A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.
We are in a design phase of an online ticketing system. In this app. a user can book his visit to places online and receive a temporary receipt with a unique number on it. This number can be a digital signature + hex or something like that. We then want to verify this receipt by another app. that is running at offices. The incharge at the booking counter need to verify the temp receipt and issue a confirmed ticket.
I want to know how I can create digital signatures for temp receipts so that our offices can verify the integrity of online booking.
You control both apps; just encrypt a magic word using some of the other information on the ticket (collection name/ticket issue date) and hex it. At the other end, you use the info on the ticket to dehash it and check the right magic comes out for the day it was issued. Tampering & forgery are possible but probably too hard. But then someone has to know there's a ticket waiting AND the collection name AND today's magic word.
No need for anything complicated. Full on digital signatures are for when you don't control enough of the medium to protect against tampering.
Why not use ID?
Because 1 in 10 customers will forget their ID. Or bring something no-one recognises and then your counter staff have to have an argument over whether a membership card from a video rental chain no-one's ever heard of counts or not.
And some people, don't forget, don't have photo ID -- no drivers licence, no passport. And they may not have the card. Mom bought the ticket; Mom isn't giving Junior the credit card to take to the ticket office...
Reasons not to do full-on digital certificates; it tends to involve long strings of hex. They're a pain to enter, especially when the ticket's been in someone's back pocket for three hours and had coffee spilled on it. Which a larger number of them than you can possibly imagine will have.
Ten to twelve digits are reasonable to hand enter and get them right a decent number of times. More and you're looking at scanning bar codes (with coffee on them) and other annoyances or slowing down your counter team a lot.
Printing decimal only will also help -- lots of people can type decimal quite quickly, typing hex quickly is a rarer skill.
Monday, May 21, 2007
Oh yeah, and print at least two copies of the magic data on the receipts so people have a fighting chance of getting a readable copy after it's been folded up and jostled about for 24 hours.
Monday, May 21, 2007
Granted - there will be problems with asking for ID. But will those be less than the problems of using a ticket ID?
Suppose there isn't a printer available; I imagine this will happen quite often. The customer will have to manually copy the ticket ID to a scrap of paper. What if there's a transcription error? Will you refuse to grant the ticket?
The people at the counter should have internet access, even if it's just a simple program on a pc or server connecting online every 15 minutes and retrieving new tickets. it could put them on a database or even automagically print the tickets.
Tuesday, May 22, 2007
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz