rfc1898.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   type: charge-card-response
   merchant-ccid: ACME-012
   id: myCyberCashID
   transaction: 78784567
   date: 1995121100500.nnn
   merchant-date: 19950121100505.nnn
   merchant-response-code: failure/success/etc.
   pr-hash: 7Tm/djB05pLIw3JAyy5E7A==
   pr-signed-hash:
    a/0meaMHRinNVd8nq/fKsYg5AfTZZUCX0S3gkjAhZTmcrkp6RZvppmDd/P7lboFLFDBh
    Ec0oIyxWeHfArb3OtkgXxJ7qe0Gmm/87jG5ClGnpBnw0dY7qcJ6XoGB6WGnD
   merchant-message; This is a message to display to the user from the
       merchant. Can be multiple lines...  Is not secure.
   opaque:  [might not be present, see explanation]
    EDD+b9wAfje5f7vscnNTJPkn1Wdi7uG3mHi8MrzLyFC0dj7e0JRjZ2PmjDHuR81kbhqb
    nX/w4uvsoPgwM5UJEW0Rb9pbB39mUFBDLPVgsNwALySeQGso0KyOjMxNs1mSukHdOmDV
    4uZR4HLRRfEhMdX4WmG/2+sbewTYaCMx4tn/+MNDZlJ89Letbz5kupr0ZekQlPix+pJs
    rHzP5YqaMnk5iRBHvwKb5MaxKXGOOef5ms8M5W8lI2d0XPecH4xNBn8BMAJ6iSkZmszo
    QfDeWgga48g2tqlA6ifZGp7daDR81lumtGMCvg==
   $$-CyberCash-End-7Tm/djB05pLIw3JAyy5E7A==-$$

   #####################################################################



Eastlake, et al              Informational                     [Page 24]

RFC 1898                 CyberCash Version 0.8             February 1996


   Opaque Key:   Same customer session key from CH1 passed through CM1
       for ID and Transaction

   #####################################################################
   Opaque Section Contents (from CM.6):

   server-date: 19950121100706.nnn
   amount: usd 10.00
   order-id: 1231-3424-234242
   card*:  [from successful BC4]
   response-code: failure/success/etc.
   swseverity: fatal/warning
   swmessage; Tells CyberApp that it is obsolete.  Display this
    text to the user.  [only present if SWSeverity present]
   message;
          Free text of the error/success condition.
          This text is to be displayed to the customer
          by the CyberCash application...

   #####################################################################
   Signature is of the following fields: no signature

   #####################################################################
   Explanation:
   Opaque section optional because the CH1 to the merchant can fail due
       to bad order-id, date, wrong merchant-ccid, etc., etc. So the
       server may not be involved at all in which case there is no
       mechanism for generating a secure opaque section.  (It could even
       be that merchant attempt to contact the server times out.)
   If transaction makes it through server (via CM*) then
       Response-Code at top level should mirror response-code to
       merchant from server. (Hopefully the same as the
       response-code to customer from server but the merchant can't
       tell that.)
   Note that there can be two messages, one from merchant and one
       from the server.


4.4 Merchant Credit Card Purchasing Messages

   The merchant presents credit card purchases, makes adjustments, and
   the like via the CM* series.  In general, the credit card cycle is
   one of getting authorization for a purchase, then capturing the
   purchase in a batch for clearance, then performing the clearance.  It
   is also possible to void a capture (i.e., remove an item from a
   batch), and process credits (returns). (See section 5.1.)





Eastlake, et al              Informational                     [Page 25]

RFC 1898                 CyberCash Version 0.8             February 1996


   Authorizations always come from an acquirer via the response to a CM1
   or CM2 message. If capture is being performed by the acquirer or some
   entity between the CyberCash server and the acquirer, this is done
   via a CM3 or CM2 message depending on the arrangement between the
   merchant and the entity doing the capture.  Returns (credits) are
   handled via message CM5.  Message CM4 is provided for voiding a
   capture or return before the batch is cleared.  CM6 is the message
   format used for responses to all the other CM* messages.

   An MM* series has also been implemented for purely merchant
   originated CyberCash charges as described in section 3.4.7

   Current credit card dispute resolution systems assume that the
   merchant knows the card number.  Thus, to work with these systems,
   special bypass messages have been set up that allow the merchant to
   obtain, for a particular transaction, the information that CyberCash
   otherwise goes to lengths to hide from the merchant.  See sections
   3.4.8 and 3.4.9.  This makes the obtaining os such information by the
   merchant an auditable event.

   Many present day merchants operate in a "terminal capture" mode where
   the authorizations are captured by the merchant and the merchant
   later submits the settlement batch.  Messages have been defined and
   are being implemented so that such merchant captured batches can be
   submitted via CyberCash.


4.4.1 CM1 - auth-only

   Description: This message is used by the merchant to perform an
       authorization operation on the credit card sent in by the
       customer.

   #####################################################################
   Sender: MerchantApp
   Receiver: CyberServer
   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   merchant-ccid: ACME-69
   merchant-transaction: 123123
   merchant-date: 19950121100705.nnn
   merchant-cyberkey: CC1001
   cyberkey: CC1001
   opaque:
    EDD+b9wAfje5f7vscnNTJPkn1Wdi7uG3mHi8MrzLyFC0dj7e0JRjZ2PmjDHuR81kbhqb
    nX/w4uvsoPgwM5UJEW0Rb9pbB39mUFBDLPVgsNwALySeQGso0KyOjMxNs1mSukHdOmDV



Eastlake, et al              Informational                     [Page 26]

RFC 1898                 CyberCash Version 0.8             February 1996


    4uZR4HLRRfEhMdX4WmG/2+sbewTYaCMx4tn/+MNDZlJ89Letbz5kupr0ZekQlPix+pJs
    rHzP5YqaMnk5iRBHvwKb5MaxKXGOOef5ms8M5W8lI2d0XPecH4xNBn8BMAJ6iSkZmszo
    QfDeWgga48g2tqlA6ifZGp7daDR81lumtGMCvg==
   merchant-opaque:
    6BVEfSlgVCoGh1/0R+g1C143MaA6QLvKpEgde86WWGJWx45bMUZvaAu4LVeqWoYCqSGf
    aWKUF7awol0h1i1jtgieyAcXB8ikvRJIsupSAwsRMyoNlekR6tucvfv/622JY7+n7nGO
    dGbMzP0GJImh2DmdPaceAxyOB/xOftf6ko0nndnvB+/y2mFjdUGLtFQP/+3bTpZttZXj
    j7RO1khe1UrAIk2TGQJmNw+ltsu0f42MgsxB8Q31vjPtoiPi5LEmD0Y4jlpJ7Jg2Ub84
    F9vJhYpmzNkdiJUe83Hvo/xfJRbhafJpXFEsUZwQK0jU1ksU6CQd2+CPBB+6MxtsHoxJ
    mjD6ickhd+SQZhbRCNerlTiQGhuL4wUAxzGh8aHk2oXjoMpVzWw2EImPu5QaPEc36xgr
    mNz8vCovDiuy3tZ42IGArxBweasLPLCbm0Y=
   $$-CyberCash-End-7Tm/djB05pLIw3JAyy5E7A==-$$

   #####################################################################
   Merchant-Opaque Section Contents:

   type: auth-only
   order-id: 12313424234242
   merchant-amount: usd 10.00
   pr-hash: 7Tm/djB05pLIw3JAyy5E7A==
   pr-signed-hash:
    a/0meaMHRinNVd8nq/fKsYg5AfTZZUCX0S3gkjAhZTmcrkp6RZvppmDd/P7lboFLFDBh
    Ec0oIyxWeHfArb3OtkgXxJ7qe0Gmm/87jG5ClGnpBnw0dY7qcJ6XoGB6WGnD
   id: myCyberCashID
   transaction: 78784567
   date: 19950121100505.nnn
   merchant-signature:
    v4qZMe2d7mUXztVdC3ZPMmMgYHlBA7bhR96LSehKP15ylqR/1KwwbBAX8CEqns55UIYY
    GGMwPMGoF+GDPM7GlC6fReQ5wyvV1PnETSVO9/LAyRz0zzRYuyVueOjWDlr5

   #####################################################################
   merchant-opaque key is generated from the CyberCash encrypting public
        key identified in merchant-cyberkey.

   Customer opaque section (Opaque) - see CH1.

   #####################################################################
   Opaque Section Contents & Signature:  (exactly as in CH1)

   swversion: 0.8win
   amount: usd 10.00
   card*: [from successful BC4 (includes card-expiration-date,
       card-number, and card-salt)]
   signature:
    48SBKUfojyC9FDKCwdCYNvucgiDxYO9erZW4QndIXZRyheTHXH8OeIhwUkyLmgQSD/UK
    +IX9035/jUkdNPOxUQq9y/beHS1HU9Fe0wlzfXYRtnjlqvQX+yUfQ4T7eNEs

   #####################################################################



Eastlake, et al              Informational                     [Page 27]

RFC 1898                 CyberCash Version 0.8             February 1996


   merchant-signature is on the following fields: merchant-ccid,
       merchant-transaction, merchant-date, merchant-cyberkey, type,
       order-id, merchant-amount, pr-hash, pr-signed-hash, id,
       transaction, date, cyberkey

   Customer Signature: see CH1

   #####################################################################
   Explanation:
   The merchant signature ensures integrity of the majority of the
       message.  validation of the customer signature ensures that the
       customer opaque part was not tampered or replaced.


4.4.2 CM2 - auth-capture

   Description: Do authorization and actually enters charge for
       clearance. Message just like CM1 except for different
       type.

