vCred

vCred


Disclaimer

This essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything else useful to implementing this project. Everything I have prepared to help you is right here.

This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project, and research the information yourself to solve them.

Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.

Though I am a programmer by profession, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.

Please do not email me about this project without reading the disclaimer above.

Sarah Palin humiliated herself by accepted a call from The Masked Avengers, a Québec comedy team pretending to be Nicholas Sarcozy, the president of France. She was taken in and made at utter fool of herself in front of the whole world. How could she have protected herself?

The problem mainly arises when someone phones whose voice you don’t already know. However, people can be also be fooled by good voice impersonators. vCred (pronounced Vee-kred) is a way of checking the credentials of someone calling you on the phone. It is much like asking them to present their id card had they showed up at the door.

How does the system work

If your phone is connected to a computer, you hit send-credentials button on the computer that runs a Java program. If you have smart cellphone, you press a button that runs a Java computer program on the cellphone.

If you are receiving, you hit a request-credentials button. On your screen you then see the name of whom is calling you, (and perhaps some other data) and the name of the certificate company that has verified this.

Note the procedure is not necessarily mutual. One end may validate the credentials of the other with the other remaining anonymous. Unline caller-id that gives you the phone number calling in, vCred gives you the name (and possibly other information such a company and title) of the caller.

Under the Hood

There are several ways the two ends could communicate: The basic application is standard digital signing with a public and private keys. To verify an identity, you send a random challenge phrase to the other end who returns it signed with the private key, along with the public certificate (which contains the identity info and the public key).

Each subscriber needs to buy a certificate from an established certificiate authority. The certificate company is responsible for checking ID such as passports before issuing electronic id. This is similar to a premium email certificate or code-signing certificate

The main difficulty is shoehorning such an app into a cellphone where you may not have enough RAM (Random Access Memory) and all the Java libraries such as BigDecimal and JCE (Java Cryptography Extension) . What you might do in this case is offload some of the work to a server, perhaps one managed by the certificate-issuing company. You could do a simpler purely server-based scheme where each end logs in with SSL (Secure Sockets Layer) and sends commands to send or request id info. The problem then is both ends would need Internet access. You would then have to think how you could scale such a system to work with many servers and many vendors. It might be useful for proof of concept.

BusTel
certificate
JavaPhone
JCE
SSL
Tel-ID
The Transporter
TLS
vCard

This page is posted
on the web at:

http://mindprod.com/project/vcred.html

Optional Replicator mirror
of mindprod.com
on local hard disk J:

J:\mindprod\project\vcred.html
logo
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.
no blog for this page
IP:[65.110.21.43]
Your face IP:[54.204.168.212]
You are visitor number