Prepared by: Sagar R Patil Shashank B Singh Indrajeet D Thakur (B.

E-IT-B-44)

Under the guidance of : Mrs.Hetal Amrutia

 A System allowing individuals to perform

banking activities at home,via internet. The automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels.

 Substitute for traditional banking system

Customer need not to visit all the time to

the bank. Transactions can be done by sitting at home. No need to stand in queue for various transactions.

 The concept of Internet banking has been simultaneously

evolving with the development of the world wide web.

Programmers working on banking data bases came up with

ideas for online banking transactions, some time during

the 1980's.
The online shopping promoted the use of credit cards

through Internet.
The first online banking service in United States was

introduced, in October 1994.

 THERE WILL BE THREE TIER ARCHITECTURE

TIER 1: PRESENTATION TIER:- IT REPRESNTS

THE USER INTERFACE IMPLEMENTED BY DYNAMIC HTML TIER 2: MIDDLE TIER:- THIS TIER PROVIDES ALL THE BUSINESS LOGIC AND WILL BE IMPLEMENTED USING JSP AND SERVLETS. TIER 3: DATA TIER:- THIS TIER IS ACTUALLY DATA ACCESS LAYER IMPLENTED USING MYSQL AND DB CONNECTIVITY.

 STEP 1: LOGIN
user needs to login using customer_id and

password.

 Step 2: SELECTION OF THE ACCOUNT TYPE

1) SAVING 2) CURRENT

1. viewing account balances. 2. viewing recent transactions. 3. downloading bank statements, for example

in PDF format 4. viewing images of paid cheques. 5. ordering cheque books.

6. Transfer of funds.

7. Change of address .

8. Bill payments.
9.Create or delete account.

 Benefits for Banks Benefits for Small to Medium Businesses

Benefits for Customers .

Benefits for Banks

Larger customer coverage

Reducing the costs of operations

Promoting their services and

products internationally
Increasing the customer

satisfaction and providing a personalized relationship with customers

Benefits for Small to Medium Businesses

To run its operations more effectively Lower cost than traditional financial management mechanisms

Benefits for Customers

Convenience 24 hours a day, seven days a week Cost Reducing transfer fees Speed Faster circulation of assets

Competitiveness - Fostering competition in financial market

Communicate easily Abolishing the uses of paper Offering one-stop-shop solutions

Security Risk
Increasing number of fraudulent bank websites For Eg. A suspicious bank

website:www.sbionline.com Original bank websitewww.onlinesbi.com

Fake emails purporting to be sent from banks
Email send from Fraudulent bank
Verify the personal information Guide customer enter the fraud link

Disclosing their ATM card numbers and their

passwords

 Security will be implemented using ssl technolgy .

So that there will be secured transfer of data between

customers and banks. Proper encryption technology like md5 will be use to store the data in database. There will be two kinds of password 1. Login password 2. Transaction password

 specific guidance will be provided to the customers.

adequate measures will be taken to ward off any

problems related to the security of internet banking

Online banking tutorials will be provided to help

familiarize people with internet banking.

 Step1 : Append padding bits

The input message is "padded" (extended) so that its length (in bits) equals to 448 mod 512. Padding is always performed, even if the length of the message is already 448 mod 512. Padding is performed as follows: a single "1" bit is appended to the message, and then "0" bits are appended so that the length in bits of the padded message becomes congruent to 448 mod 512. At least one bit and at most 512 bits are appended.

 Step2 : Append length

A 64-bit representation of the length of the message is appended to the result of step1. If the length of the message is greater than 2^64, only the low-order 64 bits will be used. The resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. The input message will have a length that is an exact multiple of 16 (32-bit) words.

 Step3 : Initialize MD buffer

A four-word buffer (A, B, C, D) is used to compute the message digest. Each of A, B, C, D is a 32-bit register. These registers are initialized to the following values in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10

 Step4 : Process message in 16-word blocks

Four functions will be defined such that each function takes an input of three 32-bit words and produces a 32-bit word output.
F (X, Y, Z) = XY or not (X) Z G (X, Y, Z) = XZ or Y not (Z) H (X, Y, Z) = X xor Y xor Z I (X, Y, Z) = Y xor (X or not (Z))

Round 1. [abcd k s i] denote the operation a = b + ((a + F (b, c, d) + X [k] + T [i]) <<< s). Do the following 16 operations.
[ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4] [ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] [ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12] [ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16]

SSL Technique:

 SSL session

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

SSL connection
a transient, peer-to-peer, communications link associated with 1 SSL session

 confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption message integrity using a MAC (Message Authentication Code) created using a shared secret key and a short message

 one of 3 SSL specific protocols which use the SSL

Record protocol a single message causes pending state to become current hence updating the cipher suite in use

 conveys SSL-related alerts to peer entity

severity
warning or fatal

specific alert
unexpected message, bad record mac, decompression failure,

handshake failure, illegal parameter close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown

compressed & encrypted like all SSL data

 allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish

 SOFTWARER REQUIREMENTS:
1.
2. 3.

HTML for designing the front end. JAVA/JAVASCRIPT for business logic. MY-SQL for database.

HARDWARE REQUIREMENTS:

Minimum processor-intel P4 or above. 2. RAM greater than 256 mB. 3. Minimum harddisk -80GB.
1.

 As we have seen that the performance and security

aspects of MD5 for encryption and decryption over other algorithms, we would be implementing Md5,
To secure the connection between client and bank

server and bank and transaction server we would be implementing SSL protocol due to its superior characteristics.

Thank You