SlideShare a Scribd company logo
Secure Electronic Transaction
Department of Computer Science and Engineering
Hamdard University Bangladesh
Contents
 Secure Electronic Transaction
 SET Business Requirements
 SET Protocols
 Parties in SET
 Key Technologies of SET
 Implementation of SET
 SET Transaction
 Dual Signatures
 Dual Signature in SET
 Dual Signature Operation
 SET Supported Transaction
 Credit Card Protocols 02 out of 17
Secure Electronic Transaction
• An application-layer security mechanism, consisting
of a set of protocols.
• Protect credit card transaction on the Internet.
• Companies involved:– MasterCard, Visa, IBM,
Microsoft, Netscape, RSA, Cyber Cash, Net Bill
• Not an ordinary payment system.
• It has a complex technical specification.
03 out of 17
SET Business Requirements
• Provide confidentiality of payment and ordering
information.
• Ensure the integrity of all transmitted data.
• Provide authentication that a cardholder is a ultimate
user of a credit card account.
• Provide authentication that a merchant can accept credit
card transactions through its relationship with a
financial institution.
04 out of 17
SET Business Requirements (cont’d)
• Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an electronic commerce
transaction.
• Create a protocol that neither depends on transport security
mechanisms nor prevents their use.
• Facilitate and encourage interoperability among software and
network providers.
05 out of 17
Secure Electronic Transaction :
Protocol
• Confidentiality: All messages are encrypted.
• Trust: All parties must have digital certificates.
• Privacy: information made available only when and where
necessary.
• Developed by Visa and MasterCard.
• Designed to protect credit card transactions.
05 out of 17
Parties in SET
07 out of 17
Key Technologies of SET
• Confidentiality of information: DES
• Integrity of data: RSA digital signatures with SHA-1 hash
codes
• Cardholder account authentication: X.509v3 digital
certificates with RSA signatures
• Merchant authentication: X.509v3 digital certificates with
RSA signatures
• Privacy: separation of order and payment information
using dual signatures
08 out of 17
Implementation of SET
• Data Confidentiality  Encryption
• Who am I dealing with?  Authentication
• Message integrity  Message Digest
• Non-repudiation  Digital Signature
• Access Control  Certificate Attributes
09 out of 17
SET Transactions
• The customer sends order and payment information to
the merchant.
• The merchant requests payment authorization from the
payment gateway prior to shipment.
• The merchant confirms order to the customer.
• The merchant provides the goods or service to the
customer.
• The merchant requests payment from the payment
gateway.
10 out of 17
SET Transactions
11 out of 17
Dual Signatures
• Links two messages securely but allows only one party to read
each.
MESSAGE 1
DIGEST 1
NEW DIGEST
HASH 1 & 2
WITH SHA
MESSAGE 2
DIGEST 2
CONCATENATE DIGESTS
TOGETHER
HASH WITH SHA TO
CREATE NEW DIGEST
DUAL SIGNATURE
PRIVATE KEY
ENCRYPT NEW DIGEST
WITH SIGNER’S PRIVATE KEY
12 out of 17
Dual Signatures for SET
 Concept: Link Two Messages Intended for Two Different Receivers:
• Order Information (OI): Customer to Merchant
• Payment Information (PI): Customer to Bank
 Goal: Limit Information to A “Need-to-Know” Basis:
• Merchant does not need credit card number.
• Bank does not need details of customer order.
• Afford the customer extra protection in terms of privacy by keeping
these items separate.
• This link is needed to prove that payment is intended for this order and
not some other one.
13 out of 17
Dual Signature Operation
The operation for dual signature is as follows:
Take the hash (SHA-1) of the payment and order information.
These two hash values are concatenated [H(PI) || H(OI)] and
then the result is hashed.
Customer encrypts the final hash with a private key
creating the dual signature.
DS = EKRC [ H(H(PI) || H(OI)) ]
14 out of 17
SET Supported Transactions
 Card holder registration
 Merchant registration
 Purchase request
 Payment authorization
 Payment capture
 Certificate query
 Purchase inquiry
15 out of 17
Credit Card Protocols
• SSL (System Session Layer ) 1 or 2 parties have private keys
• TLS (Transport Layer Security)
• SEPP (Secure Encryption Payment Protocol)
– MasterCard, IBM, Netscape
• STT (Secure Transaction Technology)
– VISA, Microsoft
• SET (Secure Electronic Transactions)
– MasterCard, VISA all parties have certificates
16 out of 17
THANK YOU

