), but not all banks register companies as online banking customers. 1.5 Service security To prevent external parties from viewing or changing the information, data communication between the parties of the Tupas service is encrypted with SSL encryption. The service provider s server software must support SSL encryption implemented with 128-bit keys. The key length used in a session is based on the properties of the customer s browser. The integrity of a certification request and a certificate are protected with a message authentication code (MAC), so it is not possible for the customer (who controls the certificate transmission) to alter the data without the service provider or the bank noticing it. Each party is responsible for the protection and security of its own services and correctness of the data stored by them. A customer authenticating him- or herself is responsible for making sure that the online banking codes do not fall into the hands of external parties. The service provider s service must include a notice stating that the service uses the Tupas service which employs the customer s personal banking codes in authentication.

SERVICE DESCRIPTION 7 (21) 1.6 Definition of strong authentication Strong authentication of a person is based on something that the user: 1) Knows (such as a user ID), 2) Possesses (such as a list of passwords), 3) Is (such as a fingerprint). For an authentication transaction to fulfil this definition, two of these requirements must be met simultaneously. In addition to strong authentication, the transaction must be based on a sufficiently secure procedure. One-time passwords fulfil the criteria for strong authentication, but the sole combination of a fixed password and user ID does not fulfil the criteria for strong authentication required in the Tupas specification.

SERVICE DESCRIPTION 8 (21) 2 FUNCTIONAL SERVICE DESCRIPTION Customer Service provider Website pages Certification request page Bank's customer authentication page 3 5 4 1 2 Customer's bank Customer authentication and Tupas certification service SP's website 8 Approval of Certificate Service terms 6 7 Tupas certificate Chart explanation: 1. A customer contacts the service provider s online service. During the phase when the customer enters the data requested by the authentication service the data communication between the customer and the service provider must be SSL encrypted. During phases 2 to 7 the data transfer link is always SSL encrypted. 2. The service provider sends the customer a certification request containing identifiers related to the transaction. The customer verifies the data in the request, but cannot change it. The customer can, however, interrupt the authentication process and return to customer s service. The certification request page in the customer s browser includes function buttons leading to the Tupas service and a Cancel button. 3. The customer clicks the button that transfers him or her to Tupas service. The certification request transmitted to the bank contains the data on the service provider and the transaction. The bank verifies the integrity of the request and the correctness of the data. 4. If the service provider s certification request is correct, the bank sends the customer an authentication request. If the bank notices errors in the request, it gives the customer an error message. In this case the customer returns to the service provider s service by clicking the Cancel button. 5. The customer authenticates him- or herself to the bank. If authentication fails, the bank sends the customer an error message and the customer returns to the service provider s service by clicking the Cancel button.

SERVICE DESCRIPTION 9 (21) 6. After successful authentication the bank generates a response message (the Tupas certificate). The Tupas service activates Accept and Cancel buttons for the customer. 7. The customer checks the certificate and approves the transfer of the authentication data to the service provider. By clicking Cancel, the customer can interrupt the authentication process and return to the service provider s service. 8. The service provider verifies the integrity and uniqueness of the certificate received. The service provider attaches the certificate to the customer s service transaction and stores it for as long as other service data is stored. Customer identification data must not be registered or used for any other purpose.

