ch24.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 837 行 · 第 1/4 页

	client and the server end, this port traffics the information (which is encrypted
	before it leaves the client and decrypted after the arrival at the server). More
	than likely, the remote server refuses connections on almost all other ports, or
	the information is filtered through a pinhole in a firewall. 
<HR>


</BLOCKQUOTE>

<P>The advantages and disadvantages are diverse in this scenario. First, there is
the obvious problem that the accepting party is resigned to traveling blind; that
is, they will never have the credit card information within their possession. Because
of this, disputed claims are a serious headache.</P>
<P>Here's an example: A kid gets his parent's credit card number and charges up a
storm. This information is validated by the remote server, with the accepting party
storing no information. Later, the parent disputes the transaction, claiming that
he never authorized such a charge. This is okay, and may happen periodically. However,
obtaining records and then sorting out that dispute is both a logistical and legal
problem. It is not quite as simple as disputing unauthorized charges on one's telephone
bill. Because the party that cleared (and ultimately collected on) the charge is
a third party (one that has no part in the exchange of goods or services), confusion
can easily develop.</P>
<P>Imagine now if you were such a victim. You contact the party that is the apparent
recipient of the charge, only to find that the company has &quot;nothing to do with
it.&quot; When consumers are confronted with this type of situation, they become
less likely to do commerce over the Net. And while this is essentially no different
than being confronted with unauthorized 900- number charges on your telephone bill,
the average consumer will view the Internet with increasing suspicion. This is bad
for Internet commerce generally. Despite that fact, however, this method is generally
regarded as the most secure.
<H2><FONT COLOR="#000077"><B>The Overall Picture of Net Commerce</B></FONT></H2>
<P>Here is the challenge for Internet commerce consultants, another variable to figure
in before creating a viable package. For example, one might be designing a &quot;total
solution&quot; package involving co-location of a box, Web development, security,
and credit card clearing. Making such a package can be a difficult task. Your choices
must be carefully considered.</P>
<P>Naturally, there is also the issue of cost. Most clearing companies take a piece
of the action, which means that they charge a percentage for each charge cleared.
Sometimes there are variations on this theme, but there are basically two scenarios.
In the first, they charge a sizable sum for setup and request no further money from
the client, instead reaping their percentage from the credit card companies at the
other end. Another is where the initial cost is lower, but the client is charged
a percentage on each transaction. Still another, although less common, is where the
middleman company may take a smaller percentage from both sides, thereby distributing
the load and making their pricing seem more competitive to both client and credit
card company.</P>
<P>There are many services you can contract, including both consultant firms and
actual software and hardware solution vendors. Here are a few:

<UL>
	<LI>SecureCC. Secure transactions for the Web.
	<P><A HREF="http://www.securecc.com/"><TT>http://www.securecc.com/</TT></A><BR>
	
	<LI>All Merchants Merchant Service. Credit card, debit card merchants.
	<P><A HREF="http://www.cyburban.com/~mmdelzio/first.htm"><TT>http://www.cyburban.com/~mmdelzio/first.htm</TT></A><BR>
	
	<LI>Luckman's. (Specifically, the Web Commander product has support for secure Internet
	commerce.)
	<P><A HREF="http://www.luckman.com/wc/webcom.html"><TT>http://www.luckman.com/wc/webcom.html</TT></A><BR>
	
	<LI>Redhead Corporation.
	<P><A HREF="http://www.redhead.com/html/makesale.html"><TT>http://www.redhead.com/html/makesale.html</TT></A><BR>
	
	<LI>Netscape Communications Corporation.
	<P><A HREF="http://www.netscape.com/"><TT>http://www.netscape.com/</TT></A><BR>
	
	<LI>Process Software Corporation.
	<P><A HREF="http://www.process.com/"><TT>http://www.process.com/</TT></A><BR>
	
	<LI>Alpha Base Systems, Inc. EZ-Commerce and EZ-ID system.
	<P><A HREF="http://alphabase.com/ezid/nf/com_intro.html"><TT>http://alphabase.com/ezid/nf/com_intro.html</TT></A><BR>
	
	<LI>MTI Advanced Marketing.
	<P><A HREF="http://www.mticentral.com/Commerce/"><TT>http://www.mticentral.com/Commerce/</TT></A><BR>
	
	<LI>Data Fellows. F-Secure line of products.
	<P><A HREF="http://www.europe.datafellows.com/f-secure/fsecom.htm"><TT>http://www.europe.datafellows.com/f-secure/fsecom.htm</TT></A>
</UL>

<P>In closing on the issue, I would suggest that you read at least a few of the following
white papers, articles, or technical reports. Some are more difficult to find than
others, and I would suggest that you take those papers for which I have provided
no online address and run them through a university library bibliography search.
Many of them are available through services like WorldCat and Uncover.</P>
<P><B>Credit Card Transactions: Real World and Online.</B> Keith Lamond. 1996.

