rfc1898.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   The CyberCash system is design to give the card issuing organization
   control over whether a card may be used via the CyberCash system.
   The customer, after having registered a persona with CyberCash as
   described above, can then bind each credit card they wish to use to
   their CyberCash persona.  This is done via the BC1 message from the
   customer to their CyberCash server and the BC4 response from the
   server.

4.2.1 BC1 - bind-credit-card

   Description: This is the initial message in the process of binding a
       credit card to a CyberCash persona.

   #####################################################################
   Sender: CyberApp
   Receiver: CyberServer
   #####################################################################
   Sample Message:



Eastlake, et al              Informational                     [Page 18]

RFC 1898                 CyberCash Version 0.8             February 1996


   $$-CyberCash-0.8-$$
   id: MyCyberCashID
   date: 19950121100505.nnn
   transaction: 12312314
   cyberkey: CC1001
   opaque:
    EDD+b9wAfje5f7vscnNTJPkn1Wdi7uG3mHi8MrzLyFC0dj7e0JRjZ2PmjDHuR81kbhqb
    nX/w4uvsoPgwM5UJEW0Rb9pbB39mUFBDLPVgsNwALySeQGso0KyOjMxNs1mSukHdOmDV
    4uZR4HLRRfEhMdX4WmG/2+sbewTYaCMx4tn/+MNDZlJ89Letbz5kupr0ZekQlPix+pJs
    rHzP5YqaMnk5iRBHvwKb5MaxKXGOOef5ms8M5W8lI2d0XPecH4xNBn8BMAJ6iSkZmszo
    QfDeWgga48g2tqlA6ifZGp7daDR81lumtGMCvg==
   $$-CyberCash-End-kchfiZ5WAUlpk1/v1ogwuQ==-$$

   #####################################################################
   Opaque Key: generated from CyberCash encryption key identified in
       CyberKey

   #####################################################################
   Opaque Section Contents:

   type: bind-credit-card
   swversion: 0.8win
   card-number: 1234567887654321
   card-type: mastercard
   card-salt: 46735210
   card-expiration-date: 05/99
   card-name: John Q. Public
   card-street:
   card-city:
   card-state:
   card-postal-code:
   card-country:
   signature:
    tX3odBF2xPHqvhN4KVQZZBIXDveNi0eWA7717DNfcyqh2TpXqgCxlDjcKqdJXgsNLkY7
    GkyuDyTF/m3SZif64giCLjJRKg0I6mqI1k/Dcm58D9hKCUttz4rFWRqhlFaj

   #####################################################################
   signature is of the following fields: id, date, transaction,
       cyberkey, type, swversion, card-number, card-salt,
       card-expiration-date, card-name, card-street, card-city,
       card-state, card-postal-code, card-country

   #####################################################################
   Explanation:
   salt is needed so that the hash stored at the server is less
       informative.  Server just remembers the "prefix" of the card
       number and the hash of the combined card number and salt. If it
       just hashed the card number, it would be recoverable with modest



Eastlake, et al              Informational                     [Page 19]

RFC 1898                 CyberCash Version 0.8             February 1996


       effort by trying to hash all plausible numbers.  We don't want
       to store the card numbers on the server because it would make
       the server files too valuable to bad guys.


4.2.2 BC4 - bind-credit-card-response

   Description: Indicates that the process of binding a credit card
       terminated.  Returns success or failure.

   #####################################################################
   Sender: CyberServer
   Receiver: CyberApp
   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   id: mycybercashid
   transaction: 12312314
   date: 19950121100505.nnn
   opaque:
    EDD+b9wAfje5f7vscnNTJPkn1Wdi7uG3mHi8MrzLyFC0dj7e0JRjZ2PmjDHuR81kbhqb
    nX/w4uvsoPgwM5UJEW0Rb9pbB39mUFBDLPVgsNwALySeQGso0KyOjMxNs1mSukHdOmDV
    4uZR4HLRRfEhMdX4WmG/2+sbewTYaCMx4tn/+MNDZlJ89Letbz5kupr0ZekQlPix+pJs
    rHzP5YqaMnk5iRBHvwKb5MaxKXGOOef5ms8M5W8lI2d0XPecH4xNBn8BMAJ6iSkZmszo
    QfDeWgga48g2tqlA6ifZGp7daDR81lumtGMCvg==
   $$-CyberCash-End-kchfiZ5WAUlpk1/v1ogwuQ==-$$

   #####################################################################
   Opaque Key: Session key from BC1 with same Transaction and ID

   #####################################################################
   Opaque Section Contents:

   type: bind-credit-card-response
   server-date: 19950121100506.nnn
   swseverity: fatal/warning  [absent if ok]
   swmessage; message about obsoleteness of customer software
       to be shown to the customer.  [only present if SWSeverity present]
   response-code: success/failure/etc.
   card-number: 1234567887654321
   card-type: visa
   card-salt: 47562310
   card-expiration-date: 01/99
   card*: [other card* lines to also be given in CH.1 message]
   message; Plain text for the user
       can be multiple lines




Eastlake, et al              Informational                     [Page 20]

RFC 1898                 CyberCash Version 0.8             February 1996


   #####################################################################
   Signature is of the following fields: no-signature

   #####################################################################
   Explanation: All the card* lines can be saved as a blob to be
       submitted in CH.1.  card-expiration-date, card-number, card-salt,
       and card-type should always be present.
   Depending on reason for failure, not all fields may be present.


4.3 Customer Credit Card Purchasing Messages

   In general, CyberCash involvement in the credit card purchasing cycle
   starts after the user has determined what they are buying.  When they
   click on the CyberCash payment button, a PR1 message is sent by the
   merchant to the customer as the body of a message of MIME type
   application/cybercash.

   If the customer wishes to proceed, they respond to the merchant  with
   a  CH1.   The merchant responds with a CH2 but between the receipt of
   the CH1 and issuance of the CH2, the  merchant  usually  communicates
   with the CyberCash server via the CM* messages.


4.3.1 PR1 - payment-request

   Description: This message is the first message that is defined
       by CyberCash in the purchase-from-a-merchant process. The
       shopping has completed.  Now we are at the point of paying
       for the purchases.

   #####################################################################
   Sender: MerchantApp
   Receiver: CyberApp
   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   type: payment-request
   merchant-ccid: ACME-012
   merchant-order-id: 1231-3424-234242
   merchant-date: 19950121100505.nnn
   note;
     ACME Products

     Purchase of 4 pairs "Rocket Shoes" at $39.95 ea.
     Shipping and handling $5.00




Eastlake, et al              Informational                     [Page 21]

RFC 1898                 CyberCash Version 0.8             February 1996


     Total Price: 164.80

     Ship to:
          Wily Coyote
          1234 South St.
          Somewhere, VA 12345
   merchant-amount: usd 164.80
   accepts: visa:CC001, master:CC001,amex:CC001,JCPenny:VK005,macy:VK006
   url-pay-to: http://www.ACME.com/CybercashPayment
   url-success: http://www.ACME.com/ordersuccess
   url-fail: http://www.ACME.com/orderfail
   merchant-signed-hash:
    a/0meaMHRinNVd8nq/fKsYg5AfTZZUCX0S3gkjAhZTmcrkp6RZvppmDd/P7lboFLFDBh
    Ec0oIyxWeHfArb3OtkgXxJ7qe0Gmm/87jG5ClGnpBnw0dY7qcJ6XoGB6WGnD
   $$-CyberCash-End-lSLzs/vFQ0BXfU98LZNWhQ==-$$

   #####################################################################
   Opaque Key: no opaque section

   #####################################################################
   Opaque Section Contents: no opaque section

   #####################################################################
   merchant-signed-hash is the signature under the merchant's
       private key of the hash of the following fields: type,
       merchant-ccid, merchant-order-id, date, note, merchant-amount,
       accepts, url-pay-to, url-success, url-fail

