Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers

ArticlesSecure Electronic Transactions Protocol

June 1997 / Cover Story / Who Goes There? / Secure Electronic Transactions Protocol

The Secure Electronic Transactions (SET) protocol mimics the current structure of the credit card processing system and replaces every phone call or transaction slip of paper with an electronic version. This can involve a surprisingly large number of data packets because the credit card system evolved to allow a wide range of transactions. Restaurants, for instance, frequently submit the bill twice. The first time processes the bas ic bill, and the second time adds on the tip. Hotels, on the other hand, often reserve a large block of extra credit to account for extra charges like room service. This is released when the client checks out.

The SET protocol offers packets of data for all these transactions, and each transaction is signed with a digital signature. This makes SET the largest consumer of certificates, and it makes banks by default one of the major distributors of certificates. IBM, GTE, and VeriSign have announced plans to help banks offer certificates to their customers; this promises to be a big market for developers of these large databases.

One of the most active debates in the SET community is about who will pay for the SET certificate-revocation list. The SET protocol forces a transaction processor to check the lists regularly to catch transactions that might be generated by a lost or stolen certificate. In order to simplify the process of keeping the lists current and sync hronized, the protocol defines a fingerprint to be a hash of the latest revocation list. The transaction processors can compare fingerprints to ensure that their copy of the list matches the latest master list.

The credit card issuers will probably become the ones that are responsible for maintaining these lists of revoked certificates. The structure of the marketplace virtually assures this. But this may mean that the SET certificates will not become easily useful for other uses of encryption, like sending private letters, because the card companies may see the certificates as their own property. Or they may decide to open up this feature as a gimmick to draw customers. Only the marketplace will tell.

How Secure Electronic Transactions (SET) Works

illustration_link (31 Kbytes)

Up to the Cover Story section contentsGo to previous article: Secure Electronic Transactions ProtocolGo to next article: Are Smartcards a Certificate Solution?
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network