Using SET for Secure Electronic Commerce

Description

• Copyright 1999
• Edition: 1st

• Book
• ISBN-10: 0-13-099715-3
• ISBN-13: 978-0-13-099715-9

9971E-5

Build and implement secure SET E-commerce payment systems-now!

The SET protocol supercharges E-commerce by providing a standard, secure way to handle credit card transactions online. It represents the first vendor-neutral Internet security solution that delivers authentication, privacy and data integrity, all in one neat package. Using SET for Secure Electronic Commerce is the first book that shows developers and merchants all they need to know to start profiting from SET. It reviews the entire protocol, and every aspect of a SET transaction, from start to finish-with practical examples. Coverage includes:

• Wallets, merchant servers and other SET software components
• Encryption and cryptographic techniques
• Certificates, the certification process and how SET handles trust and authentication
• SET payment messaging scenarios, including payment messaging between cardholder and merchant, and payment gateways
• Advanced protocol extensions, including the SET debit architecture, smart cards, Japanese Payment Options and PIN-based solutions

Using SET for Secure Electronic Commerce offers a practical roadmap for implementing your own SET applications and an up-to-date guide to the SET vendors and standards you'll need to do so. For thousands of online merchants, SET isn't just smart technology: it's smart business. Now's the time to get started-and this is the book.



Sample Content

Downloadable Sample Chapter

Click here for a sample chapter for this book: 0130997153.pdf

Table of Contents

Chapter 1: Introduction to SET.

Chapter Roadmap. SET Basics. Electronic Commerce. Announcement of SET. The Participants. Electronic Shopping vs. Traditional Shopping. Shopping With SET. SET Purchase Transaction. Interoperability. Interoperability Testing. SET Messages. Message Wrapper. Abstract Syntax Notation One (ASN.1) - Message Content. Distinguished Encoding Rules-Message Encoding. Object Identifiers. SET Error Processing.

Chapter 2: Software Components.

Chapter Roadmap. SET Software. The Wallet. How the Wallet Works. The Wallet's Core Functionality. Existing Wallets. The Merchant Server (POS). How The Merchant Server Works. The Merchant Server's Core Functionality. Existing Merchant Servers. The Certificate Authority. How The Certificate Authority Works. The Certificate Authority's Core Functionality. Existing Certificate Authorities. The Payment Gateway. The Gateway's Core Functionality. Existing Gateways.

Chapter 3: Encryption and Cryptography.

Chapter Roadmap. Important Terms. Encryption/Decryption Explained. Signing/Verification Explained. Who Performs the Actions?. Secret-Key Cryptography. Data Encryption Standard. Public-Key Cryptography. Encryption Key Pair. Signature Key Pair. Public-Key Cryptography Standards. OAEP. RSA. Signature and Encryption Keys in RSA. Security of RSA. Secure Hash Algorithm 1. Why Use a Combination of RSA and DES? Elliptic Curve Cryptography. SET's Signing and Encryption Process. Message Digest. Digital Signatures. Dual Signatures. Signed Message. Digital Envelopes. Encryption Process Overview.

Chapter 4: Certificates and Certification.

Chapter Roadmap. What Is a Certificate? Certificate Management Architecture. Root Certificate Authority (RCA). Brand Certificate Authority (BCA). Geo-Political Certificate Authority (GCA). Cardholder Certificate Authority (CCA). Merchant Certificate Authority (MCA). Payment Gateway Certificate Authority (PCA). Cardholder Certificates. Merchant Certificates. Hierarchy of Trust. Certificate Validation. Types of Certificates. Certificate Revocation Lists. CRL Format. CRL Distribution. Brand CRL Identifier. BCI Format. BCI Distribution. End Entity Certificate Cancellation/Revocation. Cardholder Certificate Cancellation. Merchant Certificate Cancellation. Payment Gateway Certificate Revocation. Certificate Format. X.509 Certificates. Cardholder Certificates. Merchant Certificates. Payment Gateway Certificates. Cardholder Certificate Authority (CCA) Certificates. Geo-Political Certificate Authority (GCA) Certificates. Brand Certificate Authority (BCA) Certificates. Root Certificate Authority (RCA) Certificates. Thumbprints. Issuing Certificates. Certificate Request Types. Initial Root Certificate Generation and Distribution. Issuing Certificate Authority Certificates. Issuing End Entity Certificates. Message Wrappers. Certificate Inquiry.

