Secure Electronic Transactions
SECURE ELECTRONIC TRANSACTIONS
Introduction
Secure Electronic Transactions (SET) is an open protocol which has the potential to emerge as a dominant force in the securing of electronic transactions. Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions. This is critical to the success of electronic commerce over the Internet; without privacy, consumer protection cannot be guaranteed, and without authentication, neither the merchant nor the consumer can be sure that valid transactions are being made.
Technology
Secure Electronic Transactions (SET) relies on the science of cryptography – the art of encoding and decoding messages. Cryptography dates back many centuries – even in the time of Julius Caesar, encryption was used to preserve the secrecy of messages. Preserving the secrecy of transactions is no different, though stronger encryption algorithms are used, as well as significantly stronger encryption keys. Encryption advancements have come about through its application by the military, and by advances in computing power and mathematics.
The SET protocol relies on two different encryption mechanisms, as well as an authentication mechanism. SET uses symmetric encryption, in the form of the aging Data Encryption Standard (DES), as well as asymmetric, or public-key, encryption to transmit session keys for DES transactions (IBM, 1998). Rather than offer the security and protection afforded by public-key cryptography, SET simply uses session keys (56 bits) which are transmitted asymmetrically – the remainder of the transaction uses symmetric encryption in the form of DES. This has disturbing connotations for a "secure" electronic transaction protocol – because public key cryptography is only used only to encrypt DES keys and for authentication, and not for the main body of the transaction. The computational
Introduction
Secure Electronic Transactions (SET) is an open protocol which has the potential to emerge as a dominant force in the securing of electronic transactions. Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions. This is critical to the success of electronic commerce over the Internet; without privacy, consumer protection cannot be guaranteed, and without authentication, neither the merchant nor the consumer can be sure that valid transactions are being made.
Technology
Secure Electronic Transactions (SET) relies on the science of cryptography – the art of encoding and decoding messages. Cryptography dates back many centuries – even in the time of Julius Caesar, encryption was used to preserve the secrecy of messages. Preserving the secrecy of transactions is no different, though stronger encryption algorithms are used, as well as significantly stronger encryption keys. Encryption advancements have come about through its application by the military, and by advances in computing power and mathematics.
The SET protocol relies on two different encryption mechanisms, as well as an authentication mechanism. SET uses symmetric encryption, in the form of the aging Data Encryption Standard (DES), as well as asymmetric, or public-key, encryption to transmit session keys for DES transactions (IBM, 1998). Rather than offer the security and protection afforded by public-key cryptography, SET simply uses session keys (56 bits) which are transmitted asymmetrically – the remainder of the transaction uses symmetric encryption in the form of DES. This has disturbing connotations for a "secure" electronic transaction protocol – because public key cryptography is only used only to encrypt DES keys and for authentication, and not for the main body of the transaction. The computational
References: IBM Corporation. An overview of the IBM SET and the IBM CommercePoint Products, http://www.software.ibm.com/commerce/set/overview.html, June 1998 IBM Corporation. Cryptography and SET : What’s under the hood?, http://www.software.ibm.com/commerce/payment/part2.html, June 1998 Schneier, Bruce. Applied Cryptography, John Wiley & Sons, Canada 1996 http://info.ssl.com/article.aspx?id=10241