SERVICE DESCRIPTION 10 (21) 3 SERVICE MESSAGES AND THEIR CONTENT 3.1 Certification request Certification request data is in the form of hidden variables in the FORM data group behind a bank-specific button or icon. FORM DATA GROUP Field Name of data Length Comment 1. Message type A01Y_ACTION_ID 3-4 Standard, "701" 2. Version A01Y_VERS 4 For example, "0002" 3. Service provider A01Y_RCVID 10-15 Customer code 4. Service language A01Y_LANGCODE 2 ISO 639 code: FI = Finnish SV = Swedish EN = English 5. Request identifier A01Y_STAMP 20 yyyymmddhhmmssxxxxxx 6. Identifier type A01Y_IDTYPE 2 See Appendix 2 7. Return address A01Y_RETLINK 199 OK return address for certificate 8. Cancel address A01Y_CANLINK 199 Return address in cancellation 9. Rejected address A01Y_REJLINK 199 Return address in error situations 10. Key version A01Y_KEYVERS 4 Key generation data 11. Algorithm A01Y_ALG 2 01 = MD5 02 = SHA-1 12. Control field A01Y_MAC 32-40 Message authentication code (MAC) of request The data field names are written in capital letters. The HTML structure of the FORM data group is: <FORM METHOD= POST ACTION= bank Tupas service URL > <INPUT NAME= A01Y_ACTION_ID TYPE= hidden VALUE= 701 > <INPUT NAME= A01Y_VERS TYPE="hidden VALUE=... > <INPUT NAME= A01Y_RCVID TYPE="hidden VALUE=... > <INPUT NAME= A01Y_LANGCODE TYPE="hidden VALUE=... > <INPUT NAME= A01Y_STAMP TYPE="hidden VALUE=... > <INPUT NAME= A01Y_IDTYPE TYPE="hidden VALUE=... > <INPUT NAME= A01Y_RETLINK TYPE="hidden VALUE=... > <INPUT NAME= A01Y_CANLINK TYPE="hidden VALUE=... > <INPUT NAME= A01Y_REJLINK TYPE="hidden VALUE=... > <INPUT NAME= A01Y_KEYVERS TYPE="hidden VALUE=... > <INPUT NAME= A01Y_ALG TYPE="hidden VALUE=... > <INPUT NAME= A01Y_MAC TYPE="hidden VALUE=... > </FORM> 3.2 Certification request s field descriptions: Field 1 The type of the message, which is a standard "701" in the Tupas service.

SERVICE DESCRIPTION 11 (21) Field 2 Field 3 Field 4 Field 5 Field 6 Field 7 Version number of the certification request message, which is bankspecific. Service provider s customer ID in its bank. The bank identifies the service provider from the customer ID and attaches to the Tupas certificate the service provider s name from its register. The language code of the service reveals the language of the service provider s page, and the bank service opens in this language. An identifier assigned to the certification request by the service provider. The identifier can be a reference number, customer number or a combination of date, time, a running identifier and a reference number. The identifier type shows what kind of an identifier the service provider wants from the customer. The identifier type must correspond to the functionality agreed upon in the service agreement. This is the address of the service provider s page where the service continues in OK situations. The service address must start with https - that is, the page must be SSL encrypted. Example: VALUE="https://product.merchant.fi/order/confirmation.htm" Field 8 Continuation point for the service provider s service in case the customer cancels the transmission of the certificate. Example: VALUE="https://product.merchant.fi/order/cancel.htm" Field 9 Continuation point for the service provider s service in case of a technical error during authentication. The return address can be the same as in field 8. Example: VALUE="https://product.merchant.fi/order/error.htm" Field 10 Field 11 Key version used in MAC calculation. Algorithm type code used in MAC calculation. 01 = MD5 algorithm, which produces a 32-character MAC 01 = SHA-1 algorithm, which produces a 40-character MAC. Field 12 The MAC calculated with the algorithm defined in data field 11 from the data encrypted in the certification request and the service provider s MAC key. With the MAC the recipient can verify the integrity of the certification request and authenticate the sender. 3.3 Forming of the MAC for a certification request (A01Y_MAC) The service provider forms a bank-specific certification request for each bank s button in its service. The certification request is protected by a MAC. The MAC is calculated from

