did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780849315091

Protocols for Secure Electronic Commerce, Second Edition

by ;
  • ISBN13:

    9780849315091

  • ISBN10:

    0849315093

  • Edition: 2nd
  • Format: Hardcover
  • Copyright: 2003-11-24
  • Publisher: CRC Press

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $175.00 Save up to $134.80
  • Rent Book $110.25
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

The continued growth of e-commerce mandates the emergence of new technical standards and methods that will securely integrate online activities with pre-existing infrastructures, laws and processes. Protocols for Secure Electronic Commerce, Second Edition addresses the security portion of this challenge. It is a full compendium of the protocols for securing online commerce and payments, serving as an invaluable resource for students and professionals in the fields of computer science and engineering, IT security, and financial and banking technology.The initial sections provide a broad overview of electronic commerce, money, payment systems, and business-to-business commerce, followed by an examination of well-known protocols (SSL, TLS, WTLS, and SET). The book also explores encryption algorithms and methods, EDI, micropayment, and multiple aspects of digital money.Like its predecessor, this edition is a general analysis that provides many references to more technical resources. It delivers extensive revisions of previous chapters, along with new chapters on electronic commerce in society, new e-commerce systems, and the security of integrated circuit cards.

Table of Contents

1 Overview of Electronic Commerce
Abstract
1(1)
1.1 What Is Electronic Commerce?
1(2)
1.2 Categories of Electronic Commerce
3(5)
1.2.1 Examples of Business-to-Business Commerce
4(1)
1.2.2 Examples of Business-to-Consumer Commerce
5(2)
1.2.3 Examples of Neighborhood Commerce and Payments to Automatic Machines
7(1)
1.2.4 Examples of Peer-to-Peer Commerce
8(1)
1.3 The Influence of the Internet
8(5)
1.3.1 Some Leading Examples
8(1)
1.3.2 Internet and Transactional Security
9(2)
1.3.3 Putting the Internet in Perspective
11(2)
1.4 Infrastructure for Electronic Commerce
13(2)
1.5 Network Access
15(6)
1.5.1 Wireline Access
16(1)
1.5.2 Wireless Access
16(1)
1.5.3 Traffic Multiplexing
17(4)
1.6 Consequences of E-Commerce
21(4)
1.6.1 Clients
21(1)
1.6.2 Suppliers
22(1)
1.6.3 Substitutes
22(1)
1.6.4 New Entrants
23(1)
1.6.5 Banks
24(1)
1.6.6 Role of Governments
24(1)
1.7 Summary
25(1)
Questions
25(2)
2 Money and Payment Systems
Abstract
27(1)
2.1 The Mechanisms of Classical Money
27(2)
2.2 Instruments of Payment
29(17)
2.2.1 Cash
31(2)
2.2.2 Checks
33(4)
2.2.3 Credit Transfers
37(3)
2.2.4 Direct Debit
40(1)
2.2.5 Interbank Transfers
41(1)
2.2.6 Bills of Exchange
42(1)
2.2.7 Payment Cards
42(4)
2.3 Types of Dematerialized Monies
46(3)
2.3.1 Electronic Money
46(1)
