rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780134763422

Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption

by ;
  • ISBN13:

    9780134763422

  • ISBN10:

    0134763424

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2001-01-01
  • Publisher: Prentice Hall
  • View Upgraded Edition
  • Purchase Benefits
List Price: $49.99

Summary

A guide to Building encryption and authentication technology into an online system used for electronic commerce. Covers both technical and legal issues.

Table of Contents

Foreword xv(4)
Foreword xix(4)
Preface xxiii
Chapter 1 Introduction
1(12)
1.1 Electronic Risks
2(4)
1.2 Paper-based Commerce and Electronic Commerce
6(1)
1.3 Secure Electronic Commerce--The Time Has Come
7(3)
1.4 Roadmap to this Book
10(3)
Chapter 2 The Internet
13(22)
2.1 Computer Networking
14(4)
Distributed Applications
14(1)
Computer Networks
15(2)
The Internet
17(1)
2.2 Internet Applications
18(3)
Electronic Messaging
19(1)
The World Wide Web
20(1)
2.3 The Internet Community
21(6)
The Internet Activities Board and Internet Standards
23(1)
The InterNIC
24(1)
Service Providers
24(1)
Internet Publications
25(1)
Working Together for Security
26(1)
2.4 Electronic Commerce on the Internet
27(2)
EDI on the Internet
27(2)
Open Electronic Commerce
29(1)
2.5 Example Transaction Scenarios
29(2)
2.6 Summary
31(4)
Chapter 3 Business and Legal Principles
35(58)
3.1 The Electronic Commerce Transaction
36(1)
3.2 Creating a Binding Commitment
37(1)
Functional Equivalence
37(1)
Sources of Law
38(1)
3.3 Validity and Enforceability of Agreements
39(7)
Offer and Acceptance
40(2)
Consideration
42(1)
Statutes of Frauds
42(3)
Performance
45(1)
Compliance
45(1)
Breach
46(1)
3.4 Enforcement
46(5)
Liability and Damages
47(1)
Evidence
48(3)
3.5 Other Legal Issues
51(6)
Notice and Conspicuousness
51(2)
Consumer Issues
53(1)
Personal Jurisdiction
53(1)
Negotiability
54(1)
Intellectual Property
55(1)
Illegal Bargains and Criminal Law
56(1)
3.6 Dealing with Legal Uncertainties
57(1)
3.7 Legislation and Regulation
57(1)
UN Model Law on Electronic Commerce
58(1)
UCC Article 4A--Funds Transfers
59(2)
UCC Draft Revisions
61(1)
Electronic Funds Transfer Act and Regulation E
62(1)
Digital Signature Legislation
63(1)
3.8 Guidelines
64(2)
3.9 Forms of Agreements
66(8)
Trading Partner Agreements
67(2)
Value-Added Network (VAN) Agreements
69(2)
Interconnection Agreements
71(2)
Payments Agreements
73(1)
Security Provisions in Model Agreements
73(1)
3.10 Two Business Models
74(3)
The Formalistic Model
75(1)
The Risk-Based Model
75(1)
Analysis of these Models
76(1)
3.11 Business Controls in a Digital Environment
77(1)
3.12 Summary
78(15)
Chapter 4 Information Security Technologies
93(50)
4.1 Information Security Fundamentals
93(8)
Basic Concepts
94(1)
Threats
95(2)
Safeguards
97(2)
Non-repudiation
99(2)
4.2 Introduction to Cryptography
101(10)
Symmetric Cryptosystems
102(1)
The Data Encryption Standard (DES)
103(2)
Integrity Check-Values
105(2)
Public-key Cryptosystems
107(2)
RSA Algorithm
109(2)
4.3 Digital Signatures
111(6)
RSA Digital Signatures
112(2)
The U.S. Digital Signature Standard
114(1)
Hash Functions
115(1)
Elliptic Curve Digital Signature Systems
116(1)
4.4 Key Management
117(9)
Fundamentals
117(3)
Distribution of Symmetric Keys Using Symmetric Techniques
120(2)
RSA Key Transport
122(2)
Diffie-Hellman Key Agreement
124(1)
Distribution of Public Keys
125(1)
4.5 Authentication
126(10)
Passwords and PINs
127(1)
Authentication Protocols
128(2)
Kerberos
130(3)
Address-based Authentication
133(1)
Personal Tokens
133(2)
Biometrics
135(1)
4.6 System Trust
136(1)
4.7 Summary
137(6)
Chapter 5 Internet Security
143(50)
5.1 Segmenting the Problem
144(3)
Network Security
144(1)
Application Security
145(1)
System Security
146(1)
5.2 Network Protocol Security
147(4)
Authentication Header
148(1)
Packet Encryption
149(1)
Key Management
150(1)
5.3 Firewalls
151(2)
Firewall Construction
152(1)
Virtual Private Networks
153(1)
5.4 Messaging Security
153(13)
Privacy Enhanced Mail (PEM)
156(1)
MIME Security Multiparts and Object Security Services
157(3)
S/MIME
160(4)
Pretty Good Privacy (PGP)
164(1)
X.400 Security
164(1)
Message Security Protocol (MSP)
165(1)
