ISCHP: The Sales Information System for Strictly Controlled Haram Products
The Sales Information System
for Strictly Controlled Products
ISCP Based on Consumer e-Cards,
specialized for Control of business with Haram Products (ISCHP)
The purpose of ISCP
• In many countries, the sale and consumption of some products is strictly controlled
by government authorities (so called controlled products or CP), e.g.:
– Some foods and drinks whose consumption is prohibited for religious reasons, such as haram products in
Islamic countries (further elaborated in detail),
– Chemicals for protection of plants and animals (pesticides, herbicides, fungicides …) in agriculture,
– Toxic or flammable chemicals for various purposes,
– Explosives, weapons and ammunition, etc.
• The common principles for control of CP (during of sales, distribution and
use) are similar in all countries:
– Some state authority sets the rules for sale and distribution of CP and supervises their implementation,
– It exists the system for approval of requests for granting of rights to purchase and use of CP,
– The authorized Agent issues approvals (based on state rules) for the purchase of CP in the form of
consumer cards (CC) and keeps track of them,
– Any CP can be purchased in specific stores only on the basis of issued CCs, and all sales of CPs are also
recorded. The state authority receives from Agent all information about issued CCs and sold CPs.
• ISCP is a business solution and appropriate software, based on modern ICT, which
supports the full implementation of the provisions on the operations with controlled
products and connects all involved participants in real time.
The architecture and participans of ISCP
DB for Persons,
CP, CC and Invoices)
2. Data about
asking for CC
3a. Data about
6. Data on
8. Invoices for
National ICT infrastructure Agent
who require CCs SalesmanAgent’s Clerk
who uses eCC
9. Sales reports (about
controlled products sold)
10. Issued eCCs
and sold CPs
to buy CP (eCC)
7a. The invoice (for all
products sold)Local PoS
4. eCC5. UID
the next slide
Agent’s central office
3b. Data about
Business processes supported by ISCP
Issuance of eCC:
1. The person (resident or tourist) sets the request for
CC by Internet or by filling out an application.
2. Agent's clerk checks in DB/P does the person
fulfils conditions for CC and takes from DB/P
some of person’s data (automatically, using WS).
3. Agent's clerk issues eCC to the person who has
right on it. Data about person’s right for buying
CP and issued eCC will be stored in DB/PLP (3a).
DB/PLP is periodically updated from DB/C (3b).
The use of eCC:
4. The holder of eCC enters in the shop with
intention to buy some CP and presents himself
with his eCC.
5. The seller takes UUID from eCC (using smart card
reader) in order to access holder’s personal data.
6. The validity of eCC is checked automatically (WS)
according records in DB/PLP, which are updated by
the competent government authority.
7. If the eCC is valid, vendor issues goods and invoice
to the customer (7a) using PoS software and stores
data on invoice in Local PoS DB (7b).
8. After PoS transaction has been finished, the data
about sold CP are automatically (using WS) entered
in the DB/PLP, which maintain Agent.
Supervision of operations with CP:
9. Vendor sends the reports about sold CPs to the
government authority which is in charge to control
of the whole business with CPs.
10. Agent sends the reports about issued eCC and sold
CP to the Control. The governmental authority has
direct access to all data in the DB/PLP.
DB/P – DB on persons, officially registered by the governmental authority
DB/C – DB on companies, officially registered by governmental authority
DB/PLP – DB on seekers of CC, issued licenses for purchasing, data about
controlled products (CP) and CPs sold on the basis of issued eCC.
UUID – Universally unique identifier
CP – in general, product whose sales is controlled by special regulations
CC – in general, license for purchase of controlled products (CP)
eCC – license for purchase of CP in the form of electronic ("smart") card
General design of ISCP
• ISCP includes business rules, based on
governmental regulations on the operations with
the strictly controlled products.
• IS is designed as a fully functional prototype
which can be adapted to the regulations in the
country that uses it, and to the business area in
which it is used.
