|
Hi,
We are building software components for SET
applications in Turkey.
My question on SET is about a topic specified on
the document "External Interface Guide to SET Secure Electronic
Transaction" published on September 24, 1997.
According to the document, while performing
TCP-based communication between payment gateway (pgw) and merchant, merchant and
pgw use a shared secret in order to generate and verify HMAC(data,secret_key)
which is then used to authanticate the merchant to the payment gateway. This is
the authentication state of merchant to Payment Gateway.
Is there a specification document identifying the
sharing the secret_key used during tcp-based communication between pgw and
merchant?
If not so, should developers implement a
Key-exchange mechanism (as in traditional payment systems- ZPK?) between the
merchant and payment gateway?
If so, what is the mechanism while sharing secret
keys between the two parties? Where can I find information?
If so, (another question) in order for merchant to
generate shared secret key to be used in authenticating state of merchant, is it
mandotary to use any Hardware Cryptographic Processors and random number
generators?
I don't know whether this document should be
followed during implmenting SET mechanisms?
Thank you in advance for your interest and help.
Regards. |
