E commerce Assignment (15SE322E) On SET & EDI Submitted To: Submitted By: Mrs S Aruna YAJUR NIGAM RA1511002010768 SET Secure Electronic Transaction (SET)can be described as a communication protocol standard to secure credit card transactions over the Internet. It is an application layer security mechanism. SET is not just a payment system, but rather is considered as a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure trend. SET is a something to ensure the security of financial transactions on the Internet.
Initially it discovered by mastercard and visa. It has very complex and detailed technical specification. Some key features of the SET are: Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication How it does what is said it does: Both cardholders and merchants must have their registeration done with CA (certificate authority) first, before they buy or sell on the Internet. Once registration is done, the former can start to do transactions, which consists of 9 basic steps in this protocol, which is simplified.
Customer opens the website to see what should be purchased as per his needs. Customer sends order and payment based information, which has 2 parts in one message: Purchase Order – this part is for merchant Card Information – this part is for merchant’s bank only. Merchant sends the card information to their bank Merchant’s bank checks with Issuer for payment authorization Issuer send authorization to Merchant’s bank Merchant’s bank send authorization to merchant Merchant completes the order and sends confirmation to the customer Merchant captures the transaction from their bank Issuer prints credit card bill (invoice) to customer SET participants: 1. CARD HOLDER 2.
MERCHANT 3. ISSUER 4. AQUIRER 5. CERTIFICATE AUTHORITY 6. PAYMENT GATEWAY SET transactions: (1.) The customer opens an account with a card issuer.
MasterCard, Visa, etc. (2.) The customer receives a X.509 V3 certificate signed by a bank. (3.) A merchant who accepts a certain brand of card must possess two certificates. -One for signing & one for key exchange (4.) The customer places an order for a product or service with a merchant. ) The merchant sends a copy of its certificate for verification.
) The customer sends order and payment information to the merchant. ) The merchant requests payment authorization from the payment gateway prior to shipment. ) The order is confirmed. ) The merchant provides the goods and services are delivered.
(10.) The merchant requests payment from the payment gateway. Key Technological aspects of SET: ) Confidentiality of information: DES ) Integrity of data: RSA digital signatures with SHA-1 hash codes. ) Cardholder account authentication: X.509v3 digital certificates with RSA signatures .) X.509v3 digital certificates with RSA signatures: Merchant authentication (5.) Privacy: separation of order and payment information using dual signatures. Dual Signatures: An innovation introduced in SET is the dual signature. The purpose of the dual signature is to link two messages that are intended for two different recipients.
In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The operation for dual signature is as follows: (a.) Take the hash (SHA-1) of the payment and order information. (b.) These two hash values are concatenated H(PI) || H(OI) and then the result is hashed. (c.) Customer encrypts the final hash with a private key creating the dual signature. DS = EKRC H(H(PI) || H(OI)) EDI Electronic Data Interchange (EDI) is known as the electronic interchange of business information using a standard format; a process which enables one company to send information to another company electronically rather than with those traditional ones. Business entities conducting business electronically are known as trading partners.
Using EDI many business documents can be exchanged. While the two most common are the purchase orders and invoices. EDI replaces the mail preparation and handling associated with traditional business communication. Apparently, the real boon of EDI is that it standardizes the information communicated in business documents, which makes possible a “paperless” exchange. EDI semantic layer :(a.) Describes the business application (b.) Procurement example EDI layout: EDI in Action Information flow without EDI: Information flow with EDI: EDI applications in business: 1.
International or cross-border trade 2. Electronic funds transfer 3. Health care EDI for insurance claims processing 4. Manufacturing & retail procurement PLAGIARISM CHECK: