Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010059074 | QA76.9.A25 R34 2003 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Outlines cost-effective, bottom-line solutions that show how companies can protect transactions over the Internet using PKI First book to explain how PKI (Public Key Infrastructure) is used by companies to comply with the HIPAA (Health Insurance Portability and Accountability Act) rules mandated by the U.S. Department of Labor, Health, and Human Services Illustrates how to use PKI for important business solutions with the help of detailed case studies in health care, financial, government, and consumer industries
Author Notes
KAPIL RAINA is a security professional who advises on marketing strategies for technology-related products and services. With many years of technical and business experience in the computer security field, Raina has held key positions at leading companies such as VeriSign and consulted to international companies such as British Telecom. Raina is a prolific author and speaker making contributions on topics such as mCommerce Security and Biometrics. He holds the CISSP security certification from ISC2, an internationally recognized organization for security professionals.
Table of Contents
Acknowledgments | p. xv |
Introduction | p. xvii |
Part 1 Trust Basics: Ins and Outs of PKI | p. 1 |
Chapter 1 What Is Trust? | p. 3 |
Trust in the Digital World | p. 3 |
Defining Trust | p. 4 |
Implementing Trust | p. 5 |
Trust Policies | p. 6 |
Privacy | p. 6 |
Proper Use of Information | p. 6 |
Recourse in the Event of Breach of Trust | p. 7 |
Continuity of Trust | p. 8 |
User Consent | p. 8 |
Trust Infrastructure | p. 8 |
Physical Layer | p. 9 |
System Layer | p. 10 |
Application Layer | p. 11 |
Trust Affiliations | p. 12 |
Legal Issues with Trust in the Electronic World | p. 14 |
Binding Trust with the Law | p. 14 |
P3P | p. 15 |
Digital Trust Solutions | p. 16 |
Summary: The Need for Solutions | p. 17 |
Chapter 2 Complexities of PKI | p. 19 |
PKI: A Basis for Digital Trust | p. 19 |
Why Is PKI So Complicated? | p. 20 |
Security Issues | p. 21 |
Privacy | p. 22 |
Authentication | p. 23 |
Integrity | p. 24 |
Authorization | p. 25 |
Nonrepudiation | p. 26 |
Applications of PKI | p. 27 |
XKMS | p. 29 |
PKI Functions | p. 29 |
Certificate Authority | p. 30 |
Cross-Certification | p. 32 |
Registration Authority | p. 33 |
End-entity | p. 35 |
Types of Certificates | p. 35 |
Implementation Issues | p. 37 |
Setup | p. 37 |
Back-end Setup | p. 38 |
User Setup and Registration | p. 38 |
Certificate Policy and Certificate Practice Statement (CPS) | p. 39 |
Administration | p. 39 |
Renewal | p. 40 |
Search | p. 40 |
Exception Handling | p. 41 |
Revocation | p. 41 |
Escrow | p. 42 |
Audience | p. 43 |
Time Allotted for Rollout | p. 43 |
Expertise Available | p. 44 |
Funds Available | p. 44 |
Integration Issues | p. 44 |
Integration with Applications | p. 45 |
Integration with Tthird-Party Data | p. 45 |
Integration with Stronger Authentication Options | p. 46 |
Integration with Legacy Systems | p. 46 |
Integration with Single Interface | p. 47 |
Cost | p. 47 |
Summary: Best Practices to Reduce Complexity | p. 49 |
Chapter 3 Best Practices of PKI | p. 51 |
Insource versus Outsource Factors | p. 51 |
Public and Private Hierarchies | p. 52 |
Control and Flexibility | p. 54 |
Cost and Deployment Time | p. 54 |
Vendor and Technology Selection | p. 55 |
Determining the Selection Criteria | p. 55 |
Financial Strength | p. 56 |
Scalability | p. 56 |
Security | p. 57 |
Operations | p. 57 |
Support | p. 58 |
Consulting Strength | p. 59 |
Vendor Vetting: How to Ask the Right Questions | p. 60 |
Executive Summary | p. 60 |
Introduction | p. 60 |
Scope of the Project | p. 61 |
Project Organization and Management | p. 62 |
Security Architecture | p. 62 |
Security Policy | p. 62 |
Standards and Security Design Guidelines | p. 63 |
