Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)

Published byOliver Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)"— Presentation transcript:

1 1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)

2 2 KMIP Key Role Types Key Role Type 1.1 Key Role Type KMIP NameDescriptionValue BDKBase Derivation Key00000001 CVKCard Verification Key00000002 DEKData Encryption Key00000003 MKACApplication Cryptograms00000004 MKSMCSecure Messaging for Confidentiality00000005 MKSMISecure Messaging for Integrity00000006 MKDACData Authentication Code00000007 MKDNDynamic Numbers00000008 MKCPCard Personalization00000009 MKOTHOther0000000A KEKKey Encryption or Wrapping Key0000000B 16609ISO 16609 MAC Algorithm 10000000C 97971ISO 9797-1 MAC Algorithm 10000000D 97972ISO 9797-2 MAC Algorithm 20000000E 97973ISO 9797-3 MAC Algorithm 30000000F 97974ISO 9797-4 MAC Algorithm 400000010 97975ISO 9797-5 MAC Algorithm 500000011 ZPKPIN Block Encryption Key00000012 PVKIBMPIN Verification Key, IBM 362400000013 PVKPVVPIN Verification Key, Visa PVV00000014 PVKOTHPIN Verification Key, Other00000015 ExtensionsFuture or Vendor Specific Use8XXXXXXX Proposal for 1.2 Key Role Type KMIP NameDescriptionValue BDKBase Derivation Key00000001 CVKCard Verification Key00000002 DEKData Encryption00000003 MKACApplication cryptograms00000004 MKSMCSecure Messaging for Confidentiality00000005 MKSMISecure Messaging for Integrity00000006 MKDACData Authentication Code00000007 MKDNDynamic Numbers00000008 MKCPCard Personalization00000009 MKOTHOther0000000A KEKKey Encryption or wrapping0000000B 16609ISO 16609 MAC algorithm 10000000C 97971ISO 9797-1 MAC Algorithm 10000000D 97972ISO 9797-1 MAC Algorithm 20000000E 97973ISO 9797-1 MAC Algorithm 30000000F 97974ISO 9797-1 MAC Algorithm 400000010 97975ISO 9797-1 MAC Algorithm 500000011 ZPKPIN Encryption00000012 PVKIBMPIN verification, IBM 362400000013 PVKPVVPIN Verification, VISA PVV00000014 PVKOTHPIN verification, KPV, other algorithm00000015 DUKPTDUKPT Initial Key (also known as IPEK)00000016 IVInitialization Vector (IV)00000017 KBPKTR-31 Key Block Protection Key00000018 ExtensionsFuture or Vendor Specific Use8XXXXXXX

3 3 KMIP Profiles  Purpose is to define what any implementation of the specification must adhere to in order to claim conformance  Define the use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction  Define a set of normative constraints for employing KMIP within a particular environment or context of use  Optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors (e.g. Server & Client)  Defined OASIS Profiles  Profiles are further qualified by authentication suite  TLS V1.0 / V1.1 / V1.2 or similar  External Profile in development – (Not OASIS developed)  INCITS T10 profile – Fibre Channel Security Protocol v2.0 (FCSP2)

4 4 Defining Profiles  Server requirements (required)  Includes all objects, operations and attributes that a client can access  Defined down to all required components of those objects, operations and attributes Even if optional in KMIP specification, it can be required in a profile  Definition of any extensions and how they are to be used  Client requirements (optional)  What are the bare minimum requirements for a Client to claim conformance e.g. Must support get of a symmetric key using unique identifier  Can be a single statement Basically states that support of any operation, object and attributes that are supported by the server and you can be conformant  Protocol requirements (recommended)  Wire protocol KMIP messaging uses (e.g. SSL 3.0, TLS v1.2, FCSP, etc…)  Authentication requirements (recommended)  Certificates, user ID/password, mutual authentication, DH-CHAP, etc…  Interoperability Requirements (recommended)  How to prove conformance either as part of the profile or as a separate Test Case guide  Use Cases (recommended)  How objects, operations and attributes are to be used with message examples

Download ppt "1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Overview of the SDE Protocol Presented by Ken Alonge Chair,
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Www.thales-esecurity.com Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.

Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Secure Socket Layer.

Secure Socket Layer.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.

Chapter 8 Web Security.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

Similar presentations

Ads by Google