1 / 6

HSM Management Use-case Summary

HSM Management Use-case Summary. KMIP F2F Sep 2012 Denis Pochuev denis.pochuev@safenet-inc.com. HSM Management Use-Cases. 3 Use-Cases Monitoring with MDO Keys Local Key Foundry with Key Wrapping Remote Key Foundry with MDO Keys. Visual Summary. HM-1 – Monitoring with MDO keys.

arin
Download Presentation

HSM Management Use-case Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev denis.pochuev@safenet-inc.com

  2. HSM Management Use-Cases 3 Use-Cases • Monitoring with MDO Keys • Local Key Foundry with Key Wrapping • Remote Key Foundry with MDO Keys

  3. Visual Summary

  4. HM-1– Monitoring with MDO keys • Xerxes logs into KMS • Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise • Xerxes lists attributes of keys on Partition 2A (partition A on HSM-2) • Xerxes queries the server for a list of keys across all HSM partitions that will expire in the next 2 weeks • Xerxes queries the server for a list of HSM partitions that have exhausted over 80% of their capacity • Alice uses her secure application, which results in a usage of an encryption key, stored on an HSM. This also results in an update to the key’s meta-data, which is propagated to the KMS where it can be observed by Xerxes

  5. HM-2: Local Key Foundry with Key Wrapping • Xerxes logs into KMS • Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise • Xerxes creates an AES-256 symmetric key on KMS using KMS HSM Management UI, which is subsequently imported to the Partition B on HSM-1 • Xerxes deactivates key KEY1 on KMS; KEY1’s state transition is replicated to Partition C of HSM-2 • Using KMS UI, Xerxes finds all DES keys associated with all registered HSMs and destroys them. All keys are destroyed on corresponding partitions across all registered HSMs • Xerxes clones the key material from an existing HSM partition (2A) to a new module using KMS UI

  6. HM-3: Remote Key Foundry with MDO Keys • Xerxes logs into KMS • Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise • Using KMS HSM Management UI, Xerxes creates an AES-256 symmetric key on Partition B on HSM-1 by sending an appropriate command to the HSM • Xerxes deactivates key KEY1 on Partition C of HSM-2 by modifying the state of KEY1, which gets reflected on HSM-2 • Using KMS UI, Xerxes finds all DES keys across all HSMs and destroys them • Note that all process flows in this use-case produce very similar results to the first 5 items in the use-case HM-2

More Related