   #####################################################################
   Explanation:
   This message is signed by the merchant but the customer cannot
       directly verify this signature. When the payment is made, the
       Customer includes the signature with the hash (derived by the
       customer directly) in the payment. If these do not match, the
       CyberCash will not perform the payment function.
   accepts: The client software will only recognized single word card
   name in the accepts field of PR1. For example,
     MasterCard
     AmericanExpress
   are recognized where as
     Master card
     American express
   are not recognized. MasterCard and masterCard are both
   recognized as master card.
   Card type followed by key designator.  For main line credit cards,
       this will be a CC*.  Client can use or ignore the * number as
       it chooses.  For proprietary card, this will be VK* where * is
       the CheckFree key to use (1 based).  Cards separated by comma,



Eastlake, et al              Informational                     [Page 22]

RFC 1898                 CyberCash Version 0.8             February 1996


       key designator follows card type and colon.
   url-pay-to is where the CH1 should be sent.  url-fail and url-success
       are where the browser should look after failure or success.


4.3.2 CH1 - credit-card-payment

   Description: This message represents the presentation of a "credit
       card for payment".

   #####################################################################
   Sender: CyberApp
   Receiver: MerchantApp
   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   type: card-payment
   id: myCyberCashID
   order-id: 1231-3424-234242
   merchant-ccid: ACME-012
   transaction: 78784567
   date: 19950121100505.nnn
   pr-hash: c77VU/1umPKH2kpMR2QVKg==
   pr-signed-hash:
    a/0meaMHRinNVd8nq/fKsYg5AfTZZUCX0S3gkjAhZTmcrkp6RZvppmDd/P7lboFLFDBh
    Ec0oIyxWeHfArb3OtkgXxJ7qe0Gmm/87jG5ClGnpBnw0dY7qcJ6XoGB6WGnD
   cyberkey: CC1001
   opaque:
    iff/tPf99+Tm5P7s3d61jOWK94nq9/+1jOWK9+vr9+b+94n3tYzmiveJ9/+09/334ubg
    3rWM5Ir3ier3/7WM5Ir36+v35v73ife1jOWK94n3/7T3/ffm5uD+7N339/f39/eq3ff3
    9/eFiJK5tLizsoeSmpW7uLS8/7iio7Wisfv38biio7uyufv3tfv35uH+7N3d9/exuKX3
    5+z3vuu4oqO7srnsvvz8/venoqO0v7al/7iio7WisYy+iv7s3ff3p6KjtL+2pf/wi7nw
    3ard3Q==
   $$-CyberCash-End-7Tm/djB05pLIw3JAyy5E7A==-$$

   #####################################################################
   Opaque Key: Created using CyberCash encrypting public key in
       CyberKey.

   #####################################################################
   Opaque Section Contents:
   swversion: 0.8win
   amount: usd 10.00
   card*: [from successful BC4 (includes card-expiration-date,
       card-number, card-type, and card-salt)]
   signature:
    meO38aULnoP09VhTS2E56tnuZBRRlGfbwqaleZ9zNnv7YjExJKBFxuaqYTUDEj427HHh



Eastlake, et al              Informational                     [Page 23]

RFC 1898                 CyberCash Version 0.8             February 1996


    mm9BVmHRwCq6+8ylZXixGHI1I9A/ufAMrpqMIi6DS3PRlc8WC3CCWoAHyAqr

   #####################################################################
   signature is under client private key of the following fields:
       type, id, order-id, merchant-ccid, transaction, date,
       pr-hash, pr-signed-hash, cyberkey, swversion, amount,
       card*

   #####################################################################
   Explanation:
   The pr-signed-hash field is the same as the merchant-signed-hash in
       the PR1 message but has a different name for historic reasons.


4.3.3 CH2 - charge-card-response

   Description: Return to customer from a CH1 attempt to pay via credit
       card.  Indicates success/failure.

   #####################################################################
   Sender: MerchantApp
   Receiver: CyberApp