E commerce Assignment
SET & EDI
Submitted To: Submitted By:
Mrs S Aruna YAJUR NIGAM RA1511002010768
Secure Electronic Transaction (SET)can be described as a communication protocol standard to secure credit card transactions over the Internet. It is an application layer security mechanism. SET is not just a payment system, but rather is considered as a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure trend. SET is a something to ensure the security of financial transactions on the Internet. Initially it discovered by mastercard and visa.
It has very complex and detailed technical specification.
Some key features of the SET are:
Confidentiality of information
Integrity of data
Cardholder account authentication
How it does what is said it does:
Both cardholders and merchants must have their registeration done with CA (certificate authority) first, before they buy or sell on the Internet. Once registration is done, the former can start to do transactions, which consists of 9 basic steps in this protocol, which is simplified.
Customer browses website and decides on what to purchase
Customer sends order and payment based information, which has 2 parts in one message:
Purchase Order – this part is for merchant
Card Information – this part is for merchant’s bank only.
Merchant transfers the card information (part b) to their bank
Merchant’s bank checks with Issuer for payment authorization
Issuer send authorization to Merchant’s bank
Merchant’s bank send authorization to merchant
Merchant completes the order and sends confirmation to the customer
Merchant captures the transaction from their bank
Issuer prints credit card bill (invoice) to customer
1. CARD HOLDER
5. CERTIFICATE AUTHORITY
6. PAYMENT GATEWAY
(1.) The customer opens an account with a card issuer.
MasterCard, Visa, etc.
(2.) The customer receives a X.509 V3 certificate signed by a bank.
(3.) A merchant who accepts a certain brand of card must possess two X.509 V3 certificates.
-One for signing & one for key exchange
(4.) The customer places an order for a product or service with a merchant.
) The merchant sends a copy of its certificate for verification.
) The customer sends order and payment information to the merchant.
) The merchant requests payment authorization from the payment gateway prior to shipment.
) The merchant confirms order to the customer.
) The merchant provides the goods or service to the customer.
(10.) The merchant requests payment from the payment gateway.
Key Technological aspects of SET:
) Confidentiality of information: DES
) Integrity of data: RSA digital signatures with SHA-1 hash codes.
) Cardholder account authentication: X.509v3 digital certificates with RSA signatures .) X.509v3 digital certificates with RSA signatures: Merchant authentication
(5.) Privacy: separation of order and payment information using dual signatures.
A vital innovation introduced in SET is the dual signature. The purpose of the dual signature is to link two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank.
The operation for dual signature is as follows:
(a.) Take the hash (SHA-1) of the payment and order information.
(b.) These two hash values are concatenated H(PI) || H(OI) and then the result is hashed.
(c.) Customer encrypts the final hash with a private key creating the dual signature.
DS = EKRC H(H(PI) || H(OI))
Electronic Data Interchange (EDI) is known as the electronic interchange of business information using a standard format; a process which enables one company to send information to another company electronically rather than with those traditional ones. Business entities conducting business electronically are known as trading partners.
Using EDI many business documents can be exchanged. While the two most common are the purchase orders and invoices. EDI replaces the mail preparation and handling associated with traditional business communication. Apparently, the real boon of EDI is that it standardizes the information communicated in business documents, which makes possible a “paperless” exchange.
EDI semantic layer :(a.) Describes the business application
(b.) Procurement example
EDI in Action Information flow without EDI:
Information flow with EDI:
EDI applications in business:
1. International or cross-border trade
2. Electronic funds transfer
3. Health care EDI for insurance claims processing
4. Manufacturing & retail procurement