SlideShare a Scribd company logo

ValiditySupSpec

Download as DOCX, PDF
P
Phil Marucci
1 of 5
Validity Vetting System Supplemental Specifications Phil Marucci Matt DiDiano Dan Simon Garrett Dutkiewicz Tim May
Table of Contents Introduction Functionality Usability Reliability Performance Supportability Design Constraints Other
1. Introduction 1.1 Purpose The document collects and organizes all the requirements of the Validity system that are not contained within the use case model. These include functional requirements, non-functional requirements, and design constraints. 1.2 Scope This supplemental specification applies to the Validity employment system. 1.3 Definitions, Acronyms, and Abbreviations Time-Based One-Time Password Algorithm: An algorithm that computes a one-time password from a shared secret key and the current time (1) Encrypt (or encryption): the process of encoding messages or information in such a way that only authorized parties can read it (2) PII: Personally Identifiable Information - is information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined.In OMB M-06-19 (July 12, 2006), "the term Personally Identifiable Information means any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records,etc., including any other personal information which is linked or linkable to an individual." (3) SP 800-122: Guide to Protecting Confidentiality of Personally Identifiable Information (PII). Recommendations of the National Institute of Standards and Technology (3) 1.4 References 1. Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia. 2014. Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm. [Accessed 28 April 2014]. 2. Encryption | Define Encryption at Dictionary.com . 2014. Encryption | Define Encryption at Dictionary.com . [ONLINE] Available at:http://dictionary.reference.com/browse/encryption. [Accessed 28 April 2014]. 3. . 2014. . [ONLINE] Available at: http://csrc.nist.gov/publications/nistpubs/800- 122/sp800-122.pdf. [Accessed 28 April 2014].
2. Functionality 2.1 The system shall use a Time-based One-time Password Algorithm verification system for login, something the user knows and something the user has. 2.2 The system shall encrypt all Personally Identifiable Information (PII) in accordance with SP 800-122. and all subsequent federal and state mandates. 2.3 The system shall have inputs of user information. 2.4 The system shall have outputs of verified information from employee users or job postings of employer users. 3. Usability 3.1 The system shall require no more than 10 minutes for users of the site to become familiar with uses and operation. 3.2 The system shall require 10-15 hours of training for Validity employees to be deemed proficient at cross-checking and verifying clients information. 4. Reliability 4.1 The system shall be available 99.99% of the time. 4.2 The system shall have a mean time between failures of three months. 4.3 The system shall have a mean time to repair of three hours. 4.4 The system shall have a maximum bug rate of 3 bugs/KLOC. 5. Performance 5.1 The system shall process client information in a reasonable time, at no time shall the user be confused with what the system is doing. 5.2 The system shall be capable of supporting 25 transactions per second. 5.3 The system shall have an average transaction response time of 4 seconds. 5.4 The system shall have a maximum transaction response time of 15 seconds.
5.5 The system shall have a maximum amount of 500 online users at one time. 5.6 The system shall support the search of job postings when in a degraded mode. 5.7 The system shall support the viewing of employee and employer profiles when in a degraded mode. 6. Supportability 6.1 The system shall have a mean time for repair of 3 hours. 6.2 The system shall have a mean time for maintenance of 12-18 hours. 7. Design Constraints 7.1 The system shall be compliant with Google's coding standards for source code in the Java™ Programming Language, HTML5+, CSS, and security. 7.2 The system shall make every effort to keep the users aware in a ledger of the current status of their requests and processes. 8. Other 8.1 The system shall be not break any local or federal government laws. 8.2 The system shall not violate any copyright laws.

Recommended

Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Sensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSSensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSKAMLESH HINGWE
 
Isaa lab assessment 3
Isaa lab assessment 3Isaa lab assessment 3
Isaa lab assessment 3FiddletheSecond
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Asymmetric cryptography
Asymmetric cryptographyAsymmetric cryptography
Asymmetric cryptographyService_supportAssignment
 

Recommended

Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Sensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSSensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSKAMLESH HINGWE
 
Isaa lab assessment 3
Isaa lab assessment 3Isaa lab assessment 3
Isaa lab assessment 3FiddletheSecond
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Asymmetric cryptography
Asymmetric cryptographyAsymmetric cryptography
Asymmetric cryptographyService_supportAssignment
 
Os security issues
Os security issuesOs security issues
Os security issuesJOLLUSUDARSHANREDDY
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?Boy Baukema
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Unix logging
Unix loggingUnix logging
Unix loggingKamal Govindaswamy CISSP CIPP/US CCSP
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Logging of Network Devices for PCI DSS
Logging of Network Devices for PCI DSS Logging of Network Devices for PCI DSS
Logging of Network Devices for PCI DSS Kamal Govindaswamy CISSP CIPP/US CCSP
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
Database Logging For PCI DSS
Database Logging For PCI DSSDatabase Logging For PCI DSS
Database Logging For PCI DSSKamal Govindaswamy CISSP CIPP/US CCSP
 
CV&My Worksmail
CV&My WorksmailCV&My Worksmail
CV&My Worksmailramli badrudin
 
Medios de transmision
Medios de transmisionMedios de transmision
Medios de transmisionLader Javier Vasquez Redondo
 
Pedagogia
PedagogiaPedagogia
PedagogiaIsabel Vela Espinosa
 
Contaminación ambiental
Contaminación ambientalContaminación ambiental
Contaminación ambientalleidy burgos
 
Faster Response To Foodborne Incidents
Faster Response To Foodborne IncidentsFaster Response To Foodborne Incidents
Faster Response To Foodborne IncidentsJohn E Griggs, Ph.D.
 
