Secure Electronic Transaction

Q. What type of transaction are supported by secure Electronic

transactions ? Describe any three in details

Q. What are various Electronic commerce components ?

Q. What is SET ?

i. Explain key-features and participants

ii. Briefly describe the sequence of events that are required

for transaction.
 Secure Electronic Transactions

• An open encryption and security specification.

• Protect credit card transaction on the Internet.

• Companies involved in developing :

– MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign

• Not itself a payment system.

• Set of security protocols and formats.

• which enables user to use existing credit card payment infrastructure on an
open network.

2
 SET Services

Services:
• Provides a secure communication channel in a transaction.
• Provides trust by the use of X.509v3 digital certificates.

• Ensures privacy, i.e. Information is only available when are where needed.

3
 SET Overview

• For meeting requirements, SET consist of various Key Features:

– Confidentiality of information : DES is used for providing

confidentiality, main aspect that it prevents merchant from learning
credit cardholder’s card number
– Integrity of data : Payment information sent from cardholder to
merchant includes order information, personal data, payment
instruction. SET guarantees that contents not get altered in transit
• use RSA digital signature and SHA for message integrity.
• Sometime uses HMAC also.

4
 SET Overview

– Cardholder account authentication : Enables merchant to verify

authenticity of cardholder and also to verify the valid card number,
uses X.509 digital certificate with RSA signature.
– Merchant authentication : Also allows cardholder to verify the
merchant by looking towards the relationship with the financial
institution to accept payment cards, again uses X.509 digital
certificates with RSA signatures.

5
SET Participants

6
 Sequence of events for transactions
1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant request payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments.

7
 Dual Signature
• Purpose of the dual signature is to link two messages that are
intended for two different recipients.
• If customer wants to send order information (OI) to Merchant
and Payment Information (PI) to bank.
• Merchant does not need to know customer’s credit card
number, and the bank does not need to know the details of the
customer order.
• customer is provided with extra protection in terms of privacy.
• By keeping these two items separate.
• Link is needed here to prove that this payment is intended for
this order and not for some other goods or services.
Dual Signature
DS  E KRc [ H ( H ( PI ) || H(OI))]

9
 Payment processing

Cardholder sends Purchase Request

10
 Payment processing

Merchant Verifies Customer Purchase Request

11
 Payment processing
• Payment Authorization:
– Authorization Request
– Authorization Response
• Payment Capture:
– Capture Request
– Capture Response

12