Development of an E-commerce Site with Smartcard Payment Mechanism

8/12/2019 Development of an E-commerce Site with Smartcard Payment Mechanism

1/79

Development of an E-commerce Site

with Smartcard Payment Mechanism

Christopher S. Lacey

MEng Electronic Systems Engineering

with Management Studies

Supervisor: Mr. P J Miller

Electronic Engineering

School of Engineering and Applied Science

Aston University

Submitted: May 2001

Chris Lacey / Aston University, 2000 - 2001.To contact the author, see www.cslacey.co.uk/proect


2/79

!-co""erce #ite with #"artcar$ %ay"ent &echanis" Appen$i' () #erver *nstallation *nstructions

Acknowledgements

The author wishes to express his gratitude to the followig:

Mr. P J Miller ad !r. J " # $illiams of the S%hool of &gieerig ad "pplied S%ie%e'

"sto (iversity' for providig ogoig advi%e ad assista%e for the duratio of the

pro)e%t.

Mr. J $ard ad Mr. P Trevis also of the S%hool of &gieerig ad "pplied S%ie%e'

"sto (iversity' for providig te%hi%al support.

*ita%hi Smart +ommer%e divisio for the doatio of smart%ard e,uipmet ad

developmet software- spe%ifi%ally' Mr. J riffiths for providig te%hi%al support ad to

Mr. # &vas for arragig sposorship.

Mr. M Meyerstei of /T +ellet for providig iformatio ad sour%e %ode with respe%t to

Modex value trasfer.

%a+e 1


3/79


Contents

Acknowledgements...............................................................................................................1

Contents.................................................................................................................................2

Table o !igures...................................................................................................................."

1 Synopsis.............................................................................................................................#

2 $ntroduction......................................................................................................................%

2.1 +otext........................................................................................................................

2.1.1 "ppli%ability of Smart%ard Te%hology...............................................................

2.2 #e,uiremets.............................................................................................................10

2.2.1 &le%troi% +ash..................................................................................................10

2.2.2 Persoal Profile..................................................................................................10

2.2. &3+ommer%e $eb Site.......................................................................................11

2. 4verview of #eport...................................................................................................11

& Ser'er(Side )esign $ssues..............................................................................................12

.1 +hoi%e of $eb Server...............................................................................................12

.2 Server3Side Pro%essig..............................................................................................12

. Maitaiig State......................................................................................................1

.5 !atabase....................................................................................................................16

.5.1 !atabase Trasa%tios........................................................................................16

.6 &%rypted +ommui%atio........................................................................................17

.6.1 Publi% ad Private 8eys 9"symmetri% +ryptography.......................................17

.6.2 !igital +ertifi%ates.............................................................................................17

.6. SS; ad +ertifi%ate "utheti%atio....................................................................1ueries...............................................................................................................22

5.5 Server3Side Java "ppli%atio....................................................................................2

5.6 SS;............................................................................................................................25

+ Client(Side )esign $ssues...............................................................................................2+

6.1 *ypertext Mar?up ;aguage 9*TM;.....................................................................26

6.1.1 =rames................................................................................................................27

6.1.2 =orms..................................................................................................................2ields?ad for a meas to be provided for ;ii< a web site to retrie'e

this data.

"dditioally' provisio had to be made for a user to ;iii< update his proile inormation

whene'er necessary' ad to ;i'< speciy preerences as to whether= and how oten= a

3$@ should be re:uested beore sensiti'e inormation is released.

The ob)e%tive to develop a persoal profile was ot part of the origial pro)e%t

spe%ifi%atio. @t was ta?e o at the re,uest of *ita%hi' providers of smart%ard readers ad

developmet software for the pro)e%t.

%a+e 10


12/79


2.2.3 E-Commerce Web Site

The %ore fu%tios provided by ay &3%ommer%e site are to ;i< allow users to browse or

search within a database o items or ser'ices= ;ii< select those re:uired or purchase

and place into a 'irtual >shopping basket?' ad ;iii< >check out? by authorising 'aluetranser to the 'endor.

"dditioally' for this pro)e%t' it was e%essary to ;i'< utilise the electronic cash and

personal proile systemspreviously des%ribed.

#%) *verview of 'eport

Three fudametal %ompoets to the overall system %learly emerge' amely Server,

ClientadSmartcard. The followig %hapters deal with these idividually: for ea%h' a

Design Isses%hapter des%ribes ad )ustifies the ma)or %o%eptual de%isios made' ad a

Implementation%hapter outlies ?ey methods by whi%h the desig was realised.

The method by whi%h value trasfer was a%hieved is des%ribed separately i

! Cryptographic Challenge and "esponse Cycle' as it ivolves the server' %liet ad

smart%ard e,ually' ad %aot be satisfa%torily des%ribed for ea%h %ompoet i isolatio.

The su%%ess of the pro)e%t is the evaluated' ad possibilities for future developmet

idetified. =ially' %o%lusios are draw from the fidigs made.

%a+e 11


13/79


) Server-Side Design $ss!es

)%" Choice of +eb Server

!ifferet permutatios of operatig system ad web server software were assessed' ad i

may %ases evaluated through istallatio' test' ad review of their a%%ompayig

do%umetatio.

(A@K servers ted to be highly regarded for their reliability ad stability' he%e iitially

appeared to be a attra%tive optio for deploymet. *owever' at the time whe this

assessmet of alteratives was beig %odu%ted' Modex was iteded to be the meas by

whi%h paymets would be made withi the site' ad it was therefore assumed that a

smart%ard reader would be eeded o the server i order to fa%ilitate %ard3to3%ard value

trasfers. The ma)ority of su%h devi%es are supplied oly with $idows drivers 3 (A@K

alteratives are geerally slow to materialise ad are usually usupported 3 ad as su%h the

de%isio was made to sele%t $idows AT Server as the platform upo whi%h the web

server should ru.

The "pa%he *TTP Server ad Mi%rosoftBs @teret @formatio Server 9@@S were the

%riti%ally %ompared' the latter fially beig sele%ted due to the fa%t that its ative s%riptiglaguage 9"SPa was ui,ue i providig support for istatiatio of $idows +4Mb

ob)e%ts' thus permittig %ommui%atio with the smart%ard reader via vedor3supplied

%ompoets. Darious modules providig "SP support for "pa%he were lo%ated ad tested'

but these were foud to possess i%omplete feature sets 3 oe of them providig +4M

support.

)%# Server-Side Processing" &3%ommer%e site obviously re,uires some degree of server3side pro%essig over ad

above simply relayig stati% %otet at the re,uest of browsers 3 for example' supplyig

pages whi%h show produ%ts that mat%h a userBs sear%h %riteria. The de%isio was made to

utilise @@SBs ilie s%riptig %apabilities to perform the ma)ority of server3side pro%essig'

as this te%hi,ue uses the appli%atioBs memory spa%e to pro%ess the s%ripts' draiig fewer

resour%es tha usig +@%' with whi%h a ew pro%ess eeds to be %reated to serve every

separate page re,uest.a"%tive Server Pagesb+ompoet 4b)e%t Model%+ommo ateway @terfa%e

%a+e 12


14/79


@@S is %apable of supportig a umber of differet s%riptig laguages 9D/S%ript ad

JS%riptaas stadard' Perl ad other alteratives by deploymet of appropriate modules.

Ao oe laguage appeared to offer ay parti%ular advatage' he%e D/S%ript was %hose

solely be%ause this appears to be the most %ommo %hoi%e amogst users of "SP' ad thus

more do%umetatio ad support is available for it.

)%) Maintaining State

The proto%ol via whi%h web pages are re,uested ad served 9*TTPb isstateless' i that

ea%h page re,uest is effe%tively a isolated evet whereby a %oe%tio is maitaied

betwee %liet ad server for the trasmissio of a sigle file oly. Aavigatig to a

parti%ular page by eterig its (#;%

ito the address bar of a browser or by sele%tig ahyperli? %auses a T+Pd%oe%tio to be made to port 0 of the appropriate host' followed

by a istru%tio of the form:

GET /filename.html HTTP/1.0

"ssumig the file re,uested is available' the web server the respods by trasmittig the

page ba%? to the %liet' ad the %oe%tio betwee the two ma%hies is immediately

released.

The stateless ature of *TTP demads that %osideratio be give to how some form of

persiste%e be %reated withi the system. +learly' for a &3%ommer%e site' it is desirable

for a user to move betwee several pages' browsig ad sear%hig for items' ad addig

those whi%h are re,uired to a virtual Eshoppig bas?etF. @t is obviously e%essary for the

sele%tios made to be retaied for at least the duratio of the userBs visit to the site' ad

preferably also betwee su%%essive visits.

Darious extesios to *TTP' whi%h are ow mature ad supported by the vast ma)ority of

browsers' provide meas to over%ome this problem. The most established method is

?ow as#$$% Athentication' whereby the web server iserts the followig headers ito

its iitial respose to a page re,uest:

WWW-Authenticate: Basic

HTTP/1.0 401 Unauthorie!

aMi%rosoftBs implemetatio of &+M"S%ript 9Javas%riptb*ypertext Trasfer Proto%ol%(iform #esour%e ;o%atordTrasmissio +otrol Proto%ol

%a+e 1(


15/79


/rowsers supportig *TTP autheti%atio will the prompt the user for a userame ad

password' %a%he this iformatio' ad retrasmit it withi the headers of every subse,uet

page re,uest to that site. +ose,uetly' by observig the userame ad password

a%%ompayig ea%h page re,uest' the server %a as%ertai whi%h user is beig served ad

modify the %otets of the iformatio retured a%%ordigly.

" alterative to this te%hi,ue is to use coo&ies' whi%h are small text files %reated by the

browser o the userBs system upo the re,uest of the server. The iformatio to be stored

withi these files is set to the %liet withi the respose *TTP headers' ad this is the

retrasmitted by the browser withi the headers of every subse,uet page re,uest to the

same site. +ose,uetly' by usig %oo?ies to store a ui,ue idetifier for a parti%ular user'

page resposes %a be persoalised by the server a%%ordigly.

