Free distribution of information, ideas, and research - the Internet's original goal - is at odds with the use of the Internet for commerce. Commerce requires individual privacy and security - an afterthought in this medium. Protocols for Secure Electronic Commerce reviews and explains algorithms and architectures for securing electronic payment systems to deal with this issue, particularly the protocols used for business-to-business commerce and for consumer applications.
Review By: Anup K. Ghosh 09/11/2002This book provides a decent overview of electronic currency systems and methods of payments. The authors define terms used specifically in payment systems and provide pedagogical background for today’s electronic currency systems. A taxonomy of payment instruments is provided to enable the reader to understand the myriad forms of payment available today. The decidedly European text provides a good international perspective on issues we face as we move to virtual payment systems.
A basic overview of cryptographic means for securing data is provided. A description of business-to-business EDI standards is also provided. For most developers and testers, the description of various e-commerce protocols such as iKP protocols, SSL, SET, and micropayments will be most useful.
The book serves as an excellent reference work on e-commerce protocols, and provides an encyclopedic exposition of them. Where it is dry in style, it is comprehensive in substance. From an e-business developer and tester standpoint, the chapters on secure e-commerce protocols (such as iKP protocols, SET, SSL, and the various and sundry micropayment protocols) provide excellent reference material for both development and specifications-based testing. While the first chapter provides a dry introduction to e-commerce, the second chapter on the different forms of financial instruments is both complete and interesting.
Most of this book will be useful as a reference for learning more about a particular EDI standard or e-commerce protocol you might run into at some point. The chapter on Algorithms and Architectures for Security provides a fairly basic, but good enough overview of using cryptography in securing e-commerce transactions. Chapter 6 provides an excellent description of the SSL protocol, the de facto crypto protocol for Web-based transactions.
The book is organized well, from a very basic overview of e-commerce, to a taxonomy of instruments, to include coverage of both widely used protocols as well as some fairly obscure protocols used in niche industry segments. While the reader may not need to know all the protocols described, the reader will have at his or her disposal descriptions of many different e-commerce protocols in the event they are needed at a later time.
One chapter that is disappointing in its level of detail is chapter 13 on smart cards. It did not receive as detailed a treatment as the other technologies covered. It also failed to describe some fairly common smart card platforms such as the Open Platform Architecture for Java Card.
The bibliography is fairly extensive, particularly in its coverage of standards documents.