Secure Electronic Transaction (SET) Protocol

 

Secure Electronic Transaction (SET) Protocol

  • Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards. 
  • SET is not a system that enables payment but it is a security protocol applied on those payments. 
  • It uses different encryption and hashing techniques to secure payments over the internet done through credit cards. 
  • SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT) and NetScape which provided the technology of Secure Socket Layer (SSL).
  • SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay. 
  • The SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.

Requirements in SET 


SET protocol has to meet some requirements such as,

  • It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.
  • It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
  • It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted. (integrity)
  • SET also needs to provide interoperability (the ability of computer systems or software to exchange and make use of information) and make use of the best security mechanisms.

Participants in SET 


In the general scenario of online transaction, SET includes similar participants:

  1. Cardholder – customer
  2. Issuer – customer financial institution
  3. Merchant
  4. Acquirer – Merchant financial institution
  5. Certificate authority – Authority which follows certain standards and issues certificates (like X.509V3) to all other participants.

Key Features

  • Provide Authentication
    • Merchant Authentication – SET allows customers to check previous relationships between merchants and financial institutions to prevent theft. Standard X.509V3 certificates are used for this verification.
    • Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user or not, using X.509V3 certificates.

  • Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purposes.

  • Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1

Working Of SET



Dual Signature 


The dual signature is a concept introduced with SET, which aims at connecting two information pieces meant for two different receivers :
  • Order Information (OI) for merchant
  • Payment Information (PI) for bank
The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order but sending them in a connected form resolves any possible disputes in the future.

Generation of Dual Signature


Explain the advantage of dual signature in SET.

  • The message digest (MD) of the OI and the PI are independently calculated by the customer. 
  • These are concatenated and another MD is calculated from this. 
  • Finally, the dual signature is created by encrypting the MD with the customer's secret key. 
  • The dual signature is sent to both the merchant and the bank. 
  • The protocol arranges for the merchant to see the MD of the PI without seeing the PI itself, and the bank sees the MD of the OI but not the OI itself. 
  • The dual signature can be verified using the MD of the OI or PI, without requiring either the OI or PI. 
  • Privacy is preserved as the MD can't be reversed, which would reveal the contents of the OI or PI.

Strength Of SET Protocol

  • Secure enough to protect the user's credit card numbers and personal information from attacks 
  • Hardware independent
  • Worldwide usage
  • Confidentiality of information
  • Integrity of data
  • Authentication of customer & merchant account 

Weakness of SET Protocol

  • User must have credit card
  • It is not cost-effective when the payment is small
  • None of the anonymity and it is traceable
  • Network effect - need to install client software (an e-wallet)
  • Cost and complexity for merchants to offer support, contrasted with the comparatively low cost and simplicity of the existing SSL based alternative



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Monk and Inversions

using System; public class Solution { public static void Main () { int T = Convert . ToInt32 ( Console . ReadLine...

  • Important Questions: Information Security
      1. What is brute force attack? A brute force attack is a trial-and-error method used to obtain information such as a user password or pe...
  • Software Life Cycle
      The software life cycle is a process that consists of a series of planned activities to develop or alter the Software Products. lt s use...