Sun Releases First Protocol for Encryption Key Interoperability

By Chris Preimesberger  |  Posted 2009-02-18 Print this article Print

The first generic communication protocol between a key manager and an encrypting device enables a user of virtually any data encryption system to securely manage keys to the encrypted data across multivendor data centers, avoiding additional licensing fees and lots of hassle, Sun says.

Because an increasing number of enterprises are considering encryption as an additional safeguard of their data, it's important to bear in mind that management of the keys that unlock encrypted data is as crucial as safeguarding the family jewels themselves.

After all, encrypted data is just as vulnerable as unencrypted data to sophisticated outside threats, if the keys are easy to locate and use.

To help make movement of these encryption keys more transferable and secure between systems, Sun Microsystems on Feb. 17 announced the open-source release of the first generic communication protocol between a key manager and an encrypting device.

This XML-based protocol enables a user of virtually any current encryption system to securely manage keys to the encrypted data across multivendor data centers, avoiding additional licensing fees and lots of hassle, Sun said.

The protocol is ideal for use in linked computing systems that bring vendors and their channel sales and supply chain partners into a so-called private cloud structure. Using the protocol, keys to encrypted data can be more easily secured and accessed by people in different organizations.

This source code is freely downloadable as part of a complete encryption tool kit now available at Sun's Open Solaris site.

Sun, as a member of the OASIS international IT standards committee, is currently working with other OASIS members to refine the proposal into a standard tool for cryptographic providers.

In the meantime, the protocol has been submitted to the IEE 1619 SISWG (Security in Storage Working Group) as a contribution to development of the P1619.3 Standard.

This protocol works in the following products: Sun StorageTek KMS 2.0 Key Manager; StorageTek T9840D, T10000A, T10000B enterprise drives; and Hewlett-Packard's StorageTek HP LTO4 drives that are shipped in Sun libraries.

A number of additional Sun partners are developing products based on this protocol, including EMC, whose RSA security division is considering releasing it as an option for the RKM (RSA Key Manager).

"We have made this [encryption interoperability protocol] available to our partners' key managers for about the last year or so," Piotr Polanowski, product encryption manager for Sun, told eWEEK. "We decided to go open source because it simplifies everything for people using it and licensing it.

"Sun's implementation of this is usually in a secure cluster of servers dedicated to key management-in particular for our many large enterprise customers," Polanowski said. "But this protocol can be used in many different configurations."

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel