Locate By Value Anthony Berglas. Basic Idea To extend Locate so that it queries managed object’s values (KeyBlock) in the same way that it can now be.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Observations on WS-Policy Ashok Malhotra Oracle Corporation.
Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
Principles of Information Security, 2nd edition1 Cryptography.
Using the CC2420 with AES Support
A Designer’s Guide to KEMs Alex Dent
Scalable and Distributed Similarity Search in Metric Spaces Michal Batko Claudio Gennaro Pavel Zezula.
Key Management Interoperability Protocol By: Derrick Erickson.
Chapter 8 Web Security.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Key Management in Cryptography
Encryption Methods By: Michael A. Scott
Type-Directed, Whitespace-Delimited Parsing for Embedded DSLs Cyrus Omar School of Computer Science Carnegie Mellon University [GlobalDSL13] Benjamin ChungAlex.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.
Introduction –All information systems create, read, update and delete data. This data is stored in files and databases. Files are collections of similar.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
SEC835 Practical aspects of security implementation Part 1.
Chapter 3 The Relational Model. 2 Chapter 3 - Objectives u Terminology of relational model. u How tables are used to represent data. u Connection between.
Group Kiran Thota, VMware Saikat Saha, Oracle. What is Group? Group can be defined as a logical collection or container of objects – Managed Objects –
Web Security : Secure Socket Layer Secure Electronic Transaction.
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
240-Current Research Easily Extensible Systems, Octave, Input Formats, SOA.
ITGS Databases.
1 NIST Key State Models SP Part 1SP (Draft)
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
SQL/Lesson 7/Slide 1 of 32 Implementing Indexes Objectives In this lesson, you will learn to: * Create a clustered index * Create a nonclustered index.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
ISA 95 Working Group Process Centric Exchanges Gavan W Hood July 23, 2015 GWH 2.1.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
. © 2015 Corning Incorporated.. Processing Glass Property Data with SciGlass Information System Alexander Priven Corning Korea * ITC.
Receipt Token Profile for Web Services Eric Gravengaard Reactivity.
. © 2015 Corning Incorporated.. Processing Glass Property Data with SciGlass Information System Alexander Priven Corning Korea * ITC.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Understanding Data Storage
Cryptographic Hash Function
Client / Server Correlation Values
S/MIME T ANANDHAN.
KMIP Client Registration Ideas for Discussion
KMIP Entity Object and Client Registration
What’s changed in the Shibboleth 1.2 Origin
ELECTRONIC MAIL SECURITY
Client / Server Correlation Values
ELECTRONIC MAIL SECURITY
Cryptographic Usage Mask
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Right Object Groups February, 2019.
Query Defaults for Object Groups
Default Constraints February, 2019.
Instructor Materials Chapter 5: Ensuring Integrity
Presentation transcript:

Locate By Value Anthony Berglas

Basic Idea To extend Locate so that it queries managed object’s values (KeyBlock) in the same way that it can now be used with Attribute Values.

Customer Requirements To be able to locate a managed object given that only (part of) its Key Block is known – Its unique identifier is unknown To be able to verify that a key is or is not already stored in a KMIP server – And thus enforce policy To be able to identify cases where multiple managed objects have similar value – (This can be valid in some circumstances)

Examples Locate all private keys with modulus = 1234… Locate the symmetric key(s) with KeyMaterial = … Locate any Split Keys with ObjectGroup = “Secure” And only two Splits – Combine selection criteria in the normal manner Locate all the keys wrapped with UUID=… – Or Wrapping Cryptographic Algorithm = “SKIPJACK”

Locate by value Just allow managed object value to be included in the body of a Locate operation Normal semantics, namely to conjoin with any other clauses in the Locate Seems a natural extension to Locate Could specify directly or as pseudo attribute – Two alternative message formats

Example Direct Locate by value … <KeyMaterial type="ByteString" value=" a6d134a855e25c8cd5e4ca d3c8"/>

Example Direct Locate by value ctd... <UniqueIdentifier type="TextString" value="ABCDE-FHGIJ-KLMN"/>

Alternative – Value Attribute … <KeyMaterial type="ByteString" value=" a6d134a855e25c8cd5e4ca d3c8"/>

Conclusion A simple and natural extension to Locate Should really have been there from the beginning

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.