|
|
Thanks, I'll try that and give you a feedback.
|
|
|
|
|
Hello guys. How are you doing?
I am going to do my Senior Project on SMS Banking or Mobile Banking (but too limited scope). Currently in our country,none of the banks use this method,even there is no internet banking.
Here is the idea how I planned to do the project with 2 of my friends.
- Currently, College students who study abroad needs money to be sent from their parents every month which will cover expenses. So when the parents send the money, they will go to bank fill a bulk of forms then it will be send to a bank which is near to the student. The amount is drawn either from the parent's account or direct cash.
Take the following cases in mind
1) It takes time.
2)The student is not expected to have an account. s/he is expected to have an ID only.
3)The parents might be busy to go to the bank and fill the form. Since it is a must, they should have to go to send the money. But they might be loosing something (may be their Golden time on work)
So the purpose of my project is to make it fast, easy, more secured so that the money will be transfered using the parents mobile (Here there will be a mobile application which will send the data of the filled form to a central server where the parent's account is located)............... Then after authentication (Which will be more SECURED) ...... The server will send an encrypted ID (which contain a the data of the parent , the amount, the student, etc ....) to the parent's cellphone (which is encrypted). So that the Parent will send this ID to his Son/Daughter and the Son/Daughter is expected to go with this ID AND with his Student ID Show to the bank's responsible person,............. When the the responsible person get the ID , he enters in to the system ... it will be then decrypted so that the original information will be retrieved.
This is the plan I wanted to do my senior project. I found that GSM modem is a must (which will act as a telephone on the server side to accept incoming SMS messages) in order to accomplish this task. I also found a software which I can write a code to the mobile application which is platform independent and I planned to use C# for authentication on the server side.
If you have any idea, please help me. Thank you.
|
|
|
|
|
Encryption is not a good idea (for sending back the message). What would you use as encryption key? The ID of the student? That's easily obtained through social engineering, and may even not be a private thing in most schools.
Also, if you have to encrypt all the data about the transaction, the encrypted string will be long and difficult to remember. On top of that, students will soon have a collection of 'encrypted' messages, together with their keys, and the unencrypted data. They'll soon pool these together, and reverse-engineer your encryption scheme.
Furthermore, your scheme offers no opportunity for the paying bank to clear the transactions. What if a student goes round twice with the same message at two different branches?
It's better to have a central server, that distributes unique 'transaction keys', which point to transaction data on the server. (a 13-14 digit number seems to be the biggest that people can dictate and jot down without errors). No duplicates of course, and the digits must be seemingly random. This has the advantage that, if a transaction is intercepted, it will only harm that transaction, and no others. It is also an unbreakable scheme, but it requires paying banks to have access to the central server, in order to retrieve the information. It also allows the paying banks to claim the money from the parent's bank, and to mark the transaction as payed, so it cannot be claimed twice.
|
|
|
|
|
I will not use students’ ID. When I said ID it is kind of collection of strings (some from the name, from the branch, from his parents name and others, including even the date (I will have some random picking of this strings by different mechanisims which I will use as an encryption , so that the decryption will be processed by a reverse mechanism)) Even if it is long, the user , either the parents or the student will write it on paper , so that it will be neither forgotten nor easy to break. By the way students and the parents will not know the unencrypted or decrypted data. Even if they go to the bank with a fake ID, how do you think it will be stored on the system? I mean the parents didn’t sent anything and neither the bank stored that data.
And I forgot to mention about deleting the transaction after it is completed (which will avoid claiming of transaction twice). It is done when the student gets his cash. It is also possible to notify the parents whether their child get the money or not. Is that makes sense?
Because of the problem of technology in our country, to have a central server is unimaginable.
Thank you for your response.
|
|
|
|
|
CoderForEver wrote: to have a central server is unimaginable
Well, you still need it for clearing the transaction, and for verifying the transaction exists 
This was the whole argument for keeping 'cheques': A cheque was a difficult to duplicate, uniquely numbered piece of paper. As long as central servers were not practical, they provided a clearing mechanism which was based on physical evidence. As soon as the evidence is electronic, and by definition allows copying without data loss, clearing HAS to be done through a central server.
Your system of picking pieces of strings from various bits of information is well-known by old programmers like myself. It was used for example by tour-operators to check the validity of voucher claims entered by hotels and transportation companies. But it was not fail-safe. We used it because the paying departments didn't have access to online terminals, and still had to dispatch payments. (Waiting for the weekly batch processing was not an option). It is a typical example of security by obscurity, which is a bad practice nowadays. (In those days, most people had never heard of a computer, much less had access to one, so it didn't matter so much.)
It also provides an opportunity for key collision. Once your encryption algorithm starts omitting data from the key or the data, it becomes a hashing algorithm, and cannot guarantee uniqueness any more.
Do telephone operators sell pre-paid rechargeable cards in your country? I suppose they do.
Well here if you want to recharge your phone, you go to local phone shop, and you buy credit from an operator. The cashier punches in the amount, and the cash register requests a 13-digit number from the operator network. This is then printed on your receipt. And this is the number you send to your mobile operator to claim the credit on your phone. Your phone is then topped up, and the transaction is cleared.
This is a typical example of an easily duplicated piece of evidence, which can still be only used once. It ALWAYS requires a central server. Breaking it is impossible, because it is impossible to guess a valid, active transaction number.
Sending a message back to the parents? Sure why not, but how long are you going to wait before sending a no-claim message? and will this no-claim message cancel the transaction?
|
|
|
|
|
Oh, sorry. When I mention about central server, I think I wrote the wrong idea. So, yes they do have a central server.
The idea of the telephone operators sounds nice. It works in our country, once up on a time it had a problem which is fixed now (the problem was, if you take one card and when u send to the mobile operator and at the same time your friend is doing the same thing but both of you are using only on card, both of you will get the amount at the card. i.e by concurrency you faked the operator. But this time, even if I dont know they did it, the problem is fixed).
About the claim, I hope I will wait may be up to 2 or 3 days for the student to take the cash. If not the amount will be transfered back to the parent's account. I think it is a good idea, isnt it?
About the encryption, can you tell me the best algorithm for this one, or recommend me free book or sites to read it.
Thank you Michel.
|
|
|
|
|
CoderForEver wrote: by concurrency you faked the operator
Probably because their central server had some bugs 
CoderForEver wrote: If not the amount will be transfered back to the parent's account
Be carefull with those things. Once you enter the wonderful world of online banking, local regulations may apply. I'm not sure if banks in your country can (or will) reverse a transaction which has not been opposed by the initiating party. There may be rules regarding the the validity and expiry date of the transaction, and since you will be introducing a new form of payment, you will be exploring uncharted legal territory. Now since this a senior project, this will not matter much (you'll be building a prototype) but if you pursue this project further later, you should get legal advice.
Regarding encryption and signing, you stand no chance of having your project adopted (by the banks) if you don't have at least 2-factor authentication. (something you own - something you know)http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci992919,00.html[^]
What banks use in my country for GSM payments is as follows: The bank assigns you a personal certificate, which is stored on the SIM card chip (this requires cooperation of the mobile operators, who distribute the SIM cards, and must allow the certificate to be stored there) this certificate (on the chip) is the something you own.
They also assign you a pin code, or you use the standard GSM pin-code, which unlocks the personal certificate
on your card. this is the something you know. (the personal certificate won't be regurgitated by the card if you don't type the right pincode). Once you have the personal certificate, you can use this certificate's keys to encrypt and/or sign any messages between the bank and the payer (in this case the parents).
Of course, for a senior project, you won't be able to use all this (building you own SIM-cards and re-programming them might be a bit out of scope). But you should at least be able to to simulate the process (maybe not on a mobile phone, but on a PC), in order to demonstrate that you thought about the problem.
On the receiving side, it's a bit more complicated (or a bit more simple, depending on how you look at it). Since the student does not have the something you own (he does not need to have a bank account with a banking card, or an account with a sim card private key), normal banking rules will apply: He will have to justify his identity (with whatever means are legal in your country: ID-card, passport, drivers license, ...), and present the transaction id to the collecting bank, together with his credentials. The transaction-id does not need to be encrypted, because it will allow the bank clerk to look up the right credentials from the central transaction server, and refuse payment if the physical credentials presented look iffy or do not correspond to the stored credentials.
This is the main difference between the parents transaction, and the students transaction: the parents do an electronic transaction, from the safety of their home or workplace, and use electronic means for justifying their identity. They need 2 factor authentication. The student still has to walk up to the bank counter, and justify ownership of the transaction, by PHYSICAL means. He does not need encryption or electronic signing, because his presence and ownership of the transaction code, plus his legal id is proof enough (and encryption and signing keys these days are so complicated and long that no one can remember them).
That's why I advised you not to use encryption on the message that is passed between the parents and the students: It either would be too easily cracked, or too long, or both.
Now, since this is a senior year project, it's obvious that you will not be able to implement all that. But I think the purpose of a senior project is to demonstrate that you can find solutions which are well-designed, and cater for all eventualities. If you cannot implement encryption algorithms, or mobile phone communications with access to the sim card, so be it. Use mock-ups, implement all your stuff on PC's, but demonstrate that you though about it, and that you've considered all the implications of your system. Have arguments ready when your teachers ask you why you didn't implement a new authentication and signing algorithm. I've given you plenty, and to be honest, I suspect that you could not invent one, your teachers could not invent one, and I'm sure that I couldn't invent one (and I've written online banking software since 1978, notably for the first country-wide ATM networks in Belgium).
Good luck!
|
|
|
|
|
Hello my friend. I think we got to go on the SMS banking thing. But we got one trouble before we submit our proposal. The following is the description. Please, help me if you know any thing about it.
Currently, we are not using GSM modem but CDMA. Because we cant find GSM modem in our area. We also found that a lot of applications that are done using Java MIDI, that are for mobile applications. We also found a tool, Netbeans for developing our software. But there is one thing. We got an application which send and receives SMS messages. But we cant view the SMS message. It is encrypted or I dont know about it. I also found that if I use a port number for it, it will be easy. So we have also found an application which uses GSM and works on serial port.
The problem is we are now using USB (the CDMA works like a flash .... it uses USB port)port not serial port. and the application is not working for us. So, if you know, please, how can use USB port to send data using this CDMA device. By the way we also used Hyperterminal on Windows 7 to work on with this application.
I hopt to hear from u soon. Bye
|
|
|
|
|
Hi,
I have a DataGridView control on a POS application I am writing as a project. I am having issues when trying to remove certain items from the control. Below is an example :-
1 Item 1 $5.00
-Extra 1
-Extra 2
1 Item 2 $10.00
1 Item 3 $2.00
-Extra 1
I want the user to be able to click on an item (or extra) in the datagridview and delete it. I can do this for single items and extras and it works perfectly (using removeat)but when I select an item, I want to check if there are any "extras" associated with the item and remove them aswell. Extras are always immediately below the item in question. My stumbling point seems to be when I remove 1 using RemoveAt, the index numbers change and I get exceptions.
This datagridview is not bound to any datasource and I am creating it on the fly.
Any help with the logic would be muchly appreciated.
Thanks,
Daniel.
|
|
|
|
|
/// My stumbling point seems to be when I remove 1 using RemoveAt, the index numbers change and I get exceptions.
delete items upward from bottom to top of datagrid
|
|
|
|
|
When you delete an item in a list, any list, the indexes of the remaining items may change. There are two easy ways to cope with that:
1. not moving at all: assuming a range of items may have to be deleted, if the first item the be deleted is at index x, use RemoveAt(x); and continue testing for more removals at the same index x, as each removal there will decrement the index of all the # subsequent items by one.
2. working backwards: first determine the range to be deleted, without actually deleting anything; then delete from high index to low index; this also works when the items of interest aren't consecutive.
Beware, whatever you choose to do, a foreach will fail as an enumerator becomes invalid (and will throw an exception) when the collection gets modified.
|
|
|
|
|
its a c# desktop application...i have items in flowlayout panel at form load event from db....i have to sort them ascending or descending order at run time... means user can view those items in ascending or descending order...can anyone help me how i do that..
regards tanzeel
|
|
|
|
|
If you are getting the data from a DB then, assuming you are using a query to do so, investigate the ORDER BY keyword.Here[^] is one reference.
Henry Minute
Do not read medical books! You could die of a misprint. - Mark Twain
Girl: (staring) "Why do you need an icy cucumber?"
“I want to report a fraud. The government is lying to us all.”
|
|
|
|
|
|
I understand that you populate items in flowlayout panel
but my dear friend just tell me which control are you using
to populate the items...
So that it is easier to give you solution
Jinal Desai - LIVE
Experience is mother of sage....
|
|
|
|
|
here is my code:
using System;
class one
{
public int a;
int f;
public bool e(int i)
{
for (f = 2; f <= i; f++)
{
if (i % f == 0)
{
return false;
}
else
{
return true;
}
}
}
}
class control
{
public static void Main()
{
one obj = new one();
Console.WriteLine("ENTER THE NUMBER TO BE CHECKED(SHOULD BE GREATER THAN 2)");
int o=obj.a = int.Parse(Console.ReadLine());
obj.e(o);
if (obj.e(o))
Console.WriteLine("THE VALUE IS PRIME");
else
Console.WriteLine("THE VALUE IS NOT PRIME");
}
}
now when i debug this program it returns an error "not all code paths return a value" pointing at e.
and gives a warning at f++ in the for statement "unreachable".....what is the fault??
|
|
|
|
|
By looking at your code, it seems that you have written a program to checked whether entered number is prime or not.
I am sorry my friend but logic of this program is incorrect.
wjbjnr wrote: not all code paths return a value
This error is coming because its not returning anything if program control doesn't entered inside "for" loop.
You have to make your logic correct.
