SET
- Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.
- It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others.
How SET works
1. The customer opens
a Mastercard or Visa bank account. Any issuer of a credit card is some kind of
bank.
2. The customer
receives a digital certificate.
This electronic file functions as a credit card for online purchases or other
transactions. It includes a public key with
an expiration date. It has been through a digital switch to
the bank to ensure its validity.
3. Third-party
merchants also receive certificates from the bank. These certificates include
the merchant's public key and the bank's public key.
4. The customer places
an order over a Web page, by phone, or some other means.
5. The customer's
browser receives and confirms from the merchant's certificate that the merchant
is valid.
6. The browser sends
the order information. This message is encrypted with the merchant's public
key, the payment information, which is encrypted with the bank's public key
(which can't be read by the merchant), and information that ensures the payment
can only be used with this particular order.
7. The merchant
verifies the customer by checking the digital signature on the customer's
certificate. This may be done by referring the certificate to the bank or to a
third-party verifier.
8. The merchant sends
the order message along to the bank. This includes the bank's public key, the
customer's payment information (which the merchant can't decode), and the
merchant's certificate.
9. The bank verifies
the merchant and the message. The bank uses the digital signature on the
certificate with the message and verifies the payment part of the message.
10.
The bank digitally signs and sends authorization to the merchant, who
can then fill the order.
SET requirements:
·
Provide confidentiality of
ordering information and payment information
·
Ensure the integrity of all
transmitted data
·
Provide authentication that a card
holder is a legitimate user of a credit card account
·
Provide authentication that a
merchant can accept credit card transactions through its relationship with a
financial institution.
SET participants
1.
Cardholder – customer
2.
Issuer – customer financial institution
3.
Merchant
4.
Acquirer – Merchant financial
5.
Certificate authority – Authority which
follows certain standards and issues certificates(like X.509V3) to all other
participants.
SET functionalities :
o Provide Authentication
·
Merchant Authentication – To prevent
theft, SET allows customers to check previous relationships between merchant
and financial institution. Standard X.509V3 certificates are used for this
verification.
·
Customer / Cardholder Authentication – SET checks if
use of credit card is done by an authorized user or not using X.509V3
certificates.
o Provide Message
Confidentiality :
Confidentiality refers to preventing unintended people from reading the message
being transferred. SET implements confidentiality by using encryption
techniques. Traditionally DES is used for encryption purpose.
o Provide Message
Integrity :
SET doesn’t allow message modification with the help of signatures. Messages
are protected against unauthorized modification using RSA digital signatures
with SHA-1 and some using HMAC with SHA-1.
SET FUNCTIONS:
No comments:
Post a Comment