Green Team CS 410 Professor & Consultant: Janet Brunelle Team Leader & Risk: Justin Brunelle Marketing: Nigel Tierney Web Master: Jason Benson Technical: Aaron Fowler Research & Main Presenter: Jeremy Archey Financial: Lisa Ortiz Topic : RFID SubTopic : Electronics A.1. Responsiveness to NSF Topics B.4 – RFID, Electronics (EL) A. 2. Proposal Objectives After completing our Phase I feasibility study, we hope to discover several things. First, we want to find out whether the technology exists to implement our idea for smart card protection in a method that is user friendly, stable, and cost efficient. Next, we need to create a rough budget and schedule for our project so that we can have some general estimates for project timelines and financial needs. We also need to research whether the current credit card companies would be interested in purchasing protection like ours from an independent company and incorporating it into their own business model. Along with this, we need to find out if there are any other companies already creating this solution, and if there are, decide if we can compete with them in any meaningful way. A.3. Phase I Project Requirements. The deliverable at the end of an SBIR/STTR Phase I grant is a technical report that summarizes the experimental and theoretical accomplishments of the research proposed. This report serves as the basis for a Phase II proposal. A.9.2. Project Summary According to www.foodstampfraud.org, the Federal government spends $40 billion on food stamp fraud each year. According to MSNBC, 900,000 claims to FEMA during Hurricane Katrina were duplicate applications. EPA research has shown that 11% of government employees given Government Credit Cards cannot reproduce receipts of purchases made with Government Credit Cards when asked, and 9% of those that could reproduce receipts purchased prohibited items. 11% of card holders lent their card to unauthorized users. Nearly $14 billion of government money entrusted to government employees is spent on private purchases, and small businesses lose, on average, $2,500 to $100,000 annually on unauthorized purchases. The solution to these problems is Customizable Credit Card Protection. Customizable Credit Card Protection (C3 P) will eliminate unauthorized purchases by government and private business employees. C3 P will prevent employees who have been entrusted with funds from spending that money inappropriately by preventing purchases at certain types of commercial locations using MCCs, and preventing purchases of specified UPCs. The package sold will come with programmable Smart Cards with RFID chips in them (protected by 128-bit and triple DES encryption), and a customizable database that will hold prohibited purchases. The owner or head of the company will be able to specify what purchases are legal, and each card will be programmed to accept only legal purchases. This product is marketable to anyone who wishes to control purchases, such as parents or schools. Efficiency of lines at stores will not decrease because of this implementation. A contactless credit card transaction takes, on average, 15 seconds, while a magnetic strip transaction averages 25 seconds. Cash transactions normally take 34 seconds (technovelgy.com). The RFID signal cannot be picked up by thieves with RFID sensors because the sensor has to be fractions of a centimeter away from the card to get a reading. Even if the thief did get that close, the reading will be encrypted. Also, each Smart Card transaction has a different code number, making the information taken from the card useless when decoded. C3 P will ensure appropriated funds are spent according to company and government policy, and not in any other way. Vendors, customers, and card companies will benefit from C3 P because vendors will get more and more efficient business, customers are protected and have less wait time in line, and card companies get to sell cards and RFID sensors to vendors. C3 P will revolutionize the credit system world wide. A.9.3. Project Description Part 1: Identification and Significance of the Innovation The innovation in our solution comes from the use of both the already used MCC’s as well as the individual items’ UPCS to block unauthorized purchases at the point of sale, rather than putting the responsibility on businesses to monitor their employees after the sale has been made. This allows a business to have much more control of how their funds are being spent, and radically changes the idea that credit cards can only send a fixed amount of information every transaction. Part 2: Background and Phase 1 Technical Objectives The solution needs to activate the user's Finger Card with the on card scanner, read Finger Card with a RFID scanner, send list of UPCs and MCCs to our database, compare UPCs and MCCs to the allowed list, respond with a trivial authorized or unauthorized transaction, and forward authorized transactions to the credit card company. The hardware and software that will be required to build it is a Finger Card, digital camera, server, database, transaction approval algorithm, and a GUI and a website for customizing MCC and UPC approval lists and viewing transactions. The COTS products needed are a Finger Card, Finger