complete m-banking srs`1

8/12/2019 COMPLETE m-Banking SRS`1

1/28

Mobile Banking (M-Banking)

Software requirement Specification

S.S.Jain Subodh College

Jaipur-202021

Team MembersChanchal Garg

Anju Khandelwal

Project Guide


2/28

INDEX

1. Introduction

1.1 Objective 05

1.2 Purpose 05

1.3 A Mobile Banking Conceptual Model 0

1.! "e#initions and Abbreviations 0$

1.5 %e#erences 0&

1. Overvie' 0&

1.$ (ools to be used 12

1.) (ec*nologies to be used 13

2. Overall Description

2.1 Product Perspective 1!

2.2 +et'ork Con#iguration 1$

2.3 ,o#t'are -eatures 1)

2.! ,ervice Overvie' 20

2.5 Bene#its 20

2. nter#aces and Protocols 22

3. Security, Operation and Maintenance

3.1 ,calabilit/ 23

3.2 ndtoend ,ecurit/ 23

3.3 ,ecurit/ and Con#identialit/ o# in#oration 2!


3/28

3.! ,trong 2-actor Aut*entication 25

3.5 "ata ntegrit/ 25

3. +on%epudiation 25

3.$ Cr/ptograp*ic Operations 2

3.) (ransaction -lo' 2$

3.& Operating ,/ste %euireents 2)

3.10 Operation and Maintenance 2&

1. ntroduction4


4/28

Mobile bankinalso kno'n as MBanking or ,M, Banking6 is a ter used #or

per#oring balance c*ecks7 account transactions7 pa/ents7 credit applications and

ot*er banking transactions t*roug* a obile device suc* as a obile p*one or

Personal "igital Assistant P"A6. (*e earliest obile banking services 'ere o##ered

over ,M,. 8it* t*e introduction o# t*e #irst priitive sart p*ones 'it* 8AP support

enabling t*e use o# t*e obile 'eb in 1&&&7 t*e #irst uropean banks started to o##er

obile banking on t*is plat#or to t*eir custoers.

Mobile banking *as until recentl/ 20106 ost o#ten been per#ored via ,M, or

t*e Mobile 8eb. Apple9s initial success 'it* P*one and t*e rapid gro't* o# p*ones

based on :oogle9s Android operating s/ste6 *ave led to increasing use o# special

client progras7 called apps7 do'nloaded to t*e obile device.

Mobile p*one usage *as spread in a ver/ broad anner7 becoing t*e #irst

counications tec*nolog/ to *ave ore users in developing countries t*an in

developed ones. 8it* obile counications alread/ as a prie case #or leap#rogging

traditional in#rastructure7 obile banking MBanking6 *as great potential #or e;tending

t*e provision o# #inancial services to unbanked people t*roug* a tec*nolog/ t*at is bot*

#ailiar and 'idespread.

1.1 Ob!ective"

(*is project is aied at developing obile banking s/ste t*at allo's bank custoer

to use t*eir obile p*one to do banking7 pa/ing Bills etc. (*e objective o# t*is concept

note is to ake t*e case t*at obile pa/ent s/stes erit #urt*er e;ploration #ro

t*e M- as a #irst step to'ards e;tending access to #inancial services to t*e poor and

t*ose living in reote areas.

1.2 Purpose4


5/28

(*e ain purpose o# t*is docuent is to s*o' t*e reuireents o# t*e project

#$%ankin. (*e purpose o# So&t'are (e)uire#ents Speci&ication *S(S+ docuent

is to describe t*e bene#its associated 'it* MBanking and increased access to better7

lo' cost #inancial services #or t*e currentl/ unbanked population include4 easier and

sa#er cas* *andling7 allo'ing #or t*e possibilit/ o# investing in asset creation or incoe

generating activities< reduced vulnerabilit/ to cas* #lo' s*ocks< and in general7 stronger

econoies b/ encouraging trade and arkets. t also describes t*e design constraints

t*at are to be considered '*en t*e s/ste is to be designed7 and ot*er #actors

necessar/ to provide a coplete and copre*ensive description o# t*e reuireents

#or t*e so#t'are. (*e ,o#t'are %euireents ,peci#ication ,%,6 captures t*e

coplete so#t'are reuireents #or t*e s/ste7 or a portion o# t*e s/ste.

