srs-otp.docx

8/9/2019 SRS-OTP.docx

1/12

Project Name:

Student Name:

VU ID:


2/12

Introduction

What is OTP?

One-Time Password (OTP), a secure authentication system, provides an extra layer ofsecurity for sensitive data and information by requiring a six-digit password that is only valid

for one login This password, generated approximately every !" seconds, is provided to the

customer by a hardware authenticator device and is required in combination with a user name

and P#$

%uthenticator displaying a new password every !" seconds

&eb-interface for login using user name, P#$ and one-time password

Benefits

#ncreased security

%ccess to '-oulder *esearch 'omputing resources (as needed and assigned)

This software generates one time passwords by hashing the following data with +.

/ the current epoch-time in a /" second granularity

0 the 1-digit P#$ that a user enters

! a /2-hex-digit secret that has been created when the device was initiali3ed

&hen entering a P#$, it displays the first 2 digits of the +-hash This is the one time

password The password can be verified by the server, as the server also 4nows the current

time, #nit-5ecret and P#$ of the user To compensate time differences, the server will accept

passwords from ! minutes in the past to ! minutes in the future #n addition, different time

offsets can be specified for each user on the to4en and6or the server 7ach password will be

accepted only once %fter 8 successive failed authentication attempts a user gets loc4ed out

%uthentication is based on two factors. a P#$ 4nown by the user and the #nit-5ecret stored on

the mobile device

Project Purpose

% 5ecure processing system is a security system that tells online retailers that the user is a

genuine cardholder when shops online #t allows user or a customer to use personal password

to confirm his identity and protect his6her credit card when the card is used on the #nternet,

providing greater reassurance and security #t improves the security of #nternet payments

The ob9ective of the proposed system is to ma4e online transaction more efficient to the user

who uses the website and shops online This will have a positive impact on user profitability

To ma4e on-line shopping even simpler and safer, a secure processing system is being

introduced uring the online transaction process, the +erchants payment systems will

connect to the secure processing system to carry out security, fraud and validity chec4s and


3/12

subsequently authori3e and ta4e the payment #t improves the security of #nternet payments

To meet the business requirements, the proposed system incorporates the following features.

: 'onfidentiality of information

: #ntegrity of data: 'ardholder authentication

: +erchant authentication

Scope

Transaction processing within an ecommerce environment, is the process of an online shop

or ecommerce website accepting and processing a customer;s credit or debit card payment

online and in real-time, in return for goods or services

'reates consumer preference to buy at online store

7ducates customers and raises their comfort level with secure processing system

%uthentication messaging helps prepare the customers for the authentication process

% dynamic password enhances consumer confidence

'ardholder alerts and avoids disruption in the transaction process and ensures the sale

completes

%pplicability

#t is critical that the payment gateway user choose supports basic fraud detection and that all

required authentication measures are in place erification 5ystem authenticates a credit card purchase based on the billing

address

: The 'ard >erification >alue supplying code in a transaction is intended to verify that the

customer has the card in their physical possession

enefits and goals.

enefits for 'ardholder

: #ncreased consumer confidence when purchasing on the #nternet

: $o special application software is needed at the cardholder access device (unless cardholder

uses chip card)

: 7asy to use


4/12

: 'ontrol over card use for online purchases

Benefits for Merchants

7ase of integration into merchant legacy systems

: +inimal impact on merchant;s interaction with consumer

: #ncreased sales by enhancing consumer confidence in online purchasing

: *educed ris4 of fraudulent transactions

: ecrease in disputed transactions

The secure processing system ta4es the submitted billing information from user customer;s

computer, through secure server, and on to his merchant account at a processing ban4 The

gateway transaction is seamless and invisible to the customer, but to those concerned about

security, it is anything but invisible Thus it reduce the ris4 of fraudulent transactions

Thus the benefits and goal of the proposed system is.

