Sun Releases First Protocol for Encryption Key Interoperability

Because an increasing number of enterprises are considering encryption as an additional safeguard of their data, it's important to bear in mind that management of the keys that unlock encrypted data is as crucial as safeguarding the family jewels themselves.

After all, encrypted data is just as vulnerable as unencrypted data to sophisticated outside threats, if the keys are easy to locate and use.

To help make movement of these encryption keys more transferable and secure between systems, Sun Microsystems on Feb. 17 announced the open-source release of the first generic communication protocol between a key manager and an encrypting device.

This XML-based protocol enables a user of virtually any current encryption system to securely manage keys to the encrypted data across multivendor data centers, avoiding additional licensing fees and lots of hassle, Sun said.

The protocol is ideal for use in linked computing systems that bring vendors and their channel sales and supply chain partners into a so-called private cloud structure. Using the protocol, keys to encrypted data can be more easily secured and accessed by people in different organizations.

This source code is freely downloadable as part of a complete encryption tool kit now available at Sun's Open Solaris site.

Sun, as a member of the OASIS international IT standards committee, is currently working with other OASIS members to refine the proposal into a standard tool for cryptographic providers.

In the meantime, the protocol has been submitted to the IEE 1619 SISWG (Security in Storage Working Group) as a contribution to development of the P1619.3 Standard.

This protocol works in the following products: Sun StorageTek KMS 2.0 Key Manager; StorageTek T9840D, T10000A, T10000B enterprise drives; and Hewlett-Packard's StorageTek HP LTO4 drives that are shipped in Sun libraries.

A number of additional Sun partners are developing products based on this protocol, including EMC, whose RSA security division is considering releasing it as an option for the RKM (RSA Key Manager).

"We have made this [encryption interoperability protocol] available to our partners' key managers for about the last year or so," Piotr Polanowski, product encryption manager for Sun, told eWEEK. "We decided to go open source because it simplifies everything for people using it and licensing it.

"Sun's implementation of this is usually in a secure cluster of servers dedicated to key management—in particular for our many large enterprise customers," Polanowski said. "But this protocol can be used in many different configurations."