Development of An E-Commerce Site With Smartcard Payment Mechanism

Development of an E-commerce Site with Smartcard Payment Mechanism
Christopher S. Lacey MEng Electronic Systems Engineering with Management Studies
Supervisor: Mr. P J Miller
Electronic Engineering School of Engineering and Applied Science Aston University
Submitted: May 2001
Chris Lacey / Aston University, 2000 - 2001. To contact the author, see www.cslacey.co.uk/pro ect
!-co""erce #ite with #"artcar$ %ay"ent &echanis"
Appen$i' () #erver *nstallation *nstructions
Acknowledgements
The author wishes to express his gratitude to the followi g: Mr. P J Miller a d !r. J " # $illiams of the S%hool of & gi eeri g a d "pplied S%ie %e' "sto ( iversity' for providi g o goi g advi%e a d assista %e for the duratio of the pro)e%t. Mr. J $ard a d Mr. P Trevis also of the S%hool of & gi eeri g a d "pplied S%ie %e' "sto ( iversity' for providi g te%h i%al support. *ita%hi Smart +ommer%e divisio for the do atio of smart%ard e,uipme t a d developme t software- spe%ifi%ally' Mr. J .riffiths for providi g te%h i%al support a d to Mr. # &va s for arra gi g spo sorship. Mr. M Meyerstei of /T +ell et for providi g i formatio a d sour%e %ode with respe%t to Mo dex value tra sfer.
%a+e 1
Contents
Acknowledgements...............................................................................................................1 Contents.................................................................................................................................2 Table o !igures...................................................................................................................." 1 Synopsis.............................................................................................................................# 2 $ntroduction......................................................................................................................% 2.1 +o text........................................................................................................................0 2.1.1 "ppli%ability of Smart%ard Te%h ology...............................................................1 2.2 #e,uireme ts.............................................................................................................10 2.2.1 &le%tro i% +ash..................................................................................................10 2.2.2 Perso al Profile..................................................................................................10 2.2.2 &3+ommer%e $eb Site.......................................................................................11 2.2 4verview of #eport...................................................................................................11 & Ser'er(Side )esign $ssues..............................................................................................12 2.1 +hoi%e of $eb Server...............................................................................................12 2.2 Server3Side Pro%essi g..............................................................................................12 2.2 Mai tai i g State......................................................................................................12 2.5 !atabase....................................................................................................................16 2.5.1 !atabase Tra sa%tio s........................................................................................16 2.6 & %rypted +ommu i%atio ........................................................................................17 2.6.1 Publi% a d Private 8eys 9"symmetri% +ryptography:.......................................17 2.6.2 !igital +ertifi%ates.............................................................................................17 2.6.2 SS; a d +ertifi%ate "uthe ti%atio ....................................................................1< * Ser'er $mplementation..................................................................................................1% 5.1 "SP Sy tax...............................................................................................................10 5.1.1 +ode +o ve tio ................................................................................................10 5.2 Separatio of +ode a d Prese tatio ........................................................................10 5.2.1 The eed for i li e %ode embeddi g..................................................................10 5.2.2 =u %tio ;ibraries..............................................................................................11 5.2.2 (ser #edire%ts....................................................................................................11 5.2 !atabase Stru%ture.....................................................................................................21
%a+e 2
5.2.1 #elatio ships......................................................................................................21 5.2.2 Tables.................................................................................................................21 5.2.2 >ueries...............................................................................................................22 5.5 Server3Side Java "ppli%atio ....................................................................................22 5.6 SS;............................................................................................................................25 + Client(Side )esign $ssues...............................................................................................2+ 6.1 *ypertext Mar?up ;a guage 9*TM;:.....................................................................26 6.1.1 =rames................................................................................................................27 6.1.2 =orms..................................................................................................................2< 6.1.2 +lie t3side S%ripti g...........................................................................................20 6.1.5 !y ami% *TM;.................................................................................................21 6.2 +as%adi g Style Sheets 9+SS:...................................................................................21 6.2 +lie t3Side Java "pplet.............................................................................................20 " Client $mplementation...................................................................................................&1 7.1 $eb (ser @ terfa%e....................................................................................................21 7.1.1 Smart+e tre Site................................................................................................22 7.1.2 "sto SmartMar?et Site.....................................................................................22 7.2 +lie t3Side Java "pplet.............................................................................................26 7.2.1 @ terfa%e Methods...............................................................................................26 7.2.2 Aets%ape Aavigator a d @ ter et &xplorer Se%urity Models..............................27 7.2.2 !rivers for Smart%ard #eaders...........................................................................27 # Smartcard )esign $ssues................................................................................................&# <.1 +hoi%e of 4perati g System.....................................................................................2< <.2 +ard3+lie t +ommu i%atio .....................................................................................2< <.2.1 +omma d "P!(Bs............................................................................................2< <.2.2 #espo se "P!(Bs..............................................................................................20 <.2.2 "P!( +ases.......................................................................................................20 % Smartcard $mplementation...........................................................................................&, 0.1 =eature Set.................................................................................................................21 0.1.1 P@A #e,uests.....................................................................................................50 0.2 !evelopme tal Pro%ess.............................................................................................50 , Cryptographic Challenge and -esponse Cycle............................................................*1
%a+e (
1.1 #e,uireme ts.............................................................................................................51 1.2 @mpleme ted Solutio ...............................................................................................51 1.2 !ebit Pro%edure.........................................................................................................52 1.5 +redit Pro%edure........................................................................................................52 1.6 Tolera %e to Aetwor? =ailures..................................................................................52 1.7 Tolera %e to System @ terruptio s............................................................................55 1.< Se%urity.....................................................................................................................55 1. E'aluation.....................................................................................................................*" 10.1 Pro)e%t +osti g........................................................................................................57 10.1 Possible =uture !evelopme t.................................................................................5< 11 Conclusion.....................................................................................................................*% -e erences...........................................................................................................................*, /ibliography........................................................................................................................+. Appendi0 11 System 2'er'iew.........................................................................................+1 Appendi0 21 3ublic E0planatory Material......................................................................+2 "ppe dix 2.1: @ trodu%tio to Smart@! a d Smart$allet..............................................62 "ppe dix 2.2: Priva%y Stateme t for SmartMar?et........................................................62 Appendi0 &1 Ser'er $nstallation $nstructions.................................................................+* "ppe dix 2.1: @mpleme ti g SS;...................................................................................65 "ppe dix 2.1.1 .e eratio of Server +ertifi%ate........................................................65 "ppe dix 2.1.2: & abli g SS;....................................................................................66 Appendi0 *1 Client $nstallation $nstructions..................................................................+" "ppe dix 5.1: !rivers for Smart%ard #eader..................................................................67 "ppe dix 5.2: @ ter et &xplorer......................................................................................67 "ppe dix 5.2: Aets%ape Aavigator.................................................................................6< Appendi0 +1 Ser'er Code..................................................................................................+% "ppe dix 6.1: "SP &xamples.........................................................................................60 "ppe dix 6.1.1: ;ibrary for %alli g %ryptographi% fu %tio s 9swClib.asp:.................60 "ppe dix 6.1.2: Server3side validatio for registeri g a user 9adduser.asp:..............61 "ppe dix 6.1.2: Dalidati g %ardBs debit respo se 9s%authorise.asp:..........................70 "ppe dix 6.2: Server3Side Java "ppli%atio ..................................................................71
%a+e ,
Appendi0 "1 Client Code..................................................................................................."2 "ppe dix 7.1: *TM; a d &+M"S%ript &xamples........................................................72 "ppe dix 7.1.1: (si g %lie t3side Java applet with forms 9%o figsid.html:................72 "ppe dix 7.1.2: +lie t3side validatio of forms 9setpi .html:...................................72 "ppe dix 7.2: +SS &xample 9asto .%ss:.........................................................................75 "ppe dix 7.2: +lie t3Side Java "pplet...........................................................................76 "ppe dix 7.2.1: Smart@! %lass...................................................................................76 "ppe dix 7.2.2: Message=rame %lass.........................................................................<2 "ppe dix 7.2.2: Pi #e,uest +lass..............................................................................<2 Appendi0 #1 Smartcard Code...........................................................................................#*
%a+e -
Table of
ig!res
!igure *.11 3seudocode indicating use o inline scripting...............................................1% !igure *.21 AS3 code showing use o unction libraries and ser'er(side includes.......1, !igure *.&1 E0tract rom db4lib database access library................................................1, !igure *.*1 E0tract rom adduser.asp showing use o user redirects............................2. !igure *.+1 )atabase structure..........................................................................................21 !igure *."1 AS3 code to call 5preempt-esponse6 method in 7a'a application.............2& !igure +.11 Main rame structure.....................................................................................2" !igure +.21 /rowse8search products rame structure....................................................2" !igure ".11 !orm used to con igure personal pro ile......................................................&2 !igure ".21 Aston SmartMarket ront page.....................................................................&* !igure ".&1 3ages to search product database and 'iew results.....................................&* !igure #.11 $S2 #%1"(* Command A3)9 structure.......................................................&# !igure #.21 $S2 #%1"(* -esponse A3)9 structure.........................................................&% !igure %.11 $mplemented smartcard eature set..............................................................&, !igure ,.11 )ebit communication se:uence....................................................................*2 !igure ,.21 Credit communication se:uence..................................................................*& !igure ,.&1 )ebit test site..................................................................................................*+ !igure ,.*1 Credit test site................................................................................................*+
%a+e .
" Synopsis
@ a attempt to provide a solutio to the problem of usi g %redit %ards for payme t over the @ ter et' the ob)e%tive of this pro)e%t was to impleme t a fully fu %tio i g &3%ommer%e site whi%h utilised a smart%ard me%ha ism for payme t.. !ue to the fa%t that the %reators of existi g smart%ard wallets appear relu%ta t to divulge their full spe%ifi%atio s' a smart%ard3based ele%tro i% %ash system has bee developed from s%rat%h' providi g mea s for i sta ta eous' a o ymous tra sfer of value a%ross a i se%ure etwor?' su%h as the @ ter et. " alysis a d test of the system have suggested the impleme tatio to be se%ure. "dditio ally' smart%ard te%h ology has bee employed to solve a other per%eived problem with busi ess3to3%o sumer &3%ommer%e sites: that of the eed for repetitive perso al data e try. " profile system has bee %reated whi%h permits storage of perso al data i o e lo%atio 9the smart%ard:' a d rapid %ompletio of *TM; forms by automati% retrieval of this i formatio . " &3%ommer%e site has bee %reated with whi%h these two systems have bee su%%essfully i tegrated' i di%ati g that smart%ard te%h ology does provide a feasible mea s for addressi g the problems ide tified. *owever' %ompli%atio s ide tified at the %lie t side suggest that widespread adoptio of the te%h ology will ot o%%ur u til suitable sta dards are developed a d adhered to.
%a+e /
# $ntrod!ction
#%" Conte&t
The explosive growth of the @ ter et has %aused a revolutio i the ma er i whi%h busi esses a d %o sumers %o du%t %ommer%ial ex%ha ges. E-Commerce is %urre tly a ma)or growth i dustry' a d the umber of tra sa%tio s %arried out o li e is es%alati g expo e tially. The adva tages provided by @ ter et %ommer%e are self3evide t' a d explai the e thusiasm shared by %ompa ies a d %ustomers for tradi g i this ma er. =or the supplier' there is greater pote tial to %ompete o a global s%ale' a d %ost savi gs %a be attai ed i terms of staff a d real estate by removi g the eed for publi%3fa%i g premises. =or the %o sumer' a mea s is provided to browse a d sear%h for produ%ts' a d %ompare the pri%es of differe t suppliers' more ,ui%?ly a d easily tha was previously possible. *owever' some problems have arise with respe%t to busi ess3to3%o sumer 9E/2+F: systems' whi%h to this day have preve ted them from realisi g their full pote tial. =irstly' there is a ge eral relu%ta %e amo gst the publi% to tra sfer their %redit or debit %ard umber a%ross the @ ter et' for fear of it bei g i ter%epted a d u lawfully misused. The use of e %rypted %ommu i%atio 9via SS;a: has go e a lo g way to alleviate this fear' but it does still remai a issue: a sig ifi%a t umber of pote tial pur%hases are lost for this reaso . Se%o dly' %redit a d debit %ards are ot ideally suited to pur%hasi g ma y of the produ%ts or servi%es that are available' or %ould be made so. @ ma y situatio s' a system more resembli g %ash would be prefere tial 3 avoidi g delays i here t withi %redit %ard %leari g systems' permitti g micropayments 9e.g. of a few pe %e: to be made for o li e servi%es' retai i g %ustomer a o ymity a d providi g a mea s for the user to be aware of his %urre t bala %e at all times. =i ally' the tedious a%tivity of repetitively e teri g perso al i formatio ' su%h as shippi g address' for every tra sa%tio or site registratio is dis%o %erti g to ma y users. " resear%h study %o du%ted by Jupiter +ommu i%atio s 9AG: i 1111 i di%ated that more
Se%ure So%?et ;ayer

%a+e 0
tha a ,uarter of users surveyed had aba do ed a tra sa%tio solely due to the le gth or %omplexity of the form whi%h had to be %ompleted. Darious solutio s to these problems have bee proposed' su%h as S&Ta a d $eb H/ea IB for payme ts- a d H"uto%ompleteB a d Mi%rosoft Profile "ssista t for %ompleti g forms. *owever' ea%h of these systems solves o ly o e of the problems me tio ed: S&T' for example' avoids the eed for tra smissio of %redit %ard i formatio ' but still uses su%h a %ard as the ultimate mea s for payme t. @ additio ' most solutio s te d to be tied to a userBs ow %omputer' preve ti g them from bei g used effe%tively i @ ter et %afJs or o other ma%hi es. 2.1.1 Applicability of Smartcard Technology Smart%ards have two fu dame tal %apabilities 3 that of data storage a d pro%essi g power. @ terms of the former' they provide adva tages i terms of their portability a d 3 more u i,uely 3 the fa%t that the data stored upo them %a be made tamper3proof. Physi%al se%urity of the %ards provides good prote%tio agai st attempts to read or modify the %o te ts of memory by exter al mea s. !ata %a therefore o ly be a%%essed via the i terfa%e defi ed by the program reside t o the %ard' mea i g that a system %ould be %reated whereby i formatio is ot released from the %ard u less a %orre%t P@Ab is e tered beforeha d' for example. The pro%essi g power of the %ard is of parti%ular use for %ryptographi% a d other se sitive operatio s' where 3 for example 3 digital sig atures %a be ge erated a d validated without a userBs private ?ey ever leavi g the %ard. Smart%ardsB tamper3proof data storage' a d their %apability to perform %ryptographi% operatio s' therefore appeared to provide a feasible mea s for addressi g the problems previously des%ribed: firstly' by allowi g user profile i formatio to be stored a d ,ui%?ly tra sferred by i sertio of the %ard i to a smart%ard reader- se%o dly' by providi g a se%ure mea s for value to be stored a d tra sferred by mea s of a trusted applet reside t o the %ard.
a b
Se%ure &le%tro i% Tra sa%tio s sta dard Perso al @de tifi%atio Aumber
%a+e 1
#%# 'e(!irements
The aim of this pro)e%t was to desig a d %reate a fully operatio al &3%ommer%e site whi%h would ma?e use of smart%ard te%h ology i order to attempt to provide a solutio to the problems previously dis%ussed. (sers would therefore be re,uired to have a suitable smart%ard reader atta%hed to their %omputer i order to ma?e use of this. 2.2.1 Electronic Cash @ order to represe t ErealF %ash most a%%urately' there is a re,uireme t for ;i< 'alue to be stored on the smartcard only' a d ot re%orded elsewhere 9thus mai tai i g a o ymity:. +learly' therefore' a %ard applet eeds to be %reated whi%h will ;ii< pre'ent users rom de rauding the system by increasing their balance without authorisation rom the card issuer- a d ;iii< pre'ent debits rom being made without the user6s consent. =i ally' there eeds to be a mea s for ;i'< securely trans erring 'alue between the card and a remote host= o'er an insecure network whi%h is ope to eavesdroppi g a d modifi%atio of the data bei g tra sferred. @t was i itially the i te tio to use Mondex' a prove smart%ard3based ele%tro i% %ash produ%t' as the basis for value tra sfer withi this pro)e%t. *owever' Mo dex @ ter atio al' %reators of the system' were u willi g to provide the proto%ol spe%ifi%atio s re,uired for se%urity reaso s. +o se,ue tly' a suitable ele%tro i% %ash system had to be developed from s%rat%h. 2.2.2 Personal Profile The basi% re,uireme t was for the smart%ard to ;i< store te0tual in ormation within a number o pro ile > ields? a d for a mea s to be provided for ;ii< a web site to retrie'e this data. "dditio ally' provisio had to be made for a user to ;iii< update his pro ile in ormation whene'er necessary' a d to ;i'< speci y pre erences as to whether= and how o ten= a 3$@ should be re:uested be ore sensiti'e in ormation is released. The ob)e%tive to develop a perso al profile was ot part of the origi al pro)e%t spe%ifi%atio . @t was ta?e o at the re,uest of *ita%hi' providers of smart%ard readers a d developme t software for the pro)e%t.
%a+e 10
2.2.3 E-Commerce Web Site The %ore fu %tio s provided by a y &3%ommer%e site are to ;i< allow users to browse or search within a database o items or ser'ices= ;ii< select those re:uired or purchase and place into a 'irtual >shopping basket?' a d ;iii< >check out? by authorising 'alue trans er to the 'endor. "dditio ally' for this pro)e%t' it was e%essary to ;i'< utilise the electronic cash and personal pro ile systems previously des%ribed.
#%) *verview of 'eport

Three fu dame tal %ompo e ts to the overall system %learly emerge' amely Server, Client a d Smartcard. The followi g %hapters deal with these i dividually: for ea%h' a Design Iss es %hapter des%ribes a d )ustifies the ma)or %o %eptual de%isio s made' a d a Implementation %hapter outli es ?ey methods by whi%h the desig was realised. The method by whi%h value tra sfer was a%hieved is des%ribed separately i ! Cryptographic Challenge and "esponse Cycle' as it i volves the server' %lie t a d smart%ard e,ually' a d %a ot be satisfa%torily des%ribed for ea%h %ompo e t i isolatio . The su%%ess of the pro)e%t is the evaluated' a d possibilities for future developme t ide tified. =i ally' %o %lusio s are draw from the fi di gs made.
%a+e 11
) Server-Side Design $ss!es

)%" Choice of +eb Server
!iffere t permutatio s of operati g system a d web server software were assessed' a d i ma y %ases evaluated through i stallatio ' test' a d review of their a%%ompa yi g do%ume tatio . (A@K servers te d to be highly regarded for their reliability a d stability' he %e i itially appeared to be a attra%tive optio for deployme t. *owever' at the time whe this assessme t of alter atives was bei g %o du%ted' Mo dex was i te ded to be the mea s by whi%h payme ts would be made withi the site' a d it was therefore assumed that a smart%ard reader would be eeded o the server i order to fa%ilitate %ard3to3%ard value tra sfers. The ma)ority of su%h devi%es are supplied o ly with $i dows drivers 3 (A@K alter atives are ge erally slow to materialise a d are usually u supported 3 a d as su%h the de%isio was made to sele%t $i dows AT Server as the platform upo whi%h the web server should ru . The "pa%he *TTP Server a d Mi%rosoftBs @ ter et @ formatio Server 9@@S: were the %riti%ally %ompared' the latter fi ally bei g sele%ted due to the fa%t that its ative s%ripti g la guage 9"SPa: was u i,ue i providi g support for i sta tiatio of $i dows +4Mb ob)e%ts' thus permitti g %ommu i%atio with the smart%ard reader via ve dor3supplied %ompo e ts. Darious modules providi g "SP support for "pa%he were lo%ated a d tested' but these were fou d to possess i %omplete feature sets 3 o e of them providi g +4M support.
)%# Server-Side Processing

" &3%ommer%e site obviously re,uires some degree of server3side pro%essi g over a d above simply relayi g stati% %o te t at the re,uest of browsers 3 for example' supplyi g pages whi%h show produ%ts that mat%h a userBs sear%h %riteria. The de%isio was made to utilise @@SBs i li e s%ripti g %apabilities to perform the ma)ority of server3side pro%essi g' as this te%h i,ue uses the appli%atio Bs memory spa%e to pro%ess the s%ripts' drai i g fewer resour%es tha usi g +.@%' with whi%h a ew pro%ess eeds to be %reated to serve every separate page re,uest.
a
"%tive Server Pages +ompo e t 4b)e%t Model % +ommo .ateway @ terfa%e

b
%a+e 12
@@S is %apable of supporti g a umber of differe t s%ripti g la guages 9D/S%ript a d JS%ripta as sta dard' Perl a d other alter atives by deployme t of appropriate modules:. Ao o e la guage appeared to offer a y parti%ular adva tage' he %e D/S%ript was %hose solely be%ause this appears to be the most %ommo %hoi%e amo gst users of "SP' a d thus more do%ume tatio a d support is available for it.
)%) Maintaining State

The proto%ol via whi%h web pages are re,uested a d served 9*TTPb: is stateless' i that ea%h page re,uest is effe%tively a isolated eve t whereby a %o e%tio is mai tai ed betwee %lie t a d server for the tra smissio of a si gle file o ly. Aavigati g to a parti%ular page by e teri g its (#;% i to the address bar of a browser or by sele%ti g a hyperli ? %auses a T+Pd %o by a i stru%tio of the form:
GET /filename.html HTTP/1.0
e%tio to be made to port 00 of the appropriate host' followed
"ssumi g the file re,uested is available' the web server the respo ds by tra smitti g the page ba%? to the %lie t' a d the %o released. The stateless ature of *TTP dema ds that %o sideratio be give to how some form of persiste %e be %reated withi the system. +learly' for a &3%ommer%e site' it is desirable for a user to move betwee several pages' browsi g a d sear%hi g for items' a d addi g those whi%h are re,uired to a virtual Eshoppi g bas?etF. @t is obviously e%essary for the sele%tio s made to be retai ed for at least the duratio of the userBs visit to the site' a d preferably also betwee su%%essive visits. Darious exte sio s to *TTP' whi%h are ow mature a d supported by the vast ma)ority of browsers' provide mea s to over%ome this problem. The most established method is ? ow as #$$% A thentication' whereby the web server i serts the followi g headers i to its i itial respo se to a page re,uest:
WWW-Authenticate: Basic HTTP/1.0 401 Unauthori e!
e%tio betwee the two ma%hi es is immediately
Mi%rosoftBs impleme tatio of &+M"S%ript 9Javas%ript: *ypertext Tra sfer Proto%ol % ( iform #esour%e ;o%ator d Tra smissio +o trol Proto%ol
b
%a+e 1(
/rowsers supporti g *TTP authe ti%atio will the prompt the user for a user ame a d password' %a%he this i formatio ' a d retra smit it withi the headers of every subse,ue t page re,uest to that site. +o se,ue tly' by observi g the user ame a d password a%%ompa yi g ea%h page re,uest' the server %a as%ertai whi%h user is bei g served a d modify the %o te ts of the i formatio retur ed a%%ordi gly. " alter ative to this te%h i,ue is to use coo&ies' whi%h are small text files %reated by the browser o the userBs system upo the re,uest of the server. The i formatio to be stored withi these files is se t to the %lie t withi the respo se *TTP headers' a d this is the retra smitted by the browser withi the headers of every subse,ue t page re,uest to the same site. +o se,ue tly' by usi g %oo?ies to store a u i,ue ide tifier for a parti%ular user' page respo ses %a be perso alised by the server a%%ordi gly. $he %oo?ies first %ame i to existe %e 9i Aets%ape Aavigator 2.0:' they were viewed with suspi%io by some users who regarded the a%t of text files bei g saved o their ow ma%hi es as a se%urity threat. The fa%t that these files %o tai textual data whi%h is ma aged by the browser' o ly ever se t to the site whi%h origi ally %reated it' a d ever exe%uted' has %aused this attitude to be o lo ger widely held' a d although users %a still %hoose to re)e%t them' all browsers i %ommo use today sile tly a%%ept %oo?ies by default. @ additio ' %reatio of the %o %ept of Esessio %oo?iesF whi%h exist i the browser pro%essBs volatile memory' a d thus remai i existe %e o ly u til the program is %losed' have served to provide a te%h i,ue for providi g persiste %e to whi%h few are opposed. @ ge eral' %oo?ies are used mu%h more widely tha *TTP "uthe ti%atio ' a d as su%h the appeara %e of the browserBs logi box is ow rarely wit essed a d %a be dis%o %erti g for i experie %ed users. @ additio ' be%ause the ma er i whi%h the user ame a d password are re,uested is u i,ue to ea%h i dividual browser' it would ot be possible to provide a %o siste t me%ha ism for loggi g i usi g a smart%ard should this method be employed for user ide tifi%atio . +o se,ue tly' despite the small possibility of user re)e%tio ' it was de%ided that the less %o troversial Esessio %oo?ieF be used to provide logi fa%ilities to the site' together with a expla atio of the se%urity issues i volved. "dditio ally' it was de%ided to provide the optio for %reati g a perma e t %oo?ie to provide automati% logi to the site.
%a+e 1,
)%, Database
There was a %lear eed for the existe %e of a database o the server' whi%h would %o tai i formatio relati g to the produ%ts or servi%es available for sale o the site 9e.g. des%riptio ' pri%e a d sto%? i formatio :. @ additio ' it was believed to be desirable for the database to be the lo%atio i whi%h the %o te ts of usersB Eshoppi g bas?etsF was held. @t would be possible for the sessio %oo?ie %reated o the %lie tBs ma%hi e to retai this i formatio - however' be%ause %oo?ie data is tra smitted with every page re,uest' use of a server3side database mi imises the amou t of data bei g tra sferred' a d thus the speed of respo se. "dditio ally' it permits the %o te ts of bas?ets to be remembered i defi itely 9i.e. betwee visits:. " large umber of differe t database produ%ts are available' all with their ow parti%ular adva tages a d disadva tages. "ssessme t of whi%h was the most suitable for a &3%ommer%e site would be depe de t upo fa%tors su%h as the expe%ted server load' a d a detailed evaluatio of alter atives was ot %o sidered to be withi the s%ope or budget of this pro)e%t. (se of a sta dard ,uery la guage a d abstra%tio layer to %o database 9spe%ifi%ally' S>; via a 4!/+a %o e%t to the e%tio : was therefore deemed esse tial' so
that the u derlyi g e gi e %ould be repla%ed should it be%ome e%essary 9easi g migratio to a heavy3duty 4ra%le database should server load es%alate' for example:. 3. .1 !atabase Transactions +ertai operatio s that may eed to be %arried out o the database are %omprised of a umber of separate a%tio s 3 su%h as the pro%ess of %he%?i g out' where ea%h produ%t pur%hased must be deleted from the userBs bas?et a d a %orrespo di g re%ord made elsewhere to authorise dispat%h. @t is importa t to e sure that' i the eve t of a error or problem o%%urri g o the server' the e tire operatio would fail or su%%eed as a si gle u it 9i.e. either all of the %ompo e t a%tio s would be %ompleted' or none of them:. Su%h a operatio is said to be atomic. @ order to a%hieve this re,uireme t' it was de%ided to use tra sa%tio al features withi the database whereby a tra sa%tio is %omme %ed immediately before the first %riti%al operatio a d committed followi g the fi al o e. Should a y step i the tra sa%tio fail' all other steps are automati%ally rolled ba%?' thus preservi g %o siste %y of the data.
4b)e%t !atabase +o
e%tio
%a+e 1-
The database e gi e also e sures that partial results of i %omplete operatio s are ever obtai ed by other %o %urre t pro%esses 9e.g. other "SP page re,uests: by lo%?i g the releva t fields for the duratio of the tra sa%tio . !ue to the fa%t that tra sa%tio s o ly appear to be re,uired for re%ords a d fields spe%ifi% to i dividual users' o problems should o%%ur with the database bei g made u available to other users of the site.
)%- Encrypted Comm!nication

+ommu i%atio via the @ ter et is i here tly i se%ure' as data tra sferred over it is ope to eavesdroppi g at ma y differe t poi ts. +o se,ue tly' there is a eed for a y system whi%h i volves the tra smissio of se sitive i formatio 9su%h as %redit %ard umbers: to provide mea s for e %rypti g %ommu i%atio betwee server a d %lie t a d to assure users of the true ide tity of the site with whi%h they are deali g' he %e the ratio ale behi d deployi g SS;a. 3.".1 P#blic and Pri$ate %eys &Asymmetric Cryptography' $he used for e %ryptio ' publi% a d private ?eys are a alogous to padlo%?s a d their ?eys' whereby i formatio %a be e %rypted usi g a publi% ?ey 9lo%?ed with a padlo%?: su%h that it %a o ly be de%rypted usi g its asso%iated private ?ey 9u lo%?ed with its ?ey:. +o se,ue tly' publi% ?eys %a be widely distributed to e able a yo e to e %rypt i formatio i the ? owledge that it %a o ly be de%rypted by the holder of the asso%iated private ?ey. "dditio ally' however' data e %rypted usi g the private ?ey %a be de%rypted by a yo e i possessio of the asso%iated publi% ?ey. @f mea i gful i formatio %a be extra%ted usi g the publi% ?ey' o e %a be %ertai that o ly the holder of the private ?ey %ould have e %rypted it i itially 9i.e. the origi of the data is assured:. This te%h i,ue forms the basis for digital sig ature systems. 3.".2 !igital Certificates @ order for asymmetri% %ryptography to be used effe%tively' it is e%essary for the holder of a publi% ?ey to be %ertai that the ?ey is i fa%t asso%iated with the private ?ey ow ed by the i te ded re%ipie t. (si g te%h i,ues su%h as @P spoofi g' it might be possible to mas,uerade u der the ide tity of a other user or server a d supply a differe t publi% ?ey whi%h would allow u authorised a%%ess to i formatio e %rypted with it.
a
Se%ure So%?et ;ayer

%a+e 1.
@ order for the true ow er of a publi% ?ey to be determi ed' Certification A thorities 9+"Bs: su%h as Derisig a d Thawte have bee established to a%t as trusted third parties whi%h will verify the ide tity of a perso or orga isatio before providi g them with a digital certificate. Su%h %ertifi%ates are wrappers %o tai i g textual i formatio %o %er i g the ow erBs ide tity' together with the a%tual publi% ?ey. The wrapper itself is sig ed usi g the +"Bs private ?ey whi%h gives a yo e proof of its authe ti%ity. The +"sB publi% ?eys' re,uired to verify %ertifi%ates as bei g valid' are supplied as sta dard withi all %ommo web browsers a d web server software. 3.".3 SS( and Certificate A#thentication SS; is a sta dard te%h i,ue used for se%ure data ex%ha ge o the @ ter et a d o private etwor?s. Typi%ally' a web server will prese t a browser with its digital %ertifi%ate whi%h will a%t as proof of its ide tity' a d %o tai its publi% ?ey usi g whi%h data se t to it %a be e %oded. "s @ ter et @ formatio Server a d the ma)ority of mai stream browsers support SS;' the de%isio was made to apply for a suitable digital %ertifi%ate from a ? ow +"' a d to ma?e use of SS; for the tra smissio of address a d %redit %ard i formatio to the server.
%a+e 1/
, Server $mplementation
Please refer to the a%%ompa yi g +!3#4M to view the %omme ted %ode a d other files %reated to impleme t the system 9H$ebB dire%tory for "SP %ode' HServerB dire%tory for "%%ess database a d Java appli%atio sour%e:.
,%" ASP Synta&

" des%riptio of "SP sy tax a d usage is ot withi the s%ope of this do%ume t. *owever' the reader may be efit from ? owi g that dire%tives are disti guished from sta dard *TM; %ode by bei g surrou ded by "# a d #$ delimiters. @ additio ' the "%--& .. --$ tag is used for spe%ifyi g for server3side i %ludes. .1.1 Code Con$ention $ithi this se%tio ' highlighted text will be used to disti guish server3side i stru%tio s from *TM; %ode' where e%essary. +omme ts withi %ode will be show i gree .
,%# Separation of Code and Presentation

"SP i li e s%ripti g 9where pre3pro%essor i stru%tio s are embedded amo gst sta dard *TM; tags: is ot well suited to separati g %ode from prese tatio i formatio . *owever' where possible' user redire%ts a d fu %tio libraries were utilised to isolate sig ifi%a t %ode blo%?s to Ededi%atedF s%ript files. .2.1 The need for inline code embedding @ some situatio s' it was however esse tial to embed %ode i the middle of a *TM; page' as i the %ase of a produ%t listi g 3 illustrated by the followi g pseudo%ode:
Pa'e hea!er HT(): Title* Ta+le hea!er* etc. FOR EACH Pro!uct that matches selection criteria ,e- ta+le ro,e- ta+le cell Print Pro!uct name ,e- ta+le cell Print Pro!uct .rice NEXT Pro!uct Pa'e footer Figure 4.1: Pseudocode indicating use of inline scripting
%a+e 10
.2.2 )#nction (ibraries @ order to mi imise the %ode %o te t of pages' a d to redu%e %odi g repetitio ' a umber of libraries were %reated %o tai i g related fu %tio s 9e.g. those pertai i g to database a%%ess:. These were i %luded' whe re,uired' by use of server3side i %ludes' as show i the followi g example:
"# /)A,GUAGE 0 1B2cri.t #$ "%--&inclu!e file03../st!4li+.as.3--$ "%--&inclu!e file03../!+4li+.as.3--$ "html$ "hea!$ "lin5 rel03st6lesheet3 href03main.css3$ "/hea!$ "+o!6$ ".$7urrent or!er total: "stron'$"#0'etBas5etTotal89#$"/stron'$"/.$ etc... Figure 4.2: ASP code showing use of function libraries and server-side includes
"SP does ot support the %o %ept of ElibrariesF as su%h- the Li %lude dire%tive simply %auses the %o te ts of the refere %ed do%ume t to be pla%ed at that poi t withi the file. +o se,ue tly' %are had to be ta?e to avoid dupli%atio of variable a d fu %tio ames a%ross multiple libraries' as should more tha o e ever be i %luded i a do%ume t' %o fusio would result. Suitably des%riptive ames were therefore used for fu %tio s a d EglobalF variables that might eed to be refere %ed exter ally- a d Elo%alF variables were prefixed with a %ommo ide tifier 9e.g. dbC for database variables:' as show i the example below:
"# :im o+;7onn* !+4str7onn* !+4str<uer6* o+;=2 2et o+;7onn 0 2er>er.7reate?+;ect83A:?:B.7onnection39 !+4str7onn 0 3:2,02mart(ar5et@:ata+ase02mart(ar5et@UA:0sa@PW:0@3 o+;7onn.?.en8!+4str7onn9 Bunction isEm.t6=28!+4str<uer69 :im !+4chec5=2 2et !+4chec5=2 0 o+;7onn.ECecute8!+4str<uer69 isEm.t6=2 0 !+4chec5=2.E?B !+4chec5=2.7lose En! Bunction etc... Figure 4.3: !tract fro" db#lib database access librar$
.2.3 *ser +edirects @ ma y %ases' the submissio of a form to the server re,uires a %o siderable amou t of pro%essi g to be %arried out before a simple page is retur ed i di%ati g su%%ess or failure.
%a+e 11
"s opposed to embeddi g *TM; represe ti g the user message withi large amou ts of "SP %ode' these messages were %reated i separate pages' a d *TTP redire%t respo ses se t to the %lie t' %ausi g it to re,uest the appropriate Esu%%essF or EfailureF page after pro%essi g of the form was %omplete. =or example' the followi g s%ript is a extra%t from the "SP s%ript %alled o submissio of the E"dd ew userF form:
D7hec5 to see if user alrea!6 eCists in !ata+ase userECists 0 ,ot isEm.t6=2832E)E7T Username B=?( Accounts WHE=E Usern ... Af =eEuest83.ass-or!39 "$ =eEuest83.ass-or!F39 Then DPass-or!s !o not match !+4finalise89 =es.onse.=e!irect83a!!user4!iff.ass.as.3 G urlA..en!9 ElseAf username033 ?r .ass-or!033 ?r forename033 ?r surname033 Then DEssential fiel! left +lan5 !+4finalise89 =es.onse.=e!irect83a!!user4incom.lete.as.3 G urlA..en!9 ElseAf userECists Then DUser alrea!6 eCists !+4finalise89 =es.onse.=e!irect83a!!user4eCists.as.3 G urlA..en!9 Else D?H to insert user into !ata+ase !+ECecute83A,2E=T A,T? Accounts 8Username*Pass-or!*Borename*2ur ... !+4finalise89 =es.onse.=e!irect83a!!usersuccess.html39 Figure 4.4: !tract fro" adduser.asp showing use of user redirects
En! Af
@ this %ase' if the two passwords e tered by the user do ot mat%h' he is forwarded to EadduserCdiffpass.aspF- if a y esse tial fields are left bla ?' he is forwarded to EadduserCi %omplete.aspF' a d so o .
%a+e 20
,%) Database Str!ct!re

" Mi%rosoft "%%ess database was used for stori g user a d produ%t i formatio - this produ%t bei g %hose solely for its ease of availability 9see '.( Data)ase Design Iss es:. .3.1 +elationships /ei g a relatio al database' it is possible to defi e relatio ships that exist betwee fields i differe t tables. Su%h usage e for%es referential integrity 3 by defi i g the stru%ture at su%h a low level' faulty %ode or i terfa%es are preve ted from e teri g i valid data i to the database' allowi g problems to be re%og ised more easily a d thus assisti g i debuggi g. The tables %reated' a d relatio ships betwee fields are as show below. Primary ?eys are i di%ated i bold.
Figure 4.%: &atabase structure
.3.2 Tables The Accounts table %o tai s a re%ord for ea%h registered user' %omprisi g user ame a d password' real ame' a d the shippi g address most re%e tly e tered 9i.e. for the %urre t tra sa%tio :. 3roducts %o tai s the full list of items available' ea%h bei g assig ed a %ategory from the list defi ed i Categories. These %ategories are used withi the browsi g pro%ess 3 the user bei g able to view all releva t produ%ts by sele%ti g the re,uired %ategory from a dy ami%ally %reated drop3dow list withi his web browser.
%a+e 21
/askets bri gs together user a d produ%t i formatio 9from Accounts a d 3roducts' respe%tively: to i di%ate the items sele%ted by users to be i their Eshoppi g bas?etsF. $ithi "%%ess' the relatio ships defi ed betwee fields %a o ly be of the type 4 e3to3Ma y' as show 9e.g. a produ%t may o ly be assig ed to o e %ategory' but a %ategory may be assig ed to ma y produ%ts:. @ order to provide a Ma y3to3Ma y relatio ship for the shoppi g bas?ets 9a user may sele%t ma y produ%ts' a d a produ%t may be sele%ted by ma y users:' /askets is re,uired to a%t as a * nction ta)le' possessi g two primary ?eys to e sure u i,ue ess o ly of the %ombi atio s of 9Produ%t@!'(ser ame: tuples 9i.e. it is possible for multiple re%ords to exist with the same Produ%t@!' providi g the (ser ame differs for ea%h su%h re%ord- a d vi%e3versa:. 4 %e a pur%hase is made' produ%ts 9refere %ed by Produ%t@!: are EmovedF to the )ispatches table' whi%h would be used by the shippi g departme t to arra ge for despat%h. &a%h re%ord relates to o e produ%t o ly' to allow i dividual %ompo e ts of a order to be %o sidered separately. *e %e' whe ever suffi%ie t sto%? was available' a delivery %ould be made' a d the re%ord deleted from the system. The Aame a d "ddress fields relate to the shippi g details e tered duri g the %he%?out stage' a d are ot stored elsewhere i the system to e sure o perma e t re%ord is made of them' for user priva%y reaso s. Card3ayments represe ts the list of %redit %ard tra sa%tio s that have bee pro%essed. @ the %ase of this system' a %redit %ard tra sa%tio is deemed to have bee su%%essfully %arried out o %e a e try for it is made i to this table. 4bviously' i a real &3%ommer%e site' tra sa%tio authorisatio would be made by a ba ? or %leari g house 3 e try of data i to this table' however' simulates this pro%ess. .3.3 ,#eries /asketAuery a d /asketSubtotals are + eries %reated withi the database. &ffe%tively' these are read3o ly tables whi%h are dy ami%ally %reated by the server. /asketAuery defi es a li ? betwee its Produ%t@! field a d that of 3roducts a d thus provides the data re,uired for the server s%ript to display details of a userBs bas?et 9without eed for it to perform its ow %ross3refere %i g to obtai produ%t des%riptio ' for example:.
%a+e 22
/asketSubtotals li ?s its (ser ame field to that of /asketAuery' a d %al%ulates the total %ost of produ%ts withi ea%h userBs bas?et by defi i g the Subtotal field to be a expressio of the form:
2u+total: 2um8IBas5et<uer6J%I<uantit6JKIBas5et<uer6J%IPriceJ9
i.e. the summatio of 9,ua tity pri%e: for ea%h item i /as?et>uery asso%iated with a parti%ular user ame.
,%, Server-Side .ava Application