Comparing the Alternatives
166(1)
5.5 Web Security
166(6)
Secure Sockets Layer (SSL)
167(2)
Secure HTTP (S-HTTP)
169(1)
Downloadable Executable Software
170(2)
5.6 Security for Electronic Commerce Applications
172(4)
EDI Security
172(1)
Bank Card Payments--The SET Protocol
173(3)
Other Secure Internet Payment Models
176(1)
5.7 Internet Service Provider Agreements
176(9)
Use and Acceptance
177(1)
Service Definitions
178(1)
Lawful Use and Service Provider Control over Information Content
178(3)
Quality of Information
181(1)
Use of Other Networks
181(1)
Commercial Use and Resale of Services
182(1)
Security
182(1)
Abuse and Misuse
183(1)
Other Provisions
184(1)
5.8 Summary
185(8)
Chapter 6 Certificates
193(70)
6.1 Introduction to Public-key Certificates
194(7)
Certification Paths
196(3)
Validity Periods and Revocation
199(1)
Legal Relationships
199(2)
6.2 Public-Private Key-pair Management
201(6)
Key-pair Generation
202(1)
Private-key Protection
203(1)
Key-pair Update
203(1)
Management Requirements for Different Key-pair Types
204(3)
6.3 Certificate Issuance
207(4)
Applying for a Certificate
207(1)
Certificate Generation
208(1)
Subject Authentication
208(2)
Local Registration Authorities
210(1)
Certificate Update
211(1)
6.4 Certificate Distribution
211(3)
Certificate Accompanying Signature
212(1)
Distribution via Directory Service
212(2)
Other Distribution Methods
214(1)
6.5 X.509 Certificate Format
214(16)
Base Certificate Format
214(2)
X.500 Names
216(2)
Object Registration
218(3)
Extended (Version 3) Certificate Format
221(4)
Naming in X.509 Version 3
225(1)
Standard Certificate Extensions
226(4)
ASN.1 Notation and Encoding
230(1)
6.6 Certificate Revocation
230(9)
Requesting Revocation
231(1)
Certificate Revocation Lists (CRLs)
231(2)
Broadcast Revocation Lists
233(1)
Immediate Revocation
234(3)
Revocation Process Time-line
237(2)
6.7 X.509 Certificate Revocation List
239(8)
CRL Format
239(2)
General Extensions
241(1)
CRL Distribution Points
242(2)
Delta-CRLs
244(1)
Indirect CRLs
245(1)
Certificate Suspension
246(1)
6.8 Key-pair and Certificate Validity Periods
247(3)
Encryption-Related Key Pairs
248(1)
Digital Signature Key Pairs
248(1)
Certification Authority Signature Key Pairs
249(1)
6.9 Certification of Authorization Information
250(6)
Authorization Information in X.509 Certificates
250(1)
Attribute Certificates
251(2)
Privilege Attribute Certificates
253(2)
Simple Distributed Security Infrastructure (SDSI)
255(1)
Simple Public-Key Infrastructure (SPKI)
256(1)
6.10 Summary
256(7)
Chapter 7 Public-Key Infrastructures
263(55)
7.1 Requirements
264(1)
7.2 Certification Authority Interrelationship Structures
265(16)
General Hierarchical Structure
266(2)
General Hierarchical Structure with Additional Links
268(2)
Top-down Hierarchical Structure
270(1)
Privacy Enhanced Mail Infrastructure
271(3)
Forest of Hierarchies
274(2)
PGP's Web of Trust
276(1)
Progressive-Constraint Trust Model
277(3)
Multiply-Signed Certificates
280(1)
7.3 X.509 Certificate Policies
281(7)
The Certificate Policy Concept
282(1)
Certificate Policies Extension
283(2)
Policy Mapping Extension
285(1)
Policy Constraints Extension
286(1)
Contents of a Certificate Policy
287(1)
7.4 X.509 Name Constraints
288(2)
7.5 Certification Path Discovery and Validation
290(4)
Certification Path Discovery
290(3)
Certification Path Validation
293(1)
7.6 Certificate Management Protocols
294(1)
7.7 Legislation
294(9)
Technology
296(1)
Scope and Detail
296(2)
Writings and Signatures
298(1)
Certification Authority Quality and Standards
299(1)
Subscriber Standards
300(1)
Apportionment of Liability
300(3)
7.8 Case Studies
303(5)
SET Infrastructure
303(3)
DoD MISSI Infrastructure
306(2)
7.9 Summary
308(7)
Chapter 8 Non-repudiation
315(42)
8.1 Concept and Definition
316(5)
Non-repudiation and Traditional Legal Concepts of Repudiation
317(2)
Non-repudiation in the Digital Environment
319(2)
8.2 Types of Non-repudiation
321(5)
Non-repudiation of Origin
321(2)
Non-repudiation of Delivery
323(2)
Non-repudiation of Submission
325(1)
8.3 Activities and Roles
326(4)
Service Request
327(1)
Evidence Generation
328(1)
Evidence Transfer
328(1)
Evidence Verification
329(1)
Evidence Retention
329(1)
8.4 Mechanisms for Non-repudiation of Origin
330(6)
Originator's Digital Signature
330(2)
Digital Signature of a Trusted Third Party
332(1)
Digital Signature of Trusted Third Party on Digest
333(1)
Trusted Third-Party Token
334(1)
In-line Trusted Third Party
335(1)
Mechanism Combinations
336(1)
8.5 Mechanisms for Non-repudiation of Delivery
336(3)
Recipient Acknowledgment with Signature
336(1)
Recipient Acknowledgment with Token
337(1)
Trusted Delivery Agent
338(1)
Progressive Delivery Reports
338(1)
Non-repudiation of Submission
338(1)
8.6 Trusted Third Parties
339(5)
Public-key Certification
339(1)
Identity Confirmation
340(1)
Time-Stamping
340(1)
Evidence Retention
341(1)
Delivery Intermediation
342(1)
Dispute Resolution
342(1)
Required Attributes of Trusted Third Parties
342(1)
Notaries
342(2)
8.7 Dispute Resolution
344(4)
Technology-Based Evidence
345(1)
Expert Testimony Regarding Technology-Based Evidence
345(3)
8.8 Summary
348(9)
Chapter 9 Certification Practices
357(48)
9.1 Concepts
358(8)
Certification Practice Statement
358(1)
Some Defined Terms
359(1)
PEM Policy Statement
360(1)
X.509 Certificate Policy
361(2)
Certificate Classes
363(3)
9.2 Presentation of a Certification Practice Statement
366(2)
Context for a CPS
366(1)
Format and Structure
366(2)
References to Other Documents
368(1)
9.3 Foundation for Certification Operations
368(13)
Levels of Service
368(1)
Certificate Format
369(1)
Certification Authority Relationship Structure
370(1)
Naming
370(1)
Publication and Repository
371(1)
Inter-domain Certification
372(1)
Right to Investigate Compromises
372(1)
Trustworthiness and Security
372(2)
Financial Responsibility
374(1)
Records
375(1)
Audit
376(1)
Contingency Planning and Disaster Recovery
377(1)
Confidential Information
377(1)
Local Registration Authority (LRA) Requirements
378(1)
Termination of Operations
379(1)
Criminal Activity
380(1)
9.4 Certificate Application Procedures
381(2)
Key Generation and Protection
381(1)
Validation of Certificate Applications
382(1)
9.5 Certificate Issuance
383(2)
Certification Authority's Representations to Subscribers
383(1)
Certification Authority's Representations to Replying Parties
384(1)
9.6 Certificate Acceptance
385(2)
Representations by Subscriber upon Acceptance
385(1)
Indemnity by Subscriber
386(1)
Publication
386(1)
9.7 Use of Certificates for Digital Signature Verification
387(1)
Digital Signature Verification Process
387(1)
Writings and Signatures
388(1)
9.8 Certificate Suspension and Revocation
388(2)
9.9 Warranties and Limitations of Liability
390(3)
Warranties
390(2)
Disclaimers and Limitations on Obligations
392(1)
Damage and Loss Limitations
392(1)
No Fiduciary Relationship
392(1)
9.10 Miscellaneous Provisions
393(1)
Conflict of Provisions
393(1)
Governing Law
393(1)
Dispute Resolution
393(1)
Change Procedures
393(1)
9.11 Ongoing Evolution
394(2)
Harmonization
394(1)
Automation
395(1)
Commercial and Legislative/Regulatory Directions
396(1)
9.12 Summary
396(9)
Appendix A Internet Domain Name Dispute Policy
405(8)
A.1 Introduction
405(1)
A.2 Guidelines
406(7)
Appendix B Some Cryptographic Mechanisms
413(10)
B.1 The Data Encryption Standard (DES)
413(2)
B.2 Message Authentication Code (MAC)
415(1)
B.3 RSA Algorithm
416(1)
B.4 The Digital Signature Algorithm (DSA)
417(2)
B.5 Diffie-Hellman Key Agreement
419(4)
Appendix C ASN.1 Notation
423(8)
C.1 Introduction
423(4)
The Basic Notation
424(1)
Constructed Types
425(1)
Example of ASN.1 Usage
426(1)
C.2 The 1993 Revision to ASN.1 Notation
427(1)
C.3 ASN.1 Encoding Rules
428(1)
C.4 Object Identifiers and Registration
428(1)
Object Identifiers
428(1)
Registration Procedures
428(1)
C.5 References
429(2)
Appendix D X.509 in ASN.1 Notation
431(16)
D.1 X.509 Basic Definitions
431(5)
D.2 Standard Certificate Extensions
436(11)
Appendix E United Nations Model Law on Electronic Commerce
447(10)
Appendix F How to Obtain Referenced Documents
457(4)
F.1 American Bar Association (ABA) Publications
457(1)
F.2 American National Standards Institute (ANSI) Standards458
F.3 Internet Publications
458(1)
F.4 ISO and ISO/IEC Standards
459(1)
F.5 ITU Standards
460(1)
F.6 U.S. Federal Government Publications
460(1)
Index 461

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program