The Legion Of The Bouncy Castle Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

There are a lot of existing mobile banking systems that support fund transfer, mobile banking is software that provides financial banking services with the help of telecommunication devices. Existing banking systems have issues with interoperability, because as we know there are a lot of devices available today, therefore offering mobile banking solution to such devices is a challenge, because some devices support J2ME whereas some support the WAP connectivity browser. This is where existing systems are failing to provide solutions, also there are lot of issues regarding data security, existing systems cannot be trusted regarding same as they sometimes do not guarantee protection to data or even do not suggest measures in case data is compromised, therefore we need to develop a system that will overcome all these drawbacks.

Drawbacks of existing mobile banking system’s:

Existing Banking systems are not secure for transactions.

Therefore, there is very little demand for such systems.

In case of financial systems, such mobile banking systems are only means of cost savings.

When it comes to implementation, no faults are studied in using an ATM network for transactions.

Therefore there is need for a new improved mobile banking system.

Objectives of the System:

The main purpose of this proposed system is to simulate a banking environment on a mobile device, by using security algorithms in order to protect data or keeping the data secured in the processing phase. We will be using suitable encryption algorithm for encrypting data at sender side or decrypting it at the receiver side. This computerization help in speeding up the process therefore helps in time consumption. By this process satisfaction is another key criterion that has to be fulfilled.

With these objectives in mind, this package has been built to satisfy the needs as required. This system maintains the all transaction details of the bank, account holder information, cheque details. The highlight of our system is that the transacted are carried out automatically whenever there is a movement of money transaction form one account to another account the transaction of amount are updated in the respective database and a transaction report can be generated for a specific period of time.

Security to data flowing in the system is done through appropriate security algorithms maintaining the genuineness and validity of the transaction and through daily backup.The Main motive behind using J2ME is to extend all the features of java programming by developing a KVM virtual machine for mobile applications. The virtual machine thus developed provides a secure environment for executing resource constrained mobile devices. We can also create pure wireless java applications by combining J2ME and Java 2 enterprise edition i.e. J2EE.The Mobile banking application thus produced in this research work, thus provides a safe medium for Protecting sensitive data without taking in to consideration the underlying routing protocol used for sending the data. The only requirement needed here, is of MIDP compatible mobile device.

The client side environment:

The programming at the client side is done using J2ME wireless toolkit developed by sun java specifically for designing, execution and deployment of mobile based applications. The J2ME toolkit comes with a set of tools, which allow J2ME developers to build mobile applications using emulation environment, it also comes with documentation and sample examples for beginners, to develop MIDP based mobile applications. Considering the banking environment, the main classes in J2ME supporting in this field is the BankingMidlet class, whereas the AES engine class and its supporting utilities allow to perform encryption/ decryption operations, there is also a keys class which has the responsibility of decrypting the session keys generated for encryption/decryption process at the server. Java archive file (JAR) is used to store the MIDP application and it is this JAR file which is downloaded actually on the physical device along with the descriptor file.

SERVER Side Environment:

Generally all server side applications are created using Java Servlet programming techniques. The server side consists of three servlets in accordance with utilities and encryption classes. All the above files are generally encapsulated in a WAR file i.e. WEB archive file, and deployed in the J2ee web servers like tomcat, or Jboss. The main servlets involved at server side configuration are the authentication servlets, which performs the authentication process for clients, the second is the initialization servlets, also known as Init servlets, which performs the task of generating random challenge and random session keys, the third servlet is called as option servlet responsible for processing client request. These servlets interact with the database by means of program that acts as bridge of communication between the server and database this program is called as JDBC java database connectivity program. JDBC also provides support for connection pooling, support distributed.

The Encryption Algorithm:

An AES Rijndael algorithm is being used here. It is an integrated block cipher wherein an initial input blocks and cipher key produce an output before going through several cycles of transformation. This algorithm can work on blocks of variable length using keys of variable length.

Security Achieved:

1. Secure Network Communication:

The main important aspect for network secure connectivity is to make sure that the encryptions keys which are used to contact must not get to be compromised. In many cases the mobile device acts as a client to get information from the server. Our proposed frame work is not limited to this communication scheme. When the client needs the information from the server, thus, either the server or client need to create a symmetric key which is used to encrypt the communication channel. In our proposed system the mechanism used for generating the symmetric key was tested for securing and for the fastness for the implementation of mobile device. So, our aim is to produce a symmetric key for the mobile device. Therefore once the key is produced, the key must be known to the server, and then both the server and the client were necessary to authenticate each other.

2. On device data security: The critical data like passwords and other secrets are stored very securely by using the proposed framework.

3. Strong cryptography algorithm support.

Fig: Password Based Encryption Flow

Fig: Password Based Decryption Flow