Cover image for Protocols for secure electronic commerce
Title:
Protocols for secure electronic commerce
Author:
Sherif, Mostafa Hashem.
Personal Author:
Uniform Title:
Monnaie électronique. English
Publication Information:
Boca Raton, Fla. : CRC Press, [2000]

©2000
Physical Description:
479 pages : illustrations ; 24 cm.
Language:
English
ISBN:
9780849395970
Format :
Book

Available:*

Library
Call Number
Material Type
Home Location
Status
Item Holds
Searching...
HF5548.32 .S5213 2000 Adult Non-Fiction Non-Fiction Area
Searching...

On Order

Summary

Summary

Free distribution of information, ideas, and research - the Internet's original goal - is at odds with the use of the Internet for commerce. Commerce requires individual privacy and security - an afterthought in this medium. Protocols for Secure Electronic Commerce reviews and explains algorithms and architectures for securing electronic payment systems to deal with this issue, particularly the protocols used for business-to-business commerce and for consumer applications.

Written by an author intimately involved with the workings of the existing standards, it surveys implementations of the most popular protocols, such as electronic data interchange, secure sockets layer, secure electronic transaction, electronic purses, smart cards, and digital money. It describes the latest developments, offering a technical treatment of the electronic payment systems that are at the heart of security strategy.

Explosive growth of the Internet has redefined the electronic commerce paradigm. Standards in place for nearly two decades must now take advantage of the new business possibilities that the Internet offers. At the same time, the consumer needs to be confident in the security of these unfamiliar transactions. The prosperity of electronic commerce depends on you to surmount the technological challenges of this immature field. Protocols for Secure Electronic Commerce will help.


Table of Contents

Chapter 1 Overview of Electronic Commercep. 1
1.1 What Is Electronic Commerce?p. 1
1.1.1 Categories of Business Relationsp. 2
1.2 Competitive Environment of Electronic Commercep. 5
1.2.1 Banksp. 7
1.2.2 Clientsp. 8
1.2.3 Suppliersp. 8
1.2.4 New Entrants and Substitutesp. 8
1.3 Characteristics of Dematerialized Payment Systemsp. 9
1.4 The Influence of the Internetp. 11
1.5 Technologies of Electronic Commercep. 15
1.5.1 Network Accessp. 15
1.5.2 Information Processingp. 18
Chapter 2 Money and Payment Systemsp. 25
2.1 The Mechanisms of Classical Moneyp. 25
2.2 Instruments of Paymentp. 26
2.2.1 Cashp. 29
2.2.2 Checksp. 31
2.2.3 Credit Transfersp. 35
2.2.4 Direct Debitp. 38
2.2.5 Interbank Transfersp. 38
2.2.6 Bills of Exchangep. 39
2.2.7 Payment Cardsp. 40
2.3 Banking Clearance and Settlementp. 42
2.3.1 United Statesp. 44
2.3.2 United Kingdomp. 45
2.3.3 Francep. 45
2.4 Types of Dematerialized Moniesp. 46
2.4.1 Electronic Moneyp. 46
2.4.2 Virtual Moneyp. 47
2.4.3 Digital Moneyp. 48
2.5 Purses and Holdersp. 49
2.5.1 Electronic Purses and Electronic Token (Jeton) Holdersp. 49
2.5.2 Virtual Purses and Virtual Jeton Holdersp. 49
2.6 Transactional Properties of Dematerialized Currenciesp. 51
2.6.1 Anonymityp. 51
2.6.2 Traceabilityp. 52
2.7 Comparison of the Means of Paymentp. 53
2.8 The Practice of Dematerialized Moneyp. 55
2.8.1 Protocols of Systems of Dematerialized Moneyp. 55
2.8.2 Direct Payments to the Merchantp. 58
2.8.3 Payment via an Intermediaryp. 60
2.9 Conclusionsp. 62
Chapter 3 Algorithms and Architectures for Securityp. 65
3.1 Security of Open Financial Networksp. 66
3.1.1 Threatsp. 66
3.1.2 Objectives of Securityp. 67
3.2 OSI Model for Cryptographic Securityp. 68
3.2.1 Security Servicesp. 68
3.2.2 Security Services at the Network Layerp. 70
3.3 Application Securityp. 72
3.3.1 Message Confidentialityp. 72
3.4 Data Integrityp. 74
3.4.1 Verification of the Integrity with a One-Way Hash Functionp. 76
3.4.2 Verification of the Integrity with Public Key Cryptographyp. 77
3.4.3 Blind Signaturep. 79
3.4.4 Verification of the Integrity with Symmetric Cryptographyp. 80
3.5 Identification of the Participantsp. 83
3.6 Authentication of the Participantsp. 83
3.7 Nonrepudiationp. 85
3.7.1 Time-Stamping and Sequence Numbersp. 85
3.7.2 Key Revocationp. 86
3.8 Key Managementp. 86
3.8.1 Secure Management of Cryptographic Keysp. 86
3.8.2 Exchange of Secret Keys: Kerberosp. 89
3.8.3 Exchange of Public Keysp. 92
3.9 Certificate Managementp. 94
3.9.1 Description of an X.509 Certificatep. 96
3.9.2 Certification Pathp. 97
3.9.3 Procedures for Strong Authenticationp. 106
3.9.4 Certificate Revocationp. 107
3.9.5 Security Services and Citizens' Rightsp. 109
3.10 Encryption Cracksp. 109
Appendix 3.1 Principles of Symmetric Encryptionp. 112
Modes of Algorithm Utilization for Block Encryptionp. 112
Examples of Symmetric Block Encryption Algorithmsp. 117
Appendix 3.2 Principles of Public Key Encryptionp. 120
RSAp. 120
PKCSp. 121
PGPp. 122
Appendix 3.3 Comparative Datap. 124
Performance Data for JSAFE 1.1p. 124
Performance for S/WANp. 124
Performance for BSAFE 3.0p. 125
Performance for BSAFE 4.1p. 132
Chapter 4 Business-to-Business Commerce and Electronic Data Interchangep. 133
4.1 Components of EDIp. 133
4.1.1 Generation and Reception of Structured Datap. 136
4.1.2 Management of the Distributionp. 138
4.1.3 Management of Securityp. 138
4.2 Examples of EDI Systemsp. 138
4.3 Structuring of Alphanumeric Datap. 141
4.3.1 Definitionsp. 142
4.3.2 ANSI X12p. 142
4.3.3 EDIFACTp. 144
4.3.4 Structural Comparison of X12 and EDIFACTp. 150
4.4 Structuring of Documents or Formsp. 151
4.4.1 SGMLp. 152
4.4.2 XMLp. 153
4.4.3 Interface of XML with Alphanumeric EDIp. 153
4.5 EDI Messagingp. 156
4.5.1 X.400p. 156
4.5.2 SMTP/MIMEp. 158
4.6 Security of EDIp. 159
4.6.1 X12 Securityp. 160
4.6.2 EDIFACT Securityp. 161
4.6.3 IETF Proposalsp. 168
4.6.4 Protocol Stacks for EDI Messagingp. 172
4.6.5 Interoperability of Secured EDI and S/MIMEp. 173
4.7 Relation of EDI with Electronic Funds Transferp. 174
4.7.1 Funds Transfer with EDIFACTp. 177
4.7.2 Funds Transfer with X12p. 178
4.8 EDI Integration with Business Processesp. 179
4.9 Standardization of EDIp. 181
4.10 Future Evolution of the EDIp. 183
Chapter 5 Remote Payment with Bank Cards (I)p. 185
5.1 Security without Encryption: First Virtualp. 185
5.1.1 System Architecturep. 186
5.1.2 Purchasing Protocolp. 186
5.1.3 Acquisition and Financial Settlementp. 187
5.1.4 Securityp. 189
5.1.5 Evaluationp. 189
5.2 iKP Protocolsp. 189
5.2.1 1KP Protocolp. 192
5.2.2 2KP Protocolp. 196
5.2.3 3KP Protocolp. 198
5.3 CyberCashp. 199
5.3.1 Inscriptionp. 200
5.3.2 Credit Card Purchasesp. 200
5.3.3 Debit Card Purchasesp. 201
5.3.4 Securityp. 202
5.4 Agorap. 204
5.4.1 Registrationp. 204
5.4.2 Purchase and Payment Protocolp. 204
5.4.3 Evaluationp. 208
Chapter 6 Remote Payment with Bank Cards (II): Secure Sockets Layerp. 209
6.1 General Presentation of the SSL Protocolp. 209
6.1.1 Functional Architecturep. 209
6.1.2 SSL Security Servicesp. 211
6.2 SSL Subprotocolsp. 213
6.2.1 SSL Exchangesp. 213
6.2.2 Synopsis of Parameters Computationp. 216
6.2.3 The Handshake Protocolp. 218
6.2.4 The Other Protocolsp. 227
6.2.5 Summaryp. 229
6.3 Example of SSL Processingp. 229
6.3.1 Assumptionsp. 229
6.3.2 Establishment of a New Sessionp. 231
6.3.3 Processing of Application Datap. 238
6.3.4 Connection Establishmentp. 239
6.4 Implementationsp. 244
6.5 Conclusionsp. 247
Appendix 6.1 Structures of the Handshake Messagesp. 248
Headerp. 248
HelloRequestp. 249
ClientHellop. 249
ServerHellop. 249
Certificatep. 249
ServerKeyExchangep. 250
CertificateRequestp. 251
ServerHelloDonep. 251
ClientKeyExchangep. 251
CertificateVerifyp. 252
Finishedp. 252
Chapter 7 Remote Payment with Bank Cards (III): The SET Protocolp. 253
7.1 SET Architecturep. 253
7.2 Security Services of SETp. 255
7.2.1 Cryptographic Algorithmsp. 257
7.2.2 The Method of Dual Signaturep. 259
7.3 Certificationp. 261
7.3.1 Certificate Managementp. 261
7.3.2 Registration of the Participantsp. 265
7.4 Purchasing Transactionp. 272
7.4.1 SET Payment Messagesp. 272
7.4.2 Transaction Progressp. 273
7.5 Optional Procedures in SETp. 281
7.6 SET Implementationsp. 281
7.7 Evaluationp. 283
Chapter 8 Hybrid Solutions with SETp. 285
8.1 C-SET and E-Commp. 285
8.1.1 General Architecture of C-SETp. 286
8.1.2 Cardholder Registrationp. 288
8.1.3 Distribution of the Payment Softwarep. 290
8.1.4 Purchase and Paymentp. 291
8.1.5 Encryption Algorithmsp. 294
8.1.6 Interoperability of SET and C-SETp. 294
8.2 Hybrid SSL/SET Architecturep. 296
8.2.1 Hybrid SET/SSL Modelp. 298
8.2.2 Transaction Flowsp. 299
8.2.3 Evaluation of the Hybrid Model SET/SSLp. 302
Chapter 9 Micropayments and Face-to-Face Commercep. 303
9.1 Characteristics of Micropayment Systemsp. 303
9.2 Chipperp. 305
9.3 GeldKartep. 306
9.3.1 Registration and Loading of Valuep. 307
9.3.2 Paymentp. 308
9.3.3 Securityp. 310
9.4 Minipayp. 311
9.5 Mondexp. 312
9.5.1 Loading of Valuep. 314
9.5.2 Paymentp. 314
9.5.3 Securityp. 314
9.5.4 Pilot Experimentsp. 314
9.6 P-CARDp. 315
9.7 Paychipp. 315
9.7.1 Registration and Loading of Valuep. 316
9.7.2 Paymentp. 316
9.7.3 Securityp. 316
9.8 Protonp. 317
9.8.1 Loading of Valuep. 318
9.8.2 Paymentp. 318
9.8.3 International Applicationsp. 318
9.9 Comparison of the Main Electronic Pursesp. 319
