ANSI X9.24 PART 2 pdf free download

ANSI X9.24 PART 2 pdf free download.Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys.
6.3 Card Acceptor
The card acceptor accepts cards to access the cardholders’ account(s) or as a means of payment for goods or services. In POS systems this may be a retailer, service company, financial institution, etc.; in ATM systems the card acceptor may be the same party as the acquirer. Rather than accepting the card as direct proof of payment, the acceptor may forward transaction information to an acquirer. The acceptor will take a transaction authorization from the acquirer as guarantee for payment. The security of the transaction information exchanged with the acquirer is important. Security features may include message authentication (see Reference 13), secrecy of the PIN (see Reference 5), etc.
6.4 Acquirer
The acquirer provides transaction processing to acceptors. For some transactions the acquirer may authorize a
transaction acting as an agent of an issuer. In other cases (e.g., the transaction value exceeds a certain threshold)
the transaction information is sent to an issuer or its agent for authorization.
For the acquisition function the acquirer needs facilities that provide secure processing for translation of PINs in node-to-node systems, message authentication for transaction exchanges, etc. For combined acquisition and authorization functions, the acquirer needs secure facilities to satisfy the requirements of the issuer it represents.
6.5 Secure Cryptographic Device (SCD)
There are several types of Secure Cryptographic Devices (SCDs), such as PIN Entry Devices (found on ATMs and POS devices) and Host Security Modules (HSMs).
The SCD can be a PIN entry device (PED) such as an ATM or POS terminal PIN pad. For purposes of this part of this standard, these are the devices that interface to a host system using asymmetric cryptography for distribution of the symmetric key. For symmetric key distribution using asymmetric techniques, the PED SHALL have mechanisms that provide secure processing for mutual authentication of the interfacing host (and vice versa — see Section 6.6 below). The PED SHALL have mechanisms to prevent or detect man-in-the-middle attacks. Once the PED is authenticated to the intended host, mechanisms SHALL exist to prevent communication with any unintended host.
The SCD can be a Host Security Module (HSM). For purposes of this part of the standard, this is the device that resides at the host location and manages the host cryptographic functions. These functions include using asymmetric cryptography for distribution of symmetric keys to interfacing PEDs and to other network nodes’ HSMs.
For symmetric key distribution using asymmetric techniques, the HSM SHALL have mechanisms that provide secure processing for mutual authentication of the interfacing PED and/or other host HSM (and vice versa — see Section 6.6 below). The HSM SHALL have mechanisms to prevent or detect man-in-the-middle attacks and the ability to ensure communication with only an intended PED or other host HSM.
Some SCDs could be connected to a Certification Authority (CA) or could be performing cryptographic functions at a CA site.
In all cases, regardless of the type of SCD, implementation of the system SHALL include measures to prevent man-in-the-middle attacks on the system, and ensure the mutual authentication of the sender and receiver of the keys.
ANSI X9.24 PART 2 pdf free download.