Participants Of Secure Electronic Transactions Information Technology Essay

In the security environment, a proper and effective security is needed in order to prevent from attacks. Therefore, multiple security mechanism and protocol should be use to secure a network. An example for a system that needs to have a high security was online transaction.

Nevertheless, in term of network security, Internet Security Protocol (IPSec) is one of the best security protocols nowadays. More than that, the key exchange algorithm such as Oakley and ISAKMP is an enhance version of Diffie-Hellman (DH) protocol. This protocol has overcome the shortage or weaknesses of DH protocol.

Which Citation Styles Can You Handle?

We get a lot of “Can you do MLA or APA?”—and yes, we can! Our writers ace every style—APA, MLA, Turabian, you name it. Tell us your preference, and we’ll format it flawlessly.

The following section will cover the SET and IPSec in details with graphical explanation.

2.1) Feature and Services of Secure Electronic Transaction (SET)

SET is a system that use for security purpose in order to secure the financial transaction supported by Visa, MasterCard, American Express and others. In spite of that, SET itself is not a payment system, but rather a set of protocol that can be use in open public network with enhancement of security.

In term of key feature, SET provides the following features:-

Confidentiality of Information

Are Writing Services Legal?

Totally! They’re a legit resource for sample papers to guide your work. Use them to learn structure, boost skills, and ace your grades—ethical and within the rules.

Integrity of Data

Cardholder Account Authentication

Merchant Authentication

What’s the Price for a Paper?

Starts at $10/page for undergrad, up to $21 for pro-level. Deadlines (3 hours to 14 days) and add-ons like VIP support adjust the cost. Discounts kick in at $500+—save more with big orders!

Taken from (Stallings, 1999)

Besides that, the main services are:-

Baseline Purchase (Transaction)

Cash Advances

Is My Privacy Protected?

100%! We encrypt everything—your details stay secret. Papers are custom, original, and yours alone, so no one will ever know you used us.

Status Enquiry

Taken from (Hitachi, 2003)

The following pages will explain the features and services of SET in brief.

2.1.1) Feature of SET

Confidentiality of Information

Cardholder account and payment information are secured all the time, especially during the transaction. This is an important feature of SET whereby the encryption is using Data Encryption Standard (DES) to improve confidentiality.

Is AI Involved in Writing?

Nope—all human, all the time. Our writers are pros with real degrees, crafting unique papers with expertise AI can’t replicate, checked for originality.

Integrity of Data

With integrity of data, all the payment information between the cardholder and merchant will be secure all the time. With the help of digital signature like RSA, the data will be sure.

Cardholder Account Authentication

SET use X.509v3 digital signature with RSA during the authentication process. This allows the merchant to verify either the credit card is valid or invalid.

Merchant Authentication

With X.509v3 digital signature, SET allows the card holder to verify either the merchant is valid or invalid. This feature can prevent from fraud or scam.

The statement above supported by (Stallings, 1999)

Why Are You the Best for Research?

Our writers are degree-holding pros who tackle any topic with skill. We ensure quality with top tools and offer revisions—perfect papers, even under pressure.

2.1.2) Services of SET

Baseline Purchase

The main services of SET were baseline purchase where three steps are involved.

Choose product to be purchase

Consumer choose an independent or depended product to purchase

Payment Step

Who Writes My Assignments?

Experts with degrees—many rocking Master’s or higher—who’ve crushed our rigorous tests in their fields and academic writing. They’re student-savvy pros, ready to nail your essay with precision, blending teamwork with you to match your vision perfectly. Whether it’s a tricky topic or a tight deadline, they’ve got the skills to make it shine.

Consumer choose confirm the order and choose the payment method

Delivery Step

After completing the payment, consumer receives the product.

Cash Advances

Cash advances allow the cardholder to pay for the 1st time. For next payment onward, consumer can use different payment method. For example, installment

Will My Paper Be Unique?

Guaranteed—100%! We write every piece from scratch—no AI, no copying—just fresh, well-researched work with proper citations, crafted by real experts. You can grab a plagiarism report to see it’s 95%+ original, giving you total peace of mind it’s one-of-a-kind and ready to impress.

Status Enquiry

SET allow the consumer to check the status of their payment.

Statement above supports by (Hitachi, 2003)

2.2) Participant of Secure Electronic Transaction (SET)

Figure 2-1: Participants of SET

Figure 2-1 shows the participants of SET in graphical form. In spite of that, Table 2-1 on next page will explain the role and activity of the participants.

Participants

Role

Activity

Related to…

Merchant

Person or organization that has goods to sell.

Can You Use Any Citation Format?

Yep—APA, Chicago, Harvard, MLA, Turabian, you name it! Our writers customize every detail to fit your assignment’s needs, ensuring it meets academic standards down to the last footnote or bibliography entry. They’re pros at making your paper look sharp and compliant, no matter the style guide.

Sell goods and services. Especially web transaction.

Acquirer

Acquirer

Process payment and card authorization.

Provide support of multiple type of credit card brand to merchant.

Can I Change My Order Details?

For sure—you’re not locked in! Chat with your writer anytime through our handy system to update instructions, tweak the focus, or toss in new specifics, and they’ll adjust on the fly, even if they’re mid-draft. It’s all about keeping your paper exactly how you want it, hassle-free.

Provide electronic payment transfer

Control payment limit

N/A

Cardholder

Consumer

How Do I Order a Paper?

It’s a breeze—submit your order online with a few clicks, then track progress with drafts as your writer brings it to life. Once it’s ready, download it from your account, review it, and release payment only when you’re totally satisfied—easy, affordable help whenever you need it. Plus, you can reach out to support 24/7 if you’ve got questions along the way!

Can purchase goods and services from merchant with credit card.

Issuer

Issuer

Financial institution

Bank

How Quick Can You Write?

Need it fast? We can whip up a top-quality paper in 24 hours—fully researched and polished, no corners cut. Just pick your deadline when you order, and we’ll hustle to make it happen, even for those nail-biting, last-minute turnarounds you didn’t see coming.

Provide credit card to consumer

Collect debt payment from consumer

N/A

Payment Gateway

Operated by Acquirer or 3rd party

Work as middleman between SET and Issuer

Can You Handle Tough Topics?

Absolutely—bring it on! Our writers, many with advanced degrees like Master’s or PhDs, thrive on challenges and dive deep into any subject, from obscure history to cutting-edge science. They’ll craft a standout paper with thorough research and clear writing, tailored to wow your professor.

Provide authorization and payment function during transaction

Acquirer

Issuer

Certificate Authority

Issuer of X.509v3

-Issue X.509v3 to merchant, cardholders, and payment gateway

How Do You Match Professor Expectations?

We follow your rubric to a T—structure, evidence, tone. Editors refine it, ensuring it’s polished and ready to impress your prof.

N/A

Table 1-1: Roles and Activity of SET Participants

The information on this table was taken from (Stallings, 2006). However, it has been modified into table form.

2.3) Sequence of Events for Secure Transaction

In order to have a secure transaction, a proper sequence of event is needed. Although the process of transaction is very fast, but there was a lot of process in behind. There will be 10 events that will occur during the transaction. Therefore, this section will explain the sequence of events during the transaction.

Before that, Figure 2-2 shows the meaning of the icon for next several explanations.

How Do You Edit My Work?

Send us your draft and goals—our editors enhance clarity, fix errors, and keep your style. You’ll get a pro-level paper fast.

Figure 2-2: Icon of events

The whole sequence of events is a research from (Stallings, 2006) and (whatis.com, 2010)

Figure 2-3: Events 1, 2 & 3

A customer open a bank account

The first thing a consumer needs to do was open a bank account and apply for credit card such as VISA, MASTERCARD with bank that support SET completely.

Cardholder certificate

Once the credit card is available, a verification process of identity will occur where X.509v3 digital certificate will receive by customer. This certificate is issue by Certificate Authority and signed by bank where it will verify the card expired date and public key.

Merchant certificate

For merchant who accept variety type of credit card, it has two certificates for two public keys owned by them. Besides that, a copy of payment gateway certificate also will be issue by payment gateway.

Both of the key owned by merchant itself was use for signing a message and exchange a message.

Can You Brainstorm Topics?

Yep! We’ll suggest ideas tailored to your field—engaging and manageable. Pick one, and we’ll build it into a killer paper.

Figure 2-4: Events 4, 5, & 6

Customer buy a product

Once the credit card is ready, a consumer can start to look for the product they want to buy.

The consumer will send the list of item, price and order number information to merchant.

Merchant send verification

In order to continue, the merchant will send copy of its certificate to consumer.

This certificate is use to verify the merchant is legal

Payment and order sent

After the verification, the consumer will send the order and payment information along with its certification to merchant. The payment information contains the credit number and name.

In order to provide security, the information is encrypted all the way.

Figure 2-5: Events 7, 8, 9, & 10

Payment Authorization

Merchant will send the customer payment information to Payment Gateway in order to verify the sufficient credit for payment in customer account.

Do You Offer Fast Edits?