2.3.2 Virtual Money
47(1)
2.3.3 Digital Money
48(1)
2.4 Purses and Holders
49(4)
2.4.1 Electronic Purses and Electronic Token (Jeton) Holders
49(1)
2.4.2 Virtual Purses and Virtual Jeton Holders
50(1)
2.4.3 Diffusion of Electronic Purses
51(2)
2.5 Transactional Properties of Dematerialized Currencies
53(2)
2.5.1 Anonymity
54(1)
2.5.2 Traceability
55(1)
2.6 Overall Comparison of the Means of Payment
55(2)
2.7 The Practice of Dematerialized Money
57(8)
2.7.1 Protocols of Systems of Dematerialized Money
57(5)
2.7.2 Direct Payments to the Merchant
62(1)
2.7.3 Payment via an Intermediary
62(3)
2.8 Banking Clearance and Settlement
65(4)
2.8.1 United States
66(1)
2.8.2 United Kingdom
67(1)
2.8.3 France
68(1)
2.9 Summary
69(1)
Question
70(1)
3 Algorithms and Architectures for Security
Abstract
71(1)
3.1 Security of Commercial Transactions
71(1)
3.2 Security of Open Financial Networks
72(1)
3.3 Security Objectives
73(2)
3.4 OSI Model for Cryptographic Security
75(3)
3.4.1 OSI Reference Model
75(1)
3.4.2 Security Services: Definitions and Locations
75(3)
3.5 Security Services at the Link Layer
78(1)
3.6 Security Services at the Network Layer
79(3)
3.7 Security Services at the Application Layer
82(1)
3.8 Message Confidentiality
83(3)
3.8.1 Symmetric Cryptography
83(1)
3.8.2 Public Key Cryptography
84(2)
3.9 Data Integrity
86(8)
3.9.1 Verification of the Integrity with a One-Way Hash Function
87(1)
3.9.2 Verification of the Integrity with Public Key Cryptography
88(3)
3.9.3 Blind Signature
91(1)
3.9.4 Verification of the Integrity with Symmetric Cryptography
91(3)
3.10 Identification of the Participants
94(8)
3.10.1 Biometric Identification
94(6)
3.10.1.1 Voice Recognition
95(1)
3.10.1.2 Handwritten Recognition
96(1)
3.10.1.3 Keystroke Recognition
96(1)
3.10.1.4 Retinal Recognition
97(1)
3.10.1.5 Iris Recognition
97(1)
3.10.1.6 Face Recognition
98(1)
3.10.1.7 Fingerprint Recognition
99(1)
3.10.1.8 Recognition of Hand Geometry
100(1)
3.10.2 Summary and Evaluation
100(2)
3.11 Authentication of the Participants
102(2)
3.12 Access Control
104(2)
3.13 Denial of Service
106(2)
3.14 Nonrepudiation
108(2)
3.14.1 Time-Stamping and Sequence Numbers
109(1)
3.15 Secure Management of Cryptographic Keys
110(3)
3.15.1 Production and Storage
110(1)
3.15.2 Distribution
111(1)
3.15.3 Utilization, Withdrawal, and Replacement
111(1)
3.15.4 Key Revocation
112(1)
3.15.5 Deletion, Backup, and Archiving
112(1)
3.15.6 Comparison between Symmetric and Public Key Cryptography
112(1)
3.16 Exchange of Secret Keys: Kerberos
113(4)
3.16.1 Message (1) - Request of a Session Ticket
114(1)
3.16.2 Message (2) - Acquisition of a Session Ticket
114(1)
3.16.3 Message (3) - Request of a Service Ticket
115(1)
3.16.4 Message (4) - Acquisition of the Service Ticket
115(1)
3.16.5 Message (5) - Service Request
116(1)
3.16.6 Message (6) - Optional Response of the Server
117(1)
3.17 Public Key Kerberos
117(1)
