Loading

Infrastructure

CCASS/3 (Central Clearing And Settlement System) is

  • built on an open, robust, secure and flexible modularised architecture with full fledged services that meets the business needs of market participants
  • designed to provide efficient and dynamic clearing and settlement by adhering to international standards for securities messages
  • providing interactive communication with market participants through a standard message-based application programming interface.

CCASS Overview1

The middle-tier between participant terminals and CCASS/3 Host supports access methods, such as web interface and Application Program Interface (API). Security servers and Lightweight Directory Access Protocol (LDAP) servers are employed to provide a centralised authentication and authorisation service for controlling participant access.

The Securities and Derivatives Network (SDNet) is a robust and high efficiency closed user group network based on Optical Ethernet technology. It adopts the TCP/IP protocols with high security protection by means of firewall and intrusion detection system.

Participants can access the CCASS/3 system through two channels:

  • CCASS/3 Terminal
  • Participant Gateway

Updated 31 Aug 2020

CCASS /3 Terminal

Participants can access CCASS/3 through a browser-based terminal called the CCASS/3 Terminal (C3T).

  • C3T uses market standard Internet technology. Any PC running HKEX supported versions of Microsoft Windows, Internet Explorer and Java Runtime Environment can access C3T
  • All participant functions will be provided with an HTML (windows) based presentation
  • The standard graphical user interface will provide a user-friendly interface and will reduce training needs for participants.

Log on to Client Connect to access the CCASS/3 installation procedures and Terminal User Guide

 

Updated 31 Aug 2020

Connectivity

SDNet/1 was first launched in 2005 and followed by the upgrade to SDNet/2 in 2012. SDNet/2 is designed for high resilience, higher bandwidth options and lowered network round-trip latency, and SDNet/2 is being supported by multiple carriers, known as Accredited Vendors. 


 

 

HKT

HGC *

WTT

Ordering, Billing and General Enquiry

Phone

 

2888-2929 (or dedicated Account Manager)

 

8196-1238

 

 

2112-9000 (Ordering)

 

121-388 (Billing and General Enquiry)

Email

sdnet@pccw.com

or email to dedicated Account Manager

sdnet_hotline@hgc.com.hk

sdnet@wtthk.com

Service Hours

Monday – Friday: 9:00 – 18:00

Saturday: 9:00 – 13:00

(except Public Holidays)

24-hour Technical Support/Fault Reporting

Phone

2888-8808

2121-1238

121-388

Email

sdnet_support@pccw.com

sdnet_support@hgc.com.hk

sdnet_support@wtthk.com

*HGC will cease to be a SDNet/2 Accredited Vendor effective from 1st May 2020.

 

HKEX Technical Support Email: sdnet@hkex.com.hk

Log on to Client Connect to learn more about the installation guidelines, price, technical specifications and service level of SDNet/2.

 

Updated 31 Aug 2020

Participant Gateway

Participant Gateway (PG) is a technical device to provide an access point through which a Participant Supplied System (PSS) can access CCASS/3.

In order to reduce the development efforts of participants, Java-based application programming interfaces are provided to participants’ PSS to communicate with CCASS/3 through the PG. The application program is a custom-built Java library that will assist the connection and handle all the subsequent message interactions between participants’ back office system and CCASS/3 Host.

Hypertext Transfer Protocol Secure (HTTPS) is used for communication between PG and CCASS/3 middle tier. Socket is the communication method between PG and PSS. The message format follows the industrial standards ISO 15022.

Network Communication Layer

The SDNet will ensure the reliable transmission of input between the user device and the host. The network will control the transmission of all information within the CCASS/3 system and will help to achieve the shortest possible response time even at the highest data through-put rates, ensuring fast and efficient clearing and settlement services at all times.

Security Measures

Security is a primary concern in the system design of CCASS/3. The following security measures are employed in CCASS/3 to ensure confidentiality and security:

Security measures

Details

Pre-defined User Group Authority

All participant functions are grouped into a member of user groups. The availability of user groups for participants is pre-defined by the system. CCASS/3 allows the delegation of administrative privileges to organisational administrators, allowing them to manage user privileges and benefits within their organisations.

CCASS/3 Terminal Level

Access to the CCASS/3 Terminal is authenticated by a smartcard as the security token using digital certificate X.509 format.

Message Level

Encryption is implemented through standard browser functions, using 128-bit Secure Sockets Layer (SSL) key to prevent transactions from being exposed to eavesdropping, tampering or message forgery risks.

Participant Gateway Level

As with the CCASS/3 Terminal and message level of security, access to PG is also authenticated by smartcard and all data exchange between the PG and CCASS/3 Host are encrypted using 128-bits SSL keys.

Network Level

Firewalls, routers and intrusion detection devices are used to protect the CCASS/3 network from unauthorised access through the public internet.

 

Log on to Client Connect to learn more about the PG acquisition documents, end-to-end test package, messaging specifications and charges involved.

 

Updated 31 Aug 2020

Register for Client Connect

Click here to learn more about Client Connect. If you have not signed up for Client Connect, please register by submitting the completed on-boarding form.

 

Updated 31 Aug 2020