More Related Content

What's hot

Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
Nrapesh Shah
 
Ec2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systemsEc2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systems
Nuth Otanasap
 
Edi ppt
Edi pptEdi ppt
Edi ppt
Sheetal Verma
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerce
Nishant Pahad
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
60ml
 
E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project  ppt(Design and implementation of e-secure trans...E secure transaction project  ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...
AJIT Singh
 
Digital signature
Digital signatureDigital signature
Digital signature
Filipp Kolobov
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
E Cheques
E ChequesE Cheques
E Cheques
Sumant Diwakar
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
Adarsh Kumar Yadav
 
e-cheque
e-chequee-cheque
e-cheque
raksha93
 
Difference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateDifference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital Certificate
AboutSSL
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
Nishant Pahad
 
Electronic Data Interchange (EDI) | E-Commerce
Electronic Data Interchange (EDI) | E-CommerceElectronic Data Interchange (EDI) | E-Commerce
Electronic Data Interchange (EDI) | E-Commerce
Hem Pokhrel
 
SSL
SSLSSL
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
mahesh tawade
 
Edi layer
Edi layerEdi layer
Edi layer
Sheetal Verma
 
Digital signature
Digital signatureDigital signature
Digital signature
CHESStest{perfect Kadhu}
 

What's hot (20)

Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
Ec2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systemsEc2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systems
 
Edi ppt
Edi pptEdi ppt
Edi ppt
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerce
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project  ppt(Design and implementation of e-secure trans...E secure transaction project  ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
E Cheques
E ChequesE Cheques
E Cheques
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
e-cheque
e-chequee-cheque
e-cheque
 
Difference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateDifference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital Certificate
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
Electronic Data Interchange (EDI) | E-Commerce
Electronic Data Interchange (EDI) | E-CommerceElectronic Data Interchange (EDI) | E-Commerce
Electronic Data Interchange (EDI) | E-Commerce
 
SSL
SSLSSL
SSL
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature ppt
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
 
Edi layer
Edi layerEdi layer
Edi layer
 
Digital signature
Digital signatureDigital signature
Digital signature
 

Similar to Secure Electronic Transaction

secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transaction
Harsh Mehta
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
ShujaShah
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
Ramesh Ogania
 
Payment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVITPayment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVIT
hiteshasnani94
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
Ajmi Siraj
 
Fdp week 1 presentation
Fdp week 1 presentationFdp week 1 presentation
Fdp week 1 presentation
shwetachanchlani
 
E commerce
E commerceE commerce
E commerce
Himadri Shekhar
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Goutama Bachtiar
 
SET (1).ppt
SET (1).pptSET (1).ppt
SET (1).ppt
chandrakaren21
 
NETWORK SECURITY-SET.pptx
NETWORK SECURITY-SET.pptxNETWORK SECURITY-SET.pptx
NETWORK SECURITY-SET.pptx
Dr.Florence Dayana
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
Electronic Payment Protocol
Electronic Payment ProtocolElectronic Payment Protocol
Electronic Payment Protocol
Aju Thomas
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
pankhadi
 
secnet.ppt
secnet.pptsecnet.ppt
secnet.ppt
vishy230892
 
Secure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying TechnologiesSecure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying Technologies
BangNgoVanCong
 
Ch 2
Ch 2Ch 2
Can security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerceCan security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerce
Mercury Processing Services International
 
Secnet
SecnetSecnet
Secnet
arjun roy
 
The Future of Payments
The Future of PaymentsThe Future of Payments
The Future of Payments
Netcetera
 
Secnet
SecnetSecnet
Secnet
Suman Madan
 

Similar to Secure Electronic Transaction (20)

secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transaction
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Payment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVITPayment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVIT
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
 
Fdp week 1 presentation
Fdp week 1 presentationFdp week 1 presentation
Fdp week 1 presentation
 
E commerce
E commerceE commerce
E commerce
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
 
SET (1).ppt
SET (1).pptSET (1).ppt
SET (1).ppt
 
NETWORK SECURITY-SET.pptx
NETWORK SECURITY-SET.pptxNETWORK SECURITY-SET.pptx
NETWORK SECURITY-SET.pptx
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
 
Electronic Payment Protocol
Electronic Payment ProtocolElectronic Payment Protocol
Electronic Payment Protocol
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
secnet.ppt
secnet.pptsecnet.ppt
secnet.ppt
 
Secure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying TechnologiesSecure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying Technologies
 
Ch 2
Ch 2Ch 2
Ch 2
 
Can security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerceCan security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerce
 
Secnet
SecnetSecnet
Secnet
 
The Future of Payments
The Future of PaymentsThe Future of Payments
The Future of Payments
 
Secnet
SecnetSecnet
Secnet
 

More from United International University

Digital Devices (3rd chapter-2nd part)
Digital Devices (3rd chapter-2nd part)Digital Devices (3rd chapter-2nd part)
Digital Devices (3rd chapter-2nd part)
United International University
 
Network Topology (partial)
Network Topology (partial)Network Topology (partial)
Network Topology (partial)
United International University
 
Corona prediction from symptoms v1.4
Corona prediction from symptoms v1.4Corona prediction from symptoms v1.4
Corona prediction from symptoms v1.4
United International University
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
United International University
 
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
United International University
 
Wireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solutionWireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solution
United International University
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
United International University
 
Network Security(MD5)
Network Security(MD5)Network Security(MD5)
Network Security(MD5)
United International University
 
Oracle installation
Oracle installationOracle installation
Oracle installation
United International University
 
IEEE 802.11 Project
IEEE 802.11 ProjectIEEE 802.11 Project
IEEE 802.11 Project
United International University
 
SONET-Communication Engineering
SONET-Communication EngineeringSONET-Communication Engineering
SONET-Communication Engineering
United International University
 
Security Issues for Cellular Telephony
Security Issues for Cellular TelephonySecurity Issues for Cellular Telephony
Security Issues for Cellular Telephony
United International University
 
All types of model(Simulation & Modelling) #ShareThisIfYouLike
All types of model(Simulation & Modelling) #ShareThisIfYouLikeAll types of model(Simulation & Modelling) #ShareThisIfYouLike
All types of model(Simulation & Modelling) #ShareThisIfYouLike
United International University
 
Type Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLikeType Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLike
United International University
 
System imolementation(Modern Systems Analysis and Design)
System imolementation(Modern Systems Analysis and Design)System imolementation(Modern Systems Analysis and Design)
System imolementation(Modern Systems Analysis and Design)
United International University
 
Making Complex Decisions(Artificial Intelligence)
Making Complex Decisions(Artificial Intelligence)Making Complex Decisions(Artificial Intelligence)
Making Complex Decisions(Artificial Intelligence)
United International University
 
Free Space Management, Efficiency & Performance, Recovery and NFS
Free Space Management, Efficiency & Performance, Recovery and NFSFree Space Management, Efficiency & Performance, Recovery and NFS
Free Space Management, Efficiency & Performance, Recovery and NFS
United International University
 
Overview of Computer Graphics
Overview of Computer GraphicsOverview of Computer Graphics
Overview of Computer Graphics
United International University
 
Keyboard & Mouse basics
Keyboard & Mouse basics Keyboard & Mouse basics
Keyboard & Mouse basics
United International University
 
