The MAC (Message Authenticator Code) code is a kind of hash total calculated on the entire content of an object. It uses a proprietary algorithm that creates a 32 bit MAC code, applying a sequence of permutations and substitutions on groups of 8 bytes and using the the result as cipher as seed for the next 8 bytes. The DES method is similar, but was not used due to licensing issues.
It provides a protection of files and records, as both the algorithm and the initial seed are secret. The application calculates a MAC code every time it stores an external object (typically an XML/ASCII file) and saves the MAC code either in the object (in the last line) or in a database record related to the object. Each time the application accesses the object for further processing (including the sending out of a message) it recalculates the MAC code and compares it to the saved MAC code. If they are different, obviously the object was tampered with by an outside source. The object is not further processed and a warning is sent to the operator. Anyone who would purposely try to tamper with the object would not be able to calculate the MAC code (using the modified object) and replace the original one, unless they know both the algorithm and the initial seed.
In this application the MAC code is applied to .INI files, Frames (*.TR* and *.FR* ) and all correspondence files (DATA\DOCS for which an SMH record exists). The MAC is currently not used for other intermediate files (like files in BIMDATA or DISPLAY files).
Since about March 2001 the server version of TradeDesign is able to store all bulk data files (all files stored in subdirectories of DATA) as well as INI files in the database. This feature will NOT be made available for the fat client version. The MAC protection would still be applied to these objects in that case, even though they are under database security.
An extension of TradeDesign to replace the MAC algorithm with an algorithm chosen by the bank would be possible, if it is supplied as DLL/shared library returning a 32 bit MAC. If a bank insists on using another algorithm, we can offer to supply a simple call interface to a block cipher algorithm that could be used underneath the TradeDesign MAC generation.
It would also be possible to make the MACing routine available to the bank so it could be applied to the interfaces. Using that we could add a MAC codes to outgoing files, and the bank's receiving interface could then verify the correctness of the MAC codes upon receipt.