This article briefly summarizes the symmetric cryptographic key utilization and storage requirements as described by the ANSI X9.24-1-2017 (part 1) standard.
Key utilization, as described by the standard, refers to the usage of symmetric keys for their intended use and good daily practices for disposing of such keys in the various devices, especially SCDs.
Key storage relates to the way retail financial service organizations must store the cryptographic keys and key shares.
Summary of Requirements for Key Utilization
- Key variants are only possible for Triple-DES keys and their use is discouraged
- Keys used by two communicating devices must be unique (and such uniqueness must be provable)
- Key variants can be used for a different purpose than the purpose of the original keys (meanwhile, identical keys must be restricted to a single purpose)
- An SCD must use different keys when dealing with different parties (for example, an SCD must use different keys when dealing with different acquirers)
- An SCD can use the same keys when dealing with the same parties but with different locations (for example, the SCDs of the same acquirer located in different geographical places)
- Keys used by an SCD should be found in the receiving parties SCDs and in, and only in ‘authorized’ locations (in other terms, that key should be found in ‘exotic’ places)
- Cryptographic key separation must be used. This usually involves creating a variant for each use.
Summary of Requirements for Key Storage
The requirements detail how TEA bag storage must be organized.
- When creating shares of a key, these shares must be placed in Transport TEA (Tamper Evident and Authenticable) bags. These TEA bags must contain only one part of the same secret.
- Storage of key shares must ensure the access is granted only to the authorized persons
- If one TEA bag is used for different secrets belonging to different keys, this must be tracked
- Storage must inspect the relevant TEA bags after any storage event and make sure they are tamper-free.
Precisions about Key Variants
A key variant is simply the result of XORing an existing key with a variant, thus creating a variant of the key. Usually, the first byte of each key part will be XORed with a byte representing the variant number. For example, a KEK key will have variant 0,1,2… if the first byte of each part of the KEK is XORed with the byte 0,1,2, etc.
Variants can be created for any key with the most common use being creating variants for a master key (MK), or a key-encryption key (KEK).
The interest is to use the same key, but for different usage. That practice is strictly regulated by ANSI X9.24-1-2017 since cryptographic keys must be used only for their intended use. Here, a key variant can be used for a different purpose than the purpose of the original key.
In such a case, ANSI X9.24-1-2017 allows only the creation of variants for Triple-DES keys. However, such a practice is explicitly discouraged. The creation of key variants for AES keys is totally forbidden by the standard.
Also, note that: “A variant of a key SHALL exist only in a device that possesses or has possessed the original key”. This means that a variant created inside a given SCD cannot be exported to another SCD, for example.
ANSI X9.24-1-2017 details several requirements for key utilization and key storage. Key variants can be used, but only for Triple-DES and their use is discouraged. TEA bags used for storage of cleartext key shares must not contain more than one share for the same key.
Contact Cryptomathic for more information on key management standards and how to explore which key management system is the right one for your requirements.
References, Side Notes and Further Reading
- Read more articles on the ANSI X9.24-1-2017 (2018 - today), by Martin Rupp, Matt Landrock and more
- ANSI X9.24-1-2017 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2017), by the Accredited Standards Committee X9 (Incorporated Financial Industry Standards), American National Standards Institute
- How to share a secret (1979), by Adi Shamir, Communications of the ACM, Volumne 22, Issue 11
Norms used by X9.24-1-2017
- NIST SP800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
- ANS X9.82, Random Number Generation, Part 3: Deterministic Random Bit Generators
- ISO 13491 - 2016 - all parts, Financial services – Secure cryptographic devices (Retail)
- ANS X9.24-2, Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys
- FIPS 197: Advanced Encryption Standard (AES), November 26, 2001
- NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques (December 2001)
- NIST SP 800-38C: Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality (July 2007)
- NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (November 2007)
- ANS X9.24-3, Retail Financial Services Symmetric Key Management Part 3: Derived Unique Key Per Transaction (Ballot Note: This is to be published in 2017)
- ANS X9.8-1, Personal Identification Number (PIN) Management and Security
- ISO 16609, Banking – Requirements for message authentication using symmetric techniques
- ISO 7812, Identification cards – Numbering system and registration procedure for issuer identifiers
- ISO 8583, Bankcard Originated Messages – Interchange message specifications – Content for financial transactions
- ISO 9797-1, Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher
- ISO/TR 14742, Recommendations on cryptographic algorithms and their use
- NIST SP 800-38B: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (October 2016)
- ANS X9.102-2008, Symmetric Key Cryptography For the Financial Services Industry - Wrapping of Keys and Associated Data
- ANS X9.119, Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data Part 1: Using Encryption Methods
- ISO 11568-2, Financial Services – Key management (retail) – Part 2, Symmetric ciphers, their key management and life cycle
- NIST SP 800-57: Recommendation for Key Management – Part 1: General
- ANS TR-31, Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms