Description
Book SynopsisThe concept of a PKI (public key infrastructure) has been around for decades, but it is one strand of IT which has taken an extraordinarily long time to come to fruition within the mainstream. This is mostly because implementing a PKI is time consuming and difficult. Maintaining a PKI is equally time consuming and even more difficult within the real world of mergers and acquisitions against a backdrop of ever-changing technology. Many organisations simply give up and hand everything over to a third party who promises to manage everything on their behalf. This is generally not a good idea and simply delays the inevitability of failures and misunderstood complexity. This book explores all the aspects of implementing and maintaining a PKI that the other books on the subject seem to miss. It reflects decades of hard-won experience, not only in PKI, not only in IT, not only in electronics, but in business, government agencies and academia alike. The book also explores the existence of a PKI alongside other technologies, such as biometrics, and against an ever-changing world of development methodologies. This last point is particularly relevant at this time as we are in the middle of a quiet, but all encompassing revolution in this respect. Consequently, this is the one book on PKI that you have to have on your shelf, whether you be a company director, IT manager, government minister or teacher of IT. It is the book which fills in all the gaps left in the literature and treads paths which others fear to tread. You will enjoy it enormously if you are from an IT background.
Table of Contents1. What exactly is a PKI? The original concept, 2. How does PKI work? The nuts and bolts of PKI, 3. What are the primary applications for a PKI? How applications are changing, 4. What exactly is a digital certificate? The contents of a certificate, 5. What about encryption? How a public key infrastructure is used for encryption, 6. Biometrics and PKI: The possibilities of biometric certificates, 7. What is the conventional wider infrastructure? Different infrastructure models explained, 8. Kubernetes, containers and PKI: The container model and its implications for PKI, 9. Trust and certificates: The original concept has changed, 10. How may a localised infrastructure work? Keeping things simple, 11. What happens when certificates expire? What can go wrong?, 12. How do we ensure that certificates do not expire? Methodologies for security, 13. How does the human interaction work? Managing things manually, 14. Can we organise everything ourselves? Understanding what to do, 15. How long does it take to implement a proper PKI? Understanding the scale of the problem, 16. What skills are required for operational personnel? Understanding associated technologies, 17. How do we embed a PKI culture in the workplace? Communication, 18. How do we keep it working as we grow? Planning and documentation, 19. What happens if we acquire other companies? Merging public key infrastructures, 20. Who should be responsible for it all? Accountability, 21. PKI, the cloud and the Internet of things: What we should understand, 22. PKI and the global financial industry: The reliance upon a large-scale public key infrastructure, 23. PKI and government legislation: Ensuring that legislation is compatible, 24. Consequences: What happens when it all goes wrong
