Development of electronic payment protocol. Not long ago, the alliance between Visa and Microsoft began to develop.
A Different Online Payment Specification: Secure Transaction Technology (ST). So there is an misfortune.
Situation. MasterCard and Visa, two major credit card organizations, support independent online payment solutions respectively. this
This situation lasted for several months. In June 1996 1, these companies will jointly develop a unified department.
System. It's called Secure Electronic Transaction (SET). 65438+ at the end of February 1996. They released two documents, the first one
This document gives the business description of the SET protocol, while the second document gives more technical details. afterwards
After a period of public comment. During this period, relevant parties discussed the specifications and pointed out that
The shortcomings are discussed. After that, the revised document-protocol description. Has been released, and it defines the product.
Set the agreement. SET is a protocol based on message flow, which is used to guarantee bank card payment transactions on public networks.
The safety of. In the Internet payment industry, many important organizations have announced that they will support SET. Set in China.
Many experimental wells in the world have stood the test, but most of them have been used in consumer wells on the Internet.
No box is using the set.
The security of payment system is the key to e-commerce. SET supports the special security requirements of e-commerce, such as:
Use encryption to ensure the confidentiality of shopping information and payment information: use digital signature to ensure the integrity of payment information.
Sex; Authenticate the legality of using credit card with the cardholder's certificate; Use merchant certificate. For businessmen,
Carry out authentication; Ensure the non-repudiation of relevant matters by all parties. In particular, SET ensures that the cardholder's credit card number will not be disclosed to the merchant.
Here is a brief introduction to the transaction process of e-commerce. Typical e-commerce buried in SET
Generally speaking, the transaction process can be described by the following simple example:
1. Before the transaction, the customer should apply for a bank account number from his financial institution (i.e. the issuing bank or the paying bank).
Merchants should also apply for a bank account number from their financial institutions (acquiring banks) and record it in the certification center.
Books to get the required certificates.
2. Cardholders can browse goods in many ways, such as browsing the e-commerce services of merchants through browsers.
Directory on the We b page of the device; Or browse the merchants provided by the merchants and stored on the CD.
Catalogue: Check the printed catalogue and select the goods to be purchased.
3. The cardholder chooses a payment method, such as choosing the brand of the payment card.
4. The cardholder (customer) sends the complete order and payment instruction to the merchant (the payment instruction must be made by the company).
Signature of the cardholder as required by law).
5. The merchant requests the cardholder's financial institution to pay for the agent.
6. The merchant sends an order confirmation to the cardholder (customer).
7. Merchants deliver goods or provide services to cardholders (customers).
8. Merchants obtain goods from the cardholder's gold contact institution (payment bank).
In the whole transaction process, SET participated in the stages of 4, 5, 6 and 8. Set in the payment process
Participants in the protocol need to use digital certificates to prove their identity or exchange session keys. Cardholders are right about themselves.
Your digital certificate and private key, credit card number and other information need to be encrypted and stored. They match.
The software of SET protocol constitutes a set of "electronic wallet". When a cardholder selects goods in an online store,
And use the set "electronic wallet" to pay, and the software on the merchant server sends a message to the cardholder's browser.
SET "electronic wallet" is required to pay, and the SET "electronic wallet" exchanges "handshakes" with the merchant server.
Interest (including obtaining the merchant's certificate), so that the cardholder can confirm that the merchant is authorized to accept the payment of the card. meanwhile
Merchants also face the cardholder's certificate through a similar process to verify the legality of using the payment card. Facial syndrome
Payment information can only be exchanged after it is legal. In the message flow of SET protocol, all teaching information is used.
Cryptography protects its confidentiality and integrity, and verifies the sender of the message. In order to achieve
For these security functions, SET uses signature, digital envelope, double signature (also known as double signature) and so on. In SET's secure electronic transaction system, merchants, CCA.MCA card issuing banks, payment gateways and payment card brands all have a pair of public key Yin secret key exchange keys and a pair of public key Yin secret signature keys and corresponding certificates. The cardholder has a pair of public keys and corresponding certificates. In addition, all parties involved in communication are required to have encryption and decryption modules, digital signature verification modules, random symmetric key generators with random passwords, and modules that can realize the safe storage of certificates and other secure numbers. Together, they formed a chess set. Some messages in this model may be completed out of band, such as the description of merchants, the registration of cardholders and part of the authentication process when issuing certificates. The whole process of SE T secure electronic transaction can be roughly divided into the following stages: (c) cardholders pay attention.
