Server Side Wrap Operations

Slides:



Advertisements
Similar presentations
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
Advertisements

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
1 Data Transmissions Johanna Gerold October 22 nd, 2005.
File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Update on Windows 7 at CERN & Remote Desktop.
6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.
Sumanth Nag Popuri.  Why do we need SIP ?  The protocol  Instant Messaging using SIP  Internet Telephony with SIP  Additional applications  Future.
1 NIST Key State Models SP Part 1SP (Draft)
SIP working group IETF#70 Essential corrections Keith Drage.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Get Random Proposal John Leiseboer 11 October 2012.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Chapter 7 – Confidentiality Using Symmetric Encryption.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap.
Designing a Middleware Server for Abstract Database Connection.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
Steps for Symantec PGP Standalone install with Please use the following steps and screenshots to step your way through a standalone install of PGP.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
1 Example security systems n Kerberos n Secure shell.
Managing ITM Ports IBM Corporation 5 June Why Manage Ports? Avoid conflict with other applications –ITM is designed to avoid conflicts –Customer.
ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.
Hosted Services Led by Jason Gross, Terrice McClain, & Jen Paulin
SFS-HTTP: Securing the Web with Self-Certifying URLs
Hillsborough Community College
Web Development Web Servers.
Reactive Android Development
Module 8: Securing Network Traffic by Using IPSec and Certificates
Visit for more Learning Resources
Grid Security Jinny Chien Academia Sinica Grid Computing.
THE STEPS TO MANAGE THE GRID
Using Tweak to Study Ccrypt
KMIP Client Registration Ideas for Discussion
CS691 M2009 Semester Project PHILIP HUYNH
Cryptographic Usage Mask
KMIP Key Management with Vormetric Data Security Manager
Enterprise Key Management with OASIS KMIP
Uses Of Encryption Algorithms
Enabling Encryption for Data at Rest
Enabling Encryption for Data at Rest
CS691 M2009 Semester Project PHILIP HUYNH
Organization for the Advancement of Structured Information Standards
File service architecture
Access Control in KMIPv1.1/v2
KMIP Entity Object and Client Registration
RKL Remote key loading.
Cryptographic Usage Mask
Proposed Modifications to e-D4.0 Direct Link Protocol
Configuration Of A Pull Network.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Solutions for the Third Problem Set
This presentation has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational purposes.
This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.
This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.
Management Application for all segments
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.
Electronic Payment Security Technologies
The new EDAMIS and its security
Globalization Services: Spell Checking API
People’s Choice… When not just any CA will do
Presentation transcript:

Server Side Wrap Operations A Proposal to Add or Modify Operations to Better Support Key Wrapping for KMIP 2.0 07 December 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

Why the Need? There are environments where managed objects must be maintained in a secure fashion even if served Use cases where a wrapped key meets security versus an unwrapped key include proxy servers for specific applications such as Smart Grid File Encryption Hardware Security Modules via a potentially non-secure File Servers What is in KMIP 1.x does not provide for maintaining security of keys Get allows wrapping of an object as it is server which is a good start! Rewrapping a managed object is not easy or possible without client getting clear text object at some point 29 June 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

Options Option 1 Option 2 Option 3 Add three new operations and replace existing painful methods Wrap – Wrap an existing Managed Object and return or register the result Unwrap – Unwrap an existing Managed Object and register the result Rewrap – Unwrap then Wrap a managed object and return or register the result Option 2 Add rewrap key and rewrap key pair operations Modify Create to wrap a created managed object Modify Register to wrap or unwrap a new managed object Add appropriate rewrap operation Option 3 Update Encrypt and Decrypt to work with existing managed objects Potentially overloads Encrypt and Decrypt operations although some vendors use encrypt/decrypt for wrap/unwrap operations already 29 June 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.