The “Four Corners” model, also called the “Four Party Scheme”, is utilized in almost all standard card payment systems across the globe. Here, we talk about that model and explain what kind of hardware security module (HSM) is needed for each of its components involved in the cryptographic process.
Among all the various key block formats, the TR-34 format is undoubtedly one of the most sophisticated.
The TR-34 norm is an implementation of the X9.24-2 norm. It proposes a realistic and efficient way of exchanging symmetric keys using asymmetric cryptography. This is basically a certificate-based Remote Key Loading (RKL) protocol.
This article proposes a few answers to a series of frequently asked questions (FAQs) about key blocks and their use with PCI.
A key block is a unique piece of cryptography that is used to protect cryptographic keys while they are being sent over networks that might not be secure. A team around Mohammed M. Atalla invented the concept of the key block with his Atalla key block. This solved several issues created by “key variants” that were then used for transporting keys.
IBM’s mainframe computers have been a rock-steady part of banks’ security infrastructure for many years. Originating from the local data-center concept, the current release is able to stretch banks’ security architecture across the hybrid cloud, harnessing advantages of on-premise and cloud-native software deployments - all without compromising data security and privacy.
There are several types of key block formats used in different industries, especially the retail banking industry. The systems that use these key blocks are part of heterogeneous networks. Therefore, they need to interchange their data with other systems, potentially using different key block formats or even different key binding algorithms (key wraps, key encapsulation, etc.). In what follows, we will explain how this is possible and what techniques are used to perform that.
One aspect of key management is dealing with what happens when a symmetric cryptographic key is no longer needed. The section ‘Key Replacement, Destruction and Archiving’ within ANSI X9.24-1-2017 explains what needs to happen.
The PCI Council requires most actors of payment networks to implement ANSI X9.24/TR-31-compliant key blocks to wrap and securely transmit, transfer, or translate key or PIN codes.
This article proposes answers to a series of frequently asked questions (FAQs) about key blocks.
