Thales Blog

There’s A New Sheriff In Town And His Name Is KMIP

March 1, 2012

At this week’s RSA Conference 2012 in San Francisco – the world’s leading security event – one of the buzz attractions is the leading IT vendors who have come together to demonstrate KMIP, a new standards-based protocol for key management. Who, or rather what, is KMIP?

The Key Management Interoperability Protocol, often simply known by the acronym of KMIP, promises a common specification that allows embedded encryption-enabled applications (clients) to securely interoperate with key management servers that have each implemented the standard.

Driven by OASIS as part of an international consortium, the KMIP Interop, happening live on the RSA expo floor, provides a working snapshot of how this enterprise key management protocol functions in a multi-vendor environment. In Booth #128, clients from Cryptsoft, IBM, NetApp, and SafeNet communicate securely with key management servers from Cryptsoft, IBM, Quintessence Labs, SafeNet, and Thales. The clients and servers demonstrate the full key management lifecycle including creating, registering, locating, retrieving, deleting, and transferring symmetric and asymmetric keys and certificates between vendor systems. Both the fully ratified KMIP 1.0 OASIS Standard and the KMIP 1.1 Committee Draft specification are being shown.

The first day response was very positive, drawing the attention of similar leading IT vendors who are now at various stages of building KMIP protocol support into new and existing crypto-enabled applications and devices. Thales, being one of the original founders of the KMIP specification over three years ago is a strong supporter of KMIP and is again demonstrating industry leadership by showcasing its high assurance key management appliance, keyAuthority.

As the use of encryption continues to increase across multiple enterprise applications it is important to ensure data is not only secure but also available when needed. Enterprise key management will therefore become a more pressing issue and KMIP 1.1 will be a catalyst for growth of this market.

Ultimately KMIP adoption will benefit customers who demand high assurance key management that can scale across diverse enterprise crypto applications by delivering a consistent security framework that is easy to maintain and audit, while reliably implementing standards of due care for data protection and security risk management. The emergence of new KMIP-enabled applications has only just begun, both within traditional IT environments and beyond into various new infrastructure applications. We expect exciting times ahead as KMIP client/server solutions are announced from Thales and other vendors.