ANSI X9.17 [ANS85] is the Financial Institution Key Management (Wholesale) standard. It defines the protocols to be used by financial institutions such as banks to transfer encryption keys. This protocol is aimed at the distribution of secret keys using symmetric (secret-key) techniques (see Question 1).
Financial institutions need to change their bulk encryption keys on a daily or per-session basis due to the volume of encryptions performed. This does not permit the costs and other inefficiencies associated with manual transfer of keys. The standard therefore defines a three-level hierarchy of keys:
- The highest level is the master key (KKM), which is always manually distributed.
- The next level consists of key-encrypting keys (KKs), which are distributed on-line.
- The lowest level has data keys (KDs), which are also distributed on-line.
The data keys are used for bulk encryption and are changed on a per-session or per-day basis. New data keys are encrypted with the key-encrypting keys and distributed to the users. The key-encrypting keys are changed periodically and encrypted with the master key. The master keys are changed less often but are always distributed manually in a very secure manner.
ANSI X9.17 defines a format for messages to establish new keys and replace old ones called CSM (cryptographic service messages). ANSI X9.17 also defines two-key triple-DES encryption (see Question 72) as a method by which keys can be distributed. ANSI X9.17 is gradually being supplemented by public-key techniques such as Diffie-Hellman (see Question 24).
One of the major limitations of ANSI X9.17 is the inefficiency of communicating in a large system since each pair of terminal systems that need to communicate with each other will need to have a common master key. To resolve this problem, ANSI X9.28 was developed to support the distribution of keys between terminal systems that do not share a common key center. The protocol defines a multiple-center group as two or more key centers that implement this standard. Any member of the multiple-center group is able to exchange keys with any other member.
| Question 160 |