Secure Electronic Transaction

Credit card transaction security.

- designed to provide secure credit card transactions over the internet
- developed by mastercard and Cvisa,, developed by IBM, michrosoft, netscape..
- Provides confidentiality of cardholder account and payment info
- integrity
- another probably authentication

SET Process:

cardholder --- (internet) --- merchant --- (internet) --- payment gateway
provide: OR, PR (order info, payment info)
merchant contacts payment gateway to get approval of payment info.
if approved: merchant gives cardholder the items

Dual signature: merchant should see order but not payment, pay gateway should see payment but not order.

- purpose is to link two messages that are intended for different recipients.

1. PI is hashed to get PIMD
2. OI is hashed to get OIMD
3. PIMD and OIMD concatenated then hashed again, to get POMD
4. POMD is encrypted with KC (customer private RSA key)
5. this results in dual signature.

Process:
1. Cardholder sends purchase request.
1) first piece is PI, second piece is Dual Signature, third part is OIMD. (concatenated)
2) This is encryped with KS (one-time symmetric key), which is encrypted with public kpubB (public key of BANK)
3) Packet sent: (PI+DUALSIG+OIMD) + (KS encrypted with KpubB) + (PIMD) + (OI) + (DUALSIG)
2. Packet received by merchant, merchant verifies customer purchase request
4) Merchant forwards first two blocks to the bank.
5) First, hash OI to get OIMD
6) Concat with PIMD and hash it. get POMD.
7) Decrypt Dual Sig with customers public key. gets a copy of POMD
8) check if they match to prove that the payment info is correct for this order.
3. Bank verifies payment request
9) Bank gets the first two boxes from merchant.
10) Decrypts the second box with its priivate key. KprivB
11) This gives temporary symmetric key Ks
12) use KS to open the first box.
13) in the box: PI + dualSig + OIMD
14) Decrypts dualsig and decrypts it with customers public key, get POMD
15) Hash PI to get PIMD. concat with OIMD and hash it to get another POMD
16) if they match it proves the correct order and payment info are there.

Index