Module 7 – SET
description
Transcript of Module 7 – SET
Module 7 – SET
• SET predecessors• iKP, STT, SEPP
iKP
• Developed by IBM
• Three parties are involved - Customer, Merchant, and Acquirer
• Uses public key cryptography, where i represents the number of parties who have public and private keys
• 1KP -Only messages sent to the acquirer are encrypted
• 2KP - Messages received by the seller are also encryted
• 3KP - All messages are encrypted
• Existing infrastructure handles clearing and settlement
Customer Merchant Acquirer
Initiate
Invoice
PaymentAuth-Request
Auth-Response
Confirm
Goods and services
Secure Transaction Technology (STT)
• Developed by VISA and Microsoft• Virtual internet credit card system• Includes card holder, merchant, card issuing bank,
acquiring bank, and a central authority• Uses “credentials” for authentication - similar to digital
certificates• A tree of trust is generated in the same structure as the
existing real-world credit card environment, where the central authority signs the credentials of the banks, and the banks sign the credentials of the merchant and customer
• Uses dual signatures, message digests, and public key cryptography
Root Key - R
Association Signature - A(Signed by R)
Acquirer Signature - AS(Signed by A)
Issuer Signature - IS(Signed by A)
Cardholder Signature(Signed by IS)
Cardholder Signature(Signed by IS)
Merchant Signature(Signed by AS)
Merchant Signature(Signed by AS)
Secure Electronic Payment Protocol (SEPP)
• Developed by Mastercard, IBM, Netscape, GTE and CyberCash
• All traditional participants are represented (card holder, card issuing bank, central authority, acquiring bank, and merchant)
• Uses existing infrastructure for clearing (STT uses internet for all communications)
• Certificates are issued directly to merchants and card holders from central authority, not by the banks
• Never implemented, as SST and SEPP were succeeded by a joint venture between VISA and MasterCard - SET