Fandom

The IT Law Wiki

Key management

32,167pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

Key management (also cryptographic key management or CKM) is

[t]he activities involving the handling of cryptographic keys and other related security parameters (e.g., initialization vectors and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.[1]
[t]he generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy.[2]

Overview Edit

It is required when using cryptography to assure that one or more cryptographic keys are properly generated, that they are distributed where they are needed for cryptographic processing, and that they are stored securely so they are available when needed and not disclosed to unauthorized users or processes.

Key management has been identified as a major component of national cybersecurity initiatives that address the protection of information processing applications. Key management is needed for e-commerce, banking, air traffic control, the aerospace industry, defense, emergency first responders, the health care industry, the Internet (routing, DNSSEC, etc.), citizens and consumers.

Numerous problems have been identified in current key management methodologies, including the lack of guidance, inadequate scalability of the methods used to distribute keys and user dissatisfaction because of the "unfriendliness" of these methods.

References Edit

  1. FIPS 140-2.
  2. ITU, "Compendium of Approved ITU-T Security Definitizons," at 24 (Feb. 2003 ed.) (full-text).

See also Edit

Also on Fandom

Random Wiki