ANSI X9.24-1-2017 covers both the manual and automated management of keying material used for financial services such as point-of-sale (POS) transactions (debit and credit), automated teller machine (ATM) transactions, messages among terminals and financial institutions, and interchange messages among acquirers, switches and card issuers. This part of this standard deals exclusively with the management of symmetric keys using symmetric techniques. Requirements for symmetric keys protected by asymmetric keys are addressed in X9.24-2. Any requirements stated in this part are not meant to invalidate the requirements provided for in Part 2. This part of the standard specifies the minimum requirements for the management of keying material. Addressed are all components of the key management life cycle, including the generation, distribution, utilization, storage, archiving, replacement and destruction of the keying material. An institution's key management process, whether implemented in a computer or a terminal, is not to be implemented or controlled in a manner that has less security, protection, or control than described herein. The intention is that if two nodes implement compatible and secure versions of key management methods, key identification techniques, and key separation methods in accordance with this part of this standard, they will be interoperable at the application level. Other characteristics may be necessary for node interoperability; however, this part of this standard does not cover such characteristics as message format, communications protocol, transmission speed, or device interface.
The definition of the DUKPT algorithm is addressed in X9.24 Part 3. Information contained in previous versions of this standard related to the implementation of DUKPT has been moved to that standard.