image provider



This essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have prepared to help you is right here.

This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project and research the information yourself to solve them.

Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.

Though I am a programmer by profession, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.

Please do not email me about this project without reading the disclaimer above.

The Problem

Lets say an unfamiliar voice phones you and claims to be: How do you know they are telling the truth? How do you know they are whom they claim to be? Telephone scams and pranks are ever more common.

The Solution

You might think my BusTel project would be just the ticket. The problem with BusTel is there is nothing to prevent people from creating totally fake electronic business cards. However, its delivery technology for a secure business card, likely will form part of the solution.

It might work like this. Joshua Smashem of Smashem & Dye telephones you and claims to be an agent for Mastercard. You say Do you have Tel-ID (pronounced Tell-Eye-Dee) to verify that? You then each hit a button on your computer. Your phone line goes dead for a few seconds while modems exchange information. And your screen says:
“name: Joshua Smashem
rôle : barrister and solicitor and squeezer of blood from stones
Company: Smashem & Dye
agent for: MasterCard, Visa, American Express.
phoning from: (555) 555-1212.
mailing address: 123 Rue St. Denis, Montréal QC, Canada H8G 3P5
ID: 987-364-123-238
issuer: Thawte”
Depending on which key you hit, Mr. Smashem might also get a similar message identifying you.

Also consider phoning your bank. They have no way of knowing you are truly you, so won’t even tell you your balances. Even if you are lucky enough to have a bank where they know you, employees are prevented by general policy from trusting that you are who you say you are. They need a legal way to be extremely sure you are whom you claim to be.


First you need a company like Thawte to issue a new kind of digital certificate. It is much like a Java coding certificate, but it contains the additional identification information. Like a code-signing certificate, it has a private key known only by the owner and a public key visible to everyone. The certificate is digitally signed by Thawte. Unfortunately, this certificate will be quite expensive since Thawte would need to verify all that information. The cost of the certificate is essentially the cost of verifying the attested information.

When you hit the button, Mr. Smashem sends you a copy of his public certificate using a BusTel-like protocol. Your computer can verify it is valid by checking the Thawte digital signature. This just proves it is a valid certificate, not necessarily one belonging to the person on the end of the line. Your computer then sends Mr. Smashem’s computer a random challenge phrase to be encrypted with his private key. His computer then sends the encrypted version back. You decrypt it with his public key. If you get back where you started, you know that whomever you are talking to has access to Mr. Smashem’s computer (or Java-equipped cellphone) containing his private key.

Note that only the person attempting to prove his identity needs a certificate. The other end just needs some free verification software.

You could also implement this without using the BusTel technique (which requires a modem to break into the phone conversation). You exchange the messages over the Internet with UDP (User Datagram Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol) or via a webserver or even an email.

The phone company provides caller-id. If you monitor that, you can further check that Mr. Smashem is calling from one of his registered phone numbers. This protects you against a hacker who electronically breaks into Mr. Smashem’s computer and steals his private keys. Most modems have the ability to monitor the 1200 BPS (Bits Per Second) caller id bursts that come before you pick up the phone.


To implement identification verification, you have all the mechanisms for high quality encrypting. So you could also use the system to send short messages that only the true recipient could read, e.g. credit card numbers. It might be useful for ordering things by phone, where you need to transmit part numbers, or other things difficult to get right by voice.


You can cook up your own interim certificate and certificate-creating software using the light-weight public key cryptography in the Transporter. You can implement this even in the tiny Javas available for cellphones. Alternatively, you can use JCE (Java Cryptography Extension), but that is only available on desktops. You might even go into the lucrative business of issuing the certificates. To get the idea seeded, you will likely need to give a ton of it away and swallow the costs of verification.

This page is posted
on the web at:

Optional Replicator mirror
on local hard disk J:

Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number