Secure Electronic Transaction (SET) University of Windsor

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Cryptography and Network Security Chapter 17
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chapter 8 Web Security.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Supporting Technologies III: Security 11/16 Lecture Notes.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Figure 15.1 Conventional Cryptography
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
April 20023CSG11 Electronic Commerce Payment systems John Wordsworth Department of Computer Science The University of Reading
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
or call for office visit, or call Kathy Cheek,
Chapter 7 - Secure Socket Layer (SSL)
Security Outline Encryption Algorithms Authentication Protocols
Cryptography and Network Security
Computer Communication & Networks
Secure Sockets Layer (SSL)
Information Security message M one-way hash fingerprint f = H(M)
Secure Electronic Transaction
Uses Uses of cryptography Lab today on RSA
Basic Network Encryption
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Cryptography and Network Security
Message Security, User Authentication, and Key Management
Cryptography and Network Security
Information Security message M one-way hash fingerprint f = H(M)
Digital Certificates and X.509
The Secure Sockets Layer (SSL) Protocol
Chapter 4 Cryptography / Encryption
Secure Electronic Transactions (SET)
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Basic Network Encryption
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Secure Electronic Transaction (SET) University of Windsor Shervin Erfani Electrical and Computer Engineering Department University of Windsor December 2003 Reference: Chapter 7 of the Text, pp. 234-247 December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor Overview of SET What is SET Protocol? What is the Goal of SET? How does it work? What does SET provide? December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor SET Protocol The current version, SETv1, is a set of security protocol and formats to establish credit card transactions on the Internet. Provides a secure communication channel among all parties involved in an E-commerce transaction Provides trust by the use of X.509v3 digital certificates Ensures privacy December 2, 2003 ECE Dept. – University of Windsor

Secure Electronic Commerce Component December 2, 2003 ECE Dept. – University of Windsor

Participants in the SET System CARDHOLDER – Consumers and corporate purchasers using the Internet to Merchants MERCHANT – An organization that offers goods or services over the Internet ISSUER – A financial institution or bank providing the cardholder with the payment card ACQUIRER – A financial institution that processes payment card authorizations and payments on behalf of the merchant PAYMENT GATEWAT – A security interface function to process merchant payment messages for the Acquirer CERTIFICATION AUTHORITY (CA) – A trusted entity 3rd party issuing X.509v3 public-key certificates for cardholder, merchants, and payment gateways. December 2, 2003 ECE Dept. – University of Windsor

SET Encryption Overview December 2, 2003 ECE Dept. – University of Windsor

SET Encryption Process Sender’s Functions Step 1 – Alice generate MD of the plaintext, using a one-way hash  Data Integrity Step 2 – Alice encrypts the generated MD using her private key  Digital Signature Step 3 – Alice encrypts the plaintext, MD, and her certificate, using a generated session key (i.e., the hypertext)  Privacy Step 4 – Alice encrypts her generated symmetric session key with Bob’s public key ( i.e., a Digital Envelope)  Confidentiality Step 5 – Alice sends the hypertext along with the Digital Envelope to Bob December 2, 2003 ECE Dept. – University of Windsor

SET Encryption Process (Cont.) Receiver’s Functions Step 6 – Receiving Alice’s message, Bob decrypts the Digital Envelope, using his private key to retrieve the session key  Decrypt Digital Envelope Step 7 – Bob decrypts the decrypted message using the session key  Decryption Step 8 – Bob decrypts the digital signature, using Alice’s public key  Recover the MD Step 9 – Bob runs the plaintext through the same one-way hash to produce a new MD for the received plaintext  Integrity Check Step 10 – Bob compares the generated MD with the received MD for Integrity Check; otherwise, he discards the message and notifies Alice  ACk or NAK December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor Certificate Issuance SET certificates are verified through a hierarchy of trust. The public signature key of the root is known to all SET participants. The root key will be distributed in a self-signed certificate. A party can confirm its valid root key by sending an initiate request to the CA that has the root key. A replacement key for the root key is stored securely until it is needed. December 2, 2003 ECE Dept. – University of Windsor

SET Payment Processing SET defines a variety of transaction protocols to securely conduct E-Commerce: Cardholder Registration Merchant Registration Purchase Request Payment Authorization Payment Capture December 2, 2003 ECE Dept. – University of Windsor

Cardholder Registration December 2, 2003 ECE Dept. – University of Windsor

Merchant Registration December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor Purchase Request December 2, 2003 ECE Dept. – University of Windsor

Payment Authorization December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor Payment Capture December 2, 2003 ECE Dept. – University of Windsor

ECE Dept. – University of Windsor What Does SET Provide? Confidentiality of Information: Conventional encryption such as DES is used for passing Cardholder account and payment information. Integrity of Data: RSA digital signature using SHA-1 hash codes are used. Cardholder Account Authentication: using X.509v3 digital certificates with RSA signatures. Merchant Authentication: SET uses X.509v3 digital certificates with RSA signatures December 2, 2003 ECE Dept. – University of Windsor

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.