S2S Security Header Level 2

To initiate the beginning of a secured area and to provide the parameters needed for authentication or encryption of a transaction set

Position
Element
Name
Type
Requirement
Min
Max
Repeat
S2S-01
Security Type
Identifier (ID)
Mandatory
2
2
-
Code identifying the security algorithms and methods applied for this level of interchange
If S2S01 is "AA", "BB", "AC" or "BC", then S2S04 is required.
If S2S01 is "BB", "EE", "AC" or "EC", then S2S06 is required.
S2S-02
Security Originator Name
String (AN)
Mandatory
1
64
-
Unique designation (identity) of the cryptographic process that performs authentication or encryption on data to be interchanged, or originates a cryptographic service message Note: X9 has a minimum length of 4 characters for the security originator; no mechanism, or registration method is provided by X9 or X12 to guarantee the uniqueness of the identifier
X9 has a required minimum length of four characters for S2S02 (security originator). No mechanism, or registration method, is provided by X9 or X12 to guarantee uniqueness of the identifier.
S2S-03
Security Recipient Name
String (AN)
Optional
1
64
-
Unique designation (identity) of the cryptographic process that performs authentication or decryption on received data, or is the destination of a cryptographic service message Note: X9 has a minimum length of 4 characters for the security recipient; no mechanism, or registration method is provided by X9 or X12 to guarantee the uniqueness of the identifier
X9 has a required minimum length of four characters for S2S03 (security recipient). No mechanism, or registration method, is provided by X9 or X12 to guarantee uniqueness of the identifier.
S2S-04
Authentication Key Name
String (AN)
Conditional
1
64
-
Name of the key used for authentication; this name is mutually known to the security originator and the security recipient, is unique for this relationship, and is intended to allow the changing of the key from time to time Note: The special key name ``0123456789ABCDEF'' is reserved for the hexidecimal value 0123456789ABCDEF (i.e. a fixed non-secret value) to provide a well-known value for data integrity testing only)
P0405: If either S2S-04 or S2S-05 is present, then the other is required
In S2S04 the special name "01234567890ABCDEF" is reserved for the hexadecimal value 01234567890ABCDEF (i.e., a fixed nonsecret value) to provide a well-known value for data-integrity testing only.
S2S-05
Authentication Service Code
Identifier (ID)
Conditional
1
1
-
Authentication options
S2S-06
Encryption Key Information
Composite (composite)
Conditional
01
Encryption Key Name
String (AN)
Mandatory
1
64
-
Name of the key used for encryption; this name is mutually known to the security originator and the security recipient, is unique for this relationship, and is intended to allow the changing of the key from time to time Note: If any of the optional fields are present, the Key Name should contain either "PUBLIC" if a public key is being used to encrpyt the one-time key or the actual name of the asymmetric key-encrypting-key used to encrypt the one-time key.
02
Protocol ID
Identifier (ID)
Optional
3
3
-
Code specifying protocol used to encrypt the session key
03
Look-up Value
String (AN)
Optional
1
512
-
Value used to identify a certificate containing the public key used to encrypt the one-time key
04
Keying Material
String (AN)
Optional
1
512
-
Additional material required for decrypting the one-time key
05
One-time Encryption Key
String (AN)
Optional
1
512
-
Hexadecimally filtered encrypted one-time key
S2S-07
Encryption Service Information
Composite (composite)
Conditional
01
Encryption Service Code
Identifier (ID)
Mandatory
1
3
-
Coded values representing options for encryption processing, including the use of compression and filtering; the code either defines the encryption mode and the transmission filter specification for filtering binary data into transmittable text or specifics that the following subelements define these values
02
Algorithm ID
Identifier (ID)
Optional
3
3
-
Algorithm used for Encryption
03
Algorithm Mode of Operation
Identifier (ID)
Optional
3
3
-
Mode of Operation of the Encryption Algorithm
04
Filter ID Code
Identifier (ID)
Conditional
3
3
-
Code specifying the type of filter used to convert data code values
P0405: If either C032-04 or C032-05 is present, then the other is required
05
Version Identifier
String (AN)
Conditional
1
30
-
Revision level of a particular format, program, technique or algorithm
06
Compression ID
Identifier (ID)
Conditional
3
3
-
Type of Compression Used
P0607: If either C032-06 or C032-07 is present, then the other is required
07
Version Identifier
String (AN)
Conditional
1
30
-
Revision level of a particular format, program, technique or algorithm
S2S-08
Length of Data
Numeric (N)
Conditional
1
18
-
Length of data is the number of character positions of the compressed or encrypted/filtered text; when data is plain text, this field shall be absent
S2S-09
Initialization Vector
String (AN)
Conditional
16
16
-
The archival representation of a 64-bit value expressed in hexadecimal notation as 16 ASCII characters from the set of characters (0..9, A..F); the 64-bit value is used as a starting point for encryption of a data sequence to increase security by introducing cryptographic variance and to synchronize cryptographic equipment; a new Initialization Vector (IV) shall be used for each message; the IV shall not be intentionally reused; the 64-bit binary value, not its ASCII representation, is used for the cryptographic process; in the interchange process, the resultant encrypted and filtered 64-bit IV is sent; the hexadecimal notation is the representation for archiving purposes; the IV shall be a random or pseudo-random number; when encrypted, the IV must be decrypted using the Electronic Code Book (ECB) mode and the same key used to encrypt the message

Stedi is a registered trademark of Stedi, Inc. Stedi's EDI Reference is provided for marketing purposes and is free of charge. All names, logos, and brands of third parties listed on our site are trademarks of their respective owners (including “X12”, which is a trademark of X12 Incorporated). Stedi, Inc. and its products and services are not endorsed by, sponsored by, or affiliated with these third parties. Our use of these names, logos, and brands is for identification purposes only, and does not imply any such endorsement, sponsorship, or affiliation.