Introduction

The purpose of this Unbound CORE Information Security ("CORE") document is to introduce all the aspects of key usage protection provided by CORE and measures to configure and utilize it. These are additional layers of security provided on top of the key material protection provided by the core key store whether it is based on MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private., HSMClosedHardware Security Module - a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing, or others.

To make a particular crypto-use of a specific key material that is stored in a CORE partition, the following checklist is completed before performing the required operation:

Once per login session:

  • The device that is used to issue the request must be authenticated as a device authorized to access the partition. Refer to CORE Client.
  • The user that issues the request must be authenticated as the partition user. Refer to User Authentication.

Once per each operation:

  • The user must be authorized to perform the required operation using the selected object. Refer to User Authorization.
  • The partition policy permits using the required key type, the specified operation, and the specified parameters of the operation. Refer to Partition Key Usage Policy.
  • The specified key contains the required operation among its permitted operations.

This guide details Identity and Access Management that addresses all these points. In addition, it addresses the following access management features:

This guide is a part of the following CORE user-oriented guides:

Revision History

For the history preceding the 2.0.2103 release, see the Revision History of 2.0.2010 and earlier releases.

Release Date Description

2.0.2106

September 2021

2.0.2103

May 2021

New features:

Doc changes: