Protocols for Secure Electronic Commerce

Protocols for Secure Electronic Commerce, Third Edition presents a compendium of protocols for securing electronic commerce, or e-commerce, in consumer- and business-to-business applications. Attending to a variety of electronic payment systems currently in use around the globe, this edition: Updates all chapters to reflect the latest technical advances and developments in areas such as mobile commerce Adds a new chapter on Bitcoin and other cryptocurrencies that did not exist at the time of the previous edition's publication Increases the coverage of PayPal in accordance with PayPal’s amplified role for consumers and businesses Expands the discussion of bank cards, dedicating a full chapter to magnetic stripe cards and a full chapter to chip-and-PIN technology Protocols for Secure Electronic Commerce, Third Edition offers a state-of-the-art overview of best practices for the security of e-commerce, complete with end-of-chapter review questions and an extensive bibliography of specialized references. A Solutions Manual and PowerPoint slides are available with qualifying course adoption.

Overview of Electronic CommerceElectronic Commerce and Mobile CommerceEffects of the Internet and Mobile NetworksNetwork AccessBarcodesSmart CardsParties in Electronic CommerceSecuritySummaryQuestions Money and Payment SystemsMechanisms of Classical MoneyPayment InstrumentsTypes of Dematerialized MoniesPurses, Holders, and WalletsTransactional Properties of Dematerialized CurrenciesOverall Comparison of the Means of PaymentPractice of Dematerialized MoneyClearance and Settlement in Payment SystemsDrivers of Innovation in Banking and Payment SystemsSummaryQuestions Algorithms and Architectures for SecuritySecurity of Open Financial NetworksOSI Model for Cryptographic SecuritySecurity Services at the Link LayerSecurity Services at the Network LayerSecurity Services at the Application LayerMessage ConfidentialityData IntegrityIdentification of the ParticipantsBiometric IdentificationAuthentication of the ParticipantsAccess ControlDenial of ServiceNonrepudiationSecure Management of Cryptographic KeysExchange of Secret Keys: KerberosPublic Key KerberosExchange of Public KeysCertificate ManagementAuthenticationSecurity CracksSummaryAppendix: Principles of Symmetric EncryptionAppendix: Principles of Public Key EncryptionAppendix: Principles of the Digital Signature Algorithm and the Elliptic Curve Digital Signature AlgorithmQuestions Business-to-Business CommerceDrivers for Business-to-Business Electronic CommerceFour Stages of Systems IntegrationOverview of Business-to-Business CommerceShort History of Business-to-Business Electronic CommerceExamples of Business-to-Business Electronic CommerceEvolution of Business-to-Business Electronic CommerceImplementation of Business-to-Business Electronic CommerceX12 and EDIFACTEDI MessagingSecurity of EDIIntegration of XML and Traditional EDINew Architectures for Business-to-Business Electronic CommerceElectronic Business (Using) Extensible Markup LanguageWeb ServicesRelation of EDI with Electronic Funds TransferSummaryQuestions Transport Layer Security and Secure Sockets LayerArchitecture of SSL/TLSSSL/TLS Security ServicesSSL/TLS SubprotocolsPerformance of SSL/TLSImplementation PitfallsSummaryQuestions Wireless Transport Layer SecurityArchitectureFrom TLS to WTLSOperational ConstraintsWAP and TLS ExtensionsWAP BrowsersSummaryQuestions The SET ProtocolSET ArchitectureSecurity Services of SETCertificationPurchasing TransactionOptional ProceduresEfforts to Promote SETsSET versus TLS/SSLSummaryQuestions Payments with Magnetic Stripe CardsPoint-of-Sale TransactionsCommunication Standards for Card TransactionsSecurity of Point-of-Sale TransactionsInternet Transactions3D SecureMigration to EMVSummaryQuestions Secure Payments with Integrated Circuit CardsDescription of Integrated Circuit CardsIntegration of Smart Cards with Computer SystemsStandards for Integrated Circuit CardsMultiapplication Smart CardsSecurity of Smart CardsPayment Applications of Integrated Circuit CardsEMV® CardGeneral Consideration on the Security of Smart CardsSummaryQuestions Mobile PaymentsReference Model for Mobile CommerceSecure Element in Mobile PhonesBarcodesBluetoothNear-Field CommunicationText MessagesBank-Centric OffersMobile Operator–Centric OffersThird-Party Service OffersCollaborative OffersPayments from Mobile TerminalsSummaryQuestions MicropaymentsCharacteristics of Micropayment SystemsStandardization EffortsElectronic PursesOnline MicropaymentsResearch ProjectsMarket Response to Micropayment SystemsSummaryQuestions PayPalEvolution of PayPalPersonal AccountsBusiness AccountsSummaryQuestions Digital MoneyPrivacy with Cash and Digital MoneyDigiCash (eCash)Anonymity and Untraceability in DigiCashEvaluation of DigiCashQuestions Bitcoin and CryptocurrenciesBackgroundBitcoin ProtocolOperationRisk EvaluationSummary and ConclusionsAppendix: The Crypto Anarchist ManifestoAppendix: Bitcoin as a Social PhenomenonAppendix: Other Significant CryptocurrenciesAppendix: Service Offers Based on BitcoinQuestions Dematerialized ChecksProcessing of Paper ChecksDematerialized Processing of ChecksVirtual ChecksSummaryQuestions Electronic Commerce in SocietyHarmonization of Communication InterfacesGovernance of Electronic MoneyProtection of Intellectual PropertyElectronic Surveillance and PrivacyContent Filtering and CensorshipTaxation of Electronic CommerceTrust PromotionArchives DematerializationSummaryQuestions References Websites

Mostafa Hashem Sherif is a principal member of the technical staff at AT&T in Middletown, New Jersey, USA. He received a BSc in electronics and communications and an MSc in electrical engineering from Cairo University, Egypt, in 1972 and 1975, respectively, and a PhD in engineering from the University of California, Los Angeles, USA, in 1980. In 1996, he earned a master of science in management of technology from Stevens Institute of Technology, Hoboken, New Jersey, USA. Widely published, Dr. Sherif is a senior member of the Institute of Electrical and Electronics Engineers (IEEE) and a member of the steering committee of the Kaleidoscope series of conferences organized by the International Telecommunication Union (ITU). He was a member of the steering committee of the IEEE Symposium on Computers and Communication from 1995 to 2006, a member of the evaluation committee for the State of New Jersey Commission on Science and Technology from 2000 to 2002, and a participant in activities on innovation and technology management sponsored by the National Science Foundation in 1987, 1989, 1996, 1998, 1999, 2000, and 2002.