The document discusses Secure Electronic Transaction (SET), a protocol developed by Visa and MasterCard to securely conduct credit card transactions online. SET uses digital certificates and dual signatures to authenticate parties and protect sensitive information. A basic SET purchase involves 4 messages between the customer and merchant to request and confirm the purchase, and 2 additional messages are sent from the merchant to the payment gateway for authorization. SET provides confidentiality, integrity, authentication and privacy for credit card transactions through public/private key encryption, digital signatures and separation of payment and order information.
Secure Electronic Transaction
Contents are:
Secure Electronic Transaction
SET Business Requirements
SET Protocols
Parties in SET
Implementation of SET
SET Transaction
Dual Signature in SET
Dual Signature Operation
SET Supported Transaction
Credit Card Protocols
It is about the SET that how it was launched and what were the problems which it faced after launched and what was new after it as a solution of the problems as the security experts found.
Security and Payment in E-Business is a prime focus of any organisation engaged in e-business. This presentation helps you to improve your knowledge about online payments and online security
A Payment Gateway is an ecommerce application that authorizes payments for e-business, online retailers etc. Analogy of payment is cash counters which are located in the retail outlets. Payment gateways encrypt sensitive information such as credit card numbers to ensure that information passes securely between the customer and the merchant.
Secure Electronic Transaction
Contents are:
Secure Electronic Transaction
SET Business Requirements
SET Protocols
Parties in SET
Implementation of SET
SET Transaction
Dual Signature in SET
Dual Signature Operation
SET Supported Transaction
Credit Card Protocols
It is about the SET that how it was launched and what were the problems which it faced after launched and what was new after it as a solution of the problems as the security experts found.
Security and Payment in E-Business is a prime focus of any organisation engaged in e-business. This presentation helps you to improve your knowledge about online payments and online security
A Payment Gateway is an ecommerce application that authorizes payments for e-business, online retailers etc. Analogy of payment is cash counters which are located in the retail outlets. Payment gateways encrypt sensitive information such as credit card numbers to ensure that information passes securely between the customer and the merchant.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
2. SMU CSE 5349/7349
Credit Cards on the Internet
• Problem: communicate credit card and purchasing
data securely to gain consumer trust
– Authentication of buyer and merchant
– Confidential transmissions
• Systems vary by
– Type of public-key encryption
– Type of symmetric encryption
– Message digest algorithm
– Number of parties having private keys
– Number of parties having certificates
3. SMU CSE 5349/7349
Credit Card Protocols
• SSL 1 or 2 parties have private keys
• TLS (Transport Layer Security)
– IETF version of SSL
• iKP (IBM)
• SEPP (Secure Encryption Payment Protocol)
– MasterCard, IBM, Netscape
• STT (Secure Transaction Technology)
– VISA, Microsoft
• SET (Secure Electronic Transactions)
– MasterCard, VISA all parties have certificates
OBSOLETE
VERY SLOW
ACCEPTANCE
4. SMU CSE 5349/7349
Secure Electronic Transaction
(SET)
• Developed by Visa and MasterCard
• Designed to protect credit card
transactions
• Confidentiality: all messages encrypted
• Trust: all parties must have digital
certificates
• Privacy: information made available only
when and where necessary
6. SMU CSE 5349/7349
SET Business Requirements
• Provide confidentiality of payment and
ordering information
• Ensure the integrity of all transmitted
data
• Provide authentication that a cardholder is
a legitimate user of a credit card account
• Provide authentication that a merchant can
accept credit card transactions through its
relationship with a financial institution
7. SMU CSE 5349/7349
SET Business Requirements (cont’d)
• Ensure the use of the best security
practices and system design techniques to
protect all legitimate parties in an
electronic commerce transaction
• Create a protocol that neither depends on
transport security mechanisms nor
prevents their use
• Facilitate and encourage interoperability
among software and network providers
9. SMU CSE 5349/7349
SET Transactions
• The customer opens an account with a card issuer.
– MasterCard, Visa, etc.
• The customer receives a X.509 V3 certificate signed by a bank.
– X.509 V3
• A merchant who accepts a certain brand of card must possess two
X.509 V3 certificates.
– One for signing & one for key exchange
• The customer places an order for a product or service with a merchant.
• The merchant sends a copy of its certificate for verification.
10. SMU CSE 5349/7349
SET Transactions
• The customer sends order and payment
information to the merchant.
• The merchant requests payment authorization
from the payment gateway prior to shipment.
• The merchant confirms order to the customer.
• The merchant provides the goods or service to
the customer.
• The merchant requests payment from the
payment gateway.
11. SMU CSE 5349/7349
Key Technologies of SET
• Confidentiality of information: DES
• Integrity of data: RSA digital signatures
with SHA-1 hash codes
• Cardholder account authentication:
X.509v3 digital certificates with RSA
signatures
• Merchant authentication: X.509v3 digital
certificates with RSA signatures
• Privacy: separation of order and payment
information using dual signatures
12. SMU CSE 5349/7349
Dual Signatures
• Links two messages securely but allows only one party to
read each.
MESSAGE 1
DIGEST 1
NEW DIGEST
HASH 1 & 2
WITH SHA
MESSAGE 2
DIGEST 2
CONCATENATE DIGESTS
TOGETHER
HASH WITH SHA TO
CREATE NEW DIGEST
DUAL SIGNATURE
PRIVATE KEY
ENCRYPT NEW DIGEST
WITH SIGNER’S PRIVATE KEY
13. SMU CSE 5349/7349
Dual Signature for SET
• Concept: Link Two Messages Intended for Two
Different Receivers:
– Order Information (OI): Customer to Merchant
– Payment Information (PI): Customer to Bank
• Goal: Limit Information to A “Need-to-Know” Basis:
– Merchant does not need credit card number.