SERVICE DESCRIPTION 12 (21) the certification request s FORM data group using the MAC key given to the service provider by the bank. The calculation starts by forming a character string from the service provider s MAC key and the VALUE of all data fields in the FORM data group preceding the MAC (fields 1 to 11).. The data is combined into character strings in sequence so that any blanks serving as fill characters are left out. The data groups in the character string are separated by & characters. An & character is also placed between the last data (field 11) and the MAC key, as well as at the end of the pass phrase. The & characters are included in the MAC calculation. The data appears on one single line. " " indicates a line break in this document. A01Y_ACTION_ID&A01Y_VERS&A01Y_RCVID&A01Y_LANGCODE& A01Y_STAMP&A01Y_IDTYPE&A01Y_RETLINK&A01Y_CANLINK& A01Y_REJLINK&A01Y_KEYVERS&A01Y_ALG&passphrase& The calculated MAC is converted into hexadecimal form, in which characters from A to F are represented in capitals. The hexadecimal hash value is taken to the Control field. 3.4 Certificate and identifier CERTIFICATE Field Name of data Length Comment 1. Version B02K_VERS 4 For example, "0002" 2. Certificate identification B02K_TIMESTMP 23 NNNyyyymmddhhmmssxxxxxx 3. Certificate number B02K_IDNBR 10 Number assigned to the certificate by the bank 4. Request identifier B02K_STAMP 20 Request data field 7 ( A01Y_STAMP) 5. Customer B02K_CUSTNAM -40 Customer s name E 6. Key version B02K_KEYVERS 4 Key generation 7. Algorithm B02K_ALG -40 1 = MD5 02 = SHA-1 8. Identifier B02K_CUSTID 12 See Appendix 3 9. Identifier type B02K_CUSTTYPE 2 See description 10. Control field B02K_MAC 32-40 MAC of the certificate The customer s bank adds the data in the response message to the OK return link in query string format. http://a01y_retlink? B02K_VERS&B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP& B02K_CUSTNAME&B02K_KEYVERS&B02K_ALG&B02K_CUSTID& &B02K_MAC The control code (BO2K_MAC) is calculated from the original message, after which the Scandinavian letters and certain special characters (such as blanks, equal signs and quotation marks) are replaced with the corresponding hexadecimal value (for example %20) in the message.

SERVICE DESCRIPTION 13 (21) The bank calculates the MAC for the certificate using a service provider-specific key. With the MAC the service provider can verify that the certificate has been formed by the customer s bank and that the data in the certificate has not been changed. 3.5 Certificate message field descriptions Field 1 Field 2 Version number of the Tupas certificate, which is bank-specific. Time stamp formed by the bank s system, in which NNN is the bank s number: Handelsbanken = 310 Nordea Bank Finland = 200 OP Bank Group = 500 Sampo Bank = 800 Savings banks and local co-op banks = 400 Tapiola Bank = 360 Bank of Åland = 600 Field 3 An identifier (a number) formed in the bank s information system for the certificate. Field 4 An identifier for the certification request picked from its data field 7 (A01Y_STAMP) Field 5 Field 6 Field 7 Field 8 Field 9 Field 10 Name of the authenticated customer retrieved from the bank s customer database. Generation number of the MAC key. MAC algorithm code. Customer ID, the content of which depends on the A01Y_IDTYPE field in the certification request. The field may contain an encrypted ID or a plaintext ID. Type of identifier. Tupas certificate MAC. 3.6 MAC calculation for the certificate The service provider verifies the integrity of the certificate received by calculating its MAC and comparing it with the MAC value in the control field of the message received. The MAC is calculated using data fields 1 to 9 in the certificate. When calculating the MAC, the data and the MAC key are separated by an "&" character. The & character is also appended to the end of the MAC key. The service provider-specific key is used in the MAC calculation: B02K_VERS&B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP& B02K_CUSTNAME&B02K_KEYVERS&B02K_ALG& B02K_CUSTID&B02K_CUSTTYPE&ALG&

