or http://www.mastercard.com). Microsoft will be producing SET tools to allow developers and Webmasters to build support for SET into their server- and client-based
applications.
Please note that as part of the Microsoft Internet Security Framework,
Microsoft has begun work on an implementation of Secure Electronic Transactions (SET) for Webmasters, developers, merchants, and payment authorizers based on the
June 26, 1996 update of the SET specification posted by Visa and Mastercard
(http://www.visa.com or http://www.mastercard.com). Microsoft will be producing SET tools to allow developers and Webmasters to build support for SET into their server- and client-based
applications.
Microsoft Internet Security Framework press release
Link to the press release announcing the Microsoft Internet Security Framework.
Microsoft Internet Security Framework white paper
This paper is intended for corporate developers and consultants, independent software vendors (ISVs), network operators, and Webmasters who are interested in the convergence of the corporate intranet and the public Internet. It outlines the Microsoft Internet Security Framework--a comprehensive set of security technologies for electronic commerce and online communications that supports Internet security standards.
Download PowerPoint slides on Microsoft Internet Security Framework
Microsoft Vice President Paul Maritz' Windows World keynote presentation included these informational slides on Microsoft Internet Security Framework.
Answers to frequently asked questions about Microsoft Internet Security Framework
More than 50 answers to frequently asked questions.
Microsoft CryptoAPI
The Microsoft Cryptographic API (CryptoAPI) version 1.0 (Updated Feb 12, 1996) provides extensible, exportable, system-level access to common cryptographic functions such as encryption, hashing, and digital signatures. It is now shipping in Internet Explorer 3.0 beta and Windows NT 4.0 beta, and will also be delivered to OEMs as part of the Windows 95 OEM Service Release this summer.
The Microsoft Cryptographic API 2.0 will provide a complete public key infrastructure, including certificate-based authentication services and extensible certificate management functions, as well as high level APIs for authentication, signing, and encryption and decryption services. A beta version of CryptoAPI 2.0 will be available in July 1996.
A secure channel service provides basic privacy, integrity, and authentication in a point-to-point connection such as the connection between a Web browser and a Web server. An example of a secure channel is the Secure Sockets Layer (SSL). SSL provides a security handshake that is used to initiate the TCP/IP connection. The client and server agree on the level of security they will use, and fulfill any authentication requirements. SSL also encrypts and decrypts the byte stream of the application protocol such as HTTP. This means that all the information, both in the HTTP request and response, is fully encrypted.
The Microsoft Internet Security Framework includes support for SSL versions 2.0 and 3.0 and for Private Communication Technology (PCT) version 1.0. It will also include support for the Internet Engineering Task Force's (IETF) upcoming Transport Layer Security Protocol. This protocol will provide a single standard encompassing both SSL and PCT and support both certificate and password-based authentication.
Microsoft Submits Converged SSL/PCT Proposal to Netscape and the IETFááá(Apr 1996)
Via the IETF, Microsoft and Netscape are working together to converge on a single open transport-layer security protocol, using the existing protocols (SSL, PCT, SSH-Secure Shell Remote Login).
Private Communication Technology (PCT) Specification (Apr 1996)
Version 2.0 of the PCT specification. PCT is a security protocol that provides privacy over the Internet. It is intended to prevent eavesdropping on connection-based communications in client/server applications, with at least one of the two always being authenticated, and each having the option of requiring authentication of the other. PCT is somewhat similar to SSL, but PCT version 1.0 corrects or improves on several weaknesses of SSL, and version 2.0 adds a number of new features. PCT version 2.0 is fully compatible with PCT version 1.0. For the spec itself and additional PCT-related information, see http://pct.microsoft.com.
Microsoft Submits Draft on Security Interoperability to W3C
Microsoft submitted the Personal Information Exchange (PFX) draft to W3C on 5/6/96 and reaffirmed its commitment to open Internet review and standards processes.
Personal Information Exchange Discussion Draft (June 4, 1996)
Microsoft submitted this discussion Draft version 12 of Personal Information Exchange, the multi-browser, multi-platform, secure exchange interoperability standard for certificates, CRLs, private keys, and personal secrets.