PKI security solutions for the enterprise : solving HIPAA, e-paper act, and other compliance issues

Title:

Personal Author:

Raina, Kapil

Publication Information:

Indianapolis, Ind. : Wiley Publishing, 2003

ISBN:

9780471315292

Subject Term:

Public key infrastructure (Computer security)

Computer networks -- Security measures

Electronic commerce -- Security measures

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ KL	30000010059074	QA76.9.A25 R34 2003	Open Access Book	Book	Searching... Unknown

Outlines cost-effective, bottom-line solutions that show how companies can protect transactions over the Internet using PKI First book to explain how PKI (Public Key Infrastructure) is used by companies to comply with the HIPAA (Health Insurance Portability and Accountability Act) rules mandated by the U.S. Department of Labor, Health, and Human Services Illustrates how to use PKI for important business solutions with the help of detailed case studies in health care, financial, government, and consumer industries

Author Notes

KAPIL RAINA is a security professional who advises on marketing strategies for technology-related products and services. With many years of technical and business experience in the computer security field, Raina has held key positions at leading companies such as VeriSign and consulted to international companies such as British Telecom. Raina is a prolific author and speaker making contributions on topics such as mCommerce Security and Biometrics. He holds the CISSP security certification from ISC2, an internationally recognized organization for security professionals.