Operational Guidelines | p. 64 |
Audit | p. 64 |
Security Awareness and Training | p. 65 |
Consultant Profiles | p. 65 |
Project References | p. 66 |
Design | p. 66 |
Elements of a PKI Infrastructure | p. 66 |
CA Hardware and Software Architecture | p. 66 |
User Setup/Registration Definitions | p. 67 |
Legal Policy Development | p. 67 |
RA Agreement | p. 69 |
RA-End-Entity Agreement | p. 69 |
Subscriber-End-Entity Agreement | p. 69 |
Best Practices for PKI Selection | p. 70 |
Personnel | p. 70 |
Secure Infrastructure | p. 70 |
Legal Aspects | p. 71 |
Deployment Time Frame | p. 71 |
Costs | p. 72 |
Implementation | p. 72 |
Project Management | p. 73 |
Resources Needed | p. 73 |
Timelines | p. 74 |
Summary: Choosing the Right Partner | p. 80 |
Chapter 4 Selling PKI | p. 81 |
ROI on PKI, ASAP | p. 81 |
Reactive versus Proactive Selling Models | p. 82 |
Success Criteria | p. 83 |
Implementation ROI | p. 84 |
Creating ROI Models | p. 85 |
Cost Savings per Transaction | p. 86 |
Reduced Processing Time per Transaction | p. 88 |
New Services | p. 90 |
Reduced Exposure Model | p. 92 |
Regulation Compliance Model | p. 93 |
Nonfinancial Benefits | p. 94 |
FUD | p. 94 |
Industry Peer Comparison | p. 94 |
Vulnerability Assessment | p. 95 |
Internal Surveys | p. 96 |
Convenience | p. 97 |
Case Study: Anatomy of a PKI Sale | p. 98 |
The Prospect | p. 98 |
The Pitch | p. 98 |
The Closing | p. 98 |
The Payment | p. 98 |
The Delivery | p. 99 |
Summary: It's All about the ROI | p. 99 |
Part 2 Solutions for Trust | p. 101 |
Chapter 5 Healthcare Solutions | p. 103 |
HIPAA | p. 103 |
PKI as a Solution to HIPAA | p. 109 |
Biometrics and HIPAA | p. 111 |
Biometrics Overview | p. 111 |
Hospitals, Doctors, and Managed Care | p. 116 |
Unique Security Requirements | p. 116 |
Doctors' Requirements | p. 116 |
Hospital Characteristics | p. 118 |
Managed Care | p. 118 |
Cost and Other Factors | p. 119 |
Who Pays? | p. 120 |
Summary: The Healthcare Prognosis | p. 123 |
Chapter 6 Financial Solutions | p. 125 |
Financial Sector | p. 125 |
Consumer | p. 125 |
Commercial | p. 126 |
Legal Drivers | p. 127 |
The Gramm-Leach-Bliley Act | p. 127 |
Privacy | p. 128 |
Security | p. 129 |
Assessment of Risk | p. 130 |
Control of Risk | p. 130 |
Supervision of Service Provider Arrangements | p. 131 |
Revisions of Guidelines | p. 131 |
Reporting to the Board | p. 131 |
Secure Wireless Communications under GLBA | p. 132 |
Fair Credit Reporting Act | p. 132 |
Electronic Fund Transfer | p. 133 |
OnLine Mortgage and Loan Applications | p. 134 |
Identrus | p. 138 |
What Is Identrus? | p. 138 |
Need for Identrus | p. 138 |
Architecture | p. 139 |
Applications | p. 142 |
Future of Identrus | p. 142 |
Identrus Alternatives | p. 142 |
Global Trust Authority | p. 143 |
ABAecom | p. 144 |
EMV Solutions | p. 144 |
EU Directives | p. 146 |
Directive 1999/93/EC | p. 147 |
Directive 2000/31/EC | p. 148 |
Safe Harbor Agreement | p. 148 |
What Do All These Standards Mean for Me? | p. 150 |
Summary: Money Talks | p. 151 |
Chapter 7 Government Solutions | p. 153 |
Types of Government Solutions | p. 153 |
National Identity Projects | p. 154 |
Technology Challenges | p. 155 |
The Trust Factor | p. 156 |
Citizen Identification Device | p. 157 |
Terminal Readers | p. 158 |
Government Regulations | p. 158 |
E-government projects | p. 158 |
U.S. Government Initiatives | p. 159 |
Common Access Card | p. 160 |
ACES | p. 163 |
Legal Drivers | p. 166 |
Paperwork Reduction Act (E-Paper Act) | p. 166 |
Privacy Act | p. 166 |
Federal Agency Protection of Privacy Act | p. 167 |
Government Paperwork Elimination Act | p. 167 |
Electronic Signatures in Global and National Commerce (E-Sign) Act | p. 169 |
Federal Bridge Certification Authority | p. 170 |
Meaning of Assurance | p. 171 |
International Efforts | p. 173 |
Australia | p. 173 |
United Kingdom | p. 175 |
India | p. 176 |
Summary: Citizen Certificate | p. 178 |
Chapter 8 Communications Solutions | p. 179 |