$he %oo?ies first %ame ito existe%e 9i Aets%ape Aavigator 2.0' they were viewed

with suspi%io by some users who regarded the a%t of text files beig saved o their ow

ma%hies as a se%urity threat. The fa%t that these files %otai textual data whi%h is

maaged by the browser' oly ever set to the site whi%h origially %reated it' ad ever

exe%uted' has %aused this attitude to be o loger widely held' ad although users %a still

%hoose to re)e%t them' all browsers i %ommo use today siletly a%%ept %oo?ies by default.

@ additio' %reatio of the %o%ept of Esessio %oo?iesF whi%h exist i the browser

pro%essBs volatile memory' ad thus remai i existe%e oly util the program is %losed'

have served to provide a te%hi,ue for providig persiste%e to whi%h few are opposed.

@ geeral' %oo?ies are used mu%h more widely tha *TTP "utheti%atio' ad as su%h the

appeara%e of the browserBs logi box is ow rarely witessed ad %a be dis%o%ertig for

iexperie%ed users. @ additio' be%ause the maer i whi%h the userame ad password

are re,uested is ui,ue to ea%h idividual browser' it would ot be possible to provide a

%osistet me%haism for loggig i usig a smart%ard should this method be employed for

user idetifi%atio. +ose,uetly' despite the small possibility of user re)e%tio' it was

de%ided that the less %otroversial Esessio %oo?ieF be used to provide logi fa%ilities to the

site' together with a explaatio of the se%urity issues ivolved.

"dditioally' it was de%ided to provide the optio for %reatig a permaet %oo?ie to

provide automati% logi to the site.

%a+e 1


16/79


)%, Database

There was a %lear eed for the existe%e of a database o the server' whi%h would %otai

iformatio relatig to the produ%ts or servi%es available for sale o the site 9 e.g.

des%riptio' pri%e ad sto%? iformatio.

@ additio' it was believed to be desirable for the database to be the lo%atio i whi%h the

%otets of usersB Eshoppig bas?etsF was held. @t would be possible for the sessio %oo?ie

%reated o the %lietBs ma%hie to retai this iformatio- however' be%ause %oo?ie data is

trasmitted with every page re,uest' use of a server3side database miimises the amout of

data beig trasferred' ad thus the speed of respose. "dditioally' it permits the %otets

of bas?ets to be remembered idefiitely 9i.e.betwee visits.

" large umber of differet database produ%ts are available' all with their ow parti%ular

advatages ad disadvatages. "ssessmet of whi%h was the most suitable for a

&3%ommer%e site would be depedet upo fa%tors su%h as the expe%ted server load' ad a

detailed evaluatio of alteratives was ot %osidered to be withi the s%ope or budget of

this pro)e%t. (se of a stadard ,uery laguage ad abstra%tio layer to %oe%t to the

database 9spe%ifi%ally' S>; via a 4!/+a%oe%tio was therefore deemed essetial' so

that the uderlyig egie %ould be repla%ed should it be%ome e%essary 9easig migratio

to a heavy3duty 4ra%le database should server load es%alate' for example.

3..1 !atabase Transactions

+ertai operatios that may eed to be %arried out o the database are %omprised of a

umber of separate a%tios 3 su%h as the pro%ess of %he%?ig out' where ea%h produ%t

pur%hased must be deleted from the userBs bas?et ad a %orrespodig re%ord made

elsewhere to authorise dispat%h.

@t is importat to esure that' i the evet of a error or problem o%%urrig o the server'

the etire operatio would fail or su%%eed as a sigle uit 9 i.e.either allof the %ompoet

a%tios would be %ompleted' or noneof them. Su%h a operatio is said to be atomic.

@ order to a%hieve this re,uiremet' it was de%ided to use trasa%tioal features withi the

database whereby a trasa%tio is %omme%ed immediately before the first %riti%al

operatio ad committedfollowig the fial oe. Should ay step i the trasa%tio fail'

all other steps are automati%ally rolled ba%?' thus preservig %osiste%y of the data.

a4b)e%t !atabase +oe%tio

%a+e 1


17/79


The database egie also esures that partial results of i%omplete operatios are ever

obtaied by other %o%urret pro%esses 9e.g.other "SP page re,uests by lo%?ig the

relevat fields for the duratio of the trasa%tio. !ue to the fa%t that trasa%tios oly

appear to be re,uired for re%ords ad fields spe%ifi% to idividual users' o problems

should o%%ur with the database beig made uavailable to other users of the site.

)% Encrypted Comm!nication

+ommui%atio via the @teret is iheretly ise%ure' as data trasferred over it is ope to

eavesdroppig at may differet poits. +ose,uetly' there is a eed for ay system

whi%h ivolves the trasmissio of sesitive iformatio 9su%h as %redit %ard umbers to

provide meas for e%ryptig %ommui%atio betwee server ad %liet ad to assure usersof the true idetity of the site with whi%h they are dealig' he%e the ratioale behid

deployig SS;a.

3.".1 P#blic and Pri$ate %eys &Asymmetric Cryptography'

$he used for e%ryptio' publi% ad private ?eys are aalogous to padlo%?s ad their

?eys' whereby iformatio %a be e%rypted usig a publi% ?ey 9lo%?ed with a padlo%?

su%h that it %a oly be de%rypted usig its asso%iated private ?ey 9ulo%?ed with its ?ey.

+ose,uetly' publi% ?eys %a be widely distributed to eable ayoe to e%rypt

iformatio i the ?owledge that it %a oly be de%rypted by the holder of the asso%iated

private ?ey.

"dditioally' however' data e%rypted usig the private ?ey %a be de%rypted by ayoe i

possessio of the asso%iated publi% ?ey. @f meaigful iformatio %a be extra%ted usig

the publi% ?ey' oe %a be %ertai that oly the holder of the private ?ey %ould have

e%rypted it iitially 9i.e.the origi of the data is assured. This te%hi,ue forms the basis

for digital sigature systems.

3.".2 !igital Certificates

@ order for asymmetri% %ryptography to be used effe%tively' it is e%essary for the holder

of a publi% ?ey to be %ertai that the ?ey is i fa%t asso%iated with the private ?ey owed by

the iteded re%ipiet. (sig te%hi,ues su%h as @P spoofig' it might be possible to

mas,uerade uder the idetity of aother user or server ad supply a differet publi% ?ey

whi%h would allow uauthorised a%%ess to iformatio e%rypted with it.

aSe%ure So%?et ;ayer

%a+e 1


18/79


@ order for the true ower of a publi% ?ey to be determied' Certification Athorities

9+"Bs su%h as Derisig ad Thawte have bee established to a%t as trusted third parties

whi%h will verify the idetity of a perso or orgaisatio before providig them with a

digital certificate. Su%h %ertifi%ates are wrappers %otaiig textual iformatio

%o%erig the owerBs idetity' together with the a%tual publi% ?ey. The wrapper itself is

siged usig the +"Bs private ?ey whi%h gives ayoe proof of its autheti%ity. The +"sB

publi% ?eys' re,uired to verify %ertifi%ates as beig valid' are supplied as stadard withi

all %ommo web browsers ad web server software.

3.".3 SS( and Certificate A#thentication

SS; is a stadard te%hi,ue used for se%ure data ex%hage o the @teret ad o private

etwor?s. Typi%ally' a web server will preset a browser with its digital %ertifi%ate whi%h

will a%t as proof of its idetity' ad %otai its publi% ?ey usig whi%h data set to it %a be

e%oded.

"s @teret @formatio Server ad the ma)ority of maistream browsers support SS;' the

de%isio was made to apply for a suitable digital %ertifi%ate from a ?ow +"' ad to ma?e

use of SS; for the trasmissio of address ad %redit %ard iformatio to the server.

%a+e 1


19/79


, Server $mplementation

Please refer to the a%%ompayig +!3#4M to view the %ommeted %ode ad other files

%reated to implemet the system 9H$ebB dire%tory for "SP %ode' HServerB dire%tory for

"%%ess database ad Java appli%atio sour%e.

,%" ASP Synta&

" des%riptio of "SP sytax ad usage is ot withi the s%ope of this do%umet. *owever'

the reader may beefit from ?owig that dire%tives are distiguished from stadard

*TM; %ode by beig surrouded by "#ad #$delimiters. @ additio' the "%--&.. --$

tag is used for spe%ifyig for server3side i%ludes.

.1.1 Code Con$ention

$ithi this se%tio' highlighted text will be used to distiguish server3side istru%tios

from *TM; %ode' where e%essary. +ommets withi %ode will be show i gree.

,%# Separation of Code and Presentation

"SP ilie s%riptig 9where pre3pro%essor istru%tios are embedded amogst stadard

*TM; tags is ot well suited to separatig %ode from presetatio iformatio. *owever'

where possible' user redire%ts ad fu%tio libraries were utilised to isolate sigifi%at %ode

blo%?s to Ededi%atedF s%ript files.

.2.1 The need for inline code embedding

@ some situatios' it was however essetial to embed %ode i the middle of a *TM;

page' as i the %ase of a produ%t listig 3 illustrated by the followig pseudo%ode:

Pa'e hea!er HT(): Title* Ta+le hea!er* etc.FOR EACH Pro!uct that matches selection criteria

,e ta+le ro,e ta+le cellPrint Pro!uct name,e ta+le cellPrint Pro!uct rice

NEXT Pro!uctPa'e footer

Figure 4.1: Pseudocode indicating use of inline scripting

%a+e 1


20/79


.2.2 )#nction (ibraries

@ order to miimise the %ode %otet of pages' ad to redu%e %odig repetitio' a umber

of libraries were %reated %otaiig related fu%tios 9e.g.those pertaiig to database

a%%ess. These were i%luded' whe re,uired' by use of server3side i%ludes' as show ithe followig example:

"# )A,GUAGE B2crit #$"%--&inclu!e file3../st!li+.as3--$"%--&inclu!e file3../!+li+.as3--$

"html$"hea!$"lin5 rel3st6lesheet3 href3main.css3$"/hea!$"+o!6$

"$7urrent or!er total: "stron'$"#'etBas5etTotal89#$"/stron'$"/$

etc...

