S2S Security Header Level 2

To initiate the beginning of a secured area and to provide the parameters needed for authentication or encryption of a transaction set

Position: S2S-01 · Element: 990 · Name: Security Type · Type: Identifier (ID) · Requirement: Mandatory · Min: 2 · Max: 2 · Repeat: -

Code identifying the security algorithms and methods employed for this level of interchange.

If S2S01 is ``AA'' or ``BB'', S2S04 is required.

If S2S01 is ``BB'' or ``EE'', S2S06 is required.

Position: S2S-02 · Element: 824 · Name: Security Originator Name · Type: String (AN) · Requirement: Mandatory · Min: 4 · Max: 16 · Repeat: -

Unique designation (identity) of the cryptographic entity that performs authentication or encryption on data to be interchanged, or originates a cryptographic service message. No mechanism, or registration method is provided by X9 or X12 to guarantee uniqueness of the identifier.

Position: S2S-03 · Element: 825 · Name: Security Recipient Name · Type: String (AN) · Requirement: Mandatory · Min: 4 · Max: 16 · Repeat: -

Unique designation (identity) of the cryptographic entity that performs authentication or decryption on received data or is the destination of a cryptographic service message. No mechanism, or registration method, is provided by X9 or X12 to guarantee the uniqueness of the identifier.

Position: S2S-04 · Element: 991 · Name: Authentication Key Name · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 16 · Repeat: -

Name of the key used for authentication. This name is mutually known to the security originator and the security recipient, is unique for this relationship, and allows a particular key to be specified.

P0405: If either S2S-04 or S2S-05 is present, then the other is required

Position: S2S-05 · Element: 992 · Name: Authentication Service Code · Type: Identifier (ID) · Requirement: Conditional · Min: 1 · Max: 1 · Repeat: -

Authentication option

Position: S2S-06 · Element: 993 · Name: Encryption Key Name · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 16 · Repeat: -

Name of the key used for encryption. This name is mutually known to the security originator and the security recipient, is unique for this relationship, and allows a particular key to be specified.

P06070809: If either S2S-06, S2S-07, S2S-08 or S2S-09 are present, then the others are required

Position: S2S-07 · Element: 994 · Name: Encryption Service Code · Type: Identifier (ID) · Requirement: Conditional · Min: 1 · Max: 3 · Repeat: -

Coded values representing options for encryption processing. The code defines the encryption mode and the transmission filter specification for filtering binary ciphertext data into transmittable text.

Position: S2S-08 · Element: 995 · Name: Length of Data (LOD) · Type: Numeric (N) · Requirement: Conditional · Min: 1 · Max: 18 · Repeat: -

Length of data is the number of character positions of the encrypted, filtered text.

Position: S2S-09 · Element: 996 · Name: Initialization Vector (IV) · Type: String (AN) · Requirement: Conditional · Min: 16 · Max: 16 · Repeat: -

The archival representation of a 64-bit value expressed in hexadecimal notation as 16 ASCII characters from the set of characters (0..9, A..F). The 64-bit value is used as a starting point for encryption of a data sequence to increase security by introducing cryptographic variance and to synchronize cryptographic equipment. A new IV shall be used for each message. The IV shall not be intentionally reused. The 64-bit binary value, not its ASCII hexadecimal representation, is used for the cryptographic process. In the interchange process, the resultant encrypted and filtered 64-bit IV is sent. The hexadecimal notation is the representation for archiving purposes. The IV shall be a random or pseudo-random number. When encrypted, the IV shall be decrypted using the Electronic Code Book (ECB) mode, and the same key that was used to encrypt the message.