Page 252 - DCAP312_WEB_TECHNOLOGIES

Page 252 - DCAP312_WEB_TECHNOLOGIES_II

P. 252

Web Technologies-II

Notes • slidingExpiration is set to true to enforce a sliding session lifetime. This means that the
session timeout is periodically reset as long as a user stays active on the site.
• defaultUrl is set to the Default.aspx page for the application.
• Cookieless is set to UseDeviceProfile to specify that the application use cookies for all
browsers that support cookies. If a browser that does not support cookies accesses the
site, then forms authentication packages the authentication ticket on the URL.

• Enablecrossappredirects is set to false to indicate that forms authentication does not
support automatic processing of tickets that are passed between applications on the query
string or as part of a form POST.
No Authentication mode is not secure. If you enable No Authentication mode,
debugging leaves your computer vulnerable to any user on the network.
A hostile user can connect to your computer, launch applications on your
computer, access data on your computer, and perform other mischievous or
destructive actions by using a debugger.

Advanced Payment Solutions (APS)

n September 2005, London-based start up Advanced Payment Solutions (APS) launched
the first chip and pinenabled prepaid payment card into the United Kingdom. Its first
Iproduct, the cashplus prepaid MasterCard, is a reloadable, full utility, highly secure
MasterCard that is accepted at over 24 million merchants worldwide. cashplus allows
cardholders to perform ATM cash withdrawals, point of sale payments and online and
telephone purchase transactions.
Though common in the US, open-loop prepaid payment cards such as cashplus are not yet
widespread in the UK, despite the fact that about half of the adult population in the UK
does not have a credit card and over two million people do not have a bank account. APS’
products will provide the “unbanked” (people without bank accounts) and the “underbanked”
(people with only basic bank accounts) with access to a secure cash storage and payment
facility previously unavailable to them.
Project Drivers
APS required a highly secure system to issue, reload and redeem cards, which could be
accessed by customer service representatives, consumers, and merchants. A highly secure
infrastructure was a “must-have” for APS, since its system will be used to capture identity
details, process card sales, make payments, reload funds and check account balances.
APS originally considered using a one-time password token-based authentication system
to verify the online identity of users with varying roles, rights and privileges, such as
administrators and merchants. However, the cost of this system was prohibitive and limited
the number of people to whom the tokens could be issued. In order to more cost effectively
match authentication strength to the risk level across these different groups, APS partnered
with TriCipher, which offers a wide variety of authentication options and allowed APS to
centrally manage different authentication strengths across its diverse user base.
Scope

The project enables APS to cover the whole of Europe. It is using the TACS system to provide
strong authentication for multiple retail users issuing and redeeming cards, consumers and
internal customer service reps. Retail outlets access APS software securely over the Internet
Contd...

246 LOVELY PROFESSIONAL UNIVERSITY

247 248 249 250 251 252 253 254 255 256 257