当前位置:首页 > 报告详情

OCP LOCK_Caliptra 2.1 和 MEK-MPA 用例.pdf

上传人: 明**** 编号:1011625 2025-12-21 20页 1.12MB

1、Lee Prewitt,Director Cloud Hardware Storage,MicrosoftJeff Andersen,Senior Staff Engineer,GoogleCharles Kunzman,Staff Engineer,GoogleTCG MEK Multiparty Authorizationwith OCP L.O.C.K.TCG MEK Multiparty Authorization with OCP L.O.C.K.Lee Prewitt,Director Cloud Hardware Storage,MicrosoftJeff Andersen,Se

2、nior Staff Engineer,GoogleCharles Kunzman,Staff Engineer,GoogleStoragePanel DiscussionLee PrewittDirector Cloud Hardware Storage,MicrosoftJeff AndersenSenior Staff Engineer,GoogleCharles KunzmanStaff Engineer,GoogleMultiparty Authorization Use CaseTCG Opal:MEK Multiparty Authorization Feature Set Co

3、ncepts(MEK MPA)Walkthrough of Provisioning TCG MEK MPA for Global RangeOCP L.O.C.K.Key Management Block OverviewProtection KeysMEK GenerationHow OCP L.O.C.K.Supports Implementation of TCG MEK MPAPanel Q&AAgendaModern software deployment stacks can include many system layers,and data security respons

4、ibilities may be split across those layers.As a hypothetical example,a Cloud Service Provider(CSP)may own security verification of hardware and firmware components on a machine hosting a customer Virtual Machine(VM),while the customer may have internal authentication and authorization services for d

5、ata access running in the VM.Each entity should be able to independently authorize data access without needing to entrust data security secrets to another party.Multiparty Authorization Use CaseMedia Encryption Keys(MEKs)encrypt all data in LBAs covered by a Locking range.MEKs are modeled as the Key

6、 column of the K_AES_256 object table.Data covered by a Locking range is only accessible when either the ReadLockedor WriteLocked columns of a Locking object are set to False.TCG Opal:MEK Management ConceptsMEK MPA adds a new AccessConditionscolumn to the K_AES_256 object table.AccessCondition objec

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **讨论主题**:存储安全,特别是多方授权和密钥管理。 - **参与者**:Lee Prewitt(微软)、Jeff Andersen(谷歌)、Charles Kunzman(谷歌)。 - **核心概念**: - **TCG™ Opal MEK MPA**:多党授权使用案例,包括MEK管理、HPKE证书和密钥生成。 - **OCP L.O.C.K.**:分层开源密钥管理,包括密钥管理块(KMB)、数据保护密钥(DPK)、多方保护密钥(MPK)和纪元保护密钥(EPK)。 - **关键点**: - MEK用于加密数据,而DPK、MPK和EPK用于密钥管理和保护。 - OCP L.O.C.K.支持TCG™ MEK MPA的实施。 - 提供了MEK生成和密钥管理的详细步骤。 - 强调了在存储产品中集成Caliptra 2.1和OCP L.O.C.K.的重要性。
"MEK MPA如何提升数据安全?" "OCP L.O.C.K.如何管理MEK?" "HPKE证书在MEK MPA中起什么作用?"
客服
商务合作
小程序
服务号
折叠