Secure Messaging | p. 179 |
Methods of Secure Communications | p. 180 |
Encryption Point-to Point | p. 180 |
Encryption with Insecure Pickup | p. 182 |
Encryption with Secure Pickup | p. 183 |
Instant Messaging | p. 184 |
Peer to Peer | p. 185 |
Guaranteed Delivery | p. 186 |
Secure Drop-off and Pickup Model | p. 187 |
Private Internet Network | p. 187 |
Content Management | p. 188 |
Policy Methods | p. 189 |
Secured Delivery | p. 191 |
Encapsulation | p. 191 |
Secure Space | p. 192 |
Time Stamping | p. 192 |
SSL: The Old Standby | p. 194 |
Challenges with SSL | p. 194 |
Deployment Strategies | p. 196 |
Dedicated SSL | p. 196 |
Shared SSL | p. 197 |
Server Appliance Model | p. 197 |
Alternative Approach: OpenSSL | p. 198 |
Code Signing | p. 198 |
Summary: Speaking Digitally | p. 200 |
Chapter 9 Other Solutions | p. 201 |
Virtual Private Networks | p. 201 |
What Is a VPN? | p. 201 |
Why Do We Need Them? | p. 202 |
Pros of VPNs | p. 203 |
Cons of VPNs | p. 203 |
How Do They Work? | p. 203 |
Internet Key Exchange | p. 205 |
Alternatives to IPSec VPNs? | p. 207 |
Smart Cards | p. 209 |
Novell Architecture | p. 210 |
Token FOB | p. 211 |
Kerberos | p. 212 |
Took Kits | p. 214 |
Microsoft | p. 214 |
Xetex | p. 214 |
Broadband | p. 214 |
DOCSIS | p. 216 |
PacketCable | p. 220 |
CableHome | p. 221 |
OpenCable | p. 222 |
Euro-DOCSIS | p. 223 |
PKI on a Chip | p. 224 |
Integrated Security Chip | p. 224 |
User Verification Manager | p. 224 |
PKI Standards Support | p. 225 |
Administrator Utility | p. 225 |
File and Folder Protection | p. 225 |
(VPN) Authentication | p. 226 |
Intel's Solution | p. 226 |
Other Applications | p. 227 |
X-Bulk | p. 227 |
Printers | p. 228 |
Summary: PKI Is Far and Wide | p. 229 |
Part 3 Trust Solutions Guide | p. 231 |
Chapter 10 Overview of Trust Solutions | p. 233 |
Consultant's Corner | p. 233 |
Challenges | p. 234 |
It's the Law! | p. 234 |
Staying Current | p. 235 |
Guide to Commercial Solutions by Category | p. 235 |
VPN Solutions | p. 235 |
Checkpoint | p. 237 |
Nokia | p. 237 |
Netscreen | p. 237 |
SonicWall | p. 237 |
Biometric Solutions | p. 238 |
Device Vendors | p. 238 |
Middleware Vendors | p. 239 |
Form-Signing Solutions | p. 239 |
Stand-Alone Form Signing | p. 240 |
Hybrid | p. 241 |
Core Technology | p. 242 |
Secure Messaging | p. 243 |
Solutions with End-User Clients | p. 244 |
Solutions without End-User Clients | p. 244 |
Miscellaneous Solutions | p. 245 |
Secure Wireless Solutions | p. 246 |
Certicom | p. 247 |
Openwave | p. 247 |
Diversinet | p. 247 |
Single Sign-On Solutions | p. 247 |
Integrated Solutions | p. 249 |
Hybrid Solutions | p. 250 |
Content Management Solutions | p. 251 |
Probix | p. 252 |
Alchemedia | p. 252 |
Web Servers | p. 253 |
Software Web Servers | p. 254 |
Hardware (Appliance) Web Servers | p. 255 |
Smart Cards | p. 256 |
Gemplus | p. 257 |
Schlumberger | p. 257 |
Data Storage Protection | p. 257 |
Brocade | p. 257 |
Veritas | p. 258 |
Web Portals | p. 259 |
Plumtree | p. 259 |
Hummingbird | p. 259 |
B2B | p. 259 |
Cyclone Commerce | p. 260 |
webMethods | p. 260 |
SET | p. 260 |
IBM | p. 260 |
VeriFone | p. 261 |
Summary: The Answer Is ... Solutions! | p. 261 |
Chapter 11 The Future of PKI | p. 263 |
The Future of Mobile Security in PKI | p. 264 |
Mobile VPNs | p. 265 |
Lessening the Pain | p. 266 |
Trends in Integration | p. 266 |
Solution Building | p. 267 |
Consolidation of the Security Market | p. 267 |
Survey of the Security Market | p. 268 |
Encryption | p. 268 |
Authentication | p. 269 |
Authorization | p. 271 |
Administration | p. 271 |
Firewalls and VPNs | p. 272 |
Operational Integrity | p. 273 |
Only the Strong Will Survive | p. 274 |
One-Stop Shopping | p. 274 |
PKI Is Only Part of the Solution | p. 276 |
Need for Good Security Policies | p. 277 |
Strong Audit Capability | p. 278 |
Good Physical Security | p. 278 |
Summary: The Growth of PKI | p. 279 |
Appendix | p. 281 |
Index | p. 289 |