In a Secure Electronic Transaction (SET), how many certificates are required for a payment gateway
to support multiple acquires?
A.
Two certificates for the gateway only.
B.
Two certificates for the gateway and two for the acquirers.
C.
Two certificates for each acquirer.
D.
Two certificates for the gateway and two for each acquirer.
Explanation:
I think it may be D two for each acquirer. Which unless I read it wrong it means each person must
have 2 certificates exchanged with the gateway. “SET uses a des symmetric key system for
encryption of the payment information and uses rsa for the symmetric key exchange and digital
signatures. SET covers the end-to-end transaction from the cardholder to the financial institution”. –
Ronald Krutz The CISSP PREP Guide (gold edition) pg 219-220 In the SET environment, there exists a
hierarchy of Certificate Authorities. The SET protocol specifies a method of entity authentication
referred to as trust chaining. This method entails the exchange of digital certificates and verification
of the public keys by validating the digital signatures of the issuing CA. This trust chain method
continues all the way up to the CA at the top of the hierarchy, which is referred to as the SET Root
CA. The SET Root CA is owned and maintained by SET Secure Electronic Transaction LLC.
http://setco.org/certificates.html