Secure Electronic Applications

Secure Electronic Applications

Secure Electronic Applications

Minutes of 5th Final Year Project Meeting

Date: 12 November 2001

Time: 16:41

Venue: Room 312, CYC Building

Attendants: Dr. L. Hui, Chan Ching Ching, Chan Kit Lai, Cheung Lai Sze, Chung Wai Yan, Yuen Sze Ling

  1. Report on the search of “E-payment” method:
  2. Metered payment: charge customers in electricity bills, water bills, etc.
  3. Credit card payment
  4. E-cash, E-cheque

Dr Hui’s reply:

(1) consider the technology needed?

It is similar to SET (Secure Electronic Transaction) another issue, not much within our scope.

(2) we can incorporate the servers like 3-tier architecture

Consider protocols such as web protocols, FTP, open socket.

  1. Question raised: technologies such as SET and SLL appeared in our search and their cost to implement is a concern.

Dr. Hui’s reply:

(1)Theoretically, another server (like virtual bank) should be implemented to simulate the receive of payment in a payment system. It should be linked up with a database. Practically, since the operation is not within our scope, we should only implement a sample transaction protocol to indicate the transfer of payment is successful.

(2)SET is not suggested to use because of its complexity and it is not related to our project. Instead, we should write a primitive socket program to run SSL. Secure communication should be ensured but encryption of data is not needed.

(3)with reference to the payment via electricity/water bills, we can duplicate the interfaces for individual utility payment method. Therefore, besides credit card payment, we can have one more payment method.

(4)For the PKI, try to implement in the second semester, when the project prototype is built. If the E-payment is implemented successfully, E-cheque can be implemented (try), but not PKI.

(5)If credit card payment is used, no need to investigate its business logic.

(6)We should consider the technical risk of implementing the above technologies.

  1. Dr. Hui suggested we can spare some time to do a literature survey (written report to support the system we are implementing) to attach with our implementation. Beware it should be a substantial part. Also, we can compare the E-payment methods (e.g. discuss what the companies use).

4. Question raised: Any reference materials recommend us to read/work on?

Dr. Hui’s reply:

(1)socket programming

(2)SET client, merchant, and server software (e.g. API)

Meeting adjourned at 17:10.

Next meeting will be held at 16:30 on 26 November 2001 (Monday) in Room 312, CYC Building.