• Designed trilingual (English, Croatian, Arabic),
with the possibility of translation into other
• It connects stakeholders in real time and can be
interoperable with other systems, eg. e-payment
• Business oriented, which means that follows
appropriate governmental regulations and
business rules and works as a set of optimized
• Very thoroughly documented, with topics as:
general concept, business processes, technical
documentation, user's and administrator's guide,
customization procedures etc.
• Designed in accordance with current
professional standards and methodologies
(TOGAF, EIF 2.0, BPMN 2.0, UML …).
• Uses modern ICT as: web services (WS) for
communication and interoperability, RDBMS
with stored procedures, electronic smart cards
and so on.
• Arranged for real-time work using internet.
• Prepared for work on windows platforms, using:
– Windows Server 2008, MS SQL Server 2012, IIS
• Developed on technologies:
– Programming language C#, Web services WCF
– Web applications: ASP.NET
– Visual Studio 2012.
• It can be delivered in several ways:
– On premises (on customer’s or Agent’s HW/SW
– SaaS (Software as a Service-cloud computing) or
– Combined (according to the user’s needs).
ISCHP-tool for control of haram*
• General principles for doing business with CP, explained before, were embedded in
the Information System for Control of business with Haram Products - ISCHP.
• ISCHP is fully functional software solution and can be used immediately, assuming that
business with haram products in the buyer's country (governed by Islamic law) is
organized as described in this documentation.
• If some details in a particular country differ from what is assumed here, then software
may be customized to the needs of the end customer. This customization depends on
the extent of changes and can take (approximately) from a few days to two months.
• Here we explain the initial version of ISCHP. Our sales experts will present the initial
solution to the end user and perform gap analysis with him. On the basis of gap
analysis they will draw up specifications for the necessary changes, which will be (if
needed) implemented in our central office in the shortest possible time.
* Haram ()حرام is an Arabic term meaning forbidden or proscribed by Islamic law. In this paper, the term refers to some
products (dishes and drinks) whose consumption is not allowed to Muslims. However, citizens of non-Islamic countries,
whose religion does not prohibit it, can purchase haram products (HP) in Islamic countries, but according to strictly defined
rules, set by authorities of countries that are governed by Islamic law. Business and IT solution described here refers to the
control of whole business with haram products, i.e. issuing of license for purchase, sales, monitoring and reporting.
Collaboration between participants in ISCHP
ISCHP connects 8 participants: Agent, Tourist, Resident, Ministry
of Interior, Castoms Duty, Seller, eCC Manufacturer and Control.
For purchasing of HP, an electronic consumer cards (eCC) is
needed. An eCC can get a non-citizen of Islamic Country: Tourist
(eCCT) or Resident (eCCR).
Agent is authorized to issuing of eCC. When issuing, Agent takes
some data on seeker from databases runned by the state author-
ities: Customs Duty (for eCCT) and Ministry of Interior (for eCCR).
Tourists and Residents are buying haram products from Seller. He
sells HP only to those Tourists or Residents who have valid eCCT
or eCCR. Data on each sale of HP are sent to Agent.
Control supervises the work of Agent and Seller inspecting the
data on issued ECC and sold HP.
eCC Manufacturer delivers eCCT and eCCR to Agent.
Sales by eCCT Sales by eCCR
ring of eCC
o Term ‘Tourist’ includes all occasional visitors (tourists, business people) who are not
citizens and don’t have work permit, but legally entered the country with passport.
o A 'Resident' is a person who is not a citizen of the country, but has a work and
o Both eCCT and eCCR have UUID, but only eCCR has personal data of the owner.
Remark: Complex operating system in the figure above is shown in
accordance with the standard BPMN 2.0 as “Conversation Diagram".
Functionalities of ISCHP-an overview
For Agent’s officer:
1. Record the requests of people who are looking
for consumer card (eCC, i.e. eCCT or eCCR).
2. Check if the seeker for eCC has the right on CP,
i.e. if he is recorded as the visitor or resident.
3. Record data about the issued eCC and authorized
person who get it.
4. Send the data for approved eCC to the eCC
Manufacturer in order to produce it.