Yes! Need a quick fix? Our editors can polish your paper in hours—perfect for tight deadlines and top grades.

Order Confirmed

Once payment approved, merchant will send the order confirm and receipt to customer.

Goods Delivery

Merchant will deliver the goods to customer via shipping or other method.

(10) Payment request by merchant

Usually at end of the month, merchant will send a payment request to Payment Gateway.

2.4) SET Transaction Types

Besides feature and services of SET, this system also supports several transaction types where each of them is having its own function. Nevertheless, some of them are related to each other and required to work at pairs. Table 1-2 below listed out the transaction types that are supported by SET. (Stallings, 2005)

Transaction Types

Merchant Registration

Cardholder Registration

Can You Start With an Outline?

Sure! We’ll sketch an outline for your approval first, ensuring the paper’s direction is spot-on before we write.

Certificate Inquiry and Status

Purchase Inquiry

Credit

Capture Reversal

Authorization Reversal

Credit Reversal

Error Message

Batch Administration

Can You Add Charts or Stats?

Definitely! Our writers can include data analysis or visuals—charts, graphs—making your paper sharp and evidence-rich.

Payment Gateway Certificate Request

Purchase Request *

Payment Authorization *

Payment Capture *

Table 1-2: Transaction Types

Three types of transaction will be focused on this section. This is due to the importance of these transactions where it was the main focused transaction type of SET. On the following section, these three types of transaction will be discussed in details.

Purchase request

Payment Authorization

Payment Capture

2.4.1) Purchase Request

In order for the purchase request to begin exchange, the cardholder must have placed their order. This request will exchange four main messages which are:-

Initiate Request

What About Multi-Part Projects?

We’ve got it—each section delivered on time, cohesive and high-quality. We’ll manage the whole journey for you.

Initiate Response

Purchase Request

Purchase Response

Initiate Request

A copy of certificate of cardholder must be send to merchant in order to send the SET messages. This certificates will be requested by customer in a message call Initiate Request. During the request, information of credit card brand and other info will be includes on this message.

Initiate Response

After send, the merchant will respond with a message call Initiate Respond which includes the signs of private signature key. This response will include the transaction ID and other relevant information for the particulate purchase transaction. In addition, this message also includes the payment gateway key exchange certificate.

Do You Adapt to International Rules?

Yes! UK, US, or Aussie standards—we’ll tailor your paper to fit your school’s norms perfectly.

Purchase Request

Next, the cardholders prepare a message call Purchase Request where it includes the information regarding:

Purchase-related Information – Forward to the payment gateway by merchant

Consists of

Payment Information (PI)

Order Information Message Digest (OIMD)

What does a complex assignment mean?

If your assignment needs a writer with some niche know-how, we call it complex. For these, we tap into our pool of narrow-field specialists, who charge a bit more than our standard writers. That means we might add up to 20% to your original order price. Subjects like finance, architecture, engineering, IT, chemistry, physics, and a few others fall into this bucket—you’ll see a little note about it under the discipline field when you’re filling out the form. If you pick “Other” as your discipline, our support team will take a look too. If they think it’s tricky, that same 20% bump might apply. We’ll keep you in the loop either way!

Dual Signature (not covered on this assignment)

Digital Envelope (Encryption)

Order-related Information – Needed by merchant

Consists of

Who is my writer? How can I communicate with him/her?

Our writers come from all corners of the globe, and we’re picky about who we bring on board. They’ve passed tough tests in English and their subject areas, and we’ve checked their IDs to confirm they’ve got a master’s or PhD. Plus, we run training sessions on formatting and academic writing to keep their skills sharp. You’ll get to chat with your writer through a handy messenger on your personal order page. We’ll shoot you an email when new messages pop up, but it’s a good idea to swing by your page now and then so you don’t miss anything important from them.

Order Information (OI)

Dual Signature

Payment Information Message Digest (PIMD)

Cardholder Certificate – Contain cardholder public signature key

Consists of

Cardholder Public signature key

Figure 2-6: Purchase Request

Figure taken from (Stallings, 2005)

Based on the figure, it shows that the PI has been sign with Dual Signature and includes the OIMD. After being encrypted with key, the info will be mix together with other component such as Digital Envelop, PIDM, OI and cardholder certificate. The whole message is known as Purchase Request message.

Nonetheless, the whole message will send by cardholder to merchant. When the merchant receive the message, it will verify that the cardholder certificate is legal and verify the dual signature using cardholder public signature key. Meanwhile the 1st half of the message will be forwarded to Payment Gateway by merchant. Figure 2-7 on next page shows the algorithm of Purchase Request verification.

Figure 2-7: Purchase Request Verification

Figure taken from (Stallings, 2005)

Purchase Response

After the verification process, a Purchase Response message will be send in order to acknowledge to the cardholder. This message contains a block which signed by merchant private signature. This message will display a statement or message to the cardholder if it was successes to send.

Information regarding the whole purchase request is taken from (Stallings, 2005)

2.4.2) Payment Authorization

During the transaction, an authorization must be made in order to make any payment. Although its look simple, but the whole process required a certain technical algorithm or process to guarantee the merchant receive the payment. Once the request has been acknowledge with response, the merchant can provide goods or services to customer.

This payment authorization is consist of two messages which are:-

Authorization Request

Authorization Response

Authorization Request

This request was send by merchant to payment gateway. The messages it consists of several information such as:-

Purchase-related Information – obtained from customer

Consists of

Payment Information (PI)

Order Information Message Digest (OIMD)

Dual Signature (not covered on this assignment)

Digital Envelope (Encryption)

Authorization-related information – Generated by merchant

Consists of

Authorization block

Digital Envelop

Cardholder Certificate – Contain cardholder public signature key

Consists of

Cardholder Public signature key

Authorization Response

After an authorization approved by issuer, payment gateway will send backs a message which includes:-

Authorization-related information – Generated by merchant

Consists of

Authorization block

Digital Envelop

Capture Token Information – use for future payment

Consists of

Signed & encrypted token

Digital Envelop

Certificate

Consists of

Gateway signature key certificate

Information regarding the whole payment authorization is taken from (Stallings, 2005)

2.4.3) Payment Capture

To obtain payment after sales, merchant need to contact the payment gateway by providing a capture request and wait for the response. In this case, there are two messages are involved, which are:-

Capture Request

Capture Response

Capture Request

This request is generate by merchant to payment gateway for request a payment. Meanwhile this consists of:-

Signed & encrypted request block which include payment amount and transaction ID

Merchant signature key

Key-exchange key certificates

Capture Response

Once the payment gateway receives the capture request, the message will be decrypt and verify the request blocks. Once it is legal, capture response will be issue to merchant. This message includes:

Signed & encrypted response block by payment gateway

Payment gateway signature key certificate

Information regarding the whole payment capture is taken from (Stallings, 2005)

“This page is intentionally left blank”

3.1) Overview of IPSec

A majority of today government, academic, corporate and home user’s network including internet, are based on the Internet Protocol (IP). However, IP networks are not vulnerable to security threat such as identity spoofing, loss of data, loss of privacy and other security threats. Because of this threats, Internet Engineering Task Force (IETF) has create a security frameworks call Internet Protocol Security (IPSec)

IPSec is implemented at network layer of OSI where it will protects and authenticate the packets that travel between the devices such as routers, firewall, and other IPSec compatible devices. (Nam-Kee-Tan, 2003) In terms of securing the IP layer, all the traffic which passing though an IP network will use the IP protocol. Because of that, IPSec provides security services for network layer more than application layer.

IPSec contain several new packet formats such as Authentication Header (AH), Encapsulating Security Payload (ESP) and IKE in order to provide data integrity, confidentiality and digital authentication. (Anon., n.d.) Besides that, with IPSec, IP network can gain several benefits such as strong authentication, firewall filtering, data protection, encryption and other technical support. Figure 2-1 shows the packet format with IPSec Header and Trailer.

Figure 3-1: IP Packet Format with IPSec

3.2) Security Services by IPSec

In term of security services, IPSec provide several security services for most of the applications which are communicating over the IP network. The IPSec framework provides the following important security services:-

Access Control

Connectionless Integrity

Data Origin Authentication

Confidentiality

“Obtained from (Stallings, 2010)”

The following sections will cover four of the security services above in details.

3.2.1) Access Control

Access control with IPSec could really secure the network from unauthorized access. This is one of the security services that prevent from unauthorized use of resource in the network. More than that, it can also prevent from remote control or access from remote location and external network.

3.2.2) Connectionless Integrity

Connectionless integrity in IPSec is a security services that helps to detect any modification of data. This security services detect the modification of IP packets without regard to the ordering of the packets in the traffic stream. (Nam-Kee-Tan, 2003) Besides that, integrity also ensures the prevention of unauthorized creations, modification or deletion of data between the source and destination. (Hewlett-Packard, 2001) In shorts, integrity verify that the content of the packet was not changed during the transmission.

