3. 1. Introduction
1.1 Purpose
The document collects and organizes all the requirements of the Validity system that are not
contained within the use case model. These include functional requirements, non-functional
requirements, and design constraints.
1.2 Scope
This supplemental specification applies to the Validity employment system.
1.3 Definitions, Acronyms, and Abbreviations
Time-Based One-Time Password Algorithm: An algorithm that computes a one-time
password from a shared secret key and the current time (1)
Encrypt (or encryption): the process of encoding messages or information in such a way
that only authorized parties can read it (2)
PII: Personally Identifiable Information - is information about a person that contains
some unique identifier, including but not limited to name or Social Security Number,
from which the identity of the person can be determined.In OMB M-06-19 (July 12,
2006), "the term Personally Identifiable Information means any information about an
individual maintained by an agency, including, but not limited to, education, financial
transactions, medical history, and criminal or employment history and information which
can be used to distinguish or trace an individual’s identity, such as their name, social
security number, date and place of birth, mother’s maiden name, biometric records,etc.,
including any other personal information which is linked or linkable to an individual." (3)
SP 800-122: Guide to Protecting Confidentiality of Personally Identifiable Information
(PII). Recommendations of the National Institute of Standards and Technology (3)
1.4 References
1. Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia. 2014.
Time-based One-time Password Algorithm - Wikipedia, the free encyclopedia.
[ONLINE] Available at: http://en.wikipedia.org/wiki/Time-based_One-
time_Password_Algorithm. [Accessed 28 April 2014].
2. Encryption | Define Encryption at Dictionary.com . 2014. Encryption | Define
Encryption at Dictionary.com . [ONLINE] Available
at:http://dictionary.reference.com/browse/encryption. [Accessed 28 April 2014].
3. . 2014. . [ONLINE] Available at: http://csrc.nist.gov/publications/nistpubs/800-
122/sp800-122.pdf. [Accessed 28 April 2014].
4. 2. Functionality
2.1 The system shall use a Time-based One-time Password Algorithm verification system for
login, something the user knows and something the user has.
2.2 The system shall encrypt all Personally Identifiable Information (PII) in accordance with SP
800-122. and all subsequent federal and state mandates.
2.3 The system shall have inputs of user information.
2.4 The system shall have outputs of verified information from employee users or job postings of
employer users.
3. Usability
3.1 The system shall require no more than 10 minutes for users of the site to become familiar with
uses and operation.
3.2 The system shall require 10-15 hours of training for Validity employees to be deemed
proficient at cross-checking and verifying clients information.
4. Reliability
4.1 The system shall be available 99.99% of the time.
4.2 The system shall have a mean time between failures of three months.
4.3 The system shall have a mean time to repair of three hours.
4.4 The system shall have a maximum bug rate of 3 bugs/KLOC.
5. Performance
5.1 The system shall process client information in a reasonable time, at no time shall the user be
confused with what the system is doing.
5.2 The system shall be capable of supporting 25 transactions per second.
5.3 The system shall have an average transaction response time of 4 seconds.
5.4 The system shall have a maximum transaction response time of 15 seconds.
5. 5.5 The system shall have a maximum amount of 500 online users at one time.
5.6 The system shall support the search of job postings when in a degraded mode.
5.7 The system shall support the viewing of employee and employer profiles when in a degraded
mode.
6. Supportability
6.1 The system shall have a mean time for repair of 3 hours.
6.2 The system shall have a mean time for maintenance of 12-18 hours.
7. Design Constraints
7.1 The system shall be compliant with Google's coding standards for source code in the Java™
Programming Language, HTML5+, CSS, and security.
7.2 The system shall make every effort to keep the users aware in a ledger of the current status of
their requests and processes.
8. Other
8.1 The system shall be not break any local or federal government laws.
8.2 The system shall not violate any copyright laws.