Cryptography and E-Commerce: A Wiley Tech Brief: Cryptography Basics for Non-technical Managers Working with E-business Products and Services (Wiley Tech Brief Series) - Softcover

Über die Autorin bzw. den Autor

JON C. GRAFF, PhD, is Vice President and Chief Cryptographic Architect at NetReliance. An internationally known speaker and author, he has architected cryptographic systems for companies such as Tracor Ultron, Wells Fargo Bank, KPMG, Deloitte & Touche, the California Independent System Operator (Cal ISO), and NetReliance.

Von der hinteren Coverseite

A clear and easy guide on how to use cryptography to secure e-commerce transactions

To be on the cutting edge of e-commerce, you need to understand how to best utilize cryptography to offer secure services for your customers over the Internet. But if you reach for most of the available books on the subject, you'll find that they are far too technical for most business needs. If you need a quick and lucid managerial summary to help you develop effective e-commerce strategies, this is the book for you.

Geared to nontechnical managers who would like to explore the underlying concepts of modern cryptography, this book features an easily accessible, logical explanation of how cryptography works to solve real-world e-commerce problems, a tutorial on the underlying mathematics, and two case studies of PKI cryptographic architectures, showing how Kerberos and PKC can be wedded to protect a company's intranet and how a full-blown working PKI provides security to a company's Internet communications.

Divided into three major parts tailored to readers' needs-Introduction to Modern Cryptography, Tutorial on the Mathematics of Cryptography, and case studies-the book covers:
* How symmetrical key cryptography ensures confidentiality of messages
* How cryptography lets you detect whether a message has been modified in transit
* Why the distribution of cryptographic keys is important and difficult
* The nuts and bolts of Kerberos-a major component of Microsoft's Windows 2000 security solution
* How Public Key Cryptography ensures security between people who share no prior secret information
* Digital signatures on electronic contracts and the concept of non-repudiation
* How digital certificates ensure positive identification of individuals

Auszug. © Genehmigter Nachdruck. Alle Rechte vorbehalten.

Introduction

Cryptography, the art of "secret writing" or concealing information from unauthorized people, is a fascinating field. It is very old and has been used since the invention of writing to protect communications. Cryptography has played a significant role in numerous historic occasions. Wars have been started, won, and lost because of correctly and incorrectly used cryptography. Mary, Queen of Scots, lost her head because of secrets revealed in her supposedly secret letters. The United States entered World War 1 based on the British decryption of the famous German "Zimmerman" telegram. And of course, the Allies "read" the Japanese and German encrypted transmissions during World War II revealing to the Allies what the Axis powers were doing. On the other hand, strong cryptography kept much of the Allies' information hidden from the Axis powers, so the site of D-Day and the instructions for the attacks on the U-boats were never revealed.

Recently, in the last 20 or so years, cryptography has "come out the cold" and has moved out of the governmental environment and into the public domain. Cryptography is now playing a very significant role in our lives. It has protected our banking and credit card transactions for the past 20 years, and it is becoming the foundation for trust on the Internet.

Cryptography presents the opportunity to facilitate new ways of doing business, many of which have not yet been envisioned. With the use of cryptography, in the near future these things will be readily available and accepted:

* Electronic shopping on the Internet (haven't you purchased something on the Internet?)
* The ability to remotely file electronic legal papers and contracts

The wide acceptance of digital signatures that make documents:

* Unforgeable
* Unmodifiable
* Irrefutable

Digital signature will permit the wide dissemination and sales of electronic (digital):

* Books
* Photographs
* Artwork
* Recordings

Secure smart cards that could be used for multiple purposes, each card containing digital certificates for digital:

* Creditcards
* Driver's licenses
* Passports
* Medical records
* Access to resources
* Positive identification

In this book, I will guide the reader to understand the cryptographic mechanisms that will make these things possible by using lots of examples, metaphors, explanatory drawings, explanations of real implementations and atrocious puns.

Where I first define a keyword, the keyword appears in SMALL CAPS. This will assist the reader in using the index to locate definitions.

Additionally, I have liberally used notes and footnotes to give more technical information, further explanations and references, and sometimes just asides and irreverent remarks.

The book has these major sections:

An Explanation of Modem Cryptography (Chapters 1-9) A Tutorial Explaining the Underlying Mathematics of Cryptography (Chapter 10) Case Studies of Two Cryptographic Architectures (Chapters 11 and 12)

The sections cover:

An Explanation of Modem Cryptography (Chapters 1-9). In this section I have endeavored to write an accessible, easily understood, and entertaining introduction to Modern Cryptography for the nontechnical reader. It is written for people with an interest in learning about the concepts underlying modern cryptography without the mathematics. The explanations are almost all metaphors, and elementary arithmetic is only used in a very few places. In the very few places where mathematics is required, only knowledge of addition and subtraction are required. There are some mathematical notations used for clarity. These mathematical notations are clearly explained and made obvious by the text and the accompanying figures.

The presentation is visual, metaphorical, and logical. I incorporated a large number of figures to help the reader visualize what is occurring, and I made every attempt to spell out each logical step to avoid the "rest of the explanation is left to the reader" syndrome.

However simple the presentation, the section is not without substance. It presents the logical underpinnings of the field so that the reader will come away with a good grasp of how cryptography works and how it is applied. There is also a heavy undercurrent of computer and communication security.

This section is based on a course that I have taught over the last 12 years. I have tested the material and presentation in front of numerous live audiences and received universally positive responses to the clarity and content of my presentation.

A Tutorial Explaining the Underlying Mathematics of Cryptography (Chapter 10). In this section I have endeavored to write for the non- mathematician an easily understood explanation of the mathematical underpinnings of cryptography and particularly those for Public Key cryptography. Starting with the Caesar Cipher, I introduce modulo arithmetic and build from there. I have given the reader a review of all the necessary algebra with a number of worked examples showing all the steps.

The finale of this section is the explanations and fully worked 'toy' examples of the three major cryptographic algorithms, Diffie-Hellman (-Merkle) for key agreement, RSA for confidentiality and digital signatures and E1Gamal for confidentiality and digital signatures.

Case Studies of Two Cryptographic Architectures. These are two detailed descriptions of cryptographic architectures that I've developed and are actually working. They demonstrate the process for developing cryptographic architectures and explain the considerations that go into creating successful and secure architectures.

The first case study, (Chapter 11), Protecting an Intranet with a Kerberos and PKC Hybrid, shows how to meld the best aspects of Kerberos and PKC to efficiently and automatically provide cryptographic security in a closed environment.

The second case study, Protecting the California ISO Internet Communications with PKC, shows how successful Public Key Infrastructure (PKI) is architected.