Module 7 – SET

• SET predecessors• iKP, STT, SEPP

iKP

• Developed by IBM

• Three parties are involved - Customer, Merchant, and Acquirer

• Uses public key cryptography, where i represents the number of parties who have public and private keys

• 1KP -Only messages sent to the acquirer are encrypted

• 2KP - Messages received by the seller are also encryted

• 3KP - All messages are encrypted

• Existing infrastructure handles clearing and settlement

Customer Merchant Acquirer

Initiate

Invoice

PaymentAuth-Request

Auth-Response

Confirm

Goods and services

Secure Transaction Technology (STT)

• Developed by VISA and Microsoft• Virtual internet credit card system• Includes card holder, merchant, card issuing bank,

acquiring bank, and a central authority• Uses “credentials” for authentication - similar to digital

certificates• A tree of trust is generated in the same structure as the

existing real-world credit card environment, where the central authority signs the credentials of the banks, and the banks sign the credentials of the merchant and customer

• Uses dual signatures, message digests, and public key cryptography

Root Key - R

Association Signature - A(Signed by R)

Acquirer Signature - AS(Signed by A)

Issuer Signature - IS(Signed by A)

Cardholder Signature(Signed by IS)

Cardholder Signature(Signed by IS)

Merchant Signature(Signed by AS)

Merchant Signature(Signed by AS)

Secure Electronic Payment Protocol (SEPP)

• Developed by Mastercard, IBM, Netscape, GTE and CyberCash

• All traditional participants are represented (card holder, card issuing bank, central authority, acquiring bank, and merchant)

• Uses existing infrastructure for clearing (STT uses internet for all communications)

• Certificates are issued directly to merchants and card holders from central authority, not by the banks

• Never implemented, as SST and SEPP were succeeded by a joint venture between VISA and MasterCard - SET