American National Standard
for Financial Services
ANS X9.24 Part 2: 2006
Retail Financial Services
Symmetric Key Management
Part 2: Using Asymmetric Techniques for the
Distribution of Symmetric Keys
Secretariat
Accredited Standards Committee X9, Inc.
Approved:
American National Standards Institute
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Foreword
Approval of an American National Standard requires verification by ANSI that the requirements for due process,
consensus, and other criteria for approval have been met by the standards developer.
Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement
has been reached by directly and materially affected interests. Substantial agreement means much more than a
simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered,
and that a concerted effort be made toward their resolution.
The use of American National Standards is completely voluntary; their existence does not in any respect preclude
anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using
products, processes, or procedures not conforming to the standards.
The American National Standards Institute does not develop standards and will in no circumstances give an
interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue
an interpretation of an American National Standard in the name of the American National Standards Institute.
Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title
page of this standard.
CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures
of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this
standard no later than five years from the date of approval.
Published by
Accredited Standards Committee X9, Incorporated
Financial Industry Standards
P.O. Box 4035
Annapolis, MD 21403 USA
X9 Online http://www.X9.org
Copyright © 2006 Accredited Standards Committee X9, Inc.
All rights reserved.
No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without
prior written permission of the publisher. Printed in the United States of America.
© 2006 – All rights reserved
i
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Contents
Foreword ...................................................................................................................................................................... i
Figures........................................................................................................................................................................ iv
Tables .......................................................................................................................................................................... v
Introduction................................................................................................................................................................ vi
Purpose ........................................................................................................................................................10
1
Scope............................................................................................................................................................10
2
Application ...................................................................................................................................................11
2.1
References ...................................................................................................................................................11
3
Terms and Definitions.................................................................................................................................12
4
Standard Organization................................................................................................................................18
5
Environment.................................................................................................................................................18
6
General .........................................................................................................................................................18
6.1
Cardholder and Card Issuer.......................................................................................................................20
6.2
Card Acceptor..............................................................................................................................................20
6.3
Acquirer........................................................................................................................................................20
6.4
Tamper Resistant Security Module (TRSM)..............................................................................................20
6.5
Acquirer Host...............................................................................................................................................21
6.6
Certification Authority.................................................................................................................................21
6.7
Device Manufacturer ...................................................................................................................................21
6.8
Key Management Requirements................................................................................................................21
7
General .........................................................................................................................................................21
7.1
7.1.1 Symmetric Keys...........................................................................................................................................21
7.1.2 Asymmetric Keys ........................................................................................................................................22
Tamper-Resistant Security Modules (TRSM) used for Key Management .............................................23
7.2
A Secure Environment................................................................................................................................23
7.3
Certification Authority (CA) Requirements...............................................................................................23
7.4
Key Generation ............................................................................................................................................24
7.5
7.5.1 Symmetric Key Generation.........................................................................................................................24
7.5.2 Asymmetric Key Generation ......................................................................................................................24
Asymmetric Key Activation/Enablement ..................................................................................................24
7.6
7.6.1 Creation of Certificates...............................................................................................................................24
7.6.2 Signing of Certificates ................................................................................................................................24
7.6.3 Lifetime of Certificates................................................................................................................................24
7.6.4 Authentication of Valid Request and Valid Device ..................................................................................25
