Technical Analysis of SET application layer protocol

Source: Internet
Author: User

Network security has always been our focus. Today, more and more business activities are being launched online. Therefore, a secure network environment is essential. So now let's take a look at the network security technologies of the SET application layer protocol.

◆ Security technology used in the SET application layer protocol

SET is a combination of earlier protocols, such as the SEPP of MasterCard and STT of VISA and Microsoft, it defines the circulation process of transaction data between card users, merchants, card issuers, and receiving banks, it also defines various security functions (digital signature, Hash algorithm, encryption, etc.) that support these transactions )。

To further enhance security, SET uses two key pairs for encryption and signature. SET does not want sellers to obtain the customer's account information, nor does it want banks to understand the transaction content, however, it is required to be able to authorize each individual transaction. The dual signature mechanism is used to link the order information with the account information for signature, and SET cleverly resolves this contradiction 。

SET perfectly combines the fast, low-cost, and asymmetric key effectiveness of symmetric keys. Considering the situation of online stores, it exchanges information on the INTERNET for thousands of consumers and sellers, A private key must be issued to each consumer through a channel. In reality, a public key is used to generate a public key pair, any consumer can use the public key published by the merchant to communicate with the merchant in a confidential manner. The details are as follows 。

(1) digital envelope: The SET relies on the cryptographic system to ensure reliable message transmission. In the SET, the symmetric key generated by the DES algorithm is used to encrypt data. Then, encrypt the symmetric key with the receiver's public key, called the message's "digital envelope", and send it and the data together to the receiver. The receiver decrypts the digital envelope with his private key to obtain the symmetric key, then, use a symmetric key to unbind the data 。

(2) digital signatures, due to the mathematical relationship between public keys and private keys, data encrypted using one of the keys can only be unlocked using the other key. The RSA algorithm is used in the SET to implement the encryption. The sender uses its own private key to encrypt the data and send it to the receiver, after the receiver unlocks the data with the sender's public key, it can determine who the message comes from, which ensures that the sender cannot deny the sent information 。

(3) Dual signatures. To ensure that important information such as the consumer's account is concealed from the merchant, the dual signature technology is used in the SET. In the transaction, the payment instruction sent by the cardholder to the bank is forwarded by the merchant. In order to prevent the merchant from stealing the cardholder's credit card information during the transaction, and prevent banks from tracking the behavior of cardholders, infringing the privacy of consumers, but at the same time cannot

This affects the reasonable verification of information sent by sellers and banks to the cardholders. The bank will be charged only when the merchant agrees to the cardholder's purchase request, the SET application layer protocol uses dual signatures to solve this problem 。

◆ Main features of the SET application layer protocol

(1) Information Confidentiality. One important feature of SET is that the cardholder's credit card number is provided only to the bank, and the Merchant cannot know the credit card number. SET uses the DES password algorithm to provide information confidentiality 。

(2) data integrity. The payment information sent from the cardholder to the merchant includes the order information, personal data and payment instructions. SET introduces the RSA Digital Signature and Sha-1 aggregate function to ensure that the content of these messages is not transmitted invalid change 。

(3) Identify the cardholder. SET allows the merchant to identify the cardholder as a valid user of a valid credit card account. SET uses X.509V3 digital certificate and RSA digital signature for this purpose 。

(4) merchant identification. SET is a feature that allows the cardholder to identify the authenticity of the merchant and verify whether the merchant can pay by credit card. SET also uses X.509V3 digital certificate and RSA digital signature to achieve this function 。

◆ Security analysis and summary of the SET application layer protocol

The SET application layer protocol uses cryptographic technology and digital certificates to ensure the confidentiality and security of information. It implements data integrity, confidentiality, identity legitimacy and non-repudiation of electronic transactions 。

The Data Integrity (Data Integrity) SET application layer protocol uses the Hash function to ensure Data Integrity. After a packet is sent, the Hash function generates a unique digest value for the packet, once the data contained in the message is tampered with, the value will change and thus be detected, thus ensuring information integrity 。

Confidentiality (Confidentiality) under the SET application layer protocol, the customer decrypts the payment information PI and order information OI through a dual signature merchant to obtain the OI, and the bank decrypts the information to obtain the PI, this avoids the merchant from accessing the customer's payment information 。

Identity Authentication (Verification Of Identity) is an important part Of e-commerce. The SET application layer protocol uses digital certificates to confirm the identities Of merchants, card-holding customers, card receiving lines, and payment gateways, it provides a complete and reliable environment for online transactions 。

The digital certificate publishing process in the Non-repudiation of Disputed charges (Non-repudiation of Disputed charges) SET application layer protocol also contains information about transactions between merchants and customers. Therefore, if a customer issues an order for a commodity, the customer cannot deny the order after receiving the goods. Similarly, the merchant cannot deny the receipt of the order in the future 。

◆ Summary

The SET application layer protocol is located in the application layer of the network. It provides better security and is an important guarantee for secure electronic transactions. It standardizes the entire business activity process and sets strict encryption and authentication standards, it has become an industrial standard for online transaction security and communication agreements. However, there are also some defects, such as the large number of Transaction participants involved in the SET, which leads to complicated protocols and high cost of use, its security still has some defects in some aspects, which are the areas for future research and improvement 。
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.