Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, 2nd edition

  • Warwick Ford
  • Michael S. Baum

Unfortunately, this item is not available in your country.


"More now than ever, business has a responsibility to understand the trade-offs, costs, benefits and risks involved in choosing any particular type of information security technology. That necessary due diligence begins in Chapter 1 of this book."

—Spence Abraham, United States Senate

Your e-commerce site is only as successful as it is secure Customer confidence is a prerequisite for successful e-commerce, and security is the underpinning of that confidence. To make your e-commerce deployment safe and functional, you need to know not merely the latest security technologies, but also the most current legal strategies. This revised best seller combines the advice of seasoned experts from both the technical and legal fields to help you create a winning business strategy.

Traditional business users will learn how e-commerce transactions differ from paper-based commerce, and how to minimize the risks while maximizing the benefits. Technical users will appreciate the extensive coverage of the latest security technologies and how they are applied in the business environment.

Internet and security topics:

  • Digital signatures for secure transactions
  • Public-key infrastructure and certification policies
  • Firewalls, virtual private networks, Web and e-mail security

Legal and business topics:

  • Legal principles and practices to achieve enforceability
  • Regulations and guidelines in the U.S. and internationally
  • Non-repudiation and the role of trusted third-parties

Newcomers will appreciate the clear explanations of the origins and development of secure e-commerce. More experienced developers can move straight to the detailed technical material. Anyone who is involved in e-commerce design, management, or operation needs Secure Electronic Commerce.

Table of contents

1. Introduction.

The Upside. The Downside. E-Commerce Compared with Paper-Based Commerce. Making E-Commerce Secure. Book Road Map.

2. The Internet.

Computer Networking. Internet Applications. The Internet Community. Internet Commerce. Example Transaction Scenarios. Summary.

3. Business and Legal Principles.

The Electronic Commerce Transaction. Creating a Binding Commitment. Validity and Enforceability of Agreements. Enforcement. Other Legal Issues. Dealing with Legal Uncertainties. Two Business Models. Business Controls in a Digital Environment. Summary.

4. Information Security Technologies.

Information Security Fundamentals. Introduction to Cryptography. Digital Signatures. Key Management. Authentication. System Trust. Summary.

5. Internet Security.

Segmenting the Problem. Firewalls. IPsec and Virtual Private Networks. Web Security with SSL/TLS. Other Web Security Protocols. Secure Messaging and S/MIME. Other Messaging Security Protocols. Secure Payments on the Internet. Summary.

6. Certificates.

Introduction to Public-Key Certificates. Public-Private Key-Pair Management. Certificate Issuance. Certificate Distribution. X.509 Certificate Format. Certificate Revocation. X.509 Certificate Revocation List. Key-Pair and Certificate Validity Periods. Certificate Formats Other than X.509. Certification of Authorization Information. Summary.

7. Public-Key Infrastructure.

PKI for the Typical E-Commerce Enterprise. Certification Authority Structures: Traditional Models. Certification Authority Structures: The Generalization Model. Certificate Policies. Name Constraints. Certificate Management Protocols. PGP's Web of Trust. Some Multienterprise PKI Examples. Pragmatics of PKI Interoperation and Community Building. Summary.

8. Legislation, Regulation, and Guidelines.

General E-Commerce Legislation and Regulation. Digital Signature Laws. General E-Commerce Guidelines. PKI-Related Standards and Guidelines. Summary.

9. Non-repudiation.

Concept and Definition. Types of Non-repudiation. Activities and Roles. Mechanisms for Non-repudiation of Origin. Mechanisms for Non-repudiation of Delivery. Trusted Third Parties. Dispute Resolution. Summary.

10. Certification Policies and Practices.

Concepts. CP and CPS Topics: Introduction of a CP or CPS. CP and CPS Topics: General Provisions. CP and CPS Topics: Identification and Authentication. CP and CPS Topics: Operational Requirements. CP and CPS Topics: Physical, Procedural, and Personnel Security Controls. CP and CPS Topics: Technical Security Controls. CP and CPS Topics: Certificate and CRL Profiles. CP and CPS Topics: Specification Administration. Systematizing CP and CPS Development. Summary.

11. Public-Key Infrastructure Assessment and Accreditation.

The Role of Assessment in Public-Key Infrastructure. Evolution of Information System Assessment Criteria. Noteworthy Assessment and Accreditation Schemes. Rationalization of Assessment Schemes. Summary.

Appendix A: Forms of Agreement.

Appendix B: The U.S. Federal E-Sign Act.

Appendix C: ASN.1 Notation.

Appendix D: X.509 in ASN.1 Notation.

Appendix E: United Nations Model Law on Electronic Commerce.

Appendix F: How to Obtain Referenced Documents.

Appendix G: Legacy Application Security Standards.

Appendix H: PKI Disclosure Statement.

Appendix I: Repudiation In Law.

Appendix J: Public-Key Cryptosystems.

Appendix K: European Signature Directive.


Published by Pearson (December 4th 2000) - Copyright © 2001