Monthly Archives: November 2011

Introduction

Posted on by
Reply

For my final year project I plan on developing an electronic payment system to support consumers with Near Field Communication (NFC) enabled mobile phones.

The system will have a number of components, briefly outlined below:

  • ePOS Client – This will be a C#.NET Windows Forms application that will initiate transactions. It will allow the user to swipe their phone across a connected NFC reader (USB) in order to submit payment details. These payment details will then be passed to the ePOS Server along with other data such as transaction value etc. This application will be very lightweight. It’s sole purpose will be to perform transactions of a specified value. Connection to the ePOS Server will be via TCP as I understand it to be more suitable than UDP.
  • ePOS Server – This Java application will be a TCP server that will accept transaction/settlement requests from the ePOS Client. It should be multi-threaded to support concurrent requests and also transmit data securely. I’m currently investigation SSL/TLS encryption. At the moment i’m not planning on transacting with real money so I will just have a simple MySQL database of users and available funds. I will then query this to see if a user has sufficient funds to complete the transaction. All transactions will be logged to a MySQL database here.
  • Consumer Mobile Payment App – An Android smartphone app that will allow users to make payments to the system. I think this will be a very basic proof of concept app that will store user details along with a unique id. The unique id will be passed via NFC. I will possibly look into storing data securely using the Secure Element.

Because this system is based on financial transactions security is a major concern. This is good for me as i’ve often wondered about the concept of secure coding. There is a set of requirements known as PA-DSS (Payment Application Data Security Standard) set out by the Payment Card Industry. While I am not striving to get my system PA-DSS certified it would be nice to follow it’s requirements to the best of my ability. This should be a good guide in my quest to develop a secure application.

Another focus of concentration will be on the Java ePOS Server. This is possibly where I will spend most time on research and development. The server must written very well so that it handles multiple requests concurrently and handles all errors gracefully so the server doesn’t crash out.

I think with the last two paragraphs in mind it is probably a good idea to mention my plans for a Test Driven Development (TTD) approach to this project. I have never used Unit Testing before so this may or may not happen depending on the learning curve and time available.

That’s it for the introduction.. Over the past few days I have been reading up on PCI / PA-DSS compliance and programming for NFC readers. I hope to post my findings by the end of the week.

–Conor

Hello World!

Posted on by
Reply

Hello and welcome to my “FYP Blog”,

If you are looking for my main blog it is located here. This blog will be used solely to document my final year project (FYP) as part of the BSc in Computing Science course, which I am studying in Griffith College Dublin.

My aim is to use this blog to document the entire process of research and development for this project. Hopefully, this will result in improving my ability to document projects and also help when it comes to writing the final report (or thesis).

I will try to go into as much detail as possible, along with post code snippets and pictures/screenshots of my work. I’m promising this now in the hope that it will force me to deliver these in the future!

That’s all for now,
Conor