F L O W   D I A G R A M S
A N D
I N F R A S T R U C T U R E
(SET Cardholder Wallet With Java Card Support)


Figure 1 presents the overall architecture of our shopping system which involves the SET Wallet with Java Card support. ______________ _____________ | CARDHOLDER | |MERCHANT SITE| | BROWSER | | _________ | | _________ | Wake Up | | | | _______ | |(WALLET) |<------------------------| Merchant| | |Java | | | | | PInitReq/PInitRes | | Point of| | |Card |<--->| SET |<----------------------->| Sale | | | | | | Network | | PReq/PRes | | | | |SET | | | Part |<----------------------->| | | |Cardlet| | `^--------' | | |_________| | `-------' |___|__________| |_____________| | ^ | | | | _________|_______|________ | ______|_ __|_____ | | |SET | |SET | | | |Certifi-| |Software| | | |cate | |Web | | | |Web | |Server | | | |Server | | | | | |________| |________| | | ISSUER SITE | |__________________________| Figure 1. The overall shopping system architecture.
The system consists of:
  • The Cardholder Browser is a Java 2 compliant WWW client.

  • Issuer Site is a network infrastructure on behalf of the card issuer where the SET Certificate Web Server, SET Software Web Server and SET Cardlet Store are maintained. (We have decide to extend our architecture with special kind of store, Cardlet Store, where the cardholder can select and download the cardlets onto his card online. However due to infrastructure limitation this feature is included into the next release of our product.)

  • Merchant Site is a Merchant network infrastructure.

  • The SET Network Part is a part of the SET Wallet downloaded from the SET Software Web Server. This part is maintained by the issuer or delegated to a software provider. We have implement this part of the architecture as signed Java Applet - codename ``Body''. The cardholder downloads the ``Body'' into his browser visiting the merchant shop in order to pay for the goods with the Java Card. The link to the program is embedded into the merchant Web Shop. The issuer/software provider is modeled by the http server too. The authenticity of the Body is proofed by the signature of the software provider.

  • The SET Cardlet, Guard, is a Java Card 2.1 compliant application aiming to protect the Cardholder's sensible data used in SET. These data are the Primary Account Number, Card Secret, Cardholder Private Key, and the Public Key of the Payment Gateway if the cardholder participate on the local credit plane to reduce the memory utilization on the card.

    (This case is implemented in the project) The other function of the card is to generate the data structures which are required to construct the payment message in a secure manner. This structures are, here and after in terms of ASN.1, PIData and hash from it, PIDualSignedTBS and DES encryption from it, application of the cardholder signature key, OAEP on PANData and than it encryption with payment gateway public key.

  • The SET Software Web Server is a web server from where the CARDHOLDER BROWSER downloads the SET Network Part every time if he decide to pay for goods.

  • The SET Certificate Web Server is a web server that provides Cardholder certificates. This server does not produce the certificates but rather saves already generated one. These certificates should be generated by other means (e.g. Certification Authority). The main purpose of this server is provide this certificate by request. (Important: such kind of server does not hold the private keys) The main purpose of this server is extend the card memory. The card contains only small URL to the certificate but not certificate itself which requires significant memory size.
Figure 2 shows interaction between the shopping system components. SET Java Certifi- SET SET _O_ SET Card cate Software Merchant | Web Network SET Web Web Point of / \ Browser Part Cardlet Server Server Sale | | | | | | | |-1---->| | | | | | | |-2--------------------------------->| | | |<-----3-| | | | | | | |-4--------------------------------->| |<-------------5-| | | | | |-6------------->| | | | | | | |-7------>| | | | | | |-8--------------------------------->| | | |<---------------------------------9-| |<------------10-| | | | | |-11------------>| | | | | | | |-12----->| | | | | | |-13-------------------------------->| | | |<--------------------------------14-| Figure 2. The interaction diagram of the shopping system.
  1. Cardholder presses the button "Pay" on the Merchant shop page.

  2. The Browser requests the page with the SET Network Part. The Java Applet Tag of this page includes an URL to the user shopping experience data.

  3. The SET Network Part is downloaded from the SET Software Provider web site. Upon completing this action, the web browser checks the program signature and passes the execution to the SET Network Part.

  4. The SET Network Part parses Applet Tag parameters, finds the URL to the user shopping experience data and downloads them from the Merchant POS. These data should be formated as a Payment Initiation message [1, page 10].

  5. Upon downloading and parsing these data, the order information and the invitation to insert the Java Card appear on the screen.

  6. The user inserts the card into the reader, enters the PIN and presses the OK button.

  7. The card verifies the PIN.

  8. Upon PIN verification, SET Network Part constructs PInitReq [2, page 307] and sends this message to the Merchant POS.

  9. SET Network Part receives, parses, validates, and stores the Merchant PInitRes message for future use.

  10. The information about accepted brand appears on the screen.

  11. The user selects the brand and presses "Approve" button.

  12. The Java Card provides the SET Network Part with data required to construct payment message.

  13. SET Network Part constructs PReq [2, page 316] (payment msg) and sends it to the Merchant POS.

  14. SET Network Part receives and validates PInitRes message and then notifies the user that the payment is completed.
We have used the following software in oder to implement the Backend System required for test environment. As SET Backend we have used SETREF implementation of SET protocol. To provide live demonstration of our program we have decide to join the SET Certificate Web Server and SET Software Web Server together.

REFERENCES
[1] Visa, MasterCard, External Interface Guide to
SET Secure Electronic Transaction,
http://www.setco.org/download/set_eig.pdf
[2] Visa, MasterCard, SET Secure Electronic Transaction Specification,
Book 2, Programmer's Guide, Version 1.0
http://www.setco.org/download/set_bk2.pdf