Introduction to the Public Key Infrastructure for the Internet / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $39.95
Usually ships in 1-2 business days
(Save 27%)
Other sellers (Hardcover)
  • All (5) from $39.95   
  • New (2) from $60.00   
  • Used (3) from $39.95   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2015

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2015

Feedback rating:


Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Sort by


The practical, results-focused PKI primer for every security developer and IT manager.

Public Key Infrastructure (PKI) and related standards give you powerful new ways to solve your toughest e-commerce and Internet security problems. Now there's a comprehensive PKI primer for both technical and nontechnical professionals. IBM security expert Messaoud Benantar delivers the in-depth guidance developers and managers need to make PKI work, including coverage of important related topics such as ASN.1 and PKCS. From start to finish, Benantar focuses on getting results—and on answering your most critical questions about PKI deployment, operation, and administration. Coverage includes:

  • The fundamentals of secret and public key cryptography
  • The challenge of key distribution, and the central role of public key assurance systems
  • Using PKIX to build secure Internet systems
  • Understanding the PKIX notational language, data encoding scheme, and topology
  • Implementing effective PKI trust models
  • Using LDAP as an Internet repository for PKIX
  • Certificate validation, credentials management, and key rollover issues

Benantar's detailed real-world scenarios give developers, administrators, and decision-makers unprecedented insight for deploying effective PKI/PKIX systems. If you plan to use these breakthrough Internet security technologies, there's no better resource.

Read More Show Less

Product Details

  • ISBN-13: 9780130609274
  • Publisher: Pearson Education
  • Publication date: 7/28/2002
  • Edition number: 1
  • Pages: 272
  • Product dimensions: 7.25 (w) x 9.62 (h) x 0.96 (d)

Table of Contents

Ch. 1 Secret Key Cryptograpy 1
Ch. 2 Secret Key Distribution and Management 15
Ch. 3 Public Key Cryptography 25
Ch. 4 Public Key Establishment - the PKIX Way 45
Ch. 5 X.509 Certificate and CRL Extensions 91
Ch. 6 Trust Establishment in PKIX 119
Ch. 7 PKIX Topology and Operational Protocols 143
Ch. 8 PKI Certificate and CRL Repositories 183
Ch. 9 PKI Credentials Management 199
Ch. 10 PKI-Based Security Applications 213
References 237
Index 243
Read More Show Less



Modern secret key cryptography draws strength from the secrecy of keys. This characteristic is not arrived at by choice, rather it is an imposed one. Consider the case of shedding secrecy around a particular cryptographic algorithm. First, the algorithm becomes unavailable for public scrutiny. In the absence of technical scrutiny, the algorithm may hide its weaknesses and thus serves the undesirable principle of security by obscurity. Further yet, such a hiding of the strength or the weakness in a cryptographic algorithm cannot go on for an indefinite period of time. Sooner or later someone will arrive at reverse-engineering the processing logic embedded in a software or a hardware cryptographic module. The outcome will indeed signal the end of that particular algorithm.

Secret keys require distribution to communicating partners and the more often a secret key is distributed the more likely it is to become compromised. Distribution of long-term secret keys goes against the core premise of secret key cryptography, otherwise known as symmetric key cryptography. Transport of secret keys requires the establishment of secure channels. Human transport can be a solution but is certainly one that does not lend itself to large scale distributions. Online distributions require highly secure cryptographic channels, and thus the bootstrapping nature of the secret key distribution problem arises.

In order to alleviate the extent of the secret key distribution problem, the concept of central key distribution (KDC) entity emerged as a somewhat of a natural progression. This entity represents the sole agent that is trusted by every other entity. It plays the roleof both the keeper of secret long-term keys and the distributor of short-term session keys intended for use between two communicating entities. This latter role is dubbed as the introduction of entities to one another and is accomplished using cryptographic channels established between each respective entity and the third party agent based upon a shared long term secret key. Albeit this approach has evolved into the most elegant third party key distribution center, it lacks the flexibility of today's Internet ubiquitous computing paradigm.

Now we're back to the future, to exploiting the concept of public key cryptography that had emerged long before concepts such as the KDC existed. In the basic yet far-reaching concept of public key cryptography, encryption keys come in related pairs, private and public. The private key remains concealed by the key owner, while the public key is freely disseminated. The premise is that it is computationally infeasible to compute the private key by knowing the public key. Data encrypted by the public key can only be decrypted by the private key. With such an appealing characteristic, public key cryptography finally seemed to hold the promise of solving the secret key distribution problem. It certainly did so with the elegant key exchange scheme such as Diffie-Hellman's. Public key Public key cryptography, however, is intended to achieve not only key exchange protocols but to render various security services such as digital signatures, non-repudiation and data enciphering using the well known public key algorithms such as RSA.

The premise of freely disseminating a public key comes with a cost; that of trust. Security services that are based on public key cryptography rely on the single foundation of trusting that a particular public key material is indeed bound to its legitimate user. A promising solution for public key trust-establishment lies in the digital certification provided by X.509 which is adopted as an Internet standard. This book is intended to be a single source covering the major aspects of the Internet public key certification.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 26, 2002

    PKI Syntax

    Mr Messaoud Benantar - Congratulations for your recent book ' Introduction to the Public KeyInfrastructure for the Internet ' . >It was missing somebody to discuss the subject at ASN.1 syntax level and finally a software engineer did the task with wisdom. >Your book is an advance in relation to all the others in the market and a very important >tool for engineers working in that field . > >Cordially >Miguel Carvalho >SEPIN/MCT/Brazil

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)