Presentation is loading. Please wait.

Presentation is loading. Please wait.

Server Side Wrap Operations

Published byMagnus Douglas Fletcher Modified over 6 years ago

Similar presentations

Presentation on theme: "Server Side Wrap Operations"— Presentation transcript:

1 Server Side Wrap Operations
A Proposal to Add or Modify Operations to Better Support Key Wrapping for KMIP 2.0 07 December 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

2 Why the Need? There are environments where managed objects must be maintained in a secure fashion even if served Use cases where a wrapped key meets security versus an unwrapped key include proxy servers for specific applications such as Smart Grid File Encryption Hardware Security Modules via a potentially non-secure File Servers What is in KMIP 1.x does not provide for maintaining security of keys Get allows wrapping of an object as it is server which is a good start! Rewrapping a managed object is not easy or possible without client getting clear text object at some point 29 June 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

3 Options Option 1 Option 2 Option 3
Add three new operations and replace existing painful methods Wrap – Wrap an existing Managed Object and return or register the result Unwrap – Unwrap an existing Managed Object and register the result Rewrap – Unwrap then Wrap a managed object and return or register the result Option 2 Add rewrap key and rewrap key pair operations Modify Create to wrap a created managed object Modify Register to wrap or unwrap a new managed object Add appropriate rewrap operation Option 3 Update Encrypt and Decrypt to work with existing managed objects Potentially overloads Encrypt and Decrypt operations although some vendors use encrypt/decrypt for wrap/unwrap operations already 29 June 2017 OASIS Key Management Interoperability Protocol Managed Object Wrapping Proposal

Download ppt "Server Side Wrap Operations"

Similar presentations

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
1 Data Transmissions Johanna Gerold October 22 nd, 2005.

1 Data Transmissions Johanna Gerold October 22 nd, 2005.
File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.

File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.

KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.

Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.

KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS Update on Windows 7 at CERN & Remote Desktop.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Update on Windows 7 at CERN & Remote Desktop.
6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.

6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.
Sumanth Nag Popuri.  Why do we need SIP ?  The protocol  Instant Messaging using SIP  Internet Telephony with SIP  Additional applications  Future.

Sumanth Nag Popuri.  Why do we need SIP ?  The protocol  Instant Messaging using SIP  Internet Telephony with SIP  Additional applications  Future.
1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)

1 NIST Key State Models SP Part 1SP (Draft)
SIP working group IETF#70 Essential corrections Keith Drage.

SIP working group IETF#70 Essential corrections Keith Drage.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Get Random Proposal John Leiseboer 11 October 2012.

Get Random Proposal John Leiseboer 11 October 2012.

Similar presentations

Ads by Google