Here at X9 we are constantly researching the latest topics in the financial standards industry. Often, this results in the need for a study group. X9’s study groups are open to a limited number of people from the general public. Check out our current list of active study groups and contact us to participate.
X9F Cryptographic Algorithm Sunrise/Sunset Study Group
A new study group titled Cryptographic Algorithm Sunrise/Sunset Study Group has been formed under the X9F subcommittee. The purpose of this study group is to document cryptographic algorithm sunrise and sunset dates.
This is needed to address industry changes in what is deemed acceptable for adequate protection of sensitive data. As each subcommittee talks about how to move the industry standards forward and away from older inadequate protocols, it was determined the best approach was to scope, select and document sunrise and sunset dates for cryptographic algorithms used in X9 standards.
The proposed objectives for the Cryptographic Algorithms Study Group are to:
- Review and validate the new approach for establishing sunrise and sunset dates for cryptographic algorithms in X9 standards.
- Identify a minimum scope (i.e. applicable X9 standards and Registry) for each working group.
- Define an action plan across the working groups to define and document sunrise and sunset dates to address the minimum scope.
Contact us for more details on how you can participate.
X9F Public Key Infrastructure (PKI) Study Group
The focus of this study group is to examine the reliance concerns and processing issues related to “Certificate Authority” third party service providers and the possibility of operating a centralized Certificate Authority specifically devoted to the financial services industry. This would be a Certificate Authority on which trust for current and future financial industry security could rely upon as a fully interoperable point of service that would exist above any question of security, user authentication, or commercial interest. It would also be independent of rules and requirements from other industry groups which have much different needs than the financial community.
Existing commercial Certificate Authorities exist primarily for the Web PKI, that is, the general usage of the Internet by businesses and individuals. This has traditionally been governed by Browsers, who consume certificates in order to present security information in their user interface. However, Browsers and the financial community interests aren’t always aligned. Hence when Browsers dictate policies which Certificate Authorities are forced to follow, the financial community has no choice but to go along.
This group will examine options to determine a way that would protect the financial communities interest while maintaining a strong security posture. Contact us if you’d like to participate.
X9F Transport Layer Security (TLS) Study Group
ASC X9 has established the X9F study group (SG) on Transport Layer Security (TLS) protocol to determine strategy and tactics for the financial services industry. X9 has a 25-year history in developing and maintaining ANSI and ISO asymmetric cryptography and PKI-related standards. However, migration to the TLS v1.3 protocol affects the financial services industry. X9 has established this study group to research issues as discovered by the recommended research and present strategic and tactical solutions that might include new standardization or possibly other X9 actions. If your company is interested in this group, contact us today.
X9F Quantum Computing Study Group
In the past, a technology that broke an existing cryptographic method was used on real-time or near real-time data. Today, the Internet has a massive storage capacity that allows many years of data to be stored. This means that in 5 to 10 years, new technology could be applied to the stored data allowing it to be decrypted. This raises a question, is it too late to protect data already stored or being stored today from future attacks?
There are research centers around the world working to create a large scale, fault tolerant, general-purpose quantum computer. For many years, the question was- could such a computer ever be created? Now, there is some agreement that such a computer can be created although a lot of work is still required. The new question is- when? The answer to that question will have a major impact on data communications and specifically the financial services industry.
The Quantum Computing study group was created to review the state of quantum computing and to try to determine a time period for when it is most likely that a large-scale quantum computer will exist and, based on this prediction, propose a high-level roadmap for protecting information used by the financial services industry. Contact us for more details on how you can participate.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions