Presentation is loading. Please wait.

Presentation is loading. Please wait.

HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

Published byGerard Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev"— Presentation transcript:

1 HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev denis.pochuev@safenet-inc.com

2 2 HSM Management Use-Cases 3 Use-Cases Monitoring with MDO Keys Local Key Foundry with Key Wrapping Remote Key Foundry with MDO Keys

3 3 Visual Summary

4 4 HM-1 – Monitoring with MDO keys  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Xerxes lists attributes of keys on Partition 2A (partition A on HSM-2)  Xerxes queries the server for a list of keys across all HSM partitions that will expire in the next 2 weeks  Xerxes queries the server for a list of HSM partitions that have exhausted over 80% of their capacity  Alice uses her secure application, which results in a usage of an encryption key, stored on an HSM. This also results in an update to the key’s meta-data, which is propagated to the KMS where it can be observed by Xerxes

5 5 HM-2: Local Key Foundry with Key Wrapping  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Xerxes creates an AES-256 symmetric key on KMS using KMS HSM Management UI, which is subsequently imported to the Partition B on HSM-1  Xerxes deactivates key KEY1 on KMS; KEY1’s state transition is replicated to Partition C of HSM-2  Using KMS UI, Xerxes finds all DES keys associated with all registered HSMs and destroys them. All keys are destroyed on corresponding partitions across all registered HSMs  Xerxes clones the key material from an existing HSM partition (2A) to a new module using KMS UI

6 6 HM-3: Remote Key Foundry with MDO Keys  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Using KMS HSM Management UI, Xerxes creates an AES-256 symmetric key on Partition B on HSM-1 by sending an appropriate command to the HSM  Xerxes deactivates key KEY1 on Partition C of HSM-2 by modifying the state of KEY1, which gets reflected on HSM-2  Using KMS UI, Xerxes finds all DES keys across all HSMs and destroys them  Note that all process flows in this use-case produce very similar results to the first 5 items in the use-case HM-2

Download ppt "HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev"

Similar presentations

KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1.

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
IS 302: Information Security and Trust Week 4: Asymmetric Encryption

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Conner Hansen Alex Summer Andreas Floeck Safe Message System.

Conner Hansen Alex Summer Andreas Floeck Safe Message System.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Accounting Management IACT 918 April 2005 Glenn Bewsell/Gene Awyzio SITACS University of Wollongong.

Accounting Management IACT 918 April 2005 Glenn Bewsell/Gene Awyzio SITACS University of Wollongong.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.

KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Distributed Databases

Distributed Databases
Understanding Active Directory

Understanding Active Directory
Irwin/McGraw-Hill Copyright © 2000 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS5th Edition.

Irwin/McGraw-Hill Copyright © 2000 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS5th Edition.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Illustration Assets for KMIP Use Case Document. Users.

Illustration Assets for KMIP Use Case Document. Users.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

Similar presentations

Ads by Google