ANSI X9.24-1 has just been updated. The standard is titled Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques. This new 2017 Edition is available from Document Center Inc. now. It replaces the previous 2009 Edition, which is now obsolete.
ANSI X9.24-1 provides retailers with information on using what are known as symmetric keys for transmitting financial information securely. Part 1, this document, specifically addresses symmetric techniques. Part 2 deals with asymmetric ones.
What function do these type of keys provide? While the protocols for the transmission of this type of data is publicly known, the key information is unique to each transaction. It is the use of the protective procedures and features of this standard and it’s partner publication that makes each transmittal secure.
This standard establishes the requirements and guidelines for managing keys securely. It also addresses application-level interoperability of your keying operations. It is intended to be used with two NIST protocols. The first is TDEA (Triple Data Encryption Algorithm) and the second is AES (Advanced Encryption Standard).
ANSI X9.24-1 can be used for any number of types of messages needing encryption. Some examples include ATM and POS systems (retail Point-of-Service) transactions.
The 48-page standard was developed with help from many of the premier financial organizations, including banks, credit card companies, and financial software providers. Many other technology companies also took part in this committee. And of course, RSA the Security Division of EMC — the company founded by the original encryption developers — also participated.
Why has the ANSI X9.24-1 been revised? First, it was reviewed as part of the required ANSI 5-year standards cycle. During this process, the document was significantly updated. Some items addressed in the new issue are updates for key management security requirements, the inclusion of AES algorithm use, and advances in hardware devices used to protect cryptographic keys. Also note, a Part 3 is in the works. It will have implementation details for TDES and AES DUKPT.
Now to get a copy of the new standard. Head to Document Center Inc.’s webstore at www.document-center.com. We are an authorized distributor of the X9 standards. Here is a direct link to the order page for the ANSI X9.24-1 for your convenience. Have further questions? Please contact us by phone (650-591-7600) or email (info@document-center.com). Our staff is happy to help you with your standards questions, requirements, and compliance needs. Make us your Standards Experts!