Volume 13, Number 7 -- March 5, 2013

Townsend Adopts KMIP for License Key Interoperability

Published: March 5, 2013

by Alex Woodie

Townsend Security is close to shipping a new version of Alliance Key Manager that includes support for Key Management Interoperability Protocol (KMIP), a new standard designed to provide a single method for accessing and managing encryption keys. KMIP support is important for building uniformity into encryption routines. But its usefulness in IBM i environments is limited at this point.

KMIP was first thought up several years ago by a group of security software vendors to provide a standard interface for connecting the encryption key management and generation programs with the encryption routines that consume encryption keys in critical business systems. The standard was deemed necessary due to the proprietary interfaces that various vendors had created to manage the keys. Organizations feared that their adoption of these proprietary interfaces would hinder their ability to switch key management vendors, thereby increasing vendor lock-in.

Townsend Security is one of the vendors utilizing proprietary communication protocols with Alliance Key Manager, its encryption key management system that was first unveiled in December 2008. Deployed as a hardened appliance, Alliance Key Manager provides a secure central repository for creating, managing, importing, exporting, and destroying symmetric encryption keys that organizations use in all major platforms, including IBM i.

Patrick Townsend, CEO of the Olympia, Washington, company, is all in favor of KMIP. "The industry as a whole needed standards around key retrieval. There's just no question about that," he tells IT Jungle. "You had a small number of vendors all with proprietary interfaces, and I think customers suffered a bit of pain around vendor lockin because there were no standards."

While Townsend designed its software in a way that implements key management the proper way, not all vendors have done so, which helps make the case for KMIP, Townsend says. "It will help for a number of reasons," he says. "It will simplify integration with key management systems. The obvious benefit is there will be more applications that do key management properly. That means that our applications will get more secure over time."

However, don't expect IBM i shops to benefit from KMIP any time soon. That's because many of the places where IBM i shops want to utilize encryption--in the DB2 for i database and LTO tape drives--do not recognize KMIP at this time. A similar issue is faced when accessing keys in Microsoft SQL Server and other enterprise Windows applications.

Townsend explains: "If you look at field proc, which is new in IBM i 7.1, the folks up in Rochester started working on field proc before the KMIP committee was even formed. But that's not a KMIP standard. There's nothing within field proc that supports the KMIP standard for encryption key retrieval and encryption. There's a published API by IBM for field proc. But it does not incorporate and does not use KMIP."

Likewise, LTO drives also do not recognize KMIP, and use a separate mechanism for accessing encryption keys when a user encrypts his data using the encryption algorithms built into the LTO drives. Townsend points out that IBM was a founding member of both the LTO group and the KMIP committee at IT standards group OASIS; LTO co-founders Hewlett-Packard and the tape division of Seagate (spun out as Certance and now part of Quantum) also were founders of KMIP. And yet even LTO 6, the latest specification of the Linear Tape-Open standard, doesn't support KMIP.

"So we're still early phase in KMIP adoption," Townsend continues. "In these cases, we're creating key retrieval solutions based on a particular vendor's interface, and in many cases, that's not KMIP today. The standard is relatively new. Version 1.1 is adopted and that's what we'll support in our release. But still the community of our vendors who are working with the standard, are still developing it. In fact, there is already a draft update to the standard. So this is an ongoing process."

Townsend Security today sits on the KMIP committee at OASIS, and will assist in helping to drive the standard forward to support additional functionality. Townsend identified several areas that the KMIP committee is looking at in the areas of onboard encryption and decryption, hashing, and digital signatures. "It will take some time--who knows how many years--before the industry as a whole adopts KMIP interfaces in their technology. That needs to happen before enterprise customers really benefit from it."

KMIP support will be included in Alliance Key Manager version 3.0, which Townsend expects to ship in about 30 days. For more information, see www.townsendsecurity.com.


Thales Key Manager Lowers Barriers to Encryption

New Encryption Key Management Standard Posited by Vendors

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

The 4 Keys to RPG Application
Modernization Success

Live Webinar featuring Brian May

March 20, 2013 | 10:00-11:00 AM PST


Learn how to unlock extraordinary IBM i applications
and become an RPG hero with the right tools!
IBM Champion Brian May will demonstrate the
four key qualities to look for in a tool
when modernizing your applications for
the Web and mobile devices.

Register now!

Editor: Alex Woodie
Contributing Editors: Dan Burger, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Profound Logic Software:  Live Webinar: 4 RPG Keys to Application Modernization Success. March 20
BCD:  IBM i Webinar - March 7. Jumpstart Web App Development with WebSmart Mobile
looksoftware:  Free Live Webcast: HTML5 & IBM i - Connect, Discover, Create. March 12 & 13


More IT Jungle Resources:

System i PTF Guide: Weekly PTF Updates
IBM i Events Calendar: National Conferences, Local Events, and Webinars
Breaking News: News Hot Off The Press
TPM @ The Reg: More News From ITJ EIC Timothy Prickett Morgan

The Four Hundred
Entry Power7+ Servers: Those 720+ and 740+ Boxes Are Gonna Cost Ya

Power7 Is The End Of The Line For Power Blades

Enthusiasm, Persistence, And The IBM i Payoff

Mad Dog 21/21: If You Want Cheap Cloud Backup, Raise Your ARM

The Server Racket Holds Its Own In The Fourth Quarter

Four Hundred Guru
Stored Procedure Parameter Defaults And Named Arguments In DB2 For i

New CL String-Handling Functions

Getting Short-Term Maintenance For Your Power i Machine

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
March 2, 2013: Volume 15, Number 9

February 23, 2013: Volume 15, Number 8

February 16, 2013: Volume 15, Number 7

February 9, 2013: Volume 15, Number 6

February 2, 2013: Volume 15, Number 5

January 26, 2013: Volume 15, Number 4

TPM at The Register
SGI rejigs financing ahead of possible asset sale

The server racket recovers from the Great Recession
Rackspace swallows ObjectRocket for MongoDB smarts

Revolution weaves predictive analytics into Hortonworks Hadoop

Intel takes on all Hadoop disties to rule big data munching

Inside Intel's deal to let FPGA biz Altera use its 22nm TriGate fabs

Cloudera sends in the auditors for Hadoop

EMC morphs Hadoop elephant into SQL database Hawq

Mellanox pumps up channel for InfiniBand, Ethernet pushes

IBM skips BladeCenter chassis with Power7+ rollout

Unisys re-ups $650m deal to look after US taxman's big iron

Rackspace cuts network bandwidth prices on its cloud


ProData Computer Services
Profound Logic Software
United Computer Group, Inc.

Printer Friendly Version

BCD Waves its Modernization Wand with Presto 4.5

McAfee Works with Raz-Lee to Monitor DB2 for i

Bytware Becomes More Friendly to LPM with Messenger Product

Townsend Adopts KMIP for License Key Interoperability

Spinnaker Nabs Former Rimini Executive

News Briefs and Product Shorts:

ARCTOOLS Gains JD Edwards Validations . . . Lieberman Goes Super Secret with Privileged Passwords . . . Private Clouds Growing at a 50 Percent Clip, IDC Says . . . Polaris Chooses IntelliChief for Office Automation . . . OKI Data to Carry Brooks Print Converters . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2013 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement