©1996-2009 Roedy Green, Canadian Mind Products
This project outline is not like the artificial tidy problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project, and research the information yourself to solve them.
Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.
Though I am a programmer, I don’t do people’s homework for them. That just robs them of an education.
You have my full permission to implement this project in any way you please and to keep all the profits from your endeavor.
It might work like this. Joshua Smashem of Smashem & Dye telephones you and
claims to be an agent for Mastercard. You say “Do you have Tel-ID (pronounced
Tell-Eye-Dee) to verify that?” You then each hit a button on your computer.
Your phone line goes dead for a few seconds while modems exchange information.
And your screen says:
“name: Joshua Smashem
Role: barrister and solicitor and squeezer of blood from stones
Company: Smashem & Dye
agent for: MasterCard, Visa, American Express.
phoning from: (555) 555-1212.
mailing address: 123 Rue St. Denis, Montréal QC, Canada H8G 3P5
ID: 987-364-123-238
issuer: Thawte” Depending on which key you hit, Mr. Smashem might
also get a similar message identifying you.
Also consider phoning your bank. They have no way of knowing you are truly you, so won’t even tell you your balances. Even if you are lucky enough to have a bank where they know you, employees are prevented by general policy from trusting that you are who you say you are. They need a legal way to be extremely sure you are whom you claim to be.
When you hit the button, Mr. Smashem sends you a copy of his public certificate using a BusTel-like protocol. Your computer can verify it is valid by checking the Thawte digital signature. This just proves it is a valid certificate, not necessarily one belonging to the person on the end of the line. Your computer then sends Mr. Smashem’s computer a random challenge phrase to be encrypted with his private key. His computer then sends the encrypted version back. You decrypt it with his public key. If you get back where you started, you know that whomever you are talking to has access to Mr. Smashem’s computer (or Java-equipped cellphone) containing his private key.
Note that only the person attempting to prove his identity needs a certificate. The other end just needs some free verification software.
You could also implement this without using the BusTel technique (which requires a modem to break into the phone conversation). You exchange the messages over the Internet with UDP, TCP/IP or via a webserver or even an email.
The phone company provides caller-id. If you monitor that, you can further check that Mr. Smashem is calling from one of his registered phone numbers. This protects you against a hacker who electronically breaks into Mr. Smashem’s computer and steals his private keys. Most modems have the ability to monitor the 1200 BPS caller id bursts that come before you pick up the phone.
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/project/telid.html | J:\mindprod\project\telid.html | |
 |  Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
 | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.191.102] | |
| Feedback | You are visitor number 11. | |