   #####################################################################
   Sender: MerchantApp
   Receiver: CyberServer
   #####################################################################
   Sample Message:

   [exactly the same as CM1 except

   type: auth-capture

   ]


4.4.3 CM3 - post-auth-capture

   Description: Captures a charge previously authorized. Message is
       the same as CM1 except that it also has an authorization-code
       field (which is also included in the signature) and the type
       is different.

   #####################################################################
   Sender: MerchantApp
   Receiver: CyberServer
   #####################################################################
   Sample Message:

   $$-CyberCash-0.8-$$
   merchant-ccid: ACME-012



Eastlake, et al              Informational                     [Page 28]

RFC 1898                 CyberCash Version 0.8             February 1996


   merchant-transaction: 123123
   merchant-date: 19950121100705.nnn
   merchant-cyberkey: CC1001
   cyberkey: CC1001
   opaque:
    EDD+b9wAfje5f7vscnNTJPkn1Wdi7uG3mHi8MrzLyFC0dj7e0JRjZ2PmjDHuR81kbhqb
    nX/w4uvsoPgwM5UJEW0Rb9pbB39mUFBDLPVgsNwALySeQGso0KyOjMxNs1mSukHdOmDV
    4uZR4HLRRfEhMdX4WmG/2+sbewTYaCMx4tn/+MNDZlJ89Letbz5kupr0ZekQlPix+pJs
    rHzP5YqaMnk5iRBHvwKb5MaxKXGOOef5ms8M5W8lI2d0XPecH4xNBn8BMAJ6iSkZmszo
    QfDeWgga48g2tqlA6ifZGp7daDR81lumtGMCvg==
   merchant-opaque:
    6BVEfSlgVCoGh1/0R+g1C143MaA6QLvKpEgde86WWGJWx45bMUZvaAu4LVeqWoYCqSGf
    aWKUF7awol0h1i1jtgieyAcXB8ikvRJIsupSAwsRMyoNlekR6tucvfv/622JY7+n7nGO
    dGbMzP0GJImh2DmdPaceAxyOB/xOftf6ko0nndnvB+/y2mFjdUGLtFQP/+3bTpZttZXj
    j7RO1khe1UrAIk2TGQJmNw+ltsu0f42MgsxB8Q31vjPtoiPi5LEmD0Y4jlpJ7Jg2Ub84
    F9vJhYpmzNkdiJUe83Hvo/xfJRbhafJpXFEsUZwQK0jU1ksU6CQd2+CPBB+6MxtsHoxJ
    mjD6ickhd+SQZhbRCNerlTiQGhuL4wUAxzGh8aHk2oXjoMpVzWw2EImPu5QaPEc36xgr
    mNz8vCovDiuy3tZ42IGArxBweasLPLCbm0Y=
   $$-CyberCash-End-7Tm/djB05pLIw3JAyy5E7A==-$$

   #####################################################################
   Merchant-Opaque Section Contents:

   type: post-auth-capture
   authorization-code: a12323
   order-id: 1231-3424-234242
   merchant-amount: usd 10.00
   pr-hash: 7Tm/djB05pLIw3JAyy5E7A==
   pr-signed-hash:
    a/0meaMHRinNVd8nq/fKsYg5AfTZZUCX0S3gkjAhZTmcrkp6RZvppmDd/P7lboFLFDBh
    Ec0oIyxWeHfArb3OtkgXxJ7qe0Gmm/87jG5ClGnpBnw0dY7qcJ6XoGB6WGnD
   id: myCyberCashID
   transaction: 78784567
   date: 19950121100505.nnn
   merchant-signature:
    vxyEF1ZHn5Rgmtms3H3t/+UB6RAvZQA1AdddjvlS0H75N1x83FyJuh8V9Ok6t4EUQQZ6
    Mnptzc6phJi3Ar0s0oumELsdc8upJdXpNpJV021PGJXfDKfHP0heJIWLodXr

   #####################################################################
   merchant-opaque key is generated from the CyberCash encrypting public
        key identified in merchant-cyberkey.

   Customer opaque section (Opaque) - see CH1.

   #####################################################################
   Opaque Section Contents & Signature:  (exactly as in CH1)

   swversion: 0.8win



Eastlake, et al              Informational                     [Page 29]

RFC 1898                 CyberCash Version 0.8             February 1996


   amount: usd 10.00
   card*: [from successful BC4 (includes card-salt, card-number,
       and card-expiration)]
   signature:
    48SBKUfojyC9FDKCwdCYNvucgiDxYO9erZW4QndIXZRyheTHXH8OeIhwUkyLmgQSD/UK
    +IX9035/jUkdNPOxUQq9y/beHS1HU9Fe0wlzfXYRtnjlqvQX+yUfQ4T7eNEs

   #####################################################################
   merchant-signature is on the following fields: merchant-ccid,
       merchant-transaction, merchant-date, merchant-cyberkey, type,
       authorization-code, order-id, merchant-amount, pr-hash,
       pr-signed-hash, id