Welcome!

SAP Authors: Liz McMillan, Elizabeth White, Dana Gardner, Cynthia Dunlop, Carmen Gonzalez

News Feed Item

Key Management Interoperability Protocol (KMIP) 1.1 and KMIP Profiles 1.1 Become OASIS Standards

The OASIS international open standards consortium announced the approval of version 1.1 of the Key Management Interoperability Protocol (KMIP) Specification and KMIP Profiles. KMIP enables interoperable communication between cryptographic environments and key managers, reducing the operational, training, and infrastructure costs for key management in the enterprise. KMIP 1.1 and the related KMIP Profiles 1.1 are now official OASIS Standards, a status that signifies the highest level of ratification.

“The beauty of KMIP is that it delivers a single protocol that any cryptographic environment—tape drives, application encryption software development kits, database encryption applications—can use to talk to any key manager,” explained Robert Griffin of RSA, the security division of EMC, co-chair of the OASIS KMIP Technical Committee. “That means developers need to learn just one set of tools, and changes in key management strategy can be put in place without having to retrofit applications. The savings are tremendous.”

In addition to the main specification, KMIP Profiles define functionality sets that address specific scenarios (such as vaulting keys created within a storage environment). KMIP Profiles also define the authentication that must be used to ensure message confidentiality and integrity.

“It’s exciting to see how far we’ve come since we began work on KMIP in 2009,” said Subhash Sankuratripati of NetApp, who also co-chairs the OASIS KMIP Technical Committee. The group now includes representatives of more than 32 vendors and end user organizations from around the world. “KMIP is widely regarded as the key management interoperability solution, and version 1.1 has already been implemented in an array of products.”

Many of those products will be on display at the RSA Conference 2013 in San Francisco, 25-27 February 2013. Cryptsoft, Hewlett-Packard, IBM, QuintessenceLabs, Thales e-Security, Townsend Security, and Vormetric will demonstrate the full key management life-cycle including creating, registering, locating, retrieving, deleting, and transferring symmetric and asymmetric keys and certificates between the vendors’ systems. The demonstration builds on the substantial interoperability testing that was conducted throughout the development of KMIP 1.1.

KMIP 1.1 is offered for implementation on a royalty-free basis. Companies, non-profit groups, governments, academic institutions, and individuals are welcome to participate in the OASIS KMIP Technical Committee, which is currently working on version 1.2 of the specification. As with all OASIS projects, archives of the KMIP Technical Committee’s work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment.

Support for KMIP 1.1

Cryptsoft
“As a co-editor and key contributor to KMIP 1.1, Cryptsoft is committed to providing our OEM partners and customers with innovative, standards-based technologies and as such are pleased to support v1.1 of the OASIS KMIP specification. Building on the solid foundation of KMIP v1.0, version 1.1 of the specification further addresses the full spectrum of enterprise key management requirements across physical, virtual and cloud-based deployments.”
-- Tim Hudson, Chief Security Architect, Cryptsoft

HP
“As the foundation of data protection and governance, strong cryptography and key management controls are critical elements in any enterprise encryption strategy. With the approval of KMIP 1.1, organizations can more effectively apply encryption to protect sensitive data while reducing the costs associated with managing keys across the enterprise. HP recognizes the significance of this milestone and looks forward to continued partnership with OASIS in promoting industry consensus for global security and compliance.”
-- Frank Mong, VP & General Manager of Solutions, HP Enterprise Security

IBM
“Our clients are demanding open, interoperable solutions for securing their cloud environments. Through our collaboration with the other members of the KMIP Technical Committee, and by offering support for this important revision of the KMIP standard in our currently shipping offerings, IBM is working hard to deliver on our clients requirements.”
--Todd Moore, IBM Director for Interoperability and Partnerships, IBM

Thales e-Security
“This announcement is a great step forward on the road to making enterprise key management a reality. KMIP 1.1 allows organizations to develop a key management strategy that is independent of the numerous uses of encryption across their enterprise. As an originator of the KMIP standard, Thales is pleased to actively contribute to the OASIS Technical Committee and promote the KMIP standard worldwide.”
-- Bob Lockhart, Chief Solutions Architect Key Management, Thales e-Security

Vormetric
“KMIP is widely recognized as the leading industry standard protocol for key management between an encryption client and a key management server. This standard is seeing rapid industry adoption, and we are delighted to be demonstrating our support for OASIS KMIP at RSA Conference.”
-- Ashvin Kamaraju, VP of Product Development, Vormetric

Additional information:

OASIS KMIP Technical Committee:
http://www.oasis-open.org/committees/kmip/

KMIP 1.1 OASIS Standard:
https://www.oasis-open.org/standards#kmipspecv1.1

About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, Cloud computing, business transactions, Web services, Smart Grid, content management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries: http://www.oasis-open.org.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
Bit6 today issued a challenge to the technology community implementing Web Real Time Communication (WebRTC). To leap beyond WebRTC’s significant limitations and fully leverage its underlying value to accelerate innovation, application developers need to consider the entire communications ecosystem.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from hardware to software, or as we like to say, it’s an Internet of many different things. The difference ...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
"There is a natural synchronization between the business models, the IoT is there to support ,” explained Brendan O'Brien, Co-founder and Chief Architect of Aria Systems, in this SYS-CON.tv interview at the 15th International Cloud Expo®, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com), moderated by Ashar Baig, Research Director, Cloud, at Gigaom Research, Nate Gordon, Director of T...
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's platform-as-a-service. The new platform enables developers to build ap...

The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of ...
"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Focused on this fast-growing market’s needs, Vitesse Semiconductor Corporation (Nasdaq: VTSS), a leading provider of IC solutions to advance "Ethernet Everywhere" in Carrier, Enterprise and Internet of Things (IoT) networks, introduced its IStaX™ software (VSC6815SDK), a robust protocol stack to simplify deployment and management of Industrial-IoT network applications such as Industrial Ethernet switching, surveillance, video distribution, LCD signage, intelligent sensors, and metering equipment. Leveraging technologies proven in the Carrier and Enterprise markets, IStaX is designed to work ac...
C-Labs LLC, a leading provider of remote and mobile access for the Internet of Things (IoT), announced the appointment of John Traynor to the position of chief operating officer. Previously a strategic advisor to the firm, Mr. Traynor will now oversee sales, marketing, finance, and operations. Mr. Traynor is based out of the C-Labs office in Redmond, Washington. He reports to Chris Muench, Chief Executive Officer. Mr. Traynor brings valuable business leadership and technology industry expertise to C-Labs. With over 30 years' experience in the high-tech sector, John Traynor has held numerous...
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.