2 System Configurations

Below are the changes introduced for the Norwegian Fiscal Enhancements in order to meet the requirements specified by the Norwegian Tax Authority.

Company Details

You must set up the Company entities for the company information to be shown on the report.

Figure 2-1 Company Entities Setup

1. Login to the Administration module and select Administration, System Setup.

2. Select Company Entities Setup and enter the value for two new entities as follows:

   • Organization number: Organization number from Register Centre or other relevant government authority.

   • VAT registration number: The Company’s VAT number. This is the unique number from Register Centre.

Printer Configuration

A printer set up in need in order to print the required receipts such as Sales Receipt, Delivery Receipt and Return Receipts.

1. From the Management module, Options, select the Hardware menu.

2. Select Report Printers as Receipts and choose the printer from the drop-down list.

3. Click Apply to save and exit the configuration screen.

Predefined Code Mapping

In Norwegian E-Journal Report, it is necessary to display standard predefined code instead of a system code. For example, standard predefined code for VAT rate and main department, therefore code mapping between standard predefined code and system code is required. The Predefined Code Mapping button is enabled when the PAR Use Norwegian Fiscal Requirements is enabled, and user has the authorization to access this function.

To map the standard predefined code with system code, login to Administration module and click the Administration, System Codes button, then the Predefined Code Mapping at the top menu.

Standard Predefined Code 04 — Article Group/Department Codes

Figure 2-2 Sample Predefined Article Group

This code is used to configure the system debit department code. In below screen example, the system debit department code 2003 for food is mapped to standard predefined code 04 and predefined ID 04006.

On the report, this standard predefined code is displayed in <basicType> and <predefinedBasicID> under <basics> element.

Standard Predefined Code 11 – Transaction Codes

This code is used to configure the system transaction code. The payment transaction code SALES is mapped to standard predefined code 11 and predefined ID 11004 as shown in below figure.

Figure 2-3 Sample Predefined Transaction Codes

There are two categories of transaction code in the system:

Transaction code for Point-of-Sales (POS) record. This is displayed in <lineType> under <ctLine> element on report. There are five types of transaction code for POS record. You must follow the exact system transaction code per below and configure it into user interface to avoid unmapped data and incorrect information being displayed.

• POST (add posting)

• SALES (payment)

• REFUND (return payment)

• DIS (discount)

• VOID (void posting)

Transaction code for receipt type. This is displayed in <transType> under <cashtransaction> element on report. There are four types of transaction code for receipt type. You must follow the exact system transaction code below to configure into user interface.

• SALES (Sales Receipt)

• RETURN (Return Receipt)

• PROFORMA (Pro Forma Receipt)

• DELIVERY (Delivery Receipt)

Standard Predefined Code 12 — Payment Codes

Figure 2-4 Sample Predefined Payment Codes

This code is used to configure system credit department code or payment code. In below example, the credit department code 9001 for cash is mapped to standard predefined code 12 and predefined ID 12001.

This is displayed in<basicType> and <predefinedBasicID> under <basics> element on report.

Standard Predefined Code 13 — Event Codes

Figure 2-5 Sample Predefined Event Codes

This code is used to configure system event code. In below example, the system event code LOAD for application starting is mapped to standard predefined code 13 and predefined ID 13001.

This is displayed in <event> under <cashregister> element on report.

Standard Predefined Code 99 – Standard VAT Codes

Figure 2-6 Sample Predefined VAT Codes

This code is used to configure system VAT code. In below example, the system VAT code VAT1 is mapped to standard predefined code 99 and predefined ID 32.

This is displayed in <standardVatCode> under <vatCodeDetails> element on report.

Key Pair Management for Digital Signature

Norwegian Tax Authority mandates that sales transactions MUST be digitally signed. Norwegian Tax Authority has chosen the cryptographic function: RSA-SHA1-1024, based on the asymmetric encryption where a key pair of private key and public key is required.

To perform key management, the key pair can be self-generated and self-signed. This means the key pair can be generated from ANY machine and anywhere. The public key submitted to the Norwegian Tax Authority signifies the valid key pair recognized by the Norwegian Tax Authority. For each Cruise Operator, one key pair is sufficient regardless of the number of the Sales Registers used. Cruise Operator shall be FULLY responsible for the generation and management of the key pairs.

For Norwegian Tax Authority audit purpose, the Cruise Operator is responsible in submitting the key pair of the public key used in digital signing. When the key expires or breached, the Cruise Operator must re-generate a new key pair and updates the new key pair in SPMS. The new public key shall be resubmitted to the Norwegian Tax Authority.

See Digital Certificate Requirement.

Creating Self-signed Certificate

Listed below are the tools that you can use to generate a self-signed certificate.

1. Using the OpenSSL libraries.

2. Using the MakeCert.exe tool distributed in the Windows SDK.

3. Using the PowerShell pkiclient cmdlet.

Open SSL

This method is recommended if you work with multiple platforms (Linux, Mac, Windows, etc.). OpenSSL can be installed on most of the OS’s.

Download and install the OpenSSL toolkit from: https://www.openssl.org/.

MakeCert

This method is recommended if the target machine is Windows 10 and Windows Server 2012. Download and install the Windows 10 SDK from: https://developer.microsoft.com/en-us/windows/downloads/sdk-archive.

