SSL and SET are both security protocols for online transactions. [1] SSL establishes an encrypted link between a server and browser to securely transmit information. [2] It uses four protocols: the SSL record protocol divides and encrypts data; the handshake protocol establishes sessions in four phases; the change-cipher protocol switches the connection to encryption; and the alert protocol conveys warnings and errors. [3] SET is an open security specification designed for credit card transactions. It ensures security, confidentiality and uses digital certificates to authenticate participants like cardholders, issuers, merchants and acquirers.
SSL and SET are both security protocols for online transactions. [1] SSL establishes an encrypted link between a server and browser to securely transmit information. [2] It uses four protocols: the SSL record protocol divides and encrypts data; the handshake protocol establishes sessions in four phases; the change-cipher protocol switches the connection to encryption; and the alert protocol conveys warnings and errors. [3] SET is an open security specification designed for credit card transactions. It ensures security, confidentiality and uses digital certificates to authenticate participants like cardholders, issuers, merchants and acquirers.
SSL and SET are both security protocols for online transactions. [1] SSL establishes an encrypted link between a server and browser to securely transmit information. [2] It uses four protocols: the SSL record protocol divides and encrypts data; the handshake protocol establishes sessions in four phases; the change-cipher protocol switches the connection to encryption; and the alert protocol conveys warnings and errors. [3] SET is an open security specification designed for credit card transactions. It ensures security, confidentiality and uses digital certificates to authenticate participants like cardholders, issuers, merchants and acquirers.
Secure Socket Layer (SSL) is that the normal security
technology for establishing associate encrypted link between an internet server and a browser.
This link ensures that each one knowledge passed
between the online server and browsers stay personal and integral. Secure Socket Layer Protocols
SSL record protocol
Handshake protocol Change-cipher spec protocol Alert protocol SSL Record Protocol
SSL Record provides two services to SSL
connection. Confidentiality Message Integrity In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then encrypted MAC generated by algorithms like SHA is appended. After that encryption of the data is done and in last SSL header is appended to the data. Handshake Protocol
Handshake Protocol is used to establish sessions.
Handshake protocol uses four phases to complete its cycle. Phase-1: In Phase-1 both Client and Server send hello- packets to each other. Phase-2: Server sends his certificate and Server-key- exchange. Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key. Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends. Change-cipher Protocol
This protocol uses the SSL record protocol. Unless
Handshake Protocol is completed, the SSL record Output will be in a pending state. After handshake protocol, the Pending state is converted into the current state. Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state. Alert Protocol
This protocol is used to convey SSL-related alerts to
the peer entity. Each message in this protocol contain 2 bytes. The level is further classified into two parts: Warning: This Alert has no impact on the connection between sender and receiver.
Fatal Error: This Alert breaks the connection between sender and receiver. SET
SET is an open encryption and security specification
designed to protect credit card transactions on the internet. set is in effect a set of protocols for ensuring security and confedentiality. SET is a relatively new standard. It was first used in feb 1996 and was proposed by visa and matercard. Participants in SET
In the general scenario of online transactions, SET
includes similar participants:
Cardholder – customer Issuer – customer financial institution Merchant Acquirer – Merchant financial Certificate authority – Authority that follows certain standards and issues certificates(like X.509V3) to all other participants. Advantages of SET
Privacy- uses 1024 bits public key cryptography
which renders the intercepted message unreadable. integrity-hashing and signing ensures message sent is unaltered. authentication-ises digital certificates to ensures the parties are really who they claim to be. SSL v/s SET