Register your product to gain access to bonus material or receive a coupon.
9971E-5
Build and implement secure SET E-commerce payment systems-now!
The SET protocol supercharges E-commerce by providing a standard, secure way to handle credit card transactions online. It represents the first vendor-neutral Internet security solution that delivers authentication, privacy and data integrity, all in one neat package. Using SET for Secure Electronic Commerce is the first book that shows developers and merchants all they need to know to start profiting from SET. It reviews the entire protocol, and every aspect of a SET transaction, from start to finish-with practical examples. Coverage includes:
Using SET for Secure Electronic Commerce offers a practical roadmap for implementing your own SET applications and an up-to-date guide to the SET vendors and standards you'll need to do so. For thousands of online merchants, SET isn't just smart technology: it's smart business. Now's the time to get started-and this is the book.
Click here for a sample chapter for this book: 0130997153.pdf
Chapter 1: Introduction to SET.
Chapter Roadmap. SET Basics. Electronic Commerce. Announcement of SET. The Participants. Electronic Shopping vs. Traditional Shopping. Shopping With SET. SET Purchase Transaction. Interoperability. Interoperability Testing. SET Messages. Message Wrapper. Abstract Syntax Notation One (ASN.1) - Message Content. Distinguished Encoding Rules-Message Encoding. Object Identifiers. SET Error Processing.
Chapter Roadmap. SET Software. The Wallet. How the Wallet Works. The Wallet's Core Functionality. Existing Wallets. The Merchant Server (POS). How The Merchant Server Works. The Merchant Server's Core Functionality. Existing Merchant Servers. The Certificate Authority. How The Certificate Authority Works. The Certificate Authority's Core Functionality. Existing Certificate Authorities. The Payment Gateway. The Gateway's Core Functionality. Existing Gateways.
Chapter Roadmap. Important Terms. Encryption/Decryption Explained. Signing/Verification Explained. Who Performs the Actions?. Secret-Key Cryptography. Data Encryption Standard. Public-Key Cryptography. Encryption Key Pair. Signature Key Pair. Public-Key Cryptography Standards. OAEP. RSA. Signature and Encryption Keys in RSA. Security of RSA. Secure Hash Algorithm 1. Why Use a Combination of RSA and DES? Elliptic Curve Cryptography. SET's Signing and Encryption Process. Message Digest. Digital Signatures. Dual Signatures. Signed Message. Digital Envelopes. Encryption Process Overview.
Chapter Roadmap. What Is a Certificate? Certificate Management Architecture. Root Certificate Authority (RCA). Brand Certificate Authority (BCA). Geo-Political Certificate Authority (GCA). Cardholder Certificate Authority (CCA). Merchant Certificate Authority (MCA). Payment Gateway Certificate Authority (PCA). Cardholder Certificates. Merchant Certificates. Hierarchy of Trust. Certificate Validation. Types of Certificates. Certificate Revocation Lists. CRL Format. CRL Distribution. Brand CRL Identifier. BCI Format. BCI Distribution. End Entity Certificate Cancellation/Revocation. Cardholder Certificate Cancellation. Merchant Certificate Cancellation. Payment Gateway Certificate Revocation. Certificate Format. X.509 Certificates. Cardholder Certificates. Merchant Certificates. Payment Gateway Certificates. Cardholder Certificate Authority (CCA) Certificates. Geo-Political Certificate Authority (GCA) Certificates. Brand Certificate Authority (BCA) Certificates. Root Certificate Authority (RCA) Certificates. Thumbprints. Issuing Certificates. Certificate Request Types. Initial Root Certificate Generation and Distribution. Issuing Certificate Authority Certificates. Issuing End Entity Certificates. Message Wrappers. Certificate Inquiry.
Chapter Roadmap. Common Business Scenarios. Authorize Now and Capture Later. Authorize and Capture Now. Authorize Now and Capture Later With Partial Reversal. Split Shipments. Installment or Recurring Payments. A Typical SET Purchase Transaction. Message Wrappers. Purchase Initialization Request/Response Messages (Optional). PInitReq. PInitRes. Purchase Order Request/Response Messages. Order Instruction (OI). Payment Instruction (PI). PReq. PRes. Cardholders without Certificates. Inquiry Request/Response Messages (Optional). InqReq. InqRes. Authorization Request/Response Messages. Split Shipments. AuthReq. Referral Processing. AuthRes. Authorization Reversal Request/Response (Optional). AuthRevReq. AuthRevRes. Capture Request/Response Messages (Optional). CapToken. CapReq. CapRes. Capture Reversal Request/Response and Credit. Request/Response Data. CapRevOrCredReqData. CapRevOrCredResData. Capture Reversal Request/Response Messages (Optional). CapRevReq. CapRevRes. Credit Request/Response (Optional). CredReq. CredRes. Credit Reversal Request/Response (Optional). CredRevReq. CredRevRes. Transaction Phases and Reversals. Batch Administration. Batch Administration Request Message. BatchAdminRes. Payment Gateway Certificate Request/Response. PCertReq. PCertRes.
