[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate Revocation in SET

The Secure Electronic Transaction (SET) protocol is being developed by Visa
and Mastercard with the assistance of GTE, IBM, Microsoft, Netscape, SAIC,
Terisa, and Verisign.  It offers examples of time based, CRL, physical, and
capability revocation in one protocol.  N.B. This description is based on
the February 23, 1996 Draft for Public Comment, a 269 page document. 
Specifications are subject to change, and this note oversimplifies many of
the non-revocation issues.

A brief overview of SET

SET uses a X.509 certificate authority hierarchy with a single, globally
trusted, root.  This hierarchy exists to authentic certificates held the
three classes of leaf entity, Cardholders, Merchants, and Acquirer Payment
Gateways.  Acquirer Payment Gateways are the interface between Merchants
and the Acquiring bank.  I assume they would generally be run by that bank.
 The protocol uses the existing bankcard association financial network to
communicate authorization requests between the acquiring bank and the
issuing bank.

SET includes a secure protocol for cardholders to get their certificates
through network web sites.  It also has the characteristic that a
cardholder can charge a purchase from a merchant without allowing the
merchant to learn the credit card number used.

Certificate Revocation in SET

The draft standard makes no mention of issues such as clock skew, and leap
seconds, so I assume they are insignificantly small compared with the time
resolution needed for time based revocation.

Cardholder certificates never appear in a CRL.  A cardholder certificate is
revoked by revoking the card.  The standard notes that an issuing bank
could issue the certificate for an alias for the card number instead of the
card number.  Then it could revoke the certificate without also revoking
the plastic.

Merchant certificates may be revoked either by distributing a CRL to the
Acquirer Payment Gateway(s), or by marking them revoked in the acquiring
bank's database.  I assume that the latter technique will be used most
often because of its low cost.  Note that if a cardholder deals with a
revoked merchant, she is protected because the merchant gets neither money
nor credit card number.

Acquirer Payment Gateways certificates come in two verities, encryption and
signature.  The encryption certificate is generated with a short expiration
date, and the associated keys are changed frequently to protect against
cryptoanalytic attack.  This mechanism, "reduces the need for a separate
certificate revocation mechanism."  If either of the certificates are
compromised, the Acquirer must immediately remove the certificates from the
Acquirer Payment Gateway (physical revocation) and issue new certificates. 
The more recent validity dates on the new certificates will effectively
remove the old ones from the system.

Revocation in the Certificate Authority hierarchy uses CRLs.

Regards - Bill

Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA