The current SET protocol, version 1.0, supports only RSA Data Security encryption algorithms. But MasterCard has championed adding elliptic curve to the next version of SET, which is a protocol for handling online credit card transactions that is being pushed by MasterCard and Visa.
"SETCo decided to sanction this pilot to examine the possibility to include other forms of cryptography in future versions of SET," Visa spokesman Ryan Mikolasik said. SETCo is an organization set up by Visa and MasterCard to oversee and promote the SET specification.
"We are happy that the demonstration has shown that SET can continue to be enhanced but support backward compatibility (to earlier SET software)," said Bruce Rutherford, MasterCard's senior director for electronic commerce. Another bonus: Elliptic curve crypto allows smaller SET digital certificates, reducing processing times during transactions.
The appeal of using elliptic curve cryptography instead of RSA's algorithms is that ECC requires less processing power--a key consideration for banks that might be forced to add new hardware to handle SET transactions. The MasterCard trial also is the first SET trial in the United States to use a smart card, although other SET pilots with smart cards in Europe and Japan are under way.
"It's an interesting acceleration of the SET development process to be jumping ahead to a newer, lighter weight, and somewhat experimental form of crypto," said Scott Smith, e-commerce analyst at Current Analysis.
"There is obviously some elbow room for entrepreneurship within the SET spec. The door obviously is open for things that speed up SET and look ahead," he added.
SET 1.0 was released 13 months ago, and SET 2.0 isn't due until next year.
The three-month pilot, launched today, is being conducted by the Treasury Department's Bureau of Engraving and Printing for an online store. Up to 200 participants will be able to buy collectibles using a smart card, a software SET wallet, and a smart card reader.
Smart cards are plastic cards the size of a credit card and have an embedded chip. Elliptic curve cryptography is a way to scramble data so it cannot be seen by anyone as it passes over a network. ECC is suited for small devices with limited memory or processing power.
The pilot is a coup for crypto vendor Certicom, which is supplying the elliptic curve algorithms. Other participants in the pilot include French smart card manufacturer Schlumberger, smart card technology supplier Litronic, SET software vendor GlobeSet, and encryption hardware vendor Rainbow Technologies.
Others involved in the pilot include Web site development and hosting firm Bixler, certificate authorities Digital Signature Trust and GTE Internetworking, Mellon Bank, Zions Bank, and Atalla.