Security Without Obscurity: A Guide to Pki Operations
暫譯: 不隱藏的安全性：PKI 操作指南

Name: Security Without Obscurity: A Guide to Pki Operations
Price: 2071 TWD
Availability: OnlineOnly
Author: Stapleton, Jeff, Epstein, W. Clay
ISBN: 036765864X

Stapleton, Jeff, Epstein, W. Clay

出版商: Auerbach Publication
出版日期: 2020-09-30
售價: $2,180
貴賓價: 9.5 折 $2,071
語言: 英文
頁數: 343
裝訂: Quality Paper - also called trade paper
ISBN: 036765864X
ISBN-13: 9780367658649
相關分類: 資訊安全

海外代購書籍(需單獨結帳)

商品描述

Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.

Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.

The highlighted bad practices, based on real-world scenarios from the authors' experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.

This book offers readers the opportunity to benefit from the authors' more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.

商品描述(中文翻譯)

大多數有關公鑰基礎設施（PKI）的書籍似乎專注於非對稱加密、X.509 證書、證書授權機構（CA）層級或證書政策（CP）以及證書實踐聲明。雖然算法、證書和理論政策都是很好的討論主題，但運營商業或私人 CA 的現實問題可能會讓人感到不知所措。

《安全無需模糊：PKI 操作指南》提供了一種直截了當的方法和現實的 PKI 系統運營指南。除了對 PKI 最佳實踐的討論外，本書還提供了對不良 PKI 實踐的警告。書中散佈著匿名案例研究，識別出良好和不良的實踐。

這些突出的不良實踐基於作者的實際經驗，說明了許多不好的事情往往是出於良好的意圖，但卻造成比原本要解決的問題更大的麻煩。

本書為讀者提供了從作者超過 50 年的綜合經驗中受益的機會，這些經驗涵蓋了開發與 PKI 相關的政策、標準、實踐、程序和審計，以及設計和運營各種商業和私人 PKI 系統。

作者簡介

Jeff J. Stapleton is the author of Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity (CRC Press). Stapleton began his career at Citicorp Information Resources, St. Louis, Missouri, in 1982, as a software engineer writing 8-bit assembler code for a turnkey savings and loan teller system. He continued his work in the financial service industry at MasterCard International (St. Louis, Missouri), maintaining and developing credit card and debit card transaction applications on its global network, Banknet.

His introduction to cryptography began when he was assigned to develop a global key management system for MasterCard, and as part of that assignment, he began attending an Accredited Standards Committee (ASC) X9 Workgroup for retail banking security in 1989.

During his career, he has spoken at many conferences; participated in the development of numerous ANSI and ISO standards; and published various papers, articles, chapters, and his first book--Security without Obscurity.

W. Clay Epstein holds a bachelor of science in computer science from the University of Utah and a master of business administration in management information systems from Westminster College (Salt Lake City, Utah). He has international experience developing and managing public key infrastructures primarily for the financial services industry.

Epstein was the CTO for Digital Signature Trust Co., a start-up company formed to address the legal and technical issues of secure electronic commerce across the Internet, and one of the first licensed Certificate Authorities (CAs) in the United States. He was the third employee, responsible for the overall operations and strategic technology development, implementation, and maintenance of the various CA systems.

作者簡介(中文翻譯)

Jeff J. Stapleton 是 Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity（CRC Press）的作者。Stapleton 於 1982 年在密蘇里州聖路易斯的 Citicorp Information Resources 開始他的職業生涯，擔任軟體工程師，為一個交鑰匙的儲蓄和貸款櫃員系統撰寫 8 位元組合語言程式碼。他在金融服務業的工作繼續於 MasterCard International（密蘇里州聖路易斯），維護和開發其全球網路 Banknet 上的信用卡和借記卡交易應用程式。

他對密碼學的介紹始於他被指派開發 MasterCard 的全球金鑰管理系統，並且作為該任務的一部分，他於 1989 年開始參加零售銀行安全的 Accredited Standards Committee (ASC) X9 工作小組。

在他的職業生涯中，他在許多會議上發表演講；參與多項 ANSI 和 ISO 標準的制定；並發表各種論文、文章、章節，以及他的第一本書——Security without Obscurity。

W. Clay Epstein 擁有猶他大學的計算機科學學士學位和威斯敏斯特學院（猶他州鹽湖城）的管理資訊系統碩士學位。他在金融服務業擁有開發和管理公鑰基礎設施的國際經驗。

Epstein 曾擔任 Digital Signature Trust Co. 的首席技術官，這是一家成立以解決互聯網上安全電子商務的法律和技術問題的初創公司，也是美國第一批獲得許可的證書授權機構（CAs）之一。他是第三位員工，負責各種 CA 系統的整體運營、戰略技術開發、實施和維護。