5.0 1
by Andrew Nash, Bill Duane
Written by the experts at RSA Security, this book will show you how to secure transactions and develop customer trust in e-commerce through the use of PKI technology. Part of the RSA Press Series.


Written by the experts at RSA Security, this book will show you how to secure transactions and develop customer trust in e-commerce through the use of PKI technology. Part of the RSA Press Series.

Product Details

Publication date:
McGraw-Hill Computer Security Series
Sales rank:
Product dimensions:
7.50(w) x 9.25(h) x 1.11(d)

Related Subjects

Read an Excerpt

Chapter 1: Introduction

Public Key Infrastructure has caused considerable excitement over the last couple of years. All new technologies tend to follow an "S" curve that describes their acceptance and usefulness. As with any new technology during its honeymoon phase (the initial upswing of the curve), PKI has seen significant amounts of media hype. The reasons are clear. Public/ private keys when combined with other encryption technologies enable all aspects of the security services we need for electronic commerce. When this is combined with the capabilities of Public Key Infrastructure for creating and managing vastly scalable sets of digital identities, we have the opportunity to see rich and secure electronic commerce solutions developed.

As with other technologies in this early phase, the promise of PKI as a technology has outstripped many of its early capabilities. The result has been disappointment in the usability and integration of PKI. The good news is that, as with other technologies, while we are on the down slope (of the S curve) after the initial crest of enthusiasm, the whole PKI industry has made major leaps forward in applying the technology to solving electronic commerce solutions. We still have a considerable way to go before PKI achieves the same level of integration and ease of use as computer networks, but networking was much more badly integrated, noninteroperable, and painful to use for much of its early career than PKI.

The trend toward electronic commerce of all types, varieties, and flavors has caused substantial changes in the attitudes that organizations have toward security. Until relatively recently, security for most organizations was a matter of protecting access to corporate data. The biggest issue was how to stop people getting into your systems who wanted to trash them or to view proprietary information.

Broad availability of networked systems within corporations, beginning in the early 1980s, created a new environment in which information could be shared. As entry points using dialup connections and acoustic couplers allowed access to these networks, we created the opportunity for a whole new industry to grow up dedicated to protecting those entry points. As we began to interconnect remote sites using dedicated lines and then tie them into the Internet, we also created the potential for broad access by all sorts of undesirable characters.

With the increased availability of network access, security became a matter of how to create the hardened outer wall around your soft and squishy inner systems. We all knew that security of individual systems was way too hard to manage and control, but controlled perimeters was a manageable concept (until someone created their own private connection to the Internet for their internal system). Security was primarily about how to stop the barbarian hordes from ravaging the civilized cultures huddling within the corporate network. Beware if you were a traveling network message crossing the hostile wastes between walled cities.

A whole new language of defense strategies was created, and we constructed models based on fortress mentalities and perimeter defenses. Authentication products were created to identify the townsfolk to the guards at the gates. We constructed demilitarized zones (DMZs) to distinguish those areas where we would allow external access to less sensitive machines or those we were prepared to fight to the death for (bastion hosts). We built firewalls to separate the regions within our network cities to limit the damage that invaders could cause when they ravished our systems and burned our data. We built intrusion detection systems (battlements) and mantraps (baileys). The corporate inner citadel had to be maintained...

Meet the Author

Andrew Nash is Director of PKI Standards and Technologies at RSA Security. He was one of the architects for the Koen® Advanced PKI product line and is co-chair of the PKI Forum Technical Working Group. William Duane is a Technical Director at RSA Security Inc. He is one of the architects behind RSA's Keon° PKI solution and is responsible for new token form factors, including Smart Cards and emerging cryptographic devices.

Celia Joseph is Chief Consulting Architect in RSA's Professional Services organization, where she builds and deploys enterprise security solutions. She is the lead consultant in RSA's Security Assessment and Design service, and her custom development work at RSA emphasizes cryptography and PKI.

Derek Brink is a Director in RSA's Product Marketing organization. His work has included market and competitive analysis, strategic planning, and product marketing for the company's public-key infrastructure, authentication, services, and intrusion detection products. He also chairs the Executive Board of the PKI Forum.

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >

Pki 5 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
Nothing negative to say about this book, a book to read if you are involved in PKI implementation, planning and interested in security altogether. So far I have not been disapointed by RSApress. The quality is there.