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...Maurizio Peretto
 
LIO competencias de los gobiernos locales
LIO competencias de los gobiernos localesLIO competencias de los gobiernos locales
LIO competencias de los gobiernos localesMiluska Rojas
 
113 - Innovation Radar
113 - Innovation Radar113 - Innovation Radar
113 - Innovation Radarinnovationoecd
 
Recursos humanos de centro américa
Recursos humanos de centro américaRecursos humanos de centro américa
Recursos humanos de centro américa7526
 
¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?Julio Tellez
 
Customer relationship management
Customer relationship managementCustomer relationship management
Customer relationship managementProjects Kart
 
Res & Smit Real Estate Support
Res & Smit Real Estate SupportRes & Smit Real Estate Support
Res & Smit Real Estate SupportMark Smit
 

More Related Content

What's hot

Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?Boy Baukema
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 

What's hot (10)

Os security issues
Os security issuesOs security issues
Os security issues
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?OWASP ASVS 3 - What's new for level 1?
OWASP ASVS 3 - What's new for level 1?
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storage
 
Unix logging
Unix loggingUnix logging
Unix logging
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Logging of Network Devices for PCI DSS
Logging of Network Devices for PCI DSS Logging of Network Devices for PCI DSS
Logging of Network Devices for PCI DSS
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Database Logging For PCI DSS
Database Logging For PCI DSSDatabase Logging For PCI DSS
Database Logging For PCI DSS
 

Viewers also liked

Contaminación ambiental
Contaminación ambientalContaminación ambiental
Contaminación ambientalleidy burgos
 
Faster Response To Foodborne Incidents
Faster Response To Foodborne IncidentsFaster Response To Foodborne Incidents
Faster Response To Foodborne IncidentsJohn E Griggs, Ph.D.
 
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...Maurizio Peretto
 
LIO competencias de los gobiernos locales
LIO competencias de los gobiernos localesLIO competencias de los gobiernos locales
LIO competencias de los gobiernos localesMiluska Rojas
 
113 - Innovation Radar
113 - Innovation Radar113 - Innovation Radar
113 - Innovation Radarinnovationoecd
 
Recursos humanos de centro américa
Recursos humanos de centro américaRecursos humanos de centro américa
Recursos humanos de centro américa7526
 
¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?Julio Tellez
 
Customer relationship management
Customer relationship managementCustomer relationship management
Customer relationship managementProjects Kart
 
Res & Smit Real Estate Support
Res & Smit Real Estate SupportRes & Smit Real Estate Support
Res & Smit Real Estate SupportMark Smit
 

Viewers also liked (14)

CV&My Worksmail
CV&My WorksmailCV&My Worksmail
CV&My Worksmail
 
Medios de transmision
Medios de transmisionMedios de transmision
Medios de transmision
 
Pedagogia
PedagogiaPedagogia
Pedagogia
 
Contaminación ambiental
Contaminación ambientalContaminación ambiental
Contaminación ambiental
 
Faster Response To Foodborne Incidents
Faster Response To Foodborne IncidentsFaster Response To Foodborne Incidents
Faster Response To Foodborne Incidents
 
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
Tesi - Distrettualizzazione di reti acquedottistiche mediante la teoria delle...
 
LIO competencias de los gobiernos locales
LIO competencias de los gobiernos localesLIO competencias de los gobiernos locales
LIO competencias de los gobiernos locales
 
113 - Innovation Radar
113 - Innovation Radar113 - Innovation Radar
113 - Innovation Radar
 
Recursos humanos de centro américa
Recursos humanos de centro américaRecursos humanos de centro américa
Recursos humanos de centro américa
 
¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?¿PUEDO YO ENTENDER LA BIBLIA?
¿PUEDO YO ENTENDER LA BIBLIA?
 
