[FDE] Key management process / architecture [was: Question re risks of data loss with FDE]

[Allen]

coderman wrote:
> On 3/5/07, Michael Jardine <michael.jardine at usa.secude.com> wrote:
>> Most enterprise encryption software has key recovery that can be managed
>> through your admin.
> 
> i suppose this gets (back) to the heart of the matter: key management.

Actually there are a number of alternatives to key management 
that do not require connection to the net to recover data or lost 
keys.

There is a mechanism in one FDE product that allows key recovery 
with a string generated by a help desk person on a server after a 
user calls in information displayed on their screen. Can't recall 
exactly which of several products I looked at recently that does 
it that way.

There is another that supposedly can be done all locally by 
following a process that displays pre-boot. I haven't actually 
seen it in action so I don't know the details.

Then there is StrongAuth which does it by having multiple 
certificates stored on a machine so that even if the owner of the 
computer is killed or otherwise incapacitated, a person who has a 
certificate on the machine can access the common data. This would 
work very well in emergency services in that data entered by an 
EMT could be read by another EMT or other role that has higher 
privileges such as an emergency room nurse or doctor. I'm not 
totally clear on the process having only looked at the model.

In any case, you are both quite correct, IMHO, that key and 
identity management is really the sticky wicket, not the actual 
encryption part, because of human factors.

Best,

Allen