S2S Security Header Level 2

To initiate the beginning of a secured area and to provide the parameters needed for authentication or encryption of a transaction set

Position
Element
Name
Type
Requirement
Min
Max
Repeat
S2S-01
Security Type
Identifier (ID)
Mandatory
2
2
-
Code identifying the security algorithms and methods employed for this level of interchange.
If S2S01 is ``AA'' or ``BB'', S2S04 is required.
If S2S01 is ``BB'' or ``EE'', S2S06 is required.
S2S-02
Security Originator Name
String (AN)
Mandatory
4
16
-
Unique designation (identity) of the cryptographic entity that performs authentication or encryption on data to be interchanged, or originates a cryptographic service message. No mechanism, or registration method is provided by X9 or X12 to guarantee uniqueness of the identifier.
S2S-03
Security Recipient Name
String (AN)
Mandatory
4
16
-
Unique designation (identity) of the cryptographic entity that performs authentication or decryption on received data or is the destination of a cryptographic service message. No mechanism, or registration method, is provided by X9 or X12 to guarantee the uniqueness of the identifier.
S2S-04
Authentication Key Name
String (AN)
Conditional
1
16
-
Name of the key used for authentication. This name is mutually known to the security originator and the security recipient, is unique for this relationship, and allows a particular key to be specified.
P0405: If either S2S-04 or S2S-05 is present, then the other is required
S2S-05
Authentication Service Code
Identifier (ID)
Conditional
1
1
-
Authentication option
S2S-06
Encryption Key Name
String (AN)
Conditional
1
16
-
Name of the key used for encryption. This name is mutually known to the security originator and the security recipient, is unique for this relationship, and allows a particular key to be specified.
P06070809: If either S2S-06, S2S-07, S2S-08 or S2S-09 are present, then the others are required
S2S-07
Encryption Service Code
Identifier (ID)
Conditional
1
3
-
Coded values representing options for encryption processing. The code defines the encryption mode and the transmission filter specification for filtering binary ciphertext data into transmittable text.
S2S-08
Length of Data (LOD)
Numeric (N)
Conditional
1
18
-
Length of data is the number of character positions of the encrypted, filtered text.
S2S-09
Initialization Vector (IV)
String (AN)
Conditional
16
16
-
The archival representation of a 64-bit value expressed in hexadecimal notation as 16 ASCII characters from the set of characters (0..9, A..F). The 64-bit value is used as a starting point for encryption of a data sequence to increase security by introducing cryptographic variance and to synchronize cryptographic equipment. A new IV shall be used for each message. The IV shall not be intentionally reused. The 64-bit binary value, not its ASCII hexadecimal representation, is used for the cryptographic process. In the interchange process, the resultant encrypted and filtered 64-bit IV is sent. The hexadecimal notation is the representation for archiving purposes. The IV shall be a random or pseudo-random number. When encrypted, the IV shall be decrypted using the Electronic Code Book (ECB) mode, and the same key that was used to encrypt the message.

Stedi is a registered trademark of Stedi, Inc. Stedi's EDI Reference is provided for marketing purposes and is free of charge. All names, logos, and brands of third parties listed on our site are trademarks of their respective owners (including “X12”, which is a trademark of X12 Incorporated). Stedi, Inc. and its products and services are not endorsed by, sponsored by, or affiliated with these third parties. Our use of these names, logos, and brands is for identification purposes only, and does not imply any such endorsement, sponsorship, or affiliation.