Chapter 10 Remote Micropaymentsp. 321
10.1 NetBillp. 321
10.1.1 Registration and Loading of Valuep. 321
10.1.2 Purchasep. 322
10.1.3 Financial Settlementp. 327
10.1.4 Evaluationp. 327
10.2 CyberCoinp. 328
10.3 KLELinep. 329
10.3.1 Registration and Loading of Valuep. 330
10.3.2 Purchasep. 330
10.3.3 Financial Settlementp. 333
10.3.4 Evaluationp. 333
10.4 Millicentp. 334
10.4.1 Secretsp. 334
10.4.2 Description of the Scripp. 335
10.4.3 Registration and Loading of Valuep. 337
10.4.4 Purchasep. 338
10.4.5 Evaluationp. 338
10.5 PayWordp. 340
10.5.1 Registration and the Loading of Valuep. 341
10.5.2 Purchasep. 342
10.5.3 Financial Settlementp. 344
10.5.4 Computational Loadp. 344
10.5.5 Evaluationp. 345
10.6 MicroMintp. 345
10.6.1 Registration and Loading of Valuep. 346
10.6.2 Purchasep. 347
10.6.3 Financial Settlementp. 347
10.6.4 Securityp. 347
10.6.5 Evaluationp. 348
10.7 Comparison of the Different Systems of Remote Micropaymentp. 349
Chapter 11 Digital Moneyp. 353
11.1 Building Blocksp. 353
11.1.1 Debtor Untraceabilityp. 354
11.1.2 Creditor Untraceabilityp. 357
11.1.3 Mutual Untraceabilityp. 357
11.1.4 Description of Digital Denominationsp. 359
11.1.5 Detection of Counterfeit (Multiple Spending)p. 362
11.2 DigiCash (Ecash)p. 364
11.2.1 Registrationp. 365
11.2.2 Loading of Valuep. 365
11.2.3 Purchasep. 366
11.2.4 Financial Settlementp. 367
11.2.5 Deliveryp. 367
11.2.6 Evaluationp. 368
11.3 NetCashp. 368
11.3.1 Registration and Value Purchasep. 368
11.3.2 Purchasep. 369
11.3.3 Extensions of NetCashp. 370
11.3.4 Evaluationp. 372
Chapter 12 Dematerialized Checksp. 375
12.1 Classical Processing of Paper Checksp. 375
12.1.1 Checkbook Deliveryp. 375
12.1.2 Check Processingp. 376
12.2 Dematerialized Processing of Paper-Based Checksp. 377
12.2.1 Electronic Check Presentmentp. 377
12.2.2 Check Imagingp. 378
12.3 NetChequep. 379
12.3.1 Registrationp. 380
12.3.2 Payment and Financial Settlementp. 380
12.4 Bank Internet Payment System (BIPS)p. 381
12.4.1 Types of Transactionsp. 382
12.4.2 BIPS Service Architecturep. 384
12.5 Echeckp. 386
12.5.1 Representation of the Virtual Checkp. 388
12.6 Evaluationp. 391
Chapter 13 Security and Integrated Circuit Cardsp. 393
13.1 Overviewp. 393
13.1.1 Categories and Applications of Microprocessor Cardsp. 394
13.1.2 Adaptation of Integrated Circuit Cards to Computersp. 395
13.2 Description of Integrated Circuit Cards with Contactsp. 396
13.3 Security of Microprocessor Cardsp. 398
13.3.1 Physical Security of the Card During Usagep. 400
13.3.2 Logical Security of the Card During Usagep. 401
13.3.3 Examples of Security During Usagep. 402
13.3.4 Limits on Securityp. 406
13.5 Multiapplication Smart Cardsp. 407
13.5.1 File System of ISO 7816-4p. 408
13.5.2 The Swedish Electronic Identity Cardp. 409
13.5.3 Management of Applications in Multiapplication Cardsp. 410
13.6 Standards for Integrated Circuit Cardsp. 413
13.6.1 Standards for Cards with Contactsp. 413
13.6.2 Standards for Contactless Cardsp. 414
13.6.3 EMVp. 414
Chapter 14 Platforms and Convergence Modelsp. 417
14.1 Semperp. 417
14.1.1 Semper Architecturep. 418
14.1.2 Terminology of Semperp. 420
14.1.3 The Payment Managerp. 420
14.2 CAFEp. 421
14.3 JEPIp. 423
14.4 Merchant Cards and Bank Cardsp. 425
14.5 Summaryp. 426
Chapter 15 Perspectivesp. 427
15.1 Infrastructure of Electronic Commercep. 427
15.2 Which Means of Payment?p. 429
15.3 Standardizationp. 431
15.4 Elements for Reflectionp. 432
Acronymsp. 435
Referencesp. 443
Web Sitesp. 457
Generalp. 457
Standardsp. 457
Encryptionp. 457
EDIFACTp. 458
XMLp. 458
SSLEAYp. 459
SETp. 459
Pursesp. 459
Micropaymentsp. 459
Smart (Microprocessor) Cardsp. 459
Electronic and Virtual Checksp. 460
Semperp. 460
Indexp. 461