S4S Security Header Level 2

To initiate the beginning of a secured area and to provide the parameters needed for authentication or encryption of a transaction set

Position: S4S-01 · Element: 1621 · Name: Security Version/Release Identifier Code · Type: Identifier (ID) · Requirement: Mandatory · Min: 6 · Max: 6 · Repeat: 1

Code indicating the version/release of the ASC X12 standard that is being used for this specific security structure. The version/release identified for this segment also applies to any corresponding trailer or security value segment. This version/release is independent of any other version/release identified in another security segment at the transaction set or functional group level. This version/release is independent of the version/release identified at the interchange or functional group level

Position: S4S-02 · Element: 990 · Name: Security Type Code · Type: Identifier (ID) · Requirement: Mandatory · Min: 2 · Max: 2 · Repeat: 1

Code identifying the security algorithms and methods applied for this level of interchange

If S4S02 is "AA", "BB", "AC", or "BC", then S4S05 is required.

If S4S02 is "BB", "EE", "AC", or "EC", then S4S08 is required.

If S4S02 is "CC" then S4S09 is required.

Position: S4S-03 · Element: 824 · Name: Security Originator Name · Type: String (AN) · Requirement: Mandatory · Min: 1 · Max: 64 · Repeat: 1

Unique designation (identity) of the cryptographic process that performs authentication or encryption on data to be interchanged, or originates a cryptographic service message Note: X9 has a minimum length of 4 characters for the security originator; no mechanism, or registration method is provided by X9 or X12 to guarantee the uniqueness of the identifier

X9 has a required minimum length of four characters for S4S03 (security originator). No mechanism, or registration method, is provided by X9 or X12 to guarantee uniqueness of the identifier.

Position: S4S-04 · Element: 825 · Name: Security Recipient Name · Type: String (AN) · Requirement: Optional · Min: 1 · Max: 64 · Repeat: 1

Unique designation (identity) of the cryptographic process that performs authentication or decryption on received data, or is the destination of a cryptographic service message Note: X9 has a minimum length of 4 characters for the security recipient; no mechanism, or registration method is provided by X9 or X12 to guarantee the uniqueness of the identifier

X9 has a required minimum length of four characters for S4S04 (security recipient). No mechanism, or registration method, is provided by X9 or X12 to guarantee uniqueness of the identifier.

Position: S4S-05 · Element: 991 · Name: Authentication Key Name · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 64 · Repeat: 1

Name of the key used for authentication; this name is mutually known to the security originator and the security recipient, is unique for this relationship, and is intended to allow the changing of the key from time to time Note: The special key name "0123456789ABCDEF" is reserved for the hexadecimal value 0123456789ABCDEF (i.e. a fixed non-secret value) to provide a well-known value for data integrity testing only)

P0506: If either S4S-05 or S4S-06 is present, then the other is required

In S4S05, the special name "01234567890ABCDEF" is reserved for the hexadecimal value 01234567890ABCDEF (i.e., a fixed, non-secret value) to provide a well-known value for data-integrity testing only.

Position: S4S-06 · Element: 992 · Name: Authentication Service Code · Type: Identifier (ID) · Requirement: Conditional · Min: 1 · Max: 1 · Repeat: 1

Code identifying authentication options

S4S-07 C050 Certificate Look-up Information Composite (composite) Optional 1

Position: 01 · Element: 1675 · Name: Look-up Value Protocol Code · Type: Identifier (ID) · Requirement: Mandatory · Min: 2 · Max: 2 · Repeat: -

Code specifying the protocol used to identify a certificate

Position: 02 · Element: 1570 · Name: Filter ID Code · Type: Identifier (ID) · Requirement: Mandatory · Min: 3 · Max: 3 · Repeat: -

Code specifying the type of filter used to convert data code values

Position: 03 · Element: 799 · Name: Version Identifier · Type: String (AN) · Requirement: Mandatory · Min: 1 · Max: 30 · Repeat: -

Revision level of a particular format, program, technique or algorithm

Position: 04 · Element: 1565 · Name: Look-up Value · Type: String (AN) · Requirement: Mandatory · Min: 1 · Max: 4,096 · Repeat: -

Value used to identify a certificate containing a public key

Position: 05 · Element: 1675 · Name: Look-up Value Protocol Code · Type: Identifier (ID) · Requirement: Conditional · Min: 2 · Max: 2 · Repeat: -

Code specifying the protocol used to identify a certificate

P05060708: If either C050-05, C050-06, C050-07 or C050-08 are present, then the others are required

Position: 06 · Element: 1570 · Name: Filter ID Code · Type: Identifier (ID) · Requirement: Conditional · Min: 3 · Max: 3 · Repeat: -

Code specifying the type of filter used to convert data code values

Position: 07 · Element: 799 · Name: Version Identifier · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 30 · Repeat: -

Revision level of a particular format, program, technique or algorithm

Position: 08 · Element: 1565 · Name: Look-up Value · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 4,096 · Repeat: -