Organization of a computer
Organization of a computerOrganization of a computer
Organization of a computer
United International University
 

More from United International University (20)

Digital Devices (3rd chapter-2nd part)
Digital Devices (3rd chapter-2nd part)Digital Devices (3rd chapter-2nd part)
Digital Devices (3rd chapter-2nd part)
 
Network Topology (partial)
Network Topology (partial)Network Topology (partial)
Network Topology (partial)
 
Corona prediction from symptoms v1.4
Corona prediction from symptoms v1.4Corona prediction from symptoms v1.4
Corona prediction from symptoms v1.4
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
ICT-Number system.সংখ্যা পদ্ধতি(৩য় অধ্যায়-১ম অংশ)
 
Wireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solutionWireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solution
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
Network Security(MD5)
Network Security(MD5)Network Security(MD5)
Network Security(MD5)
 
Oracle installation
Oracle installationOracle installation
Oracle installation
 
IEEE 802.11 Project
IEEE 802.11 ProjectIEEE 802.11 Project
IEEE 802.11 Project
 
SONET-Communication Engineering
SONET-Communication EngineeringSONET-Communication Engineering
SONET-Communication Engineering
 
Security Issues for Cellular Telephony
Security Issues for Cellular TelephonySecurity Issues for Cellular Telephony
Security Issues for Cellular Telephony
 
All types of model(Simulation & Modelling) #ShareThisIfYouLike
All types of model(Simulation & Modelling) #ShareThisIfYouLikeAll types of model(Simulation & Modelling) #ShareThisIfYouLike
All types of model(Simulation & Modelling) #ShareThisIfYouLike
 
Type Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLikeType Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLike
 
System imolementation(Modern Systems Analysis and Design)
System imolementation(Modern Systems Analysis and Design)System imolementation(Modern Systems Analysis and Design)
System imolementation(Modern Systems Analysis and Design)
 
Making Complex Decisions(Artificial Intelligence)
Making Complex Decisions(Artificial Intelligence)Making Complex Decisions(Artificial Intelligence)
Making Complex Decisions(Artificial Intelligence)
 
Free Space Management, Efficiency & Performance, Recovery and NFS
Free Space Management, Efficiency & Performance, Recovery and NFSFree Space Management, Efficiency & Performance, Recovery and NFS
Free Space Management, Efficiency & Performance, Recovery and NFS
 
Overview of Computer Graphics
Overview of Computer GraphicsOverview of Computer Graphics
Overview of Computer Graphics
 
Keyboard & Mouse basics
Keyboard & Mouse basics Keyboard & Mouse basics
Keyboard & Mouse basics
 
Organization of a computer
Organization of a computerOrganization of a computer
Organization of a computer
 

Recently uploaded

Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
architagupta876
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
Divyanshu
 
artificial intelligence and data science contents.pptx
artificial intelligence and data science contents.pptxartificial intelligence and data science contents.pptx
artificial intelligence and data science contents.pptx
GauravCar
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
Prakhyath Rai
 
Software Quality Assurance-se412-v11.ppt
Software Quality Assurance-se412-v11.pptSoftware Quality Assurance-se412-v11.ppt
Software Quality Assurance-se412-v11.ppt
TaghreedAltamimi
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
LAXMAREDDY22
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
171ticu
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
Nada Hikmah
 
integral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdfintegral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdf
gaafergoudaay7aga
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
RamonNovais6
 

Recently uploaded (20)

Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
 
artificial intelligence and data science contents.pptx
artificial intelligence and data science contents.pptxartificial intelligence and data science contents.pptx
artificial intelligence and data science contents.pptx
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
 
Software Quality Assurance-se412-v11.ppt
Software Quality Assurance-se412-v11.pptSoftware Quality Assurance-se412-v11.ppt
Software Quality Assurance-se412-v11.ppt
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
 
integral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdfintegral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdf
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
 

