E0 239 : Electronic commerce
Y. Narahari
e-Enterprises Laboratory
Department of Computer Science and Automation
Indian Institute of Science
Bangalore - 560 012

VIPANI release 3

The objective of Release 3 is to "secure" transactions in VIPANI and implement simple "payments." The deadline for this would be Saturday, April 10th.

For the sake of simplicity and convenience, we will understand how things can be done for the first business model (supply curve auction). I would like you to develop and implement "security and payment protocols" as explained below, for your second business model.

  1. Note that VIPANI has two types of entities: Buying Agent (B), and Selling Agents (S). In addition to this, we will have two more entities:
  2. CA issues public key certificates to BANK, buying agent, and all selling agents. Each of these entities will first generate their respective key pairs and later submit their respective public keys to CA for certification. A digital certificate iisued by CA will have the form (ID of entity, public key of entity, expiry date of public key) and is digitally signed with the private key of the CA. This digital certificate can be verified using the public key of the CA. All entities in the system (buying agent, all selling agents, and BANK) are assumed to have an authentic copy of the public key of CA. Also, the digital certificate issued by CA to the BANK are assumed to be known by all the entities.
  3. Buying agent and selling agents can open Accounts with BANK and the BANK issues debit cards to the agents. The Account numbers and Debit Card are unique to each agent. (These are not credit cards but debit cards. Note the difference). Protocol for this:
  4. Selling agents communicate their bids (ie supply curves) to the buying agent. Each selling agent encrypts the information using the public key of the buying agent. Along with this "encrypted bid", each selling agent sends its public key certificate to the buying agent. The buying agent uses its private key to decrypt the information from each selling agent.
  5. Simple Payments: This involves payments by the buying agent to all "winning" selling agents. For each winning selling agent (say W), the following activities take place:

You can use CRYPTLIB, CRYPTOPP, CRYPTOOL.ORG, CRYPTC (from our Informatics Lab), or invoke appropriate APIs from Java security package (this is part of JDK 1.2, 1.3, 1.4). Consult Java Tutorial Online for more information on how to use the Java Security Package. You can also implement some of the tasks yourself. You may also look into http://www.securitytechnet.com/crypto/open_src.html for more information on open source libraries for cryptography and security.
Breakup of weightage at the time of Demo for Release 2:

  1. Is your implementation faithful to the design? You have to explain to the TAs in what ways your implementation model captures the design model and in what ways it deviates from the design model. (10%)
  2. Correctness and completeness of your implementation (20%). Remember that you are supposed to implement two business models for the second release.
  3. Use of design patterns. How effectively have you used design patterns. Remember that you have to use at least two patterns in a solid way (20%)
  4. Structuring of your code and quality of your documentation (20%). You have to walk through your code for this.
  5. Innovations, any nice algorithms you have used, any interesting data structures, any technological innovations, etc. (You need to impress the TAs on these) (20 %)
  6. Your response to on-line questions asked by TAs (10 %)

Breakup of weightage at the time of Demo for Release 3:

 Moderators: NR Suri, S. Siva Sankar Reddy & Radhani Kanth