D/S%riptBs Elo gF i teger type was fou d to use a 223bit sig ed umber represe tatio ' he %e was %apable of represe ti g umbers with maximum mag itude of 222. This was i suffi%ie t for performi g %al%ulatio s with 753bit umbers' as used for the %halle ges a d respo ses withi the smart%ard debit a d %redit pro%edures 9see ! Cryptographic Challenge and "esponse Cycle:. +o se,ue tly' a Java appli%atio was %reated whi%h provided methods for performi g the %al%ulatio s' a%%epti g argume ts a d retur i g values as stri gs' a d utilisi g the )ava.math./ig@ teger %lass whi%h provides for represe tatio of arbitrary le gth umbers. #e%e t versio s of the Java DMa for $i dows allow a y Java appli%atio to be i sta tiated as a +4M %ompo e t 3 this fa%ility was exploited to provide a mea s for the "SP %ode to %all the methods %reated' as illustrated below:
:im s-4smartA:7hallen'e 2et s-4smartA:7hallen'e 0 2er>er.7reate?+;ect8372).2martA:7hallen'e39 Bunction .reem.t=es.onse8s-4>alue* s-4challen'e9 .reem.t=es.onse0s-4smartA:7hallen'e..reem.t=es.onse8s-4>alue* s-4challen'e* s-4.ri>ateHe69 En! Bunction Figure 4.': ASP code to call (pree"pt)esponse* "ethod in +ava application
*ere' H+S;.Smart@!+halle geB was the ide tifier 9+;S@!b: used to register the Java applet as a +4M %ompo e t o the server 9via the J"D"#&. utility:.
a b
Dirtual Ma%hi e +lass @!

%a+e 2(
,%- SS/
" free EtestF server %ertifi%ate was obtai ed from the Derisig +"' a d usi g this' SS; was su%%essfully %o figured withi @@S. *owever' due to the fa%t that su%h test %ertifi%ates expire after two wee?s a d the diffi%ulty of obtai i g repeat issues' SS; was ot deployed withi the fi ished system. This should ot be regarded as demea i g its e%essity i a y way 3 should a release system ever be %reated' a suitable server %ertifi%ate would eed to be pur%hased' a d SS; re3e abled.
%a+e 2,
- Client-Side Design $ss!es

-%" 0yperte&t Mark!p /ang!age 10TM/2
"ll web pages are ultimately passed to a browserBs re deri g e gi e as *TM;' this bei g a appli%atio of S.M;a. @ their simplest form' *TM; do%ume ts %o sist of a basi% blo%? of text' i terspersed with %o trol %odes 9HtagsB of the form MaddressN..MOaddressN: to i di%ate the ature or desired appeara %e of the Emar?ed upF text. Tags also exist for providi g hyperli ?s to other pages' displayi g images' embeddi g Java applets' providi g form %ompo e ts to re%eive user i put' a d so o . The la guage is offi%ially ma aged by the $2+b' who defi e the %omplete list of tags' their usage' a d the ma er i whi%h user age ts 9i.e. web browsers: should re der %o te t. *owever' *TM; has bee i a %o sta t evolutio ary pro%ess si %e its i %eptio %o se,ue tly differe t browsers support differe t versio s of the la guage a d very few have ever %orre%tly supported the sta dard i its e tirety. "dditio ally' ve dors have attempted to provide e ha %eme ts via their ow proprietary additio s 9for example' Aets%ape AavigatorBs Mbli ?N a d Mi%rosoft @ ter et &xplorerBs Mmar,ueeN tags:. (ser age ts are re,uired to ha dle tags whi%h they do ot re%og ise by simply ig ori g them' a d as su%h' %areful desig permits adva %ed features to be impleme ted tra spare tly 3 providi g e ha %ed fu %tio ality to those browsers whi%h support it' but still permitti g users of less well featured browsers to view the basi% i formatio prese t o the page. @ ter et usage statisti%s suggest that over 06P% of users view pages with a browser whi%h supports *TM; 5.0 9revised "pril 1110:1- %o se,ue tly it was de%ided that this versio be used as the basis for developi g the site' whilst e suri g that older browsers 9supporti g *TM; 2.22 a d earlier: be %apable of providi g %ore fu %tio ality' albeit with a less refi ed appeara %e a d user i terfa%e. Proprietary features have bee avoided %ompletely. !iffere %es i usersB system %o figuratio s 9e.g. s%ree resolutio ' %olour depth' fo t availability:' a d i the i terpretatio a d impleme tatio of the *TM; sta dard withi browsers' mea that the ma er i whi%h web pages will appear %a ever be %ompletely predi%table. !espite the temptatio to do so' %o siderable effort was made to avoid
a
Sta dard .e eraliIed Mar?up ;a guage $orld $ide $eb +o sortium % Sour%e: browserwat%h.i ter et.%om
b
%a+e 2-
desig i g the site for use o parti%ular browsers a d systems' i stead ma?i g %orre%t use of *TM; to e sure that the site be a%%essible from all platforms 3 both those %urre tly i existe %e a d those o ly )ust emergi g' su%h as E$eb TDF a d other embedded systems. *owever' due to the fa%t that arou d 16P of web site hits are made usi g Mi%rosoft @ ter et &xplorer or Aets%ape Aavigator' the site was rigorously tested usi g these two browsers to e sure a i tuitive a d aestheti%ally pleasi g servi%e for the ma)ority of %ustomers. ".1.1 )rames ,#$M- frames allo. a thors to present doc ments in m ltiple vie.s, .hich may )e independent .indo.s or s ).indo.s. M ltiple vie.s offer designers a .ay to &eep certain information visi)le, .hile other vie.s are scrolled or replaced.F1 The de%isio was made to employ frames to provide a persiste t toolbar for easily avigati g arou d the site 9providi g li ?s to browse produ%ts' view shoppi g bas?et' log out' et%.:' as illustrated below. "dditio ally' be%ause the toolbar frame remai s i existe %e for the duratio of a visit' this was deemed the best pla%e to embed the %lie t3side Java applet for %ommu i%ati g with the smart%ard.
Toolbar Frame - Lo+ in - Lo+ out - 2o"e - 3asket - #hop etc. Main Frame
&ispla$s selected page
Figure %.1: ,ain fra"e structure
Similarly' a additio al frameset withi the mai frame itself was %o sidered most appropriate for e abli g users to sear%h for a d browse %ategories of produ%ts o the site:
Toolbar Frame - Lo+ in - Lo+ out - 2o"e - 3asket - #hop etc. Search Frame Select categor$ - nter search ter" Products Frame &ispla$s products "atching search criteria
Figure %.2: .rowse-search products fra"e structure

%a+e 2.
&a%h frame withi a frameset displays the %o te ts of a separate *TM; page' he %e a frameset do%ume t itself is fairly small 3 typi%ally defi i g o ly the stru%ture' layout a d (#;s of the i dividual frames. @t is also possible' however' to provide %o te t withi M oframesN..MO oframesN tags whi%h is re dered by browsers that do ot support frames. This fa%ility was used to provide li ?s to the most releva t page 9e.g. the Ewel%omeF page withi the ope i g frameset:- a d all pages withi the site were desig ed to provide a alter ative route to ea%h page' should the stati% toolbars be abse t. ;i ?s were used i prefere %e to repetitio of %o te t withi the M oframesN se%tio i order to ease mai te a %e of the site 9updates would otherwise re,uire %ha ges to be made i two pla%es:' a d i order to preve t u e%essary amou ts of data from bei g tra sferred to the ma)ority of users who would be usi g frames. ".1.2 )orms ,An #$M- form is a section of a doc ment containing normal content, mar& p, special elements called /controls0 1chec&)oxes, radio ) ttons, men s, etc.2, and la)els on those controls. Users generally /complete0 a form )y modifying its controls 1entering text, selecting men items, etc.2, )efore s )mitting the form to an agent for processing.3 1 /ei g the o ly method for obtai i g feedba%? from a user i a web appli%atio ' forms were %learly re,uired for su%h a%tio s as sele%ti g %ategories of produ%ts to view' a d submitti g sear%h %riteria' ,ua tities a d shippi g details to the server. &a%h %o trol is give a u i,ue ame' a d upo submissio ' ?ey3value pairs of the form 9%o trol ame' %o trol state: are passed to the server either withi the headers of the *TTP re,uest 9the HP4STB method:' or as a suffix to the (#; 9the H.&TB method: thus:
htt.://---.aston.ac.u5/Lforename0fre!Gsurname0+lo''s
Some browsers pla%e a upper limit upo the le gth of a (#;' %o strai i g the umber of ?ey3value pairs that %a be tra smitted usi g .&T. "dditio ally' this method is %learly u suitable for tra smitti g se sitive i formatio as the (#; 9i its e tirety: is li?ely to be %learly displayed withi the userBs address bar' a d may well be %a%hed by the browser a dOor a proxy server. =or these reaso s' it was de%ided that P4ST be used for the submissio of almost all forms withi the site. This te%h i,ue also has the adva tage of %ausi g the i formatio se t to the server to be e %rypted if a SS;a sessio is used. The
Se%ure So%?et ;ayer

%a+e 2/
o ly ex%eptio to this de%isio was for the submissio of produ%t %ategory or sear%h %riteria to the Eshow produ%tsF page 3 i this %ase' o ly a small amou t of i formatio is ever tra smitted 9%ategory ame or sear%h term:' a d the availability of (#;s of the form:
htt.://---.ser>er.com/.ro!ucts.as.Lcate'or60stationer6 htt.://---.ser>er.com/.ro!ucts.as.Lsearchterm0.ens
provides a i tuitive mea s for others to provide li ?s to parti%ular produ%t pages o the site. "lso' as the respo se obtai ed from a parti%ular %ategory or sear%h term is li?ely to %ha ge i fre,ue tly 9o ly whe ew produ%ts are added:' it would be safe for a server or browser to %a%he the page retur ed' refere %ed by its exte ded (#;. ".1.3 Client-side Scripting The vast ma)ority of browsers used today possess a s%ripti g e gi e whi%h permits %lie t3side %ode to be ru withi the browser e viro me t 9e.g. Aets%ape Aavigator 2.0 a d later' @ ter et &xplorer 2.0 a d later' a d 4pera 2.0 a d later:. (sage of this s%ripti g %apability %a provide %o siderable be efits to both %lie t a d server 3 for example' it %a be used to validate forms before they are submitted to the server' preve ti g the user from wasti g time waiti g for a respo se whe the form data is i valid' redu%i g etwor? traffi% a d relievi g server load. *owever' despite the fa%t that s%ripts ru i a Esa dboxF' a plethora of se%urity EholesF have bee dis%overed i the ma)or browsers duri g re%e t years' allowi g s%ripts to observe or modify eleme ts of the exter al system to whi%h they should ot be permitted a%%ess. $hilst the ve dors have typi%ally bee ,ui%? to provide pat%hes to %orre%t su%h problems' some users have lost %o fide %e i %lie t3side s%ripti g a d have disabled it withi their browsers. +o se,ue tly' it is ot possible to rely upo this te%h ology for a%hievi g %ore fu %tio ality. "s a result' the de%isio has bee made to utilise %lie t s%ripti g for the o 3esse tial tas? of e suri g form data is valid before submissio 9i additio to server3side validatio :' a d as the o ly mea s for providi g a i terfa%e betwee the %lie t3side Java applet a d %ompo e ts o the web page. (se of the smart%ard is ot esse tial for a%%essi g a d usi g the site' he %e this' agai ' does ot detra%t from %ore fu %tio ality. The sta dard *TM; s%ripti g la guage i use today is &+M"S%ript' origi ally developed by Aets%ape 9as JavaS%ript:' a d offered for sta dardisatio i "utum 1117. "ll browsers
%a+e 20
whi%h support %lie t3side s%ripti g support this la guage' he %e this was the atural %hoi%e for use withi the pro)e%t. ".1. !ynamic -T.(
!y ami% *TM; 9H!*TM;B: provides a e ha %ed user experie %e by permitti g %lie t3side s%ripts to modify the appeara %e of the web page o %e retrieved from the server' allowi g 3 for example 3 ob)e%ts to be moved a d hidde i respo se to parti%ular eve ts. The method by whi%h su%h dy ami% a%tivity is a%hieved differs mar?edly betwee browsers' however. Ma y do ot support a y form of !*TM;' whilst the two most %ommo ly used produ%ts 9Aets%ape Aavigator 5 a d @ ter et &xplorer 5O6: possess su%h radi%ally differe t do%ume t ob)e%t models that a y form of dy ami% user i terfa%e effe%tively eeds to be writte twi%e 3 o %e for ea%h browser. !espite the publi%atio of a sta dardised !4Ma by the $2+2' it is o ly with the re%e t release of Aavigator 7 that some form of %ommo ality betwee the Aets%ape a d Mi%rosoft produ%ts has bee re%og isable. +o se,ue tly' !*TM; has ot bee employed at all withi this pro)e%t 3 due to the authorBs per%eptio that it offers little be efit to the e d user' a d his relu%ta %e to expe d %o siderable effort over lear i g a d supporti g o 3sta dard' proprietary impleme tatio s.
-%# Cascading Style Sheets 1CSS2

Separatio of %o te t from style is ge erally regarded as desirable' due to the fa%t that the role of providi g a d mai tai i g i formatio 9H%o te tB: is very differe t from that of desig i g a aestheti%ally pleasi g a d logi%al user i terfa%e. *istori%ally' *TM; has blurred the bou daries betwee the two 3 a page will typi%ally %o tai i formatio ' perhaps se%tio ed usi g des%riptive tags su%h as MaddressN' together with formatti g %omma ds su%h as Mfo t siIeQBR2BN 9to i %rease text siIe:. +SS provides a mea s for defi i g style i a separate lo%atio from the mai *TM; body 9usually i a separate file e tirely:' a d offers a far ri%her set of %omma ds to defi e appeara %e. =or database3ba%?ed sites' where the u derlyi g data is already separately mai tai ed withi the database' +SS provides the adva tage of allowi g multiple pages to
!o%ume t 4b)e%t Model

%a+e 21
li ? to a si gle stylesheet' thus allowi g %ha ges to be made a%ross the site by ma?i g )ust o e set of modifi%atio s. The ma)ority of %urre t browsers support +SS ;evel 15 9@ ter et &xplorer 2.0 a d later' Aets%ape 5.0 a d later:' he %e it was de%ided that they be used throughout the site. Pages viewed o a o 3supporti g browser might appear less attra%tive' but would retai full fu %tio ality.
-%) Client-Side .ava Applet

@ order for %ommu i%atio with the smart%ard to be effe%ted' the eed be%ame appare t for the %reatio of a i termediate program whi%h was %apable of i terfa%i g both with the web browser a d also with the smart%ard reader atta%hed to the %omputer. +lie t3side s%ripti g te%h ology is i %apable of a%hievi g the latter dire%tly' he %e the most obvious mea s for a%hievi g this was to %reate a Java applet that would be %apable of ru i g withi the Java Dirtual Ma%hi es 9DMBs: prese t i the ma)ority of mai stream browsers. 4ld Java DMBs preve ted applets from %o du%ti g operatio s whi%h were %o sidered pote tially harmful' su%h as a%%essi g hardware' via a pro%ess ? ow as sand)oxing. *owever' the se%urity model of the Java platform 1.1 does permit su%h operatio s to be %o du%ted u der %ertai %ir%umsta %es 9typi%ally' after see?i g the userBs permissio :. Java 1.1 has bee i existe %e for ma y years' he %e is impleme ted i the vast ma)ority of browsers used today. "dditio ally' via use of a system %reated by Aets%ape ? ow as -iveConnect' it has be%ome possible for %lie t3side s%ripts ru i g i browsers to i terfa%e to Java applets embedded withi the page 3 spe%ifi%ally' by use of the ets%ape.)avas%ript.JS4b)e%t %lass i the Java %ode' a d the Hmays%riptB attribute i the MappletN tag withi the host *TM;. @t was %learly preferable for the applet to ma?e use of a established sta dard to %ommu i%ate with the smart%ard reader' as opposed to ma?i g a dire%t %o e%tio via the serialOparallel port a d bei g tied to o e parti%ular type of devi%e. +o se,ue tly' it was de%ided to ma?e use of a Java3based framewor? ? ow as 4+=a that a%ts as a abstra%tio layer betwee software a d hardware' a d for whi%h drivers are available for a umber of devi%es.
4pe %ard =ramewor?

