Export Import Control System (EICS)- Participant's Requirements Document

Communicating withEICS

Revision History

Version 2.1

  • Text corrections - 2004-01-13

Version 2.2

  • Narratives/Language ameliorated - 2006-09-01
  • Section 4 – all HTML links confirmed/updated
  • 4.1 – Technical Requirements (update to O/S) - 2006-09-01
  • 4.2 – Software Requirements (removed download) - 2006-09-01
  • 4.3.2 – Test EDI Email added - 2006-09-01
  • 4.3.4 – IE Security Settings expanded - 2006-09-01
  • 4.4.5 – PKI Encryption Certificates - 2006-09-01
  • 5.1 – Registration - reworded - 2006-09-01
  • Appendix A: DTD Version V2R2 for permit applications - 2006-08-09
  • Appendix B # 3 – Softwood Lumber Region Codes - 2006-08-09

Version 2.3

  • Section 4 – New Certificate Authority; MS Vista Issue - 2007-10-01
  • Section 4 – Updated MS Java patch; - 2007-10-01
  • Appendix B, #6 – Amended to match Format/Details on Appendix A, #1.1 Permit Delivery Target <General_Delivery_Target>
  • Appendix B, #14 – Updated List of Error Codes - 2008-04-30

Version 2.4

  • 5.2 Updated Hours of Operations, updated links, re-formatted for WCAG - 2012-03-16

Publication Details

Author: ITC-EICS Integrated Project Team

File Name: EICS-PRD-E002-2012.doc

1. Introduction

The Export Import Control System (EICS) offers a secure WEB interface and an Electronic Data Interchange (EDI) interface to support the application, approval, and processing of import/export permits. The system also features import/export quota management functionality.

This Participants Requirements Document (PRD) describes the preparations required for using the EICS. The purpose of this document is to assist CBSA-licensed Canadian customs brokers with their internal implementation for both the EDI and WEB interfaces.

The document includes a description of the data-flow for an EDI permit application (it does not provide the description for other EDI information such as cancel a request for permit). For each data element in the permit application it provides the following information — Name, Data type, Size/bytes, and format.

In addition to the data-flow information, this PRD provides the technical specifications (i.e. computer hardware, software, security) required by brokers to process a permit application.

Any queries or documentation requests should be directed to:

Trade Controls & Technical Barriers Bureau
Foreign Affairs and International Trade Canada
125 Sussex Drive
Ottawa, Ontario K1A 0G2
Attn: EICS Help Desk

Tel.: 613-944-1265
Toll-free: 1-877-808-8838
Fax: 613-992-9397
Email:eics.scei@international.gc.ca

2. The EICS WEB Interface

The EICS Web Interface allows for electronic transactions to be performed using a secure web application. Participants communicate over the Internet using a standard web browser (Microsoft Internet Explorer) augmented by security software. EICS features permit and quota management, as well as inquiry capabilities.

2.1 Web Overview Diagram

Web Overview Diagram

3. The EICS EDI Interface

The EDI interface/data flow is designed for Customs brokers who wish to use a business-to-business link for bulk transactions to the Export Import Control System. Interfacing via EDI allows brokers to build an electronic link between their existing system and the EICS, avoiding the re-entry of data.

EICS is currently restricted to permit application processing. Section 7 provides an overview of these transactions. Appendix A describes the content and structure of the information required for these transactions. Note that customs brokers who use EDI also require the Web Interface to perform non-EDI supported transactions.

3.1 EDI/ Data-flow Interface Overview

The EICS implementation of EDI is an asynchronous system where data from brokers is e-mailed in a secure fashion, is processed, and is returned by a secure e-mail method. The following diagram demonstrates this process.

Data is captured on a broker's existing system. This data is then transformed into an XML document (eXtended Markup Language) according to a specification determined by EICS. The resulting document is then signed and encrypted using Entrust encryption technology. This step ensures confidentiality and integrity of the data transmitted.

The encrypted file is then attached to an e-mail and sent to the appropriate e-mail address at DFAIT. The EICS application monitors this e-mail inbox and processes any valid XML documents. An acknowledgement XML is then formulated and encrypted and then returned to the broker system by the same method. Also encrypted and attached would be a "pdf" version of the permit itself, if the application satisfies the validation and approval steps.