3.2.3) Data Origin Authentication

This authentication method ensures that the user traffic is sent by original or legal sender. This authentication method involves sender and recipient. The sender is the originator of the message while recipient was the entity that receives the message from the sender. In order to ensure that the message is from the original sender, two type of signature can be used to sign the message. The signatures were Symmetric and Asymmetric. (MSDN; Microsoft, n.d.)

Symmetric Signature

Use a single shared secret key is use to sign and verify the message.

This signature also known as Message Authentication Code (MAC)

Figure 3-2: Symmetric Signature

Figure 3-2 is taken from (MSDN Microsoft, n.d.)

Asymmetric Signature

Use two different key (private and public) to sign and verify the message.

Private key

Kept by owner and never send out

Use to create signature on message

Public key

Distribute to public or receiver

Use to verify the signature of the message

Figure 3-3: Asymmetric Signature

Figure 3-3 is taken from (MSDN Microsoft, n.d.)

3.2.4) Confidentiality

Confidentiality or encryption is the most important services by IPSec. This services ensure that the traffic is not hijacked by non-authorized parties during the transmission. (Anon., 2008) One of the favourtie hacking method by hacker was intercept between the connection and steal the information. Data confidentiality was the capability of IPSec to encrypt data before travel to external network.

3.3) Role of Oakley Key Determination Protocol

The Oakley protocol is a refined version of Diffie-Hellman(DH) key exchange version. This protocol was created to overcome the drawbacks of DH key exchange, meanwhike retaint the advantages of the DH key exchange. Some of the advantages of this protocol are as follows: (Kahate, 2008)

Ability to prevent and overcome replay attacks

Enable the exchange of DH public key values

Provide authentcation to prevent the man-in-the-middle attacks

Oakley also is a protocol that uses a public-key exchange algorithm and an ability know as Perfect Forward Secrecy (PFS) in order to prevent from the key reuse problem. (Diane Barrett, 2006) For PFS, it is a system that ensure the information about the key is being protected. For example, if a hacker successed to break on of the keys, the information about other related keys will be kept secret. This mean, the breaked key wil tell them nothing about other keys.

In term of authentication, oakley support three authentication mechanism which digital signature, public key and private key. Both private key and public key has been explained in section (3.2.3) Data Origin Authentication.

Nonetheless, when dealing with congestion attack, the concept of cookies will be use in order to solve the congestian attack. This method was normally use to prevent from the masquerading of IP addresses and port by the packer. The whole process has include a cookie and acknowledgement cookie.

3.4) Role of Internet Security Association and Key Management Protocol (ISAKMP)

ISAKMP is a key protocol in IPSec where it combines several concept together such as authentication, key management and security association in order to establid a good security association (SA). This general protocol framework contains a ISAKMP header where the entire header is encapsulated inside the OSI transport layer. Figure 3-4 shows the format of ISAKMP header.

Figure 3-4: ISAKMP Header Format

Figure 3-4 is obtain from source (Kahate, 2008)

Nevertheless, ISAKMP also support the negotiation of SA for other seucirty protocol such as IPSec, TLSP, TLS, and etc. In spite of that , the amount of duplicated functionallity also can be reduces by centralizing the management of SA. (Javvin, n.d.) ISAKMP by itslef does not use a specific key exchange algorithm. It use a set of message that enable the usage of variety of key exchange algorithm.

In term of role for Domain of Interpretion (DOI), ISAKMP will choose a security protocol and crytographic alforithm to share the key exchange. Mean while, ISAKMP will place the following requirement on DOI:

Additional Key Exchange

Additional Notification Message

Naming scheme for DOI

Applicable Security Policies

The statement above was taken from (Dictionary, n.d.)

4.0) Conclusion

In my research, I’ve discover the importance of understand SET. With SET, a secure transaction can be perform meanwhile the process itself is pretty fast. More than that, a list of participants also has been found and explained on this assignment.

Nevertheless,, the sequence of events of how the transaction happen behind the process also has beens tudy. By understanding the transaction types, the easiest way to understand how SET actually work. Nontheless, a set of diagram also has been use to summaries the whole events.

For IPSec, it is important to implement especially in a secure network. One of the proper way to apply IPSec was implement VPN. With IPSec, several advantages such as authnetication, data integrity and more and helps to secure the network.

Lastly, regarding the key exchange protocol. With the enhance of Oakley and ISAKMP, the weakness of DH protocl can be overcome and provide better key exchange algorithm in term of security and encryption.

P.S.: The softcopy of this assignment shows an exceeded word count. However, after exclude the citation, caption, bibliography and other unrelated document, the final word counts was 3247 words.

Tags: Cheap dissertation writing services UK, Cheap essay writer Australia, Chicago/Turabian citation format example essay, Grad Coach