1 / 6

Secure Electronic Payment Protocols in E-Commerce

Learn about iKP, STT, and SEPP protocols for secure online transactions. See the roles of customers, merchants, and acquirers in the payment process. Explore the encryption levels and authentication methods used. Discover the technology behind these protocols.

morey
Télécharger la présentation

Secure Electronic Payment Protocols in E-Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 7 – SET • SET predecessors • iKP, STT, SEPP

  2. iKP • Developed by IBM • Three parties are involved - Customer, Merchant, and Acquirer • Uses public key cryptography, where i represents the number of parties who have public and private keys • 1KP -Only messages sent to the acquirer are encrypted • 2KP - Messages received by the seller are also encryted • 3KP - All messages are encrypted • Existing infrastructure handles clearing and settlement

  3. Customer Merchant Acquirer Initiate Invoice Payment Auth-Request Auth-Response Confirm Goods and services

  4. Secure Transaction Technology (STT) • Developed by VISA and Microsoft • Virtual internet credit card system • Includes card holder, merchant, card issuing bank, acquiring bank, and a central authority • Uses “credentials” for authentication - similar to digital certificates • A tree of trust is generated in the same structure as the existing real-world credit card environment, where the central authority signs the credentials of the banks, and the banks sign the credentials of the merchant and customer • Uses dual signatures, message digests, and public key cryptography

  5. Root Key - R Association Signature - A (Signed by R) Issuer Signature - IS (Signed by A) Acquirer Signature - AS (Signed by A) Cardholder Signature (Signed by IS) Cardholder Signature (Signed by IS) Merchant Signature (Signed by AS) Merchant Signature (Signed by AS)

  6. Secure Electronic Payment Protocol (SEPP) • Developed by Mastercard, IBM, Netscape, GTE and CyberCash • All traditional participants are represented (card holder, card issuing bank, central authority, acquiring bank, and merchant) • Uses existing infrastructure for clearing (STT uses internet for all communications) • Certificates are issued directly to merchants and card holders from central authority, not by the banks • Never implemented, as SST and SEPP were succeeded by a joint venture between VISA and MasterCard - SET

More Related