3.17.1 Where To Find Kerberos?
118(1)
3.18 Exchange of Public Keys
118(1)
3.18.1 Diffie-Hellman Exchange
118(1)
3.19 ISAKMP (Internet Security Association and Key Management Protocol)
119(2)
3.20 SKIP (Simple Key Management for Internet Protocols)
121(1)
3.21 Key Exchange Algorithm
121(1)
3.22 Certificate Management
122(21)
3.22.1 Basic Operation
125(1)
3.22.2 Description of an X.509 Certificate
126(2)
3.22.3 Certification Path
128(1)
3.22.4 Hierarchical Certification Path
128(3)
3.22.5 Nonhierarchical Certification Path
131(1)
3.22.6 Cross-Certification
131(2)
3.22.7 Online Management of Certificates
133(1)
3.22.8 Banking Applications
133(1)
3.22.9 Example: VeriSign
134(4)
3.22.9.1 Certificate Classes
135(1)
3.22.9.2 Operational Life
136(1)
3.22.9.3 Revocation
136(1)
3.22.9.4 Archival
137(1)
3.22.9.5 Recovery
137(1)
3.22.9.6 Liability
137(1)
3.22.10 Procedures for Strong Authentication
138(2)
3.22.10.1 One-Way Authentication
138(1)
3.22.10.2 Two-Way Authentication
139(1)
3.22.10.3 Three-Way Authentication
139(1)
3.22.11 Certificate Revocation
140(1)
3.22.12 Attribute Certificates
141(2)
3.22.13 Audits
143(1)
3.23 Encryption Cracks
143(3)
3.24 Summary
146(1)
3.25 Appendix I: Principles of Symmetric Encryption
147(8)
3.25.1 Modes of Algorithm Utilization for Block Encryption
147(6)
3.25.2 Examples of Symmetric Block Encryption Algorithms
153(2)
3.25.2.1 Advanced Encryption Standard (AES)
153(1)
3.25.2.2 Data Encryption Standard (DES)
154(1)
3.25.2.3 Triple DES
154(1)
3.25.2.4 IDEA
154(1)
3.25.2.5 SKIPJACK
154(1)
3.26 Appendix II: Principles of Public Key Encryption
155(6)
3.26.1 RSA
156(1)
3.26.1.1 Practical Considerations
157(1)
3.26.2 Public Key Cryptography Standards (PKCS)
157(2)
3.26.3 Pretty Good Privacy (PGP)
159(1)
3.26.4 Elliptic Curve Cryptography (ECC)
159(2)
3.27 Appendix III: Principles of the Digital Signature Algorithm (DSA)
161(1)
3.28 Appendix IV: Comparative Data
162(4)
3.28.1 Performance Data for JSAFE 1.1
163(1)
3.28.2 Performance for S /WAN
164(1)
3.28.3 Performance for BSAFETM 3.0
165(1)
3.28.4 Performance for BSAFETM 4.1
166(1)
Questions
166(7)
4 Business-to-Business Commerce
Abstract
173(1)
4.1 Overview of Business-to-Business Commerce
174(3)
4.2 Examples of Business-to-Business Electronic Commerce
177(4)
4.2.1 A Short History of Business-to-Business Electronic Commerce
177(1)
4.2.2 Banking Applications
178(1)
4.2.3 Aeronautical Applications
178(1)
4.2.4 Applications in the Automotive Industry
179(1)
4.2.5 Other Examples
180(1)
4.2.6 Effect of the Internet
180(1)
4.3 Business-to-Business Electronic Commerce Platforms
181(1)
4.4 Obstacles Facing Business-to-Business Electronic Commerce
182(2)
4.5 Business-to-Business Electronic Commerce Systems
184(3)
4.5.1 Generation and Reception of Structured Data
185(2)
4.5.2 Management of the Distribution
187(1)
4.5.3 Management of Security
187(1)
4.6 Structured Alphanumeric Data
187(8)
4.6.1 Definitions
188(1)
4.6.2 ANSI X12
189(1)
4.6.3 EDIFACT
190(5)
4.6.3.1 UNB / UNZ and UIB / UIZ Segments