%euireents described in t*is docuent are derived #ro t*e =ision "ocuent

prepared #or t*e Banking.

1.3 A Mobile Banking Conceptual Model4

n one acadeic odel7 obile banking is de#ined as4

Mobile Banking re#ers to provision and availent o# banking and #inancial services 'it*

t*e *elp o# obile telecounication devices. (*e scope o# o##ered services a/

include #acilities to conduct bank and stock arket transactions7 to adinister accounts

and to access custoi>ed in#oration.

According to t*is odel Mobile Banking can be said to consist o# t*ree interrelated

concepts4

Mobile Accounting

Mobile Brokerage

Mobile -inancial n#oration ,ervices

Most services in t*e categories designated Accountingand Brokerageare transaction

based. (*e nontransactionbased services o# an in#orational nature are *o'ever

essential #or conducting transactions #or instance7 balance inuiries ig*t be needed


6/28

be#ore coitting a one/ reittance. (*e accounting and brokerage services are

t*ere#ore o##ered invariabl/ in cobination 'it* in#oration services. n#oration

services7 on t*e ot*er *and7 a/ be o##ered as an independent odule.

1.! "e#initions and Abbreviations4

D%24

"B2 "atabase is t*e database anageent s/ste t*at delivers a #le;ible and cost

e##ective database plat#or to build robust on deand business applications.

ersonal details"

"etails o# custoer suc* as usernae7 copan/7 p*one nuber7 address7 'ebsite7 e

ail address etc.

-I%"

A obile bro'ser7 also called a icro bro'ser7 inibro'ser7 or 'ireless internet

bro'ser 8B67 is a 'eb bro'ser designed #or use on a obile device suc* as a obile

p*one or P"A. Mobile bro'sers are optii>ed so as to displa/ 8eb content ost

e##ectivel/ #or sall screens on portable devices. Mobile bro'ser so#t'are ust be

sall and e##icient to accoodate t*e lo' eor/ capacit/ and lo'band'idt* o#

'ireless *and*eld devices.

/M0"

?/perte;t Markup @anguage is a arkup language used to design static 'eb

pages.


7/28

//"

?/per te;t (rans#er Protocol is a transaction oriented clientserver protocol bet'een

'eb bro'ser a 8eb ,erver.

SM"

:lobal ,/ste #or Mobile (elecounications

I$ID"

ntegrated Circuits6 Card denti#ier7 kno'n as t*e ,M card denti#ier

SM"

?ost ,ecurit/ Module.

%S"

Banking ,ervice Plat#or

%MS"

Bank Mediation ,erver

3DES"

(riple "ata ncr/ption ,tandard

/I"

(ransission Control Protocolnternet Protocol7 t*e suite o# counication protocols

used to connect *osts on t*e nternet. (CPP uses several protocols7 t*e t'o ain

ones being (CP and P.


8/28

1.5 %e#erences4

,%, -orat.

Proble "e#inition Provided b/ BM6.

DM@ so#t'are #or DM@ diagras.

1. Overvie'4

Mobile %ankin o#ponents"

Mobile Banking is enabled in t*e obile p*one t*roug* a secure applet located in t*e

enduserEs ,M card. ,ecure trans#ers over t*e 'ireless net'ork and #inancial transaction

processing are anaged b/ t*e ,M card and a distributed plat#or7 deplo/ed at t*e obile

operatorEs site and at t*e #inancial institution. (*e plat#or includes t*e #ollo'ing coponents4

t*e Business Mediation ,erver7 t*e Bank ,ecure Plat#or and t*e ?ost ,ecurit/ Module.

Additionall/7 an adaptor a/ be reuired to enable counication over nonstandard

inter#aces to bank s/stes.


9/28

%usiness Mediation ServerBM,6 on t*e operatorEs side7 t*e BM, ensures counication

bet'een obile subscribers and #inancial institutions7 and routes obile banking transactions

e;c*anged bet'een t*e ,M card in t*e obile userEs p*one and t*e B,P at t*e userEs bank.

