180 likes | 321 Views
SET Debit. Proposed Architecture. Gilles Garon February 3, 1998. Contents. Identified Requirements Proposed Architecture Cardholder Environment Common Environment SET Debit Security On-line PIN Verification Off-line PIN verification. Contents. Card and Issuer Authentication
E N D
SET Debit Proposed Architecture Gilles Garon February 3, 1998
Contents • Identified Requirements • Proposed Architecture • Cardholder Environment • Common Environment • SET Debit Security • On-line PIN Verification • Off-line PIN verification
Contents • Card and Issuer Authentication • Cardholder Signatures • Impact on SET 1.0 • Proposed Functionality • Benefits of Architecture • Conclusion
Identified Requirements • Cardholder Verification Methods • Software and Hardware Encryption • Integrated Circuit Cards and Tokens • Algorithm Independence • Debit Reversals and Recurring Payments • Others
Cardholder Environment • Selected by the Issuer • The Issuer has the option of using: • SET 1.0 (no additional security) • EMV ICCs, non-EMV ICCs, or security tokens • Secure devices (for PIN-entry, signatures) • Software (for PIN encryption) • The Cardholder SET Debit environment is defined in the Cardholder Certificate
Common Environment • SET 1.0 with added SET Debit functionality on the Merchant System and the Payment Gateway • Added functionality includes: • Personal Identification Numbers (PINs) • Integrated Circuit Cards (ICCs) • Security tokens • Elliptic Curve Cryptography (ECC) • Brand Certificates identify debit transactions
SET Debit Security • On-line PIN verification by the Issuer • Off-line PIN verification by ICC or security token • ICC or security token authentication by Issuer • Issuer authentication of ICC or security token • SET signatures using ICC, security token, or secure device (e.g., PIN-entry device)
SET Cardholder Signatures Note 1: A common Cardholder signature key must be used. The Cardholder Signature Certificate must be obtained from the Acquirer. Note 2: An ICC or a security token capable of generating SET signatures must be used.
Impact on SET 1.0 • Cardholder PC - Defined by the Issuer • Merchant System • ICC extension (only forward data) • ECC support • Payment Gateway • ICC support (translates ICC data) • PIN support (translates PIN) • ECC support
Proposed Functionality • Zone Asymmetric PIN Encryption • Zone DES PIN Encryption • ICC extension based on EMV EC • Supports EMV ICCs, non-EMV ICCs and security tokens • Elliptic Curve Cryptography • SET Debit security • Certification Authority
Proposed Functionality • Cardholder Certificate Extension • Provides support providing track 2 or a cryptogram of track 2 to the Issuer • Informs Merchant and Payment Gateway of the Cardholder environment • Optional PIN for Cardholder Registration • Batch Debit reversals • Recurring Payments • Triple DES
Benefits of Architecture • The Issuer can select a Cardholder environment that meets market and security requirements • Option of using ICCs, security tokens, secure devices, software for PIN encryption • Option of accepting risks of lesser security • The Card Associations can define or restrict the Cardholder environment to meet their debit product strategy
Benefits of Architecture • Magnetic stripe debit cards are supported • Currently deployed ICCs or security tokens can be used for SET Debit security • Private and public PCs are supported • SET Debit ICC extensions based on EMV’97 Chip Electronic Commerce Standard (EMV EC) • Issuers can deploy any Cardholder environment and migrate to EMV ICCs without impacting the common SET Debit environment
Conclusion • Changes required in SET are not significant • SET Debit support will be optional in SET • The security options will accommodate different Issuer and market requirements • ECC support will reduce ICC costs for SET signatures, and SET cryptographic overhead • SET Debit should be introduced before SET 2.0 in a SET 1.x update