Check out the new USENIX Web site. next up previous
Next: Conclusion Up: Related Work Previous: SSL and S-HTTP

SET

The Secure Electronic Transaction (SET) [16] specification was introduced this year by several credit card and system software vendors. It is currently under design and there are no publicly available reference implementations.

SET uses a session communications model like that of SSL and S-HTTP. SET certificate management is based on X.509, and uses a fixed structure essentially the same as that used for credit card distribution. Both merchants and customers obtain certificates from certificate authorities that represent one or more credit card brands. In order to transact business, a merchant and customer must use certificates obtained from a common brand.

The protocol provides an ad hoc security model that is based on credit card usage. In particular, SET transactions involve only the secure exchange of financial information - negotiations and the actual selection of merchandise are done out of band. Transactions involve a single merchant and consumer engaged in one exchange. The relationship between merchant and customer is asymmetric.

As with the other protocols, SET provides the properties required for secure messages. Note, however, that in recent drafts the specification has defined a linkage function that may be used to insert a reference to one message into another message. The purpose of this function is not completely specified but it could be used to enhance the SET protocol to provide the causality property.



Douglas H. Steves
Sun May 4 15:10:15 CDT 1997