Figure 4.2: ASP code showing use of function libraries and server-side includes

"SP does ot support the %o%ept of ElibrariesF as su%h- the Li%lude dire%tive simply

%auses the %otets of the refere%ed do%umet to be pla%ed at that poit withi the file.

+ose,uetly' %are had to be ta?e to avoid dupli%atio of variable ad fu%tio ames

a%ross multiple libraries' as should more tha oe ever be i%luded i a do%umet'

%ofusio would result. Suitably des%riptive ames were therefore used for fu%tios ad

EglobalF variables that might eed to be refere%ed exterally- ad Elo%alF variables were

prefixed with a %ommo idetifier 9e.g. dbC for database variables' as show i the

example below:

"#im o+;7onn* !+str7onn* !+strer.7reate?+;ect83A?B.7onnection39!+str7onn 32,2mart(ar5et@ata+ase2mart(ar5et@Usa@PW@3o+;7onn.?en8!+str7onn9

unction isEmt6=28!+str


21/79


"s opposed to embeddig *TM; represetig the user message withi large amouts of

"SP %ode' these messages were %reated i separate pages' ad *TTP redire%t resposes

set to the %liet' %ausig it to re,uest the appropriate Esu%%essF or EfailureF page after

pro%essig of the form was %omplete. =or example' the followig s%ript is a extra%t from

the "SP s%ript %alled o submissio of the E"dd ew userF form:

D7hec5 to see if user alrea!6 eCists in !ata+aseuserECists ,ot isEmt6=2832E)E7T Username =?( Accounts WHE=E Usern ...

f =euest83assor!39 "$ =euest83assor!F39 ThenDPassor!s !o not match!+finalise89=esonse.=e!irect83a!!user!iffass.as3 urlAen!9

Elsef username33 ?r assor!33 ?r forename33 ?r surname33 Then

DEssential fiel! left +lan5!+finalise89=esonse.=e!irect83a!!userincomlete.as3 urlAen!9

Elsef userECists ThenDUser alrea!6 eCists!+finalise89=esonse.=e!irect83a!!usereCists.as3 urlAen!9

ElseD? to insert user into !ata+ase!+ECecute83,2E=T ,T? Accounts 8Username*Passor!*orename*2ur ...!+finalise89

=esonse.=e!irect83a!!usersuccess.html39En! f

Figure 4.4: !tract fro" adduser.asp showing use of user redirects

@ this %ase' if the two passwords etered by the user do ot mat%h' he is forwarded to

EadduserCdiffpass.aspF- if ay essetial fields are left bla?' he is forwarded to

EadduserCi%omplete.aspF' ad so o.

%a+e 20


22/79


,%) Database Str!ct!re

" Mi%rosoft "%%ess database was used for storig user ad produ%t iformatio- this

produ%t beig %hose solely for its ease of availability 9see '.( Data)ase Design Isses.

.3.1 +elationships

/eig a relatioal database' it is possible to defie relatioships that exist betwee fields i

differet tables. Su%h usage efor%es referential integrity3 by defiig the stru%ture at

su%h a low level' faulty %ode or iterfa%es are preveted from eterig ivalid data ito the

database' allowig problems to be re%ogised more easily ad thus assistig i debuggig.

The tables %reated' ad relatioships betwee fields are as show below. Primary ?eys are

idi%ated i bold.

Figure 4.%: &atabase structure

.3.2 Tables

The Accountstable %otais a re%ord for ea%h registered user' %omprisig userame ad

password' real ame' ad the shippig address most re%etly etered 9i.e.for the %urret

trasa%tio. 3roducts %otais the full list of items available' ea%h beig assiged a

%ategory from the list defied i Categories. These %ategories are used withi the

browsig pro%ess 3 the user beig able to view all relevat produ%ts by sele%tig the

re,uired %ategory from a dyami%ally %reated drop3dow list withi his web browser.

%a+e 21


23/79


/asketsbrigs together user ad produ%t iformatio 9from Accountsad 3roducts'

respe%tively to idi%ate the items sele%ted by users to be i their Eshoppig bas?etsF.

$ithi "%%ess' the relatioships defied betwee fields %a oly be of the type

4e3to3May' as show 9e.g.a produ%t may oly be assiged to oe %ategory' but a

%ategory may be assiged to may produ%ts. @ order to provide a May3to3May

relatioship for the shoppig bas?ets 9a user may sele%t may produ%ts' ad a produ%t may

be sele%ted by may users' /asketsis re,uired to a%t as a*nction ta)le' possessig two

primary ?eys to esure ui,ueess oly of the %ombiatios of 9Produ%t@!'(serame

tuples 9i.e. it is possible for multiple re%ords to exist with the same Produ%t@!' providig

the (serame differs for ea%h su%h re%ord- ad vi%e3versa.

4%e a pur%hase is made' produ%ts 9refere%ed by Produ%t@! are EmovedF to the)ispatchestable' whi%h would be used by the shippig departmet to arrage for

despat%h. &a%h re%ord relates to oe produ%t oly' to allow idividual %ompoets of a

order to be %osidered separately. *e%e' wheever suffi%iet sto%? was available' a

delivery %ould be made' ad the re%ord deleted from the system. The Aame ad "ddress

fields relate to the shippig details etered durig the %he%?out stage' ad are ot stored

elsewhere i the system to esure o permaet re%ord is made of them' for user priva%y

reasos.

Card3aymentsrepresets the list of %redit %ard trasa%tios that have bee pro%essed. @

the %ase of this system' a %redit %ard trasa%tio is deemed to have bee su%%essfully

%arried out o%e a etry for it is made ito this table. 4bviously' i a real &3%ommer%e

site' trasa%tio authorisatio would be made by a ba? or %learig house 3 etry of data

ito this table' however' simulates this pro%ess.

.3.3 ,#eries

/asketuery ad /asketSubtotalsare +eries%reated withi the database. &ffe%tively'

these are read3oly tables whi%h are dyami%ally %reated by the server.

/asketuerydefies a li? betwee its Produ%t@! field ad that of 3roductsad thus

provides the data re,uired for the server s%ript to display details of a userBs bas?et 9without

eed for it to perform its ow %ross3refere%ig to obtai produ%t des%riptio' for

example.

%a+e 22


24/79


/asketSubtotalsli?s its (serame field to that of /asketuery' ad %al%ulates the total

%ost of produ%ts withi ea%h userBs bas?et by defiig the Subtotal field to be a

expressio of the form:

2u+total: 2um8IBas5etalue* schallen'e9reemt=esonsessmart7hallen'e.reemt=esonse8s>alue*

schallen'e* sri>atee69

En! unctionFigure 4.': ASP code to call (pree"pt)esponse* "ethod in +ava application

*ere' H+S;.Smart@!+hallegeB was the idetifier 9+;S@!b used to register the Java applet

as a +4M %ompoet o the server 9via the J"D"#& utility.

aDirtual Ma%hieb+lass @!

%a+e 2(


25/79


,% SS/

" free EtestF server %ertifi%ate was obtaied from the Derisig +"' ad usig this' SS; was

su%%essfully %ofigured withi @@S. *owever' due to the fa%t that su%h test %ertifi%ates

expire after two wee?s ad the diffi%ulty of obtaiig repeat issues' SS; was ot deployed

withi the fiished system. This should ot be regarded as demeaig its e%essity i ay

way 3 should a release system ever be %reated' a suitable server %ertifi%ate would eed to be

pur%hased' ad SS; re3eabled.

%a+e 2


26/79


Client-Side Design $ss!es

%" 0yperte&t Mark!p /ang!age 10TM/2

"ll web pages are ultimately passed to a browserBs rederig egie as *TM;' this beig

a appli%atio of SM;a. @ their simplest form' *TM; do%umets %osist of a basi%

blo%? of text' iterspersed with %otrol %odes 9HtagsB of the form addressN..OaddressN to

idi%ate the ature or desired appeara%e of the Emar?ed upF text. Tags also exist for

providig hyperli?s to other pages' displayig images' embeddig Java applets' providig

form %ompoets to re%eive user iput' ad so o.

The laguage is offi%ially maaged by the $+b' who defie the %omplete list of tags' their

usage' ad the maer i whi%h user agets 9i.e.web browsers should reder %otet.

*owever' *TM; has bee i a %ostat evolutioary pro%ess si%e its i%eptio-

%ose,uetly differet browsers support differet versios of the laguage ad very few

have ever %orre%tly supported the stadard i its etirety. "dditioally' vedors have

attempted to provide eha%emets via their ow proprietary additios 9for example'

Aets%ape AavigatorBs bli?N ad Mi%rosoft @teret &xplorerBs mar,ueeN tags.

(ser agets are re,uired to hadle tags whi%h they do ot re%ogise by simply igorigthem' ad as su%h' %areful desig permits adva%ed features to be implemeted

trasparetly 3 providig eha%ed fu%tioality to those browsers whi%h support it' but

still permittig users of less well featured browsers to view the basi% iformatio preset

o the page. @teret usage statisti%s suggest that over 6%of users view pages with a

browser whi%h supports *TM; 5.0 9revised "pril 11- %ose,uetly it was de%ided that

this versio be used as the basis for developig the site' whilst esurig that older browsers

9supportig *TM; .22ad earlier be %apable of providig %ore fu%tioality' albeit with

a less refied appeara%e ad user iterfa%e. Proprietary features have bee avoided

%ompletely.

!iffere%es i usersB system %ofiguratios 9e.g.s%ree resolutio' %olour depth' fot

availability' ad i the iterpretatio ad implemetatio of the *TM; stadard withi

browsers' mea that the maer i whi%h web pages will appear %a ever be %ompletely

predi%table. !espite the temptatio to do so' %osiderable effort was made to avoid

aStadard eeraliIed Mar?up ;aguageb$orld $ide $eb +osortium%Sour%e: browserwat%h.iteret.%om

%a+e 2


27/79


desigig the site for use o parti%ular browsers ad systems' istead ma?ig %orre%t use of

*TM; to esure that the site be a%%essible from all platforms 3 both those %urretly i

existe%e ad those oly )ust emergig' su%h as E$eb TDF ad other embedded systems.

