Details

Related name

• Epstein, W. Clay [Browse]

Summary note

Public Key Infrastructure (PKI) is an operational ecosystem that employs key management, cryptography, information technology (IT), information security (cybersecurity) policy and practices, legal matters (law, regulatory, contractual, privacy), and business rules (processes and procedures).

Source of description

Description based on publisher supplied metadata and other sources.

Contents

• Cover
• Half Title
• Title
• Copyright
• Contents
• Preface
• Errata
• Chapter 1 Introduction
• 1.1 About This Book
• 1.2 Security Basics
• 1.3 Standards Organizations
• Notes
• Chapter 2 Cryptography Basics
• 2.1 Encryption
• 2.2 Authentication
• 2.3 Nonrepudiation
• 2.4 Key Management
• 2.5 Cryptographic Modules
• 2.5.1 Cryptographic Module Specification
• 2.5.2 Cryptographic Module Interfaces
• 2.5.3 Roles, Services, and Authentication
• 2.5.4 Software and Firmware Security
• 2.5.5 Operational Environment
• 2.5.6 Physical Security
• 2.5.7 Non-Invasive Security
• 2.5.8 Sensitive Security Parameter Management
• 2.5.9 Self-Tests
• 2.5.10 Life Cycle Assurance
• 2.5.11 Mitigation of Other Attacks
• Chapter 3 PKI Building Blocks
• 3.1 PKI Standards Organizations
• 3.2 PKI Protocols: SSL and TLS
• 3.2.1 TLS v1.2 Overview
• 3.2.2 TLS v1.3 Overview
• 3.3 PKI Protocol: IPsec
• 3.4 PKI Protocol: S/MIME
• 3.5 PKI Methods: Legal Signatures
• 3.6 PKI Methods: Code Sign
• 3.7 PKI Architectural Concepts
• Chapter 4 PKI Management and Security
• 4.1 RFC 2527 Introduction
• 4.1.1 RFC 3647 Overview
• 4.1.2 RFC 3647 Document Name and Identification
• 4.1.3 RFC 3647 PKI Participants
• 4.1.4 RFC 3647 Certificate Usage
• 4.1.5 RFC 3647 Policy Administration
• 4.1.6 RFC 3647 Definitions and Acronyms
• 4.2 RFC 2527 Publication and Repository Responsibilities
• 4.2.1 RFC 3647 Repositories
• 4.2.2 RFC 3647 Publication of Certification Information
• 4.2.3 RFC 3647 Time or Frequency of Publication
• 4.2.4 RFC 3647 Access Controls on Repositories
• 4.3 RFC 2527 Identification and Authentication
• 4.3.1 RFC 3647 Naming
• 4.3.2 RFC 3647 Initial Identity Validation
• 4.3.3 RFC 3647 Identification and Authentication for Rekey Requests.
• 4.3.4 RFC 3647 Identification and Authentication for Revocation Requests
• 4.4 RFC 2527 Certificate Lifecycle Operational Requirements
• 4.4.1 RFC 3647 Certificate Application
• 4.4.2 RFC 3647 Certificate Application Processing
• 4.4.3 RFC 3647 Certificate Issuance
• 4.4.4 RFC 3647 Certificate Acceptance
• 4.4.5 RFC 3647 Key Pair and Certificate Usage
• 4.4.6 RFC 3647 Certificate Renewal
• 4.4.7 RFC 3647 Certificate Rekey
• 4.4.8 RFC 3647 Certificate Modification
• 4.4.9 RFC 3647 Certificate Revocation and Suspension
• 4.4.10 RFC 3647 Certificate Status Services
• 4.4.11 RFC 3647 End of Subscription
• 4.4.12 RFC 3647 Key Escrow and Recovery
• 4.5 RFC 3647 Facility, Management, and Operational and Physical Controls
• 4.5.1 RFC 3647 Physical Security Controls
• 4.5.2 RFC 3647 Procedural Controls
• 4.5.3 RFC 3647 5.3 Personnel Security Controls
• 4.5.4 RFC 3647 Audit Logging Procedures
• 4.5.5 RFC 3647 Records Archival
• 4.5.6 RFC 3647 Key Changeover
• 4.5.7 RFC 3647 Compromise and Disaster Recovery
• 4.5.8 RFC 3647 CA or RA Termination
• 4.6 RFC 2527 Technical Security Controls
• 4.6.1 RFC 3647 Key Pair Generation and Installation
• 4.6.2 RFC 3647 Private Key Protection and Cryptographic Module Controls
• 4.6.3 RFC 3647 Other Aspects of Key Pair Management
• 4.6.4 RFC 3647 Activation Data
• 4.6.5 RFC 3647 Computer Security Controls
• 4.6.6 RFC 3647 Life Cycle Security Controls
• 4.6.7 RFC 3647 Network Security Controls
• 4.6.8 RFC 3647 Time Stamping
• 4.7 RFC 2527 Certificate, CRL, and OCSP Profiles
• 4.7.1 RFC 3647 Certificate Profile
• 4.7.2 RFC 3647 CRL Profile
• 4.7.3 RFC 3647 OCSP Profile
• 4.7.4 Other PKI-Related Profiles
• 4.8 RFC 2527 Compliance Audits and Other Assessments
• 4.8.1 RFC 3647 Frequency or Circumstances
• 4.8.2 RFC 3647 Identity/Qualifications of Assessor.
• 4.8.3 RFC 3647 Assessor's Relationship to Assessed Entity
