The ANSI X9.24-1-2017 standard defines the requirements for the loading of key components or shares, and the loading of cleartext keys. The loading of encrypted keys is described in other parts of the standard.
As a minimal requirement, it must be impossible for anyone to reconstruct, even partially, the final key during a key loading process.
ANSI X9.24-1-2017 requires that key loading is recorded in logs, using a specific format. A key identifier is required to name the key, among other things.
Loading Key Components or Shares
ANSI X9.24-1-2017 requires verification of the integrity of the system that will be used to receive the key to be loaded, prior to loading the key. The container system that receives the key (key loader, SCD, storage media, and TEA bags, etc.) must be given only to authorized personnel. This means that under no circumstances should the container ever be transported by an unauthorized person for even a short amount of time.
It is recommended that the containers remain in possession of authorized personnel for the duration until the containers reach their final destination. At that time, they should then be stored or destroyed.
In the case of a cleartext key, only SCDs must be used. For example, a source SCD will inject the keys into a target destination SCD. Therefore, the source SCD must be considered as a key loading device (KLD). In such a context, dual control must be in place when an injection is performed.
In the event that the same key loader is used to inject keys into multiple devices, the unicity of keys must also be checked. The key check values should also be computed to perform additional checks.
Key Loading via a KLD in a Key Injection Facility
A Key Injection Facility (KIF) is a controlled facility with precise and exact security measures where devices, such as electronic payment terminals or banking smartcards (personalization centers) are customized by loading security keys through special devices like key loaders. This is done in accordance with strictly defined operating procedures.
A KIF has physical security, logical access control, and usually all sorts of monitoring in place.
ANSI X9.24-1-2017 requires the following checks when using a key loader in a key injection facility:
- Inspection of the cables, SCDs, and relevant hardware to make sure that there are no signs of tampering;
- Use of dual control;
- Confirmation there are no monitoring devices to record the interaction between the authorized users and the key loaders or SCDs;
- Making sure of the identity and integrity of the target device;
- Logging the key injection with the relevant details (date, etc.);
- Providing insurance that the logs have not been tampered with.
Key Loading via a KLD Outside a Key Injection Facility
The loading of the keys inside a key loading device must occur inside a key injection facility. However, it is possible to use a key loading device to inject keys outside a key injection facility. In such a case, ANSI X9.24-1-2017 dictates the following checks:
The identity of the KLD must be checked;
An operator must make sure it is the right KLD to be used;
The same checks performed for a KLD used within a key injection facility.
The ANSI X9.24-1-2017 standard dictates several mandatory checks when using a key loader, a SCD, or storage media to inject keys inside a target destination SCD. It must be understood that these are the minimal requirements, and of course, there are several additional requirements maintained by financial institutions that perform such key loading tasks.
References, Side Notes and Further Reading
- Read more articles on the ANSI X9.24-1-2017 (2018 - today), by Martin Rupp, Matt Landrock and more
- ANSI X9.24-1-2017 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2017), by the Accredited Standards Committee X9 (Incorporated Financial Industry Standards), American National Standards Institute
- ASC X9 TR 31-2018 - Interoperable Secure Key Exchange Key Block Specification (2018), by American National Standards Institute (ANSI)