What is SET?
Visa and MasterCard have jointly developed the Secure Electronic Transaction (SET) protocol as a method for secure, cost effective bankcard transactions over open networks. SET includes protocols for purchasing goods and services electronically, requesting authorization of payment, and requesting ``credentials'' (that is, certificates) binding public keys to identities, among other services. Once SET is fully adopted, the necessary confidence in secure electronic transactions will be in place, allowing merchants and customers to partake in electronic commerce.
SET supports DES for bulk data encryption and RSA for signatures and public-key encryption of data encryption keys and bankcard numbers. The RSA public-key encryption employs Optimal Asymmetric Encryption Padding.
SET is being published as open specifications for the industry, which may be used by software vendors to develop applications. (RSA.com, 2009)
How does SET compare to SSL as a platform for secure electronic transaction?
"Netscape's Secure Sockets Layer, SSL, provides a secure channel between web clients and web servers ... this is an important point because unlike the standard Internet protocols, such as TCP/IP, SSL must be selectively employed by the web client (the person surfing)... SSL is a layered approach to providing a secure channel" - Richardson quotes from page 103 of Gnosh
(Richardson, 2001)
SET - Secure Electronic Transaction, in SET protocol there are 4 entities
- Cardholder
- Merchant
- Certificate Authority
- Payment gateway - "the role of the payment gateway is to connect the Internet and proprietary networks of banks"
According to Greenstein and Feinman (p. 297) "The initial version of SET protocol is considered to be a stronger security mechanism than other transmission protocols, such as SSL, because of SET's stronger authentification features". Greenstein and Feinman point out that SSL is good at providing confidentiality during the transmission of the data, but alone it does not authenticate either the sender or the receiver of the message. (Richardson, 2001)
Therefore, SSL is the way or protocol to transmit data in the secure channel but it does not offer authenication. SET is used mainly for secure authenication in transaction on the Internet (E-commerce)
Is SET in common use?
Yes, becuase SET is invented by VISA and MasterCard bodies in 1997, the transaction involving VISA & MasterCard will use SET.
Reference:
1. RSA.com (2009). "RSA Laboratories - 4.2.3 What is SET?". RSA Security, Retrieved from URL - http://www.rsa.com/rsalabs/node.asp?id=2287
2. Richardson W. Tim G. (2001). "MGTC50 - Section D". University of Toronto at Scarborough, Retrieved from URL - http://www.witiger.com/ecommerce/outlineMGTC50d.htm#SETSSL
No comments:
Post a Comment