X9F Data and Information Security Subcommittee – Project Status

Call For Experts

X9.135 Secret Sharing Schemes

Project DescriptionSecret sharing schemes includes cryptographic methods for distributing a secret amongst a group of participants, such that no one person has access to the secret. Each participant is allocated a share of the secret, so that working in concert some subgroup can recreate the secret, such as a symmetric key or asymmetric private key. Secret sharing is an important dual control with split knowledge security method, commonly referred to as an N of M scheme.

Project NeedDue to the lack of standards, there are misconceptions and misinformation about secret sharing methods, what they are, where to store them, how they work, and when to use them in a secure fashion. A new standard addressing secret sharing would provide valuable information to product manufactures, service providers (including cloud services) and end-users attempting to secure their cryptographic systems.

StakeholdersProduct manufacturers, Application manufacturers, Service (cloud) providers, Security professionals

To participate in the development of this standard click here.

X9.141 Financial and Personal Data Protection and Breach Notification Standard

Project Description| This standard is intended to ensure all entities that handle sensitive financial data and PII have in place a robust process to protect this data and prevent breaches from happening. This standard should apply to all organizations that handle sensitive payment information and it would provide a consistent breach notification process to protect consumers and other stakeholders nationwide. Our existing payment systems serves hundreds of millions of consumers, retailers, financial institutions, and the economy well. Protecting the U.S. payment systems is a shared responsibility of all parties involved. We must work together and invest the necessary resources to combat increasingly sophisticated threats to the payments system.

Project Need| This standard should also provide a consistent breach notification process to protect customers and other stakeholders nationwide. We must work together and invest the necessary resources to combat increasingly sophisticated threats.

Stakeholders| All organizations that handle sensitive consumer payment information and customer identifiable information including: Financial institutions, Credit Bureaus, Merchants/Retailers, Consumers, Application manufacturers, Service providers, Security professionals

To participate in the development of this standard click here.

Current Work

X9.139 Interoperable Method for Distribution of Symmetric Keys Using Asymmetric Techniques: Part 1 – Using Factoring-Based Public Key Cryptography Unilateral Key Transport

X9 has published a technical report, TR-34, which describes a method consistent with the requirements of ANSI X9.24-2 Retail Financial Services Symmetric Key Management – Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys for the secure exchange of keys using asymmetric techniques between two devices that share asymmetric keys. This method is designed to operate within the existing capabilities of devices used in the retail financial services industry. This technical report has grown in popularity with the growth of remote key distribution technology. Due to increased usage of TR-34, the X9F subcommittee will be standardizing the methods included in TR-34 to improve industry interoperability. For more information on this initiative contact us.

X9.124 Parts 1, 3, 4 and 5 Format Preserving Encryption of Financial Information

X9.124 Parts 1-5 define requirements for using ciphers in Format Preserving Encryption (FPE) modes and specify approved FPE modes. Using an FPE mode encrypts data strings of a specific length and character set into cipher-text of the same length using the same character set. X9.124 Part 1 provides a set of recommendations for use of these techniques within financial systems and defines a baseline set of security parameters that other standards organizations can use. X9.124 Part 3 will cover FF1 Feistel-Based Mode 1 while X9.124 Part 4 will cover FF1 Feistel-Based Mode 2 and X9.124 Part 5 will cover FF3, Feistel-Based Mode 3. To participate in the development of these standards click here.

TR-34 Interoperable Method for Distribution of Symmetric Keys using Asymmetric Techniques: Part 1 Using Factoring-Based Public Key Cryptography Unilateral Key Transport

This technical report is currently under revision by the X9F6 Data and Information Security workgroup. This document describes a method consistent with the requirements of ANS X9.24-2 Retail Financial Services Symmetric Key Management – Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys for the secure exchange of keys using asymmetric techniques between two devices that share asymmetric keys. This method is designed to operate within the existing capabilities of devices used in the retail financial services industry.

Praesent quis, vel, Praesent Donec elementum Aenean