Jian has posted 2 posts at DZone. View Full User Profile

Smart Account Management (SAcct)

07.14.2009
| 2610 views |
  • submit to reddit
Location: 
United States

Smart Account Management (SAcct) 0.1.0 is released and it is based on my past work on PCI compliance. The SAcct 0.1.0 includes the following modules:

  • sacct-common: common and shared classes between the SAcct Server and the SAcct Client.
  • sacct-server: SAcct Server is a standalone Java application.
  • sacct-client: SAcct client acts as a client stub communicate with the SAcct server.
  • tools/sacct-spring: Utility classes for the Spring framework.
  • assembly/sacct-server: SAcct Server Maven assembly project

The main features are listed as follows:

  • Light-Weight
  • Use Google Guice as the dependency injection framework for the SAcct Server
  • Account information are encrypted and stored as a soft token on a carry on device
  • Utility tools are provided to encrypt and decrypt the soft token
  • Use the Diffie-Hellman key exchange protocol to derive the session key
  • The communications between the SAcct Server and the SAcct Client are encrypted by the session key
  • An One Time Password (OTP) is used to prevent session replay attack
  • All encryptions use the Advanced Encryption Standard (AES) algorithm
  • Spring support
  • Many security utility classes

 

Fore more details about SAcct 0.1.0, please visit SAcct project site at http://code.google.com/p/sacct or read the introduction at http://code.google.com/p/sacct/wiki/SAcctUserGuide_0_1_0.

Thanks.

Jian
0
Published at DZone with permission of its author, Jian Fang.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)