E-Cash

At e-Bay, Amazon, and other online businesses, you can purchase real objects using virtual money (electronic cash). Ecash comes in many forms :

• Credit Cards - a credit card is used to make a promise to pay later

• Debit Cards - debit cards must be "charged up" first, and are then used to pay. These are popular for small cash payments such as parking-lot fees.

• Virtual Cash - services like PayPal act as a third party guarantor - a customer with a PayPal account allows PayPal to send money, and then they must reimburse PayPal.

Making promises or moving money around is simple enough. The big issue is security :

• How can you be sure that nobody else has access to your Ecash?
• How can the business be sure that your Ecash is "real"?
• How do you access your account without fear of someone stealing your password?

A variety of technical measures are employeed in various situations, but some common ones are:

• Passwords
• Encryption
• Third party intervention

If you use a credit card, you may need to type a PIN number (a password) when you make a purchase. The business does an online check with the credit-card company to ensure that your card and PIN are valid. This online check is performed using encrypted communications to stop criminals from stealing the data.

FreeCash

We will write a program(s) to implement our own Ecash system called FreeCash - it won't cost us anything, but we can use it to keep score in local games.

Storage

FreeCash must be stored on a server, so it is accessible from many locations. We will use a LAN server, as this is much simpler to implement than web-based storage.

We must store an account for each user. That means at least 12 accounts for our IB Computer Science class. We can make the system larger to allow for expansion - we will make a system with 1000 accounts.

To enable simultaneous access, we will use a RandomAccessFile for storage. Each account needs to store the following fields:

User Name
Password (or PIN)
Balance (current amount of money)

Transactions

A transaction is an event which changes the amount of money in an account (or accounts).

The most common transaction is a transfer - this moves money from one account to another. Assuming that money can neither be created nor destroyed, transfers will be the only transactions possible.

Protocol

We adopt the following protocol : money can only be transferred when the payor has typed a correct password. The payor may transfer money to any account, so long as they know the account number (between 0 and 999), and the name of the account owner. The payor does not need to know the password of the recipient.

Encryption

It should not be possible to see users' passwords by simply opening the file and reading it. This security is implemented by only storing encrypted passwords in the file. Thus, if a user's password is "secret", it might be stored in encrypted form as "tgfvjz" (can you figure out why?)

---- Assignment ----

Study the following program which creates 5 accounts in a file called FREECASH.DAT. It does not encrypt the passwords, but that can be added later.

This is only a simulation, but we will make it as realistic as possible by storing data files on a server. However, you can develop the program on a local hard-disk first, and then move the data file to a server later.

Add buttons and methods to make the FreeCash system work properly. Do the most important work first - the most important feature is the ability to transfer money from one account to another, including a proper password check.

import java.awt.*;
import java.io.*;

public class FreeCash extends EasyApp
{
   public static void main(String[] args)
   {
      new FreeCash();
   }
   
   Button bNewFile = addButton("New File",40,40,80,40,this);
   Button bShowAll = addButton("Show All",120,40,80,40,this);
   
   public FreeCash()
   {
      setSize(400,300);
      setTitle("FreeCash");
   }
   
   public void actions(Object source,String command)
   {
      if (source == bNewFile)
      {  newFile(); }
      else if (source == bShowAll)
      {  showAll(); }
   }      

  
   public void newFile()
   {
      String password = input("Type the administrative password");
      if (password.equals("magic"))
      {
         double money = inputDouble("How much money should each account get?");
         newAccount(1,"First Person",money,"one");
         newAccount(2,"Second Person",money,"two");
         newAccount(3,"Third Person",money,"three");
         newAccount(4,"Fourth Person",money,"four");
         newAccount(5,"Fifth Person",money,"five");
      }
      else
      {  output("Access Denied"); }
   }

   public void newAccount(int num, String name, double money, String password)
   {  try
      {
         RandomAccessFile accounts = new RandomAccessFile("FreeCash.dat","rw");
         
         accounts.seek(num*50);
         accounts.writeUTF(name);
         
         accounts.seek(num*50+20);
         accounts.writeDouble(money);
         
         accounts.seek(num*50+30);
         accounts.writeUTF(password);
         
         accounts.close();
      }  
      catch (IOException e)
      {  output(e.toString()); }         
   }      
   
   public void showAll()
   {
      try
      {  RandomAccessFile accounts = new RandomAccessFile("FreeCash.dat","rw");
         
         for (int num = 1; num <= 5; num = num+1)
         {
            accounts.seek(num*50);
            String name = accounts.readUTF();
            
            accounts.seek(num*50 + 20);
            double money = accounts.readDouble();
            
            accounts.seek(num*50 + 30);
            String password = accounts.readUTF();
            
            System.out.println(num + "\t" + name + "\t" + money + "\t" +password);
         }
         accounts.close();
      }
      catch (IOException e)
      {  output(e.toString()); }
   }
}