Smart Account Management (SAcct)

Smart Account Management (SAcct) 0.1.0 is released and it is based on my past work on PCI compliance. The SAcct 0.1.0 includes the following modules:

• sacct-common: common and shared classes between the SAcct Server and the SAcct Client.
• sacct-server: SAcct Server is a standalone Java application.
• sacct-client: SAcct client acts as a client stub communicate with the SAcct server.
• tools/sacct-spring: Utility classes for the Spring framework.
• assembly/sacct-server: SAcct Server Maven assembly project

The main features are listed as follows:

• Light-Weight
• Use Google Guice as the dependency injection framework for the SAcct Server
• Account information are encrypted and stored as a soft token on a carry on device
• Utility tools are provided to encrypt and decrypt the soft token
• Use the Diffie-Hellman key exchange protocol to derive the session key
• The communications between the SAcct Server and the SAcct Client are encrypted by the session key
• An One Time Password (OTP) is used to prevent session replay attack
• All encryptions use the Advanced Encryption Standard (AES) algorithm
• Spring support
• Many security utility classes

Fore more details about SAcct 0.1.0, please visit SAcct project site at http://code.google.com/p/sacct or read the introduction at http://code.google.com/p/sacct/wiki/SAcctUserGuide_0_1_0.

Thanks.