2nd Edition
Security Without Obscurity A Guide to PKI Operations
Public Key Infrastructure (PKI) is an operational ecosystem that employs key management, cryptography, information technology (IT), information security (cybersecurity), policy and practices, legal matters (law, regulatory, contractual, privacy), and business rules (processes and procedures). A properly managed PKI requires all of these disparate disciplines to function together – coherently, efficiently, effectually, and successfully. Clearly defined roles and responsibilities, separation of duties, documentation, and communications are critical aspects for a successful operation. PKI is not just about certificates, rather it can be the technical foundation for the elusive "crypto-agility," which is the ability to manage cryptographic transitions. The second quantum revolution has begun, quantum computers are coming, and post-quantum cryptography (PQC) transitions will become PKI operation’s business as usual.
Errata
1. Introduction
2. Cryptography Basics
3. PKI Building Blocks
4. PKI Management and Security
5. PKI Roles and Responsibilities
6. Security Considerations
7. Operational Considerations
8. Incident Management
9. PKI Governance, Risk, and Compliance
10. PKI Industry
Bibliography
Index
Biography
Jeff Stapleton is the author of the Security Without Obscurity five-book series (CRC Press). He has over 30 years’ cybersecurity experience, including cryptography, key management, PKI, biometrics, and authentication. Jeff has participated in developing dozens of ISO, ANSI, and X9 security standards for the financial services industry. He has been an architect, assessor, auditor, author, and subject matter expert. His 30-year career includes Citicorp, MasterCard, RSA Security, KPMG, Innové, USAF Crypto Modernization Program Office, Cryptographic Assurance Services (CAS), Bank of America, and Wells Fargo Bank. He has worked with most of the payment brands, including MasterCard, Visa, American Express, and Discover. His areas of expertise include payment systems, cryptography, PKI, PQC, key management, biometrics, IAM, privacy, and zero trust architecture (ZTA). Jeff holds Bachelor of Science and Master of Science degrees in computer science from the University of Missouri. He was an instructor at Washington University (St. Louis) and was an adjunct professor at the University of Texas at San Antonio (UTSA).
W. Clay Epstein currently operates a cybersecurity consulting company Steintech LLC, specializing in Cybersecurity, Encryption Technologies, PKI, and Digital Certificates. He has international experience developing and managing public key infrastructures primarily for the financial services industry. Clay has worked as an independent Cybersecurity and PKI consultant for the past 11 years. Previously, Clay was the VP and Technical Manager at Bank of America responsible for the Bank’s global Public Key Infrastructure and Cryptography Engineering Group. Prior to Bank of America, Clay was CIO and Head of Operations at Venafi, a certificate and encryption key management company. Prior to Venafi, Clay was Senior Vice President of Product and Technology at Identrus, a global identity management network based on PKI for international financial institutions. Previously, Clay also served as Head of eCommerce Technologies for Australia and New Zealand Banking Group (ANZ) and was the CTO for Digital Signature Trust Co. Clay holds a Bachelor of Science in Computer Science degree from the University of Utah and a Master of Business Administration in Management Information Systems degree from Westminster College.
