Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption [Paperback]

Warwick Ford (Author), Michael S. Baum (Author)

Book Description

Publication Date: April 1997

This is a guide to secure business transactions, on the Internet and elsewhere, which provides comprehensive coverage of both technical and legal issues. This text covers developments in digital signatures, public-key infrastructure, EDI technical standards, and the evolving law of electronic commerce. The techniques for ensuring that electronic transactions are binding and cannot be repudiated. Starting with an introduction to the underlying technologies and inherent risks of electronic commerce, the book considers the role of computer networks, the Internet, EDI and electronic mail, as well as the problem of ensuring that electronic transactions are resistant to fraud, may be traced and are legally binding in all jurisdictions. Current security technologies are explained in detail, from a business perspective. These include cryptography, digital signatures, public keys and symmetric keys, certificates, and authentication techniques. Networking security methods such as firewalls, secure messaging protocols and secure Web protocols are also discussed in detail. The book is aimed at anyone involved in the design, management, procurement, operation, legal support, or technical support of a business system based on the exchange of electronic transactions and computer networks.

Editorial Reviews

Amazon.com Review

If you've been charged with setting up a public key infrastructure (PKI) for an organization, or if you're just not content to trust commercial products' claims of security, have a look at Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption for a clear and complete overview of digital certificate management techniques. This richly detailed and heavily referenced volume generally stays clear of implementation specifics. Readers can count on it to provide the background in concepts and terminology that they'll need to make PKI design decisions.

Without exception, this is a very clearly written book, but there are rather few conceptual diagrams--and a few more graphics might have clarified the relationships among entities. Regardless, it's abundantly evident that the authors did a great deal of research--a rarity in this field. Nearly every other sentence contains a reference to an endnote. To truly understand how PKI works, study this book and the material it references, and participate in online forums on PKI issues. --David Wall

Topics covered: Public key infrastructure (PKI) design and functionality, including the legal principles behind binding electronic transactions and the details of authentication, encryption, non-repudiation, and key management. Certificates, Certificate Authorities (CAs), and means of managing trust relationships are all covered. --This text refers to an alternate Paperback edition.

From the Inside Flap

Preface

Our entry into the twenty-first century has been accompanied by the emergence of electronic commerce (e-commerce) as both an enabler and a component of business reengineering. E-commerce offers great rewards for all who embrace it. However, it also brings considerable risks for the unwary. While new technologies, with their complexities and explosive adoption rates, can be largely blamed for creating these new risks, new technologies also represent a large part of the solution, in managing and mitigating these risks. The latter technologies include, in particular, digital signatures and public-key cryptography. However, achieving secure electronic commerce requires much more than the mere application of such core technologies. It also depends upon interdependent technological, business, and legal infrastructures that are needed to enable the use of these core technologies on a large scale. Our goal in this book is to describe the ingredients and recipe for making e-commerce secure, with emphasis on the role, practical deployment, and use of these infrastructures.

Why have an engineer and a lawyer teamed up to write this book? The answer is that secure e-commerce can only be achieved through a delicate interweaving of technological safeguards and legal controls. The most critical issues cannot be understood by studying either the technological or legal aspects in isolation. Therefore, an effective treatise on this subject must draw on both technological and legal expertise.

This book is targeted at a broad audience, including business professionals, information technologists, and lawyersÑanyone who is concerned about the security of e-commerce. Readers are not expected to have substantive technological or legal backgrounds. To make this book valuable to businesspersons, consumers, bankers, product developers, service providers, legal counsel, policymakers, and students alike, we include introductory material to virtually all topics, with a view to bringing all readers up to a base knowledge threshold before addressing the more complex issues.

Since the first edition was published, there has been enormous progress in the field of secure e-commerce. While the core technologies have not changed materially, there have been significant advances in software tools and packaging, standards, legislation globally, and experience in applying the technologies described in the first edition to real-world e-commerce. In the standards arena, for example, we have seen the completion and widespread adoption of the S/MIME secure messaging specifications, IPsec virtual private network specifications, and IETF PKIX specifications for public-key infrastructure. Notable legislative activities have included diverse national and state digital signature laws, and the U.S. Federal E-Sign Act. There has also been solid progress on the assessment and accreditation of secure e-commerce infrastructure components, such as certification authorities. These advances have occurred in conjunction with a massive increase in e-commerce deployment generally, in particular, the rapid emergence of business-to-business Internet commerce. Consequently, in this edition we have focused more on those aspects of the field that are proving most important in todayÕs marketplace and that require rigorous analysis to ensure successful deployment.

We have written this book with an international audience in mind. However, the reader will observe, especially in our coverage of practices and legal issues, a predominance of coverage from the U.S. perspective. In general, we believe the problems faced globally are much the same as those faced in the United States, so we anticipate that our coverage of problems and progress in the United States will map meaningfully to developments in other nations. If we sometimes fall short in this respect, we apologize to our international colleagues. --This text refers to an alternate Paperback edition.

See all Editorial Reviews

Product Details

• Paperback: 496 pages
• Publisher: Prentice Hall (April 1997)
• Language: English
• ISBN-10: 0134763424
• ISBN-13: 978-0134763422
• Product Dimensions: 9.1 x 7 x 1.5 inches
• Shipping Weight: 2.2 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #3,897,678 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

11 of 12 people found the following review helpful:

5.0 out of 5 stars Greak Book for a Public Key Infrastructure (PKI) Overview, September 3, 1998

By A Customer

This review is from: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (Paperback)

This book is great at understanding the major components of a Public Key Infrastructure and the surrounding issues. You certainly would not walk away being able to set up a PKI, but you would be able to discuss it intelligently. If you are trying to come up to speed on PKI, this is the book for you. The subject is too big to cover everything in one book; so, I would also recommend picking up some more books that look at security issues specifically. One recommendation is E-Commerce Security by Ghosh.

5 of 6 people found the following review helpful:

5.0 out of 5 stars The best I've seen, July 20, 1999

By A Customer

This review is from: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (Paperback)

Highly recommended - This is still the best intro book I've seen on PKI. Precisely and clearly written. Can't wait for the second edition, though, as this edition is getting a bit dated.

3 of 4 people found the following review helpful:

5.0 out of 5 stars Clearly written guide to public key infrastructure, August 26, 1998

By A Customer

This review is from: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (Paperback)

Ford and Baum do a great job explaining the ins and outs of public key infrastructures, covering both the technical and non-technical (legal, administrative, financial, etc.) issues with clarity and insight. Chapters 6 and 7 are especially worthwhile for those looking at the latest IETF PKIX standards.