Protocols for Secure Electronic Commerce, Third Edition presents a compendium of protocols for securing electronic commerce, or e-commerce, in consumer- and business-to-business applications. Attending to a variety of electronic payment systems currently in use around the globe, this edition:
- Updates all chapters to reflect the latest technical advances and developments in areas such as mobile commerce
- Adds a new chapter on Bitcoin and other cryptocurrencies that did not exist at the time of the previous edition's publication
- Increases the coverage of PayPal in accordance with PayPal’s amplified role for consumers and businesses
- Expands the discussion of bank cards, dedicating a full chapter to magnetic stripe cards and a full chapter to chip-and-PIN technology
Protocols for Secure Electronic Commerce, Third Edition offers a state-of-the-art overview of best practices for the security of e-commerce, complete with end-of-chapter review questions and an extensive bibliography of specialized references. A Solutions Manual and PowerPoint slides are available with qualifying course adoption.
Overview of Electronic Commerce
Electronic Commerce and Mobile Commerce
Effects of the Internet and Mobile Networks
Network Access
Barcodes
Smart Cards
Parties in Electronic Commerce
Security
Summary
Questions
Money and Payment Systems
Mechanisms of Classical Money
Payment Instruments
Types of Dematerialized Monies
Purses, Holders, and Wallets
Transactional Properties of Dematerialized Currencies
Overall Comparison of the Means of Payment
Practice of Dematerialized Money
Clearance and Settlement in Payment Systems
Drivers of Innovation in Banking and Payment Systems
Summary
Questions
Algorithms and Architectures for Security
Security of Open Financial Networks
OSI Model for Cryptographic Security
Security Services at the Link Layer
Security Services at the Network Layer
Security Services at the Application Layer
Message Confidentiality
Data Integrity
Identification of the Participants
Biometric Identification
Authentication of the Participants
Access Control
Denial of Service
Nonrepudiation
Secure Management of Cryptographic Keys
Exchange of Secret Keys: Kerberos
Public Key Kerberos
Exchange of Public Keys
Certificate Management
Authentication
Security Cracks
Summary
Appendix: Principles of Symmetric Encryption
Appendix: Principles of Public Key Encryption
Appendix: Principles of the Digital Signature Algorithm and the Elliptic Curve Digital Signature Algorithm
Questions
Business-to-Business Commerce
Drivers for Business-to-Business Electronic Commerce
Four Stages of Systems Integration
Overview of Business-to-Business Commerce
Short History of Business-to-Business Electronic Commerce
Examples of Business-to-Business Electronic Commerce
Evolution of Business-to-Business Electronic Commerce
Implementation of Business-to-Business Electronic Commerce
X12 and EDIFACT
EDI Messaging
Security of EDI
Integration of XML and Traditional EDI
New Architectures for Business-to-Business Electronic Commerce
Electronic Business (Using) Extensible Markup Language
Web Services
Relation of EDI with Electronic Funds Transfer
Summary
Questions
Transport Layer Security and Secure Sockets Layer
Architecture of SSL/TLS
SSL/TLS Security Services
SSL/TLS Subprotocols
Performance of SSL/TLS
Implementation Pitfalls
Summary
Questions
Wireless Transport Layer Security
Architecture
From TLS to WTLS
Operational Constraints
WAP and TLS Extensions
WAP Browsers
Summary
Questions
The SET Protocol
SET Architecture
Security Services of SET
Certification
Purchasing Transaction
Optional Procedures
Efforts to Promote SETs
SET versus TLS/SSL
Summary
Questions
Payments with Magnetic Stripe Cards
Point-of-Sale Transactions
Communication Standards for Card Transactions
Security of Point-of-Sale Transactions
Internet Transactions
3D Secure
Migration to EMV
Summary
Questions
Secure Payments with Integrated Circuit Cards
Description of Integrated Circuit Cards
Integration of Smart Cards with Computer Systems
Standards for Integrated Circuit Cards
Multiapplication Smart Cards
Security of Smart Cards
Payment Applications of Integrated Circuit Cards
EMV® Card
General Consideration on the Security of Smart Cards
Summary
Questions
Mobile Payments
Reference Model for Mobile Commerce
Secure Element in Mobile Phones
Barcodes
Bluetooth
Near-Field Communication
Text Messages
Bank-Centric Offers
Mobile Operator–Centric Offers
Third-Party Service Offers
Collaborative Offers
Payments from Mobile Terminals
Summary
Questions
Micropayments
Characteristics of Micropayment Systems
Standardization Efforts
Electronic Purses
Online Micropayments
Research Projects
Market Response to Micropayment Systems
Summary
Questions
PayPal
Evolution of PayPal
Personal Accounts
Business Accounts
Summary
Questions
Digital Money
Privacy with Cash and Digital Money
DigiCash (eCash)
Anonymity and Untraceability in DigiCash
Evaluation of DigiCash
Questions
Bitcoin and Cryptocurrencies
Background
Bitcoin Protocol
Operation
Risk Evaluation
Summary and Conclusions
Appendix: The Crypto Anarchist Manifesto
Appendix: Bitcoin as a Social Phenomenon
Appendix: Other Significant Cryptocurrencies
Appendix: Service Offers Based on Bitcoin
Questions
Dematerialized Checks
Processing of Paper Checks
Dematerialized Processing of Checks
Virtual Checks
Summary
Questions
Electronic Commerce in Society
Harmonization of Communication Interfaces
Governance of Electronic Money
Protection of Intellectual Property
Electronic Surveillance and Privacy
Content Filtering and Censorship
Taxation of Electronic Commerce
Trust Promotion
Archives Dematerialization
Summary
Questions
References
Websites
Biography
Mostafa Hashem Sherif is a principal member of the technical staff at AT&T in Middletown, New Jersey, USA. He received a BSc in electronics and communications and an MSc in electrical engineering from Cairo University, Egypt, in 1972 and 1975, respectively, and a PhD in engineering from the University of California, Los Angeles, USA, in 1980. In 1996, he earned a master of science in management of technology from Stevens Institute of Technology, Hoboken, New Jersey, USA. Widely published, Dr. Sherif is a senior member of the Institute of Electrical and Electronics Engineers (IEEE) and a member of the steering committee of the Kaleidoscope series of conferences organized by the International Telecommunication Union (ITU). He was a member of the steering committee of the IEEE Symposium on Computers and Communication from 1995 to 2006, a member of the evaluation committee for the State of New Jersey Commission on Science and Technology from 2000 to 2002, and a participant in activities on innovation and technology management sponsored by the National Science Foundation in 1987, 1989, 1996, 1998, 1999, 2000, and 2002.
"The new edition of this unique book on secure communications, which are critically important for e-commerce, is very timely and fills a big void in the literature. It is well structured and well written. It provides a comprehensive and thorough treatment of the field. It is a valuable reference book for practitioners, as well as a solid textbook for students and teachers."
—Mehmet Ulema, Manhattan College, New York, New York, USA