1 / 18

SET Debit

SET Debit. Proposed Architecture. Gilles Garon February 3, 1998. Contents. Identified Requirements Proposed Architecture Cardholder Environment Common Environment SET Debit Security On-line PIN Verification Off-line PIN verification. Contents. Card and Issuer Authentication

ceri
Download Presentation

SET Debit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SET Debit Proposed Architecture Gilles Garon February 3, 1998

  2. Contents • Identified Requirements • Proposed Architecture • Cardholder Environment • Common Environment • SET Debit Security • On-line PIN Verification • Off-line PIN verification

  3. Contents • Card and Issuer Authentication • Cardholder Signatures • Impact on SET 1.0 • Proposed Functionality • Benefits of Architecture • Conclusion

  4. Identified Requirements • Cardholder Verification Methods • Software and Hardware Encryption • Integrated Circuit Cards and Tokens • Algorithm Independence • Debit Reversals and Recurring Payments • Others

  5. Proposed Architecture

  6. Cardholder Environment • Selected by the Issuer • The Issuer has the option of using: • SET 1.0 (no additional security) • EMV ICCs, non-EMV ICCs, or security tokens • Secure devices (for PIN-entry, signatures) • Software (for PIN encryption) • The Cardholder SET Debit environment is defined in the Cardholder Certificate

  7. Common Environment • SET 1.0 with added SET Debit functionality on the Merchant System and the Payment Gateway • Added functionality includes: • Personal Identification Numbers (PINs) • Integrated Circuit Cards (ICCs) • Security tokens • Elliptic Curve Cryptography (ECC) • Brand Certificates identify debit transactions

  8. SET Debit Security • On-line PIN verification by the Issuer • Off-line PIN verification by ICC or security token • ICC or security token authentication by Issuer • Issuer authentication of ICC or security token • SET signatures using ICC, security token, or secure device (e.g., PIN-entry device)

  9. On-line PIN Verification

  10. Off-line PIN Verification

  11. Card and Issuer Verification

  12. SET Cardholder Signatures Note 1: A common Cardholder signature key must be used. The Cardholder Signature Certificate must be obtained from the Acquirer. Note 2: An ICC or a security token capable of generating SET signatures must be used.

  13. Impact on SET 1.0 • Cardholder PC - Defined by the Issuer • Merchant System • ICC extension (only forward data) • ECC support • Payment Gateway • ICC support (translates ICC data) • PIN support (translates PIN) • ECC support

  14. Proposed Functionality • Zone Asymmetric PIN Encryption • Zone DES PIN Encryption • ICC extension based on EMV EC • Supports EMV ICCs, non-EMV ICCs and security tokens • Elliptic Curve Cryptography • SET Debit security • Certification Authority

  15. Proposed Functionality • Cardholder Certificate Extension • Provides support providing track 2 or a cryptogram of track 2 to the Issuer • Informs Merchant and Payment Gateway of the Cardholder environment • Optional PIN for Cardholder Registration • Batch Debit reversals • Recurring Payments • Triple DES

  16. Benefits of Architecture • The Issuer can select a Cardholder environment that meets market and security requirements • Option of using ICCs, security tokens, secure devices, software for PIN encryption • Option of accepting risks of lesser security • The Card Associations can define or restrict the Cardholder environment to meet their debit product strategy

  17. Benefits of Architecture • Magnetic stripe debit cards are supported • Currently deployed ICCs or security tokens can be used for SET Debit security • Private and public PCs are supported • SET Debit ICC extensions based on EMV’97 Chip Electronic Commerce Standard (EMV EC) • Issuers can deploy any Cardholder environment and migrate to EMV ICCs without impacting the common SET Debit environment

  18. Conclusion • Changes required in SET are not significant • SET Debit support will be optional in SET • The security options will accommodate different Issuer and market requirements • ECC support will reduce ICC costs for SET signatures, and SET cryptographic overhead • SET Debit should be introduced before SET 2.0 in a SET 1.x update

More Related