%a+e (0
3 Client $mplementation
Please refer to the a%%ompa yi g +!3#4M to view the %omme ted %ode a d other files %reated to impleme t the system 9H$ebB dire%tory for user i terfa%e 9*TM;' +SS a d images:' H+lie tB dire%tory for %lie t3side Java applet sour%e:. "t the time of writi g' the fi ished sites were available from http:OOee3p%52.asto .a%.u?Ola%ey%sOs% a d http:OOee3p%52.asto .a%.u?Ola%ey%sOsm .
3%" +eb 4ser $nterface

Two separate sites were ultimately %reated 3 o e represe ti g the %ard issuer 9SmartCentre:' a d providi g %ard perso alisatio a d top3up fa%ilities- the other 9Aston SmartMar&et: bei g the &3%ommer%e site itself whi%h ma?es use of the SmartID perso al profile a d Smart4allet ele%tro i% %ash fa%ilities. Pages were %reated usi g a text editor 3 developme t tools su%h as Mi%rosoft =ro tPage a d Ma%romedia !reamweaver were avoided' as the %ode they ge erate was fou d to ma?e use of proprietary features withi mai stream browsers whi%h %a prove problemati% whe viewed i other e viro me ts. @mages were i itially %reated i a ve%tor3based drawi g pa%?age' amely +orelKara 2.0' whi%h allowed for the %reatio of sta dard styles a d modifi%atio of graphi%s 9e.g. e largeme t a d rotatio : without loss of defi itio . $he the desig pro%ess was %omplete' a ti3aliased images were saved i .@=a for butto s a d logos' whi%h is a %ompressed' o 3lossy' format providi g a maximum palette of 267 %olours. Photographi% images were saved usi g JP&.b format' whi%h provides 253bit %olour depth' but uses a lossy %ompressio algorithm 9ma?i g it u suitable for images %o tai i g highly defi ed edges' su%h as logos:.
a b
.raphi%al @ ter%ha ge =ormat Joi t Photographi% &xperts .roup

%a+e (1
/.1.1 SmartCentre Site Separate pages were %reated for: %o figuri g the %ard 9e teri g perso al data' spe%ifyi g se%urity setti gs: %ha gi g the P@A u blo%?i g the %ard by e teri g the %orre%t u blo%? %ode viewi g the bala %e %rediti g 9Htoppi g upB: the %ard by use of a %redit %ard repeati g a top up whi%h failed due to a etwor? failure
together with various i formatio al pages' i %ludi g su%%essOfailure feedba%? for top3up attempts. Most of the pages used forms to obtai user i put' passi g the data to the %ard by use of the %lie t3side Java applet. Toppi g up a d repeati g top3ups were the o ly pages to re,uire server3side pro%essi g of forms 9to ge erate the %orre%t %ryptographi% respo se:- the remai i g pages wor? %orre%tly if ru lo%ally i a web browser 9i.e. ot fet%hed from a server:' providi g users a mea s for %o figuri g their %ards without %o etwor?' if re,uired. e%ti g to the
Figure '.1: For" used to configure personal profile

%a+e (2
=rames were used to provide a easy3a%%ess toolbar' as see i figure 7.1 above' whi%h also proved to be a suitable stati% lo%atio for embeddi g the applet. /.1.2 Aston Smart.ar0et Site Separate pages were %reated for: %reati g a ew user a%%ou t loggi g i viewi g shoppi g bas?et %o te ts a d modifyi g ,ua tities providi g sear%h fa%ilities by %ategory or textually displayi g produ%ts mat%hi g the sear%h %riteria addi g a spe%ified ,ua tity of a produ%t to the shoppi g bas?et %he%?i g out usi g a %redit %ard %he%?i g out usi g Smart$allet repeati g a Smart$allet tra sa%tio that failed due to a system or etwor? problem together with various i formatio al pages' i %ludi g su%%essOfailure feedba%? for a%tio s su%h as %reati g a ew user a d ma?i g %redit %ard or smart%ard payme ts. "gai ' a frameset was %reated to provide a stati% toolbar' although avigatio through pages was su%h that operatio i a o 3frames e viro me t is possible.
%a+e ((
Figure '.2: Aston S"art,ar/et front page
Figure '.3: Pages to search product database and view results

%a+e (,
3%# Client-Side .ava Applet

/.2.1 1nterface .ethods The applet %reated provided the followi g methods whi%h %a be a%%essed from %lie t3side s%ripts' thus allowi g others to impleme t SmartID a d Smart4allet fu %tio ality i to a existi g site relatively easily: get/ala %e9: 3 retur s bala %e as i teger get=ield9Stri g fieldAame: 3 retur s profile i formatio as stri g set=ield9Stri g fieldAame' Stri g fieldDalue: debit9i t value' Stri g +halle ge: 3 retur s %ryptographi% respo se as stri g repeat!ebit#espo se9: 3 retur s %ryptographi% respo se as stri g prepare+redit9i t value: 3 retur s %ryptographi% %halle ge as stri g %redit9Stri g #espo se: 3 retur s su%%ess status as boolea se dPi 9i t pi : setPi 9i t pi : setSe%urity9boolea privateSe%' boolea private4 %e' boolea ge eralSe%' boolea ge eral4 %e: getSe%urity9: 3 retur s se%urity setti gs as stri g of the form E0110F u blo%?9Stri g %ode: 3 retur s su%%ess status as boolea begi +o versatio 9: e d+o versatio 9:
Most are fairly self3expla atory' a d %orrespo d to the %ore smart%ard fu %tio s des%ribed i !.5 Smartcard 6eat re Set. Possibilities for fieldAame i get!ield;..< a d set!ield;..< are Euser ameF' EpasswordF' Efore ameF' Esur ameF' EstreetaddressF' Etow F' E%ou tyF' Epost%odeF a d E%% umberF. $ithi setSecurity;..<' the flags are as defi ed i 7.5.5 Smartcard %I8 re+ ests 9trueQ1 a d falseQ0:. getSecurity;< retur s the %urre t se%urity setti gs i the same order as spe%ified i setSecurity;<' where 0 represe ts false 9off: a d 1 represe ts true 9o :. The %o %ept of E%o versatio sF was %reated i order to preve t the %ard P@A from havi g to be repeatedly e tered if a page re,uested several profile fields from the %ard' a d the %ard was %o figured always to re,uire the P@A. " blo%? of %ard i stru%tio s o a si gle
%a+e (-
page may be surrou ded by beginCon'ersation;< a d endCon'ersation;<' duri g whi%h time if the %ard re,uests the P@A' the applet will %a%he it a d automati%ally retur it to the %ard whe re,uired. /.2.2 2etscape 2a$igator and 1nternet E3plorer Sec#rity .odels !iffere %es betwee the se%urity models of browsers %aused problems i the impleme tatio of the applet' as the mea s for re,uesti g permissio to perform Eu safeF features differs i Aets%ape Aavigator a d @ ter et &xplorer. $ithi Aets%ape Aavigator' additio al %ode was re,uired withi the applet that %aused a error to be throw whe ru i @ ter et &xplorer. +o se,ue tly' a slightly differe t versio of the applet had to be %reated' a d the pla%ed i a J"#a file' a d digitally sig ed usi g a Aets%ape3spe%ifi% me%ha ism. @ @ ter et &xplorer' permissio was gra ted by addi g the web site to the list of Etrusted sitesF' for whi%h full Java permissio s the had to be e abled. +reatio of a +"/b file whi%h was digitally sig ed would allow this pro%ess to be%ome more automated 9prese ti g a s%ree to the user allowi g him to allow or de y permissio s upo dow load:. *owever' su%h a me%ha ism is also proprietary' a d i suffi%ie t time was available for this to be su%%essfully impleme ted. /.2.3 !ri$ers for Smartcard +eaders "lthough ative 4+= drivers have bee %reated for ma y smart%ard readers' it was fou d that their i stallatio te ds to be fairly %ompli%ated 9i volvi g ma ually editi g %o figuratio s%ripts:' a d is dis%o %erti g for ma y users. P+OS+% drivers' however' ow appear to be supplied as sta dard with the vast ma)ority of readers' usually i a form more suited to i stallatio by o 3te%h i%al users 9e.g. by mea s of a InstallShield EwiIardF:. "lthough they %a ot be dire%tly %o trolled withi Java' 4+= provides a mea s to a%%ess P+OS+ drivers. Therefore' despite resulti g i the %reatio of a extra abstra%tio layer' this %o figuratio was used to permit the simplest mea s of %lie t i stallatio .
Java "r%hive 9Mi%rosoft: +abi et % P+OSmart%ard

b
%a+e (.
5 Smartcard Design $ss!es

5%" Choice of *perating System
Three multiple appli%atio smart%ard operati g systems are %ommo ly i use 3 amely' Su Bs 9avaCard' Mi%rosoftBs 4indo.s for Smartcards a d Maos%oBs MU-$:S. The fu %tio ality provided by ea%h appears to be fairly similar 3 the ma)or differe %e i impleme tatio s bei g the la guage i whi%h developme t ta?es pla%e 9Java' Disual /asi% a d assembly la guage' respe%tively:. The de%isio was made to sele%t M(;T4S %ards for developme t' solely be%ause this is the system upo whi%h the "sto ( iversity Smart Camp s Card is based. +o se,ue tly' it should be possible for the appli%atio s writte for this pro)e%t to be loaded o to a "sto %ard should a suitable appli%atio load %ertifi%ate be obtai ed from the M(;T4S +"a.
5%# Card-Client Comm!nication

@S4 <017 Part 5 defi es a sta dard mea s for %ard3%lie t %ommu i%atio whi%h is supported by M(;T4S a d the vast ma)ority of smart%ard impleme tatio s. +ommu i%atio ta?es pla%e via a se,ue %e of "P!(Bsb' whi%h are effe%tively messages or pa%?ets of data formatted i a %o siste t ma 4.2.1 Command AP!*5s +omma d "P!(Bs 9i.e. those se t to the %ard: %o sist of a sta dard four3byte header' optio ally followed by a body of arbitrary le gth %o tai i g data' as show i 6ig re ;.5 below:
0eader .od$
er.
+;"
@AS
P1
P2
;%
Data
;e
Figure 1.1: 2S3 141'-4 5o""and AP&6 structure
where the +;" 9%lass: a d @AS 9i stru%tio : bytes ide tify whi%h operatio is bei g re,uested of the smart%ard- P1 a d P2 are parameters spe%ifi% to the fu %tio %alled- ;% %o tai s the amou t 9le gth: of data prese t i bytes- ;e %o tai s the expe%ted le gth of the respo se data i bytes.
a b
+ertifi%atio "uthority "ppli%atio Proto%ol !ata ( its

%a+e (/
4.2.2 +esponse AP!*5s #espo se "P!(Bs %o sist of a optio al data body' followed by a two3byte trailer' as show i 6ig re ;.< below:
.od$ 7railer
Data
S$1
S$2
Figure 1.2: 2S3 141'-4 )esponse AP&6 structure
where S$1 a d S$2 %omprise the Stat s 4ord' providi g i formatio as to the su%%ess or failure of the operatio 9e.g. 10'00 represe ts su%%essful- 71'02 se%urity status ot satisfied:. 4.2.3 AP!* Cases +o se,ue tly' four fu dame tal types of %omma d exist' as defi ed by @S4 <017: Case 5 3 Ao %omma d or respo se data prese t Case < 3 4 ly respo se data 9from %ard: prese t Case ' 3 4 ly %omma d data 9to %ard: prese t Case ( 3 /oth %omma d a d respo se data prese t
+ases 2' 2 a d 5 were deemed suitable for use with respe%t to the perso al profile a d wallet fu %tio s %reated for this pro)e%t' e.g. %ase 2 for retrievi g profile i formatio ' %ase 2 for updati g profile i formatio ' a d %ase 5 for issui g a debit i stru%tio 9where the %lie t se ds a %ryptographi% %halle ge a d the value to be debited' a d re%eives the %ardBs %ryptographi% respo se:.
%a+e (0
6 Smartcard $mplementation
Please refer to the a%%ompa yi g +!3#4M 9H+ardB dire%tory: or Appendix ; to view %omme ted %ode for the %ard applet %reated.
6%"
eat!re Set
"s des%ribed i <.< "e+ irements' the ge eral fu %tio ality re,uired of the smart%ard was the storage a d retrieval of data i the perso al profile' a d provisio of a EwalletF for ele%tro i% %ash. =or more detailed i formatio upo impleme tatio of the latter' refer to ! Cryptographic Challenge and "esponse Cycle. @t would have bee possible' a d perhaps desirable' to impleme t two i depe de t applets for providi g the profile a d wallet features. *owever' to mi imise %o fusio ' all fu %tio ality was provided withi a si gle applet for the purposes of this pro)e%t. The followi g i stru%tio set was defi ed a d impleme ted withi M";a %ode. The umbers i pare theses represe t le gth i bytes' a d the prefix H0xB i di%ates a hexade%imal value. $@S 0x0 n 0x1 n 0x20 0x21 0x22 0x22 0x20 0x50 0x51 0x52 0x52 0x55 !eature #etur profile i formatio Set profile i formatio !ebit wallet Prepare for %redit "ttempt %redit #epeat last debit respo se #etur bala %e Submit P@A Set P@A (pdate se%urity setti gs #etur %urre t se%urity setti gs ( blo%? %ard $nput )ata "S+@@ S20T +rypto %halle ge S7T !ebit value S2T +redit value S2T +rypto respo se S0T P@A S2T Aew P@A S2T Setti gs S5T Setti gs S5T ( blo%? %ode S0T
Figure 4.1: 2"ple"ented s"artcard feature set
2utput )ata "S+@@ S20T
+rypto respo se S0T +rypto %halle ge S0T +rypto respo se S0T /ala %e S2T
Multos "ssembly ;a guage

%a+e (1
6.1.1 P12 +e7#ests "s a additio al measure of se%urity' the applet was desig ed ot to perform Eda gerousF operatio s 9su%h as debits a d profile %ha ges: u less the %orre%t P@A is submitted dire%tly beforeha d 9usi g i stru%tio 0x50:. @ additio ' it was made possible for the user to %o figure the %ard as to whether a d how ofte 9always' o %e per sessio ' or ever: P@A e try is re,uired for retrievi g profile i formatio . 4ptio s %a be spe%ified for Ese sitiveF data 9password a d %redit %ard umber: a d for Ege eralF data 9all other fields:. The four bytes se t a d re%eived as se%urity setti gs i i stru%tio s 0x52 a d 0x52 represe t four flags SprivateSe%' private4 %e' ge eralSe%' ge eral4 %eT. privateSe% i di%ates whether the %ard should re,uest P@A e try whe retrievi g private i formatio ' a d private4 %e how ofte this should o%%ur 91 Q o %e per sessio ' 0 Q every re,uest:. The setti g of the latter is irreleva t if privateSe% is set false. Similarly' ge eralSe% a d ge eral4 %e spe%ify whether a d how ofte the P@A should be re,uested for the retrieval of ge eral data.
6%# Developmental Process

+odi g was %arried out usi g a text editor' a d *ita%hiBs M ltos Development $ools used to %ompile' debug a d load the M"; %ode o to a smart%ard. Dery basi% fu %tio ality was impleme ted i the early stages of developme t' with extra features bei g added o %e testi g proved that those already i existe %e wor?ed as i te ded. &xte sive use was made of the EMS!TF %ard simulator to i sert brea?poi ts i to %ode' the tra smit parti%ular "P!(Bs a d step through ea%h li e of the applet. The system permitted the values of %hose variables to be observed 9Ewat%hedF: whilst steppi g through the %ode' a d showed the %o te ts of registers' the sta%? a d the tra sa%tio shadow data area 3 all of whi%h proved i valuable i ide tifyi g errors withi the %ode. To permit testi g of the applet upo the smart%ard itself' the $erminal Sim lator was used to upload the applet 9by sele%tio of a suitable load %ertifi%ate' desig ed for the developme t %ards:' tra smit "P!(Bs a d view the %ard respo se.
%a+e ,0
7 Cryptographic Challenge and 'esponse Cycle

7%" 'e(!irements
Previous desig de%isio s di%tated that the o ly re%ord of the value stored withi a userBs wallet was to be o the smart%ard itself 9see <.<.5 Electronic cash re+ irements:. +o se,ue tly' a system eeded to be %reated whereby: 1. it was impossible for a user to i %rease his bala %e by a y mea s other tha a tra sa%tio authorised by the %ard issuer. 2. a server issui g a debit i stru%tio s %ould be assured that the bala %e had bee su%%essfully de%reased 9before shippi g goods' for example:. =urthermore' %ommu i%atio betwee server a d %ard had to o%%ur via a i se%ure' u trusted etwor?O%lie t termi al' ope to eavesdroppi g a d modifi%atio of the data bei g tra sferred.
7%# $mplemented Sol!tion

The o ly mea s by whi%h the re,uireme ts previously detailed %ould be met appeared' therefore' to be by mea s of %ryptography a d the storage of ?eys o both the server a d the smart%ard 9see '.= Encrypted Comm nication:. The fa%t that %ode ru o the smart%ard %a be trusted 9see <.5.5 Applica)ility of smartcard technology: mea s that the %ard %a be relied upo to assess whether a %redit i stru%tio origi ated from a authorised sour%e before i %reasi g the bala %e. "dditio ally' the %ard applet %a be %reated su%h that a parti%ular respo se 9verifiable by the server' a d i %al%ulable ex%ept usi g the private ?ey o the %ard: is ge erated to i di%ate that a debit i stru%tio was su%%essful 9sub)e%t to user authorisatio by e try of a P@A:. The fa%t that' for this pro)e%t' the %ard issuer was the same e tity as the site whi%h authorised tra sa%tio s' mea t that it was a%%eptable to use symmetri% %ryptography 9i.e. ma?e use of o e private ?ey o ly' stored o both the server a d the %ard:. +o se,ue tly' the se%urity of the system would be bro?e if the private ?ey was ever divulged to a third party. @ a release system' the use of asymmetri% %ryptography or simply a differe t
%a+e ,1
private ?ey for ea%h %ard 9as i .SMa S@Mb %ards: would redu%e the pote tial for su%h %atastrophi% destru%tio of the systemBs se%urityU
7%) Debit Proced!re

The pro%edure to debit the %ard i volves the ge eratio of a challenge by the server' whi%h is tra smitted to the %lie t together with the value to be debited. The %ard the attempts to de%rease its bala %e by the amou t spe%ified a d 3 if su%%essful 3 digitally sig s the 9%halle ge'value: data usi g its private ?ey. The respo se thus ge erated %a the be retur ed to the server whi%h' usi g the same private ?ey as that prese t o the %ard' %a assess whether the %orre%t respo se has bee retur ed a d thus whether the debit i stru%tio was %arried out.
Figure 8.1: &ebit co""unication se9uence
The algorithms typi%ally used to perform digital sig atures are !&S or 23!&S. *owever' either was ot available o the developme t %ard provided- %o se,ue tly' the fu %tio performed was simply a ex%lusive3or of the 753bit private ?ey with a %o %ate atio of the 503bit %halle ge a d the 173bit debit value. +learly' su%h a fu %tio is i o way suitable for digital sig atures' as it is easily reversible' allowi g the private ?ey to be %al%ulated. @f impleme ted o a release %ard' the values would i stead be passed to the digital sig ature algorithm provided- a d the same fu %tio used o the server. &a%h %halle ge ge erated by the server eeds to be u i,ue 9a nonce:' so that the %orre%t respo se %a
a b
ever be obtai ed by refere %e to histori% data. =or the purposes of this
pro)e%t' use of a 503bit ra dom umber with over 200 billio possible values' is regarded
.lobal System for Mobiles Subs%riber @de tity Module
%a+e ,2
as bei g suffi%ie t. !eployme t i the real world may re,uire the use of lo ger umbers a d a differe t mea s for %al%ulati g the o %e' i order to provide higher levels of se%urity' a d redu%e the possibility of )r te-force atta%?s from su%%eedi g.
7%, Credit Proced!re

=or toppi g up the %ard' a similar strategy is used to that employed withi the debit pro%edure. *owever' i this %ase the %halle ge is ge erated by the %ard' a d thus a additio al stage is re,uired for the %halle ge to be re,uested' as show :
Figure 8.2: 5redit co""unication se9uence
HvalueB is set to Iero after %ompletio of the top3up to preve t replay of the repo se %ausi g multiple %redits.
7%- Tolerance to 8etwork
ail!res
@ the eve t of a etwor? failure' the situatio may arise where value is su%%essfully debited from the %ard' a d the respo se is ge erated but ever re%eived by the server. +o se,ue tly' the %ard applet was %oded su%h that the respo se' o %e ge erated' is stored i o 3volatile memory- a d a %omma d added to the i stru%tio set whi%h %auses the %ard to repeat its last respo se. *e %e' this fa%ility %ould be used repeatedly to re3attempt tra smissio of the respo se over the etwor? u til su%%essful. Similarly' i the eve t of a etwor? failure preve ti g a respo se from rea%hi g the %ard i the fi al %redit stage' the server eeds to be able to re3tra smit this as ma y times as e%essary 9i.e. ta?e respo sibility for ma?i g a re%ord of the last respo se %al%ulated for ea%h user:.
%a+e ,(
7%3 Tolerance to System $nterr!ptions

