| |
| |
Forewords | |
| |
| |
Preface | |
| |
| |
| |
Introduction | |
| |
| |
| |
The Upside | |
| |
| |
| |
The Downside | |
| |
| |
| |
E-Commerce Compared with Paper-Based Commerce | |
| |
| |
| |
Making E-Commerce Secure | |
| |
| |
| |
Book Road Map | |
| |
| |
| |
The Internet | |
| |
| |
| |
Computer Networking | |
| |
| |
| |
Internet Applications | |
| |
| |
| |
The Internet Community | |
| |
| |
| |
Internet Commerce | |
| |
| |
| |
Example Transaction Scenarios | |
| |
| |
| |
Summary | |
| |
| |
| |
Business and Legal Principles | |
| |
| |
| |
The Electronic Commerce Transaction | |
| |
| |
| |
Creating a Binding Commitment | |
| |
| |
| |
Validity and Enforceability of Agreements | |
| |
| |
| |
Enforcement | |
| |
| |
| |
Other Legal Issues | |
| |
| |
| |
Dealing with Legal Uncertainties | |
| |
| |
| |
Two Business Models | |
| |
| |
| |
Business Controls in a Digital Environment | |
| |
| |
| |
Summary | |
| |
| |
| |
Information Security Technologies | |
| |
| |
| |
Information Security Fundamentals | |
| |
| |
| |
Introduction to Cryptography | |
| |
| |
| |
Digital Signatures | |
| |
| |
| |
Key Management | |
| |
| |
| |
Authentication | |
| |
| |
| |
System Trust | |
| |
| |
| |
Summary | |
| |
| |
| |
Internet Security | |
| |
| |
| |
Segmenting the Problem | |
| |
| |
| |
Firewalls | |
| |
| |
| |
IPsec and Virtual Private Networks | |
| |
| |
| |
Web Security with SSL/TLS | |
| |
| |
| |
Other Web Security Protocols | |
| |
| |
| |
Secure Messaging and S/MIME | |
| |
| |
| |
Other Messaging Security Protocols | |
| |
| |
| |
Secure Payments on the Internet | |
| |
| |
| |
Summary | |
| |
| |
| |
Certificates | |
| |
| |
| |
Introduction to Public-Key Certificates | |
| |
| |
| |
Public-Private Key-Pair Management | |
| |
| |
| |
Certificate Issuance | |
| |
| |
| |
Certificate Distribution | |
| |
| |
| |
X.509 Certificate Format | |
| |
| |
| |
Certificate Revocation | |
| |
| |
| |
X.509 Certificate Revocation List | |
| |
| |
| |
Key-Pair and Certificate Validity Periods | |
| |
| |
| |
Certificate Formats Other than X.509 | |
| |
| |
| |
Certification of Authorization Information | |
| |
| |
| |
Summary | |
| |
| |
| |
Public-Key Infrastructure | |
| |
| |
| |
PKI for the Typical E-Commerce Enterprise | |
| |
| |
| |
Certification Authority Structures: Traditional Models | |
| |
| |
| |
Certification Authority Structures: The Generalized Model | |
| |
| |
| |
Certificate Policies | |
| |
| |
| |
Name Constraints | |
| |
| |
| |
Certificate Management Protocols | |
| |
| |
| |
PGP's Web of Trust | |
| |
| |
| |
Some Multienterprise PKI Examples | |
| |
| |
| |
Pragmatics of PKI Interoperation and Community Building | |
| |
| |
| |
Summary | |
| |
| |
| |
Legislation, Regulation, and Guidelines | |
| |
| |
| |
General E-Commerce Legislation and Regulation | |
| |
| |
| |
Digital Signature Laws | |
| |
| |
| |
General E-Commerce Guidelines | |
| |
| |
| |
PKI-Related Standards and Guidelines | |
| |
| |
| |
Summary | |
| |
| |
| |
Non-repudiation | |
| |
| |
| |
Concept and Definition | |
| |
| |
| |
Types of Non-repudiation | |
| |
| |
| |
Activities and Roles | |
| |
| |
| |
Mechanisms for Non-repudiation of Origin | |
| |
| |
| |
Mechanisms for Non-repudiation of Delivery | |
| |
| |
| |
Trusted Third Parties | |
| |
| |
| |
Dispute Resolution | |
| |
| |
| |
Summary | |
| |
| |
| |
Certification Policies and Practices | |
| |
| |
| |
Concepts | |
| |
| |
| |
CP and CPS Topics: Introduction of a CP or CPS | |
| |
| |
| |
CP and CPS Topics: General Provisions | |
| |
| |
| |
CP and CPS Topics: Identification and Authentication | |
| |
| |
| |
CP and CPS Topics: Operational Requirements | |
| |
| |
| |
CP and CPS Topics: Physical, Procedural, and Personnel Security Controls | |
| |
| |
| |
CP and CPS Topics: Technical Security Controls | |
| |
| |
| |
CP and CPS Topics: Certificate and CRL Profiles | |
| |
| |
| |
CP and CPS Topics: Specification Administration | |
| |
| |
| |
Systematizing CP and CPS Development | |
| |
| |
| |
Summary | |
| |
| |
| |
Public-Key Infrastructure Assessment and Accreditation | |
| |
| |
| |
The Role of Assessment in Public-Key Infrastructure | |
| |
| |
| |
Evolution of Information System Assessment Criteria | |
| |
| |
| |
Noteworthy Assessment and Accreditation Schemes | |
| |
| |
| |
Rationalization of Assessment Schemes | |
| |
| |
| |
Summary | |
| |
| |
| |
Forms of Agreement | |
| |
| |
| |
The U.S. Federal E-Sign Act | |
| |
| |
| |
ASN.1 Notation | |
| |
| |
| |
X.509 in ASN.1 Notation | |
| |
| |
| |
United Nations Model Law on Electronic Commerce | |
| |
| |
| |
How to Obtain Referenced Documents | |
| |
| |
| |
Legacy Application Security Standards | |
| |
| |
| |
PKI Disclosure Statement | |
| |
| |
| |
Repudiation In Law | |
| |
| |
| |
Public-Key Cryptosystems | |
| |
| |
| |
European Signature Directive | |
| |
| |
Index | |