Card RFID scanner, and a server. The customer needs to have a RFID scanner. The GUI and a website have to be specially built, as well as the software that will need to be added to the POS terminals to allow UPC’s to be transmitted with each transaction. Part 3: Phase 1 Research Plan There is extensive research required in order to prove our product’s technical feasibility. This research includes looking at pre-existing publications on the topic as well as performing experiments to test how plausible our solution is in real world conditions. While there may be additional technical considerations once we get customer buy in, in terms of adapting our solution to work with a company’s proprietary information, these are the basic technical considerations that we must first research before proceeding any further. Our proposal is for a software system that analyzes business credit card purchases at the time of the transaction, decides whether the purchase will be allowed or not, and keeps track of this data for later analysis by the primary stakeholders of that credit card user’s company. This will be primarily implemented through our own system of servers and databases that we will be responsible for maintaining, though there may be hardware considerations depending on the amount of data we need the credit card user to send to us and the quality of the business’ connection to us. The process of determining whether a purchase is valid or not will be based on a simple algorithm that combines the Merchant Category Classification and the UPC codes that the customer is purchasing and compares it to what the customer’s business has listed as acceptable purchases. All information, including the MCC and UPC codes, will be stored on our databases for an extended period of time so that business users may analyze purchase patterns of their employees, which will be facilitated through software and web site access that we will provide. There are four main areas of research that need to be carried out to feel confident about our solution. First, we need to research how current credit card systems work, from both a hardware and software standpoint, so that we can try to use as much as the current infrastructure as possible in implementing our solution. This will be done through library research as well as through interviews with those who are in the industry, although there may be limitations as far as what information can be given to us. Second, we need to determine how much information we can send over a low end credit card terminal connection before customer satisfaction becomes an issue as far as waiting time. For this, we will need to test with the lowest capacity connection, a 14.4 baud modem, with a large transaction, one that contains multiple UPC’s. The results will be measured in seconds, with any result over 5 seconds being ‘unacceptable.’ Various configurations of data format and hardware configuration may also be tried to reduce this time. Third, we have to test our server’s reliability, as credit card companies demand a very high percentage of ‘up time,’ over 99%. We will need to decide which servers can handle constant, multiple transactions without significant slow down or failure. We will test this through simulation, by sending massive amounts of simulated data to a test machine and recording the results. The outcome will allow us to better judge our budgetary needs for the project, and will most likely influence our software solution in some way. Finally, we need to create various prototypes for our web interface, and decide which is the most user friendly. This will involve focus groups and testing to see which areas of the web site will be most accessed and used. These tests can also implement performance measures that test what the best solution will be as far as implementing our web site’s programming. Speed will be the primary concern, but ease of use and ease of data analysis will also be priorities. Part 4: Company Information Old Dominion University Computer Science Department Norfolk, VA 23529 757.683.3000A.9.4. References Cited IEEE Feasibility Study on biometric credit cards: http://www.ee.ucla.edu/faculty/papers/ingridv_TransCE_nov04.pdf#search=%2 2Portable%20Biometrics%22 Smart Card technology with localized, portable biometrics: http://www.biometricassociates.com/smartcard.php Open source smart card technology, both software and hardware: http://www.smartcardalliance.org/industry_news/industry_news_item.cfm?itemID=1596 DISD credit card oversight lax: http://www.dallasnews.com Picture 1: www.co.kern.ca.us/dhs/images/0987.jpg Picture 2: www.katrinapictures.blogspot.com/ Picture 3: http://www.spasearch.org/admin/images/fld_main_photo/fld_main_photo_38.jpg FEMA Fraud: http://www.msnbc.msn.com/id/11326973/ Food stamp fraud: http://www.frac.org/html/federal_food_programs/programs/fsp_faq.html#4 Food stamp info: http://www.fns.usda.gov/fsp/faqs.htm#9 Data on food stamp fraud: http://www.eweek.com/article2/0,1895,1972079,00.asp http://www.foodstampfraud.org/ http://www.cioinsight.com/article2/0,1540,1850300,00.asp FEMA Fraud data: http://www.cnn.com/2006/US/09/13/katrina.fraud/index.html?section=cnn_topstories http://www.msnbc.msn.com/id/11326973/ Lockout codes