SERVICE DESCRIPTION 14 (21) 3.7 Identifier type The Tupas certificate s MAC calculation includes the identifier type specified in field A01Y_IDTYPE of the request message. 3.7.1 Plain-text identifier The value of field A01Y_IDTYPE in the certification request is 02 or 03 ; that is, a plaintext basic ID or a truncated plain-text basic ID. The identifier is a character string in plain text - for example, a personal identity number or its last four characters as required by field A01Y_IDTYPE in the certification request. The identifier is assigned as such (i.e. unchanged) to field B02K_CUSTID in the certificate. 3.7.2 Encrypted identifier The value of field A01Y_IDTYPE in the certification request is 01 ; that is, an encrypted basic ID. The bank uses the same hash algorithm for encrypting the identifier as is used for the MAC fields. The uniqueness of the identifier is confirmed from the content of the certificate s fields 2 to 4 and the customer ID (personal identity number or Business ID) in field 8 (A01Y_IDTYPE) of the certification request. When calculating an encrypted identifier, the data and the MAC key are separated by an "&" character. The & character is also appended to the end of the MAC key. The service provider-specific key is used for encryption. B02K_TIMESTMP&B02K_IDNBR&B02K_STAMP& customer_identifier&passphrase& The result of the calculation is converted into hexadecimal form, in which characters from A to F are represented in capital letters. The final result is a character string identifying the customer, and it is placed in field B02K_CUSTID of the certificate. 3.8 Encrypted identifier comparison and customer authentication If the identifier is encrypted, the service provider first verifies the integrity of the certificate. Then the service provider calculates a comparison data for the customer identifier on the basis of the customer code stored in its register as described in section 3.7.2. When the calculated comparison data and the identifier in the received certificate are identical and the message is intact, the data of the customer authenticated by the bank corresponds to the data registered by the service provider.

SERVICE DESCRIPTION 15 (21) 3.9 Bank-specific buttons The image files for bank-specific buttons can be obtained from a website at an address separately specified by each bank. The size or colour of the buttons must not be changed. The button image must not be used for purposes other than those that have been agreed upon between the service provider and the bank. 3.10 Exceptional situations The service provider must be prepared for exceptional situations, which include: 1. Customer interrupts the authentication process The customer can interrupt the transaction by clicking the Cancel button, either before the certification request is sent to the bank or after receiving the certificate. The address for the Cancel button is the Cancel address in FORM data field 8 of the certification request. 2. Customer authentication fails Customer authentication may fail if there are errors in the customer identifier or if the customer requests authentication with a wrong bank. The customer can return to the service provider s service by using the Cancel button. The address for the Cancel button is the Rejected address in FORM data field 8 of the certification request. 3. The bank detects an error in the certification request The bank detects an error in the certification request before the customer has been authenticated. The customer returns to the service provider s service using the Cancel button assigned to the Rejected address in FORM data field 9. 4. The service provider detects an error in the certificate The service provider detects an error when verifying the certificate. The error might be due to an error in the content of the certificate, or the data provided by the customer to the service provider does not match the data stored in the bank s system. The service provider should send the customer a message indicating of the situation. 5. There is no reply at all The reason for the interruption may be a connection break or other technical disturbance, or the customer terminating the session halfway through. 6. The same reply comes several times The service provider must be prepared for situations where the customer sends the same reply several times or resends an old certificate when moving between browser windows with the back/forward buttons.

SERVICE DESCRIPTION 16 (21) 4 CHANGING THE MAC KEY The MAC key used when calculating the MAC values can be changed at the bank s or service provider s request. Bank-specific procedures are used when changing the key, and these are described in each bank s system descriptions. Two bank-specific procedures are used in the key change: Only the MAC key is changed, the service provider s customer ID remains the same. Both the MAC key and the customer ID are changed. The MAC key is delivered to the contact person named in the agreement. The contact person is also informed of the new key s version number and the effective date. From that date onwards, MAC will be calculated using the new key. In order to guarantee a smooth key change, the service provider s system must enable the entry of the new key into the system ahead of time - in other words, the simultaneous use of at least two MAC keys. At the time of transfer (for a period of about 15 minutes), it is possible that MAC in some certificates arriving at the service provider are calculated with the old key and some are calculated with the new key. Once the new MAC key has been successfully taken into use, the old key can be deleted or deactivated in the service provider s system.

