NAVER CLOUD PLATFORM

For Platform 2.0 Only

Key Management Service

고객의 중요 정보 암호화에 사용된 키를 고객이 설정한 보안 정책에 따라 엄격히 관리하고 안전하게 보호할 수 있습니다.

Safe Protection and Management of the Data Encryption Key

Key Management Service provides various features to closely and safely protect encryption keys for your convenience.
Protect your encryption key using the convenient management features of Key Management Service

Hierarchical Key Management
Encryption key management is vital for data protection. Key Management Service allows hierarchical management of the keys for a safe management of encryption keys. Protect up to 32KB of credentials using the master key (MK) managed by Key Management Service.
Compliance of Key Management Standards
Key Management Service manages keys according to domestic and foreign encryption key management standards. Key Management Service blocks the sources of all unauthorized access according to the access control policy standards set by the customer, and guarantees confidentiality and integrity of the system according to the root key management process that is physically isolated for enhanced security.
Easy Management Feature
You can easily manage permissions on the key by linking with subaccount management. On top of that, you can set the periodic key rotation according to the recommended standard of encryption and perform key audit using the key usage history monitoring feature. You can also manage the life cycle of the encryption key using the status management feature.
High Availability Infrastructure with Safety
Key Management Service operates on a high availability system designed for a reliable service. The locally distributed system guarantees a reliable service under any environment and has added safety by blocking all unauthorized access via the internal encryption.

Detailed Features

NAVER CLOUD PLATFORM Key Management Service provides various features to provide an easy solution for encrypted key protection. Using Key Management Service, you can easily take care of key management, such as creation, rotation, status management, or disposal. You can utilize the strict management procedure for the protection of encryption keys or up to 32KB of credentials.
In addition, you can easily implement hierarchical key management by using the key, which is the safety managed in the cloud system, as the master key.

Overview of Data Encryption · Decryption using NAVER CLOUD PLATFORM Key Management Service

Customers who need Key Management Service

  • All developers in need of a safe data protection using encryption and a safe key management process.
  • Security administrators and auditors in need of easy and convenient management features, such as setting key permissions or viewing usage history.

Detailed Features

Use of Key: Protection of Credentials

Key Management Service protects not only keys but also all credentials that require guarantee of confidentiality. Here, credential refers to all cryptographic data required for data protection, such as DK and password. With Key Management Service, you can safely protect DK and credentials. MK uses the AES256 encryption of symmetric key method to protect credentials of up to 32KB.

Use of Key: Signature and Verification

For public key encryption method, the signature and verification feature for authentication and non-repudiation is difficult to implement together with the management of private keys. However, if you create a Key Management Service management key with ECDSA, you can easily gain signature and verification value of up to 8KB.

Access Control by Each Key

Key Management Service carries out the role-based access control (RBAC) based on the role policy for each key. You can set up access control on the key by assigning roles for key usage on the subaccount. Try assigning the roles for key usage based on the minimum permissions rule.

Key Life Cycle

Encryption keys must be managed based on a consistent standard. It must be renewed by rotating on a fixed cycle and the keys that are no longer in use must be disabled or discarded as a means to prevent against an encryption based attack. Key Management Service provides features for easy manage of status for each key.

Detailed Features of Hierarchical Key Management

Hierarchical management is important for a safe key management. In the NAVER CLOUD PLATFORM Key Management Service, the encrypted data is called a data key (DK) and a key that has encrypted DK is called a master key (MK). Manage your MK with Key Management Service. With Key Management Service, you can easily implement the safe 'envelope encryption' method. Also the internal system key of a customer, called a root key, is used for management in a strictly encrypted condition.

Strict Internal Access Control

If a system handles sensitive information, it must also be prepared against a possible threat by internal administrators. Key Management Service is prepared for such events by partitioning system root keys and storing it an isolated location. As it is impossible to calculate the root key of system with a portion of the partitioned keys, this method provides a strong protection measure against internal threats.

Key Audit

Periodic audit and management carried out by an expert is essential for the safe usage of keys. All requests on keys are recorded immediately and the users with the permission on key audit can monitor the history of key usage anytime.

REST API

One of the purposes of Key Management Service is to provide a feature to suitable implement data encryption and decryption. With Key Management Service, users with the key usage permissions can make the REST API calls for operations, such as encryption/decryption, encrypted data renewal, or data key request for the keys managed in Key Management Service.

Detailed Specification

  • Internal System Protection: AES256 GCM mode
  • Credential Protection: AES256 GCM mode
  • Signature: ECDSA p256 curve, RSA 2048/4096 (scheduled)

Pricing information

Key Management Service usage fee will be charged by combining the monthly usage fee based on the number of keys owned and the number of key calls.

Charge (Monthly)UnitUsage Fee (KRW)
Monthly Usage Fee Based on the No. of Keys OwnedNo. of keys owned1,000 KRW/month
Monthly Usage Fee Based on the No. of Key CallsNo. of key calls (10,000 calls)Under 20,000 calls/month: free
Over 20,000 calls/month: 30 KRW/month per 10,000 calls
  • The number of key calls is not carried forward to the following month.
  • Pricing will be implemented based on Korea Standard Time (UTC+9).
Pricing Information

Case 1) If Key 1 is owned from Sept 1-5 and Key 2 is owned from Sept 1-20,
→ 833 KRW = 5 days / 30 days x 1000 KRW + 20 days /30 days x 1000 KRW

Case 2) If Key 1 is called 15,000 times and Key 2 is called 10,000 times in the same month,
→ 30 KRW = Rounded up to the nearest 10,000 on the calculation (15,000 calls on Key 1 + 10,000 calls on Key 2 - 20,000 Free Calls) to result in 5,000 Calls / 10,000 X 30 KRW

Was this page helpful?

Please share your opinion and any suggestions for us.
0/5000
Please enter content.
Send Opinion