PKI : A Wiley Tech Brief

A plain-language tutorial on the most important security technology for Internet applications With major efforts underway to standardize a successful public key infrastructure (PKI) system, there is a growing need among network and security managers for authoritative information on PKI technology. This book offers a plain-language tutorial for people with limited technical background but with acute business need to understand how PKI works. Written by a widely recognized expert in the field, Public Key Infrastructure Essentials explains how a successful PKI system can provide both security and privacy for Web-based applications through assigning encrypted keys to individuals or documents. Readers will find extensive business case studies and learn how to qualify vendors, write a Certification Practice Statement (CPS), build directories, and implement mechanisms for issuing, accepting, and revoking digital certificates.

Public key infrastructures (PKIs) are critical to all sorts of electronic security mechanisms. Though their machinations are often semiconcealed as part of operating systems, messaging environments, or database management systems, a working familiarity with the interior operations of PKIs can prove useful to all sorts of information technology experts. PKI: A Wiley Tech Brief explains PKIs at a level that's appropriate for experienced network administrators and security specialists who haven't looked into PKI technologies in a systematic way before. Tom Austin--an accomplished security consultant to begin with--has done his research, and he provides an accurate and readable assessment of the state of the art.

For a treatment of computer security and public-key encryption, this book has surprisingly little mathematical content. Instead, it focuses on the business case for PKI, and explains how various applications use trusted certificates. Key (pun intended) details get ample attention, including trusted and accurate time-stamping mechanisms, alternate certificate authorities, and PKI auditing. The procedure for acquiring certificates and establishing a PKI is also covered. It's the five case studies, though, that will most impress readers who prefer example to tutorial. The case studies show how organizations (including Perot Systems and the U.S. Patent and Trademark Office) implemented their PKIs. --David Wall

Topics covered: Public key infrastructures--why you might want one, and how to go about setting one up. Detailed explanations of what certificates and certificate authorities can do precede explanations of the efficiencies that PKI can create. Real-life PKI case studies conclude this specialized primer.