Customer relationship management
Customer relationship managementCustomer relationship management
Customer relationship management
 
Res & Smit Real Estate Support
Res & Smit Real Estate SupportRes & Smit Real Estate Support
Res & Smit Real Estate Support
 
TC Spende Berliner Kältehilfe.pdf
TC Spende Berliner Kältehilfe.pdfTC Spende Berliner Kältehilfe.pdf
TC Spende Berliner Kältehilfe.pdf
 
4418 - BLUE POWER TRAKTOREN.pdf
4418 - BLUE POWER TRAKTOREN.pdf4418 - BLUE POWER TRAKTOREN.pdf
4418 - BLUE POWER TRAKTOREN.pdf
 

Similar to ValiditySupSpec

An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication IJMER
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
Introduction to Gravitational Teleport
Introduction to Gravitational TeleportIntroduction to Gravitational Teleport
Introduction to Gravitational TeleportTeleport
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Federated Authentication in a Campus System
Federated Authentication in a Campus SystemFederated Authentication in a Campus System
Federated Authentication in a Campus SystemMatthew Hanlon
 
Endpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesDavid Shepherd
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
IRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET Journal
 
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...ijistjournal
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
A Survey on Assured deletion and Access Control
A Survey on Assured deletion and Access ControlA Survey on Assured deletion and Access Control
A Survey on Assured deletion and Access ControlAM Publications
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IRJET Journal
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
RFC 2196 Site Security Handbook
RFC 2196 Site Security HandbookRFC 2196 Site Security Handbook
RFC 2196 Site Security HandbookDavid Sweigert
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatLyndonPelletier761
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 

Similar to ValiditySupSpec (20)

An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
Introduction to Gravitational Teleport
Introduction to Gravitational TeleportIntroduction to Gravitational Teleport
Introduction to Gravitational Teleport
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Federated Authentication in a Campus System
Federated Authentication in a Campus SystemFederated Authentication in a Campus System
Federated Authentication in a Campus System
 
Endpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile Devices
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
IRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud Computing
 
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
A Survey on Assured deletion and Access Control
A Survey on Assured deletion and Access ControlA Survey on Assured deletion and Access Control
A Survey on Assured deletion and Access Control
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
RFC 2196 Site Security Handbook
RFC 2196 Site Security HandbookRFC 2196 Site Security Handbook
RFC 2196 Site Security Handbook
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relat
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 

ValiditySupSpec

  • 1. Validity Vetting System Supplemental Specifications Phil Marucci Matt DiDiano Dan Simon Garrett Dutkiewicz Tim May
  • 3. 1. Introduction 1.1 Purpose The document collects and organizes all the requirements of the Validity system that are not contained within the use case model. These include functional requirements, non-functional requirements, and design constraints. 1.2 Scope This supplemental specification applies to the Validity employment system. 1.3 Definitions, Acronyms, and Abbreviations Time-Based One-Time Password Algorithm: An algorithm that computes a one-time password from a shared secret key and the current time (1) Encrypt (or encryption): the process of encoding messages or information in such a way that only authorized parties can read it (2) PII: Personally Identifiable Information - is information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined.In OMB M-06-19 (July 12, 2006), "the term Personally Identifiable Information means any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records,etc., including any other personal information which is linked or linkable to an individual." (3) SP 800-122: Guide to Protecting Confidentiality of Personally Identifiable Information (PII). Recommendations of the National Institute of Standards and Technology (3) 1.4 References 1. Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia. 2014. Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm. [Accessed 28 April 2014]. 2. Encryption | Define Encryption at Dictionary.com . 2014. Encryption | Define Encryption at Dictionary.com . [ONLINE] Available at:http://dictionary.reference.com/browse/encryption. [Accessed 28 April 2014]. 3. . 2014. . [ONLINE] Available at: http://csrc.nist.gov/publications/nistpubs/800- 122/sp800-122.pdf. [Accessed 28 April 2014].
  • 4. 2. Functionality 2.1 The system shall use a Time-based One-time Password Algorithm verification system for login, something the user knows and something the user has. 2.2 The system shall encrypt all Personally Identifiable Information (PII) in accordance with SP 800-122. and all subsequent federal and state mandates. 2.3 The system shall have inputs of user information. 2.4 The system shall have outputs of verified information from employee users or job postings of employer users. 3. Usability 3.1 The system shall require no more than 10 minutes for users of the site to become familiar with uses and operation. 3.2 The system shall require 10-15 hours of training for Validity employees to be deemed proficient at cross-checking and verifying clients information. 4. Reliability 4.1 The system shall be available 99.99% of the time. 4.2 The system shall have a mean time between failures of three months. 4.3 The system shall have a mean time to repair of three hours. 4.4 The system shall have a maximum bug rate of 3 bugs/KLOC. 5. Performance 5.1 The system shall process client information in a reasonable time, at no time shall the user be confused with what the system is doing. 5.2 The system shall be capable of supporting 25 transactions per second. 5.3 The system shall have an average transaction response time of 4 seconds. 5.4 The system shall have a maximum transaction response time of 15 seconds.
  • 5. 5.5 The system shall have a maximum amount of 500 online users at one time. 5.6 The system shall support the search of job postings when in a degraded mode. 5.7 The system shall support the viewing of employee and employer profiles when in a degraded mode. 6. Supportability 6.1 The system shall have a mean time for repair of 3 hours. 6.2 The system shall have a mean time for maintenance of 12-18 hours. 7. Design Constraints 7.1 The system shall be compliant with Google's coding standards for source code in the Java™ Programming Language, HTML5+, CSS, and security. 7.2 The system shall make every effort to keep the users aware in a ledger of the current status of their requests and processes. 8. Other 8.1 The system shall be not break any local or federal government laws. 8.2 The system shall not violate any copyright laws.