VIPANI release 3
The objective of Release 3 is to "secure" transactions in VIPANI and
implement simple "payments." The deadline for this would be Saturday,
For the sake of simplicity and convenience, we will understand how
things can be done for the first business model (supply curve auction).
I would like you to develop and implement "security and payment
protocols" as explained below, for your second business model.
- Note that VIPANI has two types of entities: Buying Agent (B),
and Selling Agents (S). In addition to this, we will have
two more entities:
- Payment Gateway and Banks Combined (call it BANK) and
- Certification Authority (CA).
You need to implement CA and BANK also. Their roles are explained
- CA issues public key certificates to BANK, buying agent, and all
selling agents. Each of these entities will first generate their
respective key pairs and later submit their respective public keys
to CA for certification. A digital certificate iisued by CA will have
the form (ID of entity, public key of entity, expiry date of public key)
and is digitally signed with the private key of the CA. This digital
certificate can be verified using the public key of the CA. All entities in
the system (buying agent, all selling agents, and BANK) are assumed
to have an authentic copy of the public key of CA. Also, the digital
certificate issued by CA to the BANK are assumed to be known by all
- Buying agent and selling agents can open Accounts with BANK and the
BANK issues debit cards to the agents. The Account numbers and Debit Card
are unique to each agent. (These are not credit cards but debit cards.
Note the difference). Protocol for this:
- An agent, say X, requests BANK by sending its ID (ie X),
its public key certificate, and an opening balance, all
encrypted with the public key of the BANK.
- The BANK decrypts the above using its private key.
- The BANK determines the authentic public key of X using
- The BANK issues to X an Account No. and a Debit Card No. along
with opening balance in account. The bank sends this information
encrypted with the public key of X.
- X decrypts the info and knows its account no, debit card no, and
balance in account.
- Selling agents communicate their bids (ie supply curves)
to the buying agent. Each selling agent encrypts the information using the
public key of the buying agent. Along with this "encrypted bid", each
selling agent sends its public key certificate to the buying agent.
The buying agent uses its private key to decrypt the information from
each selling agent.
- Simple Payments: This involves payments by the buying agent to all
"winning" selling agents.
For each winning selling agent (say W), the following activities take place:
- The buying agent sends a "payment advice" to BANK to transfer money
to the account of the selling agent W. This payment advice is encrypted
using the authentic public key of the BANK and is digitally signed by the
- The buying agent also sends a "payment notification" to W, encrypting
it using the authentic public key of W, and signing it with its
private key. W decrypts this using its private key and verifies
signature of buying agent.
- The BANK receives the encrypted payment advice, decrypts using its private
key, and also verifies the signature of the buying agent. The BANK does a
credit to the account of the selling agent W and a debit from the
account of the buying agent.
- The BANK notifies the buying agent and the selling agent W about this.
The notification message for the buying agent is encrypted using the
public key of buying agent and digitally signed. The notification message
for W is encrypted using the public key of W and digitally signed.
- W decrypts the notification from BANK and verifies the BANK's
signature and matches this with the "payment notification" from the
buying agent (Step (b)). W now sends "payment receipt" message to
the buying agent.
You can use CRYPTLIB, CRYPTOPP, CRYPTOOL.ORG,
CRYPTC (from our Informatics Lab), or invoke appropriate APIs from
Java security package (this is part of JDK 1.2, 1.3, 1.4).
Consult Java Tutorial Online for more information
on how to use the Java Security Package. You can also implement some
of the tasks yourself. You may also look into
for more information on open source libraries for cryptography and
Breakup of weightage at the time of Demo for Release 2:
- Is your implementation faithful to the design? You have to explain to
the TAs in what ways your implementation model captures the design model
and in what ways it deviates from the design model. (10%)
- Correctness and completeness of your implementation (20%). Remember
that you are supposed to implement two business models for the second
- Use of design patterns. How effectively have you used design patterns.
Remember that you have to use at least two patterns in a solid way (20%)
- Structuring of your code and quality of your documentation (20%). You
have to walk through your code for this.
- Innovations, any nice algorithms you have used, any interesting
data structures, any technological innovations, etc. (You need to
impress the TAs on these) (20 %)
- Your response to on-line questions asked by TAs (10 %)
Breakup of weightage at the time of Demo for Release 3:
- Implementation of CA - 20 %
- Implementation of BANK- 20 %
- Selling Agent to Buying Agent Transactions - 20 %
- Payment Transactions - 20 %
- Conformance to original design - 10 %
- Online questions - 10 %
Moderators: NR Suri, S. Siva Sankar Reddy & Radhani Kanth