@ the same way that tra sa%tio s were employed to preve t partial %ompletio of database pro%esses o the server 9see '.(.5 Data)ase $ransactions:' %ards tra sa%tio s have bee used to e %ompass the %riti%al a%tio s show i 6ig res !.5 a d !.<. +o se,ue tly' if power to the %ard was %ut 9e.g. by removi g 9tearing: the %ard: betwee %riti%al operatio s' a y %ha ges made would be rolled ba%? whe the %ard was ext powered up 3 he %e i the %ase of debits' subtra%tio of the bala %e would be u do e if a respo se was ot %al%ulated.
7%5 Sec!rity
The se%urity model of the %ryptographi% %halle geOrespo se %y%le appears to be sou d' resilie t to fraud attempts su%h as replay atta%?s. *owever' there is o %he%? made duri g the debit pro%edure that the debit re,uest is bei g made by a authorised e tity 3 i stead' the user is relied upo to e sure that the siteOappli%atio they are usi g is trustworthy 9perhaps by refere %e to a SS; %ertifi%ate:. $ithi a release system' it would be be efi%ial to redu%e the possibility of u authorised debits by re,uiri g re,uests to be themselves sig ed i some ma er. " test site was %reated i di%ati g the differe t stages of the debit a d %redit pro%edures' a d allowi g values to be modified to simulate fraud attempts. This is i %luded o the +!3#4M 9H$ebOtestB dire%tory: a d at the time of writi g was available from http:OOee3p%52.asto .a%.u?Ola%ey%sOtestOdebit.html a d http:OOee3p%52.asto .a%.u?Ola%ey%sOtestO%redit.html .
%a+e ,,
Figure 8.3: &ebit test site
Figure 8.4: 5redit test site

%a+e ,-
"9 Eval!ation
The author believes the pro)e%t to have bee su%%essful' i meeti g a d ex%eedi g the origi al aims. " &3%ommer%e site has bee su%%essfully %reated' a d 3 i the abse %e of suitable spe%ifi%atio s from Mo dex 3 a se%ure smart%ard payme t system has bee %reated from s%rat%h. "dditio ally' a smart%ard perso al profile system has bee %reated i respo se to the re,uest of *ita%hiBs Smart +ommer%e !ivisio . Several people were as?ed to test the sites %reated' a d feedba%? obtai ed from them was used to refi e the user i terfa%e. +o siderable testi g has also bee %arried out by the author to e sure the stability of the e tire system. " site was %reated to demo strate the wor?i gs of the %redit a d debit pro%edures' permitti g modifi%atio s to be made to the data passed to the %ard a d server. "ttempts to defraud the system 9e.g. by de%reasi g the value passed to a %ard for a debit attempt' or %o du%ti g replay atta%?s: all failed.
"9%" Pro:ect Costing

The o ly dire%t %osts i volved with the developme t of the system were with respe%t to smart%ard hardware a d developme t tools 9?i dly do ated by *ita%hi:: 1 .@S Smart Mouse smart%ard reader 2 M(;T4S 2 Test +ards W V20 ea%h V22.60 V50.00 Total1 B"&.+. "dditio ally' two P+Bs 9a server a d a wor?statio : a d various operati g systems a d pie%es of software 9$i dows' Multos !evelopme t Tools' "%%ess: were utilised. The author believes the time spe t resear%hi g a d developi g the system to be i ex%ess of four hu dred hours. "dditio ally' arou d twelve hours were spe t i %o sultatio with a%ademi% staff a d *ita%hi represe tatives- a d approximately three hours with support staff.
%a+e ,.
"9%" Possible
followi g issues:
!t!re Development
Should further time have bee available' it would have bee desirable to address the
1. #emove the eed for the site to be added to the list of Etrusted sitesF a d for full Java permissio s to be expli%itly gra ted i @ ter et &xplorer' by providi g a versio of the %lie t3side Java applet whi%h was digitally sig ed usi g Mi%rosoftBs sig i g te%h ology. "lter atively' resear%h the feasibility of usi g Su Bs Java Plug3i for @ ter et &xplorer' Aets%ape Aavigator a d 4pera to provide a sta dard mea s for ru i g a d gra ti g a%%ess rights to %ode.
2. #edu%e the pote tial for u authorised %ard debits by re,uiri g debit re,uests to be digitally sig ed. 2. #edu%e the %omplexity of the i stallatio pro%ess re,uired by users' by %reati g a @ stallShield wiIard 9or similar: to automate the pro%ess. 5. @ %rease the level of user feedba%? provided whe tra sa%tio s fail by providi g a fuller ra ge of %ard respo se %odes to i di%ate differe t errors 6. & sure validatio of *TM; forms o%%urs both o the server side a d the %lie t side i all %ases. @ the lo ger term' the pro)e%t %ould be developed further by: 1. Performi g server load tests' a d impleme ti g a system more suited to high volume traffi% 9e.g. by deployi g a 4ra%le database: 2. Providi g additio al mea s for a%%essi g the site' e.g. via $"PO$M; o mobile telepho es 2. +reati g %lie t3side software to %o figure the smart%ard a d ma age the perso al profile' without eed for a%%essi g the ESmart+e treF web site.
%a+e ,/
"" Concl!sion
The su%%essful %reatio of smart%ard3based ele%tro i% %ash a d perso al profile systems' a d the i tegratio of these i to a fully3fu %tio i g &3%ommer%e site' suggest that smart%ard te%h ology does provide a feasible solutio to some of the problems whi%h preve t &3%ommer%e sites from realisi g their full pote tial. Spe%ifi%ally' the e d3produ%t %reated for this pro)e%t provides a portable' se%ure mea s for users to store a d tra sfer ele%tro i% %ash over the @ ter et' providi g the same be efits that real %ash has over %redit %ards with respe%t to mi%ropayme ts' a o ymity a d speed of tra sa%tio . "dditio ally' the system allows users to %omplete o li e forms rapidly' a d removes the eed for sites to retai re%ords of perso al data 3 providi g be efits i terms of priva%y a d removi g the eed for users to i form umerous sites whe ever details %ha ge. +urre tly' the use of smart%ard te%h ology for these purposes is most fu dame tally %o strai ed by the low umber of %ard readers i ge eral use. *owever' the i %reasi g deployme t of smart%ards i ba ?i g' a d the i %lusio of smart%ard fa%ilities i $i dows 2000' %a o ly serve to expedite their i %rease i popularity. Aevertheless' a umber of other issues have bee ide tified whi%h' u til resolved' appear li?ely to limit the utility of smart%ard te%h ology with respe%t to &3%ommer%e. +o siderable diffi%ulties were e %ou tered i a%%essi g the smart%ard from withi the web browser: the o ly mea s dis%overed bei g by use of a framewor? 94+=: whi%h is too %ompli%ated to i stall for the ma)ority of users. "lso' differe %es i the se%urity models of browsers mea t that applets had to be developed whi%h were appli%atio 3spe%ifi% or re,uired %ompli%ated %o figuratio steps to be %arried out. "dditio ally' the relu%ta %e of Mo dex @ ter atio al to provide their spe%ifi%atio s to i dividuals with whom they have o %ommer%ial trust agreeme t' seems to be i di%ative of the attitudes of the developers of most ele%tro i% %ash systems' a d suggests that stro g %o fide %e still does ot exist i the se%urity of these systems. $idespread adoptio of smart%ard te%h ology for &3%ommer%e will therefore probably ot o%%ur u til a sta dard mea s for web browsers to i terfa%e with them has bee developed' a d u til a ope sta dard exists for the storage a d tra sfer of ele%tro i% %ash' allowi g deployme t by all.
%a+e ,0
'eferences
1
#agget ! et al: #$M- (.> Specification' revised 1110' $2+ #agget !: #$M- '.< "eference Specification' 111<' $2+ $ood ; et al: Doc ment :)*ect Model 1D:M2 -evel 5 Specification' 1110' $2+ ;ie *' /os /: Cascading Style Sheets -evel 5' 1117' $2+
%a+e ,1
;ibliography
+obley ": $he Complete ? ide to 9ava' 111<' +omputer Step /a??e S' %#% User Man al' 1111' P*P !o%ume tatio .roup !evargas M: Smart Cards @ Memory Cards' 1112' A++ /la%?well Joh so S: Using Active Server %ages' 111<' >ue ;ie *' /os /: Cascading Style Sheets -evel 5' 1117' $2+ Mit%hell S' "t?i so J: Active Server %ages '.>' 2000' S"MS #agget ! et al: #$M- (.> Specification' revised 1110' $2+ #agget !: #$M- '.< "eference Specification' 111<' $2+ #a ?l $' &ffi g $: Smartcard #and)oo&' 111<' Joh $iley #ey olds M' $ooldridge ": Using 9avaScript' 1117' >ue Ta e bau ": Comp ter 8et.or&s' 2rd ed' 1117' Pre ti%e *all $ood ; et al: Doc ment :)*ect Model 1D:M2 -evel 5 Specification' 1110' $2+ Apache 5.' User0s ? ide' 2000' "pa%he .roup Client-Side 9avaScript ? ide v5.'' 1111' Aets%ape +ommu i%atio s +orp. Client-Side 9avaScript "eference v5.'' 1111' Aets%ape +ommu i%atio s +orp. &+M" Sta dard 272' ECMAScript -ang age Specification' 111<' &+M" 9ava < SDA Standard Edition Doc mentation version 5.<.<' 1111' Su Mi%rosystems @ %. M ltos (.> Development $ools Doc mentation' 1111' *ita%hi M ltos Developers "eference Man al v5.'>' 1111' Maos%o M ltos Developers ? ide v5.<>' 1111' Maos%o
%a+e -0
Appendi& "< System *verview

Server 1nternet *nternet *n4or"ation #erver A#% #criptin+ !n+ine 563C Layer 6ata7ase #erver-si$e 8ava App 3rowser #criptin+ !n+ine Client-si$e 8ava applet 8ava 9& 5pencar$ <ra"ework 5lient
PC8SC (ayer
#"art*6 Applet A%* *nterpreter 5peratin+ #yste" :&ULT5#; S"artcard
%a+e -1
Appendi& #< P!blic E&planatory Material

Appendi& #%"< $ntrod!ction to Smart$D and Smart+allet
Celcome to SmartCentre
This site allows %o figuratio of your Smart$) a d SmartCallet applets. Smart$) e ables you to store a d mai tai your perso al profile o your ow smart%ard. Sites usi g Smart$) do ot retai perso al data' su%h as address a d %redit %ard details' but i stead obtai it whe re,uired by ,ueryi g your smart%ard. Smart$) will o ly release private i formatio whe you permit it to' givi g you full %o trol over how your data is ha dled. "dditio ally' by allowi g you to update your profile whe ever e%essary' Smart$) removes the eed for i formi g umerous sites whe ever your details %ha ge. Gou %a %o figure Smart$) or %ha ge your P@A. SmartCallet provides a se%ure mea s for stori g a d tra sferri g value over i se%ure etwor?s' su%h as the @ ter et. Sites employi g SmartCallet as a mea s of payme t will be able to debit or %redit your %ard i sta ta eously' avoidi g delays i here t withi %redit %ard %leari g systems. SmartCallet will o ly permit debits to be made after see?i g your permissio ' a d as there is o eed to ha d over a y %redit or debit %ard details' there is o ris? of your umber bei g used u lawfully. Gou %a view your %urre t bala %e or top up your wallet usi g a %redit or debit %ard.
%a+e -2
Appendi& #%#< Privacy Statement for SmartMarket
3ri'acy Statement
@ order to ma?e pur%hases from this site' you will eed to register yourself i to our user database by providi g your ame a d %hoi%e of user ame a d password. This' a d the %o te ts of your shoppi g bas?et' is the o ly i formatio whi%h SmartMar?et will retai %o %er i g you. $he ever address or %reditO%ard umber i formatio is re,uested' it used to pro%ess the si gle tra sa%tio for whi%h it has bee e tered. Ao perma e t re%ord is made of this data. $e re%omme d that you use the Smart$) smart%ard system to mai tai your perso al profile a d use this to fill i our forms ,ui%?ly a d a%%urately. $he ever you log i ' we use a Xsessio %oo?ieX to ide tify you to our server for the duratio of your visit. Su%h %oo?ies are small text files whi%h are temporarily stored o your %omputerYs hard dis?' the %o te ts of whi%h %a o ly be se t to the web site whi%h origi ally %reated them. "ll sessio %oo?ies are automati%ally destroyed by your browser whe you %lose it dow . To remove the eed for loggi g i every time you visit our site' you may ti%? the box amed Xremember my logi usi g %oo?iesX to store a perma e t %oo?ie o your hard dis?. $e re%omme d this optio o ly if you are usi g a perso al ma%hi e. ;oggi g out from our site will always destroy all sessio a d perma e t %oo?ies.
%a+e -(
Appendi& )< Server $nstallation $nstr!ctions

These i stru%tio s are spe%ifi% Mi%rosoft $i dows AT 5 Server' with the Java Dirtual Ma%hi e' @ ter et @ formatio Server 2 9with "SP support:' a d "%%ess 4!/+ drivers i stalled. !eployme t o other platforms is u tested. 1. +opy the web site files 9o +!3#4M' H$ebB dire%tory: i to the web root dire%tory of @@S 9by default' +:Z@ etpubZwwwroot: or %reate a ew virtual dire%tory to host the files elsewhere. 2. +opy the "%%ess database 9o +!3#4M' HServerB dire%tory: to a lo%atio o the server that is ot a served web dire%tory. +reate a 4!/+ %o "%%ess 4!/+ driver 9+o trol Pa el !ata Sour%es 94!/+: System !SA tab "dd...: 2. +opy the Server3side Java appli%atio to $@AATZJavaZT#(ST;@/ a d register it as a +4M %ompo e t usi g the J"D"#&. utility 9if ot o system' o +!3#4M' HServerB dire%tory: usi g the followi g %omma d:
;a>are' /re'ister /class:2martA:7hallen'e /.ro'A::72).2martA:7hallen'e
e%tio to this file usi g the
5. #eboot the system to %omplete registratio of the +4M %ompo e t
Appendi& )%"< $mplementing SS/

SS; is ot re,uired for the su%%essful impleme tatio of this system. The followi g pro%edure %a ' however' be used to impleme t it if re,uired. Mi%rosoft +ertifi%ate Server will eed to be i stalled before pro%eedi g. Appendi3 3.1.1 9eneration of Ser$er Certificate Start the Internet Service Manager 9Start 3N $i dows AT 5 4ptio Pa%? 3N Mi%rosoft @ ter et @ formatio Server 3N @ ter et Servi%e Ma ager: #ight %li%? o E!efault $eb SiteF 9or virtual dire%tory if %reated:' sele%t EPropertiesF !ire%tory Se%urity tab 3N &dit Se%ure +ommu i%atio 3N 8ey Ma ager #ight %li%? E$$$F i 8ey Ma ager' +reate Aew 8ey =ollow the wiIard to %reate a %ertifi%ate re,uest file' e suri g EPut the re,uest i a fileF is sele%ted o the first s%ree ' as automati% tra smissio to a o li e authority appears
%a+e -,
ot to wor? %orre%tly. 4 the third s%ree ' e sure the e try for E4rga isatio F is the registered ow er of the domai withi whi%h the web server resides 9e.g. E"sto ( iversityF for asto .a%.u?:. "lso' E+ommo AameF should be the resolved @P address of the web server 9e.g. ee3p%52.asto .a%.u?: 3 if this is u ? ow ' determi e usi g http:OOwww.%lara. etOdialupOsupportOip.shtml . #e,uest a server %ertifi%ate from a +ertifi%atio "uthority 9e.g. Derisig at http:OOwww.verisig .%omOsiteOi dex.html:' followi g the o li e i stru%tio s a d submitti g the file ge erated by 8ey Ma ager 9the +S#a file: whe re,uested "fter re%eivi g the %ertifi%ate' right %li%? the ew ?ey i 8ey Ma ager a d sele%t E@ stall 8ey +ertifi%ateF. ;o%ate the %ertifi%ate a d sele%t it. @f the %ertifi%ate re%eived was embedded as plai text withi a &mail message' it will be e%essary to %opy a d paste the text betwee 33333/&.@A +&#T@=@+"T&33333 a d 33333&A! +&#T@=@+"T&33333 i to a ew file with a .p<r exte sio ' a d the sele%t this file. +lose 8ey Ma ager a d save %ha ges whe re,uested.
Appendi3 3.1.2: Enabling SS( #ight %li%? o the virtual dire%tory or E!efault $eb SiteF as appropriate' sele%t EPropertiesF !ire%tory Se%urity tab' e able E#e,uire se%ure %ha el whe a%%essi g this resour%eF a d E"%%ept %lie t %ertifi%atesF "pply setti gs by %li%?i g E48F.
4 %e this pro%edure has bee %arried out' a%%ess to the web site will be available o ly via SS; 9re,uiri g https:OO as the prefix to its (#;:.
+ertifi%ate Sig i g #e,uest

%a+e --
Appendi& ,< Client $nstallation $nstr!ctions

These i stru%tio s are spe%ifi% to Mi%rosoft $i dows 10 with @ ter et &xplorer 6.0 a dOor Aets%ape Aavigator 5.<. !eployme t o other platforms is u tested.
Appendi& ,%"< Drivers for Smartcard 'eader

1. @ stall P+OS+ driver for smart%ard reader 9driver for ESmartMouseF reader is o +!3#4M: 2. @f ot already prese t' i stall Java #u time & viro me t 9 e%essary to i stall 4+=:' available from http:OO)ava.su .%om 2. @ stall 4pe %ard =ramewor? library' provided o +!3#4M or available from http:OOwww.ope %ard.org by issui g the %omma d: ;a>a install?7B 5. +opy Hbase3opt1.)arB a d Hp%s%.)arB 9 ew pat%h: from +!3#4M 9H4+= @ stallatio B dire%tory: i to 4pe +ard library dire%tory 9+:Z4pe +ardZ4+=1.2Zlib by default: 6. "dd the 4+= %lasses to the system +;"SSP"T* by ma?i g the followi g additio s to "(T4&K&+./"T:
7A)) 7:M?.en7ar!M?7B1.FM!emosMseten>.+at 2ET 7)A22PATH0#7)A22PATH#@7:M?.en7ar!M?7B1.FMli+M+ase-core.;ar 2ET 7)A22PATH0#7)A22PATH#@7:M?.en7ar!M?7B1.FMli+M+ase-o.t1.;ar 2ET 7)A22PATH0#7)A22PATH#@7:M?.en7ar!M?7B1.FMli+M.csc.;ar 2ET 7)A22PATH0#7)A22PATH#@7:M?.en7ar!M?7B1.FMli+Mreference-ser>ices.;ar
Appendi& ,%#< $nternet E&plorer

1. +opy the Hope %ard.propertiesB file i stalled by 4+= 9by default' i +:ZProgram =ilesZJavaSoftZJ#&Z1.2Zlib: i to @&Bs Java home dire%tory 9$i dowsZJavaZlib: 2. "dd the server upo whi%h the site is hosted 9e.g. ee3p%52.asto .a%.u?: to the list of Etrusted sitesF 9Tools @ ter et 4ptio s... Se%urity tab Trusted Sites Sites...: 2. .ra t full permissio s to Java %ode origi ati g from trusted sites 9Trusted Sites +ustom ;evel... Java Permissio s' sele%t E+ustomFJava +ustom Setti gs... &dit Permissio s #u ( sig ed +o te t' sele%t E& ableF:
%a+e -.
Appendi& ,%)< 8etscape 8avigator

1. +opy the Hope %ard.propertiesB file i stalled by 4+= 9by default' i +:ZProgram =ilesZJavaSoftZJ#&Z1.2Zlib: i to Aets%apeBs Java home dire%tory 9+:ZProgram =ilesZAets%apeZ(sersZMuser ameN: as H.ope %ard.propertiesB 2. +opy the !;; H4+=P+S+1.!;;B i stalled by 4+= 9by default' i +:Z4pe +ardZ4+=1.2Zlib: to Aets%apeBs Java library dire%tory 9+:ZProgram =ilesZAets%apeZ+ommu i%atorZProgramZ)avaZbi : 2. @ stall the %ertifi%ate for the E"sto F +ertifi%atio "uthority 9used to %reate the %ertifi%ate with whi%h the applet was sig ed' as opposed to pur%hasi g o e: by draggi g the Hx601.%a%ertB file 9o +!3#4M' H+lie tOASB dire%tory: i to the browser wi dow' a d followi g the o li e i stru%tio s
%a+e -/
Appendi& -< Server Code