• 4.8.4 RFC 3647 Topics Covered by Assessment
• 4.8.5 RFC 3647 Actions Taken as a Result of Deficiency
• 4.8.6 RFC 3647 Communication of Results
• 4.9 RFC 2527 Other Business and Legal Matters
• 4.9.1 RFC 3647 Fees
• 4.9.2 RFC 3647 Financial Responsibility
• 4.9.3 RFC 3647 Confidentiality of Business Information
• 4.9.4 RFC 3647 Privacy of Personal Information
• 4.9.5 RFC 3647 Intellectual Property Rights
• 4.9.6 RFC 3647 Representations and Warranties
• 4.9.7 RFC 3647 Disclaimers of Warranties
• 4.9.8 RFC 3647 Limitations of Liability
• 4.9.9 RFC 3647 Indemnities
• 4.9.10 RFC 3647 Term and Termination
• 4.9.11 RFC 3647 Individual Notices and Communications with Participants
• 4.9.12 RFC 3647 Amendments
• 4.9.13 RFC 3647 Dispute Resolution Procedures
• 4.9.14 RFC 3647 Governing Law
• 4.9.15 RFC 3647 Compliance with Applicable Law
• 4.9.16 RFC 3647 Miscellaneous Provisions
• 4.9.17 RFC 3647 Other Provisions
• Chapter 5 PKI Roles and Responsibilities
• 5.1 Certificate Authority
• 5.1.1 Root CA
• 5.1.2 Subordinate CA
• 5.1.3 OCSP Systems
• 5.2 Registration Authority
• 5.3 Policy Authority
• 5.4 Subscribers
• 5.5 Relying Party
• 5.6 Agreements
• 5.6.1 Certificate Authority Agreements
• 5.6.2 Registration Authority Agreements
• 5.6.3 Subscriber Agreements
• 5.6.4 Relying Party Agreements
• Note
• Chapter 6 Security Considerations
• 6.1 Physical Security
• 6.2 Logical Security
• 6.3 Audit Logs
• 6.4 Cryptographic Modules
• Chapter 7 Operational Considerations
• 7.1 CA Architectures
• 7.2 Security Architectures
• 7.3 Certificate Management
• 7.4 Business Continuity
• 7.5 Disaster Recovery
• 7.6 Affiliations
• 7.7 Crypto-Agility
• 7.8 Cloud PKI
• Chapter 8 Incident Management
• 8.1 Areas of Compromise in a PKI.
• 8.1.1 Offline Root CA
• 8.1.2 Online Intermediate CA With Issuing CAs
• 8.1.3 Online Issuing CA
• 8.1.4 Online RA
• 8.1.5 Online CRL Service
• 8.1.6 Online OCSP Service
• 8.1.7 End User's Machine
• 8.2 PKI Incident Attack Actions
• 8.2.1 Private Key Compromise
• 8.2.2 Private Key Access
• 8.2.3 Limited Access to the Private Key
• 8.2.4 Other Attacks
• 8.3 PKI Incident Response Plan
• 8.4 Monitoring the PKI Environment Prior to an Incident
• 8.5 Initial Response to an Incident
• 8.6 Detailed Discovery of an Incident
• 8.7 Collection of Forensic Evidence
• 8.8 Reporting of an Incident
• Chapter 9 PKI Governance, Risk, and Compliance
• 9.1 PKI Governance
• 9.1.1 Management Organization
• 9.1.2 Security Organization
• 9.1.3 Audit Organization
• 9.2 PKI Risks
• 9.3 Cryptography Risks
• 9.3.1 Algorithm Issues
• 9.3.2 Protocol Issues
• 9.3.3 Product Issues
• 9.4 Cybersecurity Risks
• 9.5 Operational Risks
• 9.5.1 Monitoring
• 9.5.2 Capacity
• 9.5.3 Continuity
• 9.5.4 Resources
• 9.5.5 Knowledge
• 9.6 PKI Compliance
• 9.6.1 Evaluation Criteria
• 9.6.2 Gap Assessment
• 9.6.3 Audit Process
• 9.7 PKI Risk Assessment
• 9.8 PKI Cloud Assessment
• Chapter 10 PKI Industry
• 10.1 ITU-T X.509
• 10.2 EMV Integrated Circuit Card (ICC)
• 10.3 ASC X9 PKI Standards
• 10.4 Secure Electronic Transactions (SET)
• 10.5 Secure Socket Layer (SSL)
• 10.6 PKI Forum
• 10.7 American Bar Association (ABA)
• 10.8 WebTrust CA
• 10.9 CA Browser Forum
• 10.10 Cloud Security Alliance (CSA)
• 10.11 NIST PQC Program
• 10.12 ASC X9 Financial PKI
• 10.12.1 X9 Financial PKI Origins
• 10.12.2 PKI Architecture Models
• 10.12.3 X9 Financial PKI Program
• Bibliography
• B.1 ASC X9 Financial Services
• B.2 European Telecommunication Standards Institute (ETSI)
• B.3 Internet Engineering Task Force (IETF).
• B.4 International Organization for Standardization (ISO)
• B.5 National Institutes of Standards and Technology (NIST)
• B.6 Public Key Cryptography Standards (PKCS)
• B.7 Miscellaneous
• Index.

Show 212 more Contents items

ISBN

1-003-84567-3

Statement on responsible collection description

Princeton University Library aims to describe library materials in a manner that is respectful to the individuals and communities who create, use, and are represented in the collections we manage. Read more...