Public Key Infrastructure: Building Trusted Applications and Web Services
With the recent Electronic Signatures in Global and National Commerce Act, public key cryptography, digital signatures, and digital certificates are finally emerging as a ubiquitous part of the Information Technology landscape. Although these technologies have been around for over twenty years, this legislative move will surely boost e-commerce activity. Secure electronic business transactions, such as contracts, legal documents, insurance, and bank loans are now legally recognized. In order to adjust to the realities of the marketplace, other services may be needed, such as a non-repudiation service, digital notary, or digital time-stamping service. The collection of these components, known as Public Key Infrastructure (PKI), is paving the way for secure communications within organizations and on the public Internet.
What people are saying - Write a review
We haven't found any reviews in the usual places.
CHAPTER 2 GROWING A TREE OF TRUST
CHAPTER 3 IN PKI WE TRUST?
CHAPTER 4 PKI STANDARDS
CHAPTER 5 TYPES OF VENDOR AND THIRDPARTY CA SYSTEMS
CHAPTER 6 UNDERSTANDING DIGITAL CERTIFICATES AND SECURE SOCKETS LAYER SSL
CHAPTER 7 CA SYSTEM ATTACKS
CHAPTER 8 KEY ESCROW VERSUS KEY RECOVERY
CHAPTER 19 IMPLEMENTATION COSTS
CHAPTER 20 PKI PERFORMANCE
CHAPTER 21 REQUESTING A CERTIFICATE
CHAPTER 22 OBTAINING A CERTIFICATE
WHAT YOU ARE NOT BEING TOLD ABOUT PUBLIC KEY INFRASTRUCTURE
CHAPTER 24 USING A CERTIFICATE
FLEXIBLE OPEN REVOCATION SOLUTIONS FOR TODAYS ENTERPRISE PKI NEEDS
CHAPTER 9 AN APPROACH TO FORMALLY COMPARE AND QUERY CERTIFICATION PRACTICE STATEMENTS
SECURING YOUR BUSINESS APPLICATIONS
CHAPTER 11 PKI READINESS
ANALYZING AND DESIGNING PUBLIC KEY INFRASTRUCTURES
CHAPTER 12 PKI DESIGN ISSUES
CHAPTER 13 PKI RETURN ON INVESTMENT
CHAPTER 14 PKI STANDARDS DESIGN ISSUES
CHAPTER 15 ARCHITECTURE FOR PUBLIC KEY INFRASTRUCTURE APKI
CHAPTER 16 IMPLEMENTING SECURE WEB SERVICES REQUIREMENTS USING PKI
CHAPTER 17 VERISIGNS FOUNDATION IN MANAGED SECURITY SERVICES
CHAPTER 18 IMPLEMENTATION AND DEPLOYMENT
CHAPTER 26 SUMMARY CONCLUSIONS AND RECOMMENDATIONS
CONTRIBUTORS OF PKI SOFTWARE SOLUTIONS
PKI PRODUCTS IMPLEMENTATIONS TOOLKITS AND VENDORS
COMPREHENSIVE LIST OF CERTIFICATE AUTHORITIES CAS
INFORMATION SECURITY MANAGEMENT ISSUE STANDARDS
INFORMATION SECURITY TECHNICAL ELEMENTS STANDARDS
BASIC CERTIFICATES FOR WEB ADMINISTRATION
access control algorithm applications architecture attacks audit authentication browser bytes certificate authority Certificate Management Certificate Policy Certificate Practice Statements certificate revocation lists chapter client communications components compromise CP/CPS cross certification crypto customers decrypt deployment digital certificates digital signature digitally sign document domain e-mail electronic enable encryption ensure entity Entrust example functions hardware hash identity implementation integrity interfaces Internet Explorer Internet X.509 Public issues key infrastructure PKI key management key recovery key-pair Microsoft Netscape non-repudiation OCSP operations outsourced password personal digital certificates PKCS PKI services PKI solutions PKIX private key Profiles protection public key certificates public key cryptography Public Key Infrastructure request requirements revoked risk root certificate secret key server smart card specific standards stored today’s token transactions trust user’s valid verify VeriSign Web services X.509 Public Key XKMS
Page 8 - Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
Page xxiii - We also reviewed and analyzed the National Strategy for Homeland Security, the National Strategy to Secure Cyberspace, the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, the National Strategy for Combating Terrorism, l the Homeland Security Act of 2002/and other relevant federal policies.
Page ii - Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes Albert J.
Page 29 - The SSL protocol includes two subprotocols: the SSL record protocol and the SSL handshake protocol. The SSL record protocol defines the format used to transmit data. The SSL handshake protocol involves using the SSL record protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled client when they first establish an SSL connection. This exchange of messages is designed to facilitate the following actions: • Authenticate the server to the client.