Purchase Request of SET

-

 Purchase Request

 Before the Purchase Request exchange begins, the cardholder has completed browsing, selecting, and ordering. The end of this preliminary phase occurs when the merchant sends a completed order form to the customer. All of the preceding occurs without the use of SET. The purchase request exchange consists of four messages

a) Initiate Request. 

b)Initiate Response. 

c) Purchase Request. 

d) Purchase Response.


a) Initiate Request

- Basic Requirements: 

  • Cardholder Must Have Copy of Certificates for Merchant and Payment Gateway
-  Customer Requests the Certificates in the Initiate Request Message to Merchant
  •  Brand of Credit Card 
  • ID Assigned to this Request/response pair by customer.
  •  nonce(timestamp) used to ensure timeliness.

b) Initiate Response

-  Merchant Generates a Response 

  • Signs with Private Signature Key.
  •  transaction ID for Purchase Transaction 
  • Merchant’s Signature Certificate 
  • Payment Gateway’s Key Exchange Certificate 
  • the nonce from the customer 
  • another nonce for the customer to return in the next message

c) Purchase Request. 
  •  Cardholder Verifies Two Certificates(merchant and gateway) Using Their CAs and Creates the OI and PI. 
  • First SET Message Includes:
-  Purchase-related Information,
-  Order-related Information 
-  Cardholder Certificate
  1.  Purchase Request – Customer
  2.  Purchase Request – Merchant

  1.  Purchase Request – Customer
shikhadeep.com.np

Purchase Request – Customer 
The cardholder prepares the Purchase Request message and generates a one-time symmetric encryption key, Ks. 
The message includes the following: 
1. Purchase-related information. This information will be forwarded to the payment gateway by the merchant and consists of
 - The PI - The dual signature, calculated over the PI and OI, signed with the customer's private signature key 
- The OI message digest (OIMD) The (OIMD) is needed for the payment gateway to verify the dual signature, as explained previously. All of these items are encrypted with Ks. The final item is 
- The digital envelope. This is formed by encrypting Ks with the payment gateway's public key exchange key. It is called a digital envelope because this envelope must be opened (decrypted) before the other items listed previously can be read. The value of Ks is not made available to the merchant. Therefore, the merchant cannot read any of this payment-related information.


2. Purchase Request – Merchant
purchase request of SET

Purchase Request – Merchant 
When the merchant receives the Purchase Request message, it performs the following actions 

1. Verifies the cardholder certificates by means of its Certification Authority (CA) signatures. 

2. Verifies the dual signature using the customer's public signature key. This ensures that the order has not been tampered with in transit and that it was signed using the cardholder's private signature key.

 3. Processes the order and forwards the payment information to the payment gateway for authorization (described later). 

4. Sends a purchase response to the cardholder.


                                 OR,

Merchant Verifies Purchase Request
 ♦ When the merchant receives the Purchase Request message, it performs the following actions:
 – Verify the cardholder certificates by means of their CA signatures.
 – Verifies the dual signature using the customer’s public key signature.
 – Processes the order and forwards the payment information to the payment gateway for authorization. – Sends a purchase response to the cardholder.


d)  Purchase Response Message 
  • The message that Acknowledges the Order and References Corresponding Transaction Number 
  • Response Block is
 - Signed by Merchant Using its Private Key 
  - Block and Signature Are Sent to Customer Along with Merchant’s Signature Certificate 

  • Upon Reception 
◦Verifies Merchant Certificate 
◦Verifies Signature on Response Block
 ◦Takes the Appropriate Action


Comments

Post a Comment

Popular posts from this blog

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage vi...
Read more

What is RMI? Discuss stub and skeleton. Explain its role in creating distributed applications.

-
 The RMI (Remote Method Invocation) is an API that provides a mechanism to create distributed application in java. The RMI allows an object to invoke methods on an object running in another JVM. The RMI provides remote communication between the applications using two objects stub and skeleton. RMI applications often comprise two separate programs, a server and a client. A typical server program creates some remote objects, makes references to these objects accessible, and waits for clients to invoke methods on these objects. A typical client program obtains a remote reference to one or more remote objects on a server and then invokes methods on them.  RMI provides the mechanism by which the server and the client communicate and pass information back and forth. A primary goal for the RMI designers was to allow programmers to develop distributed Java programs with the same syntax and semantics used for non-distributed programs. To do this, they had to carefully map how Java clas...
Read more

Suppose that a data warehouse consists of the three dimensions time, doctor, and patient, and the two measures count and charge, where a charge is the fee that a doctor charges a patient for a visit. a) Draw a schema diagram for the above data warehouse using one of the schemas. [star, snowflake, fact constellation] b) Starting with the base cuboid [day, doctor, patient], what specific OLAP operations should be performed in order to list the total fee collected by each doctor in 2004? c) To obtain the same list, write an SQL query assuming the data are stored in a relational database with the schema fee (day, month, year, doctor, hospital, patient, count, charge)

-
Image
Solution: a) Star Schema is shown in the figure below: b) First, we should use the roll-up operation to get the year 2004(rolling-up from the day then month to a year). After getting that, we need to use the slice operation to select (2004). Second, we should use roll-up operation again to get all patients. Then, we need to use the slice operation to select (all). Finally, we get a list of the total fee collected by each doctor in 2004. So, 1. roll up from day to month to year 2. slice for year = “2004” 3. roll up on patient from the individual patient to all 4. slice for patient = “all” 5. get the list of the total fees collected by each doctor in 2004 c) Select doctor, Sum(charge) From fee Where year = 2004 Group by doctor
Read more