Secure Electronic Transaction

  • 1. Secure Electronic Transaction Department of Computer Science and Engineering Hamdard University Bangladesh
  • 2. Contents  Secure Electronic Transaction  SET Business Requirements  SET Protocols  Parties in SET  Key Technologies of SET  Implementation of SET  SET Transaction  Dual Signatures  Dual Signature in SET  Dual Signature Operation  SET Supported Transaction  Credit Card Protocols 02 out of 17
  • 3. Secure Electronic Transaction • An application-layer security mechanism, consisting of a set of protocols. • Protect credit card transaction on the Internet. • Companies involved:– MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Cyber Cash, Net Bill • Not an ordinary payment system. • It has a complex technical specification. 03 out of 17
  • 4. SET Business Requirements • Provide confidentiality of payment and ordering information. • Ensure the integrity of all transmitted data. • Provide authentication that a cardholder is a ultimate user of a credit card account. • Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution. 04 out of 17
  • 5. SET Business Requirements (cont’d) • Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction. • Create a protocol that neither depends on transport security mechanisms nor prevents their use. • Facilitate and encourage interoperability among software and network providers. 05 out of 17
  • 6. Secure Electronic Transaction : Protocol • Confidentiality: All messages are encrypted. • Trust: All parties must have digital certificates. • Privacy: information made available only when and where necessary. • Developed by Visa and MasterCard. • Designed to protect credit card transactions. 05 out of 17
  • 7. Parties in SET 07 out of 17
  • 8. Key Technologies of SET • Confidentiality of information: DES • Integrity of data: RSA digital signatures with SHA-1 hash codes • Cardholder account authentication: X.509v3 digital certificates with RSA signatures • Merchant authentication: X.509v3 digital certificates with RSA signatures • Privacy: separation of order and payment information using dual signatures 08 out of 17
  • 9. Implementation of SET • Data Confidentiality  Encryption • Who am I dealing with?  Authentication • Message integrity  Message Digest • Non-repudiation  Digital Signature • Access Control  Certificate Attributes 09 out of 17
  • 10. SET Transactions • The customer sends order and payment information to the merchant. • The merchant requests payment authorization from the payment gateway prior to shipment. • The merchant confirms order to the customer. • The merchant provides the goods or service to the customer. • The merchant requests payment from the payment gateway. 10 out of 17
  • 12. Dual Signatures • Links two messages securely but allows only one party to read each. MESSAGE 1 DIGEST 1 NEW DIGEST HASH 1 & 2 WITH SHA MESSAGE 2 DIGEST 2 CONCATENATE DIGESTS TOGETHER HASH WITH SHA TO CREATE NEW DIGEST DUAL SIGNATURE PRIVATE KEY ENCRYPT NEW DIGEST WITH SIGNER’S PRIVATE KEY 12 out of 17
  • 13. Dual Signatures for SET  Concept: Link Two Messages Intended for Two Different Receivers: • Order Information (OI): Customer to Merchant • Payment Information (PI): Customer to Bank  Goal: Limit Information to A “Need-to-Know” Basis: • Merchant does not need credit card number. • Bank does not need details of customer order. • Afford the customer extra protection in terms of privacy by keeping these items separate. • This link is needed to prove that payment is intended for this order and not some other one. 13 out of 17
  • 14. Dual Signature Operation The operation for dual signature is as follows: Take the hash (SHA-1) of the payment and order information. These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashed. Customer encrypts the final hash with a private key creating the dual signature. DS = EKRC [ H(H(PI) || H(OI)) ] 14 out of 17
  • 15. SET Supported Transactions  Card holder registration  Merchant registration  Purchase request  Payment authorization  Payment capture  Certificate query  Purchase inquiry 15 out of 17
  • 16. Credit Card Protocols • SSL (System Session Layer ) 1 or 2 parties have private keys • TLS (Transport Layer Security) • SEPP (Secure Encryption Payment Protocol) – MasterCard, IBM, Netscape • STT (Secure Transaction Technology) – VISA, Microsoft • SET (Secure Electronic Transactions) – MasterCard, VISA all parties have certificates 16 out of 17