Cryptography for Payment Professionals
暫譯: 支付專業人士的密碼學
Dubinsky, Ilya
- 出版商: Auerbach Publication
- 出版日期: 2023-05-10
- 售價: $4,400
- 貴賓價: 9.5 折 $4,180
- 語言: 英文
- 頁數: 186
- 裝訂: Hardcover - also called cloth, retail trade, or trade
- ISBN: 1032442743
- ISBN-13: 9781032442747
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
相關主題
商品描述
Although cryptography plays an essential part in most modern solutions, especially in payments, cryptographic algorithms remain a black box for most users of these tools. Just as a sane backend developer does not drill down into low-level disk access details of a server filesystem, payments professionals have enough things to worry about before they ever need to bother themselves with debugging an encrypted value or a message digest. However, at a certain point, an engineer faces the need to identify a problem with a particular algorithm or, perhaps, to create a testing tool that would simulate a counterpart in a protocol that involves encryption.
The world of cryptography has moved on with giant leaps. Available technical standards mention acronyms and link to more standards, some of which are very large while others are not available for free. After finding the standards for the algorithm, the specific mode of operation must also be identified. Most implementations use several cryptographic primitives--for example, key derivation with a block cipher, which produces a secret that is used together with a hash function and a double padding scheme to produce a digital signature of a base64-encoded value. Understanding this requires more sifting through online sources, more reading of platform and library documents, and finally, when some code can be written, there are very few test cases to validate it.
Cryptography for Payment Professionals is intended for technical people, preferably with some background in software engineering, who may need to deal with a cryptographic algorithm in the payments realm. It does not cover the payment technology in-depth, nor does it provide more than a brief overview of some regulations and security standards. Instead, it focuses on the cryptographic aspects of each field it mentions. Highlights include:
- Major cryptographic algorithms and the principles of their operation
- Cryptographic aspects of card-present (e.g., magnetic stripe, EMV) and online (e.g., e-Commerce and 3DS 2.0) transactions
- A detailed description of TDES DUKPT and AES DUKPT protocols, as well as an example implementation and test cases for both
It is best if the reader understands programming, number and string representations in machine memory, and bit operations. Knowledge of C, Python, or Java may make the examples easier to read but this is not mandatory.
Code related to the book is available at the author's GitHub site: https: //github.com/ilya-dubinsky/cfpp
商品描述(中文翻譯)
雖然加密技術在大多數現代解決方案中扮演著重要角色,特別是在支付領域,但對於這些工具的大多數使用者來說,加密演算法仍然是一個黑箱。就像一位理智的後端開發者不會深入伺服器檔案系統的低層磁碟存取細節一樣,支付專業人員在需要調試加密值或訊息摘要之前,已經有足夠的事情需要擔心。然而,在某個時刻,工程師會面臨需要識別特定演算法問題的情況,或者可能需要創建一個測試工具,以模擬涉及加密的協議中的對應部分。
加密技術的世界已經取得了巨大的進步。可用的技術標準提到縮寫並鏈接到更多標準,其中一些非常龐大,而另一些則無法免費獲得。在找到演算法的標準後,還必須確定具體的操作模式。大多數實作使用幾個加密原語,例如,使用區塊加密進行金鑰衍生,這會產生一個秘密,該秘密與雜湊函數和雙重填充方案一起使用,以生成一個 base64 編碼值的數位簽名。理解這一點需要更多地篩選在線資源,閱讀平台和庫的文檔,最後,當可以編寫一些代碼時,驗證它的測試案例非常少。
《支付專業人士的加密技術》旨在為技術人員而設,最好是具備一些軟體工程背景的人,他們可能需要處理支付領域中的加密演算法。它不深入探討支付技術,也不提供超過簡要概述的一些法規和安全標準。相反,它專注於提到的每個領域的加密方面。重點包括:
- 主要的加密演算法及其運作原理
- 卡片在場交易(例如,磁條、EMV)和線上交易(例如,電子商務和 3DS 2.0)的加密方面
- TDES DUKPT 和 AES DUKPT 協議的詳細描述,以及兩者的範例實作和測試案例
如果讀者了解程式設計、機器記憶體中的數字和字串表示法以及位元操作,那將是最好的。對 C、Python 或 Java 的了解可能會使範例更易於閱讀,但這並不是強制性的。
與本書相關的代碼可在作者的 GitHub 網站上獲得:https://github.com/ilya-dubinsky/cfpp
作者簡介
Ilya Dubinsky has 20 years of experience in the software industry. He is the VP of CTO Office in Finaro (formerly Credorax), the fastest-growing cross-border acquiring bank in the European Union. Ilya defines technological roadmap of the company, manages its IP portfolio and guides participation in international standard bodies. He also leads the in-house technology research, including in the fields of cryptography, blockchain, and AI. Ilya participates in global groups and bodies, including ISO, The Berlin Group banking industry standards initiative, the Payment Services User Group of Bank of Malta and the Fintech Forum of Bank of Israel. Capitalizing on his years of experience in software development, product and project management in Telecom and Finance industries, Ilya teaches a fin-tech class in Holon Institute of Technology and oversees joint research projects with Tel Aviv University.
作者簡介(中文翻譯)
Ilya Dubinsky 在軟體產業擁有 20 年的經驗。他是 Finaro(前身為 Credorax)的首席技術官辦公室副總裁,該公司是歐盟增長最快的跨境收單銀行。Ilya 定義公司的技術路線圖,管理其知識產權組合,並指導參與國際標準機構。他還領導內部技術研究,包括密碼學、區塊鏈和人工智慧等領域。Ilya 參與全球組織和機構,包括 ISO、柏林銀行業標準倡議、馬爾他銀行的支付服務用戶小組以及以色列銀行的金融科技論壇。憑藉他在電信和金融行業的軟體開發、產品和專案管理的多年經驗,Ilya 在霍隆科技學院教授金融科技課程,並監督與特拉維夫大學的聯合研究專案。
