Secure Courier is Netscape's proposed protocol for secure electronic commerce on the Internet [Elg95]. It is intended to layer on top of SSL (see Question 134) or a similar protocol.
Like iKP (see Question 139), Secure Courier is based on a credit-card model involving a third party acquiring bank; messages are sent between the customer and the merchant, and between the merchant and the acquirer gateway. It is simpler in some respects from other payment protocols in that it leaves some of the message integrity and confidentiality services to SSL or another underlying layer. For instance, a "transaction ID" field in the message is sufficient for linking messages in a transaction and preventing replay, since the underlying layer assures that the field is not modified. In other protocols, the transaction ID would need explicit cryptographic protection.
Secure Courier supports RSA public-key encryption and digital
signatures (see Question 8), as well as
DES (see Question 64);
"payment slips" from the customer to the acquirer gateway
can be sent with one of the PKCS #7 message formats
(see Question 166).