StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Purchase Using Biometric Information - Research Paper Example

Summary
The paper "Purchase Using Biometric Information" analyzes that the biometric system is already in place, and it has all the data for mobile biometric access. I.e. the fingerprint system for mobile phones that have an already built-in fingerprint scanner has the system in place…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.2% of users find it useful

Extract of sample "Purchase Using Biometric Information"

Table of Contents

PROJECT PART ONE3

1.1.Background3

The biometric system is already in place, and it has all the data for mobile biometric access. Ie the finger print system for mobile phones that have an already built in finger print scanner have the system in place. The database is then linked with the DES-based symmetric cryptosystem for access with phones that do not have the scanner. This assumption, therefore, allows the vendor server to access two systems, one of a mobile phone with a scanner and that of a phone without the finger print scanner, although it cannot differentiate for it is accessing information from the service provider server.3

The service provider server has to authenticate the buyer’s identity with the same accuracy as the biometric system. It should have equal security protocol as the finger print reader. 1.2. Goals3

1.3. Scope4

1.4. Key Stakeholders4

1.5. Project Milestones4

1.6. Acceptance criteria Authenticating the Buyer5

1.7. Project Budget7

1.8. Constraints7

In order to ensure the stipulated condition is met, the service provider will checks PC to confirm the is not an old one being replayed (Ratha et al., 2001). Since the purchase of the order PC is sent by both the buyer and the service provider, the buyer will have to initiate a second purchase if the process will be repeated by mistake.7

1.9. Assumptions7

1.10. Risks8

In order for the confidentiality of the fingerprints to be maintained, there has to be certificate authority (CA) that will give each user a digital certificate. Entity authentication has to be created in order for the digital certificate to provided (Ray Stanton, 2005). This leads to the generation of a public and private key simultaneously. The public key is publicly accessible, but the private key can only be issued by the CA. In the protocol above the public key IA identifies the service provider server. However, in order to ensure there is authenticity, the service provider server requests for a private key from the CA in order to decrypt the cipher text (Jain et al., 1997).8

1.11. Lessons learned8

1.12. Develop Project Charter9

The encrypted key is BAB. The service provider will then use the private key; BAB matched against BAL, to recover the buyer’s AES key, d.9

1.13. Approval Signatures9

1.15. Work Breakdown Structure of the project11

1.16. Work Breakdown Structure dictionary of the project12

PART TWO OF THE PROJECT13

2.1. The project plan-Time13

2.1.1. Ganttchart13

2.1.2. Precedence Diagram Method13

2.1.3. Crashing technique14

2.1.4. Fast tracking” technique14

2.1.5. ONE LEAD and ONE LAG to the Gantt chart14

2.1.6. Project Schedule Baseline using MS Project software14

2.1.7. The project plan-cost15

Risk Breakdown Structure15

Project Risk Register15

The risk response plan16

  • PROJECT PART ONE
    • Background
  • The biometric system is already in place, and it has all the data for mobile biometric access. Ie the finger print system for mobile phones that have an already built in finger print scanner have the system in place. The database is then linked with the DES-based symmetric cryptosystem for access with phones that do not have the scanner. This assumption, therefore, allows the vendor server to access two systems, one of a mobile phone with a scanner and that of a phone without the finger print scanner, although it cannot differentiate for it is accessing information from the service provider server.

The vendor machine will only access information on the customer from the service provider, therefore, it cannot take encrypted data both symmetrically and asymmetrically from the buyer.

  • The service provider server has to authenticate the buyer’s identity with the same accuracy as the biometric system. It should have equal security protocol as the finger print reader.1.2. Goals

The mobile user is able to send his purchase without availing his biometric information to the vending machine (Anderson, 1995; Schneier B., 1999). The finger print data is requested by the service provider after an initialization by the vending machine. To conceal the data, the protocol at (9) ensures that biometric information of the buyer is only sent to the service provider, and only the service provider has the capacity to decrypt d, which contains the biometric information of the buyer.

The system will make use of a hybrid cryptosystem. It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server. As such, it will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message.

  • 1.3. Scope
  • The buyer generates a random number, RB, which will be a transaction for a specific purchase.
  • The buyer is prompted to construct a message M’= (TB, RB, IA, BAB (d)), where TB is the buyer’s timestamp, IA is the identity of the service provider server and d is a small piece of arbitrary data. d is embedded in a bipartite betoken BAB generated from the service provider’s betoken obtained from CA the service provider’s certificate. In this case, d will be an encrypted data to present the biometric information of the buyer.
  • The buyer sends DB (M’) to the server. DB is the buyer’s private key
  • The service provider will then use EB in decrypting DB (M’). EB is the buyer’s public key, which is an alternative for the finger prints required on the phone with the finger print scanner. This verifies both the buyer’s signature and the integrity of the signed information
  • The service provider the checks IA in M’ for accuracy. This is the biometric database of the buyer.
  • The service provider server checks the TB in M’ in order to confirm the message is current.
  • The service provider server submits a biometric sample to a sensor, which prompts a biotoken BAL to be generated from the sample. BAL is matched against BAB (d), releasing d. If the released d is a match to the sent d, then the service provider can be sure of the real identity of the buyer based on his biometric data
  • The system will make use of a hybrid cryptosystem. It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server. As such, it will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message.
  • 1.4. Key Stakeholders

Client

[name]

Sponsor

[name]

Project manager

[name]

Project team members

[name],

  • 1.5. Project Milestones

Learning new skills and research of background information

Two weeks

Gathering of the necessary requirements as well investigation

Two weeks

Design of the product

Three weeks

Development of the product

One month

Evaluation of the product

Two weeks

Preparation of the final report

Two weeks

Other

Total number of time period

Three months,three weeks

  • Creation of a great product: The product needs to be original where it should be able to solve the intended problem. It should be designed based on the visuals as well as user experience
  • Built In-Virality: The viral mechanism should be incorporated into the app’s core functionality to enable the users to attract a network of other users
  • The choice of the type of phone: Android is seen to be the most dominant platforms and hence it should be considered to be part of the roadmap.
  • Consideration of small markets: It is very easy to begin with smaller markets before advancing to bigger markets since there are higher chances of high volumes.
  • Marketing: It is considered to be very critical where it is important to attract the first lot of users and hence able to understand the actual value of every user prior to further systematic campaigns
  • 1.6. Acceptance criteriaAuthenticating the Buyer

In order to release d, the protocol has to confirm that that the AES key, is a match to that on the biometric database. In this case, BAB has to be a match with the BAL, for the message to be accepted (Monrose et al., 2000). In order for the match to be existent, the legitimate buyer identified by the service provider server has to be the one to send it, otherwise it will not be a match

Authenticating the Vendor

The service provider has to ensure that there is consistency in the location of the vending machine, IC. The service provider will the decrypt decrypting DB in order for the machine’s signature and integrity to be confirmed (Pankanti et al., 2002).

Before submitting the app to the given store, I should make sure that I have done complete testing. It would be appropriate to generate Beta users who may provide feedback on the general user experience as well as if the performance is up to their expected standards. The feedbacks from the users are very critical and it enables to know if the app meets the needs of the user (Wayman, 2001).