(*e BM,4

%eceives subscribersE obile banking reuests7 interprets t*e7 #orats and #or'ard

t*e reuests to t*e subscribersE bank #or processing.

Maintains t*e status o# t*e reuests.

@ogs transaction results #or auditing and billing purposes.

%eceives t*e bankEs responses and sends t*e to t*e ,M.

Maintains t*e list o# #inancial institutions available on t*at operatorEs services.


10/28

%ank Secure lat&or#B,P6 on t*e #inancial institution side7 t*e B,P *andles transactions

bet'een obile users and t*e bankEs s/stes. More speci#icall/7 t*e B,P4

-acilitates counication bet'een bank s/stes and endusers.

?osts response teplates pages6

Aut*enticates obile custoers.

Maintains connectivit/ bet'een t*e 'ireless teleco 'orld and t*e banking

environent.

nsures t*at #inancial transactions and custoer data are secure7 using t*e services o#

t*e ?ost ,ecurit/ Module7 ost Security Module *SM6 (*e ?,M7 a taperproo#

*ard'are coponent7 provides stateo#t*eart cr/ptograp*ic #unctions to t*e B,P.

Dpon receiving a reuest #ro t*e B,P7 it per#ors cr/ptograp*ic operations7

generating transaction ke/s7 encr/pting and decr/pting sensitive in#oration. (*e ?,M

also anages t*e cr/ptograp*ic ke/s used to secure obile #inancial transactions. (*e

?,M is #urt*er en*anced 'it* t*e Mobile ,*ield #ir'are #or secure businesstransactions.(*e Adaptor7 reuired onl/ '*en nonstandard inter#aces to t*e bank

s/stes are used7 is a custoi>able odule t*at translates essages to and #ro t*e

#orat used b/ t*e bankEs backend. (*e Adaptor sealessl/ insulates t*e B,P #ro

t*e speci#ics o# t*e bank s/stesE inter#aces.

,everal operatoro'ned odules also participate in delivering t*e Mobile Banking

#unctionalities4

@inDs Online ,ervice :ate'a/ O,:6 *elps operators to o##er ,M cardbased

services to t*eir subscribers b/ connecting t*e to reote content in a session ode.

n t*e conte;t o# obile banking7 O,: rela/s obile banking essages bet'een t*e

obile p*one and t*e BM, and translates t*e #ro ,M, to ?((P #orat.


11/28

@inDs Over(*eAir O(A6 Manager is an optional coponent t*at o##ers operators

t*e convenience o# reotel/ provisioning and anaging ,M cards.

A ,*ort Message ,ervice Center ,M,C67 a standard :,M net'ork eleent7 delivers

,M, essages.

1.4 /ools to be used"

D%2 5 "atabase

E0ISE 5 "evelopent (ool

(6/ION60 (OSE 5 "esign (ool

-6S 58eb ,erver

72EE 5Application Arc*itecture

72ME 5 Mobile Application Arc*itecture

1.8 /ec9noloies to be used"

72ME"


12/28

F2M stands #or Fava 27 Micro dition. t is a strippeddo'n version o# Fava targeted at

devices '*ic* *ave liited processing po'er and storage capabilities and interittent

or #airl/ lo'band'idt* net'ork connections. (*ese include obile p*ones7 pagers7

'ireless devices and settop bo;es aong ot*ers.

-E% 2.:"

(*e ter -eb 2.:is associated 'it* 'eb applications t*at #acilitate participator/

in#oration s*aring7 interoperabilit/7 usercentered design7 and collaboration on t*e

8orld 8ide 8eb. ;aples o# 8eb 2.0 include social net'orking sites7 blogs7 'ikis7

video s*aring sites7 *osted services and 'eb applications

XM0"

E;tensible Markup 0anuaeXM06 is a arkup language t*at de#ines a set o#

rules #or encoding docuents in a #orat t*at is bot* *uanreadable and ac*ine

readable. t is de#ined in t*e GM@ 1.0 ,peci#ication produced b/ t*e 83C7 and several

ot*er related speci#ications7 all gratis open standards.

72EE"

7ava 2 Enterprise Edition is a prograing plat#or part o# t*e Fava Plat#or #or

developing and running distributed ultitier arc*itecture Fava applications7 based

largel/ on odular so#t'are coponents running on an application server.


