Add to my Schedule Session Block—Standards and Applications
09 Sep 2019 02:20 PM - 02:40 PM (UTC)
20190909T1420 20190909T1440 UTC Using KMIP and PKCS #11 for Data Protection The OASIS Key Management Interoperability Protocol standard defines a protocol for key management client and server communication. KMIP is now implemented in a large range of applications and devices ... Transforming Privacy Law into Practice | 9-10 September | University of Oxford events@oasis-open.org

The OASIS Key Management Interoperability Protocol standard defines a protocol for key management client and server communication. KMIP is now implemented in a large range of applications and devices providing interoperable key management for cryptographic protection of data.


The OASIS PKCS #11 standard defines an API supported by most Hardware Security Modules and smart cards. PKCS #11 provides an interoperable means of accessing key management and cryptographic operations in a very large range of applications and devices. Combining PKCS #11 with KMIP provides a secure, flexible, standards-based means for accessing key management and cryptographic operations in support of GDPR.


An overview of how these standards are used to protect sensitive data in disk storage, databases, file systems, applications and the cloud will be presented. Real-world examples will be used to demonstrate ease of use and breadth of coverage.


Presentation outline:

  • What is OASIS KMIP?
  • What is OASIS PKCS #11?
  • Using PKCS#11 and KMIP together
    Examples of use
    - Protecting secrets with Hashicorp Vault
    - Transparent data encryption with Oracle, MySQL, MongoDB and DB2
    - Storage encryption with HPE 3Par and Netapp ONTAP
    - Java PKCS #11 provider
    - Using PKCS #11 with SSH
    - Protecting VM images and VSAN with VMware
    - Certificate Management with AppViewX
    - Persistent data encryption with PKWARE Smartcrypt