LAU keys

Local authentication (LAU) keys are used to:
Authenticate messages that are transferred between the FTM SWIFT FIN service and an SAG
Local authentication (LAU) keys can be used to authenticate messages passed between the FIN service and an SAG. Configure a CO of type DnfLAUKeyMP for each LAU key that is used by one or more message partners of the SAG as described in Configuring a LAU key to be used by a message partner. For example, if six message partners of an SAG use the same LAU key value, configure a single LAU key for all of these message partners.
Authenticate messages that are transferred between the FTM SWIFT MSIF transfer services and an SAG
Local authentication (LAU) keys can be used to authenticate messages passed between the MSIF services and an SAG. Configure a CO of type DnfLAUKeyMP for each LAU key that is used by one or more message partners of the SAG as described in Configuring a LAU key to be used by a message partner. For example, if six message partners of an SAG use the same LAU key value, configure a single LAU key for all of these message partners.
Authenticate messages that are transferred between the FTM SWIFT signature reverification service and an SAG
For more information about signature verification see Signature verification.
Authenticate relationship management (RM) data while it is being imported or exported
Local authentication keys are used to ensure the integrity of the distribution files exported to or imported from a relationship management application (RMA). To do this, for each LAU key that is used by an RMA, configure a CO of type DnfLAUKeyRM as described in Configuring a LAU key to secure RM data. When you import or export authorisations, you specify the name of this CO, and the files are accepted only if its LAU key matches the value used by the RMA.

When FTM SWIFT sends a message to the message partner, it calculates a local message authentication code (LMAC). The SAG verifies this code before accepting the message for processing. When a message partner passes a message to FTM SWIFT, this processing is done in the reverse order: the SAG calculates the LMAC, and FTM SWIFT verifies it before processing the message.

Each LAU key has an expiry date. The expiry date of a LAU key is a certain number of days, called the validity period, after the date that the LAU key was last changed. To extend the expiry date of a LAU key, change the attributes of its corresponding CO.

Each time the message flow DNF_R_EXP is started, and every 24 hours after that, FTM SWIFT checks whether any configured LAU keys are near or have exceeded their expiry dates and, if so, issues event messages that indicate the names of these LAU keys. The number of days before the expiration date that a warning event is issued for a LAU key is called the notification period.

The validity and notification periods apply to all the LAU keys of an instance. The default values are:
  • Validity period: 730 days
  • Notification period: 10 days

How to configure LAU keys and how to change the validity and notification periods is described in Configuring LAU keys.