Smart Account Management (SAcct) 0.1.0 is released and it is based on my past work on PCI compliance. The SAcct 0.1.0 includes the following modules:
- sacct-common: common and shared classes between the SAcct Server and the SAcct Client.
- sacct-server: SAcct Server is a standalone Java application.
- sacct-client: SAcct client acts as a client stub communicate with the SAcct server.
- tools/sacct-spring: Utility classes for the Spring framework.
- assembly/sacct-server: SAcct Server Maven assembly project
- Use Google Guice as the dependency injection framework for the SAcct Server
- Account information are encrypted and stored as a soft token on a carry on device
- Utility tools are provided to encrypt and decrypt the soft token
- Use the Diffie-Hellman key exchange protocol to derive the session key
- The communications between the SAcct Server and the SAcct Client are encrypted by the session key
- An One Time Password (OTP) is used to prevent session replay attack
- All encryptions use the Advanced Encryption Standard (AES) algorithm
- Spring support
- Many security utility classes
Fore more details about SAcct 0.1.0, please visit SAcct project site at http://code.google.com/p/sacct or read the introduction at http://code.google.com/p/sacct/wiki/SAcctUserGuide_0_1_0.