created by [email protected]
Data-centre operators would like to offer added-value services to their tenants. Managing the network infrastructure and inter-process connectivity could be such a service. However many tenants will be anxious to maintain control over their own credentials, which makes it difficult for the operator to manage authenticated connectivity between processes.
Enterprises would like to manage the key material controlling inter-process connectivity using the same systems that they use for managing disk encryption keys, message signing keys etc.
Operators of systems of low-cost nodes (e.g. IoT) would like to make connections to them secure but cannot afford to include features that support this (reliable time-of-day clocks, TPMs etc)
Intermediate organisations need to be able to give bounded access to third party services without revealing the identity of their customer. Disintermediation is a issue when access to systems can not be achieved without revealing the identity of the end user. Without intermediaries who can construct value propositions based on scale (e.g wholesalers / trusted intermediators to preserve anonymity for medical results).
In particular, the ability to transfer data between networks at different sensitivity levels (e.g. a trusted and an untrusted network) in a way that can be securely controlled and dynamically reconfigured to rapidly respond to external events. For example, the ability to check imported data from untrusted networks for malicious activity, e.g. malware, or to inspect exported data from sensitive networks to prevent accidental or deliberate release of sensitive data
The key management architecture makes it possible for the DC operator to initiate connections between processes (including those belonging to different tenants) without having access to or control over the tenant’s key material.
Capability access control gives the ability to have a secure token that provides transferable authentication/access control where the nature of the access control is embedded in the token itself. This permits, for example, a service wholesaler to give to its clients the ability to "spend" (to a limit) with another service (e.g. access to DAF or DIF while roaming) while not revealing the end user identity (reduces potential for unauthorised identity capture). Another use could be with sensitive personal information (e.g. medical test results) where access to the results themselves could be embedded within a capability which is passed, via a trusted intermediary, to the end user who can then access them preserving their anonymity.
The key management architecture makes it possible for the key material to be managed externally by the enterprise via KMIP
The key management architecture allows key management functions to be proxied to a central key manager on a trusted node. Compromising the low-cost node will not reveal key material stored on the trusted node