13/28

2.(*e Overall "escription4

2.1 Product Perspective4

Mobile Banking o##er is a coplete #inancial services solution #or obile operators and

#inancial institutions. t includes a secure ,M applet and a distributed transactional plat#or

t*at provide secure access #ro a obile p*one to obile banking7 obile pa/ent and

obile one/ trans#er services.(*e ,ecure Applet is preinstalled on t*e ,M card7 readil/

available to t*e enduser. (*is applet *andles4

"ispla/ing appropriate enus processing user responses.

,ending and receiving transaction essages.

ncr/pting and decr/pting sensitive in#oration.

Managing transaction securit/ and con#identialit/.


14/28

Dsing Banking ,o#t'are t*e e##ectiveness o# Bank7 bank eplo/ees and Banking

so#t'are users can be developed. (*e Banking so#t'are provides no. o# 'a/s #or being

connecting to t*e Bank. (*ese 'a/s includes "eposit7 'it*dra'7 pa/ents o# bills7 balance

c*ecking and obile rec*arge t*roug* t*e use o# obile p*ones.

(*e coplete overvie' o# t*e s/ste is as s*o'n in t*e overvie' diagra belo'4


15/28

(*e 'eb pages G?(M@F,P6 are present to provide t*e user inter#ace on user side.Counication bet'een client and server is provided t*roug* ?((P?((P, protocols.

(*e client ,o#t'are is to provide t*e user inter#ace on s/ste user client side and #ort*is (CPP protocols are used.

On t*e server side 'eb server is #or FB and database server is #or storing t*ein#oration.

2.2 +et'ork Con#iguration 4


16/28

Mobile Banking7 an operator can provide t*e service to subscribers t*at *ave bankaccounts 'it* di##erent #inancial institutions. A bank can also c*oose to 'ork 'it* severaloperators7 to provide obile banking services to its custoers7 independentl/ o# t*eir obileservice provider. t is also possible #or several banks 'it* lig*t obile banking tra##ic to s*are a%ank Secure lat&or#.

(*e ,M card sends Mobile Banking reuests using ,M, ,H( protocol6 essages.

O,: translates t*ese essages into ?((P reuests be#ore sending t*e to

t*e %MSBusiness Mediation ,erver6.

(*e %MSBank ,ecure Plat#or6 #or'ards t*e ?((P reuests to t*e B,P o#

t*e selected bank.

(*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations.

(*e B,P counicates 'it* t*e bankEs s/stes7 possibl/ t*roug* an adaptor7

using a series o# 'eb services.


17/28

(*e bank s/ste or adaptor6 responds.

B,P cip*ers t*e necessar/ in#oration using t*e ?,M6 be#ore proceeding.

(*e B,P #or'ards and #orats t*e response and t*en sends it to t*e BM,

(*e BM, sends t*e response to t*e O,:.

O,: copiles t*e response and sends it to t*e ,M using t*e ,M, c*annel.

2.3 ,o#t'are #eatures4

8it* Mobile Banking obile users can per#or t*e #ollo'ing banking

operations4

,ubscribe to t*e obile banking service at t*eir #inancial institution7

and cancel t*eir subscription at an/ tie.

Add or reove a bank account #ro a list o# available accounts

anaged t*roug* obile banking.

,iulate transactions in order to tr/ t*e s/ste.

=eri#/ t*e balance o# t*eir bank accounts.

=ie' t*e ost recent transactions on t*eir bank accounts.

accounts anaged t*roug* obile banking.


18/28

Appl/ #or and pa/ o## a credit line.

C*eck t*e aount o# credit available on t*eir credit cards.

Obtain cas* advances on t*eir credit cards.

C*eck t*e balance o# t*eir credit card accounts.

Pa/ t*eir credit card accounts.

%ec*arge t*eir prepaid obile accounts.

Pa/ utilit/ bills7 suc* as electricit/7 nternet and obile subscriptions7 or an/

ot*er bill t*at can be registered 'it* t*e #inancial institution.

Pa/ ot*er services t*roug* re#erence nubers #ound on t*e bills.