191(1)
4.6.3.2 UNH / UNT Segments
192(1)
4.6.3.3 UNS Segment
193(1)
4.6.3.4 UNG/UNE Segments
193(1)
4.6.3.5 UNO/UNP Segments
193(1)
4.6.3.6 Structure of an Interchange
194(1)
4.6.3.7 Partial List of EDIFACT Messages
194(1)
4.6.3.8 Interactive EDIFACT
195(1)
4.6.4 Structural Comparison between X12 and EDIFACT
195(1)
4.7 Structured Documents or Forms
195(8)
4.7.1 SGML
197(1)
4.7.2 XML
198(1)
4.7.3 Integration of XML with Alphanumeric EDI
198(5)
4.7.3.1 BizTalk®
200(1)
4.7.3.2 Commerce XML (cXML)
200(1)
4.7.3.3 Electronic Business XML (ebXML)
201(1)
4.7.3.4 SAML (Security Assertion Markup Language)
201(1)
4.7.3.5 SOAP (Simple Object Access Protocol)
202(1)
4.7.3.6 UDDI (Universal Description, Discovery, and Integration)
202(1)
4.7.3.7 WSDL (Web Services Description Language)
203(1)
4.8 EDI Messaging
203(3)
4.8.1 X.400
203(1)
4.8.2 Internet (SMTP/MIME)
204(2)
4.9 Security of EDI
206(17)
4.9.1 X12 Security
207(2)
4.9.2 EDIFACT Security 208
4.9.2.1 Security of EDIFACT Documents Using In-Band Segments
209(4)
4.9.2.2 Security of EDIFACT Documents with Out-of-Band Segments: The AUTACK Message
213(3)
4.9.3 IETF Proposals
216(4)
4.9.3.1 PGP/MIME Encrypted and Signed
217(2)
4.9.3.2 S/MIME Message Encrypted and Signed
219(1)
4.9.4 Protocol Stacks for EDI Messaging
220(1)
4.9.5 Interoperability of Secured EDI and 5/MIME
221(2)
4.9.6 Security of XML Exchanges
223(1)
4.10 Relation of EDI with Electronic Funds Transfer
223(5)
4.10.1 Funds Transfer with EDIFACT
226(2)
4.10.2 Funds Transfer with X12
228(1)
4.11 Electronic Billing
228(1)
4.12 EDI Integration with Business Processes
229(1)
4.13 Standardization of the Exchanges of Business-to-Business Electronic Commerce
230(6)
4.13.1 EDI /EDIFACT
230(4)
4.13.2 XML/EDI Integration
234(1)
4.13.2.1 CEFACT
234(1)
4.13.2.2 CommerceNet
234(1)
4.13.2.3 IETF (Internet Engineering Task Force)
234(1)
4.13.2.4 Open Buying on the Internet (OBI)
234(1)
4.13.2.5 Open Trading Protocol (OTP) Consortium
234(1)
4.13.2.6 Organization for the Advancement of Structured Information Standards (OASIS)
235(1)
4.13.2.7 RosettaNet
235(1)
4.13.3 XML
235(1)
4.14 Summary
236(1)
Questions
236(3)
5 SSL (Secure Sockets Layer)
Abstract
239(1)
5.1 General Presentation of the SSI Protocol
239(4)
5.1.1 Functional Architecture
240(1)
5.1.2 SSL Security Services
241(2)
5.1.2.1 Authentication
242(1)
5.1.2.2 Confidentiality
242(1)
5.1.2.3 Integrity
243(1)
5.2 SSL Subprotocols
243(18)
5.2.1 SSL Exchanges
244(3)
5.2.1.1 State Variables of an SSL Session
245(1)
5.2.1.2 State Variables of an SSL Connection
246(1)
5.2.2 Synopsis of Parameters Computation
247(2)
5.2.3 The Handshake Protocol
249(9)
5.2.3.1 General Operation
249(1)
5.2.3.2 Opening of a New Session
249(1)
5.2.3.3 Identification of the Cipher Suites
249(3)
5.2.3.4 Authentication of the Server
252(1)
5.2.3.5 Exchange of Secrets
253(2)
5.2.3.6 Verification and Confirmation by the Server
255(1)
5.2.3.7 Summary: Session Establishment
255(1)
5.2.3.8 Connection Establishment
255(3)