5. Recording of issued eCCs and changes in their
For Agent’s DB administrator:
6. Assign rights for using ISCP to the participants.
7. Using of DB/PLP in order to solve users
For eCC Manufacturer:
8. Get accurate data in order to produce valid eCC.
For Tourists and Residents:
9. Request eCC to achieve the right for buying CP's.
10. Use valid eCCT/eCCR to buy haram products.
11. Read eCC and check in DB/PLP if the person has
the right to buy haram products.
12. Use PoS aplication to create invoices and record
sold items in the local DB.
13. Record sales of haram products in central
DB/PLP, immediately when sales has been made.
14. Check issued eCC and selling of haram products
for any person and any point of sale.
15. Get particular and summary reports on
transactions and events in the ISCHP.
Next seven slides (9-15) contain some detailed
technical information on the internal structure
of a ISCHP.
Main business processes supported by ISCHP
Based on general architecture and collaboration diagram (shown in the previous slide) between
participants, ISCHP can be described with 5 main business processes:
1. GIVE eCCR TO A RESIDENT: covers activities “Issuing of eCCR” from conversation diagram (slide 7).
2. GIVE eCCT TO A TOURIST: covers activities “Issuing of eCCT” from conversation diagram.
3. SELL HARAM PRODUCTS: covers three similar and tightly connected group of activities from
conversation diagram: “Sales by eCCR”, “Sales by eCCT” and “Alert of sales”.
4. CONTROL OF BUSINESS WITH HARAM PRODUCTS: covers group od similar activities from conversation
diagram: “Control of eCC issuing” and “Control of sales”.
5. MANUFACTURING OF eCC: represents the activities from conversation node "Manufacturing of
eCC", and refers to the manufacturing eCCT and eCCR.
Details of the process models 1-4 are shown in accordance with the norm of BPMN 2.0 as
collaboration diagrams. Model of business process No. 5 is implemented as WS ExportResCardData
(which is initiated from process GIVE eCCR TO A RESIDENT and exports data about Resident from Agent
to eCC Manufacturer) or WS ExportTouCardData (which is initiated from the process GIVE ECCT TO A
TOURISt and exports data about Tourist from Agent to eCC Manufacturer).
Business process ‘GIVE eCCT TO A TOURIST’
‘Tourist’ can ask for
eCCT by Internet,
The right to CCT is
checked in a DB
maintained by the
DB/PT). Issued eCCT
are recorded in the
‘Customs Duty’ uses
WS CheckTou which
is an integral part of
Business process ‘GIVE eCCT TO A RESIDENT’
‘Resident’ can ask
for eCCT by Internet,
The right to CCR is
checked in a DB
maintained by the
‘Ministry of Interior'
DB/PR). Issued eCCR
are recorded in the
‘Ministry of Interior’
uses WS CheckRes
which is an integral
part of ISCHP
Business process ‘SELL HARAM PRODUCTS’
Validity of eCCR and
eCCT is checked
online in DB/PLP
maintained by 'Agent’.
‘Seller' needs from their
PoS applications to call
as a part of ISCHP).
Some details about eCCR and eCCT
• eCCR and eCCT are contactless memory cards, standard size 85,6 x 54 mm.
• The user selects a capacity depending on additional functionality
which card must have (for example, e-payment).
• We recommend to use eCCR with built-in photo of the resident but eCCT without
that photo (because tourists and business visitors remain in the country a short time).
• In accordance with various form of cards, a tourist on point of sell must identify
himself with e-card and passport, but resident only with e-card.
• Each card has an expiry date, which is determined by national legislation in the
country which issues eCCR or eCCT.
• Tourists and residents can place its own requests for issuing cards using the Internet.
• eCCT and eCCR can act as debit or prepaid card. In this case a selling point must
have devices to enter the amount of money spent to purchase (card reader/writer)
and valid agreements with banks or other financial institutions..
• The entire solution with smart cards can be customized to address particular needs
and regulations of each country.
Relational Database model for ICCHP
Detailed description of
database model is in a
Component model* of ISCHP
The same logic model of the
software can be physically installed
on various operating platforms.
* According Component
Diagram from UML.
Group of Software Applications in ISCHP
• Frontend applications, used for:
– gathering the requests for ECC in Agent's office, or
– receiving and processing the requests for eCC send by Internet.