19/28

2.! ,ervice Overvie'4

Mobile Banking provides obile users 'it* eas/ and secure access to #inancial operations

#ro t*eir obile p*ones 2! *ours a da/7 $ da/s a 'eek. 8*et*er t*e/ need to pa/ a bill '*ile

a'a/ #ro *oe7 to c*eck t*eir account balance at t*e superarket7 to trans#er #unds on t*e

'a/ to t*e airport7 to rec*arge t*eir prepaid

obile subscription account be#ore going to t*e beac* or to obtain credit online #or t*at ne'

(=7 obile users can pick up t*e p*one and carr/ out t*e desired transaction b/ *itting a #e'

ke/s. (*e/ sipl/ need to bro'se user#riendl/ enus and respond

to service propts. (*e in#oration t*e/ need to enter *as been scaled do'n to a iniu7 in

order to sipli#/ t*e use o# t*e application. (*is in#oration ainl/ consists o# t*eir P+ and

t*e aount o# one/ involved in t*e transaction. A essage suari>ing t*e userEs reuest is

t*en sent to t*e selected #inancial institution7 '*ere t*e reuest is processed. (*e result is

displa/ed on t*e userEs obile screen 'it*in

seconds.

2.5 Bene#its4

Mobile p*one operators and #inancial institutions 'ill bene#it #ro using Mobile Banking to o##er

obile #inancial services to t*eir custoers7 '*et*er t*e/ operate in saturated arkets '*ere

copetition is tig*t and service di##erentiation is ke/ to attracting and retaining custoers7 or in

reote areas in need o# coste##ective #inancial services.

%ene&its &or Mobile Operators

8it* Mobile Banking7 operators can e;pand t*eir services port#olio7 proote t*eir brands and

create strategic arketing di##erentiation attracting ne' custoers.

,ubscribers '*o use obile #inancial services begin to rel/ on t*e7 aking t*e a


20/28

di##erentiating #actor #or t*e operator. As a result7 Mobile Banking strengt*ens custoer lo/alt/

and reduces c*urn and attrition rates. Mobile Banking increases operator revenue b/ boosting

tra##ic and providing subscribers 'it* instant access to airtie purc*ase4 'it* #inancial services

at t*eir #ingertips7 obile users 'ill rec*arge t*eir prepaid accounts ore readil/ and use t*eir

obile p*ones to pa/ bills or c*eck t*eir account balance. (*anks to t*e ubiuit/ and *ig*

penetration o# t*e obile device7 obile operators are uniuel/ positioned to pla/ an iportant

role in t*e e;panding obile one/ trans#er and obile pa/ents arkets.

%ene&its &or =inancial Institutions

Mobile Banking allo's #inancial institutions to en*ance custoer satis#action and retention b/

o##ering ne'7 better services '*ile gaining a direct arketing c*annel #or t*eir products and

services7 '*ic* can be tailored to t*e speci#ic needs o# custoers. At t*e sae tie7 t*e/

attract ne' custoers to t*e one$on$ one bank$custo#er relations9ip. As access to obile

p*ones gro's 'orld'ide7 so does t*e opportunit/ to attract ore custoers and e;tend t*e

reac* o# #inancial services. B/ turning obile p*ones into t*eir bankEs A(Ms7 #inancial

institutions gain access to ne' arkets7 di##erent #ro t*ose traditionall/ served b/ t*eir

p*/sical branc*es. Access to banking services at an/tie and #ro an/'*ere also generates

revenue t*roug* *ig*er service usage7 and reduces operating e;penses because o# #e'er

direct teller interactions7 '*ile aintaining or iproving t*e level o# service. -inancial

institutions gain anot*er iportant bene#it b/ adding Mobile Banking to t*eir e;isting c*annels.

(*e/ 'ill be 'it* t*eir custoers at all ties7 read/ to *elp t*e7 to rec*arge a prepaid obile

p*one

on a ,aturda/ nig*t7 to get a ne' MP3 pla/er via online credit #unds7 to pa/ a #orgotten bill

a#ter leaving #or a vacation7 t*e bank is ever/'*ere7 all t*e tie.