5.2.4 The ChangeCipherSpec Protocol
258(1)
5.2.5 The Record Protocol
258(1)
5.2.6 The Alert Protocol
259(2)
5.2.7 Summary
261(1)
5.3 Example of SSL Processing
261(13)
5.3.1 Assumptions
262(1)
5.3.2 Establishment of a New Session
263(7)
5.3.2.1 Message Size
263(1)
5.3.2.2 ClientHello Message
263(1)
5.3.2.3 ServerHello Message
264(1)
5.3.2.4 Certificate Message
264(1)
5.3.2.5 ClientKeyExchange Message
265(1)
5.3.2.6 Calculation of the Cipher Suite
265(2)
5.3.2.7 ServerHelloDone Message
267(1)
5.3.2.8 Finished Message
267(1)
5.3.2.9 Processing at the Record Layer
268(2)
5.3.3 Processing of Application Data
270(1)
5.3.3.1 MAC Computation and Encryption
270(1)
5.3.3.2 Decryption and Verification of the Data
270(1)
5.3.4 Connection Establishment
271(8)
5.3.4.1 Connection Establishment in an Existing Session
271(1)
5.3.4.2 Session Refresh
272(1)
5.3.4.3 Summary
273(1)
5.4 Performance Acceleration
274(2)
5.5 Implementations
276(1)
5.6 Summary
277(1)
Questions
278(1)
Appendix 5.1 Structures of the Handshake Messages
A5.1 Messages of the Handshake
279(6)
A5.1.1 Header
279(1)
A5.1.2 HelloRequest
280(1)
A5.1.3 ClientHello
280(1)
A5.1.4 ServerHello
281(1)
A5.1.5 Certificate
281(1)
A5.1.6 ServerKeyExchange
281(1)
A5.1.7 CertificateRequest
282(1)
A5.1.8 ServerHelloDone
283(1)
A5.1.9 ClientKeyExchange
283(1)
A5.1.10 CertificateVerify
284(1)
A5.1.11 Finished
284(1)
6 TLS (Transport Layer Security) and WTLS (Wireless Transport Layer Security)
Abstract
285(1)
6.1 From SSL to TLS
285(5)
6.1.1 Start of the Encryption of Transmitted Data
286(1)
6.1.2 The Available Cipher Suite
286(1)
6.1.3 Computation of MasterSecret and the Derivation of Keys
286(2)
6.1.4 Alert Messages
288(1)
6.1.5 Responses to Record Blocks of Unknown Type
289(1)
6.2 WTLS
290(15)
6.2.1 Architecture
290(2)
6.2.2 From TLS to WTLS
292(7)
6.2.2.1 The Formats of Identifiers and Certificates
293(1)
6.2.2.2 Cryptographic Algorithms
294(1)
6.2.2.3 The Content of Some Handshake Messages
295(1)
6.2.2.4 The Exchange Protocol during the Handshake
296(1)
6.2.2.5 Calculation of Secrets
297(2)
6.2.2.6 Parameter Sizes
299(1)
6.2.2.7 Alert Messages
299(1)
6.2.2.8 Record
299(1)
6.2.3 Service Constraints
299(12)
6.2.3.1 Possible Location of the WAP/Web Gateway
300(1)
6.2.3.2 ITLS
301(1)
6.2.3.3 NAETEA
302(3)
6.3 Summary
305(1)
Questions
306(1)
7 The SET Protocol
Abstract
307(1)
7.1 SET Architecture
308(3)
7.2 Security Services of SET
311(5)
7.2.1 Cryptographic Algorithms
312(2)
7.2.2 The Method of the Dual Signature
314(2)
7.3 Certification
316(10)
7.3.1 Certificate Management
316(4)
7.3.1.1 Cardholder Certificate
318(1)
7.3.1.2 Merchant Certificates
319(1)
7.3.1.3 Certificate of Financial Agents
319(1)
7.3.1.4 Certificates of the Root Authority
319(1)
7.3.1.5 Certificate Durations
320(1)
7.3.2 Registration of the Participants
320(6)
7.3.2.1 Cardholder Registration
320(5)
7.3.2.2 Merchant Registration
325(1)
7.4 Purchasing Transaction
326(11)
7.4.1 SET Payment Messages
327(2)
7.4.2 Transaction Progress
329(14)
7.4.2.1 Initialization