Appendi& -%"< ASP E&amples
Appendi3 ".1.1: (ibrary for calling cryptographic f#nctions &s;<lib.asp'
"# D)i+rar6 of 2martWallet cr6.to'ra.hic functions 7onst (aCBalance 0 NO000 7onst s-4.ri>ateHe6 0 31P11QNR4NQFS4RSSNSO3 DAnclusion of this li+rar6 -ill automaticall6 instantiate the ser>er ;a>a 7?( com.onent :im s-4smartA:7hallen'e 2et s-4smartA:7hallen'e 0 2er>er.7reate?+;ect8372).2martA:7hallen'e39 DGenerate a res.onse to a car!Ds challen'e for to.u. 8i.e. authorise the cre!it9 Bunction create=es.onse8s-4>alue* s-4challen'e9 create=es.onse 0 s-4smartA:7hallen'e.create=es.onse8s-4>alue* s-4challen'e* s-4.ri>ateHe69 En! Bunction D7alculate the eC.ecte! res.onse from a car! to in!icate reEuire! !e+it occurre! Bunction .reem.t=es.onse8s-4>alue* s-4challen'e9 .reem.t=es.onse0s-4smartA:7hallen'e..reem.t=es.onse8s-4>alue* s-4challen'e* s-4.ri>ateHe69 En! Bunction DGenerate a challen'e for the !e+it .roce!ure Bunction create7hallen'e create7hallen'e0s-4smartA:7hallen'e.create7hallen'e89 En! Bunction D=elease connection to 7?( com.onent Bunction s-4finalise 2et s-4smartA:7hallen'e 0 nothin' En! Bunction #$
%a+e -0
Appendi3 ".1.2: Ser$er-side $alidation for registering a #ser &add#ser.asp'

"# /)A,GUAGE 0 1B2cri.t #$ "%--&inclu!e file03../st!4li+.as.3--$ "%--&inclu!e file03../!+4li+.as.3--$ "# :im urlA..en!* userECists* username* .ass-or!* forename* surname username0=eEuest83username39 .ass-or!0=eEuest83.ass-or!39 forename0=eEuest83forename39 surname0=eEuest83surname39 urlA..en! 0 3Lusername03 G username G 3G.ass-or!03 G .ass-or! G 3Gforename03 G forename G 3Gsurname03 G surname D7hec5 to see if user alrea!6 eCists in !ata+ase userECists 0 ,ot isEm.t6=2832E)E7T Username B=?( Accounts WHE=E Username0D3 G username G 3D39 Af =eEuest83.ass-or!39 "$ =eEuest83.ass-or!F39 Then DPass-or!s !o not match !+4finalise89 =es.onse.=e!irect83a!!user4!iff.ass.as.3 G urlA..en!9 ElseAf username033 ?r .ass-or!033 ?r forename033 ?r surname033 Then DEssential fiel! left +lan5 !+4finalise89 =es.onse.=e!irect83a!!user4incom.lete.as.3 G urlA..en!9 ElseAf userECists Then DUser alrea!6 eCists !+4finalise89 =es.onse.=e!irect83a!!user4eCists.as.3 G urlA..en!9 Else D?H to insert user into !ata+ase !+ECecute83A,2E=T A,T? Accounts 8Username*Pass-or!*Borename*2urname9 1A)UE2 8D3 G4 G username G 3D*D3 G .ass-or! G 3D*D3 G forename G 3D*D3 G surname G 3D939 !+4finalise89 =es.onse.=e!irect83a!!usersuccess.html39 En! Af #$
%a+e -1
Appendi3 ".1.3: =alidating card5s debit response &sca#thorise.asp'

"# /)A,GUAGE 0 1B2cri.t #$ "%--&inclu!e file03../st!4li+.as.3--$ "%--&inclu!e file03../!+4li+.as.3--$ "%--&inclu!e file03../cc4li+.as.3--$ "%--&inclu!e file03../s-4li+.as.3--$ "# :im eC.ecte!=es.* actual=es.* transaction1alue* +as5etTotal* name* a!!ress actual=es.0=eEuest83car!=es.onse39 D=etrie>es car!Ds res.onse to cr6.to'ra.hic challen'e +as5etTotal0'et,umericBas5etTotal89 D?+tain information for current transaction from !ata+ase... !+<uer6832E)E7T Username*Transaction=es.onse*Transaction1alue*Transaction,ame* TransactionA!!ress*TransactionTo-n*Transaction7ount6*TransactionPostco!e B=?( Accounts WHE=E Username0D3 G 2ession83username39 G 3D39 eC.ecte!=es. 0 o+;=283Transaction=es.onse39 transaction1alue 0 o+;=283Transaction1alue39 name 0 o+;=283Transaction,ame39 a!!ress 0 o+;=283TransactionA!!ress39 G 3* 3 G o+;=283TransactionTo-n39 G 3* 3 G4 G o+;=283Transaction7ount639 G 3* 3 G o+;=283TransactionPostco!e39 o+;=2.7lose Af transaction1alue$(aCBalance Then D:e+its of >alues 'reater than 2martWalletDs maCimum +alance are not .ossi+le !+4finalise89 =es.onse.=e!irect83sc4eCcess.as.39 ElseAf actual=es.0eC.ecte!=es. An! +as5etTotal0transaction1alue Then D=es.onse o+taine! from car! is correct* an! >alue of +as5et contents Dhas not chan'e! since challen'e -as issue! o+;7onn.Be'inTrans DBe'in !ata+ase transaction +ecause chec5in' out of each item Dan! for'ettin' eC.ecte! res.onse must +e atomic .urchaseBas5et89 !+<uer683UP:ATE Accounts 2ET Transaction=es.onse0-1* Transaction1alue00 WHE=E Username0D3 G 2ession83username39 G 3D39 D7lears transaction information to .re>ent re.la6 attac5s o+;7onn.7ommitTrans D7ommit transaction !+4finalise89 =es.onse.=e!irect83sc4success.as.39 Else !+4finalise89 =es.onse.=e!irect83sc4fail.as.39 En! Af #$
%a+e .0
Appendi& -%#< Server-Side .ava Application

im.ort ;a>a.io.K@ im.ort ;a>a.math.K@ .u+lic class 2martA:7hallen'e T final int (aC7ar!Balance 0 NO000@ .u+lic 2trin' create7hallen'e89 T Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er result 0 ne- Bi'Ante'er83039@ int ran!om@ for 8int i00@ i"0N@ iUU9 T //(a5e a lar'e ran!om num+er +6 result 0 result.multi.l68numFON9@ //concatanatin' se>eral ran!om 0 8int9 8FONK(ath.ran!om899@ //ran!om +6tes 8maC >alue of +6te0FON9 result 0 result.a!!8 ne- Bi'Ante'er8Ante'er.to2trin'8ran!om99 9@ V return result.to2trin'89@ V .u+lic 2trin' create=es.onse8int >alue* 2trin' challen'e* 2trin' .ri>ateHe69 T Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er result 0 ne- Bi'Ante'er83039@ Bi'Ante'er challen'e,um 0 ne- Bi'Ante'er8challen'e9@ Bi'Ante'er challen'eTest 0 ne- Bi'Ante'er8challen'e9@ Bi'Ante'er .ri>ateHe6,um 0 ne- Bi'Ante'er8.ri>ateHe69@ +6te tCBloc5IJ 0 ne- +6teIRJ@ for 8int i0Q@ i$00@ i--9 T tCBloc5IiJ 0 8+6te9 challen'eTest.remain!er8numFON9.int1alue89@ challen'eTest 0 challen'eTest.!i>i!e8numFON9@ V if 8tCBloc5IQJ008+6te98>alue#FON9 GG tCBloc5INJ008+6te98>alue/FON99 //1alue em+e!!e! in challen'e is same as that s.ecifie! 8in D>alueD .arameter9 //therefore return correct res.onse... result0challen'e,um.Cor8.ri>ateHe6,um9@ return result.to2trin'89@ V .u+lic 2trin' .reem.t=es.onse8int >alue* 2trin' challen'e* 2trin' .ri>ateHe69 T Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er result 0 ne- Bi'Ante'er83-139@ Bi'Ante'er challen'e,um 0 ne- Bi'Ante'er8challen'e9@ if 8>alue "0 (aC7ar!Balance9 T +6te tCBloc5IJ 0 ne- +6teIRJ@ //:etermine +6tes that -ill actuall6 +e transmitte! to car!... tCBloc5IQJ 0 8+6te98>alue#FON9@ tCBloc5INJ 0 8+6te98>alue/FON9@ for 8int i0O@ i$00@ i--9 T tCBloc5IiJ 0 8+6te9 challen'e,um.remain!er8numFON9.int1alue89@ challen'e,um 0 challen'e,um.!i>i!e8numFON9@ V Bi'Ante'er tCBloc5,um 0 ne- Bi'Ante'er8tCBloc59@ Bi'Ante'er .ri>ateHe6,um 0 ne- Bi'Ante'er8.ri>ateHe69@ result 0 tCBloc5,um.Cor8.ri>ateHe6,um9@ V return result.to2trin'89@ V V
%a+e .1
Appendi& 3< Client Code

Appendi& 3%"< 0TM/ and ECMAScript E&amples
Appendi3 /.1.1: *sing client-side >a$a applet ;ith forms &configsid.html'
"html$ "hea!$ "lin5 rel03st6lesheet3 href03sc.css3 t6.e03teCt/css3$ "scri.t lan'ua'e03;a>ascri.t3 t6.e03teCt/;a>ascri.t3$ function 'etBiel!s89 T >ar .in* sec2ettin's* 'eneral2ec* 'eneral?nce* .ri>ate2ec* .ri>ate?nce .arent.tool+ar.!ocument.smartA:.+e'in7on>ersation89@ !ocument.userform.username.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83username39@ !ocument.userform..ass-or!.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83.ass-or!39@ !ocument.userform.forename.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83forename39@ !ocument.userform.surname.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83surname39@ !ocument.userform.a!!ress.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83streeta!!ress39@ !ocument.userform.to-n.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83to-n39@ !ocument.userform.count6.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83count639@ !ocument.userform..ostco!e.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83.ostco!e39@ !ocument.userform.cc,um+er.>alue0.arent.tool+ar.!ocument.smartA:.'etBiel!83cc,um+er39@ sec2ettin's03C3 U .arent.tool+ar.!ocument.smartA:.'et2ecurit689@ .arent.tool+ar.!ocument.smartA:.en!7on>ersation89@ .ri>ate2ec0sec2ettin's.charAt819@ .ri>ate?nce0sec2ettin's.charAt8F9@ 'eneral2ec0sec2ettin's.charAt8P9@ 'eneral?nce0sec2ettin's.charAt849@ !ocument.userform..ri>atePinI0J.chec5e! 0 88.ri>ate2ec003139 GG 8.ri>ate?nce0030399@ !ocument.userform..ri>atePinI1J.chec5e! 0 8.ri>ate?nce003139@ !ocument.userform..ri>atePinIFJ.chec5e! 0 8.ri>ate2ec003039@ !ocument.userform.'eneralPinI0J.chec5e! 0 88'eneral2ec003139 GG 8'eneral?nce0030399@ !ocument.userform.'eneralPinI1J.chec5e! 0 8'eneral?nce003139@ !ocument.userform.'eneralPinIFJ.chec5e! 0 8'eneral2ec003039@ V function setBiel!s89 T >ar .in* 'eneral2ec* 'eneral?nce* .ri>ate2ec* .ri>ate?nce 'eneral2ec 0 %8!ocument.userform.'eneralPinIFJ.chec5e!9@ 'eneral?nce 0 !ocument.userform.'eneralPinI1J.chec5e!@ .ri>ate2ec 0 %8!ocument.userform..ri>atePinIFJ.chec5e!9@ .ri>ate?nce 0 !ocument.userform..ri>atePinI1J.chec5e!@ .arent.tool+ar.!ocument.smartA:.+e'in7on>ersation89@ .arent.tool+ar.!ocument.smartA:.setBiel!83username3*!ocument.userform.username.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83.ass-or!3*!ocument.userform..ass-or!.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83forename3*!ocument.userform.forename.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83surname3*!ocument.userform.surname.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83streeta!!ress3*!ocument.userform.a!!ress.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83to-n3*!ocument.userform.to-n.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83count63*!ocument.userform.count6.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83.ostco!e3*!ocument.userform..ostco!e.>alue9@ .arent.tool+ar.!ocument.smartA:.setBiel!83cc,um+er3*!ocument.userform.cc,um+er.>alue9@ .arent.tool+ar.!ocument.smartA:.set2ecurit68.ri>ate2ec* .ri>ate?nce* 'eneral2ec* 'eneral?nce9@ .arent.tool+ar.!ocument.smartA:.en!7on>ersation89@ V "/scri.t$ "/hea!$ "+o!6$ "form name03userform3$ "h1$7onfi'ure 2martA:"/h1$ "center$ "ta+le +or!er0303 cell.a!!in'0303 cells.acin'03103$ "tr$"t! ali'n03ri'ht3$Borename"/t!$"t!$"in.ut t6.e03teCt3 name03forename3 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$2urname"/t!$"t!$"in.ut t6.e03teCt3 name03surname3 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$2treet A!!ress"/t!$"t!$"in.ut t6.e03teCt3 name03a!!ress3 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$To-n/7it6"/t!$"t!$"in.ut t6.e03teCt3 name03to-n3 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$7ount6"/t!$"t!$"in.ut t6.e03teCt3 name03count63 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$Postco!e"/t!$"t!$"in.ut t6.e03teCt3 name03.ostco!e3 si e03P03$"/t!$"/tr$ "tr$"t!$Gn+s.@"+r$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$Username"/t!$"t!$"in.ut t6.e03teCt3 name03username3 si e03P03$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$Pass-or!"/t!$"t!$"in.ut t6.e03.ass-or!3 name03.ass-or!3 si e03P03$"/t!$"/tr$ "tr$"t!$Gn+s.@"+r$"/t!$"/tr$ %a+e .2
"tr$"t! ali'n03ri'ht3$7re!it car! num+er"/t!$"t!$"in.ut t6.e03teCt3 name03cc,um+er3 si e03P03$"/t!$"/tr$ "tr$"t!$Gn+s.@"+r$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$=eEuest PA, for 'eneral !ata"/t!$"t!$ "in.ut t6.e03ra!io3 name03'eneralPin3$Al-a6s "in.ut t6.e03ra!io3 name03'eneralPin3$?nce "in.ut t6.e03ra!io3 name03'eneralPin3 chec5e!$,e>er "/t!$"/tr$ "tr$"t! ali'n03ri'ht3$=eEuest PA, for sensiti>e !ata"/t!$"t!$ "in.ut t6.e03ra!io3 name03.ri>atePin3$Al-a6s "in.ut t6.e03ra!io3 name03.ri>atePin3 chec5e!$?nce "in.ut t6.e03ra!io3 name03.ri>atePin3$,e>er "/t!$"/tr$ "tr$"t!$Gn+s.@"+r$"/t!$"/tr$ "tr$"t! cols.an03F3 ali'n03ri'ht3$ "in.ut t6.e03+utton3 >alue03=etrie>e current settin's3 on7lic503'etBiel!s893$ "in.ut t6.e03+utton3 >alue03U.!ate confi'uration3 on7lic503setBiel!s893$ "/ta+le$ "/center$ "/+o!6$ "/html$
Appendi3 /.1.2: Client-side $alidation of forms &setpin.html'

"html$ "hea!$ "lin5 rel03st6lesheet3 href03sc.css3 t6.e03teCt/css3$ "scri.t lan'ua'e03;a>ascri.t3 t6.e03teCt/;a>ascri.t3$ function chan'ePin89 T >ar .in* sec2ettin's* 'eneral2ec* 'eneral?nce* .ri>ate2ec* .ri>ate?nce if 8!ocument.userform.ne-Pin.>alue00!ocument.userform.ne-PinF.>alue9 T .arent.tool+ar.!ocument.smartA:.sen!Pin8!ocument.userform.currentPin.>alue9@ .arent.tool+ar.!ocument.smartA:.setPin8!ocument.userform.ne-Pin.>alue9@ !ocument.userform.currentPin.>alue033@ !ocument.userform.ne-Pin.>alue033@ !ocument.userform.ne-PinF.>alue033@ V else T alert83Entries for ne- PA, !o not match.39@ V V "/scri.t$ "/hea!$ "+o!6$ "form name03userform3$ "h1$7han'e PA,"/h1$ ".$Please note that 2martWallet an! 2martA: use the same PA,."/.$ "center$ "ta+le +or!er0303 cell.a!!in'0303 cells.acin'03103$ "tr$"t! ali'n03ri'ht3$7urrent PA,"/t!$"t!$"in.ut t6.e03.ass-or!3 name03currentPin3 si e0343$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$,e- PA,"/t!$"t!$"in.ut t6.e03.ass-or!3 name03ne-Pin3 si e0343$"/t!$"/tr$ "tr$"t! ali'n03ri'ht3$7onfirm ne- PA,"/t!$"t!$"in.ut t6.e03.ass-or!3 name03ne-PinF3 si e0343$"/t!$"/tr$ "tr$"t!$Gn+s.@"+r$"/t!$"/tr$ "tr$"t! cols.an03F3 ali'n03ri'ht3$ "in.ut t6.e03+utton3 >alue037han'e PA,3 on7lic503chan'ePin893$ "/ta+le$ "/center$ "/+o!6$ "/html$
%a+e .(
Appendi& 3%#< CSS E&ample 1aston%css2

B?:W T font-famil6: arial* hel>etica* homerton* sans-serif@ color: &0000NN@ +ac5'roun!: &BBBBBB@ +ac5'roun!-ima'e: url83im'/cornertrian'le.'if39@ +ac5'roun!-re.eat: no-re.eat@ V T: T font-famil6: arial* hel>etica* homerton* sans-serif@ color: &0000NN@ V
H1*HF*HP*H4*HO*HN T font-famil6: stonesans* arial* hel>etica* homerton* sans-serif@ V A T V A:ho>er*A:acti>e T color: &0000NN@ V
%a+e .,
Appendi& 3%)< Client-Side .ava Applet

Appendi3 /.3.1: Smart1! class
im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort im.ort ;a>a.a-t.K@ ;a>a.io.K@ ;a>a.math.K@ ;a>a.a..let.A..let@ netsca.e.;a>ascri.t.K@ o.encar!.core.terminal.K@ o.encar!.core.ser>ice.K@ com.i+m.o.encar!.terminal..csc10.K@ o.encar!.o.t.util.K@ o.encar!.core.?.en7ar!=untimeECce.tion@ o.encar!.core.util.?.en7ar!Pro.ert6)oa!in'ECce.tion@ o.encar!.core.terminal.7ar!TerminalECce.tion@ o.encar!.core.ser>ice.7ar!2er>iceECce.tion@
.u+lic class 2martA: eCten!s A..let T final int maCBiel!2i e 0 P0@ final int un5no-nPin 0 -1@ final int -ron'Pin 0 -F@ //AP:UDs for transmission to the car! final +6te select7omman!IJ 0 T8+6te90C00*8+6te90CA4*8+6te90C04*8+6te90C07*8+6te90C04* 8+6te90CBF*8+6te90C0F*8+6te90C00*8+6te90C0AV@ final +6te sen!Pin7omman!IJ 0 T8+6te90C00*8+6te90C40*8+6te90C00*8+6te90C00*8+6te90C0FV@ final +6te setPin7omman!IJ 0 T8+6te90C00*8+6te90C41*8+6te90C00*8+6te90C00*8+6te90C0FV@ final +6te un+loc57omman!IJ 0 T8+6te90C00*8+6te90C44*8+6te90C00*8+6te90C00*8+6te90C0RV@ final +6te 'etBalance7omman!IJ 0 T8+6te90C00*8+6te90CP0*8+6te90C00*8+6te90C00*8+6te90C0FV@ final +6te !e+it7omman!IJ 0 T8+6te90C00*8+6te90CF0*8+6te90C00*8+6te90C00*8+6te90C0RV@ final +6te !e+it)eIJ 0 T8+6te90C0RV@ final +6te re.eat:e+it=es.onse7omman!IJ 0 T8+6te90C00*8+6te90CFP*8+6te90C00*8+6te90C00* 8+6te90C0RV@ final +6te .re.are7re!it7omman!IJ 0 T8+6te90C00*8+6te90CF1*8+6te90C00*8+6te90C00*8+6te90C0FV@ final +6te .re.are7re!it)eIJ 0 T8+6te90C0RV@ final +6te cre!it7omman!IJ 0 T8+6te90C00*8+6te90CFF*8+6te90C00*8+6te90C00*8+6te90C0RV@ final +6te set2ecurit67omman!IJ 0 T8+6te90C00*8+6te90C4F*8+6te90C00*8+6te90C00*8+6te90C04V@ final +6te 'et2ecurit67omman!IJ 0 T8+6te90C00*8+6te90C4P*8+6te90C00*8+6te90C00*8+6te90C04V@ final +6te 'etUsername7omman!IJ 0 T8+6te90C00*8+6te90C01*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'etPass-or!7omman!IJ 0 T8+6te90C00*8+6te90C0F*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'etBorename7omman!IJ 0 T8+6te90C00*8+6te90C0P*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'et2urname7omman!IJ 0 T8+6te90C00*8+6te90C04*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'et2treetA!!ress7omman!IJ 0 T8+6te90C00*8+6te90C0O*8+6te90C00*8+6te90C00* 8+6te90C1EV@ final +6te 'etTo-n7omman!IJ 0 T8+6te90C00*8+6te90C0N*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'et7ount67omman!IJ 0 T8+6te90C00*8+6te90C0Q*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'etPostco!e7omman!IJ 0 T8+6te90C00*8+6te90C0R*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te 'et7c,um+er7omman!IJ 0 T8+6te90C00*8+6te90C0S*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te setUsername7omman!IJ 0 T8+6te90C00*8+6te90C11*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te setPass-or!7omman!IJ 0 T8+6te90C00*8+6te90C1F*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te setBorename7omman!IJ 0 T8+6te90C00*8+6te90C1P*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te set2urname7omman!IJ 0 T8+6te90C00*8+6te90C14*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te set2treetA!!ress7omman!IJ 0 T8+6te90C00*8+6te90C1O*8+6te90C00*8+6te90C00* 8+6te90C1EV@ final +6te setTo-n7omman!IJ 0 T8+6te90C00*8+6te90C1N*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te set7ount67omman!IJ 0 T8+6te90C00*8+6te90C1Q*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te setPostco!e7omman!IJ 0 T8+6te90C00*8+6te90C1R*8+6te90C00*8+6te90C00*8+6te90C1EV@ final +6te set7c,um+er7omman!IJ 0 T8+6te90C00*8+6te90C1S*8+6te90C00*8+6te90C00*8+6te90C1EV@ 2mart7ar! sc@ 7ar!=eEuest cr@ PassThru7ar!2er>ice ser>@ X2?+;ect +ro-serWin!o-@ (essa'eBrame messa'e@ (essa'eBrame .in(essa'e@ 7omman!AP:U selectAP:U 0 ne- 7omman!AP:U8O09@ 7omman!AP:U commAP:U 0 ne- 7omman!AP:U8O09@ int userPin 0 -1@ //>aria+le to hol! cache! user PA, for con>ersations +oolean in7on>ersation 0 false@ +oolean !one2etu. 0 false@
%a+e .-
.u+lic +oolean han!leE>ent8E>ent e>ent9 T return su.er.han!leE>ent8e>ent9@ V .u+lic >oi! init89 T su.er.init89@ a!!,otif689@ +ro-serWin!o- 0 X2?+;ect.'etWin!o-8this9@ messa'e 0 ne- (essa'eBrame89@ .in(essa'e 0 ne- (essa'eBrame89@ selectAP:U.set)en'th809@ selectAP:U.a..en!8select7omman!9@ // // // // V .u+lic >oi! !estro689 T su.er.!estro689@ if 8%!one2etu.9 T tr6 T 2mart7ar!.shut!o-n89@ V catch 87ar!TerminalECce.tion e9 T 26stem.out..rintln837ar!TerminalECce.tion: 3 U e.'et(essa'e899@ V V V .u+lic int 'etBalance89 T Bi'Ante'er result 0 ne- Bi'Ante'er83039@ commAP:U.set)en'th809@ commAP:U.a..en!8'etBalance7omman!9@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ +6teIJ res.onseArra6 0 T8+6te90C00* res.onse.!ata89I0J* res.onse.!ata89I1JV@ result 0 ne- Bi'Ante'er8res.onseArra69@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V return Ante'er..arseAnt8result.to2trin'899@ V .u+lic 2trin' 'etBiel!82trin' fiel!,ame9 T 2trin' result 0 33@ commAP:U.set)en'th809@ if 8fiel!,ame.eEualsA'nore7ase83username399 commAP:U.a..en!8'etUsername7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83.ass-or!399 commAP:U.a..en!8'etPass-or!7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83forename399 commAP:U.a..en!8'etBorename7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83surname399 commAP:U.a..en!8'et2urname7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83streeta!!ress399 commAP:U.a..en!8'et2treetA!!ress7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83to-n399 commAP:U.a..en!8'etTo-n7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83count6399 commAP:U.a..en!8'et7ount67omman!9@ if 8fiel!,ame.eEualsA'nore7ase83.ostco!e399 commAP:U.a..en!8'etPostco!e7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83ccnum+er399 commAP:U.a..en!8'et7c,um+er7omman!9@ messa'e.set(essa'e83=ea!in' from smartcar!...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ result 0 ne- 2trin'8res.onse.!ata899@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@ return result.trim89@ V ,estca.e s.ecific comman!s* to allo- o.eration -ith ,etsca.e securit6 mo!el o.encar!.core.util.26stemAccess s6s 0 ne- o.encar!.o.t.netsca.e.,etsca.e26stemAccess89@ o.encar!.core.util.26stemAccess.set26stemAccess8s6s9@ init7ar!89@
%a+e ..
.u+lic >oi! setBiel!82trin' fiel!,ame* 2trin' fiel!1alue9 T 2trin'Buffer actual1alue 0 ne- 2trin'Buffer8fiel!1alue9@ commAP:U.set)en'th809@ if 8fiel!,ame.eEualsA'nore7ase83username399 commAP:U.a..en!8setUsername7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83.ass-or!399 commAP:U.a..en!8setPass-or!7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83forename399 commAP:U.a..en!8setBorename7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83surname399 commAP:U.a..en!8set2urname7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83streeta!!ress399 commAP:U.a..en!8set2treetA!!ress7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83to-n399 commAP:U.a..en!8setTo-n7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83count6399 commAP:U.a..en!8set7ount67omman!9@ if 8fiel!,ame.eEualsA'nore7ase83.ostco!e399 commAP:U.a..en!8setPostco!e7omman!9@ if 8fiel!,ame.eEualsA'nore7ase83ccnum+er399 commAP:U.a..en!8set7c,um+er7omman!9@ -hile 8actual1alue.len'th89 " maCBiel!2i e9 T actual1alue.a..en!8D D9@ //Pa! fiel! entr6 -ith s.aces u. to maCimum si e V commAP:U.a..en!8actual1alue.to2trin'89.su+strin'80*8maCBiel!2i e99.'etB6tes899@ //Use su+strin' to truncate entries o>er maCimum si e messa'e.set(essa'e83Writin' to smartcar!...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@
.u+lic 2trin' !e+it8int >alue* 2trin' challen'e9 T Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er result 0 ne- Bi'Ante'er83039@ Bi'Ante'er challen'e,um 0 ne- Bi'Ante'er8challen'e9@ +6te tCBloc5IJ 0 ne- +6teIRJ@ tCBloc5IQJ 0 8+6te98>alue#FON9@ //)oa! >alue into tCBloc5INJ 0 8+6te98>alue/FON9@ //t-o se.arate +6tes for tC to car! for 8int i0O@ i$00@ i--9 T //)oa! challen'e into siC se.arate +6tes for tC to car! 26stem.out..rintln8challen'e,um.remain!er8numFON9.to2trin'899@ tCBloc5IiJ 0 8+6te9 challen'e,um.remain!er8numFON9.int1alue89@ challen'e,um 0 challen'e,um.!i>i!e8numFON9@ V commAP:U.set)en'th809@ commAP:U.a..en!8!e+it7omman!9@ commAP:U.a..en!8tCBloc59@ commAP:U.a..en!8!e+it)e9@ messa'e.set(essa'e83:e+itin' smartcar!...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ //=eturns cr6.to'ra.hic res.onse recei>e! from car! result 0 ne- Bi'Ante'er8res.onse.!ata899@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@ return result.to2trin'89@
%a+e ./
.u+lic 2trin' re.eat:e+it=es.onse89 T Bi'Ante'er result 0 ne- Bi'Ante'er83039@ commAP:U.set)en'th809@ commAP:U.a..en!8re.eat:e+it=es.onse7omman!9@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ //=eturns cr6.to'ra.ic res.onse recei>e! from car! result 0 ne- Bi'Ante'er8res.onse.!ata899@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V return result.to2trin'89@ V
.u+lic 2trin' .re.are7re!it8int >alue9 T Bi'Ante'er result 0 ne- Bi'Ante'er83039@ +6te tCBloc5IJ 0 ne- +6teIFJ@ tCBloc5I1J 0 8+6te98>alue#FON9@ //)oa!s >alue into tCBloc5I0J 0 8+6te98>alue/FON9@ //t-o se.arate +6tes for tC to car! commAP:U.set)en'th809@ commAP:U.a..en!8.re.are7re!it7omman!9@ commAP:U.a..en!8tCBloc59@ commAP:U.a..en!8.re.are7re!it)e9@ messa'e.set(essa'e83Pre.arin' for cre!it...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ //=eturns cr6.to'ra.hic challen'e recei>e! from car! +6teIJ res.onseArra6 0 T8+6te90C00* res.onse.!ata89I0J* res.onse.!ata89I1J* res.onse.!ata89IFJ* res.onse.!ata89IPJ* res.onse.!ata89I4J* res.onse.!ata89IOJ* res.onse.!ata89INJ* res.onse.!ata89IQJV@ //PrefiCes num+er -ith ero +6te +efore creatin' Bi'Ante'er to .re>ent //ne'ati>e num+ers from +ein' create! //8Bi'Ante'er uses t-oDs-com.lement re.resentation9 result 0 ne- Bi'Ante'er8res.onseArra69@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@ return result.to2trin'89@
.u+lic +oolean cre!it82trin' c=es.onse9 T +oolean result 0 true@ Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er c=es.onse,um 0 ne- Bi'Ante'er8c=es.onse9@ +6te tCBloc5IJ 0 ne- +6teIRJ@ for 8int i0Q@ i$00@ i--9 T //)oa! res.onse into ei'ht se.arate +6tes for tC to car! tCBloc5IiJ 0 8+6te9 c=es.onse,um.remain!er8numFON9.int1alue89@ c=es.onse,um 0 c=es.onse,um.!i>i!e8numFON9@ V commAP:U.set)en'th809@ commAP:U.a..en!8cre!it7omman!9@ commAP:U.a..en!8tCBloc59@ messa'e.set(essa'e837re!itin' smartcar!...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ result 0 false@ //=eturn false if cre!it unsuccessful V if 8%in7on>ersation9 messa'e.hi!e89@ return result@ V
%a+e .0
.u+lic >oi! sen!Pin8int .in9 thro-s ECce.tion T 7omman!AP:U sen!PinAP:U 0 ne- 7omman!AP:U8O09@ sen!PinAP:U.set)en'th809@ sen!PinAP:U.a..en!8sen!Pin7omman!9@ sen!PinAP:U.a..en!88+6te98.in/FON99@ //)oa!s num+er into sen!PinAP:U.a..en!88+6te98.in#FON99@ //t-o se.arate +6tes for tC to car! init7ar!89@ 26stem.out..rintln83$ 3Usen!PinAP:U.to2trin'899@ =es.onseAP:U result 0 ser>.sen!7omman!AP:U8sen!PinAP:U9@ 26stem.out..rintln83" 3Uresult.to2trin'899@ if 8result.s-189008+6te90CNS GG result.s-F89008+6te90CRF9 T //PA, is incorrect 8NSRF res.onse 0 2ecurit6 status not satisfie!9 if 8in7on>ersation9 userPin0-ron'Pin@ //2et cache! PA, to error state .in(essa'e.set(essa'e83Ancorrect PA,39@ .in(essa'e.sho-89@ thro-8ne- ECce.tion83Wron' PA,399@ V V .u+lic >oi! setPin8int .in9 T messa'e.set(essa'e832ettin' PA,...39@ messa'e.sho-89@ commAP:U.set)en'th809@ commAP:U.a..en!8setPin7omman!9@ commAP:U.a..en!88+6te98.in/FON99@ //)oa!s num+er into commAP:U.a..en!88+6te98.in#FON99@ //t-o se.arate +6tes for tC to car! tr6 T sen!7omman!8commAP:U9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@ V .u+lic >oi! set2ecurit68+oolean .ri>ate2ec* +oolean .ri>ate?nce* +oolean 'eneral2ec* +oolean 'eneral?nce9 T messa'e.set(essa'e832ettin' securit6 le>els...39@ messa'e.sho-89@ commAP:U.set)en'th809@ commAP:U.a..en!8set2ecurit67omman!9@ commAP:U.a..en!88+6te98.ri>ate2ecL1:099@ commAP:U.a..en!88+6te98.ri>ate?nceL1:099@ commAP:U.a..en!88+6te98'eneral2ecL1:099@ commAP:U.a..en!88+6te98'eneral?nceL1:099@ tr6 T sen!7omman!8commAP:U9@ sen!7omman!8selectAP:U9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V if 8%in7on>ersation9 messa'e.hi!e89@ V .u+lic 2trin' 'et2ecurit689 T 2trin' result 0 33@ commAP:U.set)en'th809@ commAP:U.a..en!8'et2ecurit67omman!9@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ result 0 Ante'er.to2trin'88int9res.onse.!ata89I0J9 U Ante'er.to2trin'88int9res.onse.!ata89I1J9 U Ante'er.to2trin'88int9res.onse.!ata89IFJ9 U Ante'er.to2trin'88int9res.onse.!ata89IPJ9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ V return result@ V
%a+e .1
.u+lic +oolean un+loc582trin' co!e9 T +oolean result 0 true@ Bi'Ante'er numFON 0 ne- Bi'Ante'er83FON39@ Bi'Ante'er co!e,um 0 ne- Bi'Ante'er8co!e9@ +6te tCBloc5IJ 0 ne- +6teIRJ@ for 8int i0Q@ i$00@ i--9 T //)oa!s co!e into ei'ht se.arate +6tes for tC to car! tCBloc5IiJ 0 8+6te9 co!e,um.remain!er8numFON9.int1alue89@ co!e,um 0 co!e,um.!i>i!e8numFON9@ V commAP:U.set)en'th809@ commAP:U.a..en!8un+loc57omman!9@ commAP:U.a..en!8tCBloc59@ messa'e.set(essa'e83Attem.tin' to un+loc5...39@ messa'e.sho-89@ tr6 T =es.onseAP:U res.onse 0 sen!7omman!8commAP:U9@ V catch 8ECce.tion e9 T 26stem.out..rintln83ECce.tion: 3Ue.'et(essa'e899@ result 0 false@ V if 8%in7on>ersation9 messa'e.hi!e89@ return result@ V
.u+lic >oi! +e'in7on>ersation89 T in7on>ersation 0 true@ userPin 0 un5no-nPin@ messa'e.set(essa'e837ommunicatin' -ith smartcar!...39@ messa'e.sho-89@ V
.u+lic >oi! en!7on>ersation89 T userPin 0 un5no-nPin@ messa'e.hi!e89@ in7on>ersation 0 false@ V
.ri>ate >oi! init7ar!89 T if 8%!one2etu.9 T tr6 T messa'e.set(essa'e83Please insert 6our smartcar!...39@ messa'e.sho-89@ 2mart7ar!.start89@ cr 0 ne- 7ar!=eEuest89@ cr.setWaitBeha>ior 87ar!=eEuest.A,W7A=:9@ sc 0 2mart7ar!.-aitBor7ar!8cr9@ //Waits for a smartcar! to +ecome a>aila+le on an6 attache! !e>ice if 8sc %0 null9 T ser> 0 8PassThru7ar!2er>ice9 sc.'et7ar!2er>ice8PassThru7ar!2er>ice.class*true9@ //Anstantiates ser>ice to .ermit ra- AP:UDs to +e use! for tC an! rC 26stem.out..rintln83$ 3UselectAP:U.to2trin'899@ =es.onseAP:U result 0 ser>.sen!7omman!AP:U8selectAP:U9@ //2elects 2martA: a..let on car! 26stem.out..rintln83" 3Uresult.to2trin'899@ !one2etu. 0 true@ V else T 2mart7ar!.shut!o-n89@ V
V catch 8?.en7ar!Pro.ert6)oa!in'ECce.tion e9 T 26stem.out..rintln83?.en7ar!Pro.ert6)oa!in'ECce.tion: 3 U e.'et(essa'e899@ V catch 87lass,otBoun!ECce.tion e9 T 26stem.out..rintln837lass,otBoun!ECce.tion: 3 U e.'et(essa'e899@ V catch 87ar!TerminalECce.tion e9 T 26stem.out..rintln837ar!TerminalECce.tion: 3 U e.'et(essa'e899@ V %a+e /0
catch 87ar!2er>iceECce.tion e9 T 26stem.out..rintln837ar!2er>iceECce.tion: 3 U e.'et(essa'e899@ V messa'e.hi!e89@ V V
.ri>ate =es.onseAP:U sen!7omman!87omman!AP:U commAP:U9 thro-s ECce.tion T =es.onseAP:U result 0 ne- =es.onseAP:U8O09@ init7ar!89@ tr6 T 26stem.out..rintln83$ 3UcommAP:U.to2trin'899@ //2ho-s !ata tC in Xa>a console for !e+u''in' result 0 ser>.sen!7omman!AP:U8commAP:U9@ //2en!s AP:U to car! >ia PassThru7ar!2er>ice 26stem.out..rintln83" 3Uresult.to2trin'899@ //2ho-s !ata rC in Xa>a console for !e+u''in' if 8result.s-189008+6te90CN: GG result.s-F89008+6te90C009 T //DWron' instruction co!e res.onseD su''ests 2martA: a..let has +ecome !eselecte! 26stem.out..rintln83$ 3UselectAP:U.to2trin'899@ result 0 ser>.sen!7omman!AP:U8selectAP:U9@ //2elects 2martA: a..let on car! 26stem.out..rintln83$ 3UcommAP:U.to2trin'899@ result 0 ser>.sen!7omman!AP:U8commAP:U9@ //=e.eats the comman! .re>iousl6 attem.te! V if 8result.s-189008+6te90CNS GG result.s-F89008+6te90CRF9 T //D2ecurit6 status not satisfie!D res.onse i.e. car! reEuires PA, to .roce!e if 8in7on>ersation GG userPin%0un5no-nPin GG userPin%0-ron'Pin9 sen!Pin8userPin9@ //2en!s the cache! PA, if in con>ersation if 8%in7on>ersation YY userPin00un5no-nPin9 sen!Pin8'etPin899@ //?+tains PA, from user an! if not cache! an! sen!s to car! if 8%8in7on>ersation GG userPin00-ron'Pin99 T 26stem.out..rintln83$ 3UcommAP:U.to2trin'899@ result 0 ser>.sen!7omman!AP:U8commAP:U9@ //=e.eats the comman! .re>iousl6 attem.te! V V if 8result.s-189008+6te90CNS GG result.s-F89008+6te90CRP9 T //DAuthentication metho! +loc5e!D i.e. car! is +loc5e! .in(essa'e.set(essa'e837ar! +loc5e!39@ .in(essa'e.sho-89@ thro-8ne- ECce.tion837ar! +loc5e!399@ V if 8result.s-189008+6te90CS: GG result.s-F89008+6te90C1A9 T //DAn>ali! si'natureD i.e. incorrect res.onse recei>e! +6 car! for cre!it reEuest .in(essa'e.set(essa'e837orru.t ser>er res.onse39@ .in(essa'e.sho-89@ thro-8ne- ECce.tion83An>ali! si'nature399@ V V catch 87ar!TerminalECce.tion e9 T 26stem.out..rintln837ar!TerminalECce.tion: 3 U e.'et(essa'e899@ thro- e@ V catch 8ECce.tion e9 Tthro- e@V return result@ 26stem.out..rintln83" 3Uresult.to2trin'899@
%a+e /1
.ri>ate int 'etPin89 T int result@ Pin=eEuest .inWin!o- 0 ne- Pin=eEuest89@ .inWin!o-.sho-89@ -hile 8.inWin!o-.'etPin890009 T //Wait for PA, to +e entere! in -in!oV result0.inWin!o-.'etPin89@ .inWin!o-.!is.ose89@ if 8in7on>ersation9 userPin 0 result@ //7ache the PA, if in con>ersation return result@ V V
Appendi3 /.3.2: .essage)rame class

im.ort ;a>a.a-t.K@ im.ort ;a>a.io.K@ .u+lic class (essa'eBrame eCten!s Brame T )a+el messa'e@ .u+lic +oolean han!leE>ent8E>ent e>9 T if 8e>.i!00E>ent.WA,:?W4:E2T=?W9 T this.hi!e89@ return true@ V return su.er.han!leE>ent8e>9@ V .u+lic >oi! set(essa'e82trin' teCt9 T messa'e.setTeCt8teCt9@ V .u+lic (essa'eBrame89 T Gri!)a6out la6out 0 ne- Gri!)a6out81*19@ set)a6out8la6out9@ messa'e 0 ne- )a+el89@ messa'e.setBont8ne- Bont832ans2erif3*Bont.ATA)A7*F099@ messa'e.setAli'nment8)a+el.7E,TE=9@ messa'e.set2i e8PO0*R09@ a!!8messa'e9@ setTitle832martA:39@ set2i e88insets89.leftUinsets89.ri'htUPO09*8insets89.to.Uinsets89.+ottomU10099@ set)ocation8100*1009@ V
%a+e /2
Appendi3 /.3.3: Pin+e7#est Class

im.ort ;a>a.a-t.K@ im.ort ;a>a.io.K@ .u+lic class Pin=eEuest eCten!s Brame T )a+el enterPin)a+el@ TeCtBiel! userPin@ Button o5Button@ int userPin,um 0 0@ .u+lic +oolean han!leE>ent8E>ent e>9 T if 8e>.tar'et00o5Button GG e>.i!00E>ent.A7TA?,4E1E,T9 T //?H +utton clic5e! finish89@ return true@ V if 8e>.i!00E>ent.WA,:?W4:E2T=?W 9 T //Win!o- close! finish89@ return true@ V return su.er.han!leE>ent8e>9@ V .u+lic +oolean 5e6:o-n8E>ent e>* int 5e69 T if 885e600109YY85e6001P99 T //Enter or =eturn .resse! finish89@ return true@ V else return false@ V .u+lic int 'etPin89 T return userPin,um@ V .ri>ate >oi! finish89 T userPin,um08ne- Ante'er8userPin.'etTeCt8999.int1alue89@ //2ets >aria+le containin' PA, as entere! +6 user 8rea! +6 .arent9 this.hi!e89@ V .u+lic Pin=eEuest89 T Gri!Ba')a6out la6out 0 ne- Gri!Ba')a6out89@ Gri!Ba'7onstraints constraints 0 ne- Gri!Ba'7onstraints89@ set)a6out8la6out9@ constraints.'ri!C00@ constraints.'ri!600@ enterPin)a+el 0 ne- )a+el83Please enter PA,:39@ la6out.set7onstraints8enterPin)a+el*constraints9@ a!!8enterPin)a+el9@ userPin 0 ne- TeCtBiel!833*49@ constraints.'ri!C0Gri!Ba'7onstraints.=E)ATA1E@ la6out.set7onstraints8userPin*constraints9@ a!!8userPin9@ o5Button 0 ne- Button83?H39@ constraints.'ri!C0Gri!Ba'7onstraints.=E)ATA1E@ la6out.set7onstraints8o5Button*constraints9@ a!!8o5Button9@ setTitle83Please enter PA,:39@ set2i e88insets89.leftUinsets89.ri'htUFO09*8insets89.to.Uinsets89.+ottomU10099@ set)ocation81O0*1O09@ V V
%a+e /(
Appendi& 5< Smartcard Code

constant =ETU=,U2E=,A(EA,2 0 0C01 =ETU=,PA22W?=:A,2 0 0C0F =ETU=,B?=E,A(EA,2 0 0C0P =ETU=,2U=,A(EA,2 0 0C04 =ETU=,2T=EETA::=E22A,2 0 0C0O =ETU=,T?W,A,2 0 0C0N =ETU=,7?U,TWA,2 0 0C0Q =ETU=,P?2T7?:EA,2 0 0C0R =ETU=,77,U(BE=A,2 0 0C0S 2ETU2E=,A(EA,2 0 0C11 2ETPA22W?=:A,2 0 0C1F 2ETB?=E,A(EA,2 0 0C1P 2ET2U=,A(EA,2 0 0C14 2ET2T=EETA::=E22A,2 0 0C1O 2ETT?W,A,2 0 0C1N 2ET7?U,TWA,2 0 0C1Q 2ETP?2T7?:EA,2 0 0C1R 2ET77,U(BE=A,2 0 0C1S :EBATA,2 0 0CF0 P=EPA=E7=E:ATA,2 0 0CF1 ATTE(PT7=E:ATA,2 0 0CFF =EPEAT:EBAT=E2P?,2EA,2 0 0CFP =ETU=,BA)A,7EA,2 0 0CP0 =E7EA1EPA,A,2 0 0C40 2ETPA,A,2 0 0C41 2ET2E7U=ATWA,2 0 0C4F GET2E7U=ATWA,2 0 0C4P U,B)?7HA,2 0 0C44 (AZATTE(PT2 0 P static +alance: .in: attem.ts: .ri>ate2ec: .ri>ate?nce: 'eneral2ec: 'eneral?nce: eC.=es.onse: last=es.onse: cre!it1alue: .ri>ateHe6: un+loc57o!e: username: .ass-or!: forename: surname: streetA!!ress: to-n: count6: .ostco!e: cc,um+er: session criticalAccess: .ri>ateAccess: 'eneralAccess: fiel!,ame: @=etrie>e .rofile instructions
@2et .rofile instructions
@7re!it an! !e+it instructions
@Balance instructions @2ecurit6 instructions
@(aCimum num+er of PA, attem.ts +efore +loc5in'
-or! &0C0000 -or! &0C04:F +6te 0 +6te 1 +6te 0 +6te 0 +6te 0 +6teIRJ +6teIRJ -or!
@Balance initiall6 ero @PA, initiall6 set to 1FP4 8in !ecimal9 @,um+er of incorrect PA, attem.ts @=eEuire .in for .ri>ate !ata 810true* 00false9 @ --once onl6 810true* 00false9 @=eEuire .in for 'eneral !ata 810true* 00false9 @ --once onl6 810true* 00false9 @EC.ecte! res.onse from last challen'e @)ast res.onse 'i>en to cre!it challen'e @To.-u. >alue for -hich last cre!it challen'e create!
+6teIRJ 0C1F*0CP4*0CON*0CQR*0CS0*0CAB*0C7:*0CEB +6teIRJ 0C11*0CFF*0CPP*0C44*0COO*0CNN*0CQQ*0CRR +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 +6teIP0J 3,one set 3 @All automaticall6 set to ero on reset @Access control for critical functions 810'rante!* 00!enie!9 @Access control for .ri>ate !ata 810'rante!* 00!enie!9 @Access control for 'eneral !ata 810'rante!* 00!enie!9
+6te +6te +6te -or!
%a+e /,
co!e cm.+ ;um.eE cm.+ ;um.'e cm.+ ;um.eE cm.+ ;um.eE cm.+ ;um.eE cm.+ ;um.eE loa!n cm.n ;um.lt cm.+ ;um.eE loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a cm.+ ;um.eE cm.+ ;um.eE .o.cm.+ ;um.eE loa!n cm.n ;um.lt loa!a cm.+ ;um.eE cm.+ ;um.eE .o.loa!a a.!uAns* U,B)?7HA,2 un+loc57ar! attem.ts* (AZATTE(PT2 +loc5e!
@Point at -hich eCecution starts on recei.t of AP:U @7hec5 A,2 +6te for Un+loc5 instruction @Xum. to rele>ant co!e if recei>e! @7hec5 if PA, has +een entere! -ron' too man6 times @B6.ass remainin' co!e if true
a.!uAns* =E7EA1EPA,A,2 @?.s -ith no access restrictions recei>ePin a.!uAns* P=EPA=E7=E:ATA,2 .re.are7re!it a.!uAns* ATTE(PT7=E:ATA,2 attem.t7re!it a.!uAns* =EPEAT:EBAT=E2P?,2EA,2 re.eat:e+it=es.onse 1* 'eneral2ec 1* 'eneralAccess notAllo-e! a.!uAns* =ETU=,BA)A,7EA,2 returnBalance username a.!uAns* =ETU=,U2E=,A(EA,2 returnBiel! a.!uAns* 2ETU2E=,A(EA,2 setBiel! forename a.!uAns* =ETU=,B?=E,A(EA,2 returnBiel! a.!uAns* 2ETB?=E,A(EA,2 setBiel! surname a.!uAns* =ETU=,2U=,A(EA,2 returnBiel! a.!uAns* 2ET2U=,A(EA,2 setBiel! streetA!!ress a.!uAns* =ETU=,2T=EETA::=E22A,2 returnBiel! a.!uAns* 2ET2T=EETA::=E22A,2 setBiel! to-n a.!uAns* =ETU=,T?W,A,2 returnBiel! a.!uAns* 2ETT?W,A,2 setBiel! count6 a.!uAns* =ETU=,7?U,TWA,2 returnBiel! a.!uAns* 2ET7?U,TWA,2 setBiel! .ostco!e a.!uAns* =ETU=,P?2T7?:EA,2 returnBiel! a.!uAns* 2ETP?2T7?:EA,2 setBiel! a.!uAns* GET2E7U=ATWA,2 'et2ecurit6 1* .ri>ate2ec 1* .ri>ateAccess notAllo-e! .ass-or! a.!uAns* =ETU=,PA22W?=:A,2 returnBiel! a.!uAns* 2ETPA22W?=:A,2 setBiel! cc,um+er %a+e /@7hec5 if .ri>ate @ securit6 status satisfie! @ B6.ass remainin' co!e if false @?.s -ith .ri>ate access restrictions @7hec5 if 'eneral @ securit6 status satisfie! @ B6.ass remainin' co!e if false @?.s -ith 'eneral access restrictions
cm.+ ;um.eE cm.+ ;um.eE .o.cm.+ ;um.lt cm.+ ;um.eE cm.+ ;um.eE cm.+ ;um.eE .o..ush+ 7hec57ase eCitstat notAllo-e!: .ush+ 7hec57ase eCitstat +loc5e!: .ush+ 7hec57ase eCitstat
a.!uAns* =ETU=,77,U(BE=A,2 returnBiel! a.!uAns* 2ET77,U(BE=A,2 setBiel! criticalAccess* 1 notAllo-e! a.!uAns* :EBATA,2 !e+it7ar! a.!uAns* 2ETPA,A,2 setPin a.!uAns* 2ET2E7U=ATWA,2 set2ecurit6 1 &0CN:00 @7hec5 if critical securit6 status satisfie! @B6.ass remainin' co!e if false @?.s -ith critical access restrictions
@7omman! has +een 7ase 1 8,o comman! or res.onse !ata .resent9 @Anform car! ?2 of case +efore returnin' @=eturn -ith Wron' instruction co!e
1 &0CNSRF @=eturn -ith 2ecurit6 status not satisfie!
1 &0CNSRP @=eturn -ith Authentication metho! +loc5e!
recei>ePin: .ush+ 7hec57ase incn loa!n cm.n +raeE eCitstat correctPin: set+ set+ set+ set+ eCitstat
P 1* attem.ts F* a.!uBo!6 F* .in correctPin &0CNSRF@ @Ancrement +efore com.arison to .re>ent timel6 car! remo>al
@=eturn -ith 2ecurit6 status not satisfie!
attem.ts* 0 'eneralAccess* 1 .ri>ateAccess* 1 criticalAccess* 1 &0CS000@
setPin: call .ush+ 7hec57ase loa!n storen eCitstat
resetAccess P F* a.!uBo!6 F* .in &0CS000 @An.ut: PA,TFV
set2ecurit6: call .ush+ 7hec57ase loa!n storen storen storen storen eCitstat
resetAccess P 4* a.!uBo!6 1* 'eneral?nce 1* 'eneral2ec 1* .ri>ate?nce 1* .ri>ate2ec &0CS000 @An.ut: 2ecurit6 settin'sT4V
%a+e /.
'et2ecurit6: call .ush+ 7hec57ase loa!n loa!n loa!n loa!n storen eCitstatla un+loc57ar!: .ush+ 7hec57ase loa!n cm.n +raeE eCitstat correctUn+loc5: set+ eCitstat returnBalance: call .ush+ 7hec57ase loa!n storen eCitstatla returnBiel!: call .ush+ 7hec57ase loa!in storen eCitstatla setBiel!: cm.+ ;um.lt call .ush+ 7hec57ase loa!n storein eCitstat
resetAccess F 1* .ri>ate2ec 1* .ri>ate?nce 1* 'eneral2ec 1* 'eneral?nce 4* a.!uBo!6 &0CS000* 4
@?ut.ut: 2ecurit6 settin'sT4V
P R* a.!uBo!6 R* un+loc57o!e correctUn+loc5 &0CNSRP attem.ts* 0 &0CS000 @An.ut: Un+loc5 co!eTFV @=eturn -ith Authentication metho! +loc5e!
resetAccess F F* +alance F* a.!uBo!6 &0CS000* F @?ut.ut: BalanceTFV
resetAccess F P0 P0* a.!uBo!6 &0CS000* P0 @)oa! !ata onto stac5 from location s.ecifie! at to. of stac5 @?ut.ut: Biel! !ataTP0V
criticalAccess* 1 notAllo-e! resetAccess P P0* a.!uBo!6 P0 &0CS000 @An.ut: Biel! !ata TP0V @2tore !ata in location s.ecifie! at to. of stac5
!e+it7ar!: call resetAccess .ush+ 4 7hec57ase loa!n R* a.!uBo!6 cm.n F* +alance +ra'e .erform:e+it .ush+ F 7hec57ase eCitstat &0CN400 .erform:e+it: 7ommitThenProtect su+n F* +alance loa!n R* .ri>ateHe6 Corn R .o.n R storen R* last=es.onse 7ommit loa!n R* last=es.onse storen R* a.!uBo!6 eCitstatla &0CS000* R
@An.ut: 7hallen'eTNV :e+it >alueTFV @Ensure +alance is 'reater than !e+it >alue
@=eturn -ith Process a+orte! - memor6 unchan'e! @2tart transaction .rotection @2u+tract !e+it >alue from +alance @Generate res.onse @ +6 Z?=in' .ri>ate 5e6 -ith 8challen'e*!e+it >alue9 @=emo>e .ri>ate 5e6 from stac5 to access result @2tore res.onse @7ommit transaction @?ut.ut: =es.onseTRV
%a+e //
re.eat:e+it=es.onse: .ush+ F 7hec57ase loa!n R* last=es.onse storen R* a.!uBo!6 @?ut.ut: =es.onseTRV eCitstatla &0CS000* R
.re.are7re!it: .ush+ 4 7hec57ase Get=an!om,um+er loa!n F* a.!uBo!6 storen loa!n loa!n Corn .o.n storen loa!n storen eCitstatla R* eC.=es.onse R* eC.=es.onse R* .ri>ateHe6 R* eC.=es.onse R F* cre!it1alue F* cre!it1alue R* a.!uBo!6 &0CS000* R
@Place R-+6te ran!om num+er at to. of stac5 @An.ut: 7re!it >alueTFV 8a!! to to. of stac59 @7hallen'e is no- to. R +6tes of stac5 8ran!om&*cre!it >alue9 @2tore challen'e in eC.=es.onse tem.oraril6 @7alculate eC.ecte! @ +6 Z?=in' .ri>ate @=emo>e .ri>ate 5e6 @2tore cre!it >alue res.onse 5e6 -ith challen'e from stac5 to access challen'e for last challen'e create!
@?ut.ut: 7hallen'eTRV
attem.t7re!it: .ush+ P 7hec57ase .ush&0000 cm.n F* cre!it1alue +raeE cre!itBaile! loa!n R* a.!uBo!6 cm.n R* eC.=es.onse +raeE .erform7re!it cre!itBaile!: eCitstat &0CS:1A .erform7re!it: loa!n F* cre!it1alue 7ommitThenProtect a!!n F* +alance .ush&0000 storen F* cre!it1alue 7ommit eCitstat &0CS000
@7hec5 if cre!it >alue @ is ero @Af true* no challen'e has 6et +een 'enerate! @An.ut: =es.onseTRV @7hec5 if res.onse is correct @=eturn -ith An>ali! si'nature @2tart transaction .rotection @A!! cre!it >alue to +alance @2et store! cre!it >alue @ to ero 8.re>entin' re.la69
resetAccess: set+ cm.+ +raeE set+ !ont=esetPri>ate: cm.+ +raeE set+ !ont=esetGeneral: return
criticalAccess* 0 .ri>ate?nce* 1 !ont=esetPri>ate .ri>ateAccess* 0 'eneral?nce* 0 !ont=esetGeneral 'eneralAccess* 0
@Al-a6s reset critical access to !enie! after an o. @7hec5 if ?H to enter .in for .ri>ate !ata once onl6 @ --:onDt reset .ri>ate access if true @ --:o reset .ri>ate access if false @7hec5 if ?H to enter .in for 'eneral !ata once onl6 @ --:onDt reset 'eneral access if true @ --:o reset 'eneral access if false
en!
%a+e /0

Development of An E-Commerce Site With Smartcard Payment Mechanism

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Development of An E-Commerce Site With Smartcard Payment Mechanism

Uploaded by

Copyright:

Available Formats

Development of an E-commerce Site with Smartcard Payment Mechanism

Christopher S. Lacey MEng Electronic Systems Engineering with Management Studies

Supervisor: Mr. P J Miller

Electronic Engineering School of Engineering and Applied Science Aston University

Submitted: May 2001

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

Se%ure So%?et ;ayer

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

#%) *verview of 'eport

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

) Server-Side Design $ss!es

)%# Server-Side Processing

"%tive Server Pages +ompo e t 4b)e%t Model % +ommo .ateway @ terfa%e

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

)%) Maintaining State

e%tio to be made to port 00 of the appropriate host' followed

e%tio betwee the two ma%hi es is immediately

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

)%- Encrypted Comm!nication

Se%ure So%?et ;ayer

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

,%" ASP Synta&

,%# Separation of Code and Presentation

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

,%) Database Str!ct!re

Figure 4.%: &atabase structure

!-co""erce #ite with #"artcar$ %ay"ent &echanis"

Appen$i' () #erver *nstallation *nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions

Appen$i' () #erver nstallation nstructions