Site hosted by Angelfire.com: Build your free website today!

1.   What is the difference between SET "Secure Electronic Transaction" and SSL "Secure Socket Layer" ?

 

Ans :

SET was developed specifically to secure, and ultimately guarantee, a payment transaction. Secure Sockets Layer (SSL), on the other hand, is not a payment protocol. SSL simply encrypts the communications channel between the cardholder and the merchant website, and it is not backed by any financial institution. As a result, SSL cannot guarantee a transaction.

 

With SET, the entire transaction-processing environment is secured from the cardholder’s desktop, through the merchant website, and to the acquiring bank gateway. Consider the online retail growth potential that can result when consumer confidence in online shopping increases.

 

SET, which was specifically designed to address the security of all parties to an electronic payment transaction, incorporates 1024-bit encryption throughout the entire transaction. SSL, on the other hand, which was developed only to prevent data tampering in client/server applications, has comparatively weaker encryption, at a maximum of 128-bit.

 

SET also authenticates all parties to the transaction because SET’s certificates are backed not only by a Certificate Authority but also by financial institutions and MasterCard International. SSL cannot adequately authenticate all parties because SSL certificates are not backed by any financial institution or payment brand association.

 

Finally, SET provides security throughout the entire transaction process—from the cardholder’s desktop to the merchant through bank approvals and back through the gateway—leaving an irrefutable audit trail and thus a guaranteed transaction. SSL only provides security between the cardholder and merchant—insufficient security to prevent fraud. In short, SSL transactions are never guaranteed.

 

 

 

 

 

 

 

2.   How PGP "Pretty Good Privacy" handles Authentication , Confidentiality operations?

 

Ans:

     

     

 

 

 

 

 

 

 

 

 

 

 

 

 

3.   What is the operation of the SSL handshake Protocol ? And how is it work ?

 

Ans:

Include a series of messages in phases

a.      Establish Security Capabilities

b.     Server Authentication and Key Exchange

c.     Client Authentication and Key Exchange

d.     Finish

 

 

This Allows server & client to:

a.      authenticate each other

b.     to negotiate encryption & MAC algorithms

c.     to negotiate cryptographic keys to be used