The following flow chart illustrates the flow of a permit application through the EDI channel:

Data-flow from Participant

  • Participant
  • XML Format
  • Encryption & Signature
  • Email Attachment
  • EICS

Data-flow from EICS

  • EICS
  • Response in XML Format & Printable Electronic Permit(s)
  • Encryption & Signature
  • Email Attachment sent to Participant

4. Technical Requirements

4.1 Hardware / Operating System Requirements (as of January 2008)

For Web Participants:

The following lists the hardware requirements, based on IBM PC-compatible workstations, for communicating to the latest Release of EICS, for a Web interface participant.

Recommended

  • Pentium 4 – 2.4 Ghz with 512 MB RAM or above
  • Minimum screen setting: 800x600 pixels
  • Adequate Disk Storage for Caching – (1 - 2 gigabytes)
  • Windows XP SP2 *
  • High Speed Internet Connection (e.g. cable modem or ADSL)
  • Network connectivity – high speed opening onto internet through:
    • Port 389 TCP for LDAP (Certificate Revocation List (CRL) and directory access - PKI
    • Port 709 TCP for SEP (Certificate Authority (CA) access - PKI
    • Port 829 for PKCS – PKI
    • Port 80 outbound access using http

Neither this office nor Entrust support Microsoft Windows Vista or Windows 7.

For EDI Participants:

The following lists the hardware requirements for communicating to the latest Release of EICS, for an EDI participant. As EDI for each broker system will be a custom solution this listing depicts only a typical installation. Other solutions are equally viable.

Recommended

  • An IBM PC-compatible workstation
  • Adequate Disk Storage – (10-20 gigabytes)
  • Windows 2000 SP4 or Windows XP SP2
  • High Speed Internet Connection (e.g. cable modem or ADSL)
  • Network connectivity – high speed opening onto internet through:
    • Port 389 TCP for LDAP (Certificate Revocation List (CRL) and directory access - PKI
    • Port 709 TCP for SEP (Certificate Authority (CA) access – PKI
    • Port 829 for PKCS - PKI
  • SMTP (Simple Mail Transfer Protocol) mail service and mail client (e.g. Microsoft Outlook)

4.2 Software Requirements

EICS Web Interface - In order to access EICS via the web interface the following software is required:

  • Microsoft Internet Explorer
    • minimum version Internet Explorer 6 - Configured for signed content for JAVA with rights to write files;
    • maximum version Internet Explorer 7 on Windows XP
  • Microsoft Java Version 5.00.3809 or above
  • Also the Daylight Savings Time patch
  • Entrust™ Direct 6.0 – software and setup instructions available from the Export Import Controls Bureau, DFAIT, by email request to eics.scei@international.gc.ca
  • A current Entrust PKI Certificate obtained through the Export Import Controls Bureau, DFAIT
  • Adobe Acrobat Reader to read and print permits

EICS EDI Transmissions - Although each broker will require a custom solution, the software required for EDI consists of:

  • E-mail – Internet SMTP compatible
  • Entrust™ Toolkit API (available by email request to eics.scei@international.gc.ca)
    NOTE – the Entrust Toolkits are not supported by EICB, they are merely provided as a courtesy.
  • XML parser API (visit Microsoft Website - search for MSXML 3.0)
  • Any additional software components required to access broker systems
  • Adobe Acrobat Reader to read and print permits.

4.3 Other Technical Requirements

4.3.1 XML Protocol

XML is an extensible, tagged document specification that is machine and program language independent. A "well-formed' XML document conforms to its specification in a Data Type Definition (DTD) file. The XML document is self-regulating with most XML document readers and creation tools. EICS has created XML specifications for several actions to be performed by EDI:

  • Permit Application
  • Acknowledgement

Additional information on this topic may be obtained on W3C website.

4.3.2 Message Transport Protocol

The EICS relies upon Internet e-mail to deliver EDI transmissions between brokers and the system. Currently this is limited to one protocol due to its wide availability: SMTP. EICS receives messages on the DFAIT POP3 server and transmits messages using the DFAIT SMTP server.

The test EICS in-box for EDI is: instructional@eics-scei.gc.ca

The production EICS in-box is: edi@eics-scei.gc.ca

4.3.3 Message Encapsulation: MIME

Attachments to e-mails are to be binary MIME encoded. Other encapsulation methods are not be supported.

4.3.4 Internet Explorer Security Settings

The IE Security Settings are detailed in the EICS Setup document (see Section 4.2).

