Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANS X9.24 Overview.

Similar presentations

Presentation on theme: "ANS X9.24 Overview."— Presentation transcript:

1 ANS X9.24 Overview

2 Overview ANS X Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part 2 covers using asymmetric techniques What it covers How it compares to the key management model described in NIST SP , Recommendation for Key Management – Part 1: General (Revised)

3 High-level overview X9.24 Very focused on a particular application of symmetric key management A product of X9F6 - Cardholder Authentication and ICCs Working Group X9F6 focuses almost entirely on PIN security At least to date – X9.114 will extend to other sensitive transaction data Should watch this one SP A very broad and general document that covers a wide range of key management technologies and techniques

4 Applicability X9.24 Use is limited to the financial services industry and to the protection of sensitive financial information The “interchange environment” Widely followed by FIs Basically used for encrypting PINs SP Use nominally limited to US federal government, but many NIST documents become de facto standards for most of the world Including this one Provides basis for FIPS 140-2, et al.

5 Comparing content X9.24 Lacks a broad framework for general key management A very narrow and focused set of requirements to support creating and use of PINs No explicit states of keys listed SP A very broad framework Many requirements to choose from depending on application The familiar model of states

6 What X9.24 does describe Key management requirements (Section 7)
Key generation Use of TRSM Secure environment Key distribution Key utilization Key replacement Key destruction and archival

7 What X9.24 does describe Key management methods (Section 8)
Methods requiring compromise prevention controls Fixed transaction keys A hierarchy of master keys and transaction keys Methods requiring compromise detection controls Derived unique key per transaction (DUKPT) Key identification – one of these must be used Implicit key identification Key identification by name May (?) be of interest to OO group Security Management Information Data (SMID) Element Transport format Not actually required by the standard

8 Final thoughts on X9.24 No issues with SP , but there are compatibility issues with other NIST documents X9.24 uses a KDF that is not approved by NIST, so can’t be used in FIPS compliant mode X9.24 also generates symmetric keys from a KDF, which is also not allowed by FIPS 140-2 But, in general, we can assume that the key management states of X Part 1 are a subset of the states defined by SP

Download ppt "ANS X9.24 Overview."

Similar presentations

Ads by Google