SERVICE DESCRIPTION 17 (21) THE FINNISH BANKERS 5 CHARACTER SET USED IN THE SERVICE An 8-bit ISO 8859-1 (Latin1) character set is used in the service. The below table lists the codes of the character set. æ %00 %01 %02 %03 %04 %05 %06 %07 0 1 2 3 4 5 6 7 %30 %31 %32 %33 %34 %35 %36 %37 ` a b c d e f g %60 %61 %62 %63 %64 %65 %66 %67 %90 %91 %92 %93 %94 %95 %96 %97 À Á Â Ã Ä Å Æ Ç %c0 %c1 %c2 %c3 %c4 %c5 %c6 %c7 ð ñ ò ó ô õ ö %f0 %f1 %f2 %f3 %f4 %f5 %f6 %f7 backspace tab linefeed c return %08 %09 %0a %0b %0c %0d %0e %0f 8 9 : ; < = >? %38 %39 %3a %3b %3c %3d %3e %3f h i j k l m n o %68 %69 %6a %6b %6c %6d %6e %6f š œ Ÿ %98 %99 %9a %9b %9c %9d %9e %9f È É Ê Ë Ì Í Î Ï %c8 %c9 %ca %cb %cc %cd %ce %cf ø ù ú û ü ý þ ÿ %f8 %f9 %fa %fb %fc %fd %fe %ff %10 %11 %12 %13 %14 %15 %16 %17 @ A B C D E F G %40 %41 %42 %43 %44 %45 %46 %47 p q r s t u v w %70 %71 %72 %73 %74 %75 %76 %77 %a0 %a1 %a2 %a3 %a4 %a5 %a6 %a7 Ð Ñ Ò Ó Ô Õ Ö %d0 %d1 %d2 %d3 %d4 %d5 %d6 %d7 %18 %19 %1a %1b %1c %1d %1e %1f H I J K L M N O %48 %49 %4a %4b %4c %4d %4e %4f x y z { } ~ %78 %79 %7a %7b %7c %7d %7e %7f ª «%a8 %a9 %aa %ab %ac %ad %ae %af Ø Ù Ú Û Ü Ý Þ ß %d8 %d9 %da %db %dc %dd %de %df Space! " # $ % & ' %20 %21 %22 %23 %24 %25 %26 %27 P Q R S T U V W %50 %51 %52 %53 %54 %55 %56 %57 ƒ %80 %81 %82 %83 %84 %85 %86 %87 ± ² ³ µ %b0 %b1 %b2 %b3 %b4 %b5 %b6 %b7 à á â ã ä å æ ç %e0 %e1 %e2 %e3 %e4 %e5 %e6 %e7 ( ) * +, -. / %28 %29 %2a %2b %2c %2d %2e %2f X Y Z [ \ ] ^ _ %58 %59 %5a %5b %5c %5d %5e %5f ˆ Š Œ Ž %88 %89 %8a %8b %8c %8d %8e %8f ¹ º» ¼ ½ ¾ %b8 %b9 %ba %bb %bc %bd %be %bf è é ê ë ì í î ï %e8 %e9 %ea %eb %ec %ed %ee %ef

