Secure Electronic Transaction
Secure Electronic Transaction (SET ) is a security protocol for electronic payments with credit cards, in particular over the Internet.
The security of the SET based on the use of digital signatures and encryption of the transmitted data with asymmetric and symmetric encryption algorithms. A special feature of SET is the use of dual signatures in order to preserve and to protect the privacy of the privacy of the user.
Principle
In a SET scenario there are various participants: Customers who are in possession of credit cards, banks and credit card companies of the customers, dealers, who offer their products for online purchase, the banks, the dealer as well as a payment gateway, which serves as an interface between the traders and the merchant's bank serves. If now a shopping handled a customer from a dealer via the SET, then the parties authenticate each other using certificates. The data for the purchase (order, payment, etc.) is encrypted so that only the user can read the information for which it is intended (for example, receives the customer's bank, no information about the purchased product, only the price). With ( dual ) signatures can the authenticity and integrity of messages detected.
Techniques
- PKIs and X.509 certificates for authentication and key
- SHA -1 as a hash function
- DES as the symmetric encryption function
- RSA as asymmetric encryption function
Dual signature
The aim of the dual signature is as with standard digital signature to ensure the authenticity and integrity of the data. In the dual signature is also paid to the need- to- know principle, if the message is for two ( or more ) is intended parties. For this purpose, the parts of the message are encrypted so that they can be decrypted only by the intended recipient Party. So that the signature is now over the (plain ) text is valid, the hash value of the attached individual message portions to be signed. To allow recipients to verify the dual signature, the hash value of the unknown message part is added to its encrypted part.
Default formula:
Message = Part1 | Part2 h1 = SHA -1 ( Part 1) h2 = SHA -1 ( part 2) Duale_Signatur = SHA -1 ( h1 | h2) Receiver 1 is replaced by: Msg1 = DES (Part 1 | h2) | Stands for concatenation SHA-1 hash function as an example DES encryption as an example Pros and Cons
SET offers, in comparison to the normally in real world Internet -based credit card payment, many advantages. The integrity and confidentiality of the transactions are guaranteed by signatures and encryption. The liability ( non-repudiation ) of the transaction is given by the certificates and signatures, as well as the assurance that all participants are authentic. Another advantage is a data protection compliance with the need- to- know principle using the dual signatures. However, the definition of the encryption method used must be seen as problematic. DES is now considered no longer safe enough and should not be used for encryption of confidential data. Furthermore, the complexity of the process an obstacle to its implementation is certainly ( the standard includes 900 pages). It is also questionable whether the necessary construction of a whole Public - Key Infrastructure for banks, retailers and customers will find acceptance.