Secure Electronic Commerce - Warwick Ford, Michael Baum

Secure Electronic Commerce

Building the Infrastructure for Digital Signatures and Encryption
Buch | Softcover
640 Seiten
2000 | 2nd edition
Prentice Hall (Verlag)
978-0-13-027276-8 (ISBN)
67,30 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Revals how e-commerce transactions differ from paper-based commerce, and how to minimize the risks while maximizing the benefits. The text also provides extensive coverage of the latest security technologies and how they are applied in the business environment.
Co-authored by the leading e-commerce security specialist and a leading legal specialist in e-commerce, this book offers a complete blueprint showing companies how to implement state-of-the-art e-commerce while minimizing all the security risks involved. This new edition has been completely updated to reflect today's latest developments in digital signatures, public-key infrastructure, EDI technical standards, certification, and authentication. The book begins by introducing the underlying technologies and inherent risks of electronic commerce. It considers the role of computer networks, the Internet, EDI and email, and the challenges of ensuring that electronic transactions are resistant to fraud, traceable, and legally binding in all jurisdictions. From network security to cryptography and today's latest secure Web and messaging protocols, all of today's latest security technologies are explained in detail, from a business perspective, in language non-specialists can easily understand.

Warwick Ford, M.E., Ph.D., is Vice President for Strategic Technologies and Chief Technology Officer at VeriSign, Silicon Valley's premiere provider of identity, security, and payment services for e-commerce. Michael Baum, J.D., M.B.A., CISSP, is Vice President for Practices and External Affairs at VeriSign.

1. Introduction.


The Upside. The Downside. E-Commerce Compared with Paper-Based Commerce. Making E-Commerce Secure. Book Road Map.



2. The Internet.


Computer Networking. Internet Applications. The Internet Community. Internet Commerce. Example Transaction Scenarios. Summary.



3. Business and Legal Principles.


The Electronic Commerce Transaction. Creating a Binding Commitment. Validity and Enforceability of Agreements. Enforcement. Other Legal Issues. Dealing with Legal Uncertainties. Two Business Models. Business Controls in a Digital Environment. Summary.



4. Information Security Technologies.


Information Security Fundamentals. Introduction to Cryptography. Digital Signatures. Key Management. Authentication. System Trust. Summary.



5. Internet Security.


Segmenting the Problem. Firewalls. IPsec and Virtual Private Networks. Web Security with SSL/TLS. Other Web Security Protocols. Secure Messaging and S/MIME. Other Messaging Security Protocols. Secure Payments on the Internet. Summary.



6. Certificates.


Introduction to Public-Key Certificates. Public-Private Key-Pair Management. Certificate Issuance. Certificate Distribution. X.509 Certificate Format. Certificate Revocation. X.509 Certificate Revocation List. Key-Pair and Certificate Validity Periods. Certificate Formats Other than X.509. Certification of Authorization Information. Summary.



7. Public-Key Infrastructure.


PKI for the Typical E-Commerce Enterprise. Certification Authority Structures: Traditional Models. Certification Authority Structures: The Generalization Model. Certificate Policies. Name Constraints. Certificate Management Protocols. PGP's Web of Trust. Some Multienterprise PKI Examples. Pragmatics of PKI Interoperation and Community Building. Summary.



8. Legislation, Regulation, and Guidelines.


General E-Commerce Legislation and Regulation. Digital Signature Laws. General E-Commerce Guidelines. PKI-Related Standards and Guidelines. Summary.



9. Non-repudiation.


Concept and Definition. Types of Non-repudiation. Activities and Roles. Mechanisms for Non-repudiation of Origin. Mechanisms for Non-repudiation of Delivery. Trusted Third Parties. Dispute Resolution. Summary.



10. Certification Policies and Practices.


Concepts. CP and CPS Topics: Introduction of a CP or CPS. CP and CPS Topics: General Provisions. CP and CPS Topics: Identification and Authentication. CP and CPS Topics: Operational Requirements. CP and CPS Topics: Physical, Procedural, and Personnel Security Controls. CP and CPS Topics: Technical Security Controls. CP and CPS Topics: Certificate and CRL Profiles. CP and CPS Topics: Specification Administration. Systematizing CP and CPS Development. Summary.



11. Public-Key Infrastructure Assessment and Accreditation.


The Role of Assessment in Public-Key Infrastructure. Evolution of Information System Assessment Criteria. Noteworthy Assessment and Accreditation Schemes. Rationalization of Assessment Schemes. Summary.



Appendix A: Forms of Agreement.


Appendix B: The U.S. Federal E-Sign Act.


Appendix C: ASN.1 Notation.


Appendix D: X.509 in ASN.1 Notation.


Appendix E: United Nations Model Law on Electronic Commerce.


Appendix F: How to Obtain Referenced Documents.


Appendix G: Legacy Application Security Standards.


Appendix H: PKI Disclosure Statement.


Appendix I: Repudiation In Law.


Appendix J: Public-Key Cryptosystems.


Appendix K: European Signature Directive.


Index.

Erscheint lt. Verlag 13.12.2000
Verlagsort Upper Saddle River
Sprache englisch
Maße 235 x 177 mm
Gewicht 1098 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-13-027276-0 / 0130272760
ISBN-13 978-0-13-027276-8 / 9780130272768
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00