The Accredited Standards Committee X9 announced the publication of an update to its X9.69 standard, Framework For Key Management Extensions. This standard defines methods for the generation and control of keys used in symmetric cryptographic algorithms, and the new version includes methods for quantum computing protection, a framework supporting an algorithm at any key length, and provisions to support compliance with HIPAA, Europe’s GDPR and other privacy regulations.
The X9.69 standard is an important one, concerned with key systems for message encryption in which the encrypting and decrypting keys are identical. It defines a constructive method for the creation of symmetric keys, by combining two or more secret key components. It also defines a method for attaching a key usage vector to each generated key that prevents abuses and attacks against the key. The two defined methods can be used separately or in combination.
Additionally, the security and reliability of any process based on a symmetric cryptographic algorithm is directly dependent on the protection afforded to the secret quantity, the key. Thus, no matter how strong the algorithm, the system is only as secure as its key management method. With the expected advent of quantum computing, secure key management becomes even more important, as a large-scale quantum computer could easily break the most widely used encryption schemes. This standard provides an immediate and complete solution to quantum computer attacks using Shor’s Algorithm.
The standard also offers a framework supporting an algorithm at any key length. For adopters of the standard, this makes it future-proof, deployable now and accommodating of any new algorithms in the future. The new X9.69 can be applied immediately to multiple data representations, such as those of ISO 20022 and QR code payments, as well as any structured and unstructured data. The updated version provides protection of data at the object level, independent of the transmission layer or storage choice, and a persistent protection solution to data security that supports any enterprise configuration, including cloud, hybrid cloud or multi-cloud.
“This new version of X9.69 can be seen as offering an immediate solution to the threat of quantum, as well as an answer to the differential access to content necessary to support various laws and regulations around privacy in the United States and elsewhere,” said Jay Wack, CEO of Tecsec, in a statement. Wack also served as editor for the standard.
“X9 is delivering a vital tool for establishing and maintaining the security and privacy of encrypted messaging,” he added.