Key Distribution...........................................................................................................................................25
7.7
7.7.1 Symmetric Key Distribution/Loading ........................................................................................................25
7.7.2 Asymmetric Key Distribution/Loading......................................................................................................25
Key Utilization..............................................................................................................................................26
7.8
7.8.1 Symmetric Key Utilization ..........................................................................................................................26
7.8.2 Asymmetric Key Utilization ........................................................................................................................26
Key Storage..................................................................................................................................................26
7.9
7.10 Key Replacement.........................................................................................................................................26
7.11 Key Destruction...........................................................................................................................................27
© 2006 – All rights reserved
ii
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Trust Models and Key Establishment Protocols......................................................................................27
8
Introduction..................................................................................................................................................27
8.1
Trust Models ................................................................................................................................................28
8.2
8.2.1 Three-Party Model – CAs ............................................................................................................................28
8.2.2 Two-Party Model – Self Signing Model .....................................................................................................28
8.2.3 Prior Trust Model.........................................................................................................................................29
Key Establishment Protocols.....................................................................................................................29
8.3
8.3.1 Unilateral Key Transport Method...............................................................................................................29
8.3.2 Bilateral Key Transport Method (Both Entities Generate and Share Symmetric Key – Joint
Control).........................................................................................................................................................30
8.3.3 Key Agreement Method ..............................................................................................................................32
Annex A (Normative) Approved ANSI Symmetric Key Algorithms for Encryption of Private Keys ................34
© 2006 – All rights reserved
iii
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Figures
Figure 1 High Level Overview of Key Transport Method (Unilateral).......................................................................29
Figure 2 High Level Overview of Key Transport Method (Bilateral).........................................................................31
Figure 3 High Level Overview of Key Agreement Method .......................................................................................32
iv
© 2006 – All rights reserved
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Tables
Table 1 Trust Models and Key Establishment Protocols......................................................................................... 28
© 2006 – All rights reserved
v
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---
ANS X9.24 Part 2: 2006
Introduction
Today, billions of dollars in funds are transferred electronically by various communication methods. Transactions
are often entered remotely, off-premise from financial institutions, by retailers or by customers directly. Such
transactions are transmitted over potentially non-secure media. The vast range in value, size, and the volume of
such transactions expose institutions to severe risks, which may be uninsurable.
To protect these financial messages and other sensitive information, many institutions are making increased use
of the American National Standards Institute Triple Data Encryption Algorithm (TDEA). Specific examples of its
use include standards for message authentication, personal identification number encryption, other data
encryption, and key encryption.
The TDEA is in the public domain. The security and reliability of any process based on the TDEA is directly
dependent on the protection afforded to secret numbers called cryptographic keys.
A familiar analogy may be found in the combination lock of a vault. The lock design is public knowledge. Security
is provided by keeping a number, the combination, a secret. Secure operation also depends on protective
procedures and features which prevent surreptitious viewing or determination of the combination by listening to its
operation. Procedures are also required to ensure that the combination is random and cannot be modified by an
unauthorized individual without detection.
Part 1 of ANS X9.24 deals exclusively with management of symmetric keys using symmetric techniques.
This Part 2 addresses the use of asymmetric techniques for the distribution of symmetric keys.
Asymmetric techniques utilize algorithms other than the DEA (e.g., Diffie-Hellman, RSA, Elliptic Curve,
etc.). Those asymmetric algorithms are defined in other American National Standards Institute standards
(e.g., ANS X9.42 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric
Algorithm Keys Using Discrete Logarithm Cryptography, ANS X9.44 DRAFT Public Key Cryptography for
the Financial Services Industry: Key Agreement and Key Transport Using Factoring-Based Cryptography,
and X9.63 Public Key Cryptography for the Financial Services Industry: Key Agreement and Key
Management Using Elliptic Curve-Based Cryptography). Those algorithms are also in the public domain,
and the security and reliability are also dependent on the security and integrity of the asymmetric keys
and the infrastructure under which those keys are created and managed.
This part of ANS X9.24 assumes the reader is familiar with the concepts behind asymmetric
cryptography.
NOTE—The user’s attention is called to the possibility that compliance with this standard may require use of an
invention covered by patent rights. By publication of this standard, no position is taken with respect to the validity
of this claim or of any patent rights in connection therewith. The patent holder has, however, filed a statement of
willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to
applicants desiring to obtain such a license. Details may be obtained from the standards developer.
Suggestions for the improvement of this standard will be welcome. They should be sent to the ASC X9
Secretariat, Accredited Standards Committee X9, Inc., P.O. Box 4035, Annapolis, MD 21403.
vi
© 2006 – All rights reserved
Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS--`,,```,,,,````-`-`,,`,,`,`,,`---