P.S: Please provide code snippets in code block, it enhances readability of code.
|
|
|
|
|
I'll reformat your code so that we can read it:
using System;
class one
{
public int a;
int f;
public bool e(int i)
{
for (f = 2; f <= i; f++)
{
if (i % f == 0)
{
return false;
}
else
{
return true;
}
}
}
}
class control
{
public static void Main()
{
one obj = new one();
Console.WriteLine("ENTER THE NUMBER TO BE CHECKED(SHOULD BE GREATER THAN 2)");
int o=obj.a = int.Parse(Console.ReadLine());
obj.e(o);
if (obj.e(o))
Console.WriteLine("THE VALUE IS PRIME");
else
Console.WriteLine("THE VALUE IS NOT PRIME");
}
}First of all, why f++ is unreachable. In your code, the for loop will always exit after the first run through - there is no way for it not to. Remove the return true to outside the loop and you'll solve both parts of your problem - the loop condition will be reachable and the code will return a value from all parts.
[Edit]I just want to point out that you need to code for an edge case here. What happens if I put 0 in as a value? The code will never enter the loop and will incorrectly report out that it's a prime number. You should add a check in here to ensure that it's not less than 2 and return the value accordingly.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
My blog | My articles | MoXAML PowerToys | Onyx
modified on Monday, May 10, 2010 7:27 AM
|
|
|
|
|
take a look at this code..
using System;
class one
{
public int a;
int f;
public bool e(int i)
{
if (i <= 2) return false;
}
}
class control
{
public static void Main()
{
one obj = new one();
Console.WriteLine("ENTER THE NUMBER TO BE CHECKED(SHOULD BE GREATER THAN 2)");
int o = obj.a = int.Parse(Console.ReadLine());
obj.e(o);
if (obj.e(o)) Console.WriteLine("THE VALUE IS PRIME");
else
Console.WriteLine("THE VALUE IS NOT PRIME");
}
just look at the upper portion....it still doesnt return a value and gives the same error
now look at this code
using System;
class ChkNum {
// Return true if x is prime.
public bool IsPrime(int x) {
if(x <= 1) return false;
for(int i=2; i <= x/i; i++)
if((x %i) == 0) return false;
return true;
}
}
class ParmDemo {
static void Main() {
ChkNum ob = new ChkNum();
for(int i=2; i < 10; i++)
if(ob.IsPrime(i)) Console.WriteLine(i + " is prime.");
else Console.WriteLine(i + " is not prime.");
}
}
now look at this code(the upper section)..in this also it uses "if(x &lt;= 1) return false;"
in this code this statement works...but not in the first one...why is that!!
|
|
|
|
|
well in the first case there is still a path through the method that doesnt assign a return value you know its like what if i is more than 2 let me just break off here to say how difficult it is to read unformatted code whatever thats just me in the second case all paths through the method assign a return value hope thats cleared things up for u
[EDIT fixed typo]
|
|
|
|
|
While the other both answers are correct, I only want to mention the reasoning behind it.
The code considers all possible exits in a program and if it doesn't achieve the desired result in it, it raises an error.
In your for loop, you have trapped all possible outcomes. So, whatever the number f be, there will be an answer. But what happens when the code doesn't enter the loop? what if i = 1?
Hence, there should be one more return statement after the loop ends.
|
|
|
|
|
take a look at this code..
using System;
class one
{
public int a;
int f;
public bool e(int i)
{
if (i <= 2) return false;
}
}
class control
{
public static void Main()
{
one obj = new one();
Console.WriteLine("ENTER THE NUMBER TO BE CHECKED(SHOULD BE GREATER THAN 2)");
int o = obj.a = int.Parse(Console.ReadLine());
obj.e(o);
if (obj.e(o)) Console.WriteLine("THE VALUE IS PRIME");
else
Console.WriteLine("THE VALUE IS NOT PRIME");
}
just look at the upper portion....it still doesnt return a value and gives the same error
now look at this code
using System;
class ChkNum {
// Return true if x is prime.
public bool IsPrime(int x) {
if(x <= 1) return false;
for(int i=2; i <= x/i; i++)
if((x %i) == 0) return false;
return true;
}
}
class ParmDemo {
static void Main() {
ChkNum ob = new ChkNum();
for(int i=2; i < 10; i++)
if(ob.IsPrime(i)) Console.WriteLine(i + " is prime.");
else Console.WriteLine(i + " is not prime.");
}
}
now look at this code(the upper section)..in this also it uses "if(x <=1) return false;"
in this code this statement works...but not in the first one...why is that!!
|
|
|
|
|
IMPORTANT:
Use 'pre' tags for your code. without those tags, the code is totally unreadable. Also, do preview your post. There are many errors in your post.
Now, the second code works because it considers all possible values of x. if it is less than 1, it returns false. otherwise, for all other values, it can be either true or false.
try changing the code to x<=0
|
|
|
|
|
that maybe...but i just wrote this code in the upper section
public bool e(int i)
<pre> {
<pre> if (i <= 2)
<pre> return false;
<pre> }
even then it gives the same error!!!....wats wrong in this code??
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