Chapter Roadmap. SET Debit Architecture. Private Environments. Public Environments. Personal Identification Number-Based (PIN) Debit. PIN Entry and Encryption. How PIN-Based Debit Works. Integrated Circuit Cards (Smart Cards) and Security Tokens. Integrated Circuit Cards Explained. ICC Proposed Architecture. Example ICC Transaction. Algorithm Independence. Elliptic Curve Enabled Secure Electronic Transactions (ECSET). Elliptic Curves Explained. Elliptic Curve Digital Signature Algorithm. Security of ECC. ECSET Pilots. Japanese Payment Options (JPO). Payment Modes. JPO Mode Parameters. SET 2.0 Proposed Additions. Functionality Enhancements. Encryption Alternatives. Certificate Enhancements. Order Enhancements. Payment Enhancements. Transaction Processing Enhancements.
Chapter Roadmap. What is SETCo?. Membership in SETCo. SETCo Advisors Panels. The SETMark. Licensing the SETMark. SET Compliance Testing. SET Compliance Testing Enrollment. Compliance Testing. Tested Components. SET Checklist. SET Tests. Vendor Status Matrix. Tenth Mountain Systems, Inc.
Audience
This book is intended for merchants who are planning to use SET for providing a secure method for conducting business over the Internet, and the programmers/system administrators who are responsible for SET's implementation and administration. Not all of the book's chapters will be equally applicable to all readers, but each chapter has something for everyone.
As a merchant you need to know how SET can contribute to your business and how it works within your existing infrastructure. SET is not just a smart technology, but it also makes business sense. Each chapter addresses issues that need to be explored before making a business decision to adopt SET for an electronic commerce solution.
As someone implementing SET, you need to understand how SET works, and how it works together with your existing technology. Each chapter explores the technical aspects of the SET protocol and how all of the pieces work together to conduct a safe end-to-end transaction.
Organization
The organization of this book is designed so that you can read and build your knowledge from chapter to chapter. Each chapter's content is fairly dependent on the knowledge presented in previous chapters; however, if you are fairly confident you know the basics, skipping ahead to other subjects isn't unreasonable. The appendices reference, and are places to turn for, additional information not covered in-depth in the regular chapters of this book.
Basic Material
The following basic material is included in this book. This material is designed to give you a basic understanding of the SET protocol.
Table 0-1: Conventions Used in this Manual | ||||
Convention | Definition | |||
bold | Bold text brings attention to differences in content. For example: aeiou and abcdu. | |||
bold italic | Bold italic text denotes a note, caution, or warning. For example: Caution: Paying attention to Greek philosophers can make you question authority. | |||
italics | Italics draw attention to a new word or concept to which you should pay attention to. For example: Encryption is performed using the sender's private key. | |||
courier | Courier font shows the output of a computer performed operation - either in memory or output to a screen. For example: The message's digest would be nvzkdoek33. | |||
< > | Angle brackets enclose names of keys on the keyboard. For example: < shift >. |
About the Author
Grady Drew is a former technical writer for GlobeSet, Inc., a company based in Austin, TX providing SET software solutions. After earning a B.A. in English from Michigan State University, Grady joined the GlobeSet team in May of 1996. Grady is the founding member of the GlobeSet publications department. In addition to being a writer, Grady has extensive system administration and programming experience - as well as teaching experience gained by a teaching assistantship for the Computer Science department of Michigan State University. When not working, he enjoys marathon running, writing, reading, scuba diving, hockey, and fly fishing. He can best be reached via e-mail at gdrew@voyager.net.
Acknowledgments
I wish to thank the employees of GlobeSet, Inc. for their help and support throughout the course of writing this book. Without their help, there would be no book. Thanks everyone.
Further Reading
The following books and articles contain information that is invaluable to understanding the SET protocol and electronic commerce.