*owever' due to the fa%t that aroud 6 of web site hits are made usig Mi%rosoft

@teret &xplorer or Aets%ape Aavigator' the site was rigorously tested usig these two

browsers to esure a ituitive ad aestheti%ally pleasig servi%e for the ma)ority of

%ustomers.

".1.1 )rames

#$M frames allo athors to present docments in mltiple vies, hich may )e

independent indos or s)indos. Mltiple vies offer designers a ay to &eep certain

information visi)le, hile other vies are scrolled or replaced.F1

The de%isio was made to employ frames to provide a persistet toolbar for easily

avigatig aroud the site 9providig li?s to browse produ%ts' view shoppig bas?et' log

out' et%.' as illustrated below. "dditioally' be%ause the toolbar frame remais i

existe%e for the duratio of a visit' this was deemed the best pla%e to embed the %liet3side

Java applet for %ommui%atig with the smart%ard.

Toolbar

Frame

- Lo+ in- Lo+ out- o"e- 3asket- #hop

etc.

Main Frame

&ispla$s selected page

Figure %.1: ,ain fra"e structure

Similarly' a additioal frameset withi the mai frame itself was %osidered most

appropriate for eablig users to sear%h for ad browse %ategories of produ%ts o the site:

Toolbar

Frame

- Lo+ in- Lo+ out- o"e- 3asket

- #hopetc.

Search Frame

Select categor$ nter search ter"

Products Frame

&ispla$s products "atching

search criteria

Figure %.2: rowsesearch products fra"e structure

%a+e 2


28/79


&a%h frame withi a frameset displays the %otets of a separate *TM; page' he%e a

frameset do%umet itself is fairly small 3 typi%ally defiig oly the stru%ture' layout ad

(#;s of the idividual frames. @t is also possible' however' to provide %otet withi

oframesN..OoframesN tags whi%h is redered by browsers that do ot support frames.

This fa%ility was used to provide li?s to the most relevat page 9e.g.the Ewel%omeF page

withi the opeig frameset- ad all pages withi the site were desiged to provide a

alterative route to ea%h page' should the stati% toolbars be abset. ;i?s were used i

prefere%e to repetitio of %otet withi the oframesN se%tio i order to ease

maitea%e of the site 9updates would otherwise re,uire %hages to be made i two

pla%es' ad i order to prevet ue%essary amouts of data from beig trasferred to the

ma)ority of users who would be usig frames.

".1.2 )orms

An #$M form is a section of a docment containing normal content, mar&p, special

elements called /controls0 1chec&)oxes, radio )ttons, mens, etc.2, and la)els on those

controls. Users generally /complete0 a form )y modifying its controls 1entering text,

selecting men items, etc.2, )efore s)mitting the form to an agent for processing.31

/eig the oly method for obtaiig feedba%? from a user i a web appli%atio' forms were

%learly re,uired for su%h a%tios as sele%tig %ategories of produ%ts to view' ad submittig

sear%h %riteria' ,uatities ad shippig details to the server.

&a%h %otrol is give a ui,ue ame' ad upo submissio' ?ey3value pairs of the form

9%otrol ame' %otrol state are passed to the server either withi the headers of the *TTP

re,uest 9the HP4STB method' or as a suffix to the (#; 9the H&TB method thus:

htt://.aston.ac.u5/Lforenamefre!surname+lo''s

Some browsers pla%e a upper limit upo the legth of a (#;' %ostraiig the umber of

?ey3value pairs that %a be trasmitted usig &T. "dditioally' this method is %learly

usuitable for trasmittig sesitive iformatio as the (#; 9i its etirety is li?ely to be

%learly displayed withi the userBs address bar' ad may well be %a%hed by the browser

adOor a proxy server. =or these reasos' it was de%ided that P4ST be used for the

submissio of almost all forms withi the site. This te%hi,ue also has the advatage of

%ausig the iformatio set to the server to be e%rypted if a SS; asessio is used. The

aSe%ure So%?et ;ayer

%a+e 2


29/79


oly ex%eptio to this de%isio was for the submissio of produ%t %ategory or sear%h

%riteria to the Eshow produ%tsF page 3 i this %ase' oly a small amout of iformatio is

ever trasmitted 9%ategory ame or sear%h term' ad the availability of (#;s of the form:

htt://.ser>er.com/ro!ucts.asLcate'or6stationer6htt://.ser>er.com/ro!ucts.asLsearchtermens

provides a ituitive meas for others to provide li?s to parti%ular produ%t pages o the

site. "lso' as the respose obtaied from a parti%ular %ategory or sear%h term is li?ely to

%hage ifre,uetly 9oly whe ew produ%ts are added' it would be safe for a server or

browser to %a%he the page retured' refere%ed by its exteded (#;.

".1.3 Client-side Scripting

The vast ma)ority of browsers used today possess a s%riptig egie whi%h permits

%liet3side %ode to be ru withi the browser eviromet 9e.g.Aets%ape Aavigator .0 ad

later' @teret &xplorer .0 ad later' ad 4pera .0 ad later. (sage of this s%riptig

%apability %a provide %osiderable beefits to both %liet ad server 3 for example' it %a

be used to validate forms before they are submitted to the server' prevetig the user from

wastig time waitig for a respose whe the form data is ivalid' redu%ig etwor? traffi%

ad relievig server load.

*owever' despite the fa%t that s%ripts ru i a EsadboxF' a plethora of se%urity EholesF

have bee dis%overed i the ma)or browsers durig re%et years' allowig s%ripts to

observe or modify elemets of the exteral system to whi%h they should ot be permitted

a%%ess. $hilst the vedors have typi%ally bee ,ui%? to provide pat%hes to %orre%t su%h

problems' some users have lost %ofide%e i %liet3side s%riptig ad have disabled it

withi their browsers. +ose,uetly' it is ot possible to rely upo this te%hology for

a%hievig %ore fu%tioality.

"s a result' the de%isio has bee made to utilise %liet s%riptig for the o3essetial tas?

of esurig form data is valid before submissio 9i additio to server3side validatio' ad

as the oly meas for providig a iterfa%e betwee the %liet3side Java applet ad

%ompoets o the web page. (se of the smart%ard is ot essetial for a%%essig ad usig

the site' he%e this' agai' does ot detra%t from %ore fu%tioality.

The stadard *TM; s%riptig laguage i use today is &+M"S%ript' origially developed

by Aets%ape 9as JavaS%ript' ad offered for stadardisatio i "utum 17. "ll browsers

%a+e 2


30/79


whi%h support %liet3side s%riptig support this laguage' he%e this was the atural %hoi%e

for use withi the pro)e%t.

".1. !ynamic T(

!yami% *TM; 9H!*TM;B provides a eha%ed user experie%e by permittig

%liet3side s%ripts to modify the appeara%e of the web page o%e retrieved from the server'

allowig 3 for example 3 ob)e%ts to be moved ad hidde i respose to parti%ular evets.

The method by whi%h su%h dyami% a%tivity is a%hieved differs mar?edly betwee

browsers' however. May do ot support ay form of !*TM;' whilst the two most

%ommoly used produ%ts 9Aets%ape Aavigator 5 ad @teret &xplorer 5O6 possess su%h

radi%ally differet do%umet ob)e%t models that ay form of dyami% user iterfa%e

effe%tively eeds to be writte twi%e 3 o%e for ea%h browser. !espite the publi%atio of a

stadardised !4Maby the $+' it is oly with the re%et release of Aavigator 7 that

some form of %ommoality betwee the Aets%ape ad Mi%rosoft produ%ts has bee

re%ogisable.

+ose,uetly' !*TM; has ot bee employed at all withi this pro)e%t 3 due to the

authorBs per%eptio that it offers little beefit to the ed user' ad his relu%ta%e to exped

%osiderable effort over learig ad supportig o3stadard' proprietaryimplemetatios.

%# Cascading Style Sheets 1CSS2

Separatio of %otet from style is geerally regarded as desirable' due to the fa%t that the

role of providig ad maitaiig iformatio 9H%otetB is very differet from that of

desigig a aestheti%ally pleasig ad logi%al user iterfa%e. *istori%ally' *TM; has

blurred the boudaries betwee the two 3 a page will typi%ally %otai iformatio' perhaps

se%tioed usig des%riptive tags su%h as addressN' together with formattig %ommads

su%h as fot siIeQBRBN 9to i%rease text siIe.

+SS provides a meas for defiig style i a separate lo%atio from the mai *TM; body

9usually i a separate file etirely' ad offers a far ri%her set of %ommads to defie

appeara%e. =or database3ba%?ed sites' where the uderlyig data is already separately

maitaied withi the database' +SS provides the advatage of allowig multiple pages to

a!o%umet 4b)e%t Model

%a+e 2


31/79


li? to a sigle stylesheet' thus allowig %hages to be made a%ross the site by ma?ig )ust

oe set of modifi%atios.

The ma)ority of %urret browsers support +SS ;evel 159@teret &xplorer .0 ad later'

Aets%ape 5.0 ad later' he%e it was de%ided that they be used throughout the site. Pages

viewed o a o3supportig browser might appear less attra%tive' but would retai full

fu%tioality.

%) Client-Side .ava Applet

@ order for %ommui%atio with the smart%ard to be effe%ted' the eed be%ame apparet

for the %reatio of a itermediate program whi%h was %apable of iterfa%ig both with the

web browser ad also with the smart%ard reader atta%hed to the %omputer. +liet3side

s%riptig te%hology is i%apable of a%hievig the latter dire%tly' he%e the most obvious

meas for a%hievig this was to %reate a Java applet that would be %apable of ruig

withi the Java Dirtual Ma%hies 9DMBs preset i the ma)ority of maistream browsers.