– Bank does not need details of customer order.
– Afford the customer extra protection in terms of
privacy by keeping these items separate.
• This link is needed to prove that payment is intended
for this order and not some other one.
14. SMU CSE 5349/7349
Why Dual Signature?
• Suppose that customers send the merchant two
messages:
• The signed order information (OI).
• The signed payment information (PI).
• In addition, the merchant passes the payment
information (PI) to the bank.
• If the merchant can capture another order
information (OI) from this customer, the merchant
could claim this order goes with the payment
information (PI) rather than the original.
15. SMU CSE 5349/7349
Dual Signature Operation
• The operation for dual signature is as follows:
– Take the hash (SHA-1) of the payment and order information.
– These two hash values are concatenated [H(PI) || H(OI)] and
then the result is hashed.
– Customer encrypts the final hash with a private key creating
the dual signature.
DS = EKRC [ H(H(PI) || H(OI)) ]
16. SMU CSE 5349/7349
DS Verification by Merchant
• The merchant has the public key of the customer
obtained from the customer’s certificate.
• Now, the merchant can compute two values:
H(PIMD || H(OI))
DKUC[DS]
• Should be equal!
17. SMU CSE 5349/7349
DS Verification by Bank
• The bank is in possession of DS, PI, the message digest for
OI (OIMD), and the customer’s public key, then the bank
can compute the following:
H(H(PI) || OIMD)
DKUC [ DS ]
18. SMU CSE 5349/7349
What did we accomplish?
• The merchant has received OI and verified the signature.
• The bank has received PI and verified the signature.
• The customer has linked the OI and PI and can prove the
linkage.
21. SMU CSE 5349/7349
Purchase Request: Initiate Request
• Basic Requirements:
– Cardholder Must Have Copy of Certificates for
Merchant and Payment Gateway
• Customer Requests the Certificates in the Initiate
Request Message to Merchant
– Brand of Credit Card
– ID Assigned to this Request/response pair by
customer
– Nonce
22. SMU CSE 5349/7349
Purchase Request: Initiate Response
• Merchant Generates a Response
– Signs with Private Signature Key
– Include Customer Nonce
– Include Merchant Nonce (Returned in Next
Message)
– Transaction ID for Purchase Transaction
• In Addition …
– Merchant’s Signature Certificate
– Payment Gateway’s Key Exchange Certificate
23. SMU CSE 5349/7349
Purchase Request: Purchase Request
• Cardholder Verifies Two Certificates Using Their CAs and
Creates the OI and PI.
• Message Includes:
– Purchase-related Information
– Order-related Information
– Cardholder Certificate
25. SMU CSE 5349/7349
Merchant Verifies Purchase Request
• When the merchant
receives the Purchase
Request message, it
performs the following
actions:
– Verify the cardholder
certificates by means
of its CA signatures.
– Verifies the dual
signature using the
customer’s public key
signature.
26. SMU CSE 5349/7349
Merchant Verification (cont’d)
– Processes the order
and forwards the
payment information
to the payment
gateway for
authorization.
– Sends a purchase
response to the
cardholder.
27. SMU CSE 5349/7349
Purchase Response Message
• Message that Acknowledges the Order and References
Corresponding Transaction Number
• Block is
– Signed by Merchant Using its Private Key
– Block and Signature Are Sent to Customer Along with
Merchant’s Signature Certificate
• Upon Reception
– Verifies Merchant Certificate
– Verifies Signature on Response Block
– Takes the Appropriate Action
28. SMU CSE 5349/7349
Payment Process
• The payment process is broken down into two steps:
– Payment authorization
– Payment capture
29. SMU CSE 5349/7349
Payment Authorization
• The merchant sends an authorization request message to
the payment gateway consisting of the following:
– Purchase-related information
• PI
• Dual signature calculated over the PI & OI and signed
with customer’s private key.
• The OI message digest (OIMD)
• The digital envelop
– Authorization-related information
– Certificates
30. SMU CSE 5349/7349
Payment Authorization (cont’d)
– Authorization-related information
• An authorization block including:
– A transaction ID
– Signed with merchant’s private key
– Encrypted one-time session key
– Certificates
• Cardholder’s signature key certificate
• Merchant’s signature key certificate
• Merchant’s key exchange certificate
31. SMU CSE 5349/7349
Payment: Payment Gateway
• Verify All Certificates
• Decrypt Authorization Block Digital Envelope to Obtain
Symmetric Key and Decrypt Block
• Verify Merchant Signature on Authorization Block
• Decrypt Payment Block Digital Envelope to Obtain
Symmetric Key and Decrypt Block
• Verify Dual Signature on Payment Block
• Verify Received Transaction ID Received from Merchant
Matches PI Received from Customer
• Request and Receive Issuer Authorization
32. SMU CSE 5349/7349
Authorization Response
• Authorization Response Message
– Authorization-related Information
– Capture Token Information
– Certificate
33. SMU CSE 5349/7349
SET Overhead
Simple purchase transaction:
• Four messages between merchant and customer
• Two messages between merchant and payment
gateway
• 6 digital signatures
• 9 RSA encryption/decryption cycles
• 4 DES encryption/decryption cycles
• 4 certificate verifications
Scaling:
• Multiple servers need copies of all certificates