What is ANSI X9.17?
ANSI X9.17 [ANS85] is the Financial Institution Key Management (Wholesale) standard. It defines the protocols to be used by financial institutions such as banks to transfer encryption keys. This protocol is aimed at the distribution of secret keys using symmetric (secret-key) techniques (see Question 1). Financial institutions need to change their bulk encryption keys on a daily or per-session basis due to the volume of encryptions performed. This does not permit the costs and other inefficiencies associated with manual transfer of keys. The standard therefore defines a three-level hierarchy of keys: • The highest level is the master key (KKM), which is always manually distributed. • The next level consists of key-encrypting keys (KKs), which are distributed on-line. • The lowest level has data keys (KDs), which are also distributed on-line. The data keys are used for bulk encryption and are changed on a per-session or per-day basis. New data keys are encrypted with the key-encrypting
