srs-otp.docx
TRANSCRIPT
-
8/9/2019 SRS-OTP.docx
1/12
Project Name:
Student Name:
VU ID:
-
8/9/2019 SRS-OTP.docx
2/12
Introduction
What is OTP?
One-Time Password (OTP), a secure authentication system, provides an extra layer ofsecurity for sensitive data and information by requiring a six-digit password that is only valid
for one login This password, generated approximately every !" seconds, is provided to the
customer by a hardware authenticator device and is required in combination with a user name
and P#$
%uthenticator displaying a new password every !" seconds
&eb-interface for login using user name, P#$ and one-time password
Benefits
#ncreased security
%ccess to '-oulder *esearch 'omputing resources (as needed and assigned)
This software generates one time passwords by hashing the following data with +.
/ the current epoch-time in a /" second granularity
0 the 1-digit P#$ that a user enters
! a /2-hex-digit secret that has been created when the device was initiali3ed
&hen entering a P#$, it displays the first 2 digits of the +-hash This is the one time
password The password can be verified by the server, as the server also 4nows the current
time, #nit-5ecret and P#$ of the user To compensate time differences, the server will accept
passwords from ! minutes in the past to ! minutes in the future #n addition, different time
offsets can be specified for each user on the to4en and6or the server 7ach password will be
accepted only once %fter 8 successive failed authentication attempts a user gets loc4ed out
%uthentication is based on two factors. a P#$ 4nown by the user and the #nit-5ecret stored on
the mobile device
Project Purpose
% 5ecure processing system is a security system that tells online retailers that the user is a
genuine cardholder when shops online #t allows user or a customer to use personal password
to confirm his identity and protect his6her credit card when the card is used on the #nternet,
providing greater reassurance and security #t improves the security of #nternet payments
The ob9ective of the proposed system is to ma4e online transaction more efficient to the user
who uses the website and shops online This will have a positive impact on user profitability
To ma4e on-line shopping even simpler and safer, a secure processing system is being
introduced uring the online transaction process, the +erchants payment systems will
connect to the secure processing system to carry out security, fraud and validity chec4s and
-
8/9/2019 SRS-OTP.docx
3/12
subsequently authori3e and ta4e the payment #t improves the security of #nternet payments
To meet the business requirements, the proposed system incorporates the following features.
: 'onfidentiality of information
: #ntegrity of data: 'ardholder authentication
: +erchant authentication
Scope
Transaction processing within an ecommerce environment, is the process of an online shop
or ecommerce website accepting and processing a customer;s credit or debit card payment
online and in real-time, in return for goods or services
'reates consumer preference to buy at online store
7ducates customers and raises their comfort level with secure processing system
%uthentication messaging helps prepare the customers for the authentication process
% dynamic password enhances consumer confidence
'ardholder alerts and avoids disruption in the transaction process and ensures the sale
completes
%pplicability
#t is critical that the payment gateway user choose supports basic fraud detection and that all
required authentication measures are in place erification 5ystem authenticates a credit card purchase based on the billing
address
: The 'ard >erification >alue supplying code in a transaction is intended to verify that the
customer has the card in their physical possession
enefits and goals.
enefits for 'ardholder
: #ncreased consumer confidence when purchasing on the #nternet
: $o special application software is needed at the cardholder access device (unless cardholder
uses chip card)
: 7asy to use
-
8/9/2019 SRS-OTP.docx
4/12
: 'ontrol over card use for online purchases
Benefits for Merchants
7ase of integration into merchant legacy systems
: +inimal impact on merchant;s interaction with consumer
: #ncreased sales by enhancing consumer confidence in online purchasing
: *educed ris4 of fraudulent transactions
: ecrease in disputed transactions
The secure processing system ta4es the submitted billing information from user customer;s
computer, through secure server, and on to his merchant account at a processing ban4 The
gateway transaction is seamless and invisible to the customer, but to those concerned about
security, it is anything but invisible Thus it reduce the ris4 of fraudulent transactions
Thus the benefits and goal of the proposed system is.
