"More now than ever, business has a responsibility to understand the trade-offs, costs, benefits and risks involved in choosing any particular type of information security technology. That necessary due diligence begins in Chapter 1 of this book."
Spence Abraham, United States Senate
Your e-commerce site is only as successful as it is secure Customer confidence is a prerequisite for successful e-commerce, and security is the underpinning of that confidence. To make your e-commerce deployment safe and functional, you need to know not merely the latest security technologies, but also the most current legal strategies. This revised best seller combines the advice of seasoned experts from both the technical and legal fields to help you create a winning business strategy.
Traditional business users will learn how e-commerce transactions differ from paper-based commerce, and how to minimize the risks while maximizing the benefits. Technical users will appreciate the extensive coverage of the latest security technologies and how they are applied in the business environment.
Internet and security topics:
Legal and business topics:
Newcomers will appreciate the clear explanations of the origins and development of secure e-commerce. More experienced developers can move straight to the detailed technical material. Anyone who is involved in e-commerce design, management, or operation needs Secure Electronic Commerce.
Click here for a sample chapter for this book: 0130272760.pdf
The Upside. The Downside. E-Commerce Compared with Paper-Based Commerce. Making E-Commerce Secure. Book Road Map.
Computer Networking. Internet Applications. The Internet Community. Internet Commerce. Example Transaction Scenarios. Summary.
The Electronic Commerce Transaction. Creating a Binding Commitment. Validity and Enforceability of Agreements. Enforcement. Other Legal Issues. Dealing with Legal Uncertainties. Two Business Models. Business Controls in a Digital Environment. Summary.
Information Security Fundamentals. Introduction to Cryptography. Digital Signatures. Key Management. Authentication. System Trust. Summary.
Segmenting the Problem. Firewalls. IPsec and Virtual Private Networks. Web Security with SSL/TLS. Other Web Security Protocols. Secure Messaging and S/MIME. Other Messaging Security Protocols. Secure Payments on the Internet. Summary.
Introduction to Public-Key Certificates. Public-Private Key-Pair Management. Certificate Issuance. Certificate Distribution. X.509 Certificate Format. Certificate Revocation. X.509 Certificate Revocation List. Key-Pair and Certificate Validity Periods. Certificate Formats Other than X.509. Certification of Authorization Information. Summary.
PKI for the Typical E-Commerce Enterprise. Certification Authority Structures: Traditional Models. Certification Authority Structures: The Generalization Model. Certificate Policies. Name Constraints. Certificate Management Protocols. PGP's Web of Trust. Some Multienterprise PKI Examples. Pragmatics of PKI Interoperation and Community Building. Summary.
General E-Commerce Legislation and Regulation. Digital Signature Laws. General E-Commerce Guidelines. PKI-Related Standards and Guidelines. Summary.
Concept and Definition. Types of Non-repudiation. Activities and Roles. Mechanisms for Non-repudiation of Origin. Mechanisms for Non-repudiation of Delivery. Trusted Third Parties. Dispute Resolution. Summary.
Concepts. CP and CPS Topics: Introduction of a CP or CPS. CP and CPS Topics: General Provisions. CP and CPS Topics: Identification and Authentication. CP and CPS Topics: Operational Requirements. CP and CPS Topics: Physical, Procedural, and Personnel Security Controls. CP and CPS Topics: Technical Security Controls. CP and CPS Topics: Certificate and CRL Profiles. CP and CPS Topics: Specification Administration. Systematizing CP and CPS Development. Summary.
The Role of Assessment in Public-Key Infrastructure. Evolution of Information System Assessment Criteria. Noteworthy Assessment and Accreditation Schemes. Rationalization of Assessment Schemes. Summary.
Our entry into the twenty-first century has been accompanied by the emergence of electronic commerce (e-commerce) as both an enabler and a component of business reengineering. E-commerce offers great rewards for all who embrace it. However, it also brings considerable risks for the unwary. While new technologies, with their complexities and explosive adoption rates, can be largely blamed for creating these new risks, new technologies also represent a large part of the solution, in managing and mitigating these risks. The latter technologies include, in particular, digital signatures and public-key cryptography. However, achieving secure electronic commerce requires much more than the mere application of such core technologies. It also depends upon interdependent technological, business, and legal infrastructures that are needed to enable the use of these core technologies on a large scale. Our goal in this book is to describe the ingredients and recipe for making e-commerce secure, with emphasis on the role, practical deployment, and use of these infrastructures.
Why have an engineer and a lawyer teamed up to write this book? The answer is that secure e-commerce can only be achieved through a delicate interweaving of technological safeguards and legal controls. The most critical issues cannot be understood by studying either the technological or legal aspects in isolation. Therefore, an effective treatise on this subject must draw on both technological and legal expertise.
This book is targeted at a broad audience, including business professionals, information technologists, and lawyersÑanyone who is concerned about the security of e-commerce. Readers are not expected to have substantive technological or legal backgrounds. To make this book valuable to businesspersons, consumers, bankers, product developers, service providers, legal counsel, policymakers, and students alike, we include introductory material to virtually all topics, with a view to bringing all readers up to a base knowledge threshold before addressing the more complex issues.
Since the first edition was published, there has been enormous progress in the field of secure e-commerce. While the core technologies have not changed materially, there have been significant advances in software tools and packaging, standards, legislation globally, and experience in applying the technologies described in the first edition to real-world e-commerce. In the standards arena, for example, we have seen the completion and widespread adoption of the S/MIME secure messaging specifications, IPsec virtual private network specifications, and IETF PKIX specifications for public-key infrastructure. Notable legislative activities have included diverse national and state digital signature laws, and the U.S. Federal E-Sign Act. There has also been solid progress on the assessment and accreditation of secure e-commerce infrastructure components, such as certification authorities. These advances have occurred in conjunction with a massive increase in e-commerce deployment generally, in particular, the rapid emergence of business-to-business Internet commerce. Consequently, in this edition we have focused more on those aspects of the field that are proving most important in todayÕs marketplace and that require rigorous analysis to ensure successful deployment.
We have written this book with an international audience in mind. However, the reader will observe, especially in our coverage of practices and legal issues, a predominance of coverage from the U.S. perspective. In general, we believe the problems faced globally are much the same as those faced in the United States, so we anticipate that our coverage of problems and progress in the United States will map meaningfully to developments in other nations. If we sometimes fall short in this respect, we apologize to our international colleagues.