The Appraiser

This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. It does not describe an actual complete program. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; I have too many other projects of my own.

I do contract work for a living, which could include writing a program such as this. However, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project any way you please.

Introduction

This is a tool for appraisers of jewelry, houses, cars, horses etc. The problem with a written appraisal is there is no way to know just by looking at it if it is genuine. To be sure, the buyer has to contact the appraiser, and check. There is possibility for fraud in counterfeit appraisals, totally bogus appraisals, in setting up phony appraisers or people who masquerade as known legitimate appraisers.

The idea is to use digital signing to validate appraisals.

How It Works

The signing authority issues digital certificates to appraisers, charging them a fee. The digital certificate they receive attests to the qualifications they claim, and to the identity they claim. It is otherwise almost identical to a Java code-signing private/public key certificate you would buy from Thawte. The appraisers digitally sign their appraisals with their certificate’s private key. The appraisal may contain text, HTML, images, a date, and of course a dollar figure.

People who have had their homes appraised for example, could get a yearly update purely electronically. Electronic appraisals would have an official expiry date.

To validate an electronic appraisal, you get the seller to email it to you. You run a Java Web Start validator program that downloads its code from the signing authority. That code then does the verification. It does not need on-line access to either the signing authority or the appraiser to work. It would easily fit into a laptop, but probably not a hand-held just yet.

The validation program verifies the electronic signature and can assure you that the appraisal was indeed made by that appraiser, and some details about that appraiser’s qualifications.

Revocation

Let us say some years down the road somebody stole a copy of an appraiser’s private key certificate or even figured out how to crack the system entirely. Because the client program is Java Web Start, it would soon know about the problem, and could request more secure replacement appraisals for any it hand on file.

Fraud

The simplest fraud is to offer to validate the appraisal using phony software that looks like the real thing. Always use your own computer to validate appraisals.
Always use your own copy of the software to validate appraisals.
Always use your own Internet connection to get software updates.

	Please email your feedback for publication, errors, omissions, broken/redirected link reports and suggestions to improve this page to Roedy Green :
	Canadian Mind Products
	mindprod.com IP:[65.110.21.43]
	Your face IP:[38.103.63.17]	The information on this page is for non-military use only.
	You are visitor number 4,324.	Military use includes use by defence contractors.
	You can get a fresh copy of this page from:	or possibly from your local J: drive (Java virtual drive/Mindprod website mirror)
	http://mindprod.com/project/appraiser.html	J:\mindprod\project\appraiser.html