HP, IBM push new KMIP encryption key standard

Key Management Interoperability Protocol is seen as one way to replace the hodgepodge of different encryption-key management products out there

A group of industry vendors, led by IBM, Hewlett-Packard, and EMC, is proposing a new standard to make their encryption management software work together.

Called the Key Management Interoperability Protocol (KMIP), the standard is being proposed through OASIS (Organization for the Advancement of Structured Information Standards), the consortium best known for its development of Web-services standards.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

On Thursday, OASIS is expected to announce that it has created a KMIP Technology Committee to produce the final specification for the standard. The committee will meet for the first time on April 24, but KMIP has been quietly under development for more than a year. It is also supported by Brocade, LSI, Seagate, and Thales.

Backers see it as one way to replace the hodgepodge of different encryption-key management products out there. Today, IT staff must use different key management systems to control who gets access to different parts of the network. One system might be used for e-mail encryption, a second for storage, and a third for the database. "The scope of the standard is very broad," said Mark Schiller, a director with HP's Security Office. "It will work for just about any type of device you can imagine."

KMIP's backers say their standard will be "complementary" to existing key management standards such as the storage-focused IEEE 1619.3 and the OASIS EKMI XML standard.