1. Module 7 – SET SET predecessors iKP, STT, SEPP

2. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography, where i represents the number of parties who have public and private keys 1KP -Only messages sent to the acquirer are encrypted 2KP - Messages received by the seller are also encryted 3KP - All messages are encrypted Existing infrastructure handles clearing and settlement

3. Customer MerchantAcquirer Initiate Invoice Payment Auth-Request Auth-Response Confirm Goods and services

4. Secure Transaction Technology (STT) Developed by VISA and Microsoft Virtual internet credit card system Includes card holder, merchant, card issuing bank, acquiring bank, and a central authority Uses “credentials” for authentication - similar to digital certificates A tree of trust is generated in the same structure as the existing real-world credit card environment, where the central authority signs the credentials of the banks, and the banks sign the credentials of the merchant and customer Uses dual signatures, message digests, and public key cryptography

5. Root Key - R Association Signature - A (Signed by R) Acquirer Signature - AS (Signed by A) Issuer Signature - IS (Signed by A) Cardholder Signature (Signed by IS) Cardholder Signature (Signed by IS) Merchant Signature (Signed by AS) Merchant Signature (Signed by AS)

6. Secure Electronic Payment Protocol (SEPP) Developed by Mastercard, IBM, Netscape, GTE and CyberCash All traditional participants are represented (card holder, card issuing bank, central authority, acquiring bank, and merchant) Uses existing infrastructure for clearing (STT uses internet for all communications) Certificates are issued directly to merchants and card holders from central authority, not by the banks Never implemented, as SST and SEPP were succeeded by a joint venture between VISA and MasterCard - SET