Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ANS X9.24 Overview. 2 Overview ANS X9.24-2004 Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part.

Similar presentations


Presentation on theme: "1 ANS X9.24 Overview. 2 Overview ANS X9.24-2004 Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part."— Presentation transcript:

1 1 ANS X9.24 Overview

2 2 Overview ANS X9.24-2004 Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part 2 covers using asymmetric techniques What it covers How it compares to the key management model described in NIST SP 800-57, Recommendation for Key Management – Part 1: General (Revised)

3 3 High-level overview X9.24 Very focused on a particular application of symmetric key management A product of X9F6 - Cardholder Authentication and ICCs Working Group X9F6 focuses almost entirely on PIN security At least to date – X9.114 will extend to other sensitive transaction data Should watch this one SP 800-57 A very broad and general document that covers a wide range of key management technologies and techniques

4 4 Applicability X9.24 Use is limited to the financial services industry and to the protection of sensitive financial information The interchange environment Widely followed by FIs Basically used for encrypting PINs SP 800-57 Use nominally limited to US federal government, but many NIST documents become de facto standards for most of the world Including this one Provides basis for FIPS 140- 2, et al.

5 5 Comparing content X9.24 Lacks a broad framework for general key management A very narrow and focused set of requirements to support creating and use of PINs No explicit states of keys listed SP 800-57 A very broad framework Many requirements to choose from depending on application The familiar model of states

6 6 What X9.24 does describe Key management requirements (Section 7) Key generation Use of TRSM Secure environment Key distribution Key utilization Key replacement Key destruction and archival

7 7 What X9.24 does describe Key management methods (Section 8) Methods requiring compromise prevention controls Fixed transaction keys A hierarchy of master keys and transaction keys Methods requiring compromise detection controls Derived unique key per transaction (DUKPT) Key identification – one of these must be used Implicit key identification Key identification by name May (?) be of interest to OO group Security Management Information Data (SMID) Element Transport format Not actually required by the standard May (?) be of interest to OO group

8 8 Final thoughts on X9.24 No issues with SP 800-57, but there are compatibility issues with other NIST documents X9.24 uses a KDF that is not approved by NIST, so cant be used in FIPS 140-2 compliant mode X9.24 also generates symmetric keys from a KDF, which is also not allowed by FIPS 140-2 But, in general, we can assume that the key management states of X9.24-2004 Part 1 are a subset of the states defined by SP 800-57


Download ppt "1 ANS X9.24 Overview. 2 Overview ANS X9.24-2004 Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part."

Similar presentations


Ads by Google