Value used to identify a certificate containing a public key

Position: 09 · Element: 1675 · Name: Look-up Value Protocol Code · Type: Identifier (ID) · Requirement: Conditional · Min: 2 · Max: 2 · Repeat: -

Code specifying the protocol used to identify a certificate

P09101112: If either C050-09, C050-10, C050-11 or C050-12 are present, then the others are required

Position: 10 · Element: 1570 · Name: Filter ID Code · Type: Identifier (ID) · Requirement: Conditional · Min: 3 · Max: 3 · Repeat: -

Code specifying the type of filter used to convert data code values

Position: 11 · Element: 799 · Name: Version Identifier · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 30 · Repeat: -

Revision level of a particular format, program, technique or algorithm

Position: 12 · Element: 1565 · Name: Look-up Value · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 4,096 · Repeat: -

Value used to identify a certificate containing a public key

S4S-08 C031 Encryption Key Information Composite (composite) Conditional 1

Position: 01 · Element: 993 · Name: Encryption Key Name · Type: String (AN) · Requirement: Mandatory · Min: 1 · Max: 64 · Repeat: -

Name of the key used for encryption; this name is mutually known to the security originator and the security recipient, is unique for this relationship, and is intended to allow the changing of the key from time to time Note: If any of the optional fields are present, the Key Name should contain either "PUBLIC" if a public key is being used to encrypt the one-time key or the actual name of the asymmetric key-encrypting-key used to encrypt the one-time key.

Position: 02 · Element: 1564 · Name: Protocol ID Code · Type: Identifier (ID) · Requirement: Optional · Min: 3 · Max: 3 · Repeat: -

Code specifying protocol used to encrypt the session key

Position: 03 · Element: 1566 · Name: Keying Material · Type: String (AN) · Requirement: Optional · Min: 1 · Max: 512 · Repeat: -

Additional material required for decrypting the one-time key

Position: 04 · Element: 1567 · Name: One-time Encryption Key · Type: String (AN) · Requirement: Optional · Min: 1 · Max: 512 · Repeat: -

Hexadecimally filtered encrypted one-time key

S4S-09 C032 Encryption Service Information Composite (composite) Conditional 1

Position: 01 · Element: 994 · Name: Encryption Service Code · Type: Identifier (ID) · Requirement: Mandatory · Min: 1 · Max: 3 · Repeat: -

Codes specifying values representing options for encryption processing, including the use of compression and filtering; the code either defines the encryption mode and the transmission filter specification for filtering binary data into transmittable text or specifics that the following subelements define these values

Position: 02 · Element: 1568 · Name: Algorithm ID Code · Type: Identifier (ID) · Requirement: Optional · Min: 3 · Max: 3 · Repeat: -

Code identifying the algorithm used for encryption

Position: 03 · Element: 1569 · Name: Algorithm Mode of Operation Code · Type: Identifier (ID) · Requirement: Optional · Min: 3 · Max: 3 · Repeat: -

Code specifying the Mode of Operation of the Encryption Algorithm

Position: 04 · Element: 1570 · Name: Filter ID Code · Type: Identifier (ID) · Requirement: Conditional · Min: 3 · Max: 3 · Repeat: -

Code specifying the type of filter used to convert data code values

P0405: If either C032-04 or C032-05 is present, then the other is required

Position: 05 · Element: 799 · Name: Version Identifier · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 30 · Repeat: -

Revision level of a particular format, program, technique or algorithm

Position: 06 · Element: 1571 · Name: Compression ID Code · Type: Identifier (ID) · Requirement: Conditional · Min: 3 · Max: 3 · Repeat: -

Code identifying the type of Compression Used

P0607: If either C032-06 or C032-07 is present, then the other is required

Position: 07 · Element: 799 · Name: Version Identifier · Type: String (AN) · Requirement: Conditional · Min: 1 · Max: 30 · Repeat: -

Revision level of a particular format, program, technique or algorithm

Position: 08 · Element: 1704 · Name: Length of Initialization Vector · Type: Numeric (N) · Requirement: Optional · Min: 1 · Max: 3 · Repeat: -

Value indicating the length of the initialization vector contained

Position: S4S-10 · Element: 995 · Name: Length of Data · Type: Numeric (N) · Requirement: Conditional · Min: 1 · Max: 18 · Repeat: 1

Length of data is the number of character positions of the compressed or encrypted/filtered text; when data is plain text, this field shall be absent

Position: S4S-11 · Element: 1700 · Name: Transformed Data · Type: Binary (B) · Requirement: Conditional · Min: 1 · Max: ∞ · Repeat: 1

Binary or filtered data having one or more security policy options applied; transformed data may represent compressed, encrypted, or compressed and encrypted plaintext

The first set of characters in DE 1700, with a length defined by the C03208 value (DE 1704), is the initialization vector (IV). The IV is followed by a stream of data, whose length is equal to S4S10 minus C03208.