4ld Java DMBs preveted applets from %odu%tig operatios whi%h were %osidered

potetially harmful' su%h as a%%essig hardware' via a pro%ess ?ow assand)oxing.

*owever' the se%urity model of the Java platform 1.1 does permit su%h operatios to be

%odu%ted uder %ertai %ir%umsta%es 9typi%ally' after see?ig the userBs permissio.

Java 1.1 has bee i existe%e for may years' he%e is implemeted i the vast ma)ority of

browsers used today.

"dditioally' via use of a system %reated by Aets%ape ?ow asiveConnect' it has

be%ome possible for %liet3side s%ripts ruig i browsers to iterfa%e to Java applets

embedded withi the page 3 spe%ifi%ally' by use of the ets%ape.)avas%ript.JS4b)e%t %lass i

the Java %ode' ad the Hmays%riptB attribute i the appletN tag withi the host *TM;.

@t was %learly preferable for the applet to ma?e use of a established stadard to

%ommui%ate with the smart%ard reader' as opposed to ma?ig a dire%t %oe%tio via the

serialOparallel port ad beig tied to oe parti%ular type of devi%e. +ose,uetly' it was

de%ided to ma?e use of a Java3based framewor? ?ow as 4+=a that a%ts as a abstra%tio

layer betwee software ad hardware' ad for whi%h drivers are available for a umber of

devi%es.

a4pe%ard =ramewor?

%a+e (0


32/79


3 Client $mplementation

Please refer to the a%%ompayig +!3#4M to view the %ommeted %ode ad other files

%reated to implemet the system 9H$ebB dire%tory for user iterfa%e 9*TM;' +SS ad

images' H+lietB dire%tory for %liet3side Java applet sour%e.

"t the time of writig' the fiished sites were available from

http:OOee 3 p%5.asto.a%.u?Ola%ey%sOs% ad http:OOee 3 p%5.asto.a%.u?Ola%ey%sOsm .

3%" +eb 4ser $nterface

Two separate sites were ultimately %reated 3 oe represetig the %ard issuer

9SmartCentre' ad providig %ard persoalisatio ad top3up fa%ilities- the other 9Aston

SmartMar&et beig the &3%ommer%e site itself whi%h ma?es use of the SmartIDpersoal

profile ad Smart4alletele%troi% %ash fa%ilities.

Pages were %reated usig a text editor 3 developmet tools su%h as Mi%rosoft =rotPage

ad Ma%romedia !reamweaver were avoided' as the %ode they geerate was foud to ma?e

use of proprietary features withi maistream browsers whi%h %a prove problemati% whe

viewed i other eviromets.

@mages were iitially %reated i a ve%tor3based drawig pa%?age' amely +orelKara 2.0'

whi%h allowed for the %reatio of stadard styles ad modifi%atio of graphi%s 9e.g.

elargemet ad rotatio without loss of defiitio. $he the desig pro%ess was

%omplete' ati3aliased images were saved i @=afor buttos ad logos' whi%h is a

%ompressed' o3lossy' format providig a maximum palette of 267 %olours. Photographi%

images were saved usig JP&bformat' whi%h provides 253bit %olour depth' but uses a

lossy %ompressio algorithm 9ma?ig it usuitable for images %otaiig highly defied

edges' su%h as logos.

araphi%al @ter%hage =ormatbJoit Photographi% &xperts roup

%a+e (1


33/79


/.1.1 SmartCentre Site

Separate pages were %reated for:

%ofigurig the %ard 9eterig persoal data' spe%ifyig se%urity settigs

%hagig the P@A

ublo%?ig the %ard by eterig the %orre%t ublo%? %ode

viewig the bala%e

%reditig 9Htoppig upB the %ard by use of a %redit %ard

repeatig a top up whi%h failed due to a etwor? failure

together with various iformatioal pages' i%ludig su%%essOfailure feedba%? for top3up

attempts.

Most of the pages used forms to obtai user iput' passig the data to the %ard by use of the

%liet3side Java applet. Toppig up ad repeatig top3ups were the oly pages to re,uire

server3side pro%essig of forms 9to geerate the %orre%t %ryptographi% respose- the

remaiig pages wor? %orre%tly if ru lo%ally i a web browser 9 i.e.ot fet%hed from a

server' providig users a meas for %ofigurig their %ards without %oe%tig to the

etwor?' if re,uired.

Figure '.1: For" used to configure personal profile

%a+e (2


34/79


=rames were used to provide a easy3a%%ess toolbar' as see i figure 7.1 above' whi%h

also proved to be a suitable stati% lo%atio for embeddig the applet.

/.1.2 Aston Smartar0et Site

Separate pages were %reated for:

%reatig a ew user a%%out

loggig i

viewig shoppig bas?et %otets ad modifyig ,uatities

providig sear%h fa%ilities by %ategory or textually

displayig produ%ts mat%hig the sear%h %riteria

addig a spe%ified ,uatity of a produ%t to the shoppig bas?et

%he%?ig out usig a %redit %ard

%he%?ig out usig Smart$allet

repeatig a Smart$allet trasa%tio that failed due to a system or etwor?

problem

together with various iformatioal pages' i%ludig su%%essOfailure feedba%? for a%tios

su%h as %reatig a ew user ad ma?ig %redit %ard or smart%ard paymets.

"gai' a frameset was %reated to provide a stati% toolbar' although avigatio through

pages was su%h that operatio i a o3frames eviromet is possible.

%a+e ((


35/79


Figure '.2: Aston S"art,ar/et front page

Figure '.3: Pages to search product database and view results

%a+e (


36/79


3%# Client-Side .ava Applet

/.2.1 nterface ethods

The applet %reated provided the followig methods whi%h %a be a%%essed from %liet3side

s%ripts' thus allowig others to implemet SmartIDadSmart4alletfu%tioality ito a

existig site relatively easily:

get/ala%e9 3 returs bala%e as iteger

get=ield9Strig fieldAame 3 returs profile iformatio as strig

set=ield9Strig fieldAame' Strig fieldDalue

debit9it value' Strig +hallege 3 returs %ryptographi% respose as strig

repeat!ebit#espose9 3 returs %ryptographi% respose as strig

prepare+redit9it value 3 returs %ryptographi% %hallege as strig

%redit9Strig #espose 3 returs su%%ess status as boolea

sedPi9it pi

setPi9it pi

setSe%urity9boolea privateSe%' boolea private4%e'

boolea geeralSe%' boolea geeral4%e getSe%urity9 3 returs se%urity settigs as strig of the form E0110F

ublo%?9Strig %ode 3 returs su%%ess status as boolea

begi+oversatio9

ed+oversatio9

Most are fairly self3explaatory' ad %orrespod to the %ore smart%ard fu%tios des%ribed

i !.5 Smartcard 6eatre Set.

Possibilities for fieldAame i get!ield;..


37/79


page may be surrouded by beginCon'ersation;


38/79


5 Smartcard Design $ss!es

5%" Choice of *perating System

Three multiple appli%atio smart%ard operatig systems are %ommoly i use 3 amely'

SuBs9avaCard' Mi%rosoftBs 4indos for Smartcardsad Maos%oBsMU$:S. The

fu%tioality provided by ea%h appears to be fairly similar 3 the ma)or differe%e i

implemetatios beig the laguage i whi%h developmet ta?es pla%e 9Java' Disual /asi%

ad assembly laguage' respe%tively.

The de%isio was made to sele%t M(;T4S %ards for developmet' solely be%ause this is

the system upo whi%h the "sto (iversity Smart Camps Cardis based. +ose,uetly'

it should be possible for the appli%atios writte for this pro)e%t to be loaded oto a "sto

%ard should a suitable appli%atio load %ertifi%ate be obtaied from the M(;T4S +" a.

5%# Card-Client Comm!nication

@S4


39/79


4.2.2 +esponse AP!*5s

#espose "P!(Bs %osist of a optioal data body' followed by a two3byte trailer' as

show i6igre ;.


40/79


6 Smartcard $mplementation

Please refer to the a%%ompayig +!3#4M 9H+ardB dire%tory orAppendix ; to view

%ommeted %ode for the %ard applet %reated.

6%" eat!re Set

"s des%ribed i


41/79


6.1.1 P +e7#ests

"s a additioal measure of se%urity' the applet was desiged ot to perform EdagerousF

operatios 9su%h as debits ad profile %hages uless the %orre%t P@A is submitted dire%tly

beforehad 9usig istru%tio 0x50.

@ additio' it was made possible for the user to %ofigure the %ard as to whether ad how

ofte 9always' o%e per sessio' or ever P@A etry is re,uired for retrievig profile

iformatio. 4ptios %a be spe%ified for EsesitiveF data 9password ad %redit %ard

umber ad for EgeeralF data 9all other fields.

The four bytes set ad re%eived as se%urity settigs i istru%tios 0x52 ad 0x5

represet four flags privateSe%' private4%e' geeralSe%' geeral4%e. privateSe%

idi%ates whether the %ard should re,uest P@A etry whe retrievig private iformatio'

ad private4%e how ofte this should o%%ur 91 Q o%e per sessio' 0 Q every re,uest.

The settig of the latter is irrelevat if privateSe% is set false. Similarly' geeralSe% ad

geeral4%e spe%ify whether ad how ofte the P@A should be re,uested for the retrieval

of geeral data.

6%# Developmental Process

+odig was %arried out usig a text editor' ad *ita%hiBsMltos Development $oolsused

to %ompile' debug ad load the M"; %ode oto a smart%ard.

Dery basi% fu%tioality was implemeted i the early stages of developmet' with extra

features beig added o%e testig proved that those already i existe%e wor?ed as

iteded. &xtesive use was made of the EMS!TF %ard simulator to isert brea?poits

ito %ode' the trasmit parti%ular "P!(Bs ad step through ea%h lie of the applet. The

system permitted the values of %hose variables to be observed 9Ewat%hedF whilststeppig through the %ode' ad showed the %otets of registers' the sta%? ad the

trasa%tio shadow data area 3 all of whi%h proved ivaluable i idetifyig errors withi

the %ode.