329(1)
7.4.2.2 Order Information and Payment Instruction
330(4)
7.4.2.3 Authorization Request
334(1)
7.4.2.4 Granting Authorization
334(2)
7.4.2.5 Capture
336(1)
7.5 Optional Procedures in SET
337(1)
7.6 SET Implementations
338(1)
7.7 Evaluation
339(2)
7.8 Summary
341(1)
Questions
341(2)
8 Composite Solutions
Abstract
343(1)
8.1 C-SET and Cyber-COMM
343(10)
8.1.1 General Architecture of C-SET
344(2)
8.1.2 Cardholder Registration
346(2)
8.1.3 Distribution of the Payment Software
348(1)
8.1.4 Purchase and Payment
348(3)
8.1.5 Encryption Algorithms
351(1)
8.1.6 Interoperability of SET and C-SET
352(1)
8.1.6.1 Case 1: Cardholder Is C-SET Certified and Merchant Is SET Certified
352(1)
8.1.6.2 Case 2: SET-Certified Cardholder and C-SET-Certified Merchant
352(1)
8.2 Hybrid SSL/SET Architecture
353(9)
8.2.1 Hybrid Operation SET/SSL
356(2)
8.2.2 Transaction Flows
358(3)
8.2.2.1 SSL Session between the Client and the Intermediary
358(2)
8.2.2.2 Payment Authorization
360(1)
8.2.2.3 Notification of the Merchant and the Client
360(1)
8.2.2.4 Financial Settlement
360(1)
8.2.3 Evaluation of the Hybrid Mode SET/SSL
361(1)
8.3 3-D Secure
362(7)
8.3.1 Enrollment
364(1)
8.3.2 Purchase and Payment Protocol
365(2)
8.3.3 Clearance and Settlement
367(1)
8.3.4 Security
368(1)
8.4 Payments with CD-ROM
369(1)
8.5 Summary
370(1)
Questions
370(1)
9 Micropayments and Face-to-Face Commerce
Abstract
371(1)
9.1 Characteristics of Micropayment Systems
372(1)
9.2 Potential Applications
373(1)
9.3 Chipper°
374(2)
9.4 GeldKarte
376(5)
9.4.1 Registration and Loading of Value
377(1)
9.4.2 Payment
377(3)
9.4.3 Security
380(1)
9.5 Mondex
381(3)
9.5.1 Loading of Value
382(1)
9.5.2 Payment
382(1)
9.5.3 Security
383(1)
9.5.4 Pilot Experiments
384(1)
9.6 Proton
384(2)
9.6.1 Loading of Value
385(1)
9.6.2 Payment
385(1)
9.6.3 International Applications
386(1)
9.7 Harmonization of Electronic Purses
386(3)
9.7.1 Authentication of the Purse by the Issuer
387(1)
9.7.2 Loading of Value
388(1)
9.7.3 Point-of-Sales Payments
388(1)
9.8 Summary
389(2)
Questions
10 Remote Micropayments
Abstract
391(1)
10.1 Security without Encryption: First Virtual
392(3)
10.1.1 Buyer's Subscription
392(1)
10.1.2 Purchasing Protocol
392(2)
10.1.3 Acquisition and Financial Settlement
394(1)
10.1.4 Security
394(1)
10.1.5 Evaluation
395(1)
10.2 NetBi11
395(7)
10.2.1 Registration and Loading of Value
395(1)
10.2.2 Purchase
396(5)
10.2.2.1 Negotiation
398(1)
10.2.2.2 Order
398(1)
10.2.2.3 Delivery
398(1)
10.2.2.4 Payment
399(2)
10.2.3 Financial Settlement
401(1)
10.2.4 Evaluation
401(1)
10.3 KLELine
402(6)
10.3.1 Registration
403(1)
10.3.2 Purchase and Payment
403(3)
10.3.3 Financial Settlement
406(1)
10.3.4 Evaluation
406(1)
10.3.5 Evaluation and Evolution
407(1)
10.4 Millicent
408(7)
10.4.1 Secrets
409(1)
10.4.2 Description of the Scrip
409(2)
10.4.3 Registration and Loading of Value
411(1)
10.4.4 Purchase
412(2)
10.4.5 Evaluation
414(1)
10.5 PayWord
415(6)
10.5.1 Registration and the Loading of Value
416(1)
10.5.2 Purchase