4.4 Security Requirements

4.4.1 Digital Signature Algorithm (for both WEB and EDI)
  • SHA1-RSA
4.4.2 Encryption Algorithm (for both WEB and EDI)
  • CAST-128
4.4.3 Security Message Encapsulation:(for EDI)
  • S\MIME PKCS7
4.4.4 Certificate Authorities (for both WEB and EDI)

The Certificate Authority for EICS PKI is the Government Shared Service (GSS) Certificate Authority (CA) (Entrust v.7), Public Works and Government Services Canada (PWGSC).

For Firewalls and/or proxy servers, your network teams MUST SPECIFY the following URLs for CA services:

Authority= ca-ac.gss-spg.gc.ca +829
Manager= ca-ac.gss-spg.gc.ca +709
Server= ldap.gss-spg.gc.ca +389

"Best Practice" is to also specify the entrust.ini to the EDI encryption program.

4.4.5 Certificate Structure - Distinguished Name (for EDI)

The PKI Certificate Distinguished Names for the EICS Production site's multiple servers encryption are:

Primary Encryption Certificate:

cn=ServerEICSprdEntrust1,
ou=DFAIT-MAECI,
ou=EXTERN,
o=GC,
c=CA

Alternate Encryption Certificate:

cn= ServerEICSEDIWEB1,
ou=DFAIT-MAECI,
ou=EXTERN,
o=GC,
c=CA

Alternate Encryption Certificate:

cn= ServerEICSEDIWEB2,
ou=DFAIT-MAECI,
ou=EXTERN,
o=GC,
c=CA

The Distinguished Name for the EICS Instructional site's server encryption is:

cn= ServerEICSEDIWEB1,
ou=DFAIT-MAECI,
ou=EXTERN,
o=GC,
c=CA

4.4.6 Time Synchronisation (for both WEB and EDI)

When using Public Key Interface (PKI) services, as is the case with the EICS web service, time synchronisation becomes important. If the system clocks of servers and workstations differ by more than five minutes, problems in utilising certificates may occur. EICS servers are being updated regularly to match the National Research Council (NRC) official time. For further information please visit the National Research Council Canada Website.

5. EICS Processes

5.1 Registration

5.1.1 Web

Users of the EICS web interface will be required to obtain a SAKMS PKI certificate prior to commencement, which requires a face-to-face meeting with a DFAIT representative. Setup and self-training documentation is furnished as the registration is processed. Practice with the EICS Instructional version is mandatory before graduating to the Production environment. At that point the system itself will provide the available functions such as applications for import and export permits.

5.1.2 EDI

A separate SAKMS PKI certificate is required for encryption. The registration process for EDI participants mandates that a sequence of readiness tests be completed successfully to allow brokers to verify their understanding of the information and format requirements. The tests will demonstrate:

  • Communication readiness;
  • XML format readiness;
  • Security / encryption readiness;
  • Data validation readiness; and
  • Full test simulation.

5.2 System Availability

Monday to Saturday, and Statutory Holidays: 4:00 a.m. to 11:55 p.m. ET

Sunday:4:00 a.m.to 11:30 p.m. ET

Note:During the hours of availability, temporary system unavailability may occur to conduct scheduledor emergency system maintenance.If system maintenance is required a broadcast message will be sent providing the details.

EICS Client Support Centre Hours of Operation are Monday to Friday, 07:30 a.m. -5:00 p.m. ET

5.3 Turnaround Time

The turnaround time for EDI transactions will be measured upon receipt at the DFAIT gateway. Permit applications that are routed to a departmental officer will require additional time.

Routed permit applications, both EDI and web, are reviewed by DFAIT officers and the decision is communicated via the web. Applicants will find a notification at the bottom right-hand corner of their EICS home page.

5.4 EICS Releases

The Bureau is developing a strategy for the release of EICS changes affecting participants. For the EDI interface, changes will be phased in based on a versioning technique directly related to the affected transaction types.

5.5 Error Handling

Under most circumstances, a reply is sent back to participants upon completed EDI processing. A reply cannot be sent if the message is not received, but there are scenarios where a reply will not be issued, such as incorrect or inappropriate EDI usage. Correction of errors in both EICS and EDI may be performed using a combination of retransmission as well as online web updates.

5.6 Data Transmission Problems

The Internet, in its present form, is not 100 percent reliable in the transmission of data. Although it occurs infrequently, e-mails are sometimes lost.

