A technical report written and published by the Accredited Standards Committee X9 (ASC X9), ASC X9 TR 31-2018: Interoperable Secure Key Exchange Key Block Specification, provides an interoperable method of implementing security requirements and policies.
Today’s economy is shaped largely by its convergence with the digital world; billions of dollars in funds are transferred electronically by various communication methods. To protect these financial messages, as well as other sensitive information, numerous institutions make use of the American National Standards Institute Data Encryption Algorithm (TDEA) and the Advanced Encryption Standard (AES). These are used for message authentication, personal identification number encryption, other data encryption, and key encryption standards.
Both AES and the TDEA are in the public domain. AES became a federal government standard in 2002, as FIPS 197. The TDEA was actually an X9 standard, approved as ANSI ANS X9.52-1998 in 1998 but withdrawn in 2008. The Triple DEA currently is addressed in NIST SP 800-67 Rev. 2.
The security and reliability of any process based on AES or the TDEA is derived directly from the protection afforded to cryptographic keys. A cryptographic key is a secret value used in the operation of a cryptographic function. This may be used for example, during the transformation from cleartext to cipher text and vice versa.
ANSI X9.24-1-2017: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques deals exclusively with the management of symmetric keys using symmetric techniques. Specifically, it establishes guidelines for the secure management and application-level interoperability of symmetric keying operations, which are used for authenticating messages, encrypting Personal Identification Numbers (PIN), encrypting other data, encrypting other keys, or for other purposes in a financial services environment.
You can read more about this here: ANSI X9.24-1-2017: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques
As a standard for the requirements for the management of symmetric keys, ANSI X9.24-1-2017 does not address the implementation of secure key management. This is instead the purpose of the ASC X9 TR 31-2018 technical report, which it intended to help implement an interoperable method for secure key exchange in accordance with the information established by the financial services symmetric key management using symmetric techniques standard.
ASC X9 TR 31-2018 details a method for the secure exchange of keys and other sensitive data between two devices that share a symmetric key exchange key. This document covers key block properties and characteristics, and it specifies a key block binding method using key derivation (which is preferred) for AES and the TDEA and a key block binding method using variants (which is for the TDEA only).
Please note that another American National Standard, ANSI X9.24-2-2021: Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys, addresses the uses of asymmetric techniques for the distribution of symmetric keys. Asymmetric techniques utilize algorithms other than the DEA, which are also in the public domain.
ASC X9 TR 31-2018: Interoperable Secure Key Exchange Key Block Specification is available on the ANSI Webstore.
