1 / 15

SECURE ELECTRONIC TRANSACTIONS (SET)

SECURE ELECTRONIC TRANSACTIONS (SET). Cebanu Ghenadie. History and development. Early in the 1990s, banks were refusing to accept or process charges originating on the Internet.

miya
Download Presentation

SECURE ELECTRONIC TRANSACTIONS (SET)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECUREELECTRONICTRANSACTIONS (SET) Cebanu Ghenadie

  2. Historyanddevelopment Early in the 1990s, banks were refusing to accept or process charges originating on the Internet. So banks, led by pressures on two sides: merchantsandconsumers - beganpressuringtheVisa and MasterCard Associations to develop secure standards for using credit cards over any insecure channel

  3. Historyanddevelopment • 1995 > Visa andMicrosoft- The Secure Transaction Technology(STT) • 1996 > MasterCard and its allies, Netscape, IBM, Cybercash, and GTE (now Baltimore Technologies) - Secure Electronic PaymentProtocol(SEPP)

  4. Historyanddevelopment In February1996 Visa & MasterCard Combine Secure Specifications for Card Transactions on the Internet Into OneStandard. SET Consortium: Visa and MasterCard, along with GTE, IBM, Microsoft, Netscape Communications Corp., SAIC, Terisa Systems, Verisign, and RSA Data Security.

  5. Historyanddevelopment June 24, 1996 - firstversion of SET 0.0 May 31, 1997, SET Version 1.0 was released to the public.

  6. KeyFeatures of SET • Confidentiality of information (DES is used to provide confidentiality) • Integrity of data (RSA digital signatures, using SHA-1 hash codes) • Cardholderaccountauthentication (X.509v3 digital sertificates with RSA signatures) • Merchant authentication (X.509v3 digital certificates with RSA signatures ) • Privacy (separation of order and payment information using dual signatures)

  7. Dual signature DS = Encrypt KRC [ H( H(PI) || H(OI) ) ] Verification by merchant Merchant is in possession of DS, OI, PIMD, Public key from customers certificate H(PIMD || H(OI)) andDKUc[DS] are equal Verification by bank Bank is in possession of DS, OIMD, PI, Public key from customers certificate H(H(PI) || OIMD) andDKUc[DS]are equal

  8. Process

  9. Purchaserequest • PurchaseInitiateRequest CM CM(Id assigned by customer and nonce to ensure timelines) • PurchaseInitiateResponseMC (Id assigned by merchant and a challenge) 3. PurchaseRequest CM (Encrypted KS(PI, DS, OIMD), DS, OI, KC, PIMD) 4. PurchaseResponse MC (acknowledges signed signedbythemerchant private signature key and merchant’s signature certificate)

  10. PaymentAuthorization • PaymentAuthorizationRequest MP (DS, PI, OIMD, Certificates, AI) • PaymentAuthorizationResponse PM (AI, Certificate, Capture Token Information)

  11. PROBLEMS • strong authentication on deal • weak authentication on deal • secrecy of order • secrecy of payment

  12. What involve a purchase transaction? • 4 messages between merchant and customer • 2 messages between merchant and payment gateway • 6 digital signatures • 9 RSA encryption/decryption cycles • 4 DES encryption/decryption cycles • 4 certificate verifications

  13. Related work 3-D Secure

  14. Conclusions SET is a very complicated security protocol, expensive support for merchants in comparison with existing low cost SSL and need to install client software/hardware (e-wallet) make it dusty for merchants, banks and especially marketing people. But instead of that it is a safe protocol, and over time, its resurrection in some form or another may materialize to finally bring an end to the intolerable state of Internet credit cardfraud.

  15. Bibliography • Mark S. Merkow (2004). "Secure Electronic Transactions (SET)". In HosseinBidgoli. The Internet Encyclopedia. • Yang Li & Yun Wang. Secure Electronic Transaction (SET protocol) • www.ing.ro/ingb/persoane-fizice/securitate/3d-secure.html • http://www.avispa-project.org/library/SET-purchase.html

More Related