1. Home
  2. Bisnis

SET Protocol

4.8.2 SET Protocol

To overcome the weak points of SSL, Visa and Master-Card jointly develop the SET protocol. This is an e-payment standard based on e-currency. Besides authentication of customer’s credit card, SET involves the authentication of the vendor’s identity, which is pivotally important to transactions involving payment. Rationally designed, SET has already been supported by big companies such as IBM, HP, Microsoft, Netscape, VeriFone, GTE and VeriSign, and has become the actual industrial standard.

Secure e-transaction is based on the Internet. It uses RSA public key system to authenticate the parties of communication, and DES, RC4 or other symmetric encryption methods to encrypt the transmission, and uses HASH algorithm to identify the truth of the message. In SET system, there is a key organization, Certification Authority (CA), which issues and manages certificates according to X.509.

The aim of SET has five points: (1) To ensure the secure transmission of information on the Internet, and prevent

the data from being eavesdroped.

(2) To ensure the separation between the participators of e-commerce. The customer’s information is encapsulated or encrypted and sent to the bank, but the vender cannot see the account or password of the customer.

(3) To solve the mutual authentication problem. (4) To ensure real-time transaction, all the process is online. (5) To simulate EDI and regulate the format of messages, promote compatibility

of the software developed by different manufacturers. The participants involved in the SET protocol include: (1) Customer. Customers fill the order forms of online stores and choose a

credit card to pay.

(2) On-line store. On-line stores provide commodities or services and are capable of accepting e-money.

(3) Bank. The bank processes the payment issue of online purchase via payment gateway.

(4) E-currency issuer. E-currency issuing company and the banks that issue e-currency take charge of processing the authentication of intelligent card and payment.

Introduction to E-commerce

(5) Certification authority. Certification authority takes charge of authenticating the identities of both parties, including the credibility of the vendor and the payment means of the customer.

The technical range of SET includes: (1) Application of encryption algorithms (such as RSA and DES). (2) Certificate information and format object. (3) Purchase information and format object. (4) Confirmation information and format object. (5) Transfer information and format object. (6) Message transmission protocol between session entities. The data encryption model of SET is illustrated in Fig. 4.10.

Figure 4.10 Data encryption model used by SET protocol

This model has the following features: (1) The authentication of Participants’ identities is done with digital certificate,

format of which adopts the X.509 standard. (2) The non-repudiation is implemented with digital signature. (3) The integrity of the data is guaranteed with message digest algorithm. (4) Since the speed of asymmetric encryption algorithm is very slow, it has to

be combined with the symmetric encryption algorithm, which is used to encrypt data; and the symmetric key is exchanged with the digital envelope.

The SET online purchase system is constituted of five parts: card holder, vendor, payment gateway, receiving bank, and the issuing bank. The data exchange process between the five parts is illustrated in Fig. 4.11.

4 Security Technologies in E-commerce

Figure 4.11 Data interchange process of SET protocol According to the working procedure of SET, it can be divided into seven steps:

(1) The client uses a PC to select the commodity he wants to buy, and fill in the order form on the computer. The order form should include the name of the online store, the name and amount of commodities, and the time and place of delivery.

(2) The customer contacts the online store via the e-commerce server, and the store responds to the customer if all the information is correct.

(3) The customer selects the way of payment, confirms the order and issues payment command. Now SET begins to get involved.

(4) In SET the customer has to put digital signature on the order form and the payment command, and makes full use of dual signature technology to ensure that the vendor cannot see the account information of the customer.

(5) After the online store receives the order form, it will request the user’s bank for the payment permit. The information will be sent to the bank via the payment gateway and then confirmed by the e-currency issuing company. Once the transaction is confirmed, the confirmation information will be returned to the store.

(6) The online store sends the information of the order form to the customer. The software at the customer terminal will record the transaction log for future query.

(7) The online store sends the commodity or provides the services, and notifies the receiving bank to make transfer from the customer’s account to the store’s account, or notifies the issuing bank to pay the bill.

There is usually an interval of time between the verification and payment. The first two steps have nothing to do with SET, and SET begins to play its

role from the third step until the seventh step. In the process, SET has definite prescriptions about the communication protocols and data format. In each step, each party verifies the identity of the communication subject via CA. Simply speaking, therefore, SET gives full play to the role of Certification Authority to ensure the authenticity and secrecy of information.

Ever since the birth of SET in April 1996, it has received support from the industry for its satisfying performance. However, there are also some problems:

Introduction to E-commerce

(1) The protocol does not specify if the bank has to receive the receipt of the commodity from the customer before it pays the purchase. Otherwise, if the commodity is not up to standard and the customer raise their dissents, who should assume the liability?

(2) SET does not specify how to process the security data after the transaction is completed. This might expose these data to potential attacks in the future. The limitation of SET has stimulated people to make improvement. China Commodity Trade Center, Bank of China and Shanghai Long-Distance Telecom have put forth their own design schemas.

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

0 82 16

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

2 99 16

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

4 116 138

Modul TK E 2016 150 hlm edit Tina M imas

2 44 165

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

1 26 687

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

12 68 1

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

10 133 86

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

0 0 15

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

0 1 11

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

0 0 15