To permit testig of the applet upo the smart%ard itself' the $erminal Simlatorwas used

to upload the applet 9by sele%tio of a suitable load %ertifi%ate' desiged for the

developmet %ards' trasmit "P!(Bs ad view the %ard respose.

%a+e 0


42/79


7 Cryptographic Challenge and 'esponse

Cycle

7%" 'e(!irements

Previous desig de%isios di%tated that the oly re%ord of the value stored withi a userBs

wallet was to be o the smart%ard itself 9see


43/79


private ?ey for ea%h %ard 9as i SMaS@Mb%ards would redu%e the potetial for su%h

%atastrophi% destru%tio of the systemBs se%urityU

7%) Debit Proced!reThe pro%edure to debit the %ard ivolves the geeratio of a challengeby the server' whi%h

is trasmitted to the %liet together with the value to be debited. The %ard the attempts to

de%rease its bala%e by the amout spe%ified ad 3 if su%%essful 3 digitally sigs the

9%hallege'value data usig its private ?ey. The respose thus geerated %a the be

retured to the server whi%h' usig the same private ?ey as that preset o the %ard' %a

assess whether the %orre%t respose has bee retured ad thus whether the debit

istru%tio was %arried out.

Figure 8.1: &ebit co""unication se9uence

The algorithms typi%ally used to perform digital sigatures are !&S or 3!&S. *owever'

either was ot available o the developmet %ard provided- %ose,uetly' the fu%tio

performed was simply a ex%lusive3or of the 753bit private ?ey with a %o%ateatio of the

53bit %hallege ad the 173bit debit value. +learly' su%h a fu%tio is i o way suitable

for digital sigatures' as it is easily reversible' allowig the private ?ey to be %al%ulated. @f

implemeted o a release %ard' the values would istead be passed to the digital sigature

algorithm provided- ad the same fu%tio used o the server.

&a%h %hallege geerated by the server eeds to be ui,ue 9a nonce' so that the %orre%t

respose %a ever be obtaied by refere%e to histori% data. =or the purposes of this

pro)e%t' use of a 53bit radom umber with over 20 billio possible values' is regarded

alobal System for MobilesbSubs%riber @detity Module

%a+e 2


44/79


as beig suffi%iet. !eploymet i the real world may re,uire the use of loger umbers

ad a differet meas for %al%ulatig the o%e' i order to provide higher levels of

se%urity' ad redu%e the possibility of )rte-forceatta%?s from su%%eedig.

7%, Credit Proced!re

=or toppig up the %ard' a similar strategy is used to that employed withi the debit

pro%edure. *owever' i this %ase the %hallege is geerated by the %ard' ad thus a

additioal stage is re,uired for the %hallege to be re,uested' as show:

Figure 8.2: 5redit co""unication se9uence

HvalueB is set to Iero after %ompletio of the top3up to prevet replay of the repose %ausig

multiple %redits.

7% Tolerance to 8etwork ail!res

@ the evet of a etwor? failure' the situatio may arise where value is su%%essfully

debited from the %ard' ad the respose is geerated but ever re%eived by the server.

+ose,uetly' the %ard applet was %oded su%h that the respose' o%e geerated' is stored

i o3volatile memory- ad a %ommad added to the istru%tio set whi%h %auses the %ard

to repeat its last respose. *e%e' this fa%ility %ould be used repeatedly to re3attempt

trasmissio of the respose over the etwor? util su%%essful.

Similarly' i the evet of a etwor? failure prevetig a respose from rea%hig the %ard i

the fial %redit stage' the server eeds to be able to re3trasmit this as may times as

e%essary 9i.e.ta?e resposibility for ma?ig a re%ord of the last respose %al%ulated for

ea%h user.

%a+e (


45/79


7%3 Tolerance to System $nterr!ptions

@ the same way that trasa%tios were employed to prevet partial %ompletio of database

pro%esses o the server 9see '.(.5 Data)ase $ransactions' %ards trasa%tios have bee

used to e%ompass the %riti%al a%tios show i6igres !.5ad !.


46/79


Figure 8.3: &ebit test site

Figure 8.4: 5redit test site

%a+e


47/79


"9 Eval!ation

The author believes the pro)e%t to have bee su%%essful' i meetig ad ex%eedig the

origial aims. " &3%ommer%e site has bee su%%essfully %reated' ad 3 i the abse%e of

suitable spe%ifi%atios from Modex 3 a se%ure smart%ard paymet system has bee %reated

from s%rat%h. "dditioally' a smart%ard persoal profile system has bee %reated i

respose to the re,uest of *ita%hiBs Smart +ommer%e !ivisio.

Several people were as?ed to test the sites %reated' ad feedba%? obtaied from them was

used to refie the user iterfa%e. +osiderable testig has also bee %arried out by the

author to esure the stability of the etire system.

" site was %reated to demostrate the wor?igs of the %redit ad debit pro%edures'

permittig modifi%atios to be made to the data passed to the %ard ad server. "ttempts to

defraud the system 9e.g.by de%reasig the value passed to a %ard for a debit attempt' or

%odu%tig replay atta%?s all failed.

"9%" Pro:ect Costing

The oly dire%t %osts ivolved with the developmet of the system were with respe%t to

smart%ard hardware ad developmet tools 9?idly doated by *ita%hi:

1 @S Smart Mouse smart%ard reader V2.60

2 M(;T4S Test +ards W V20 ea%h V50.00

Total B"&.+

"dditioally' two P+Bs 9a server ad a wor?statio ad various operatig systems ad

pie%es of software 9$idows' Multos !evelopmet Tools' "%%ess were utilised.

The author believes the time spet resear%hig ad developig the system to be i ex%ess

of four hudred hours. "dditioally' aroud twelve hours were spet i %osultatio with

a%ademi% staff ad *ita%hi represetatives- ad approximately three hours with support

staff.

%a+e


48/79


"9%" Possible !t!re Development

Should further time have bee available' it would have bee desirable to address the

followig issues:

1. #emove the eed for the site to be added to the list of Etrusted sitesF ad for full Java

permissios to be expli%itly grated i @teret &xplorer' by providig a versio of the

%liet3side Java applet whi%h was digitally siged usig Mi%rosoftBs sigig

te%hology. "lteratively' resear%h the feasibility of usig SuBs Java Plug3i for

@teret &xplorer' Aets%ape Aavigator ad 4pera to provide a stadard meas for

ruig ad gratig a%%ess rights to %ode.

2. #edu%e the potetial for uauthorised %ard debits by re,uirig debit re,uests to bedigitally siged.

. #edu%e the %omplexity of the istallatio pro%ess re,uired by users' by %reatig a

@stallShield wiIard 9or similar to automate the pro%ess.

5. @%rease the level of user feedba%? provided whe trasa%tios fail by providig a

fuller rage of %ard respose %odes to idi%ate differet errors

6. &sure validatio of *TM; forms o%%urs both o the server side ad the %liet side i

all %ases.

@ the loger term' the pro)e%t %ould be developed further by:

1. Performig server load tests' ad implemetig a system more suited to high volume

traffi% 9e.g.by deployig a 4ra%le database

2. Providig additioal meas for a%%essig the site' e.g.via $"PO$M; o mobile

telephoes

. +reatig %liet3side software to %ofigure the smart%ard ad maage the persoal

profile' without eed for a%%essig the ESmart+etreF web site.

%a+e


49/79


"" Concl!sion

The su%%essful %reatio of smart%ard3based ele%troi% %ash ad persoal profile systems'

ad the itegratio of these ito a fully3fu%tioig &3%ommer%e site' suggest that

smart%ard te%hology does provide a feasible solutio to some of the problems whi%h

prevet &3%ommer%e sites from realisig their full potetial. Spe%ifi%ally' the ed3produ%t

%reated for this pro)e%t provides a portable' se%ure meas for users to store ad trasfer

ele%troi% %ash over the @teret' providig the same beefits that real %ash has over %redit

%ards with respe%t to mi%ropaymets' aoymity ad speed of trasa%tio. "dditioally'

the system allows users to %omplete olie forms rapidly' ad removes the eed for sites to

retai re%ords of persoal data 3 providig beefits i terms of priva%y ad removig the

eed for users to iform umerous sites wheever details %hage.

+urretly' the use of smart%ard te%hology for these purposes is most fudametally

%ostraied by the low umber of %ard readers i geeral use. *owever' the i%reasig

deploymet of smart%ards i ba?ig' ad the i%lusio of smart%ard fa%ilities i $idows

2000' %a oly serve to expedite their i%rease i popularity.

Aevertheless' a umber of other issues have bee idetified whi%h' util resolved' appear

li?ely to limit the utility of smart%ard te%hology with respe%t to &3%ommer%e.

+osiderable diffi%ulties were e%outered i a%%essig the smart%ard from withi the web

browser: the oly meas dis%overed beig by use of a framewor? 94+= whi%h is too

%ompli%ated to istall for the ma)ority of users. "lso' differe%es i the se%urity models of

browsers meat that applets had to be developed whi%h were appli%atio3spe%ifi% or

re,uired %ompli%ated %ofiguratio steps to be %arried out.

"dditioally' the relu%ta%e of Modex @teratioal to provide their spe%ifi%atios to

idividuals with whom they have o %ommer%ial trust agreemet' seems to be idi%ative of

the attitudes of the developers of most ele%troi% %ash systems' ad suggests that strog

%ofide%e still does ot exist i the se%urity of these systems.

$idespread adoptio of smart%ard te%hology for &3%ommer%e will therefore probably ot

o%%ur util a stadard meas for web browsers to iterfa%e with them has bee developed'

ad util a ope stadard exists for the storage ad trasfer of ele%troi% %ash' allowig

deploymet by all.