%ene&its &or t9e End


21/28

s readil/ available

s lo' cost no data connection6 itEs resides on t*e ,M7 t*e bro'sing is local.

s device independent7 supported on A@@ p*ones #ro lo' to *ig*end

2. nter#aces and Protocols4

Mobile Banking coponents use standard protocols and inter#aces to e;c*ange in#oration

and to counicate 'it* ot*er net'ork eleents and bank s/stes7 t*us #acilitating t*e

integration o# Mobile Banking into t*e e;isting in#rastructure. A *ig*level vie' o# t*e protocols

used to e;c*ange essages bet'een di##erent obile banking operator and bank coponents

to process a reuest '*ic* is as #ollo's4

(*e ,M card sends Mobile Banking reuests using ,M, ,H( protocol6 essages.

O,: translates t*ese essages into ?((P reuests be#ore sending t*e to t*e BM,.

(*e BM, #or'ards t*e ?((P reuests to t*e B,P o# t*e selected bank.

(*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations.

(*e B,P counicates 'it* t*e bankEs s/stes7 possibl/ t*roug* an adaptor7 using

a series o# 'eb services.

(*e bank s/ste or adaptor6 responds.

B,P cip*ers t*e necessar/ in#oration using t*e ?,M6 be#ore proceeding.


22/28

(*e B,P #or'ards and #orats t*e response and t*en sends it to t*e BM,.

(*e BM, sends t*e response to t*e O,:.

O,: copiles t*e response and sends it to t*e ,M using t*e ,M, c*annel.

3. ,ecurit/7 operation and Maintenance4

3.1 Scalability

Mobile Banking is scalable t*roug* *ard'are clustering. (o increase t*roug*put7 bot* BM,

and B,P can independentl/6 be installed in clusters 'it* a clustering engine distributing t*e

tra##ic aong several servers.

3.2 End$to$end Security

,ince obile banking transactions can be initiated #ro alost an/'*ere and transaction

details are transitted over unprotected net'orks7 securit/ poses t*e biggest c*allenge in

developing a success#ul solution and is likel/ to be a akeitorbreakit #actor #or obile

banking. 8e takes securit/ issues and concerns seriousl/. As longtie leader in digital

securit/7 'e uses t*e stateo#t*eart securit/ tec*nolog/ to secure obile applications. (*e

Mobile Banking solution addresses t*e reuireents o# data con#identialit/7 strong user

aut*entication7 data integrit/ as 'ell as nonrepudiation7 and con#ors to relevant standards

suc* as PC ",,6 establis*ed b/ #inancial organi>ations and governent bodies to prevent

#raud and ot*er securit/

t*reats.

3.3 ,ecurit/ and Con#identialit/ o# n#oration4

(*e Mobile Banking solution provides endtoend securit/ and con#identialit/ o# data b/


23/28

cip*ering in#oration in t*e ,M #or secure trans#er over t*e obile p*one7 t*e :,M net'ork7

t*e operatorEs in#rastructure and t*e connection to t*e #inancial institution. (*e in#oration

entered b/ t*e user is collected and encr/pted b/ t*e applet residing in t*e taperproo# ,M

card.

-or t*e *ig*est level o# securit/7 sensitive data7 suc* as P+ and transaction details are never

stored in t*e ,M card or t*e plat#or. All custoer and #inancial in#oration is kept e;clusivel/

at t*e bank7 '*ic* also *as t*e sole control over t*e cr/ptograp*ic ke/s used to secure

#inancial transactions.

3.! ,trong 2-actor Aut*entication4

Bank custoers ust be sure t*at no one can ake transactions on t*eir

be*al#7 and banks ust be able to veri#/ t*at custoers are indeed '*o

t*e/ clai to be. 8e respond to t*is reuireent 'it* strong t'o #actor

aut*entication.

-it9 Mobile %ankin"

Dsers are reuired to identi#/ t*eselves to t*e bank 'it* a Mobile Banking P+ t*at protects


24/28

access to #inancial in#oration and transactions. ,ecret ke/s onl/ kno'n to t*e ,M card and

t*e bank are used to encr/pt and sign transaction data7 #urt*er proving t*e identit/ o# t*e user.

3.> Data Interity

,ince data is digitall/ signed7 an/ attept to anipulate it 'ill be detected because t*e

signature 'ill no longer correspond to t*e signed essage.