: *educed ris4 of fraudulent transactions
: ecrease in disputed transactions
: #ncreased consumer confidence when purchasing on the #nternet
: $o special application software is needed at the cardholder access device
: 7asy to use
: 'ontrol over card use for online purchases
unctiona! "e#uirements
User Interface
ront $nd:
-
8/9/2019 SRS-OTP.docx
5/12
@5P is a widely used general-purpose scripting language that is especially suited for &eb
development #n our proposed system @5P is the server side scripting language
(!ient)side scriptin&:
'lient-side scripting generally refers to the class of computer programs on the web that areexecuted client-side, by the user?s web browser, instead of server-side (on the web
server)This type of computer programming is an important part of the ynamic =T+A
(=T+A) concept, enabling web pages to be scriptedB that is, to have different and changing
content depending on user input, environmental conditions (such as the time of day), or other
variables
Bac* end:
Data+ase Ser%er:
+y5CA - +y5CA stands for D+y 5tructured Cuery AanguageD The program runs asa server providing multi-user access to a number of databases
+y5CA 7nterprise 5erver software is the most reliable, secure and up-to-date version
of +y5CA for cost-effectively delivering 7-commerce, Online Transaction Processing
(OATP), and multi-terabyte ata &arehousing applications
#t is a fully integrated transaction-safe, %'# compliant database with full commit,
rollbac4, and crash recovery and row level loc4ing capabilities
+y5CA delivers the ease of use, scalability, and performance that has made +y5CA
the world?s most popular open source database
+y5CA is the most common language used for accessing a database #t has been in
use for many years by many database vendors +any consider it the best database
language to use
+y5CA is a language which consists of a set of commands that we use to create,
ma4e changes to, and retrieve data from a database these commands can be issued
through a Eraphical ser #nterface or by embedding them in a computer program that
we write
To allow access to the database through web site, we will need to create 'ommon Eateway
#nterface scripts These scripts are small computer programs which run on the webhosting
server and are activated by clic4ing on a lin4 or a button in a web page This will allow users
of the web site to interact with the web site in a more meaningful manner
#n +y5CA we can create tables to hold the data and loading them with the desired
information Then we can answer different sorts of questions by retrieving data from the
tables &e can perform the following operations.
'reate a database
'reate a table
Aoad data into the table
*etrieve data from the table in various ways
se multiple tables
-
8/9/2019 SRS-OTP.docx
6/12
Non unctiona!
SOTW,"$ "$-UI"$M$NTS
Operating 5ystem. &indows FP
Aanguage. @%>%, @077
*am . /0 +b *am
+other oard . 81gvm #ntel 'hipset
=ard is4 . 8"E
+onitor . /GH 'olor +onitor
Ieyboard . 5tandard /"0 Ieys
+ouse . Optical mouse
Methodo!o&/
Waterfa!! Mode!
The waterfall model is a sequential software development process, in which progress is seen
as flowing steadily downwards (li4e a waterfall) through the phases of 'onception, #nitiation,
%nalysis, esign (validation), 'onstruction, Testing and maintenance
#n &aterfall model, the following phases are followed in order.
/ *equirements
0 %nalysis
! 5ystem and software esign1 Testing
'oding
2 +aintenance 6%cceptation
-
8/9/2019 SRS-OTP.docx
7/12
To follow the waterfall model, one proceeds from one phase to the next in a purely sequential
manner
-
8/9/2019 SRS-OTP.docx
8/12
defining overall system architecture The system design specifications serve as input for the
next phase of the model
51 (odin&: On receiving system design documents, the wor4 is divided in modules6units
and actual coding is started The system is first developed in small programs called units,
which are integrated in the next phase 7ach unit is developed and tested for itsfunctionalityB this is referred to as nit Testing nit testing mainly verifies if the
modules6units meet their specifications and then the coding started
61 Inte&ration 2 S/stem Testin&. The system is first divided in units which are developed
and tested for their functionalities These units are integrated into a complete system during
#ntegration phase and tested to chec4 if all modules6units coordinate between each other and
the system as a whole behaves as per the specifications %fter successfully testing of the
software, it is delivered to the customer
71 ,cceptance 2 Maintenance: This phase of DThe &aterfall +odelD is virtually neverending phase (>ery long) Eenerally, problems with the system developed (which are not
found during the development life cycle) come up after its practical use starts, so the issues
related to the system are solved after deployment of the system $ot all the problems come
in picture directly but they arise time to time and needs to be solvedB hence this process is
referred as +aintenance
Thus the waterfall model maintains that one should move to a phase only when it;s
preceding phase is completed and perfected
The waterfall model has many attractive features.
'learly defined deliverables at the end of each phase, so that the client can
ta4e decisions on continuing the pro9ect
#ncremental resource commitment The client does not have to ma4e a full
commitment on the pro9ect at the beginning
#solation of the problem early in the process
-
8/9/2019 SRS-OTP.docx
9/12
-
8/9/2019 SRS-OTP.docx
10/12
Use (ase Dia&rams
-
8/9/2019 SRS-OTP.docx
11/12
-
8/9/2019 SRS-OTP.docx
12/12
Wor* P!an
Wee* 0 3 5 6 7 8 9 ;
(riti#ue 0
Proposal
'ontent evelopmentniversity
(riti#ue 3
Pro9ect evelopment
Prototype
Programming
#nterface esign
(riti#ue 5
5ystem #ntegrationTesting K ebugging
eployment K #mplementation