  • The buyer generates a random number PC the purchase order
  • The buyer constructs a purchase message M= (TC , PC ,IC ,IA ), where TC is the buyer’s time stamp, IC is the vending machines identity and IA is the identity of the service provider.
  • The buyer sends (CC, DC (M)) to the vending machine. CC is the buyer’s certificate, the mobile number and DC is the buyer’s private key.
  • The vending machine verifies CC and obtains EC. The vending machine ensures that the data is not expired. EC is the buyer’s public key
  • The vending machine decrypts DC using EC in verifying the buyer’s signature and integrity of the sent information.
  • The vending machine checks TC and IC to ensure the purchase is current, and there is accuracy in identity.
  • If the data is valid, accurate and not expired, the vending Machine sends the service provider server a message M1= (TB ,CB, IB, Cc ,AC, DB, PC) where TB is the vendor’s time stamp, CB is the buyer’s certificate, IB is the vending machine identity as identified by the service provider server, Cc is buyer’s mobile number and AC is a request for access to the buyers account. DB is the vendors private key.
  • The service provider verifies CB, and obtains EB by decrypting DB where the vending machine’s signature and integrity is confirmed.
  • The service provider server sends the client a message requesting for his biometric authenticity.
  • The buyer sends the provider a message M’= (TB, PC, IA, IC BAB (d)), where TB is the buyer’s timestamp, IA is the identity of the service provider server and d is a small piece of arbitrary data. d is embedded in a bipartite betoken BAB generated from the service provider’s betoken obtained from CA the service provider’s certificate. In this case, d will be an encrypted data to present the biometric information of the buyer.
  • The buyer sends DB (M’) to the server. DB is the buyer’s private key
  • The service provider will then use EB in decrypting DB (M’). EB is the buyer’s public key, which is an alternative for the finger prints required on the phone with the finger print scanner. This verifies both the buyer’s signature and the integrity of the signed information
  • The service provider the checks IA in M’ for accuracy. This is the biometric database of the buyer.
  • The service provider server checks the TB in M’ in order to confirm the message is current.
  • The service provider server submits a biometric sample to a sensor, which prompts a biotoken BAL to be generated from the sample. BAL is matched against BAB (d), releasing d. If the released d is a match to the sent d, then the service provider can be sure of the real identity of the buyer based on his biometric data
  • The service provider checks PCto confirm the is not an old one being replayed
  • After biometric data verification and that the message is not a repeat, the service provider send the vending machine confirming the purchase and access to the buyers account. M= CA
  • The vending machine obtains CA from which it debits its account and credits the buyer’s account before allowing the products to be purchased.
  • If the account balance allows for the purchase, the vending machine releases the products, otherwise it sends a message to the buyer explaining the insufficient funds in his account.
  • 1.7. Project Budget

Extra production supervisor cost

85000

two extra production staff cost

55,000

Variable overhead cost

14.3

Fixed overhead cost

46200

Variable marketing cost per unit

2

  • 1.8. Constraints
  • In order to ensure the stipulated condition is met, the service provider will checks PC to confirm the is not an old one being replayed (Ratha et al., 2001). Since the purchase of the order PC is sent by both the buyer and the service provider, the buyer will have to initiate a second purchase if the process will be repeated by mistake.
  • 1.9. Assumptions

The protocol utilises three way protocol, between the buyer and the vending machine, the vending machine and the service provider server, and between the buyer and the service provider (Claudia et al., 2006). The buyer initialises the protocol, by sending the vendor machine a purchase order. The message has an AES key that is public to the sender, and will have to be decrypted by the vending machine in order to verify the authenticity of the buyer (Wei-Po Lee, 2007).

The vending machine then requests for access to the account information of the buyer via the service provider. Again, the vending machine’s location and authenticity has to be verified by the service provider, before the service provider initialises communication with the buyer requesting his for the download of his biometric information, and revealing his/her account information to the vending machine (Marie., 2001).

The service provider requests the buyer’s information, which uses the same protocol as discussed in question one above. After verification, the service provider send account information to the vending machine, which approves the purchase if the buyer has enough credit on his/ account, otherwise it terminates the purchase with a message (Micah et al., 2005).

  • 1.10. Risks
  • In order for the confidentiality of the fingerprints to be maintained, there has to be certificate authority (CA) that will give each user a digital certificate. Entity authentication has to be created in order for the digital certificate to provided (Ray Stanton, 2005). This leads to the generation of a public and private key simultaneously. The public key is publicly accessible, but the private key can only be issued by the CA. In the protocol above the public key IA identifies the service provider server. However, in order to ensure there is authenticity, the service provider server requests for a private key from the CA in order to decrypt the cipher text (Jain et al., 1997).

Following the process of authentication there is attainment of the public keys by the group members. There is application of the symmetric cipher algorithm by the web of trust for the purposes of confidentiality and the file of interests is encrypted with the use of key K. The data is prevented from forgery, modified or replaced by use of integrity mechanism hence, during this process it will not be detected and authenticity will indicate the guarantee of the sender sending the message (Armstrong, 2003). The function of SHA-1 is used here where the message authentication code (MAC) is generated and this acts as a warrant of assuring the other party that the file is genuine as well as guarantee data integrity (Maltoni et al., 2003).

