什么是安全電網(wǎng)站子交易協(xié)議

2017-05-11 23:51:26 網(wǎng)先生編輯部

　　A SET purchase involves three parties: the cardholder, the merchant, and the payment gateway (essentially a bank). The cardholder shares the order information with the merchant but not with the payment gateway. He shares the payment information with the bank but not with the merchant. A set dual signature accomplishes this partial sharing of information while allowing all parties to confirm that they are handling the same transaction. The method is simple: each party receives the hash of the withheld information. The cardholder signs the hashes of both the order information and the payment information. Each party can confirm that the hashes in their possession agrees with the hash signed by the cardholder. In addition, the cardholder and merchant compute equivalent hashes for the payment gateway to compare. He confirms their agreement on the details withheld from him.
　　The model is unusual. In the registration protocols, the initiator possesses no digital proof of identity. Instead, he authenticates himself by filing a registration form whose format is not specified. Authentication takes place outside the protocol, when the cardholder’s bank examines the completed form.
　　SET is a family of protocols. The five main ones are cardholder registration, merchant registration, purchase request, payment authorization, and payment capture. There are many minor protocols, for example to handle errors. SET is enormously more complicated than SSL, which merely negotiates session keys between the cardholder’s and merchant’s Internet service providers. Because of this complexity, much of which is unnecessary, the protocol is hardly used. However, SET contains many features of interest:
　　英文原文：

　　The dual signature is a novel construction. The partial sharing of information among three peers leads to unusual protocol goals.
其主要目的是解決信用卡電子付款的安全保障性問題，這包括：保證信息的機(jī)密性，企業(yè)網(wǎng)站建設(shè)，保證信息安全傳輸，不能被竊聽，只有收件人才能得到和解密信息；保證支付信息的完整性，保證傳輸數(shù)據(jù)完整接收，在中途不被篡改；認(rèn)證商家和客戶，論壇門戶網(wǎng)站建設(shè)，驗證公共網(wǎng)絡(luò)上進(jìn)行交易活動包括會計機(jī)構(gòu)的設(shè)置、會計人員的配備及其職責(zé)權(quán)利的履行和會計法規(guī)、制度的制定與實施等內(nèi)容。合理、有效地組織會計I作，意義重大，它有助于提高會計信息質(zhì)量，執(zhí)行國家財經(jīng)紀(jì)律和有關(guān)規(guī)定；有助于提高經(jīng)濟(jì)效益，論壇門戶網(wǎng)站建設(shè)，優(yōu)化資源配置。會計工作的組織必須合法合規(guī)。講求效益，必須建立完善的內(nèi)部控制制度，必須有強(qiáng)有力的組織保證。
　　All parties are protected. Merchants do not normally have access to credit card numbers. Moreover, the mere possession of credit card details does not enable a criminal to make a SET purchase; he needs the cardholder’s signature key and a secret number that the cardholder receives upon registration. The criminal would have better luck with traditional frauds, such as ordering by telephone. It is a pity that other features of SET (presumably demanded by merchants) weaken these properties. A merchant can be authorized to receive credit card numbers and has the option of accepting payments given a credit card number alone.

(secure Electronic Transaction簡稱SET) 由威士(VISA)國際組織、萬事達(dá)(MasterCard)國際組織創(chuàng)建，結(jié)合IBM、Microsoft、Netscope、GTE等公司制定的電子商務(wù)中安全電子交易的一個國際標(biāo)準(zhǔn)。
　　SET uses several types of digital envelope. A digital envelope consists of two parts: one, encrypted using a public key, contains a fresh symmetric key K and identifying information; the other, encrypted using K, conveys the full message text. Digital envelopes keep public-key encryption to a minimum, but the many symmetric keys complicate the reasoning. Most verified protocols distribute just one or two secrets.
　　People today pay for online purchases by sending their credit card details to the merchant. A protocol such as SSL or TLS keeps the card details safe from eavesdroppers, but does nothing to protect merchants from dishonest customers or vice-versa. SET addresses this situation by requiring cardholders and merchants to register before they may engage in transactions. A cardholder registers by contacting a certificate authority, supplying security details and the public half of his proposed signature key. Registration allows the authorities to vet an applicant, who if approved receives a certificate confirming that his signature key is valid. All orders and confirmations bear digital signatures, which provide authentication and could potentially help to resolve disputes.