Transport Layer Security (TLS)
Transport Layer Security (TLS)
Cardholder – customer
Issuer – customer financial institution
Merchant
Acquirer – Merchant financial
Certificate authority – Authority that follows certain standards and
issues certificates(like X.509V3) to all other participants.
SET functionalities :
Provide Authentication
Merchant Authentication – To prevent theft, SET allows customers to
check previous relationships between merchants and financial
institutions. Standard X.509V3 certificates are used for this verification.
Customer / Cardholder Authentication – SET checks if the use of a
credit card is done by an authorized user or not using X.509V3
certificates.
Provide Message Confidentiality: Implements confidentiality by using
encryption techniques. Traditionally DES is used for encryption purposes.
Provide Message Integrity: SET doesn’t allow message modification with
the help of signatures. Messages are protected against unauthorized
modification using RSA digital signatures with SHA-1 and some using
HMAC with SHA-1
Dual Signature :
The dual signature is a concept introduced with SET, which aims at
connecting two information pieces meant for two different receivers :
Where,
PI stands for payment information
OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption KPc is customer's private key
|| stands for append operation Dual signature,
DS= E(KPc, [H(H(PI)||H(OI))])
Purchase Request Generation :
The process of purchase request generation requires three
inputs:
1. Payment Information (PI)
2. Dual Signature
3. Order Information Message Digest (OIMD)
Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)