Safe and Secure Online Banking Sytem (1)

8/13/2019 Safe and Secure Online Banking Sytem (1)

1/32

Prepared by:Sagar R PatilShashank B SinghIndrajeet D Thakur(B.E-IT-B-44)

Under the guidance of :Mrs.Hetal Amrutia


2/32

A System allowing individuals to performbanking activities at home,via internet.

The automated delivery of new andtraditional banking products and servicesdirectly to customers through electronic,

interactive communication channels.


3/32

Substitute for traditional banking system

Customer need not to visit all the time tothe bank.

Transactions can be done by sitting at home.

No need to stand in queue for varioustransactions.


4/32

The concept of Internet banking has been simultaneouslyevolving with the development of the world wide web.

Programmers working on banking data bases came up with

ideas for online banking transactions, some time duringthe 1980's.

The online shopping promoted the use of credit cards

through Internet.

The first online banking service in United States was

introduced, in October 1994.


5/32

THERE WILL BE THREE TIER ARCHITECTURE

TIER 1: PRESENTATION TIER:- IT REPRESNTS

THE USER INTERFACE IMPLEMENTED BY

DYNAMIC HTML TIER 2:MIDDLE TIER:-THIS TIER PROVIDES

ALL THE BUSINESS LOGIC AND WILL BE

IMPLEMENTED USING JSP AND SERVLETS.

TIER 3: DATA TIER:- THIS TIER IS ACTUALLY

DATA ACCESS LAYER IMPLENTED USING

MYSQL AND DB CONNECTIVITY.


6/32

STEP 1: LOGIN user needs to login using customer_id and

password.


7/32

Step 2: SELECTION OF THE ACCOUNT TYPE

1) SAVING

2) CURRENT


8/32

1. viewing account balances.

2. viewing recent transactions.

3. downloadingbank statements, for example

in PDFformat

4. viewing images of paid cheques.

5. ordering cheque books.
http://en.wikipedia.org/wiki/Bank_statementhttp://en.wikipedia.org/wiki/PDFhttp://en.wikipedia.org/wiki/Chequehttp://en.wikipedia.org/wiki/Chequehttp://en.wikipedia.org/wiki/PDFhttp://en.wikipedia.org/wiki/Bank_statement


9/32

6. Transfer of funds.

7. Change of address .

8. Bill payments.

9.Create or delete account.


10/32

Benefits for Banks

Benefits for Small to Medium Businesses

Benefits for Customers .


11/32

B

Larger customer coverage

Reducing the costs of operations

Promoting their services and

products internationally

Increasing the customersatisfaction and providing a

personalized relationship with

customers

Benefits for Banks


12/32

Benefits for Small to Medium Businesses

To run its operations more

effectively

Lower cost than traditional

financial management

mechanisms


13/32

Benefits for Customers

Convenience 24 hours a day, seven days a week

Cost Reducing transfer fees

Speed Faster circulation of assets

Competitiveness - Fostering competition in financial market

Communicate easily

Abolishing the uses of paper

Offering one-stop-shop solutions


14/32

Security Risk Increasing number of fraudulent bank websites

For Eg. A suspicious bank

website:www.sbionline.com Original bank

websitewww.onlinesbi.com Fake emails purporting to be sent from banks

Email send from Fraudulent bank

Verify the personal information

Guide customer enter the fraud link

Disclosing their ATM card numbers and their

passwords


15/32

Security will be implemented using ssl technolgy .

So that there will be secured transfer of data between

customers and banks.

Proper encryption technology like md5 will be use tostore the data in database.

There will be two kinds of password

1. Login password 2.Transaction password


16/32

specific guidance will be provided to the customers.

adequate measures will be taken to ward off any

problems related to the security of internet banking

Online banking tutorials will be provided to help

familiarize people with internet banking.


17/32


18/32

Step1 : Append padding bitsThe input message is "padded" (extended) so that itslength (in bits) equals to 448 mod 512. Padding is alwaysperformed, even if the length of the message is already 448

mod 512.Padding is performed as follows: a single "1" bit is appendedto the message, and then "0" bits are appended so that thelength in bits of the padded message becomes congruent to448 mod 512. At least one bit and at most 512 bits are

appended.


19/32

Step2 : Append lengthA 64-bit representation of the length of the message isappended to the result of step1. If the length of the messageis greater than 2^64, only the low-order 64 bits will beused.

The resulting message (after padding with bits and with b)has a length that is an exact multiple of 512 bits. The inputmessage will have a length that is an exact multiple of 16(32-bit) words.


20/32

Step3 : Initialize MD bufferA four-word buffer (A, B, C, D) is used to compute themessage digest. Each of A, B, C, D is a 32-bit register. Theseregisters are initialized to the following values in

hexadecimal, low-order bytes first):

word A: 01 23 45 67

word B: 89 ab cd ef

word C: fe dc ba 98word D: 76 54 32 10


21/32

Step4 : Process message in 16-word blocksFour functions will be defined such that each functiontakes an input of three 32-bit words and produces a 32-bit

word output.

F (X, Y, Z) = XY or not (X) ZG (X, Y, Z) = XZ or Y not (Z)H (X, Y, Z) = X xor Y xor ZI (X, Y, Z) = Y xor (X or not (Z))


22/32

Round 1.

[abcd k s i] denote the operation a = b + ((a + F (b, c, d) + X[k] + T [i])


23/32

SSL Technique:


24/32

SSL session an association between client & server created by the Handshake Protocol define a set of cryptographic parameters

may be shared by multiple SSL connections SSL connection

a transient, peer-to-peer, communications link associated with 1 SSL session


25/32

confidentiality using symmetric encryption with a shared secret key

defined by Handshake Protocol

IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40,

RC4-128 message is compressed before encryption

message integrity using a MAC (Message Authentication Code) created

using a shared secret key and a short message


26/32

one of 3 SSL specific protocols which use the SSLRecord protocol

a single message

causes pending state to become current hence updating the cipher suite in use


27/32

conveys SSL-related alerts to peer entity

severity warning or fatal

specific alert unexpected message, bad record mac, decompression failure,

handshake failure, illegal parameter

close notify, no certificate, bad certificate, unsupportedcertificate, certificate revoked, certificate expired, certificate

unknown compressed & encrypted like all SSL data


28/32

allows server & client to: authenticate each other

to negotiate encryption & MAC algorithms

to negotiate cryptographic keys to be used

comprises a series of messages in phases Establish Security Capabilities

Server Authentication and Key Exchange

Client Authentication and Key Exchange Finish


29/32


30/32

SOFTWARER REQUIREMENTS:1. HTML for designing the front end.

2. JAVA/JAVASCRIPT for business logic.

3. MY-SQL for database. HARDWARE REQUIREMENTS:

1. Minimum processor-intel P4 or above.

2. RAM greater than 256 mB.

3. Minimum harddisk -80GB.


31/32

As we have seen that the performance and securityaspects of MD5 for encryption and decryption overother algorithms, we would be implementing Md5,

To secure the connection between client and bankserver and bank and transaction server we would beimplementing SSL protocol due to its superior

characteristics.


32/32

Thank You

Documents

Safe and Secure Online Banking Sytem (1)