| Preface | p. xi |
| Acknowledgments | p. xiii |
| Copyrights and Trademarks | p. xv |
| Background and Definition | p. 1 |
| Background | p. 3 |
| E-mail and Customer Service | p. 6 |
| The World Wide Web | p. 6 |
| More than Billboards | p. 8 |
| Online Sales | p. 8 |
| Worldwide Opportunity | p. 9 |
| Enter the Intranet | p. 10 |
| Security and the Internet | p. 13 |
| The Physical World vs. the Networked World | p. 15 |
| Authentication | p. 17 |
| Authorization Authentication | p. 19 |
| Privacy and Confidentiality | p. 20 |
| Data Integrity | p. 22 |
| Trust | p. 23 |
| Securing the Internet | p. 27 |
| Public Key Infrastructure | p. 41 |
| Network of Trust | p. 43 |
| Identity Verification | p. 43 |
| Technology | p. 45 |
| Applying for a Certificate | p. 46 |
| Certificate Management | p. 51 |
| Policies, Procedures, and Practices | p. 52 |
| Operations | p. 53 |
| Case Studies | p. 55 |
| Uses of Public Key Systems | p. 57 |
| Justification | p. 58 |
| Public Key Buckets | p. 60 |
| Identification | p. 61 |
| Securing Communication | p. 62 |
| Application Integration | p. 63 |
| Identification and Authentication | p. 65 |
| GE Research Center | p. 66 |
| GTE | p. 69 |
| Hewlett-Packard | p. 70 |
| Liberty Financial Companies, Inc. | p. 72 |
| State of Massachusetts | p. 77 |
| QSpace | p. 80 |
| USWeb | p. 83 |
| Securing Communication | p. 85 |
| Ultramar Diamond Shamrock | p. 87 |
| Mellon Bank | p. 89 |
| PrimeHost | p. 90 |
| Wells Fargo | p. 92 |
| Application Integration | p. 95 |
| CyberCash | p. 96 |
| E-Stamp | p. 98 |
| NetDox | p. 101 |
| Open Market, Inc. | p. 104 |
| United States Postal Service | p. 106 |
| Secure Electronic Transaction Protocol | p. 109 |
| Business Situation | p. 110 |
| How SET Works | p. 112 |
| Issues | p. 117 |
| Technical Issues | p. 119 |
| Hardware vs. Software | p. 120 |
| Interoperability | p. 122 |
| In-House vs. Outsourcing | p. 122 |
| Algorithms | p. 123 |
| Public Key Cryptography in Applications | p. 125 |
| Standards | p. 126 |
| Key Size and Key Splitting | p. 126 |
| Key Recovery/Escrow | p. 127 |
| Security Policies and Procedures | p. 128 |
| Registration Authority Functionality | p. 129 |
| Directory Services | p. 129 |
| Revocation Lists | p. 130 |
| Legal Issues | p. 131 |
| Digital Signature Legislation | p. 133 |
| Certificate Holder Responsibility | p. 134 |
| CA Responsibilities and Liabilities | p. 135 |
| CA Requirements | p. 135 |
| Technology Implications and Requirements | p. 136 |
| International Issues | p. 136 |
| Certification Practice Statements | p. 138 |
| Relying Parties | p. 139 |
| Agreements | p. 139 |
| Business Issues | p. 141 |
| Business Models and Risks | p. 142 |
| Hardware vs. Software | p. 146 |
| Interoperability and Cross Certification | p. 146 |
| In-House vs. Outsourcing | p. 146 |
| Public Key Cryptography in Applications | p. 148 |
| Key Recovery/Escrow | p. 149 |
| Security Policies and Procedures | p. 149 |
| Certificate Holder Responsibility | p. 150 |
| Developing Requirements | p. 151 |
| Product or Service? | p. 152 |
| Understanding Requirements | p. 152 |
| Futures | p. 156 |
| Budget | p. 157 |
| Pricing | p. 157 |
| Requirements Document Contents | p. 158 |
| Evaluation | p. 158 |
| Vendor Review | p. 159 |
| CA Products and Services | p. 161 |
| Atalla Corporation | p. 162 |
| BBN Corporation | p. 164 |
| CertCo | p. 167 |
| Cylink Corporation | p. 168 |
| Entrust Technologies Inc. | p. 171 |
| GTE CyberTrust Solutions Incorporated | p. 172 |
| International Business Machines Corporation (IBM) | p. 174 |
| Netscape Communications | p. 176 |
| VeriSign | p. 177 |
| Xcert Software Inc. | p. 179 |
| Application and Toolkit Vendors | p. 183 |
| E-Stamp Corporation | p. 184 |
| Products/Services Offered | p. 185 |
| Harbinger | p. 186 |
| Premenos Technology Corporation | p. 187 |
| RSA Data Security, Inc., a Security Dynamics Company | p. 189 |
| S/MIME Products | p. 191 |
| SET Vendors | p. 194 |
| Web Browser and Server Vendors | p. 196 |
| What the Future Holds | p. 197 |
| Future Applications | p. 199 |
| Remote Authentication | p. 200 |
| Internet VAN | p. 200 |
| Remote Trusted Devices | p. 201 |
| Distributed Applications | p. 202 |
| Signed Instruments | p. 202 |
| The Impact of Certificates and Digital Signatures on Business | p. 203 |
| Closing Notes | p. 204 |
| Hobbes' Internet Timeline | p. 205 |
| Trading Partner Agreement | p. 223 |
| Digital Signature Trading Partner Agreement | p. 223 |
| Digital Signature Legislation | p. 231 |
| Introduction | p. 231 |
| The Law of Signatures | p. 231 |
| Digital Signature Technology | p. 235 |
| Verifying Owners of Public Key Pairs | p. 239 |
| Legal Considerations | p. 241 |
| Overview of Liability | p. 244 |
| Liability for the Loss or Compromise of the Private Key by Subscribers | p. 245 |
| Liability of Certification Authorities | p. 246 |
| Regulatory Oversight of Certification Authorities | p. 249 |
| Technological Standards | p. 250 |
| Digital Signature Legislation | p. 251 |
| Conclusion | p. 257 |
| Digital Signature Legislation Status | p. 259 |
| State Legislation and Regulations | p. 259 |
| Federal Legislation and Regulations | p. 283 |
| International | p. 284 |
| Pointers to Pertinent Web Sites | p. 287 |
| US Government | p. 291 |
| Index | p. 295 |
| Table of Contents provided by Syndetics. All Rights Reserved. |