http://www.admin.mtu.edu/acct/dept/pur/purchcard/lockout.htm Info on why this is a problem: http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/070206dnmetpcar ds.192c71f.html http://financialplan.about.com/od/studentsandmoney/a/TeenCreditCards.htm Info on current program in place: http://arc.publicdebt.treas.gov/DWP/fs/fscredcard.htm#1 Data and why this is needed – EPA’s complaint paper on current system!!! http://www.epa.gov/oig/reports/1995/bankrep.htm#CHAPTER%204 How credit cards work: http://money.howstuffworks.com/credit-card2.htm A.9.5. Biographical Sketches Justin Brunelle: Justin is a Virginia Beach local in his 3rd year as a Computer Science major at ODU. He works on the iSTART research project under Dr. Levinstein and plans on attending grad school at ODU. His research interests include web programming and modeling and simulation. Aaron Fowler: Aaron is a senior at ODU majoring in Computer Science with a minor in Computer Engineering. He transferred from VWCC with associate’s degrees in Computer Science and Computer Engineering. He works as a consultant for the ODU systems group. Nigel Tierney: Nigel is an F1 international student from Ireland. He is completing the accelerated Masters course in Computer Science at ODU and is currently in his 4th year. He is currently doing voluntary research under Dr. Jessica Crouch on creating a deformable finite cataract surgery model. His research interests include computer graphics and computer vision. Lisa Ortiz: Lisa is from Northern Virginia and in her 3rd year at ODU, majoring in Computer Science with a minor in Finance. During the summer and winter breaks, she interns with Northrop Grumman Mission Systems in Dahlgren, VA. She has been there since the summer of 2004. She is also currently a member of the Society of Hispanic Professional Engineers. Jeremy Archey: Jeremy is a senior at ODU, majoring in Computer Science with a minor in Information Technology. He has an interest in sales and public speaking, and currently works full time at Kay Jewelers. After graduation, he hopes to enter a career that involves travel and personal interaction with clients. A.9.6. Budget Funding in support of the C3P project will be requested from the National Science Foundation (NSF) under the SBIR grant program. [This plan will address total budgeted costs for the project and also the costs required for the out years.] The SBIR program distributes funds in two distinct phases. During Phase I, [amount] will be needed for the development of the C3P prototype. This development work will include planning, identification of requirements, hardware setup, design, coding and testing. The SBIR program’s funding limit of $100,000 for Phase I will cover the costs of this work. Upon successful implementation of a prototype, an additional $750,000 will be requested for Phase II work. This funding will cover ongoing development from Phase I, additional hard resources, technical documentation and actual beta testing of the product with users. Total costs for Phase II are budgeted at [amount]. [This part of the funding plan will address how we will be obtaining funds for Phase III, since not additional funds may be solicited through the SBIR program.] In Phase III, having acquired the necessary funding in Phases I and II to complete the prototype, C3P will be in a position to enter production and commercialization. [This part will also include total Phase III budget costs.] [This part of the funding plan will explain funding and budget costs during the out years.] [This part of the funding plan will state the deadline for the submission of proposals to the SBIR program.] [This part of the funding plan will discuss the additional funding obtained for each phase outside of NSF.] [The last section of the funding plan will include the charts and graphs, displaying budget costs, resources, break-even analysis, etc.] "What are the broader impacts of the proposed activity?" 1. The commercial benefits of C3P include sale of C3P technology. The societal impact of C3P is to reduce the amount of credit card fraud regarding entrusted funds from private businesses and government organizations to its employees. Businesses will retain more funds due to lack of personal spending by employees and the tax payers and government organizations will retain more money, as well. 2. C3P expands the use of RFID and credit card technologies. 3. This project is widely needed among businesses and government organizations. Employees of these organizations spend appropriated funds on personal objects and activities without approval from the owner of the funds. Organizations need a way to make sure their funds are being spent according to organization policy and designation. 4. See competition matrix. Incomplete as of 11/08 5. Once the funding for this project from SBIR/STTR ends, the project will earn it’s own funds by leasing our technology to credit card companies, government organizations, and even parents in the future. 6. C3P can advance NSF’s goals in education by allowing students to learn about RFID and the credit card process. The database structure and extraction is another source of learning opportunities. C3P has not successfully commercialized SBIR/STTR-supported technology.