Three security goals are met after designing the protocol and include:

  • Resistance against third party attacks and impersonation
  • Authentication amongst the group members
  • The actual identity anonymity

The level of anonymity: The cryptographic hash function is applied by PT. For instance; there is generation of the PIs from the SHA-1 function due to the efficiency of the function as it is easy to use. Also due to publicly availability of this hash function to all networks where there is no sharing of sensitive information. Both factors are considered to be relevant for the environment that is in the form of P2P (Maltoni et al., 2003).

  • 1.11. Lessons learned

These skills will be acquired from reliable sources such as work previously done related to mine. These previous work done will be obtained from journals, books and other reliable materials and sources such as from supervisors etc. The resources will as well be gained through practice as I will be acquainted to specific skills

  • 1.12. Develop Project Charter

Inputs

Tools and Techniques

Outputs

Hybrid cryptosystem

It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server.

It will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message

  • The encrypted key is BAB. The service provider will then use the private key; BAB matched against BAL, to recover the buyer’s AES key, d.

The buyer will use a symmetric key (AES key), BAB,to encrypt his message, which in this case is M’.

  • Creation of a great product
  • Built In-Virality
  • Marketing
  • 1.13. Approval Signatures

[Name], Project Client

[Name], Project Sponsor

[Name], Project Manager

1.14. Project Plan-Scope management

Project Scope Statement

Project Title: The biometric system development

Date:

Prepared by:

Project Justification:

The biometric system is already in place, and it has all the data for mobile biometric access. Ie the finger print system for mobile phones that have an already built in finger print scanner have the system in place. The database is then linked with the DES-based symmetric cryptosystem for access with phones that do not have the scanner. This assumption, therefore, allows the vendor server to access two systems, one of a mobile phone with a scanner and that of a phone without the finger print scanner, although it cannot differentiate for it is accessing information from the service provider server.

The vendor machine will only access information on the customer from the service provider, therefore, it cannot take encrypted data both symmetrically and asymmetrically from the buyer.

The service provider server has to authenticate the buyer’s identity with the same accuracy as the biometric system. It should have equal security protocol as the finger print reader.

Product Characteristics and Requirements:

1. The system will make use of a hybrid cryptosystem. It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server. As such, it will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message.

2. The buyer will use a symmetric key (AES key), BAB,to encrypt his message, which in this case is M’. The service provider obtains the AES key in order to decipher it. In order to ensure the transfer of AES key is secured, the buyer sends both the encrypted key and encrypted message to the server (Katz & Lindell 2007). The encrypted key is BAB.

3. The service provider will then use the private key; BAB matched against BAL, to recover the buyer’s AES key, d.

Summary of Project Deliverables

The buyer will use a symmetric key (AES key), BAB,to encrypt his message, which in this case is M’. It will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message.

Project management-related deliverables:

  • The biometric system is already in place, and it has all the data for mobile biometric access. Ie the finger print system for mobile phones that have an already built in finger print scanner have the system in place.
  • The vendor machine will only access information on the customer from the service provider, therefore, it cannot take encrypted data both symmetrically and asymmetrically from the buyer.
  • The service provider server has to authenticate the buyer’s identity with the same accuracy as the biometric system.
  • The mobile user is able to send his purchase without availing his biometric information to the vending machine
  • The system will make use of a hybrid cryptosystem. It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server.
  • Before submitting the app to the given store, I should make sure that I have done complete testing.
  • The feedbacks from the users are very critical and it enables to know if the app meets the needs of the user
  • The protocol utilises three way protocol, between the buyer and the vending machine, the vending machine and the service provider server, and between the buyer and the service provider
  • In order for the confidentiality of the fingerprints to be maintained, there has to be certificate authority (CA) that will give each user a digital certificate.
  • Entity authentication has to be created in order for the digital certificate to provided (Cole 2009). This leads to the generation of a public and private key simultaneously.
  • The public key is publicly accessible, but the private key can only be issued by the CA. In the protocol above the public key IA identifies the service provider server.
  • These skills will be acquired from reliable sources such as work previously done related to mine. These previous work done will be obtained from journals, books and other reliable materials and sources such as from supervisors etc.

