ASC X9 Revives PKI Working Group To Address New Public Key Infrastructure Needs
— The Accredited Standards Committee X9 Inc. (X9), a non-profit organization that develops standards for the financial services industry, has reconstituted X9F5, the working group that originally developed the standards on which modern Public Key Infrastructures (PKIs) are based. The decision by the X9 board was based upon the recent findings of an X9 PKI Study Group, which recommended that X9F5 be tasked with creating new PKI standards based on use cases and requirements developed and maintained specifically for the financial services industry. X9 is seeking additional participation and support for this effort from all interested parties.
PKIs allow trust to be established between remote systems in a scalable manner, using digital certificates, so that information can be securely exchanged. On the internet, web browsers use web PKIs to create secure web pages. Various PKIs have been extensively used throughout the financial services industry and the internet for a long time, and for most of this period, the use cases and requirements for web PKIs served both the browser community and the financial services industry reasonably well.
However, in recent years, problems have arisen. The PKI Study Group documented the ways in which the financial industry’s requirements have diverged from those of the web browser community, and found that in many cases existing web PKI requirements are in opposition to the needs of financial PKIs. The Study Group also noted that existing financial PKI operations are not always aligned with X9 standards, creating incompatibility and security issues, and existing PKIs will be slow to address emerging threats such as quantum computing.
To deal with these issues, X9F5 will develop and maintain PKI standards that meet the needs of the U.S. financial services industry, and will coordinate these requirements with international standards organizations.
“The financial services industry, in general, and ASC X9 specifically, were instrumental in establishing minimum security requirements for public key infrastructures: X9 has a 25-year history in developing and maintaining PKI-related standards,” said Tim Hollebeek, Industry and Standards Technical Strategist at DigiCert and Interim Chair of X9F5. “X9 is the right organization to take things to the next level, now that we have a detailed understanding of how the financial industry’s requirements differ from other PKIs, especially the web PKI.”
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both national and – through the ISO –international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 110 domestic standards and 55 international standards.
The subjects of X9’s standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; PKI; checks; and data breach notification. X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial), TC321 (E-Commerce) and TC322 (Sustainable Finance) and performs the secretariat functions for ISO TC68. Please visit our web site (www.x9.org) for more information.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions