Upload
azfar-ahmed-farooqi
View
217
Download
1
Embed Size (px)
Citation preview
Secure Debit Card Device Model
Final Year Project Mid Defense
Presented by: Saad Bin Khalid Rumaisah Munir
Advisor: Dr. Abdul Ghafoor AbassiCo-Advisor: Sir Nasir Mahmood Dr. Awais Kamboh
Title Page
Introduction Motivation Problem Statement Literature Review Analysis and Functionality Implementation and Screen shorts References Questions
Agenda
We plan to make a secure ATM-type device, that uses smart cards for transaction operations instead of Credit cards or cash.
The system will have software and hardware modules.
The software module will consist of a user friendly interface that will prompt the user to enter PIN code.
The hardware modules securely communicate with the software modules for transactions.
Introduction
The user enters PIN code in the GUI at a merchant PoS terminal.
The system will first verify if the entered PIN code is present in the backend database.
If it is present, the system will display the menu which has 5 functions:
1. Account to Account Transfer2. Over the counter Transfer3. Cash Depost4. Cash Withdrawal5. Settings
Analysis and Functionality
Depending on the option that the user selects, the system proceeds to perform the operation after insertion of smart card in the reader.
If the user selects “settings”, the user is allowed to access his personal settings and alter them.
If the user selects “cash deposit”, the user is asked to enter cash in the currency reader which detects and processes the currency data and forwards it to the system.
Analysis And Functionality
If the user selects any of the other 3 options, cash is deducted from the user’s account and balance displayed.
Analysis and Functionality
The motivation behind the project is the need to provide security to users by securing their personal data.
Further this system is the “future”. As smart-card based systems, prevail in Europe, the system has entered USA, and very much reduced the fraud cases worth a billion.
In a few years to come, the system will prevail around the world.
Motivation
Signal Processing of images in the form of currency notes and sending them to the system.
Embedded Systems in terms of all the hardware features involved.
Information security in terms of user’s financial data.
Domains involved in the project
Financial frauds keep increasing day by day whether they are cash frauds or credit card frauds.
There is very small chance of getting caught.
Why should we care?Because there is no preventive solution to
this problem.
The Problem
Our goal is to design a system which eliminates cash transactions by use of smart card (which aids in performance of transactions) instead of cash and keeps the user’s data intact by providing high security level.
Objective Of The FYP
Types of Cards: Magnetic Stripe Cards Proximity Cards (Contact less RFIDs) Smart Cards
Literature Review:
Why use Smart Cards in our system?
We will justify now why we prefer Smart Cards over other cards
Magnetic stripe of a magnetic-stripe card is composed of ferric (iron) material.
To store data, the magnetic property of the ferric material is modified.
The card requires physical contact by sweeping it inside the reader.
Cannot support multiple applications.
Literature Review: What are Magnetic-Stripe Cards?
Literature Review: Misuse of Magnetic Stripe Cards: Magnetic stripe Cards use magnetic stripe
technology. Illegal copies of magnetic stripe cards can
easily be made. Data on magnetic stripe cards can be easily
read, modified and copied.
Hence, this causes insecurity of financial information
Proximity Cards are cards that can read without inserting the card into the reader.
With some range, the card is held nearby the electronic reader and a beep indicates that the card is read.
An example of such a system is an RFID card which uses radio frequency EM waves to transfer data.
Also uses magnetic stripe. Cannot support multiple applications.
Literature Review: What are Proximity Cards:
Due to use of magnetic stripe technology in these cards also, card data is not encrypted.
No authentication mechanism in these cards.
Users get tracked. In the wireless transmission, card is easy to
mimic by recording the transmission and replaying it.
Hence, not reliable for monetary transactions
Literature Review: Misuse of Proximity Cards
It is a device made up of integrated circuits/microprocessors and can support multiple applications.
Encryption is present since cryptographic algorithms are applied.
Provide strong security for SSO, identification, application processing and data storage.
Hence, the smart card ensures security of data specially financial data.
Literature Review:What is a Smart Card?
Smart cards allow access to stored information only to authorized users whereas other cards provide lesser security.
Other cards store limited amount of data and that cannot be updated once issued.
Cost of smartcard reader is less than that of the magnetic stripes card reader.
Literature Review: Smart Card vs. Other Cards
The birth of smart cards began in Europe. Smart credit cards arrived in USA for the first time in 2010.
The fraud costs have significantly lowered in Europe because of smart-card based systems.
In few years, all systems will be replaced by smart card technology once economic barriers are overcome
Literature Review: Adoption of Smart Card
The FYP is a continuation of a previous year’s FYP called “Digital Wallet”.
A device was developed which enabled users to perform monetary transactions at local levels.
The device was not centralized and needed an accompanying PC, which increased the cost of the system.
Literature Review: Previous Work
No centralized database was maintained, leading to security issues and killing the purpose of using a smart card based system.
Literature Review: Previous Work
Our Approach
We overcome these problems in our FYP by creating a centralized database stored at the backend web server using SQL 2008.
This eliminates the need to use the extra PC, eliminating extra cost of the system.
We further use Standard Widget Toolkit for user interface implementation which is portable on all platforms instead of Swing/Abstract Windowing Toolkit.
How we overcome these problems?
Design And Implementation
ERD For Database Implementation
Entity-Relationship Diagram
Use Cases
Simple User Client Side
Admin-User
Flow Charts Generic Commands
Function 1: Account to Account
Client:{
“Message Type”: Money Transaction account to account “Command”: Cash transaction
“To Account”: User No.1 “From Account”: User No.2 “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 1: Account to Account
Server Acknowledgment
{ “Message Type”: Money Transaction account to account
“Command”: Cash transaction “To Account”: User No.1 “From Account”: User No.2 “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 1: Account to Account
Function 2: Cash Deposit
Client
{ “Message Type”: Money Transaction cash to account
“Command”: Cash transaction “To Account”: User No.1 “From Account”: currency detector “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 2: Cash Deposit
Server Acknowledgment
{ “Message Type”: Money Transaction cash to account
“Command”: Cash transaction “To Account”: User No.1 “From Account”: currency detector “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 2: Cash Deposit
Function 3: Cash Withdrawal
Client
{ “Message Type”: Money Transaction Account to cash
“Command”: Cash transaction “To Account”: currency detector “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 3: Cash Withdrawal
Server Acknowledgment:
{ “Message Type”: Money Transaction Account to cash
“Command”: Cash transaction “To Account”: currency detector “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 3: Cash Withdrawal
Function 4: Transaction Over The Counter
Client:
{ “Message Type”: Money Transaction Over the counter
“Command”: Cash transaction “To Account”: Merchant “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 4: Transaction Over The Counter
Server Acknowledgment
{ “Message Type”: Money Transaction Over the counter
“Command”: Cash transaction “To Account”: Merchant “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012
}
Function 4: Transaction Over The Counter
Final Flow Chart
User Interface Implementation
User Interface Implementation
User Interface Implementation
User Interface Implementation
User Interface Implementation
User Interface Implementation
public class Ro { Display display = new Display(); Shell shell = new Shell(display); Label label2; Text pincode; Text text; public Ro() { shell.setLayout(new GridLayout(2, false)); shell.setText("Login form");
Code( To Enter Pin)
label2=new Label(shell, SWT.NULL); label2.setText("Enter Pincode: "); pincode = new Text(shell, SWT.SINGLE | SWT.BORDER); System.out.println(pincode.getEchoChar()); pincode.setEchoChar('*'); pincode.setTextLimit(30);
Button button=new Button(shell,SWT.PUSH); button.setText("Submit"); button.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { String selected1=pincode.getText();
Code( To Enter Pin)
if(selected1==""){ MessageBox messageBox = new MessageBox(shell, SWT.OK | SWT.ICON_WARNING |SWT.CANCEL); messageBox.setMessage("Enter Pincode"); messageBox.open(); } else{ Rough n= new Rough(); /*MessageBox messageBox=new MessageBox(shell,SWT.OK|SWT.CANCEL); messageBox.setText("Login Form"); messageBox.setMessage("Welcome User"); messageBox.open();*/ } } });
Code( To Enter Pin)
pincode.setLayoutData(new GridData(GridData.FILL_HORIZONTAL)); shell.pack(); shell.open(); while (!shell.isDisposed()) { if (!display.readAndDispatch()) { display.sleep(); } } display.dispose(); } public static void main(String[] args) { new Ro(); } }
Code(To Enter Pin)
public class Rough {
public static void main(String[] args){ Rough thee=new Rough(); } public Rough() { final Shell shell = new Shell(); shell.setSize(250, 300); shell.setText("Transaction Type"); shell.open();
final Button opener = new Button(shell, SWT.PUSH); opener.setText("Settings"); opener.setBounds(20, 20, 50, 25);
‘Transaction Type’ Window(Code)
final Button opener1 = new Button(shell, SWT.PUSH); opener1.setText("Account to Account"); opener1.setBounds(20, 50, 120, 50); opener1.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }}); final Button opener2 = new Button(shell, SWT.PUSH); opener2.setText("Cash Withdrawal"); opener2.setBounds(20, 100, 120, 50); opener2.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }});
‘Transaction Type’ Window(Code)
final Button opener3 = new Button(shell, SWT.PUSH); opener3.setText("Cash Deposit"); opener3.setBounds(20, 150, 120, 50); opener3.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }}); final Button opener4 = new Button(shell, SWT.PUSH); opener4.setText("Pay Over The Counter"); opener4.setBounds(20, 200, 120, 50); opener4.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }});
‘Transaction Type’ Window(Code)
for(int i = 0; i < 3; i ++) { new Button(shell, (i % 2 == 0) ? SWT.RADIO : SWT.PUSH).setText("Button
" + i); new Text(shell, SWT.BORDER).setText("same size"); } final Shell dialog = new Shell(shell, SWT.APPLICATION_MODAL | SWT.DIALOG_TRIM); dialog.setText("Settings"); dialog.setSize(200, 100);
final Label label = new Label(dialog, SWT.NONE); label.setText("Click OK to proceed?"); label.setBounds(30, 5, 100, 20);
final Button okButton = new Button(dialog, SWT.PUSH); okButton.setBounds(20, 35, 40, 25); okButton.setText("OK");
‘Transaction Type’ Window(Code)
final Shell dialog1 = new Shell(shell, SWT.APPLICATION_MODAL
| SWT.DIALOG_TRIM); dialog1.setText("Account To Account"); dialog1.setSize(150, 100);
final Label label1 = new Label(dialog, SWT.NONE); label1.setText("Click OK to proceed?"); label1.setBounds(35, 5, 100, 20);
final Button button2 = new Button(dialog, SWT.PUSH);
button2.setBounds(20, 35, 40, 25); button2.setText("OK");
‘Transaction Type’ Window(Code)
Button cancelButton = new Button(dialog, SWT.PUSH); cancelButton.setBounds(70, 35, 40, 25); cancelButton.setText("Cancel");
final boolean[] response = new boolean[1]; response[0] = true;
Listener listener = new Listener() { public void handleEvent(Event event) { if (event.widget == okButton) { response[0] = true; } else { response[0] = false; } dialog.close(); } };
‘Transaction Type’ Window(Code)
okButton.addListener(SWT.Selection, listener); cancelButton.addListener(SWT.Selection, listener);
Listener openerListener = new Listener() { public void handleEvent(Event event) { dialog.open(); } };
opener.addListener(SWT.Selection, openerListener);
}}
‘Transaction Type’ Window(Code)
public class transaction{ public transaction(){ final Shell shell = new Shell(); shell.setLayout(new GridLayout()); shell.setText("Payment Options"); shell.setSize(200,250); final Group group1 = new Group(shell, SWT.SHADOW_IN); group1.setText("Choose An Amount To Pay:"); group1.setLayout(new RowLayout(SWT.VERTICAL)); new Button(group1, SWT.CHECK).setText("25 Rs"); new Button(group1, SWT.CHECK).setText("50 Rs"); new Button(group1, SWT.CHECK).setText("75 Rs"); new Button(group1, SWT.CHECK).setText("100 Rs"); new Button(group1, SWT.CHECK).setText("125 Rs"); new Button(group1, SWT.CHECK).setText("150 Rs"); shell.open(); } public static void main(String[] args) { transaction window = new transaction(); //window.open(); } }
Amount Entrance Code:
Completion of software by creating a backend database and a web server for transfer of messages between client and server (the database backbone is ready).
Hardware completion by interfacing all the components.
Future Work Methodology
Project Timeline
Project Timeline
A financial device that performs the following functions:
Account to Account Cash Transfer. Cash Deposit in an account. Cash Withdrawal from account. Authentication. Management of multiple users.
End Product Description
We plan to accomplish this system and remove the barriers that are present in the way of its market penetration.
The system will aid in reducing the financial fraud issues.
Conclusion:
http://en.wikipedia.org/wiki/Radio-frequency_identification
http://www.josephhall.org/tmp/mit_prox_vulns.pdf
http://www.smartcardalliance.org/resources/pdf/smart_cards_vs_mag_stripe_cards_122111.pdf
https://www.philadelphiafed.org/consumer-credit-and-payments/payment-cards-center/publications/discussion-papers/2002/SmartCard_042002.pdf
References:
http://www.sans.org/reading_room/whitepapers/authentication/identity-protection-smart-card-adoption-america_1122
http://www.smartcardalliance.org/resources/pdf/smart_cards_vs_mag_stripe_cards_122111.pdf
References:
Questions