Thales Blog

Awesome Stuff With KMIP, OASIS And PKCS11 @ The RSA Conference

February 13, 2014

The RSA Conference is fast approaching, and along with everyone else in the industry, we’re busy getting ready for it. Demos are being put together, booths are undergoing last minute refinements, and everyone is frantically signing up for badges. This year, we’re going to be in multiple booths. In addition to our very own Vormetric spaces (booth 2614 in the North Hall and booth 515 in the South Hall), we’re also going to be present in the Intel booth (booth 3203) and the OASIS booth (booth 1909). We’d like to spend a little time talking about that last booth – OASIS – in this blog post.

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit consortium that brings people together to agree on intelligent ways to exchange information over the Internet and within their organizations. We are expanding our OASIS presence -- in addition to KMIP (Key Management Interoperability Protocol,) for the first time in 2014, we are also part of a new standards committee for PKCS#11 (Cryptoki).

KMIP is a standard that describes a wide range of key management operations. Examples of this include create a key, locate a key, and destroy a key. KMIP is a wire protocol, with no installation of client-side software or library required. Version 1.0 of the KMIP standard was ratified in 2010, and version 1.1 was ratified in 2013. Last year was Vormetric’s first year in the KMIP booth, and we’re pleased to be able to participate again.

PKCS #11 is an old standard in the Public-Key Cryptography Standards (PKCS) family. However, it was just put under the auspices of OASIS last year, and this will be its first showing at the RSA Conference. Vormetric joined the PKCS#11 OASIS committee when it was formed. Like KMIP, It defines a platform-independent set of APIs to cryptographic tokens that manage the most commonly used cryptographic object types (AES-256 symmetric keys, RSA keypairs) and functions needed to manage and use these objects. These functions include create, delete, encrypt and decrypt. Frequently, PKCS#11 is used to interact with a local cryptographic device or smart card. Our customers can use Vormetric’s PKCS#11 provider to directly interact with our Data Security Manager.

Together, these APIs allow us to be the “one-stop-shop” of data security. We perform key management as well as cryptographic functions to protect our customers’ data and manage their security policies. We are excited to be part of this technical committee, to work with other leaders to further these standards and promote collaboration across the industry.

Come see us in the OASIS booth!

- Janice Cheng and Mike Yoder