417(2)
10.5.2.1 Commitment
417(1)
10.5.2.2 Delivery
418(1)
10.5.3 Financial Settlement
419(1)
10.5.4 Computational Load
419(2)
10.5.4.1 Load on the Broker
419(1)
10.5.4.2 Load on the User
420(1)
10.5.4.3 Load on the Vendor
420(1)
10.5.5 Evaluation
421(1)
10.6 MicroMint
421(3)
10.6.1 Registration and Loading of Value
422(1)
10.6.2 Purchase
422(1)
10.6.3 Financial Settlement
422(1)
10.6.4 Security
422(2)
10.6.4.1 Protection against Forgery
423(1)
10.6.4.2 Protection against Coin Theft
423(1)
10.6.4.3 Protection against Double Spending
424(1)
10.6.5 Evaluation
424(1)
10.7 eCoin
424(1)
10.8 Comparison of the Different First-Generation Remote Micropayment Systems
425(2)
10.9 Second-Generation Systems
427(4)
10.9.1 Prepaid Cards Systems
427(1)
10.9.2 Systems Based on Electronic Mail
427(3)
10.9.2.1 PayPa1
428(2)
10.9.3 Minitel-like Systems
430(1)
Questions
431(2)
11 Digital Money
Abstract
433(1)
11.1 Building Blocks
434(11)
11.1.1 Case of Debtor Untraceability
434(4)
11.1.1.1 Loading of Value
435(1)
11.1.1.2 Purchase
436(1)
11.1.1.3 Deposit and Settlement
436(1)
11.1.1.4 Improvement of Protection
436(2)
11.1.2 Case of Creditor Untraceability
438(1)
11.1.3 Mutual Untraceablity
438(1)
11.1.4 Description of Digital Denominations
439(3)
11.1.5 Detection of Counterfeit (Multiple Spending)
442(3)
11.1.5.1 Loading of Value
443(1)
11.1.5.2 Purchasing
444(1)
11.1.5.3 Financial Settlement and Verification
444(1)
11.1.5.4 Proof of Double Spending
444(1)
11.2 DigiCash (Ecash)
445(4)
11.2.1 Registration
446(1)
11.2.2 Loading of Value
446(1)
11.2.3 Purchase
447(1)
11.2.4 Financial Settlement
448(1)
11.2.5 Delivery
448(1)
11.2.6 Evaluation
449(1)
11.3 NetCash
449(6)
11.3.1 Registration and Value Purchase
450(1)
11.3.2 Purchase
450(1)
11.3.3 Extensions of NetCash
451(3)
11.3.4 Evaluation
454(1)
11.4 Summary
455(1)
Questions
456(1)
12 Dematerialized Checks
Abstract
457(1)
12.1 Classical Processing of Paper Checks
458(1)
12.1.1 Checkbook Delivery
458(1)
12.1.2 Check Processing
458(1)
12.2 Dematerialized Processing of Paper-Based Checks
459(3)
12.2.1 Electronic Check Presentment
460(1)
12.2.2 Point-of-Sale Check Approval
461(1)
12.2.3 Check Imaging
461(1)
12.3 NetCheque
462(4)
12.3.1 Registration
463(1)
12.3.2 Payment and Financial Settlement
464(2)
12.4 Bank Internet Payment System (BIPS)
466(4)
12.4.1 Types of Transactions
466(1)
12.4.2 BIPS Service Architecture
467(3)
12.5 eCheck
470(4)
12.5.1 Payment and Settlement
470(3)
12.5.2 Representation of eChecks
473(1)
12.6 Comparison of Virtual Checks with Bankcards
474(2)
12.7 Summary
476(1)
Questions
477(2)
13 Security of Integrated Circuit Cards
Abstract
479(1)
13.1 Overview
479(5)
13.1.1 Classification of Smart Cards and Their Applications
480(2)
13.1.2 Integrated-Circuit Cards with Contacts
482(1)
13.1.3 Contactless Integrated-Circuit Cards
482(2)
13.2 Description of Integrated-Circuit Cards
484(2)
13.2.1 Memory Types
484(1)
13.2.2 Operating Systems
485(1)
13.3 Standards for Integrated-Circuit Cards
486(3)