5.7 Problem Resolution

Technical difficulties experienced by users should be communicated to the EICS Call Centre:

Tel: 613-944-1265
Toll-free: 1-877-808-8838
Fax:613-992-9397
Email: eics.scei@international.gc.ca

The Client Services Centre will log the call, assign it a ticket number, and, if unable to resolve it, will escalate the problem.

Enquiries pertaining to business rules, etc., should be directed to the appropriate Section of the Trade Controls & Technical Barriers Bureau. Please see the Export and Import Controls website.

6. Data Rules and Guidelines

6.1 File Naming Conventions

Each EDI e-mail should contain one attachment. (Note that each attachment may contain up to a maximum of 10 permit applications). The filename should not contain blanks and should have the following naming format: nnn.xml.p7m (where nnn is a filename containing up to 255 characters. It cannot contain any of the following characters: \ / : * ? " < > |

In the reply e-mail from DFAIT, an acknowledgement attachment will be named as follows: nnn-R.xml.p7m (where nnn matches the originating filename above). If there are permits issued in the process, a set of printable files will be returned; one per permit. The names of these files will have the following format (xxx_yyy.pdf.p7m (where xxx is the DFAIT-assigned User Id and yyy is the Permit Number).

6.2 Identifiers

In general, EICS identifiers are composed entirely of integers (e.g. Permit ID). If an identifier differs from this standard, its precise format and layout will be documented in the Appendices.

6.3 Numeric Values

6.3.1 Signed Numbers

In cases where a plus or minus sign is appropriate, it should precede the digits as follows -xxxx or +xxx. Numbers are assumed positive if no sign is present.

6.3.2 Integers

EICS can accept integer values from –232 to +232. Individual field size restrictions may apply and are documented in the Appendices.

6.3.3 Decimal Numbers

Decimal numbers are not used within EICS.

6.3.4 Monetary Amounts

In EICS there are no pennies. Monetary amounts are to be entered without decimal points ".", thousands separators "," or dollar signs "$".

6.4 Dates

All dates in EICS are to be entered in the format: yyyy/mm/dd, e.g. 2000/08/31.

6.5 Telephone and Fax Numbers

EICS allows 15 characters to be entered. There is no standard format for telephone numbers given the wide range of possibilities to carry international country codes, extension numbers, etc. As such the following examples are all valid: 222-4444 (x55), 123-444-9999, 1-800-555-1212. A suggested format is as follows: 111-222-3333, where 111 is the area code.

6.6 Indicators

Bit-wise indicators are used for ‘yes', ‘no', ‘true' or ‘false'. 0 indicates false/no and 1 indicates true/yes.

6.7 Special Characters

For both the web and EDI interface the set of permissible characters is shown below. Note that for the EDI interface certain characters such as the angle brackets "<>" are normal and acceptable in the framework of the XML transmission file.

  • Ampersand: &
    Note: enter &#38; for EDI/XML
  • Asterisk: *
  • At sign: @
  • Comma: ,
  • Dash or minus sign: -
  • Digits: 0-9
  • Greater Than: >
    Note: enter &#62; for EDI/XML
  • Less Than: <
    Note: enter &#60; for EDI/XML
  • Lower case letters: a-z
  • Number sign: #
  • Parentheses: ()
  • Period: .
  • Plus sign: +
  • Question mark: ?
  • Single quote: ‘
  • Slash: /
  • Space:
  • Upper case letters: A-Z
  • Upper/lower French character set: é, ê, É etc.

7. EICS EDI message set

Following are the currently available EDI transactions. Each is equivalent to an existing function available via the web interface.

7.1 Permit Application

The Apply for Permit transaction provides for the submission and processing of an application for the import or export of goods. Each application may translate into more than one permit if there are more than three items per application.

7.2 Acknowledgement

This is a generic response message sent by EICS after receiving and processing a well-formed EDI attachment. If there are errors in processing, this file will provide feedback on the problem. Note that rejections due to malformed XML, encryption, and file attachment defects will not prompt for a response. If the transaction is successful, it also conveys this information via a response file. The acknowledgement of a successfully processed non-routed permit application will contain the system assigned permit identifier and a blank notify description.

7.3 Resend Request

This transaction will re-send an existing permit and an XML acknowledgement message. It has not been implemented at this time.

8. EICS Code tables

The following code tables are for use in populating certain EICS XML entries, such as the Country code.See Appendix B for the detailed list of code values.