PKI: Implementing & Managing E-Security

Authored by four RSA Security experts in the field, PKI: Implementing and Managing E-Security aims to explain the vulnerabilities of encryption in today's Internet-based business universe and lay out how the application of PKI can help. The authors frankly point out the areas where PKI is still immature in the real world and try to inspire their readers with their zeal to solve the remaining problems.

The book begins with an exploration of cryptography and, in particular, public key cryptography--the accepted approach for most of today's security systems. The text moves quickly into precise security terminology but makes excellent use of creative diagrams to illustrate configurations and scenarios. These diagrams often beg a bit of reflection since they are frequently used to point out vulnerabilities that may not be immediately apparent.

The heart of the book examines the management of keys and certificates, authentication, and the establishment of trust models. There are overviews of current technologies that implement PKI, but the focus of the book is to encourage readers to construct their own fully compliant solutions.

PKI: Implementing and Managing E-Security is not light reading. However, it serves double duty as both an overview of the sticky issues of securing information delivery over the Net as well as a comprehensive look at the scope of PKI for those considering a full-fledged solution for their extranets and e-commerce sites. --Stephen W. Plain

Topics covered: Symmetric and asymmetric cryptography, hashes and digital signatures, digital certificates, PKI basics, PKI services, key and certificate life cycles, PKIX, protocols and formatting standards, trust models, authentication methods, deployment and operation, and return on investment calculations.