13.3.1 ISO Standards
486(1)
13.3.2 EMV (EuroPay, MasterCard, Visa)
487(2)
13.3.2.1 Properties of Encryption Keys
488(1)
13.3.2.2 Migration to EMV
488(1)
13.4 Security of Microprocessor Cards
489(15)
13.4.1 Security during Production
489(3)
13.4.2 Physical Security of the Card during Usage
492(1)
13.4.3 Logical Security of the Card during Usage
493(3)
13.4.3.1 Authentication with Symmetric Encryption
493(1)
13.4.3.2 Authentication with Public-Key Encryption
494(2)
13.4.4 Examples of Authentication
496(7)
13.4.4.1 Memory Card Reader for the Minitel
496(1)
13.4.4.2 Smart Card of French Banks
497(1)
13.4.4.3 EMV Card
498(5)
13.4.5 Evaluation
503(1)
13.5 Multiapplication Smart Cards
504(5)
13.5.1 File System of ISO/IEC 7816-4
504(2)
13.5.2 The Swedish Electronic Identity Card
506(1)
13.5.3 Management of Applications in Multiapplication Cards
506(3)
13.5.3.1 Secondary Applications Controlled by the Primary Application
507(1)
13.5.3.2 Federation of Several Applications under a Central Authority
507(1)
13.5.3.3 Independent Multiapplications on the Same Card
508(1)
13.6 Integration of Smart Cards with Computer Systems
509(3)
13.6.1 OpenCard Framework
510(1)
13.6.2 PC/SC
511(1)
13.7 Limits on Security
512(3)
13.7.1 Logical (Noninvasive) Attacks
512(1)
13.7.2 Physical (Destructive) Attacks
513(1)
13.7.3 Attacks due to Negligence in the Implementation
513(1)
13.7.4 Attacks against the Chip-Reader Communication Channel
514(1)
13.8 Summary
515(2)
Questions
517(2)
14 Systems of Electronic Commerce
Abstract
519(1)
14.1 SEMPER
519(4)
14.1.1 SEMPER Architecture
520(2)
14.1.2 Payment Terminology in SEMPER
522(1)
14.1.3 The Payment Manager
523(1)
14.2 CAFE
523(3)
14.3 JEPI
526(1)
14.4 PICS and P3P
526(1)
14.5 Analysis of User Behavior
527(1)
14.6 Fidelity Cards
528(1)
14.7 Quality of Service Considerations
529(1)
14.8 Summary
530(1)
Questions
531(2)
15 Electronic Commerce in Society
Abstract
533(1)
15.1 Communication Infrastructure
534(2)
15.2 Harmonization and Standardization
536(1)
15.3 Issuance of Electronic Money
537(1)
15.4 Protection of Intellectual Property
538(1)
15.5 Electronic Surveillance and Privacy
539(4)
15.6 Filtering and Censorship
543(1)
15.7 Taxation of Electronic Commerce
544(1)
15.8 Fraud Prevention
545(1)
15.9 Archives Dematerialization
545(2)
Questions
547(2)
Web Sites
General
549(1)
Standards
549(1)
Encryption
550(1)
Kerberos
550(1)
Certification
551(1)
Biometrics
551(2)
General
551(1)
Standards Organizations
552(1)
Products
552(1)
Face Recognition
552(1)
Fingerprints
552(1)
Iris Scan
553(1)
Hand Geometry
553(1)
Keyboard Recognition
553(1)
Retinal Scan
553(1)
Speech Recognition
553(1)
EDIFACT
553(1)
XML
554(1)
Integration XML/EDIFACT
554(1)
SSL/TLS/WTLS
555(1)
SET
555(1)
Purses
555(1)
Micropayments
556(1)
Smart (Microprocessor) Cards
556(1)
Electronic and Virtual Checks
557(1)
SEMPER
558(1)
Labeling Organizations
558(1)
Organizations
559(2)
Acronyms 561(14)
References 575(22)
Index 597

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program