3.? Non$repudiation

n t*e conte;t o# obile banking7 nonrepudiation re#ers to aut*enticating t*e custoer and t*e

#inancial institution participating in a #inancial transaction 'it* *ig* degree o# certaint/ so t*at

t*e parties cannot later den/ *aving per#ored t*e transaction. (o ensure nonrepudiation7 a

proo# ust be generated to s*o' t*at t*e transaction 'as per#ored b/ t*at part/. Mobile

Banking addresses t*is reuireent t*roug* t*e use o#4

A user P+ kno'n onl/ to t*e user and protected b/ encr/ption

A transaction con#iration code sent b/ t*e bank

A transaction log t*at records t*e details o# ever/ transaction.

3.4 ryptorap9ic Operations

All sensitive data is encr/pted 'it* double lengt* 3", 12)bit6 ke/s. n addition7 transactional

securit/ standards suc* as "erived Dniue Ie/ per (ransaction "DIP(67 s*ortlived


25/28

transactional conte;ts and ke/ roles are used #or added protection o# #inancial transactions.

(*e cr/ptograp*ic #unctions7 including ke/ anageent7 are per#ored using t*e ost #raud

resistant *ard'are solution7 '*ic* personali>es t*e ?,M #or Mobile Banking. (*e selected

?,M7 (*ales ?,M )0007 is certi#ied as copl/ing 'it* t*e ost stringent securit/ standard4

-P, 1!02 @evel 3.

3.) (ransaction #lo'4

A obile banking transaction is initiated b/ t*e obile user and is copleted '*en t*e result is

displa/ed on t*e userEs p*one. (*e #ollo'ing e;aple s*o's t*e counication #lo' #or anaccount balance reuest.

A custoer bro'ses Mobile Banking pages on t*e obile p*one and reuests an

account balance #ro t*e bank b/ selecting t*e account and entering t*e P+ to

con#ir t*e transaction.

(*e reuest is encr/pted and signed in t*e ,M and sent to t*e BM, via t*e obile

operatorEs net'ork t*roug* t*e ,M,C and t*e ,H( :ate'a/.

(*e BM, counicates 'it* t*e B,P at t*e bank.

(*e B,P decr/pts in#oration related to t*e transaction t*e account67 translates t*e

P+7 translates t*e reuest and sends it to t*e bank s/ste #or processing.

8*en t*e B,P obtains t*e reuested in#oration it sends t*e response back to t*e

BM,.

(*e BM, sends t*e response to t*e ,H( gate'a/ '*ic* #orats and #or'ards it to t*e

,M card in t*e obile p*one.


26/28

(*e response is decr/pted in t*e ,M card and presented to t*e user.

(*e obile user sees t*e result o# *er or *is reuest on t*e p*one displa/.

3.@ Operatin Syste# (e)uire#ents

(*e Mobile Banking plat#or so#t'are runs on standard D+G or @inu; servers #reeing t*e

operator and t*e #inancial institution #ro t*e *ig* cost o# purc*asing and aintaining

proprietar/ operating s/stes. t can also be used on Microso#t 8indo's $GP7 Opera7 Mo>illa

-ire#o; and :oogle c*roe.


27/28

3.10Operation and Maintenance4

(*e Mobile Banking plat#or reuires inial aintenance7 ostl/ consisting o# veri#/ings/ste logs regularl/. (*e aintenance o# t*e plat#or servers7 t*e %"BM, and t*e ?,M is

as speci#ied b/ t*e anu#acturers o# t*ose products.

Mobile 6ccount Manae#ent

(*e standard version o# Mobile Banking does not include an/ obile account anageent or

billing #unctionalit/7 since di##erent operators and banks use di##erent account anageent

et*ods and7 o#ten7 proprietar/ bill ing s/stes. Mobile Banking does *o'ever allo' t*e

operator to con#igure t*e BM, 'it* (P"A codes #or billable and

nonbillable ,M, essages. Additionall/7 'e can develop custo obile account

anageent #unctionalities tailored to t*e needs o# #inancial institutions or operators.

Storae o&


28/28

complete m-banking srs`1

Documents