Chapter 5: SET Payment Messaging.

Chapter Roadmap. Common Business Scenarios. Authorize Now and Capture Later. Authorize and Capture Now. Authorize Now and Capture Later With Partial Reversal. Split Shipments. Installment or Recurring Payments. A Typical SET Purchase Transaction. Message Wrappers. Purchase Initialization Request/Response Messages (Optional). PInitReq. PInitRes. Purchase Order Request/Response Messages. Order Instruction (OI). Payment Instruction (PI). PReq. PRes. Cardholders without Certificates. Inquiry Request/Response Messages (Optional). InqReq. InqRes. Authorization Request/Response Messages. Split Shipments. AuthReq. Referral Processing. AuthRes. Authorization Reversal Request/Response (Optional). AuthRevReq. AuthRevRes. Capture Request/Response Messages (Optional). CapToken. CapReq. CapRes. Capture Reversal Request/Response and Credit. Request/Response Data. CapRevOrCredReqData. CapRevOrCredResData. Capture Reversal Request/Response Messages (Optional). CapRevReq. CapRevRes. Credit Request/Response (Optional). CredReq. CredRes. Credit Reversal Request/Response (Optional). CredRevReq. CredRevRes. Transaction Phases and Reversals. Batch Administration. Batch Administration Request Message. BatchAdminRes. Payment Gateway Certificate Request/Response. PCertReq. PCertRes.

Chapter 6: SET Protocol Extensions and Additions.

Chapter Roadmap. SET Debit Architecture. Private Environments. Public Environments. Personal Identification Number-Based (PIN) Debit. PIN Entry and Encryption. How PIN-Based Debit Works. Integrated Circuit Cards (Smart Cards) and Security Tokens. Integrated Circuit Cards Explained. ICC Proposed Architecture. Example ICC Transaction. Algorithm Independence. Elliptic Curve Enabled Secure Electronic Transactions (ECSET). Elliptic Curves Explained. Elliptic Curve Digital Signature Algorithm. Security of ECC. ECSET Pilots. Japanese Payment Options (JPO). Payment Modes. JPO Mode Parameters. SET 2.0 Proposed Additions. Functionality Enhancements. Encryption Alternatives. Certificate Enhancements. Order Enhancements. Payment Enhancements. Transaction Processing Enhancements.

Chapter 7: SET Standards and Compliance.

Chapter Roadmap. What is SETCo?. Membership in SETCo. SETCo Advisors Panels. The SETMark. Licensing the SETMark. SET Compliance Testing. SET Compliance Testing Enrollment. Compliance Testing. Tested Components. SET Checklist. SET Tests. Vendor Status Matrix. Tenth Mountain Systems, Inc.

Appendix A: SET ASN.1 Code.


Appendix B: JPO ASN.1 Code.


Appendix C: PKCS #7 Formats.


SignedData Type.


EnvelopedData.


EncryptedData.


DigestedData.


Index.

Preface

Audience
This book is intended for merchants who are planning to use SET for providing a secure method for conducting business over the Internet, and the programmers/system administrators who are responsible for SET's implementation and administration. Not all of the book's chapters will be equally applicable to all readers, but each chapter has something for everyone.

As a merchant you need to know how SET can contribute to your business and how it works within your existing infrastructure. SET is not just a smart technology, but it also makes business sense. Each chapter addresses issues that need to be explored before making a business decision to adopt SET for an electronic commerce solution.

As someone implementing SET, you need to understand how SET works, and how it works together with your existing technology. Each chapter explores the technical aspects of the SET protocol and how all of the pieces work together to conduct a safe end-to-end transaction.

Organization
The organization of this book is designed so that you can read and build your knowledge from chapter to chapter. Each chapter's content is fairly dependent on the knowledge presented in previous chapters; however, if you are fairly confident you know the basics, skipping ahead to other subjects isn't unreasonable. The appendices reference, and are places to turn for, additional information not covered in-depth in the regular chapters of this book.

