Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANS X9.24 Overview.

Published byIrea Nelson Modified over 10 years ago

Similar presentations

Presentation on theme: "ANS X9.24 Overview."— Presentation transcript:

1 ANS X9.24 Overview

2 Overview ANS X Part 1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques FYI - Part 2 covers using asymmetric techniques What it covers How it compares to the key management model described in NIST SP , Recommendation for Key Management – Part 1: General (Revised)

3 High-level overview X9.24 Very focused on a particular application of symmetric key management A product of X9F6 - Cardholder Authentication and ICCs Working Group X9F6 focuses almost entirely on PIN security At least to date – X9.114 will extend to other sensitive transaction data Should watch this one SP A very broad and general document that covers a wide range of key management technologies and techniques

4 Applicability X9.24 Use is limited to the financial services industry and to the protection of sensitive financial information The “interchange environment” Widely followed by FIs Basically used for encrypting PINs SP Use nominally limited to US federal government, but many NIST documents become de facto standards for most of the world Including this one Provides basis for FIPS 140-2, et al.

5 Comparing content X9.24 Lacks a broad framework for general key management A very narrow and focused set of requirements to support creating and use of PINs No explicit states of keys listed SP A very broad framework Many requirements to choose from depending on application The familiar model of states

6 What X9.24 does describe Key management requirements (Section 7)
Key generation Use of TRSM Secure environment Key distribution Key utilization Key replacement Key destruction and archival

7 What X9.24 does describe Key management methods (Section 8)
Methods requiring compromise prevention controls Fixed transaction keys A hierarchy of master keys and transaction keys Methods requiring compromise detection controls Derived unique key per transaction (DUKPT) Key identification – one of these must be used Implicit key identification Key identification by name May (?) be of interest to OO group Security Management Information Data (SMID) Element Transport format Not actually required by the standard

8 Final thoughts on X9.24 No issues with SP , but there are compatibility issues with other NIST documents X9.24 uses a KDF that is not approved by NIST, so can’t be used in FIPS compliant mode X9.24 also generates symmetric keys from a KDF, which is also not allowed by FIPS 140-2 But, in general, we can assume that the key management states of X Part 1 are a subset of the states defined by SP

Download ppt "ANS X9.24 Overview."

Similar presentations

FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1.

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.

IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Fairmount Partners  Independent investment banking partnership based in suburban Philadelphia  Focused on the needs of owner-managed, middle-market companies.

Fairmount Partners  Independent investment banking partnership based in suburban Philadelphia  Focused on the needs of owner-managed, middle-market companies.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo Email: houmb AT sdu.edu.cn Office: Information Security Research Group.

Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
1 1 PAIIWG++ Meeting #1 William I. MacGregor National Institute of Standards and Technology 16 Sep 2008.

1 1 PAIIWG++ Meeting #1 William I. MacGregor National Institute of Standards and Technology 16 Sep 2008.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google