Scribd
Upload
23 views

Crypto

SSL encrypts data transferred between a web browser and server to ensure privacy and security. It uses protocols like SSL record, handshake, change-cipher spec, and alert. The SET protocol secures credit card transactions online using encryption, hashing, and digital signatures to authenticate users and keep payment information confidential and unmodified.

Uploaded by

Monika Mann
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views

Crypto

SSL encrypts data transferred between a web browser and server to ensure privacy and security. It uses protocols like SSL record, handshake, change-cipher spec, and alert. The SET protocol secures credit card transactions online using encryption, hashing, and digital signatures to authenticate users and keep payment information confidential and unmodified.

Uploaded by

Monika Mann
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Secure Socket Layer (SSL)

Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and
server. SSL encrypts the link between a web server and a browser which ensures that all data passed
between them remain private and free from attack.

Secure Socket Layer Protocols:

SSL record protocol - SSL Record provides two services to SSL connection. Confidentiality and

Message Integrity

Handshake protocol - Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each other. Handshake
protocol uses four phases to complete its cycle.

Change-cipher spec protocol - This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. After the handshake protocol, the Pending
state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and can have only one
value. This protocol’s purpose is to cause the pending state to be copied into the current state.

Alert protocol - This protocol is used to convey SSL-related alerts to the peer entity. Each message in this
protocol contains 2 bytes.

Secure Electronic Transaction (SET) Protocol


Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic
transactions done using credit cards in a scenario. SET is not some system that enables payment but it is
a security protocol applied to those payments. It uses different encryption and hashing techniques to
secure payments over the internet done through credit cards. The SET protocol was supported in
development by major organizations like Visa, Mastercard, and Microsoft which provided its Secure
Transaction Technology (STT), and Netscape which provided the technology of Secure Socket Layer
(SSL).

SET protocol restricts the revealing of credit card details to merchants thus keeping hackers and thieves
at bay.
Requirements in SET: The SET protocol has some requirements to meet, some of the important
requirements are:

It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the
customer is an intended user or not, and merchant authentication.

It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate
encryptions.

It has to be resistive against message modifications i.e., no changes should be allowed in the content
being transmitted.

SET also needs to provide interoperability and make use of the best security mechanisms.

Participants in SET: In the general scenario of online transactions, SET includes similar participants:

Cardholder – customer

Issuer – customer financial institution

Merchant

Acquirer – Merchant financial

Certificate authority – Authority that follows certain standards and issues certificates(like X.509V3) to all
other participants.

SET functionalities:
Provide Authentication

Merchant Authentication – To prevent theft, SET allows customers to check previous relationships
between merchants and financial institutions. Standard X.509V3 certificates are used for this
verification.

Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized
user or not using X.509V3 certificates.

Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading
the message being transferred. SET implements confidentiality by using encryption techniques.
Traditionally DES is used for encryption purposes.

Provide Message Integrity: SET doesn’t allow message modification with the help of signatures.
Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and
some using HMAC with SHA-1,

Dual Signature: The dual signature is a concept introduced with SET, which aims at connecting two
information pieces meant for two different receivers :

You might also like