On Wednesday, May 09, 2001 6:08 AM, G�khan AFACAN wrote: > Is there a specification document identifying the sharing the secret_key > used during tcp-based communication between pgw and merchant? No, there is no specification regarding how this should be done. > If not so, should developers implement a Key-exchange mechanism (as in > traditional payment systems- ZPK?) between the merchant and payment > gateway? Any secure mechanism of exchanging the keys is acceptable. > If so, (another question) in order for merchant to generate shared secret > key to be used in authenticating state of merchant, is it mandotary to > use any Hardware Cryptographic Processors and random number generators? No, it is not necessary that this key be protected in hardware. _________________________________________________________________ Tony Lewis ([EMAIL PROTECTED]) Chief Systems Architect, Internet Commerce Visa International Service Association