Acknowledgments	p. xv
Introduction	p. xvii
Part 1 Trust Basics: Ins and Outs of PKI	p. 1
Chapter 1 What Is Trust?	p. 3
Trust in the Digital World	p. 3
Defining Trust	p. 4
Implementing Trust	p. 5
Trust Policies	p. 6
Privacy	p. 6
Proper Use of Information	p. 6
Recourse in the Event of Breach of Trust	p. 7
Continuity of Trust	p. 8
User Consent	p. 8
Trust Infrastructure	p. 8
Physical Layer	p. 9
System Layer	p. 10
Application Layer	p. 11
Trust Affiliations	p. 12
Legal Issues with Trust in the Electronic World	p. 14
Binding Trust with the Law	p. 14
P3P	p. 15
Digital Trust Solutions	p. 16
Summary: The Need for Solutions	p. 17
Chapter 2 Complexities of PKI	p. 19
PKI: A Basis for Digital Trust	p. 19
Why Is PKI So Complicated?	p. 20
Security Issues	p. 21
Privacy	p. 22
Authentication	p. 23
Integrity	p. 24
Authorization	p. 25
Nonrepudiation	p. 26
Applications of PKI	p. 27
XKMS	p. 29
PKI Functions	p. 29
Certificate Authority	p. 30
Cross-Certification	p. 32
Registration Authority	p. 33
End-entity	p. 35
Types of Certificates	p. 35
Implementation Issues	p. 37
Setup	p. 37
Back-end Setup	p. 38
User Setup and Registration	p. 38
Certificate Policy and Certificate Practice Statement (CPS)	p. 39
Administration	p. 39
Renewal	p. 40
Search	p. 40
Exception Handling	p. 41
Revocation	p. 41
Escrow	p. 42
Audience	p. 43
Time Allotted for Rollout	p. 43
Expertise Available	p. 44
Funds Available	p. 44
Integration Issues	p. 44
Integration with Applications	p. 45
Integration with Tthird-Party Data	p. 45
Integration with Stronger Authentication Options	p. 46
Integration with Legacy Systems	p. 46
Integration with Single Interface	p. 47
Cost	p. 47
Summary: Best Practices to Reduce Complexity	p. 49
Chapter 3 Best Practices of PKI	p. 51
Insource versus Outsource Factors	p. 51
Public and Private Hierarchies	p. 52
Control and Flexibility	p. 54
Cost and Deployment Time	p. 54
Vendor and Technology Selection	p. 55
Determining the Selection Criteria	p. 55
Financial Strength	p. 56
Scalability	p. 56
Security	p. 57
Operations	p. 57
Support	p. 58
Consulting Strength	p. 59
Vendor Vetting: How to Ask the Right Questions	p. 60
Executive Summary	p. 60
Introduction	p. 60
Scope of the Project	p. 61
Project Organization and Management	p. 62
Security Architecture	p. 62
Security Policy	p. 62
Standards and Security Design Guidelines	p. 63
Operational Guidelines	p. 64
Audit	p. 64
Security Awareness and Training	p. 65
Consultant Profiles	p. 65
Project References	p. 66
Design	p. 66
Elements of a PKI Infrastructure	p. 66
CA Hardware and Software Architecture	p. 66
User Setup/Registration Definitions	p. 67
Legal Policy Development	p. 67
RA Agreement	p. 69
RA-End-Entity Agreement	p. 69
Subscriber-End-Entity Agreement	p. 69
Best Practices for PKI Selection	p. 70
Personnel	p. 70
Secure Infrastructure	p. 70
Legal Aspects	p. 71
Deployment Time Frame	p. 71
Costs	p. 72
Implementation	p. 72
Project Management	p. 73
Resources Needed	p. 73
Timelines	p. 74
Summary: Choosing the Right Partner	p. 80
Chapter 4 Selling PKI	p. 81
ROI on PKI, ASAP	p. 81
Reactive versus Proactive Selling Models	p. 82
Success Criteria	p. 83
Implementation ROI	p. 84
Creating ROI Models	p. 85
Cost Savings per Transaction	p. 86
Reduced Processing Time per Transaction	p. 88
New Services	p. 90
Reduced Exposure Model	p. 92
Regulation Compliance Model	p. 93
Nonfinancial Benefits	p. 94
FUD	p. 94
Industry Peer Comparison	p. 94
Vulnerability Assessment	p. 95
Internal Surveys	p. 96
Convenience	p. 97
Case Study: Anatomy of a PKI Sale	p. 98
The Prospect	p. 98
The Pitch	p. 98
The Closing	p. 98
The Payment	p. 98
The Delivery	p. 99
Summary: It's All about the ROI	p. 99
Part 2 Solutions for Trust	p. 101
Chapter 5 Healthcare Solutions	p. 103
HIPAA	p. 103
PKI as a Solution to HIPAA	p. 109
Biometrics and HIPAA	p. 111
Biometrics Overview	p. 111
Hospitals, Doctors, and Managed Care	p. 116
Unique Security Requirements	p. 116
Doctors' Requirements	p. 116
Hospital Characteristics	p. 118
Managed Care	p. 118
Cost and Other Factors	p. 119
Who Pays?	p. 120
Summary: The Healthcare Prognosis	p. 123
Chapter 6 Financial Solutions	p. 125
Financial Sector	p. 125
Consumer	p. 125
Commercial	p. 126
Legal Drivers	p. 127
The Gramm-Leach-Bliley Act	p. 127
Privacy	p. 128
Security	p. 129
Assessment of Risk	p. 130
Control of Risk	p. 130
Supervision of Service Provider Arrangements	p. 131
Revisions of Guidelines	p. 131
Reporting to the Board	p. 131
Secure Wireless Communications under GLBA	p. 132
Fair Credit Reporting Act	p. 132
Electronic Fund Transfer	p. 133
OnLine Mortgage and Loan Applications	p. 134
Identrus	p. 138
What Is Identrus?	p. 138
Need for Identrus	p. 138
Architecture	p. 139