Start the installation and choose the option as shown in below figure.

Figure 2-7 Windows Software Development Kit Options

This example creates a self-signed certificate for the purpose of digital signing and that would be stored in the Windows Certificate Store “cert: \LocalMachine\My”. Right-click the Command prompt and select to run in Administrator mode, and run the command below.

cd "C:\Program Files (x86)\Windows Kits\8.0\bin\x86"
MakeCert -a <name> -len 1024 -n "CN=< CERTIFICATE NAME>" -pe -r -sky Signature -sr LocalMachine -ss My

This generates a new key pair for RSA-SHA1-1024 cryptographic function with the certificate subject being set as the name defined in <CERTIFICATE NAME>.

• The "-pe" option allows the private key to be exportable. You need this as the key pair will be used by each Sales Register.

• The "-r" option creates a self-signed certificate.

• The "-sky Signature" option indicates that this key pair is meant for digital signing.

• The "-sr LocalMachine" option makes the Windows to store the key pair under the HKEY_LOCAL_MACHINE registry location certificate store.

• The "-ss My" option is the name of the certificate store that stores the generated certificate that contains the key pair.

PowerShell New SelfSigned Certificate cmdlet

This method is recommended if the target machine is Windows 10 and Windows Server 2016. The function and storage of the certificate for this tool is similar to MakeCert. Right-click the PowerShell prompt and select Run in Administrator mode, and then run the command below.

New-SelfSignedCertificate -CertStoreLocation "cert:\LocalMachine\My" -Subject <"Certifate Name"> -HashAlgorithm SHA1 -KeyAlgorithm RSA -KeyLength 1024 -KeyExportPolicy Exportable -KeySpec Signature -KeyUsage CertSign -Type CodeSigningCert -NotAfter $([datetime]::now.AddYears(5))

Export Self-signed Certificate

After generating the digital signing certificate, you will need to distribute the certificate to whichever machine that performs digital signing task. As the certificate contains private key, you will need to provide a password to secure the file after the certificate is exported to the local file system. You are responsible in safeguarding the certificate along with the password used to lock it. The steps below will guide you on how to export the digital signing certificate to a password secured PFX file.

1. At the Search Windows prompt, type in Manage computer certificates to open the "certlm" console.

2. At the tree view on the left panel, expand the Personal folder under "Certificates - Local Computer, and then click the Certificates folder.

3. At the Certificates folder, look for the certificate issued to "Cruise Digital Signature" on the right panel.

   Figure 2-8 Certificates Repository on Local Computer

   
   
   

4. Double-click to open the certificate and ensure it contain the private key. You should see the golden key icon with message "You have a private key that corresponds to this certificate" under General tab.

5. Right-click the certificate on the right panel. You shall see a prompt.

6. Choose All Tasks, then click Export to launch the Certificate Export Wizard.

7. Click the Next button to continue.

8. At the Export Private Key screen, select the Yes, export the private key radio button option, and click the Next button.

9. Key in a password to secure and prevent users from opening the PFX certificate.

   Important:

   The Cruise Operator is responsible in remembering the password used.

10. Choose the location of the file to export and the click the Next button again.

11. Click the Finish button and now, you should have the PFX certificate located in the export location selected.

Import Key Pair

Before you import the key pair, ensure that you have a PFX certificate available on the machine and the certificate password. To import, follow the steps below.

1. Repeat steps 1 to 2 of Export Self-signed Certificate.

2. Right-click on the Certificate folder and select All Tasks, then Import... to start the Certificate Import Wizard.

3. Click the Next button to continue.

4. At the File to Import screen, browse the location of the PFX file to import and the click the Next button again.

5. Key in the password to unlock the PFX certificate. Do not select the "Mark this key as exportable." option. This is to ensure maximum confidentiality.

6. Click the Next button and then click the Finish button. Now, you should have the key pair saved in the Windows certificate store.

Managing the Key Version in SPMS

Although the key pair is stored in the Windows certificate store, SPMS will need to manage the key version. Every new key pair used in SPMS will be recorded in KEY table of SPMS schema.

1. Login to OHC Tools module.

2. At the ribbon bar, click the Update Cert ThumbPrint.

3. At the Digital Signing Certificate window, click Detect for program to look up the certificate name < CERTIFICATE NAME>" and obtain the ThumbPrint of the public key.

   Figure 2-9 Digital Signing Cert Thumbprint Updater

   
   
   

4. Click Update to store the key into the KEY table.

Export Public Key

Norwegian Tax Authority requires the public key in order to audit the digitally signed sales transactions. As a requirement, Cruise Operator MUST be able to provide the public key in the form of base64 encoded X.509 certificate.

1. Repeat steps 1 to 7 of Export Self-signed Certificate.

2. Select the “No, do not export the private key” radio button and then, click the Next button.

3. Select the "Base-64 encoded X.509 (.CER)" radio button and then, click the Next button.

4. Choose the location of the file to export and the click Next button again.

5. Click the Finish button and now, you should have the CER certificate located in the export location selected.

With the base64 encoded CER certificate, you can now submit the public key to the Norwegian Tax Authority.