Module 7

1
Module 7 SET

• SET predecessors
• iKP, STT, SEPP

2
iKP

• Developed by IBM
• Three parties are involved - Customer, Merchant,
  and Acquirer
• Uses public key cryptography, where i represents
  the number of parties who have public and private
  keys
• 1KP -Only messages sent to the acquirer are
  encrypted
• 2KP - Messages received by the seller are also
  encryted
• 3KP - All messages are encrypted
• Existing infrastructure handles clearing and
  settlement

3
Customer
Merchant
Acquirer
Initiate
Invoice
Payment
Auth-Request
Auth-Response
Confirm
Goods and services
4
Secure Transaction Technology (STT)

• Developed by VISA and Microsoft
• Virtual internet credit card system
• Includes card holder, merchant, card issuing
  bank, acquiring bank, and a central authority
• Uses credentials for authentication - similar
  to digital certificates
• A tree of trust is generated in the same
  structure as the existing real-world credit card
  environment, where the central authority signs
  the credentials of the banks, and the banks sign
  the credentials of the merchant and customer
• Uses dual signatures, message digests, and public
  key cryptography

5
Root Key - R
Association Signature - A (Signed by R)
Acquirer Signature - AS (Signed by A)
Issuer Signature - IS (Signed by A)
Cardholder Signature (Signed by IS)
Cardholder Signature (Signed by IS)
Merchant Signature (Signed by AS)
Merchant Signature (Signed by AS)
6
Secure Electronic Payment Protocol (SEPP)

• Developed by Mastercard, IBM, Netscape, GTE and
  CyberCash
• All traditional participants are represented
  (card holder, card issuing bank, central
  authority, acquiring bank, and merchant)
• Uses existing infrastructure for clearing (STT
  uses internet for all communications)
• Certificates are issued directly to merchants and
  card holders from central authority, not by the
  banks
• Never implemented, as SST and SEPP were succeeded
  by a joint venture between VISA and MasterCard -
  SET