Cryptography Reference
In-Depth Information
Integrity
: The data sent by Alice to Bob is guaranteed not to be altered in
transit. RSA digital signatures (see page 181) are used and SHA-1 hash schemes
(see Chapter 7) are used to guarantee this.
Authentication
: The use of not only the aforementioned certificates, but
also the use of RSA signatures ensures Bobthat Alice is a legitimate card holder
of a legitimate account. Similarly, Alice can verify that Bobis a legitimate
merchant.
Issuer
: We have kept the issuer in the background for the sake of simplicity
of presentation. The issuer is typically a bank or some other financial institution
that provides Alice with her card, such as a MasterCard or Visa. She interacts
with the issuer to open an account. Moreover, the ultimate responsibility for
the payment of all authorized transactions put on the card is the issuer. The
issuer must have certificates to be processed by a CA if they process any SET
messages. In this case, they receive them from the credit card organization, such
as Visa. Otherwise, the issuer may have the credit card organization process
certificates on their behalf, in which case they are not processing SET messages,
and do not require certificates.
Acquirer
: We have also kept the acquirer in the background. This is a
financial institution that supports merchants such as Bobby providing the ser-
vice of processing payment of credit cards. Thus, the acquirer pays Bob, and
the issuer repays the acquirer. The acquirer must also have certificates that
can be processed by a CA. These certificates are obtained from the credit card
organization as above.
The Payment Gateway
: We have put the task of all three of the issuer,
acquirer, and payment gateway on Trent's shoulders, but in reality, Trent must
interface with the acquirer at some juncture, since Trent processes Bob's pay-
ment messages which must, at some point go through the acquirer.
Certificate Status Inquiry
: Again, for simplicity, we did not describe
some of the other transaction types in SET. In this type of inquiry either a CA
can send a message to Bobor Alice saying that more processing time is needed,
or Alice or Bobcan send such a message to the CA to check the status of a
certificate request, for instance.
Purchase Inquiry
: Alice can send this message to check the status of the
processing of her order, for instance.
Authorization Reversal
: Bobcan send this message to reverse an autho-
rization or part of it.
Capture Reversal
: Bobmay use this to correct errors in earlier capture
requests.
Credit or Credit Reversal
: These types of messages may be used by Bob
to issue a credit or reverse a credit due to a previous error, for example.
Search WWH ::
Custom Search