SERVICE DESCRIPTION 18 (21) APPENDIX 1 BANKS CONTACT INFORMATION HANDELSBANKEN Agreement issues: Local branch Codes and keys: Collected from the bank Customer support and technical problems: Helpdesk 010 444 2545 Banking days between 8.00-17.00 E-mail: finhelp@handelsbanken.fi NORDEA Agreement issues: Codes and keys: Customer support and technical problems: E-mail: Local branch Delivered by mail to the contact person named in the agreement. Solo information for corporate customers In Finnish: 0200 67210 (0.11 /min + local network charge / mobile call charge) Banking days between 8.00-18.00 In Swedish: 0200 67220 (0.11 /min + local network charge / mobile call charge) Banking days between 9.00-16.30 In English: 0200 67230 (0.11 /min + local network charge / mobile call charge) Banking days between 9.00-18.00 Solo.tori@nordea.fi OP BANK GROUP Agreement issues: Codes and keys: Customer support: E-mail: Local OP bank Collected from the bank OP Bank phone service: In Finnish: 0100 0500 In Swedish: 0100 9051 verkkopainikkeet@op.fi SAMPO BANK Agreement issues: Local branch or tel. 0106 6060 (local network charge / mobile call charge) Mon - Fri between 8.00-17.00 Codes and keys: Delivered on a diskette in a sealed mail package Customer support and technical problems: Private customers 0200 2589 (local network charge / mobile call charge), Mon - Fri between 9.00-18.00 Corporate customers 0600 122 12 (1.17 /min +local network charge / mobile call charge), Mon - Fri between 8.00-17.00 E-mail: asiakastuki.ml@sampo.fi or tunnistuspalvelu@sampo.fi

SERVICE DESCRIPTION 19 (21) SAVINGS BANKS AND LOCAL CO-OPERATIVE BANKS Agreement issues: Local branch Codes and keys: Collected from the bank Customer support and technical problems: tel. 0100 4052 (1.17 /min + local network charge) E-mail: info@samlink.fi TAPIOLA BANK Agreement issues: Tapiola electronic services Codes and keys: Delivered to the contact person named in the agreement Customer support and technical problems: Private customers 0203 45370 (Mon - Fri) E-mail: tunnistuspalvelu@tapiola.fi BANK OF ÅLAND Agreement issues: Customer code: Local branch Delivered at the branch upon signing the agreement. The MAC key is mailed to the contact person named in the agreement. Customer support and technical problems: Contact Center customer service In Finnish: 0204 292920 In Swedish: 0204 292910 Banking days Mon - Thu 8.40-16.30, Fri 9.30-16.30 e-mail: contactcenter@alandsbanken.fi

SERVICE DESCRIPTION 20 (21) APPENDIX 2 CERTIFICATE REQUEST TYPE Data field 6 in the certification request determines the type of identifier requested. The type is encoded with two characters (XY) of which the latter specifies the content of the requested identifier. 01 = Encrypted basic identifier A hexadecimal MAC calculated from the customer s identification data (identifier). The identifier can be a complete personal identity number, an electronic transaction identifier or a complete Business ID. 02 = Basic plain-text identifier The basic identifier can be the customer s complete personal identity number, an electronic transaction identifier or a complete Business ID. 03 = Truncated plain-text identifier A truncated identifier can contain the last four characters of the personal identity number without the character indicating century, or a complete business ID.

SERVICE DESCRIPTION 21 (21) APPENDIX 3 CUSTOMER IDENTIFIER IN THE CERTIFICATE The data field for identifier type indicates the type of identification data contained in field 8. The data is encoded with two characters (XY) of which the latter indicates the actual identification data type. Identification data: 00 = identifier not known 01 = personal identity number in plain text 02 = last four characters of personal identity number in plain text 03 = Business ID in plain text 04 = electronic transaction identifier in plain text 05 = encrypted personal identity number 06 = encrypted Business ID 07 = encrypted electronic transaction identifier 08 = other identifier in plain text (agreed between the service provider and the bank) 09 = encrypted other identifier (agreed between the service provider and the bank)

14 The Finnish Bankers Association BANKS 31 December 2004 THE FINNISH BANKERS Museokatu 8 A/ Box 1009 FI-00100 Helsinki Phone +358 9 4056 1260 Fax +358 9 4056 1291 info@fba.fi www.fba.fi