Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Data Security and Digital Key Management
Transcript of Data Security and Digital Key Management
Data security depends on digital key management. Digital keys are used in encryption algorithms to protect data and to validate the integrity of data using digital signatures. They can also be used to validate the source of data (or a message) shared between two or more entities (people or devices). At the heart of every effective data security solution is an effective Digital Key Management solution.
Digital Key Management
In data security, digital keys are used to protect data and to prevent fraud. Digitals keys must be managed carefully to be effective.
Digital keys must be created using an approved Psuedo Random Number Generator (PRNG). This ensures they are not easily guessed. This is the process referred to as Compliant Key Generation, and is governed by industry standards.
Split knowledge refers to a procedural control which ensures no one person in your organization has full knowledge of your digital keys. Using split knowledge, each key officer is assigned a unique digital key. Key officers merge each of their key parts into a final key during a key loading ceremony, observed by a key administrator. The final result is protected in a Secure Cryptographic Device.
M of N Fragmentation
M of N Fragmentation expands on the split knowledge control by requiring a subset (value of M) in a larger pool (value of N) of key officers to be present during a key loading process. This greatly improves the manageability (and hence cost) of conducting a key loading ceremony.
Protecting Digital Keys
Once you have carefully loaded your key parts into a Secure Cryptographic Device, it is important to observe additional key protection practices. These include never exposing the key in clear form (unencrypted) outside of the Tamper Resistant Security Module (TRSM).
A TRSM (Tamper Resistant Security Module) is defined by industry standards such as FIPS 140-2 Level 3. This is a physical device designed to protect clear keys from being viewed by hackers. These devices are designed to withstand a number of physical attacks, including chemical, temperature and electromagnetic sensing. This is the core of a Secure Cryptographic Device. NIST manages a list of approved providers.