In this article, we look at the process of key generation and key derivation as described by the ANSI X9.24-1-2017 standard. This process is mandatory for operations performed by the retail financial services industry.

The ANSI X9.24-1-2017 norm details how symmetric cryptographic keys should be managed and handled by the relevant actors of the retail financial services companies. Here we outline the general techniques and methodologies that are required or suggested by the standard.

The standard, ANSI X9.24-1-2017 part 1 has been written to provide minimum symmetric key management requirements and guidelines for the retail financial industry and actors involved in processing card payments.

The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

With data protection standards, such as GDPR, and the sheer mass of data that companies collect and accumulate, the protection and control of information has become increasingly important. The deployment of encryption is the backbone of any given organisation’s systems security scheme towards the goal of data protection.

In this final article in a 3-part series on symmetric key encryption technology, we look at the use of encryption modes with symmetric block ciphers, including the need for padding and initialization vectors.

In this article, the second in a 3-part series on symmetric key encryption technology, we look at the development of symmetric key encryption algorithms and the range of algorithms available today along with their strengths and weaknesses, as well as the importance of crypto-agility.

In this article, the first of a 3-part series on symmetric key encryption technology, we will look at the principles of symmetric encryption, the two types of symmetric algorithm, and the lifecycle and management of symmetric keys.

In today’s cyber-world there is an ever-present risk of unauthorized access to all forms of data. Most at risk is financial and payment system data that can expose the personal identifying information (PII) or payment card details of customers and clients. Encryption is crucial for protecting PII and mitigating the risks that businesses which conduct payment transactions face every minute of every day.

In this article we will talk about symmetric encryption in banking, its advantages and some challenges of managing the keys.