60 likes | 145 Views
Module 7 – SET. SET predecessors iKP, STT, SEPP. i KP. Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography, where i represents the number of parties who have public and private keys
E N D
Module 7 – SET • SET predecessors • iKP, STT, SEPP
iKP • Developed by IBM • Three parties are involved - Customer, Merchant, and Acquirer • Uses public key cryptography, where i represents the number of parties who have public and private keys • 1KP -Only messages sent to the acquirer are encrypted • 2KP - Messages received by the seller are also encryted • 3KP - All messages are encrypted • Existing infrastructure handles clearing and settlement
Customer Merchant Acquirer Initiate Invoice Payment Auth-Request Auth-Response Confirm Goods and services
Secure Transaction Technology (STT) • Developed by VISA and Microsoft • Virtual internet credit card system • Includes card holder, merchant, card issuing bank, acquiring bank, and a central authority • Uses “credentials” for authentication - similar to digital certificates • A tree of trust is generated in the same structure as the existing real-world credit card environment, where the central authority signs the credentials of the banks, and the banks sign the credentials of the merchant and customer • Uses dual signatures, message digests, and public key cryptography
Root Key - R Association Signature - A (Signed by R) Issuer Signature - IS (Signed by A) Acquirer Signature - AS (Signed by A) Cardholder Signature (Signed by IS) Cardholder Signature (Signed by IS) Merchant Signature (Signed by AS) Merchant Signature (Signed by AS)
Secure Electronic Payment Protocol (SEPP) • Developed by Mastercard, IBM, Netscape, GTE and CyberCash • All traditional participants are represented (card holder, card issuing bank, central authority, acquiring bank, and merchant) • Uses existing infrastructure for clearing (STT uses internet for all communications) • Certificates are issued directly to merchants and card holders from central authority, not by the banks • Never implemented, as SST and SEPP were succeeded by a joint venture between VISA and MasterCard - SET