Book, merchant (M) registration, shopping request, payment authorization, payment settlement.
I. Registration of Fion Cardholders
Cardholder C must register with its Jinsheng institution (payment bank) before electronic transaction.
So as to obtain a signing certificate. In this process, CCA should be used to ensure the confidentiality of the message.
The key exchange public key of, which is obtained from CCA's key exchange certificate (issued by CCA in initial response).
Send). The general steps of registration are as follows:
1.c sends an initial request to CCA;
2- CCA receives the initial request;
3- CCA generates a response and signs it:
4- CCA sends the letter together with the certificate to C;
5- C receives the initial response and verifies the CCA certificate;
Digital signature of CCA response of 6- C face card;
7- C receiving account:
8- C generate registry request:
9- c randomly generates a symmetric key K. Secondly, K encrypts the registry request message and K uses CCA and account.
Key exchange public key encryption is based on:
10- C sends an encrypted registration request to CCA;
It- CCA decrypts K. and account with the key exchanged by Mizu, and decrypts the encrypted registry request with K.;
12-cc Select the appropriate registry and digitally sign it;
13- CCA sends the registration form and CCA certificate to C-.
14- C to receive the registration form and present the CCA certificate:
15-the signature of CCA on the registration form;
16- C generates a public key pair and a secret random number r for the registered account.
17- C grave writes to the registry well to generate a registry request:
18- C generates a message consisting of the request, the public key of c and the newly generated symmetric key k:, and signs it;
19- C encrypts this message with keys pill, suck, r, and encrypts it with CCA's key exchange public key together with the account:
20- C sends an encryption certificate request message (including encrypted account number and R, etc. ) to CCA.
2 1.CC people use the key exchange private key to decrypt K2, random number and account number. Decrypt encrypted certificate requests using k:
22- CCA verifies C's digital signature:
23- CCA uses account information and registration information to perform necessary facial authentication for C (not specified in the SET):
24.CCA generates a random number according to the verification result, which will be the account number, validity period and other information of Fan, R and C..
The hash package is included in the certificate and signed:
25- CCA generates certificate response (including encrypted file) and signs it:
26- CCA replies with K: encryption certificate and sends it to C;
27- C verifies CCA's certificate and decrypts the message with K2:
28- C retains the certificate and the secret random number R2 generated by CC after verifying the digital signature of CCA.
The hash function acts on any message of repair length to generate a message with a fixed length, which is statistically unique.
Hash value of. SET often uses hash function when implementing data integrity. Hash function itself
Well can't provide integrity and is usually used in combination with keys or other algorithms. For example, it
And digital signature, block cipher (when the communication party has a * * * shared key), or
Use a hash function with a key, etc. Hash functions generally only need the following properties: Therefore, the algorithm of column functions is
Open: Hash function is a one-way function; For a specific hash function, find its conflicting message pairs.
Counting is not feasible. The hash function used by default in SET is SHA. SHA algorithm, which is an open column function designed by NINSSA and used in DSS (digital signature standard), generates 160 bits.
Hash value of. Similar to other hashing algorithms, the message is first padded as an integer multiple of 5 12 bits: one bit is added first.
1, and then fill in enough zeros to make its length 5 12bits minus an integer multiple of 64bits, and finally get 64bits.
Used to indicate the message length before filling.
Five 32-bit variables in the initialization algorithm: A= 0x6745230 1.
B=Oxefcdab89 .C=Ox98badcfe,D=0x 10325476,E=Oxc3d2e 1fO。
Then the main loop of the algorithm is started, and the message with 5 12 bits is processed at a time. Therefore, the number of main loops is determined by the message.
The number of 5 12-bit packets contained.