%a+e


50/79


'eferences

1 #agget ! et al:#$M (.> Specification' revised 1' $+

2 #agget !:#$M '.< "eference Specification' 1


51/79


;ibliography

+obley ": $he Complete ?ide to 9ava' 1ue

;ie *' /os /: Cascading Style Sheets evel 5' 17' $+

Mit%hell S' "t?iso J:Active Server %ages '.>' 2000' S"MS

#agget ! et al:#$M (.> Specification' revised 1' $+

#agget !:#$M '.< "eference Specification' 1' 1' Maos%o

Mltos Developers ?ide v5.' 1' Maos%o

%a+e 0


52/79


Appendi& "< System *verview

*nternet *n4or"ation #erver

A#% #criptin+ !n+ine

563C Layer

6ata7ase

#erver-si$e8ava App

3rowser

#criptin+ !n+ine

Client-si$e 8ava applet

8ava 9&

#"art*6 Applet

A%*

*nterpreter

5peratin+ #yste" :&ULT5#;

1nternet

PC8SC (ayer

Server 5lient

S"artcard

5pencar$


53/79


Appendi& #< P!blic E&planatory Material

Appendi& #%"< $ntrod!ction to Smart$D and

Smart+allet

elcome to SmartCentre

This site allows %ofiguratio of your Smart$)ad Smartalletapplets.

Smart$)eables you to store ad maitai your persoal profile o your ow smart%ard.

Sites usig Smart$)do ot retai persoal data' su%h as address ad %redit %ard details'

but istead obtai it whe re,uired by ,ueryig your smart%ard. Smart$)will oly release

private iformatio whe you permit it to' givig you full %otrol over how your data is

hadled. "dditioally' by allowig you to update your profile wheever e%essary'

Smart$)removes the eed for iformig umerous sites wheever your details %hage.

Gou %a%ofigureSmart$)or %hage your P@A.

Smartalletprovides a se%ure meas for storig ad trasferrig value over ise%ure

etwor?s' su%h as the @teret. Sites employig Smartalletas a meas of paymet will

be able to debit or %redit your %ard istataeously' avoidig delays iheret withi %redit

%ard %learig systems. Smartalletwill oly permit debits to be made after see?ig your

permissio' ad as there is o eed to had over ay %redit or debit %ard details' there is oris? of your umber beig used ulawfully.

Gou %aview your %urret bala%eortop up your walletusig a %redit or debit %ard.

%a+e 2
http://var/www/apps/conversion/tmp/scratch_2/configsid.htmlhttp://var/www/apps/conversion/tmp/scratch_2/configsid.htmlhttp://var/www/apps/conversion/tmp/scratch_2/setpin.htmlhttp://var/www/apps/conversion/tmp/scratch_2/setpin.htmlhttp://var/www/apps/conversion/tmp/scratch_2/balance.htmlhttp://var/www/apps/conversion/tmp/scratch_2/balance.htmlhttp://var/www/apps/conversion/tmp/scratch_2/topupsw.htmlhttp://var/www/apps/conversion/tmp/scratch_2/topupsw.htmlhttp://var/www/apps/conversion/tmp/scratch_2/configsid.htmlhttp://var/www/apps/conversion/tmp/scratch_2/setpin.htmlhttp://var/www/apps/conversion/tmp/scratch_2/balance.htmlhttp://var/www/apps/conversion/tmp/scratch_2/topupsw.html


54/79


Appendi& #%#< Privacy Statement for SmartMarket

3ri'acy Statement@ order to ma?e pur%hases from this site' you will eed to register yourself ito our user

database by providig your ame ad %hoi%e of userame ad password. This' ad the

%otets of your shoppig bas?et' is the oly iformatio whi%h SmartMar?et will retai

%o%erig you.

$heever address or %reditO%ard umber iformatio is re,uested' it used to pro%ess the

sigle trasa%tio for whi%h it has bee etered. Ao permaet re%ord is made of this data.

$e re%ommed that you use the Smart$)smart%ard system to maitai your persoal

profile ad use this to fill i our forms ,ui%?ly ad a%%urately.

$heever you log i' we use a Xsessio %oo?ieX to idetify you to our server for the

duratio of your visit. Su%h %oo?ies are small text files whi%h are temporarily stored o

your %omputerYs hard dis?' the %otets of whi%h %a oly be set to the web site whi%h

origially %reated them. "ll sessio %oo?ies are automati%ally destroyed by your browser

whe you %lose it dow.

To remove the eed for loggig i every time you visit our site' you may ti%? the box

amed Xremember my logi usig %oo?iesX to store a permaet %oo?ie o your hard dis?.

$e re%ommed this optio oly if you are usig a persoal ma%hie. ;oggig out from our

site will always destroy all sessio ad permaet %oo?ies.

%a+e (


55/79


Appendi& )< Server $nstallation $nstr!ctions

These istru%tios are spe%ifi% Mi%rosoft $idows AT 5 Server' with the Java Dirtual

Ma%hie' @teret @formatio Server 9with "SP support' ad "%%ess 4!/+ drivers

istalled. !eploymet o other platforms is utested.

1. +opy the web site files 9o +!3#4M' H$ebB dire%tory ito the web root dire%tory of

@@S 9by default' +:Z@etpubZwwwroot or %reate a ew virtual dire%tory to host the files

elsewhere.

2. +opy the "%%ess database 9o +!3#4M' HServerB dire%tory to a lo%atio o the server

that is ot a served web dire%tory. +reate a 4!/+ %oe%tio to this file usig the

"%%ess 4!/+ driver

9+otrol Pael !ata Sour%es 94!/+ System !SA tab "dd...

. +opy the Server3side Java appli%atio to $@AATZJavaZT#(ST;@/ ad register it as a

+4M %ompoet usig the J"D"#& utility 9if ot o system' o +!3#4M' HServerB

dire%tory usig the followig %ommad:

;a>are' /re'ister /class:2mart7hallen'e /ro':72).2mart7hallen'e

5. #eboot the system to %omplete registratio of the +4M %ompoet

Appendi& )%"< $mplementing SS/

SS; is ot re,uired for the su%%essful implemetatio of this system. The followig

pro%edure %a' however' be used to implemet it if re,uired. Mi%rosoft +ertifi%ate Server

will eed to be istalled before pro%eedig.

Appendi 3.1.1 9eneration of Ser$er Certificate

Start theInternet Service Manager9Start 3N $idows AT 5 4ptio Pa%? 3N Mi%rosoft

@teret @formatio Server 3N @teret Servi%e Maager

#ight %li%? o E!efault $eb SiteF 9or virtual dire%tory if %reated' sele%t EPropertiesF

!ire%tory Se%urity tab 3N &dit Se%ure +ommui%atio 3N 8ey Maager

#ight %li%? E$$$F i 8ey Maager' +reate Aew 8ey

=ollow the wiIard to %reate a %ertifi%ate re,uest file' esurig EPut the re,uest i a fileF

is sele%ted o the first s%ree' as automati% trasmissio to a olie authority appears

%a+e


56/79


ot to wor? %orre%tly. 4 the third s%ree' esure the etry for E4rgaisatioF is the

registered ower of the domai withi whi%h the web server resides 9e.g.E"sto

(iversityF for asto.a%.u?. "lso' E+ommo AameF should be the resolved @P

address of the web server 9e.g. ee3p%5.asto.a%.u? 3 if this is u?ow' determie

usig http:OOwww.%lara.etOdialupOsupportOip.shtml .

#e,uest a server %ertifi%ate from a +ertifi%atio "uthority 9e.g.Derisig at

http:OOwww.verisig.%omOsiteOidex.html' followig the olie istru%tios ad

submittig the file geerated by 8ey Maager 9the +S#afile whe re,uested

"fter re%eivig the %ertifi%ate' right %li%? the ew ?ey i 8ey Maager ad sele%t

E@stall 8ey +ertifi%ateF. ;o%ate the %ertifi%ate ad sele%t it. @f the %ertifi%ate re%eived

was embedded as plai text withi a &mail message' it will be e%essary to %opy ad

paste the text betwee 33333/&@A +T@=@+"T&33333 ad

33333&A! +T@=@+"T&33333 ito a ew file with a .p


57/79


Appendi& ,< Client $nstallation $nstr!ctions

These istru%tios are spe%ifi% to Mi%rosoft $idows with @teret &xplorer 6.0 adOor

Aets%ape Aavigator 5..+at2ET 7)A22PATH#7)A22PATH#@7:M?en7ar!M?71.FMli+M+ase-core.;ar

2ET 7)A22PATH#7)A22PATH#@7:M?en7ar!M?71.FMli+M+ase-ot1.;ar

2ET 7)A22PATH#7)A22PATH#@7:M?en7ar!M?71.FMli+Mcsc.;ar

2ET 7)A22PATH#7)A22PATH#@7:M?en7ar!M?71.FMli+Mreference-ser>ices.;ar

Appendi& ,%#< $nternet E&plorer

1. +opy the Hope%ard.propertiesB file istalled by 4+= 9by default' i

+:ZProgram =ilesZJavaSoftZJ#&Z1.2Zlib ito @&Bs Java home dire%tory

9$idowsZJavaZlib

2. "dd the server upo whi%h the site is hosted 9e.g.ee3p%5.asto.a%.u? to the list of

Etrusted sitesF 9Tools @teret 4ptios...Se%urity tab Trusted Sites Sites...

. rat full permissios to Java %ode origiatig from trusted sites

9Trusted Sites +ustom ;evel... Java Permissios' sele%t E+ustomF-

Java +ustom Settigs... &dit Permissios #u (siged +otet' sele%t

E&ableF

%a+e


58/79


Appendi& ,%)< 8etscape 8avigator

1. +opy the Hope%ard.propertiesB file istalled by 4+= 9by default' i

+:ZProgram =ilesZJavaSoftZJ#&Z1.2Zlib ito Aets%apeBs Java home dire%tory

9+:ZProgram =ilesZAets%apeZ(sersZuserameN as H.ope%ard.propertiesB

2. +opy the !;; H4+=P+S+1.!;;B istalled by 4+= 9by default' i

+:Z4pe+ardZ4+=1.2Zlib to Aets%apeBs Java library dire%tory 9+:ZProgram

=ilesZAets%apeZ+ommui%atorZProgramZ)avaZbi

. @stall the %ertifi%ate for the E"stoF +ertifi%atio "uthority 9used to %reate the

%ertifi%ate with whi%h the applet was siged' as opposed to pur%hasig oe by

draggig the Hx60.%a%ertB file 9o +!3#4M' H+lietOASB dire%tory ito the browserwidow' ad followig the olie istru%tios

%a+e


59/79


Appendi& < Server Code

Appendi& %"< ASP E&amples

Appendi ".1.1: (ibrary for calling cryptographic f#nctions &s;atee6 3111QNR4NQFS4RSSNSO3

Dnclusion of this li+rar6 ill automaticall6 instantiate the ser>er ;a>a 7?( comonentim ssmart7hallen'e2et ssmart7hallen'e 2er>er.7reate?+;ect8372).2mart7hallen'e39

DGenerate a resonse to a car!Ds challen'e for tou 8i.e. authorise the cre!it9unction create=esonse8s>alue* schallen'e9

create=esonse ssmart7hallen'e.create=esonse8s>alue* schallen'e*

sri>atee69En! unction

D7alculate the eCecte! resonse from a car! to in!icate reuire! !e+it occurre!unction reemt=esonse8s>alue* schallen'e9

reemt=esonsessmart7hallen'e.reemt=esonse8s>alue* schallen'e* sri>atee69

En! unction

DGenerate a challen'e for the !e+it roce!ureunction create7hallen'e

create7hallen'essmart7hallen'e.create7hallen'e89En! unction

D=elease connection to 7?( comonentunction sfinalise

2et ssmart7hallen'e nothin'En! unction#$

%a+e


60/79


Appendi ".1.2: Ser$er-side $alidation for registering a #ser &add#ser.asp'

"# )A,GUAGE B2crit #$"%--&inclu!e file3../st!li+.as3--$"%--&inclu!e file3../!+li+.as3--$"#

im urlAen!* userECists* username* assor!* forename* surnameusername=euest83username39assor!=euest83assor!39forename=euest83forename39surname=euest83surname39

urlAen! 3Lusername3 username 3assor!3 assor! 3forename3 forename 3surname3 surname

D7hec5 to see if user alrea!6 eCists in !ata+aseuserECists ,ot isEmt6=2832E)E7T Username =?( Accounts WHE=E UsernameD3 username 3D39

f =euest83assor!39 "$ =euest83assor!F39 ThenDPassor!s !o not match!+finalise89=esonse.=e!irect83a!!user!iffass.as3 urlAen!9

Elsef username33 ?r assor!33 ?r forename33 ?r surname33 ThenDEssential fiel! left +lan5!+finalise89=esonse.=e!irect83a!!userincomlete.as3 urlAen!9

Elsef userECists ThenDUser alrea!6 eCists!+finalise89=esonse.=e!irect83a!!usereCists.as3 urlAen!9

ElseD? to insert user into !ata+ase!+ECecute83,2E=T ,T? Accounts 8Username*Passor!*orename*2urname9 A)UE2 8D3

username 3D*D3 assor! 3D*D3 forename 3D*D3 surname 3D939!+finalise89=esonse.=e!irect83a!!usersuccess.html39

En! f#$

%a+e


61/79


Appendi ".1.3: =alidating card5s debit response &sca#thorise.asp'

"# )A,GUAGE B2crit #$"%--&inclu!e file3../st!li+.as3--$"%--&inclu!e file3../!+li+.as3--$"%--&inclu!e file3../ccli+.as3--$

"%--&inclu!e file3../sli+.as3--$"#im eCecte!=es* actual=es* transactionalue* +as5etTotal* name* a!!ressactual=es=euest83car!=esonse39 D=etrie>es car!Ds resonse to cr6to'rahic challen'e+as5etTotal'et,umericBas5etTotal89

D?+tain information for current transaction from !ata+ase...!+alues 'reater than 2martWalletDs maCimum +alance are not ossi+le!+finalise89=esonse.=e!irect83sceCcess.as39

Elsef actual=eseCecte!=es An! +as5etTotaltransactionalue ThenD=esonse o+taine! from car! is correct* an! >alue of +as5et contentsDhas not chan'e! since challen'e as issue!o+;7onn.Be'inTrans DBe'in !ata+ase transaction +ecause chec5in' out of each item

Dan! for'ettin' eCecte! resonse must +e atomicurchaseBas5et89!+ent rela6 attac5s

o+;7onn.7ommitTrans D7ommit transaction!+finalise89=esonse.=e!irect83scsuccess.as39

Else!+finalise89=esonse.=e!irect83scfail.as39

En! f#$

%a+e 0


62/79


Appendi& %#< Server-Side .ava Applicationimort ;a>a.io.K@imort ;a>a.math.K@

u+lic class 2mart7hallen'e

final int (aC7ar!Balance NO000@

u+lic 2trin' create7hallen'e89 Bi'nte'er numFON ne Bi'nte'er83FON39@ Bi'nte'er result ne Bi'nte'er83039@ int ran!om@ for 8int i0@ i"N@ i9 //(a5e a lar'e ran!om num+er +6 result result.multil68numFON9@ //concatanatin' se>eral ran!om 8int9 8FONK(ath.ran!om899@ //ran!om +6tes 8maC >alue of +6teFON9 result result.a!!8 ne Bi'nte'er8nte'er.to2trin'8ran!om99 9@ V return result.to2trin'89@ V

u+lic 2trin' create=esonse8int >alue* 2trin' challen'e* 2trin' ri>atee69 Bi'nte'er numFON ne Bi'nte'er83FON39@

Bi'nte'er result ne Bi'nte'er83039@ Bi'nte'er challen'e,um ne Bi'nte'er8challen'e9@ Bi'nte'er challen'eTest ne Bi'nte'er8challen'e9@ Bi'nte'er ri>atee6,um ne Bi'nte'er8ri>atee69@ +6te tCBloc5IJ ne +6teIRJ@ for 8int iQ@ i$0@ i--9 tCBloc5IiJ 8+6te9 challen'eTest.remain!er8numFON9.intalue89@ challen'eTest challen'eTest.!i>i!e8numFON9@ V if 8tCBloc5IQJ8+6te98>alue#FON9 tCBloc5INJ8+6te98>alue/FON99 //alue em+e!!e! in challen'e is same as that secifie! 8in D>alueD arameter9 //therefore return correct resonse... resultchallen'e,um.Cor8ri>atee6,um9@ return result.to2trin'89@ V

u+lic 2trin' reemt=esonse8int >alue* 2trin' challen'e* 2trin' ri>atee69 Bi'nte'er numFON ne Bi'nte'er83FON39@ Bi'nte'er result ne Bi'nte'er83-139@ Bi'nte'er challen'e,um ne Bi'nte'er8challen'e9@ if 8>alue " (aC7ar!Balance9 +6te tCBloc5IJ ne +6teIRJ@ //etermine +6tes that ill actuall6 +e transmitte! to car!... tCBloc5IQJ 8+6te98>alue#FON9@ tCBloc5INJ 8+6te98>alue/FON9@ for 8int iO@ i$0@ i--9 tCBloc5IiJ 8+6te9 challen'e,um.remain!er8numFON9.intalue89@ challen'e,um challen'e,um.!i>i!e8numFON9@ V Bi'nte'er tCBloc5,um ne Bi'nte'er8tCBloc59@ Bi'nte'er ri>atee6,um ne Bi'nte'er8ri>atee69@ result tCBloc5,um.Cor8ri>atee6,um9@ V

return result.to2trin'89@ V

V

%a+e 1


63/79


Appendi& 3< Client Code

Appendi& 3%"< 0TM/ and ECMAScript E&amples

Appendi /.1.1: *sing client-side >a$a applet ;ith forms &configsid.html'

"html$"hea!$"lin5 rel3st6lesheet3 href3sc.css3 t6e3teCt/css3$"scrit lan'ua'e3;a>ascrit3 t6e3teCt/;a>ascrit3$function 'etiel!s89 >ar in* sec2ettin's* 'eneral2ec* 'eneral?nce* ri>ate2ec* ri>ate?nce arent.tool+ar.!ocument.smart.+e'in7on>ersation89@ !ocument.userform.username.>aluearent.tool+ar.!ocument.smart.'etiel!83username39@ !ocument.userform.assor!.>aluearent.tool+ar.!ocument.smart.'etiel!83assor!39@ !ocument.userform.forename.>aluearent.tool+ar.!ocument.smart.'etiel!83forename39@ !ocument.userform.surname.>aluearent.tool+ar.!ocument.smart.'etiel!83surname39@ !ocument.userform.a!!ress.>aluearent.tool+ar.!ocument.smart.'etiel!83streeta!!ress39@ !ocument.userform.ton.>aluearent.tool+ar.!ocument.smart.'etiel!83ton39@

!ocument.userform.count6.>aluearent.tool+ar.!ocument.smart.'etiel!83count639@ !ocument.userform.ostco!e.>aluearent.tool+ar.!ocument.smart.'etiel!83ostco!e39@ !ocument.userform.cc,um+er.>aluearent.tool+ar.!ocument.smart.'etiel!83cc,um+er39@ sec2ettin's3C3 arent.tool+ar.!ocument.smart.'et2ecurit689@ arent.tool+ar.!ocument.smart.en!7on>ersation89@ ri>ate2ecsec2ettin's.charAt819@ ri>ate?ncesec2ettin's.charAt8F9@ 'eneral2ecsec2ettin's.charAt89@ 'eneral?ncesec2ettin's.charAt849@ !ocument.userform.ri>atePinI0J.chec5e! 88ri>ate2ec3139 8ri>ate?nce30399@ !ocument.userform.ri>atePinI1J.chec5e! 8ri>ate?nce3139@ !ocument.userform.ri>atePinIFJ.chec5e! 8ri>ate2ec3039@ !ocument.userform.'eneralPinI0J.chec5e! 88'eneral2ec3139 8'eneral?nce30399@ !oc

Documents

Development of an E-commerce Site with Smartcard Payment Mechanism