Tech companies submit crypto standard to Oasis

Seven technology companies have developed a specification that the group hopes will improve encryption-key management interoperability
Written by Tom Espiner, Contributor

A group of technology companies has submitted a specification for encryption-key management to the standards body Oasis.

The group, which includes IBM, Seagate, HP, EMC, Thales, LSI and Brocade, announced the submission of the specification to the open standards body on Thursday. The specification, called the Key Management Interoperability Protocol (KMIP), is designed to improve interoperability between encryption and key-management systems for laptops, storage, databases and applications, according to a statement produced by the group.

"Companies often deploy separate encryption and key-management systems for different business uses, and until now cumbersome — often manual — efforts were necessary to generate, distribute, vault, expire and rotate encryption keys," the statement read. "This has resulted in increased costs for IT, difficulty meeting audit and compliance requirements, and lost data."

All the companies in the group have said they will participate in the ongoing development of the specification.

Oasis welcomed the submission of the specification in the statement, and called on other technology companies to become involved in the development of the specification into a standard.

"The IT community is asking for open standards and interoperability to help meet the increasing demand for encryption," said Laurent Liscia, executive director of Oasis. "We applaud Brocade, HP, IBM, LSI, RSA, Seagate and Thales for choosing to advance KMIP through the open-standards process, and we encourage others in the security community — both users and providers — to participate in the standardisation of this very important work."

Cryptographic interoperability is becoming increasingly important to businesses, as demonstrated by the publication in January of a storage cryptographic standard by the Trusted Computing Group.

Editorial standards