- Understanding Secure Electronic Transaction Part-II
This is interesting that SET mainly uses cryptography to meet its objectives. Hence, we shall digress briefly to discuss some basics about cryptography. Cryptography is the science of encrypting messages, that is, converting clear text to cipher text using an algorithm, and then converting it back from cipher text to clear text using the same or another algorithm. There are two common encryption methods: secret key cryptography and public key cryptography (PKC).
If we look at the history, secret key cryptography (also called symmetric key or single key cryptography) has been around for a long time and hence its use is widespread. The most popular implementation is DES, which is used by all financial institutions to encrypt debit and credit card transactions. The sender uses a single 56-bit key (also called a symmetric key) to encrypt information and the receiver will use the same key to decrypt. We have well-developed hardware and software implementations which encrypt and decrypt using DES at very high speeds.
A much more secure and sophisticated encryption method is public key cryptography (PKC), also known as asymmetric key cryptography, which uses two keys. Any one key (it does not matter which) can be used to encrypt and the other can be used to decrypt. This fundamental property lies at the core of SET. However, encryption and decryption are relatively slow using PKC.
Secure Transmission Using PKC1
When two users want to exchange messages securely, each of them transmits one component of their key pair, designated the public key, to the other and keeps secret the other component, designated the private key. Because messages encrypted with the public key can only be decrypted using the private key, these messages can be transmitted over an insecure network without fear that an eavesdropper could use the key to read encrypted transmissions.
For example, Bob can transmit a confidential message to Alice by encrypting the message using Alice's public key. As long as Alice ensures that no one else has access to her private key, both she and Bob will know that only Alice can read the message.
Cryptographic Blinding Algorithm
In cryptography, blinding is a technique by which an agent can provide a service to (i.e., compute a function for) a client in an encoded form without knowing either the real input or the real output. Blinding techniques also have applications to preventing side-channel attacks on encryption devices. For more information, go to Simplilearn free resource which has great articles about cryptography and cryptography blinding algorithm.
The most common application of blinding is the blind signature. In a blind signature protocol, the signer digitally signs a message without being able to learn its content.
The OTP is an application of blinding to the secure communication problem, by its very nature. Alice would like to send a message to Bob secretly, however all of their communication can be read by Oscar. Therefore Alice sends the message after blinding it with a secret key or OTP that she shares with Bob. Bob reverses the blinding after receiving the message. In this example, the function f is the identity and E and D are both typically the XOR operation.
We can conclude and summarize that SET is a protocol which enables highly secure Internet shopping using credit cards. It has been developed by Visa and MasterCard in response to the security concerns of transacting on the Internet. The explosive growth of transactions on the Internet will only be further fuelled by SET. The SET protocol itself is still evolving, and is presently being extended to cover debit card transactions as well.