Your Ad Here

INSPIRATION & MOTIVATION

INSPIRATION & MOTIVATION

My Work Profile

Earn wirh Bux

Best of the best bux family 2nd Best Bux Family 3rd Best Bux Family
"I like my new telephone, my computer works just fine, my calculator is perfect, but Lord, I miss my mind!. "

My Article


 ARTICLE-1

HOW DIGITAL CERTIFICATES WORKS

Internet, a virtual world online, is built actually on trust. When we are communicating or getting & sending information with other people online, we don’t actually see the people. But we trust that they are who they say they are. But trust is not enough when it comes to financial transaction or other important communication. But there are crackers and hackers, scammers & con artists in an around us. They are very much active to steal credit card number or our personal & financial information or business secrets information. On the other hand business needs to know that the person sending a data, that is really is who he says he is or an imposter who has managed to steal a data from some one.
Here DIGITAL CERTIFICATE comes to the picture. It is an attachment to an electronic message used to verify that the person sending information, accredit card number or anything  over the internet really is who he claims to be. The certificates place on a person’s hard disk and using an encryption technology, create a unique digital certificate for each person. When some one sends email or goes to a site with a digital certificate, that certificate presented to the site or attached to the email and it validate that the user is who he claims to be.
Due to the use of powerful encryption technology this certificates are quite safe & secure. Probably it is much more safe & secure than the real life signature. In real life signature can be forged but in Internet digital certificate can’t be forges.

Certificate Authorities (CA)
Certificate authorities are an independent, recognized and mutually trusted third party who issued Digital Certificate and guaranteed that the person or site is who it claims to be.
The Digital Certificates contains:
Name of entity
Address of entity,
The certificate’s serial number,
Public Key,
Expiration Date, and
Digital Signature,
The information has been encrypted in such a way that it makes unique for each person. The most widely used standard for Digital Certificate is X.509 and most well known certificate authorities are VeriSign (www.verisign.com) and Thawte (www.thawte.com).
How to Creating the Certificate
Step 1: The certificate authorities verify that the public key belongs to a specific company or individual and the through details validation process it is determines that the company or individual is who it claims. It depends on the CA and on the level of certification.
Step 2: After completion of details validation CA creates an X.509 certificate that contains CA and subject information including the public key. The CA signs the certificate by creating a hash value and encrypting the hash value with its private key. The encrypted hash value is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed." Private Key is very important & CA keeps it very secure because if it is discovered, false certificate would be created.
Public key or Cryptography
Every packet of data sent over the Internet through many public networks, that means access to these packets is not private. So when highly confidential information such as corporate data or credit card numbers, which is transmitted across the Internet, are not save. So the Internet will never be a secure place to do business or send private data, unless there is some way to protect that kind of information.
To protect the confidential information software developers develop encryption & decryption that is information is altered in such a way that to any one other than the intended recipient it will look like meaningless garbage. Again the information is also turned back into the original message by the recipient and only by the recipient. Many complex cryptosystems have been created to allow for this kind of encryption & decryption.
The hearts of cryptosystems are the keys. Keys are secret values that computers use in concert with complex mathematical formulas called algorithms to encrypt and decrypt messages. The concept behind the keys is that if some one encrypts a message with a key, only some one with matching key will be able to decrypt the message.
There are two common encryption systems: secret-key-cryptography, i.e. symmetric cryptography, and public-key-cryptography, i.e. asymmetric cryptography. The most common secret-key cryptography system is the Data Encryption Standard (DES).
How to verify the Certificate
Signed certificate is verified by the recipient’s software, which is mainly the recipient’s web browser. The list of CA’a and their public keys is maintained by the web browser. Web browser uses this appropriate public key decrypt the signature back into the digest. It recomputed own digest from the plain text in the certificate & compares the two. Certificate is verified if both the digest match & the public key in the certificate are assumed to be the valid public key.
VeriSign introduced the some new concept of classes of digital certificate

Class 1        -    For Individual
Class 2        -    For company or organizations-Identity proof required
Class 3        -    For servers & software signing
Class 4        -    For online business transactions between two companies
Class 5        -    For private or governmental security
Digital ID is valid for one year & after that every software has to be resigned. To avoid this companies have introduced time stamping services. Once the software has been time stamped it is not required to resigning the software after Digital ID expires.


Below is picture if a user receives an unsigned component distributed via the Internet?

The following will occur


  • If security settings are set on "High," the client application will not permit the unsigned code to load.

  • If  security settings are set on "Medium," the client application will display a warning like this screen:








Below is the picture if a user receives a signed component distributed via the Internet?





ARTICLE-2

A brief overview of Mobile Banking


Intro









pic-1I suppose I am not to be exaggerating if somebody asks me “where is your bank?” And if I say “in my hand”. Really we can make a several banking operation with the help of mobile phone. In India, there are 400 million mobile populations & growing. Banking population is much less than this & there is tremendous scope for bank to utilize this mobile channel because most of the customers are comfortable with. Bankers are now shifting focus from cost reduction to branch less banking.

Technology


For branch less banking there are two elements. First is Debit/ATM/Smart Card & another is cell phone. Both are technology dependent. ATM or smart card technology is not at all brings down the banking cost, because it involves operation cost, but mobile banking is really a cashless & if our



GSM_ar



MS-Mobile Station ISC-International Switching Centre

BTS-Base Transceiver Station EIR-Equipment Identity Register

BSC-Base Station Controller AUC-Authentication Centre

MSC-Mobile Switch Centre HLR-Home Location Registry

OMC-Operation and Management Centre VLR-Visitor Location Registry

SMSC-Short Message Service Centre



GSM Architecture






Involvement in mobile banking is more then really we will enter in to a cashless economy.