Applications	p. 142
Future of Identrus	p. 142
Identrus Alternatives	p. 142
Global Trust Authority	p. 143
ABAecom	p. 144
EMV Solutions	p. 144
EU Directives	p. 146
Directive 1999/93/EC	p. 147
Directive 2000/31/EC	p. 148
Safe Harbor Agreement	p. 148
What Do All These Standards Mean for Me?	p. 150
Summary: Money Talks	p. 151
Chapter 7 Government Solutions	p. 153
Types of Government Solutions	p. 153
National Identity Projects	p. 154
Technology Challenges	p. 155
The Trust Factor	p. 156
Citizen Identification Device	p. 157
Terminal Readers	p. 158
Government Regulations	p. 158
E-government projects	p. 158
U.S. Government Initiatives	p. 159
Common Access Card	p. 160
ACES	p. 163
Legal Drivers	p. 166
Paperwork Reduction Act (E-Paper Act)	p. 166
Privacy Act	p. 166
Federal Agency Protection of Privacy Act	p. 167
Government Paperwork Elimination Act	p. 167
Electronic Signatures in Global and National Commerce (E-Sign) Act	p. 169
Federal Bridge Certification Authority	p. 170
Meaning of Assurance	p. 171
International Efforts	p. 173
Australia	p. 173
United Kingdom	p. 175
India	p. 176
Summary: Citizen Certificate	p. 178
Chapter 8 Communications Solutions	p. 179
Secure Messaging	p. 179
Methods of Secure Communications	p. 180
Encryption Point-to Point	p. 180
Encryption with Insecure Pickup	p. 182
Encryption with Secure Pickup	p. 183
Instant Messaging	p. 184
Peer to Peer	p. 185
Guaranteed Delivery	p. 186
Secure Drop-off and Pickup Model	p. 187
Private Internet Network	p. 187
Content Management	p. 188
Policy Methods	p. 189
Secured Delivery	p. 191
Encapsulation	p. 191
Secure Space	p. 192
Time Stamping	p. 192
SSL: The Old Standby	p. 194
Challenges with SSL	p. 194
Deployment Strategies	p. 196
Dedicated SSL	p. 196
Shared SSL	p. 197
Server Appliance Model	p. 197
Alternative Approach: OpenSSL	p. 198
Code Signing	p. 198
Summary: Speaking Digitally	p. 200
Chapter 9 Other Solutions	p. 201
Virtual Private Networks	p. 201
What Is a VPN?	p. 201
Why Do We Need Them?	p. 202
Pros of VPNs	p. 203
Cons of VPNs	p. 203
How Do They Work?	p. 203
Internet Key Exchange	p. 205
Alternatives to IPSec VPNs?	p. 207
Smart Cards	p. 209
Novell Architecture	p. 210
Token FOB	p. 211
Kerberos	p. 212
Took Kits	p. 214
Microsoft	p. 214
Xetex	p. 214
Broadband	p. 214
DOCSIS	p. 216
PacketCable	p. 220
CableHome	p. 221
OpenCable	p. 222
Euro-DOCSIS	p. 223
PKI on a Chip	p. 224
Integrated Security Chip	p. 224
User Verification Manager	p. 224
PKI Standards Support	p. 225
Administrator Utility	p. 225
File and Folder Protection	p. 225
(VPN) Authentication	p. 226
Intel's Solution	p. 226
Other Applications	p. 227
X-Bulk	p. 227
Printers	p. 228
Summary: PKI Is Far and Wide	p. 229
Part 3 Trust Solutions Guide	p. 231
Chapter 10 Overview of Trust Solutions	p. 233
Consultant's Corner	p. 233
Challenges	p. 234
It's the Law!	p. 234
Staying Current	p. 235
Guide to Commercial Solutions by Category	p. 235
VPN Solutions	p. 235
Checkpoint	p. 237
Nokia	p. 237
Netscreen	p. 237
SonicWall	p. 237
Biometric Solutions	p. 238
Device Vendors	p. 238
Middleware Vendors	p. 239
Form-Signing Solutions	p. 239
Stand-Alone Form Signing	p. 240
Hybrid	p. 241
Core Technology	p. 242
Secure Messaging	p. 243
Solutions with End-User Clients	p. 244
Solutions without End-User Clients	p. 244
Miscellaneous Solutions	p. 245
Secure Wireless Solutions	p. 246
Certicom	p. 247
Openwave	p. 247
Diversinet	p. 247
Single Sign-On Solutions	p. 247
Integrated Solutions	p. 249
Hybrid Solutions	p. 250
Content Management Solutions	p. 251
Probix	p. 252
Alchemedia	p. 252
Web Servers	p. 253
Software Web Servers	p. 254
Hardware (Appliance) Web Servers	p. 255
Smart Cards	p. 256
Gemplus	p. 257
Schlumberger	p. 257
Data Storage Protection	p. 257
Brocade	p. 257
Veritas	p. 258
Web Portals	p. 259
Plumtree	p. 259
Hummingbird	p. 259
B2B	p. 259
Cyclone Commerce	p. 260
webMethods	p. 260
SET	p. 260
IBM	p. 260
VeriFone	p. 261
Summary: The Answer Is ... Solutions!	p. 261
Chapter 11 The Future of PKI	p. 263
The Future of Mobile Security in PKI	p. 264
Mobile VPNs	p. 265
Lessening the Pain	p. 266
Trends in Integration	p. 266
Solution Building	p. 267
Consolidation of the Security Market	p. 267
Survey of the Security Market	p. 268
Encryption	p. 268
Authentication	p. 269
Authorization	p. 271
Administration	p. 271
Firewalls and VPNs	p. 272
Operational Integrity	p. 273
Only the Strong Will Survive	p. 274
One-Stop Shopping	p. 274
PKI Is Only Part of the Solution	p. 276
Need for Good Security Policies	p. 277
Strong Audit Capability	p. 278
Good Physical Security	p. 278
Summary: The Growth of PKI	p. 279
Appendix	p. 281
Index	p. 289

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents