作业5(Assignment 5)

题目

今天校园里到处是快递小哥,同学们也经常帮别人取快递,快递小哥不会很细致的核实身份,就允许代领,存在很多不安全因素。

设计一款基于手机的app,用于快递小哥验证身份,顾客领取快递。具体认证方法不限,简单易行。

(1)给出:app包含哪些部分(可加图示),每部分的功能;

(2)模仿kerberos的写法,描述交互过程,并加说明。

包含部分

快递员:获得信息、记录是否取到件或者送达、验证客户

客户:验证快递员、查看物流、查看取件码

快递公司:验证快递员与客户信息是否对等一致、物流情况、单号、快递员安排

交互过程

1快递员验证客户身份,确认后发送取件码

   (1)customer/courier—->EP:account||password||TS1

   (2)EP—->customer/courier::EKC[position||arrivetime||couriers||message]

        account:顾客customer/快递员courier的用户账号;

        password:顾客customer/快递员courier的账号对应的密码;

       TS1:让EP验证customer/courier的时钟与EP的时钟是否同步的;

       EKC:基于用户口令的加密,使得EP和customer/courier可以验证口令,并保护信息;

       position:顾客customer/快递员courier在系统EP登记的快递当前所在的位置(例如在运来的路上某地或者在市内,或者在快递员手中);

       arrivetime:告诉用户快递预计到达手上的时间;

       couriers:若在快递员手上,则告诉顾客快递员的账号,也会告诉快递员顾客的账号(双方可以通过账号取得联系);

       message:向用户提供快递本身的一些信息,比如来源,目的地,卖家信息等等。

2客户验证快递员身份,得到取件码

  (1)courier–>EP:accountc||applypassword||position||TS1

  (2)EP–>courier:EKC[Kcourier,customer||issucceed]

  (3)EP–>customer:EKC[Kcourier,customer||position]

     (2)是系统告诉快递员密钥,以及是否成功向顾客发送信息。

     (3)是系统告诉顾客密钥,以及快递的位置。

              account2:客户的账号;

              applypassword:向系统申请密钥;

              position:告知系统快递的位置;

             TS1:让EP验证courier的时钟与EP的时钟是否同步的;

              Kcourier,customer:由EP产生的密钥,用于courier和customer之间进行信息交换;

              issucceed:EP是否成功向用户发送信息;

              position:EP向用户告知快递当前所在位置;

3二者在平台确认送达

————————

subject

Today, the campus is full of express brothers, and students often help others get express. The express brother will not carefully verify his identity and will be allowed to receive on behalf of others. There are many unsafe factors.

Design a mobile phone based app for the courier brother to verify his identity and the customer to receive the express. The specific authentication methods are not limited and simple.

(1) Give: which parts of the app (can be illustrated) and the functions of each part;

(2) Imitate the writing method of Kerberos, describe the interaction process and explain it.

Include part

Courier: obtain information, record whether the delivery is received or delivered, and verify the customer

Customer: verify the courier, check the logistics and check the pick-up code

Express company: verify whether the information of the courier and the customer is equal and consistent, the logistics situation, the order number and the arrangement of the courier

Interactive process

1. The courier verifies the customer’s identity and sends the pick-up code after confirmation

   (1)customer/courier—->EP:account||password||TS1

   (2)EP—->customer/courier::EKC[position||arrivetime||couriers||message]

Account: user account of customer / courier;

Password: the password corresponding to the account number of customer / courier;

TS1: let EP verify whether the clock of customer / courier is synchronized with that of EP;

EKC: encryption based on user password, so that EP and customer / courier can verify password and protect information;

Position: the current location of the express registered in the system EP by the customer / courier courier (e.g. somewhere on the way, or in the city, or in the hands of the courier);

Arrival time: tell the user the estimated arrival time of the express;

Couriers: if it is in the hands of the courier, tell the customer the account number of the courier and the customer’s account number of the courier (both parties can contact through the account number);

Message: provide users with some information about the express itself, such as source, destination, seller information, etc.

2. The customer verifies the identity of the courier and gets the pick-up code

  (1)courier–>EP:accountc||applypassword||position||TS1

  (2)EP–>courier:EKC[Kcourier,customer||issucceed]

  (3)EP–>customer:EKC[Kcourier,customer||position]

(2) the system tells the courier the key and whether the information is successfully sent to the customer.

(3) the system tells the customer the key and the location of the express.

Account2: customer’s account number;

Applypassword: apply for the key from the system;

Position: inform the system of the location of express delivery;

TS1: let EP verify whether the clock of the courier is synchronized with that of EP;

Kcourier, customer: the key generated by EP, which is used for information exchange between couriers and customers;

Issucceed: whether the EP successfully sends information to the user;

Position: EP informs the user of the current location of the express;

3. Both parties confirm delivery on the platform