Among all the various key block formats, the TR-34 format is undoubtedly one of the most sophisticated formats.

The TR-34 norm is an implementation of the X9.24-2 norm. It proposes a realistic and efficient way of exchanging symmetric keys using asymmetric cryptography. This is basically a certificate-based Remote Key Loading (RKL) protocol. 

This article proposes a few answers to a series of frequently asked questions (FAQs) about key blocks and their use with PCI.

This article proposes answers to a series of frequently asked questions (FAQs) about key blocks.

One aspect of key management is dealing with what happens when a symmetric cryptographic key is no longer needed. The section ‘Key Replacement, Destruction and Archiving’ within ANSI X9.24-1-2017 explains what needs to happen.

How can keys be securely exchanged over potentially unprotected channels? The answer to this question is “key blocks”. A key block is an essential cryptographic key format that allows users to securely exchange and utilize keys over various environments. 

Thales Key Blocks are an essential cryptographic key wrapping format. In comparison to other key block formats, they are proprietary and only work with Thales payShield HSMs. In what follows, we delve into detail about this key block format.

The “Four Corners'' model, also called the Four Party Scheme, is utilized in almost all standard card payment systems across the globe. Here we introduce that model and explain what type of hardware security module (HSM) is needed for each of its components involved in the cryptographic process.

In a retail financial services environment, the compromise of a symmetric cryptographic key is a critical security breach. Such a situation is described by the ANSI X9.24-1-2017 standard. Here, we summarize the ANSI guidance on how to respond if a potential compromise has been identified.

The PCI Council requires most actors of payment networks to implement ANSI X9.24/TR-31-compliant key blocks to wrap and securely transmit, transfer, or translate key or PIN codes.