Product-related deliverables/Acceptance Criteria:

  • Authenticating the Vendor: The service provider has to ensure that there is consistency in the location of the vending machine, IC.
  • Authenticating the Buyer: In order to release d, the protocol has to confirm that that the AES key, is a match to that on the biometric database.

Project Exclusions: The vendor machine will only access information on the customer from the service provider, therefore, it cannot take encrypted data both symmetrically and asymmetrically from the buyer.

Poject Assumptions: This assumption, allows the vendor server to access two systems, one of a mobile phone with a scanner and that of a phone without the finger print scanner, although it cannot differentiate for it is accessing information from the service provider server.

Project Constraints: Since the purchase of the order PC is sent by both the buyer and the service provider, the buyer will have to initiate a second purchase if the process will be repeated by mistake.

  • 1.15. Work Breakdown Structure of the project

  • 1.16. Work Breakdown Structure dictionary of the project

WORK BREAKDOWN STRUCTURE DICTIONARY

PROJECT TITLE: The biometric system development

WBS ITEM NUMBER:01

WBS ITEM NAME: 01

TASK DESCRIPTION:

The protocol utilises three way protocol, between the buyer and the vending machine, the vending machine and the service provider server, and between the buyer and the service provider

ACCEPTANCE CRITERIA

The feedbacks from the users are very critical and it enables to know if the app meets the needs of the user. Before submitting the app to the given store, I should make sure that I have done complete testing.

DELIVERABLE(S)

  • Creation of a great product
  • Built In-Virality

RESOURCES ASSIGNED

Extra production supervisor cost

Two extra production staff cost

Variable overhead cost

Fixed overhead cost

DURATION Three months, three weeks

COST $200000

DEPENDENCIES AFTER (SUCCESSOR)

DEPENDENCIES BEFORE (PREDECESSOR)

DUE DATE

APPROVED: PROJECT MANAGER

  • PART TWO OF THE PROJECT
  • 2.1. The project plan-Time
  • 2.1.1. Ganttchart

  • 2.1.2. Precedence Diagram Method

  • 2.1.3. Crashing technique

  • 2.1.4. Fast tracking” technique

  • 2.1.5. ONE LEAD and ONE LAG to the Gantt chart

  • 2.1.6. Project Schedule Baseline using MS Project software

  • 2.1.7. The project plan-cost
  • Risk Breakdown Structure

  • Project Risk Register

 No.

Risk

Description

Category

Root Cause

Potential Responses

Risk Owner

Probability

Impact

Result

 1

 Computer malfunction

 Technical problem

 A

 Technical

 Repair/ replacement

 Mr.

 High 10

 High 10

 50

 2

 Delay of funding

Money to fund the project

 B

 Accountability delays

 Identify the root cause

 Mr.

 Medium 5

 High 10

 50

 3

 Lack of cost information

 System failure

 A

 System failure or incompetence

 Correct the problem

 Mr.

 Medium 5

 Medium 5

 20

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • The risk response plan

Conclusion

The mobile user is able to send his purchase without availing his biometric information to the vending machine. The finger print data is requested by the service provider after an initialization by the vending machine. To conceal the data, the protocol at (9) ensures that biometric information of the buyer is only sent to the service provider, and only the service provider has the capacity to decrypt d, which contains the biometric information of the buyer. The vendor machine will only access information on the customer from the service provider, therefore, it cannot take encrypted data both symmetrically and asymmetrically from the buyer. The service provider server has to authenticate the buyer’s identity with the same accuracy as the biometric system. It should have equal security protocol as the finger print reader. The system will make use of a hybrid cryptosystem. It will combine both the public key cryptography, the buyer’s key with the private key cryptography, the key from the service provider server. As such, it will utilise the public key cryptography in encrypting the symmetric session key before using the symmetric cryptography for securing the message

Read More
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us