This essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have prepared to help you is right here.
This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project and research the information yourself to solve them.
Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.
Though I am a programmer by profession, I don’t do people’s homework for them. That just robs them of an education.
You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.
Please do not email me about this project without reading the disclaimer above.
It might work like this. Joshua Smashem of Smashem & Dye telephones you and claims
to be an agent for Mastercard. You say Do you have Tel-ID
(pronounced Tell-Eye-Dee) to verify
that? You then each hit a button on your computer. Your phone line goes dead for a
few seconds while modems exchange information. And your screen says:
“name: Joshua Smashem
rôle : barrister and solicitor and squeezer of blood from stones
Company: Smashem & Dye
agent for: MasterCard, Visa, American Express.
phoning from: (555) 555-1212.
mailing address: 123 Rue St. Denis, Montréal QC, Canada H8G 3P5
issuer: Thawte” Depending on which key you hit, Mr. Smashem might also get a similar message identifying you.
Also consider phoning your bank. They have no way of knowing you are truly you, so won’t even tell you your balances. Even if you are lucky enough to have a bank where they know you, employees are prevented by general policy from trusting that you are who you say you are. They need a legal way to be extremely sure you are whom you claim to be.
When you hit the button, Mr. Smashem sends you a copy of his public certificate using a BusTel-like protocol. Your computer can verify it is valid by checking the Thawte digital signature. This just proves it is a valid certificate, not necessarily one belonging to the person on the end of the line. Your computer then sends Mr. Smashem’s computer a random challenge phrase to be encrypted with his private key. His computer then sends the encrypted version back. You decrypt it with his public key. If you get back where you started, you know that whomever you are talking to has access to Mr. Smashem’s computer (or Java-equipped cellphone) containing his private key.
Note that only the person attempting to prove his identity needs a certificate. The other end just needs some free verification software.
You could also implement this without using the BusTel technique (which requires a modem to break into the phone conversation). You exchange the messages over the Internet with UDP (User Datagram Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol) or via a webserver or even an email.
The phone company provides caller-id. If you monitor that, you can further check that Mr. Smashem is calling from one of his registered phone numbers. This protects you against a hacker who electronically breaks into Mr. Smashem’s computer and steals his private keys. Most modems have the ability to monitor the 1200 BPS (Bits Per Second) caller id bursts that come before you pick up the phone.
This page is posted
Optional Replicator mirror
Your face IP:[184.108.40.206]
You are visitor number|