F L O W D I A G R A M S A N D I N F R A S T R U C T U R E |
(SET Cardholder Wallet With Java Card Support) |
Figure 1 presents the overall architecture of our shopping system which
involves the SET Wallet with Java Card support.
______________ _____________
| CARDHOLDER | |MERCHANT SITE|
| BROWSER | | _________ |
| _________ | Wake Up | | | |
_______ | |(WALLET) |<------------------------| Merchant| |
|Java | | | | | PInitReq/PInitRes | | Point of| |
|Card |<--->| SET |<----------------------->| Sale | |
| | | | Network | | PReq/PRes | | | |
|SET | | | Part |<----------------------->| | |
|Cardlet| | `^--------' | | |_________| |
`-------' |___|__________| |_____________|
| ^
| |
| |
_________|_______|________
| ______|_ __|_____ |
| |SET | |SET | |
| |Certifi-| |Software| |
| |cate | |Web | |
| |Web | |Server | |
| |Server | | | |
| |________| |________| |
| ISSUER SITE |
|__________________________|
Figure 1. The overall shopping system architecture.
The system consists of:
- The Cardholder Browser is a Java 2 compliant WWW client.
- Issuer Site is a network infrastructure on behalf of the card issuer
where the SET Certificate Web Server, SET Software Web Server and SET
Cardlet Store are maintained. (We have decide to extend our architecture
with special kind of store, Cardlet Store, where the cardholder can
select and download the cardlets onto his card online. However due
to infrastructure limitation this feature is included into the next
release of our product.)
- Merchant Site is a Merchant network infrastructure.
- The SET Network Part is a part of the SET Wallet downloaded from the SET
Software Web Server. This part is maintained by the issuer or
delegated to a software provider. We have implement this part of the
architecture as signed Java Applet - codename ``Body''.
The cardholder downloads the ``Body'' into his browser visiting
the merchant shop in order to pay for the goods with the Java Card.
The link to the program is embedded into the merchant Web Shop.
The issuer/software provider is modeled by the http server too.
The authenticity of the Body is proofed by the signature of
the software provider.
- The SET Cardlet, Guard, is a Java Card 2.1 compliant application aiming
to protect the Cardholder's sensible data used in SET. These data are
the Primary Account Number, Card Secret, Cardholder Private Key,
and the Public Key of the Payment Gateway if the cardholder participate
on the local credit plane to reduce the memory utilization on the card.
(This case is implemented in the project) The other function of
the card is to generate the data structures which are required to
construct the payment message in a secure manner. This structures
are, here and after in terms of ASN.1, PIData and hash from it,
PIDualSignedTBS and DES encryption from it, application of the
cardholder signature key, OAEP on PANData and than it encryption with
payment gateway public key.
- The SET Software Web Server is a web server from where the CARDHOLDER
BROWSER downloads the SET Network Part every time if he decide
to pay for goods.
- The SET Certificate Web Server is a web server that provides Cardholder
certificates. This server does not produce the certificates but rather
saves already generated one. These certificates should be generated
by other means (e.g. Certification Authority). The main purpose of
this server is provide this certificate by request. (Important: such
kind of server does not hold the private keys) The main purpose of
this server is extend the card memory. The card contains
only small URL to the certificate but not certificate itself which
requires significant memory size.
|
Figure 2 shows interaction between the shopping system components.
SET
Java Certifi- SET SET
_O_ SET Card cate Software Merchant
| Web Network SET Web Web Point of
/ \ Browser Part Cardlet Server Server Sale
| | | | | | |
|-1---->| | | | | |
| |-2--------------------------------->| |
| |<-----3-| | | | |
| | |-4--------------------------------->|
|<-------------5-| | | | |
|-6------------->| | | | |
| | |-7------>| | | |
| | |-8--------------------------------->|
| | |<---------------------------------9-|
|<------------10-| | | | |
|-11------------>| | | | |
| | |-12----->| | | |
| | |-13-------------------------------->|
| | |<--------------------------------14-|
Figure 2. The interaction diagram of the shopping system.
- Cardholder presses the button "Pay" on the Merchant shop page.
- The Browser requests the page with the SET Network Part. The Java
Applet Tag of this page includes an URL to the user shopping
experience data.
- The SET Network Part is downloaded from the SET Software Provider web site.
Upon completing this action, the web browser checks the program
signature and passes the execution to the SET Network Part.
- The SET Network Part parses Applet Tag parameters, finds the URL to the
user shopping experience data and downloads them from the Merchant POS.
These data should be formated as a Payment Initiation message [1, page 10].
- Upon downloading and parsing these data, the order information and
the invitation to insert the Java Card appear on the screen.
- The user inserts the card into the reader, enters the PIN and presses the OK button.
- The card verifies the PIN.
- Upon PIN verification, SET Network Part constructs PInitReq [2, page 307] and sends this message to the Merchant POS.
- SET Network Part receives, parses, validates, and stores the Merchant PInitRes message for future use.
- The information about accepted brand appears on the screen.
- The user selects the brand and presses "Approve" button.
- The Java Card provides the SET Network Part with data required to construct payment message.
- SET Network Part constructs PReq [2, page 316] (payment msg) and sends it to the Merchant POS.
- SET Network Part receives and validates PInitRes message and then notifies the user that the payment is completed.
We have used the following software in oder to implement the Backend
System required for test environment. As SET Backend we have used
SETREF implementation of SET protocol. To provide live demonstration
of our program we have decide to join the SET Certificate Web Server
and SET Software Web Server together.
|
REFERENCES |
[1] |
Visa, MasterCard, External Interface Guide to SET Secure Electronic Transaction, http://www.setco.org/download/set_eig.pdf |
[2] |
Visa, MasterCard, SET Secure Electronic Transaction Specification, Book 2, Programmer's Guide, Version 1.0 http://www.setco.org/download/set_bk2.pdf |
|