FIPS 140 (“Federal Information Processing Standard”) is a series of security standards published by the U.S. government that specify security requirements for the evaluation of cryptographic modules. This article explores various aspects of the latest release of FIPS 140-3.

The standard, ANSI X9.24-1-2017 part 1 has been written to provide minimum symmetric key management requirements and guidelines for the retail financial industry and actors involved in processing card payments.

Here we explore the different entities that form the card payment environment, as described in the norm ANSI X9.24-1-2017. We also explain why securely managing the symmetric keys used in such a context is an important way of securing transactions and, in general, of securing the whole Card Payment Environment.

ANSI X9.24-1-2017 part 1 is a standard that deals with symmetric key management techniques for retail financial services.

The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

This article introduces and classifies cryptographic key types and crypto-periods as suggested by NIST, based on proven best practices for key management. It outlines the recommendations of when and how keys are used to protect data and explains how appropriate crypto-periods can be chosen and enforced.

Over the last 10 years, enterprises have moved on from decentralized and distributed key management to centralized key management systems to provide secure and unified key life-cycle management.

This article looks at the concept of cryptographic key management – what it is, why it’s important, and how an electronic key management system simplifies the task of managing a high volume of keys.

With data protection standards, such as GDPR, and the sheer mass of data that companies collect and accumulate, the protection and control of information has become increasingly important. The deployment of encryption is the backbone of any given organisation’s systems security scheme towards the goal of data protection.

In this article we look at the role of random number generators (RNGs) and put them into a procedural context with hardware security modules (HSMs) and key management systems (KMSs).