| |
| |
| Forewords | |
| |
| |
| Preface | |
| |
| |
| |
| Introduction | |
| |
| |
| |
| The Upside | |
| |
| |
| |
| The Downside | |
| |
| |
| |
| E-Commerce Compared with Paper-Based Commerce | |
| |
| |
| |
| Making E-Commerce Secure | |
| |
| |
| |
| Book Road Map | |
| |
| |
| |
| The Internet | |
| |
| |
| |
| Computer Networking | |
| |
| |
| |
| Internet Applications | |
| |
| |
| |
| The Internet Community | |
| |
| |
| |
| Internet Commerce | |
| |
| |
| |
| Example Transaction Scenarios | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Business and Legal Principles | |
| |
| |
| |
| The Electronic Commerce Transaction | |
| |
| |
| |
| Creating a Binding Commitment | |
| |
| |
| |
| Validity and Enforceability of Agreements | |
| |
| |
| |
| Enforcement | |
| |
| |
| |
| Other Legal Issues | |
| |
| |
| |
| Dealing with Legal Uncertainties | |
| |
| |
| |
| Two Business Models | |
| |
| |
| |
| Business Controls in a Digital Environment | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Information Security Technologies | |
| |
| |
| |
| Information Security Fundamentals | |
| |
| |
| |
| Introduction to Cryptography | |
| |
| |
| |
| Digital Signatures | |
| |
| |
| |
| Key Management | |
| |
| |
| |
| Authentication | |
| |
| |
| |
| System Trust | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Internet Security | |
| |
| |
| |
| Segmenting the Problem | |
| |
| |
| |
| Firewalls | |
| |
| |
| |
| IPsec and Virtual Private Networks | |
| |
| |
| |
| Web Security with SSL/TLS | |
| |
| |
| |
| Other Web Security Protocols | |
| |
| |
| |
| Secure Messaging and S/MIME | |
| |
| |
| |
| Other Messaging Security Protocols | |
| |
| |
| |
| Secure Payments on the Internet | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Certificates | |
| |
| |
| |
| Introduction to Public-Key Certificates | |
| |
| |
| |
| Public-Private Key-Pair Management | |
| |
| |
| |
| Certificate Issuance | |
| |
| |
| |
| Certificate Distribution | |
| |
| |
| |
| X.509 Certificate Format | |
| |
| |
| |
| Certificate Revocation | |
| |
| |
| |
| X.509 Certificate Revocation List | |
| |
| |
| |
| Key-Pair and Certificate Validity Periods | |
| |
| |
| |
| Certificate Formats Other than X.509 | |
| |
| |
| |
| Certification of Authorization Information | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Public-Key Infrastructure | |
| |
| |
| |
| PKI for the Typical E-Commerce Enterprise | |
| |
| |
| |
| Certification Authority Structures: Traditional Models | |
| |
| |
| |
| Certification Authority Structures: The Generalized Model | |
| |
| |
| |
| Certificate Policies | |
| |
| |
| |
| Name Constraints | |
| |
| |
| |
| Certificate Management Protocols | |
| |
| |
| |
| PGP's Web of Trust | |
| |
| |
| |
| Some Multienterprise PKI Examples | |
| |
| |
| |
| Pragmatics of PKI Interoperation and Community Building | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Legislation, Regulation, and Guidelines | |
| |
| |
| |
| General E-Commerce Legislation and Regulation | |
| |
| |
| |
| Digital Signature Laws | |
| |
| |
| |
| General E-Commerce Guidelines | |
| |
| |
| |
| PKI-Related Standards and Guidelines | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Non-repudiation | |
| |
| |
| |
| Concept and Definition | |
| |
| |
| |
| Types of Non-repudiation | |
| |
| |
| |
| Activities and Roles | |
| |
| |
| |
| Mechanisms for Non-repudiation of Origin | |
| |
| |
| |
| Mechanisms for Non-repudiation of Delivery | |
| |
| |
| |
| Trusted Third Parties | |
| |
| |
| |
| Dispute Resolution | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Certification Policies and Practices | |
| |
| |
| |
| Concepts | |
| |
| |
| |
| CP and CPS Topics: Introduction of a CP or CPS | |
| |
| |
| |
| CP and CPS Topics: General Provisions | |
| |
| |
| |
| CP and CPS Topics: Identification and Authentication | |
| |
| |
| |
| CP and CPS Topics: Operational Requirements | |
| |
| |
| |
| CP and CPS Topics: Physical, Procedural, and Personnel Security Controls | |
| |
| |
| |
| CP and CPS Topics: Technical Security Controls | |
| |
| |
| |
| CP and CPS Topics: Certificate and CRL Profiles | |
| |
| |
| |
| CP and CPS Topics: Specification Administration | |
| |
| |
| |
| Systematizing CP and CPS Development | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Public-Key Infrastructure Assessment and Accreditation | |
| |
| |
| |
| The Role of Assessment in Public-Key Infrastructure | |
| |
| |
| |
| Evolution of Information System Assessment Criteria | |
| |
| |
| |
| Noteworthy Assessment and Accreditation Schemes | |
| |
| |
| |
| Rationalization of Assessment Schemes | |
| |
| |
| |
| Summary | |
| |
| |
| |
| Forms of Agreement | |
| |
| |
| |
| The U.S. Federal E-Sign Act | |
| |
| |
| |
| ASN.1 Notation | |
| |
| |
| |
| X.509 in ASN.1 Notation | |
| |
| |
| |
| United Nations Model Law on Electronic Commerce | |
| |
| |
| |
| How to Obtain Referenced Documents | |
| |
| |
| |
| Legacy Application Security Standards | |
| |
| |
| |
| PKI Disclosure Statement | |
| |
| |
| |
| Repudiation In Law | |
| |
| |
| |
| Public-Key Cryptosystems | |
| |
| |
| |
| European Signature Directive | |
| |
| |
| Index | |