<UL>
	<LI><A HREF="http://rembrandt.erols.com/mon/ElectronicProperty/klamond/CCard.ht"><TT>http://rembrandt.erols.com/mon/ElectronicProperty/klamond/CCard.ht</TT></A><TT>m</TT>
</UL>

<P><B>Digital Money Online. A Review of Some Existing Technologies. Dr. Andreas Sch&#246;ter
and Rachel Willmer.</B> Intertrader Ltd. February 1997.</P>
<P><B>Millions of Consumers to Use Internet Banking. Booz, Allen &amp; Hamilton Study
Indicates.</B>

<UL>
	<LI><A HREF="http://www.bah.com/press/net_banking.html"><TT>http://www.bah.com/press/net_banking.html</TT></A>
</UL>

<P><B>A Bibliography of Electronic Payment Information.</B>

<UL>
	<LI><A HREF="http://robotics.stanford.edu/users/ketchpel/ecash.html"><TT>http://robotics.stanford.edu/users/ketchpel/ecash.html</TT></A>
</UL>

<P><B>Electronic Cash, Tokens and Payments in the National Information Infrastructure.</B>

<UL>
	<LI><A HREF="http://www.cnri.reston.va.us:3000/XIWT/documents/dig_cash_doc/ToC.html"><TT>http://www.cnri.reston.va.us:3000/XIWT/documents/dig_cash_doc/ToC.html</TT></A>
</UL>

<P><B>Electronic Commerce in the NII.</B>

<UL>
	<LI><A HREF="http://www.cnri.reston.va.us:3000/XIWT/documents/EComm_doc/ECommTOC2.html"><TT>http://www.cnri.reston.va.us:3000/XIWT/documents/EComm_doc/ECommTOC2.html</TT></A>
</UL>

<P><B>A Framework for Global Electronic Commerce.</B> Clinton Administration. For
an executive summary, visit

<UL>
	<LI><A HREF="http://www.iitf.nist.gov/eleccomm/exec_sum.htm"><TT>http://www.iitf.nist.gov/eleccomm/exec_sum.htm</TT></A>
</UL>

<P>For the complete report, visit

<UL>
	<LI><A HREF="http://www.iitf.nist.gov/eleccomm/glo_comm.htm"><TT>http://www.iitf.nist.gov/eleccomm/glo_comm.htm</TT></A>
</UL>

<P><B>Card Europe UK--Background Paper. Smartcard Technology Leading To Multi Service
Capability.</B>

<UL>
	<LI><A HREF="http://www.gold.net/users/ct96/rep1.htm"><TT>http://www.gold.net/users/ct96/rep1.htm</TT></A>
</UL>

<P><B>Electronic Payment Schemes.</B> Dr. Phillip M. Hallam-Baker. World Wide Web
Consortium.

<UL>
	<LI><A HREF="http://www.w3.org/pub/WWW/Payments/roadmap.html"><TT>http://www.w3.org/pub/WWW/Payments/roadmap.html</TT></A>
</UL>

<P><B>Generic Extensions of WWW Browsers.</B> Ralf Hauser and Michael Steiner. First
Usenix Workshop on Electronic Commerce. July 1995.</P>
<P><B>Anonymous Delivery of Goods in Electronic Commerce.</B> Ralf Hauser and Gene
Tsudik. IBMTDB, 39(3), pp. 363-366. March 1996.</P>
<P><B>On Shopping Incognito.</B> R. Hauser and G. Tsudik. Second Usenix Workshop
on Electronic Commerce. November 1996.

<UL>
	<LI><A HREF="http://www.isi.edu/~gts/paps/hats96.ps.gz"><TT>http://www.isi.edu/~gts/paps/hats96.ps.gz</TT></A>
</UL>

<P><B>The Law of Electronic Commerce. EDI, Fax and Email: Technology, Proof and Liability.</B>
B. Wright. Little, Brown and Company. 1991.</P>
<P><B>Fast, Automatic Checking of Security Protocols.</B> D. Kindred and J. M. Wing.
Second Usenix Workshop on Electronic Commerce, pp. 41-52. November 1996.

<UL>
	<LI><A HREF="http://www-cgi.cs.cmu.edu/afs/cs.cmu.edu/project/venari/www/usenix96-submit.html"><TT>http://www-cgi.cs.cmu.edu/afs/cs.cmu.edu/project/venari/www/usenix96-submit.html</TT></A>
</UL>

<P><B>Electronic Commerce on the Internet.</B> Robert Neches, Anna-Lena Neches, Paul
Postel, Jay M. Tenenbaum, and Robert Frank. 1994.</P>
<P><B>NetBill Security and Transaction Protocol.</B> Benjamin Cox, J. D. Tygar, and
Marvin Sirbu. First Usenix Workshop on Electronic Commerce. July 1995.</P>
<P><B>CyberCash Credit Card Protocol.</B> Donald E. Eastlake, Brian Boesch, Steve
Crocker, and Magdalena Yesil. Version 0.8. July 1995. (Internet Draft.)</P>
<P><B>Commerce on the Internet--Credit Card Payment Applications over the Internet.</B>
Taher Elgamal. July 1995.</P>
<P><B>Business, Electronic Commerce and Security.</B> B. Israelsohn. 1996.

<UL>
	<LI><A HREF="http://www.csc.liv.ac.uk/~u5bai/securit2.html"><TT>http://www.csc.liv.ac.uk/~u5bai/securit2.html</TT></A>
</UL>

<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>Be prepared. If you plan to establish a dedicated connection to the Internet and
security is an important issue for you, it is wise to learn the terrain. I am not
suggesting that security specialists are unscrupulous; I am simply warning you of
potential pitfalls in the security process. By gathering knowledge about your network,
your trust models, and Internet security in general, you will fare far better. It's
a jungle out there; you better believe it.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch23/ch23.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch25/ch25.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>