• Backend applications, used for:
– Processing and approval of the requests for eCC and issuance of eCC,
– Monitoring of ISCHP and his operations,
– Reporting on all transactions performed by ISCHP,
– Maintenance of data in catalogues and dispatching them to all users of
– Solving the complaints of users.
• PoS application, used for:
– Verification of users eCC and his right to buy haram products,
– Sending notifications about purchase of haram products in DB/PLP.
Frontend Application - example
The user interface for
sending the request for
the issuance of the eCC
from mobile device:
•for resident (need to
submit a photo to be
embedded on eCC),
•for tourist (eCC is
issued without photo).
The user interface on some following slides is in
Croatian, Arabic or English, in order to show
multilingual possibilities of ISCHP. The version
for final user will be allways delivered in the
language required by the customer.
Backend Applications - example
• The example shows how Agent's officer logs in as a user.
• If ISCHP is used as SaaS, then the user accesses using web
browser at: http://126.96.36.199:8087
Only internal roles (Agent’s officer, Agent’s System administrator,
eCC Manufacturer and Control) are authorized for working with
External roles (Customs Duty, Ministry of Interior, Resident, Tourist
and Seller) can not work with Backend Application. They
communicate with CCIS using a web services.
Main menu of ISCHP:
Payments of fees
Types of products
Units of measure
Backend Applications – user interface
1. Data on registered active user
2. Items of main menu
3. List of ≤ 10 dana items
4. Details of the selected item
5. The criteria for the query and search
6. Possible further actions
7. Selection the table from DB/PLP to display
8. Link to catalog of persons (tourists or residents)
Backend Application – an example of the report
• Uses Control for
insight into DB/PLP
and creation of the
• Fast and advanced
search of the
• Reports in 4
Report in PDF
- an example:
Backend Application – reports in graphical form
Dashboard in three
different type of
– users of eCC by country
from which they come,
– the average time for
approval of request for
eCC (in minutes),
– sold haram products by
POS Application – integration of distributed sales and ISCHP
The first step: Seller reads
customer's eCC on his e-card
reader, after which the PoS
connects to the DB/PLP in
order to check the validity of
Second step: PoS application
gives the customer an invoice
for purchased products.
Purchased haram products are
presented separately and
information about them is
automatically sent to the
Each invoice for haram products gets in DB/PLP unique
identifier, regardless of that on which point of sale is created!
POS Application – user interface and main menu
The items of user menu:
1. Main menu of PoS application
2. Area for items of data records
3. Detailed view of item
4. Status messages / Help
The content of main menu:
POS Application – multilinguality
The choice of
language through the
direction (from right
to left in Arabic)..
customizationsAdjusting of the ISCHP to the specific needs
State regulations and
Where are the data on
‘Tourists’ and ‘Residents’
P o s s i b l e a d j u s t m e n t s w i t h r e g a r d t o:
DB/P exist in
DB/P exist in
MS SQL form
Develop new DB/P
and deploy it on
or in cloud
Generic ISCHP is ready for use
immediately, if the buyer does not
have special requirements different
from assumed here.
Specific adjustments shall be agreed
directly with potential customer.
Fill in the data in
used in country
processes (as on
Slides10, 11 and 12)
Business proposal to potential representative
• Design and development of ISCHP was conducted by:
– Company: KORIS d.o.o., Jarnovićeva 54, 10000 Zagreb, Croatia (www.koris.hr)
– The person responsible: dr. sc. Slaven Brumec, Head of development (email@example.com)
• KORIS is looking for professional representative in the country of Islamic
tradition, which will be responsible for:
– Offering ISCHP in countries governed by Islamic law,
– Gathering requirements for a possible customization of ISCHP,
– Participating, along with experts of KORIS, in customization of ISHPC
to the particular requirements of end-user,
– Providing technical support to end users during the implementation
and maintenance of ISCHP and
– Collaboration in the further improvement and development of ISCHP.
• KORIS will provide the representative with all necessary education and
technical documentation for ISCHP, including the executable software in
SaaS and/or "on premises" version.
• All commercial relations between representative and KORIS we shall
define together in direct negotiations.