Page 83 - DCAP306_DCAP511_E-COMMERCE_AND

Page 83 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS

P. 83

E-Commerce and E-Business

unauthorized users and attackers. The security protocols are defined in RFC 1421 and RFC 1422.
However, PEM was not entirely accepted and used, as it was not compatible with Multipurpose
Internet Mail Extensions (MIME).
2. MIME Object Security Services (MOSS): It is a protocol that uses signed and encrypted
framework to apply encryption services and digital signatures to MIME objects. The services are
applied using end-to-end cryptography between the sender and receiver at the application layer.
The signed framework applied to the MIME objects consists of two parts – MIME content and
signature. MOSS was developed to handle the MIME messages that were not possible by PEM
protocol. However, MOSS was not properly deployed and is not widely used now due to the
popularity of Pretty Good Privacy (PGP) protocol.
3. Secure MIME (S/MIME): It defines a standard for public key encryption and MIME data signing.
S/MIME was developed by RSA Data Security Inc. The main difference between S/MIME and
MOSS is that S/MIME is based on PKCS standard whereas, MOSS is not based on any security
standard.
4. Pretty Good Privacy (PGP): It was created by Philip Zimmermann in the year 1991. PGP aims at
providing data encryption and decryption services that ensure cryptographic privacy and
authentication of transmitted information. Application of PGP involves encrypting, decrypting,
and signing e-mails, files, texts, and directories to establish secured e-mail communication. PGP
encryption uses techniques such as hashing, symmetric-key cryptography, public-key
cryptography, and data compression to maintain the authentication and integrity of information.
PGP handles MIME messages in the same way as MOSS. However, PGP is widely accepted and
used as it is easily available for non-commercial use. In PGP, each public key is assigned a user
name or an e-mail address and the certification of information is done by the users themselves
through a Web of Trust.

Research on the Web and analyze the various authentication mechanisms used for
establishing secure communication.

6.2.6 SET Protocols
Secure Electronic Transaction (SET) protocol was developed in late 1990s. It was created by a group of
credit card providers and software developers to ensure secure credit card transactions over the
Internet. The SET algorithm does not disclose account numbers of the cardholders during the
transaction process as it replaces the credit card information with a certificate identifier. This ensures
security for the merchant and the cardholder. Although SET protocol had some beneficial features, it
did not succeed to become a standard protocol.

As shown in figure 6.5, a cardholder purchases goods from an online merchant, the card holder sends a
payment request to the online merchant. The merchant then forwards an authentication request to the
payment gateway, which authorizes the online transactions. The payment gateway then seeks
confirmation about the cardholder from the concerned bank that provides Visa or Master Card. If the
cardholder is found to be genuine, the payment gateway sends an authentication response to the online
merchant. The merchant in turn sends a payment response to the cardholder and the transaction is
completed.

76 LOVELY PROFESSIONAL UNIVERSITY

78 79 80 81 82 83 84 85 86 87 88