Mainly SMS, GPRS and USSD (Unstructured Supplementary service data), this three technologies are used for mobile banking.




SMS, often called text messaging, is widely accepted for mobile banking because all current mobile devices having a text messaging facility. GPRS, a general-packet-based-radio-service, is widely accepted because its faster data rate. It has become more widely available along with other 2.5G and 3G services. Java enabled handset is required fro GPRS. Banks offer this facility only in GSM mobile, not in CDMA mobile.

Protocol_Overview

Protocol Overview



What Mobile Banking Facilities Bank offered to the customers?



Banking Services



  1. Check balances in the customers current account & savings account,
  2. Check balances in the customers fixed deposit account,
  3. Check & view last 10 transactions in the customers account,
  4. Request for a/c statement for a selected period through E-mail,
  5. Customers can pay bills for registered billers through banks Bill Pay system,
  6. Customers can transfer funds from their account to any other third party account. This system varies from bank to bank,
  7. Customer can request to issue a new cheque book,
  8. Customer can check the status of his issued cheque,

Investment Services

  1. Check investment account holding value,
  2. Investment in mutual fund,
  3. Redeem the investment,
  4. Last 5 NAV of mutual fund



Addl. Customer can change his net banking password. It is advisable to change the password in regular interval.



Who can access & view mobile banking?



Individual Account



Account Type


View


Access


Sole Ownership Account


Yes


Yes-Access & Transact


Joint Account-Single Operation


Yes


Yes-Access & Transact


Joint Account-Joint Operation


Yes


No


Minor Account-Minor


No


No


Minor Account-Guardian


Yes


Yes-Access & Transact


Minor Account-Power of Attorney


Yes


Yes-Access & Transact




Non-Individual Account



Account Type


View


Access


Authorized Signatories-Single Operating


Yes


Yes-Access & Transact


Authorized Signatories-Conditional Operating


Yes


No



How SMS Mobile Banking Works


  1. To avail this facility it is essential to register mobile number with the bank
  2. You must be a subscriber of cellular service provider with whom bank has a tie up with SMS facility,
  3. SMS banking covers most of the basic banking enquiry like, balance enquiry, cheque status, mini statement, Cherye book request & others,
  4. Individual can access only his account.
  5. Transaction is executed when a customer send a command keyword, to the bank, using a short code, a five or six digit number. If a/c holder send ‘BAL’ a/c holder will get a quick response with their a/c balance.

How GPRS enabled mobile banking works

5a074414c6c53a8a

  1. Need a GPRS enable mobile handset & a advanced GPRS subscription from mobile service provider, and also minimum 80 kbps GPRS bandwidth required,
  2. The handset must be Java enabled having MIDP 2.0 and CLDC 1.0 compliant & having a greater than 100kb JAR Memory,
  3. With the help of GPRS menu of service provider download the application provided by the bank and install it,
  4. After installation application icon will be appear in the menu,
  5. Start the application with user ID or nick name & net banking password. After successful login activation key is generated. You have to register this key with the help of bank’s customer care service. After successful registration you will access your account using bank’s mobile banking facility from your mobile phone.
Note: Activation key is required to register every time if you change your mobile phone or reinstall the application software.

How USSD enabled mobile banking works

USSD means Unstructured Supplementary Service Data. This system is only available on GSM networks. Various mobile banking process i.e. balance enquiry, money transfer, bill payment, and top up can be performed through this communication protocol. It is similar to SMS technology only that its data payload limits between 160-182 alphanumeric characters in a single transmission. However this technology has some advantage over than SMS technology

94facd36d06fb3a2

  1. Message delivery is guaranteed
  2. This protocol allows for session based communication between the server & the mobile handset,
  3. USSD application may be performed using a wide variety of mobile application platforms like, WAP,J2ME,SIM Toolkit, CAMAL or using USSD command,
  4. USSD is more secure than standard SMS,
  5. Invoke commands by entering  command codes, no need to install an application into the handset or no need to open a messaging application,
  6. USSD does not cost the end users,

Security

Mobile banking is very attractive due to his convenient approach to perform remote banking, but however, the safety issue is still a concern for several customers. Banks are assuring the customers that the mobile banking is safe just like an iron locker because the transaction work on a four-digit mobile banking PIN. Incorrect pin entries lock the application.

The mobile banking uses secured HTTPS protocol for communication between the mobile client and the mobile server. Secure Hyper Text Transfer Protocol (HTTPS) uses HTTP, but, additionally activates Web server security, in the form of Secure Sockets Layer (SSL), So that the communications between the client and the (host) Web server are encrypted.



Conclusion



As long as technology is save mobile banking is also a save. Globally m-commerce is growing very fast. Every bank is trying to give customer a better opportunity. Advance technologies simplified our life. We can do more out of the bank.

Ref. video: how Barclays Mobile banking works

http://www.barclays.in/channels/mobile/hello_money_demo.htm





Ref. Kotak Mahindra Bank, Barclays India, Indian Overseas Bank

No comments:

Post a Comment

guarantee-referrals

The On Demand Global Workforce - oDesk