21 Apr 2009

Q1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.

Exercise 12: Designing for a secure framework

Q1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.

Answer:

Visa and MasterCard have jointly developed the Secure Electronic Transaction (SET) protocol as a method for secure, cost effective bankcard transactions over open networks. SET includes protocols for purchasing goods and services electronically, requesting authorization of payment, and requesting ``credentials'' (that is, certificates) binding public keys to identities, among other services. Once SET is fully adopted, the necessary confidence in secure electronic transactions will be in place, allowing merchants and customers to partake in electronic commerce.
SET supports DES for bulk data encryption and RSA for signatures and public-key encryption of data encryption keys and bankcard numbers. The RSA public-key encryption employs Optimal Asymmetric Encryption Padding.
SET is being published as open specifications for the industry, which may be used by software vendors to develop applications. (RSA.com, 2009)

Estioko (2007) states RAS is a famous variant of public key cryptography invented by cryptographers Ron Rivest, Adi Shamir, and Ron Adelman at MIT. RSA has become widely accepted, for example,
  • Integrates with Netscape and Internet Explorer browsers
  • More than 20,000,000 users worldwide
  • Part of S/MIME for secure email (e.g., Outlook Express, Lotus Notes, etc.) where S/MIME is Secure / Multiple Internet Mail Extensions – provide cryptographic security services for electronic messaging applications (authentication, message integrity, and nonrepudiation using digital signatures and privacy and data security using encryption).
RSA is an algorithm for public-key encryption. RSA 128-bits means highest level of encryption offering stronger security while the Personal Data like VISA card number, ID... etc is being passing through the Internet. The use of RSA 128-bit encryption for e-commerce is ...
  1. Providing secure transaction for Online Transaction to protect personal data. The example is http://www.flyingbean.com/?page=shop/help
  2. Secure File Transfer. The example is http://www.sylvansoftware.com/dropchutepro.htm
  3. Secure Application Server/Service. The example is http://www.information-management.com/news/1022600-1.html

Reference:

1. RSA.com (2009). "RSA Laboratories - 4.2.3 What is SET?". RSA Security, Retrieved from URL - http://www.rsa.com/rsalabs/node.asp?id=2287
2. Estioki Juan B (2007). "Introduction to E-commerce Security Risk". Association of Certified Fraud Examiners at National Computer Institute, Retrieved from URL - http://miss.dswd.gov.ph/dmdocuments/cobit-IT%20audit/Day%202-3%20JEstioko/Introduction%20to%20eCommerce%20Security%20Risk%20%5BRead-Only%5D.pdf
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)