09 Sep 2019
Session Block—Standards and Applications 14:20 - 14:40

The OASIS Key Management Interoperability Protocol standard defines a protocol for key management client and server communication. KMIP is now implemented in a large range of applications and devices providing interoperable key management for cryptographic protection of data.

The OASIS PKCS #11 standard defines an API supported by most Hardware Security Modules and smart cards. PKCS #11 provides an interoperable means of accessing key management and cryptographic operations in a very large range of applications and devices. Combining PKCS #11 with KMIP provides a secure, flexible, standards-based means for accessing key management and cryptographic operations in support of GDPR.

An overview of how these standards are used to protect sensitive data in disk storage, databases, file systems, applications and the cloud will be presented. Real-world examples will be used to demonstrate ease of use and breadth of coverage.

Presentation outline:

  • What is OASIS KMIP?
  • What is OASIS PKCS #11?
  • Using PKCS#11 and KMIP together
    Examples of use
    - Protecting secrets with Hashicorp Vault
    - Transparent data encryption with Oracle, MySQL, MongoDB and DB2
    - Storage encryption with HPE 3Par and Netapp ONTAP
    - Java PKCS #11 provider
    - Using PKCS #11 with SSH
    - Protecting VM images and VSAN with VMware
    - Certificate Management with AppViewX
    - Persistent data encryption with PKWARE Smartcrypt

QuintessenceLabs Pty Ltd
Chief Technology Officer


Discussion not started yet.