Basic Material
The following basic material is included in this book. This material is designed to give you a basic understanding of the SET protocol.

• Foreword - a foreword written by William Archibald, Chief Technical Officer of GlobeSet, Inc.
• Preface - provides basic information about the layout and contents of this book.
• Chapter 1, Introduction to SET- serves as a preview to the SET protocol. It addresses basic issues such as what SET is and what it is designed to accomplish.
• Chapter 2, Software Components - gives a detailed look at the software components used with SET. Software use by the cardholder, merchant, and banking institutions are all discussed.
• Chapter 3, Encryption and Cryptography - is a primer for understanding the basics about cryptography and encryption. SET-specific algorithms and processes are discussed at length in this chapter.
• Chapter 4, Certificates and Certification - provides an overview of SET's certification process, including the parties involved and issues of trust and authentication.
• Chapter 5, SET Payment Messaging - a complete look at the messaging that is the heart of the SET protocol. Payment messaging between the cardholder and merchant, as well as the merchant and payment gateway, are discussed in-depth.
• Chapter 6, SET Protocol Extensions and Additions - covers a list of some of the more important possible extensions to the SET v1.0 protocol. Each of the proposed extensions is covered in detail.
• Chapter 7, SET Standards and Compliance - a look at the process that SET providers must complete in order to be certified as SET-compliant and the organizations involved.

Additional Material
These topics provide useful information about SET and broaden basic knowledge of the protocol.

• Appendix A, SET ASN.1 Code
• Appendix B, JPO ASN.1 Code
• Appendix C, PKCS #7 Formats

Conventions Used in this Manual
Table 0-1describes the conventions used in this manual:

Table 0-1: Conventions Used in this Manual
Convention	Definition
bold	Bold text brings attention to differences in content. For example: aeiou and abcdu.
bold italic	Bold italic text denotes a note, caution, or warning. For example: Caution: Paying attention to Greek philosophers can make you question authority.
italics	Italics draw attention to a new word or concept to which you should pay attention to. For example: Encryption is performed using the sender's private key.
courier	Courier font shows the output of a computer performed operation - either in memory or output to a screen. For example: The message's digest would be nvzkdoek33.
< >	Angle brackets enclose names of keys on the keyboard. For example: < shift >.

About the Author
Grady Drew is a former technical writer for GlobeSet, Inc., a company based in Austin, TX providing SET software solutions. After earning a B.A. in English from Michigan State University, Grady joined the GlobeSet team in May of 1996. Grady is the founding member of the GlobeSet publications department. In addition to being a writer, Grady has extensive system administration and programming experience - as well as teaching experience gained by a teaching assistantship for the Computer Science department of Michigan State University. When not working, he enjoys marathon running, writing, reading, scuba diving, hockey, and fly fishing. He can best be reached via e-mail at gdrew@voyager.net.

Acknowledgments
I wish to thank the employees of GlobeSet, Inc. for their help and support throughout the course of writing this book. Without their help, there would be no book. Thanks everyone.

Further Reading
The following books and articles contain information that is invaluable to understanding the SET protocol and electronic commerce.

• Applied Cryptography, Second Edition, Bruce Schneier, John Wiley & Sons, Inc., 1996.
• An Overview of the PKCS Standards, Burton S. Kaliski, Jr., RSA Laboratories, 1993.
• Public-Key Cryptography Standards (PKCS), RSA Data Security, Inc., May 13, 1997.
• Secure Electronic Transaction (SET) Specification, Book 1: Business Description, MasterCard International Incorporated,and Visa International Service Association, Version 1.0, May 31, 1997.
• Secure Electronic Transaction (SET) Specification, Book 2: Programmer's Guide, MasterCard International Incorporated and Visa International Service Association, Version 1.0, May 31, 1997.
• Secure Electronic Transaction (SET) Specification, Book 3: Formal Protocol Definition, MasterCard International Incorporated and Visa International Service Association, Version 1.0, May 31, 1997.
  
  



Updates

Submit Errata

