ANSI X9.24-1-2017: Key Distribution 

Key distribution is perhaps the most important and crucial aspect of the ANSI X9.24-1-2017 part 1 standard. But first, let us explain what cryptographic key distribution is.

Read more

ANSI X9.24-1-2017: Key Loading

The ANSI X9.24-1-2017 standard defines the requirements for the loading of key components or shares, and the loading of cleartext keys. The loading of encrypted keys is described in other parts of the standard.

Read more

ANSI X9.24-1-2017: Understanding Symmetric Key Creation and Key Component & Key Share Creation

In this article, we look at the process of key generation and key derivation as described by the ANSI X9.24-1-2017 standard. This process is mandatory for operations performed by the retail financial services industry.

Read more

ANSI X9.24-1-2017 & ISO 13491-1: An Introduction to Secure Cryptographic Devices Used in a Retail Financial Services Environment

The ANSI X9.24-1: 2017 standard requires the use of secure cryptographic devices (SCDs) in the context of symmetric key cryptography and refers to the ISO 13491-1 standard for the specifications that must be met for a device to be approved as an SCD. This article outlines and explains some of the aspects and requirements that both the X9.24-1-2017 and ISO 13491-1 mandate for SCDs that are used in retail financial services systems.

Read more

Migrating Business-Critical Cryptography to the Cloud - Considerations for the Banking Sector

Today, financial institutions are driven by a strategic question: How can they embrace the benefits from the cloud’s flexible and scalable on-demand services, while perpetuating a trustworthy, banking-grade level of cryptographic security? This article looks at some of the trends, challenges and security concerns that financial institutions face when considering whether to migrate their business-critical applications and cryptography to the cloud.

Read more

PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

In June 2019, the PCI Security Standards Council issued an information supplement titled PCI PIN Security Requirement 18-3 – Key Blocks, which requires that encrypted symmetric keys be managed in structures called “Key Blocks.”

Read more

ANSI X9.24-1-2017: The General Key Management Requirements

The ANSI X9.24-1-2017 norm details how symmetric cryptographic keys should be managed and handled by the relevant actors of the retail financial services companies. Here we outline the general techniques and methodologies that are required or suggested by the standard.

Read more

Understanding The New FIPS 140-3

FIPS 140 (“Federal Information Processing Standard”) is a series of security standards published by the U.S. government that specify security requirements for the evaluation of cryptographic modules. This article explores various aspects of the latest release of FIPS 140-3.

Read more

ANSI X9.24-1-2017: Understanding the Card Payment Environment and the use of Symmetric Keys

The standard, ANSI X9.24-1-2017 part 1 has been written to provide minimum symmetric key management requirements and guidelines for the retail financial industry and actors involved in processing card payments.

Read more