: *educed ris4 of fraudulent transactions

: ecrease in disputed transactions

: #ncreased consumer confidence when purchasing on the #nternet

: $o special application software is needed at the cardholder access device

: 7asy to use

: 'ontrol over card use for online purchases

unctiona! "e#uirements

User Interface

ront $nd:


5/12

@5P is a widely used general-purpose scripting language that is especially suited for &eb

development #n our proposed system @5P is the server side scripting language

(!ient)side scriptin&:

'lient-side scripting generally refers to the class of computer programs on the web that areexecuted client-side, by the user?s web browser, instead of server-side (on the web

server)This type of computer programming is an important part of the ynamic =T+A

(=T+A) concept, enabling web pages to be scriptedB that is, to have different and changing

content depending on user input, environmental conditions (such as the time of day), or other

variables

Bac* end:

Data+ase Ser%er:

+y5CA - +y5CA stands for D+y 5tructured Cuery AanguageD The program runs asa server providing multi-user access to a number of databases

+y5CA 7nterprise 5erver software is the most reliable, secure and up-to-date version

of +y5CA for cost-effectively delivering 7-commerce, Online Transaction Processing

(OATP), and multi-terabyte ata &arehousing applications

#t is a fully integrated transaction-safe, %'# compliant database with full commit,

rollbac4, and crash recovery and row level loc4ing capabilities

+y5CA delivers the ease of use, scalability, and performance that has made +y5CA

the world?s most popular open source database

+y5CA is the most common language used for accessing a database #t has been in

use for many years by many database vendors +any consider it the best database

language to use

+y5CA is a language which consists of a set of commands that we use to create,

ma4e changes to, and retrieve data from a database these commands can be issued

through a Eraphical ser #nterface or by embedding them in a computer program that

we write

To allow access to the database through web site, we will need to create 'ommon Eateway

#nterface scripts These scripts are small computer programs which run on the webhosting

server and are activated by clic4ing on a lin4 or a button in a web page This will allow users

of the web site to interact with the web site in a more meaningful manner

#n +y5CA we can create tables to hold the data and loading them with the desired

information Then we can answer different sorts of questions by retrieving data from the

tables &e can perform the following operations.

'reate a database

'reate a table

Aoad data into the table

*etrieve data from the table in various ways

se multiple tables


6/12

Non unctiona!

SOTW,"$ "$-UI"$M$NTS

Operating 5ystem. &indows FP

Aanguage. @%>%, @077

*am . /0 +b *am

+other oard . 81gvm #ntel 'hipset

=ard is4 . 8"E

+onitor . /GH 'olor +onitor

Ieyboard . 5tandard /"0 Ieys

+ouse . Optical mouse

Methodo!o&/

Waterfa!! Mode!

The waterfall model is a sequential software development process, in which progress is seen

as flowing steadily downwards (li4e a waterfall) through the phases of 'onception, #nitiation,

%nalysis, esign (validation), 'onstruction, Testing and maintenance

#n &aterfall model, the following phases are followed in order.

/ *equirements

0 %nalysis

! 5ystem and software esign1 Testing

'oding

2 +aintenance 6%cceptation


7/12

To follow the waterfall model, one proceeds from one phase to the next in a purely sequential

manner


8/12

defining overall system architecture The system design specifications serve as input for the

next phase of the model

51 (odin&: On receiving system design documents, the wor4 is divided in modules6units

and actual coding is started The system is first developed in small programs called units,

which are integrated in the next phase 7ach unit is developed and tested for itsfunctionalityB this is referred to as nit Testing nit testing mainly verifies if the

modules6units meet their specifications and then the coding started

61 Inte&ration 2 S/stem Testin&. The system is first divided in units which are developed

and tested for their functionalities These units are integrated into a complete system during

#ntegration phase and tested to chec4 if all modules6units coordinate between each other and

the system as a whole behaves as per the specifications %fter successfully testing of the

software, it is delivered to the customer

71 ,cceptance 2 Maintenance: This phase of DThe &aterfall +odelD is virtually neverending phase (>ery long) Eenerally, problems with the system developed (which are not

found during the development life cycle) come up after its practical use starts, so the issues

related to the system are solved after deployment of the system $ot all the problems come

in picture directly but they arise time to time and needs to be solvedB hence this process is

referred as +aintenance

Thus the waterfall model maintains that one should move to a phase only when it;s

preceding phase is completed and perfected

The waterfall model has many attractive features.

'learly defined deliverables at the end of each phase, so that the client can

ta4e decisions on continuing the pro9ect

#ncremental resource commitment The client does not have to ma4e a full

commitment on the pro9ect at the beginning

#solation of the problem early in the process


9/12


10/12

Use (ase Dia&rams


11/12


12/12

Wor* P!an

Wee* 0 3 5 6 7 8 9 ;

(riti#ue 0

Proposal

'ontent evelopmentniversity

(riti#ue 3

Pro9ect evelopment

Prototype

Programming

#nterface esign

(riti#ue 5

5ystem #ntegrationTesting K ebugging

eployment K #mplementation

srs-otp.docx

Documents