Dual Signature of SET

-

 Dual Signature of SET/SET’s Dual Signature 

The purpose of the dual signature is to link two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant doesn't need to know the customer's credit card number, and the bank doesn't need to know the details of the customer's order. The customer is afforded extra protection in terms of privacy by keeping these two items separate. However, the two items must be linked in a way that can be used to resolve disputes if necessary. The link is needed so that the customer can prove that this payment is intended for this order and not for some other goods or services.


To see the need for the link, suppose that the customer sends the merchant two messages: a signed OI and a signed PI, and the merchant passes the PI to the bank. If the merchant can capture another OI from this customer, the merchant could claim that this OI goes with the PI, rather than the original OI. The linkage prevents this. Figure 2 shows the use of a dual signature to meet this requirement.


                                          Figure 2 Construction of dual signature.


The customer takes the hash (using SHA-1) of the PI and the hash of the OI. These two hashes are then concatenated and the hash of the result is taken. Finally, the customer encrypts the final hash with his or her private signature key, creating the dual signature. The operation can be summarized as shown in Figure 3, where KRc is the customer's private signature key:


                                                               Figure 3


Now suppose that the merchant is in possession of the dual signature (DS), the OI, and the message digest for the PI (PIMD). The merchant also has the public key of the customer, taken from the customer's certificate. Then the merchant can compute the two quantities shown in Figure 4, where KUc is the customer's public signature key:

                                                                         Figure 4


If these two quantities are equal, the merchant has verified the signature. Similarly, if the bank is in possession of DS, PI, the message digest for OI (OIMD), and the customer's public key, the bank can compute the following (see Figure 5):

                                                                   Figure 5


Again, if these two quantities are equal, the bank has verified the signature. In summary,

  1. The merchant has received OI and verified the signature.
  2. The bank has received PI and verified the signature.
  3. The customer has linked the OI and PI and can prove the linkage.


For example, suppose the merchant wants to substitute another OI in this transaction, to its advantage. It would then have to find another OI whose hash matches the existing OIMD. With SHA-1, this is deemed not to be feasible. Thus, the merchant cannot link another OI with this PI.

                                              

                                                  OR,

SET’s Dual Signature 

  • The purpose of the dual signature is to link two messages that are going to different recipients.

 ◦ Order Information (OI): Customer to Merchant

 ◦ Payment Information (PI): Customer to Bank 

  • The customer needs to send OI and PI to the merchant and bank respectively. 
  • The merchant does not need to know the customer's credit card number. 
  • The bank does not need to know what the customer is buying. 
  • however, the two items must be linked in a way that can be used to resolve disputes if necessary.



 DS Verification by Merchant

 • The merchant has the public key of the customer obtained from the customer’s certificate.

 • Now, the merchant can compute two values: H(PIMD || H(OI)) DKUC[DS] 

• Should be equal!


 DS Verification by Bank 

• The bank is in possession of DS, PI, the message digest for OI (OIMD), and the customer’s public key, then the bank can compute the following: H(H(PI) || OIMD) DKUC [ DS ]


The goal of the dual signature

  • Goal: Limit Information to A “Need-to-Know” Basis:

 – Merchant does not need a credit card number.

 – Bank does not need details of customer orders

. – Afford the customer extra protection in terms of privacy by keeping these items separate. 

  • This link is needed to prove that payment is intended for this order and not some other one. SET’s Dual Signature

Why Dual Signature? 

  • Suppose that customers send the merchant two messages: 

The signed order information (OI). 

-  The signed payment information (PI). 

-  In addition, the merchant passes the payment information (PI) to the bank. 

  • If the merchant can capture another order information (OI) from this customer, the merchant could claim this order goes with the payment information (PI) rather than the original.

Comments

Post a Comment

Popular posts from this blog

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more

Suppose that a data warehouse consists of the four dimensions; date, spectator, location, and game, and the two measures, count and charge, where charge is the fee that a spectator pays when watching a game on a given date. Spectators may be students, adults, or seniors, with each category having its own charge rate. a) Draw a star schema diagram for the data b) Starting with the base cuboid [date; spectator; location; game], what specific OLAP operations should perform in order to list the total charge paid by student spectators at GM Place in 2004?

-
Image
  b) The specific OLAP operations to be performed are: 1. Roll-up on date from date id to year. 2. Roll-up on spectator from spectator id to status. 3. Roll-up on location from location id to location name. 4. Roll-up on the game from game id to all. 5. Dice with status= “students”, location name= “GM Place”, and year=2004
Read more

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage virtualization is a system administration practice that allo
Read more