Netlink TestLabsLAU – Local Authentication

LAU – Local Authentication


LAU is the mechanism introduced by Swift to enhance security between back office systems which are sending messages to Swift Interfaces such as SAA ( Swift Alliance Access ) , AMH ( Alliance Message Hub ), BOX ( Intercope ) etc. Official text from Swift CSP Guidelines :

“LAU is the mechanism that provides integrity and authentication of files exchanged between applications. Local Authentication requires that the sending and receiving entity use the same key to compute a Local Authentication file signature.”


“The data exchange or end-to-end flow between the back-office first hop and the component in the secure zone must be considered and assessed globally as several methods of protection can be combined. For instance, LAU can be set between the back-office first hop and the component in the secure zone (through for instance a bilateral key) to support authentication and integrity of the data, while the various segments in the flow are protected through a secure protocol covering confidentiality and integrity of the data while it is in transit”

LAU helps to prevent unauthorized tampering of messages which are sent from back office applications to the Swift network by placing an encryption has value inside the message based on a left and right encryption key, which only the back-office and the Swift interfaces have access to. The theory is that any ‘fraudulent’ application would not have access to this ‘key.


LAU can apply to MT RJE format, MX XMLV2, FileAct message types.


There is considerable and complex low level details on subject of LAU – but some items to consider in terms of applicability

  • HMAC
  • HMAC256
  • GCM
  • PKI
  • AES256-GCM