Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
Transition 7: Some applications will require that access be preserved for a period of time,<br />
and then the keying material may be destroyed. When it is clear that a key in<br />
the post-operational phase is no longer needed, it may transition to the<br />
destroyed phase.<br />
The combination of key states and key phases is illustrated in Figure 5. The pre-operational and<br />
operational phases contain only one state each, while the post-operational and destroyed phases<br />
have two states each.<br />
Pre-<br />
Activation<br />
Active<br />
(Protect Only<br />
Process Only<br />
Protect and Process)<br />
Deactivated<br />
(Process Only)<br />
Destroyed<br />
Pre-Operational Phase<br />
Operational Phase<br />
Compromised<br />
(process only)<br />
Post-Operational Phase<br />
Destroyed<br />
Compromised<br />
Destroyed Phase<br />
Figure 5: Key management states and phases<br />
The following subsections discuss the functions that are performed in each phase of key<br />
management. A key management system may not have all identified functions, since some<br />
functions may not be appropriate. In some cases, one or more functions may be combined, or the<br />
functions may be performed in a different order. For example, a system may omit the postoperational<br />
phase if keys are never archived and compromised keys are immediately destroyed.<br />
In this case, keys would move from the operational phase directly to the destroyed phase.<br />
91