Batch mode
Microsoft Money 5.0 operates in a batch mode. While off-line, a user will queue up transaction requests (requests for account information, requests to make bill payments, etc.)
When a user chooses to send these requests to their bank, Money will create a single OFC file containing the requests and will send that file to the bank’s server. While the user is online, the bank’s server will process the requests in that file and produce a single OFC file with the responses. The bank server will send this file back to Microsoft Money. When this file has been received, Money will close the communication session and report the results of the session to the user.
File import mode
Microsoft Money will also support file import mode. This mode is designed to allow a user to import transactions in an OFC file (*.ofc) into their Microsoft Money data file.
File import mode does not specify the method of communication between Money and a server; the OFC file could be delivered to the user via electronic mail, downloaded from the World Wide Web, or distributed on a floppy disk. For instance, if a bank’s World Wide Web site allowed users to view the account activity for a particular account, that web site could also allow the user to download an OFC file that represented those transactions. Launching the OFC file will reconcile the transactions in the file with those already entered in Microsoft Money.
Timeout values
Money uses the following timeout values. When these values expire, Money will display an error message to the user telling the user that their bank’s server is unavailable and suggesting that the user attempt to connect at a later time.
Connect (establishing an HTTP connection via the Internet)
|
2 minutes
|
Send (Money sending an OFC file to the server)
|
1 minute
|
Receive (Money waiting for a response file from the server)
|
2 minutes
|
Chapter 2
Security
All connections between Microsoft Money and a server will be secured. This section explains how Microsoft Money will secure sessions with a server.
-
Every connection between Microsoft Money and a bank’s server will be secured using the SSL or PCT protocol.
-
Money will secure Internet and private dial-up connections using SSL or PCT.
-
A bank must choose one security protocol: SSL or PCT.
-
North American releases of Money will use 128-bit encryption.
-
International releases of Money will use 64-bit encryption.
-
A bank must issue each Microsoft Money customer a User ID. The User ID should uniquely identify a user on the system.
-
A bank must issue each Microsfot Money customer a password. Users will be required to enter their password each time they wish to connect to the server. The password will never be written to disk.
Possible risks
Any communication over a network exposes risk to each party involved in the communication and to the data sent over the network. These risks can be summarized as follows:
-
Private and confidential information sent between client and server could be intercepted.
-
Private and confidential information stored on a bank’s host system can be accessed by unauthorized individuals.
-
An attacker can impersonate a user and conduct transactions on behalf of that user.
-
Harmful code could be sent from the server to the client, possibly causing problems on the client computer.
-
Harmful code could be sent from the client to the server, possibly causing problems on the server computer.
Using features of OFC and standard, Internet security protocols and techniques, an OFC-based solution using Microsoft Money addresses these risks.
-
All connections (Internet and dial-up PPP) between Microsoft Money and a bank’s server will be secured using the SSL or PCT protocols. These sessions will be encrypted using 128 bit keys (64-bit internationally.) This will create a secure channel of communication between Money and a server.
-
Because Microsoft Money uses the HTTP protocol to transfer OFC files between client and server, a bank’s architecture using OFC can take advantage of “firewall” technology to isolate the computers on an internal network from the outside world. A firewall can be configured to only accept data of a particular type or from a particular client application. The flexibility of the OFC architecture based on standard protocols enables the bank to choose the firewall solution that meets their needs.
-
Setting up for online services with Microsoft Money and OFC uses the authentication policies established by the bank. Money’s online services setup process relies on the user contacting their bank and the bank issuing the user an identification code and password. The bank can define the policy detailing how to authenticate the user before enabling online services for that user.
-
Microsoft Money will only send OFC files to the server. No interpreted or compiled executable code will be sent from Money to the server. OFC files cannot include instructions to disrupt or harm the host system.
-
Microsoft Money will only accept valid OFC files received from the server. No binary data will be accepted. In addition, Microsoft Money does not use HTTP cookies that store information on the client machine without the user knowing about it.
|
Yüklə 0.88 Mb.