REST based Requests

REST here means 'Representational State Transfer' and is a software architecture style for distributed hypermedia systems such as the World Wide Web. Since this definition is a bit hard to grasp, a more simpler definiton would be to say that  REST is a set of principles that define how Web standards, such as HTTP and URIs, are supposed to be used.


Th advantage of adhering to REST principles when designing an application lies in the fact that the new system will be able to exploit the Web’s architecture in a better way.


There are 5 key principles to keep in mind to keep compliance with the REST standards. They are,

• Give every “thing” an ID - Simply, use URIs to identify everything that needs to be identified (high level resources-individual items, collections of items, virtual and physical objects, or computation results)

• Link things together -Use links to refer to identifiable things (resources) wherever possible 

• Use standard methods - What this means is that, for clients to be able to interact with server resources, these server resources should implement the default application protocol (HTTP) correctly (E.g.:- make use of the standard methods GET, PUT, POST, DELETE)

• Resources with multiple representations -  One way to exploit this principle is to turn the application’s Web UI into its Web API. Such a method is a brilliant way to get a better Web interface for both humans and other applications.

• Communicate statelessly - This means that a server should not have to retain some sort of communication state for any of the clients it communicates with beyond a single request.

JAIN SLEE architecture

The first and foremost thing to do before understanding the concept of JAIN SLEE is defining the term. SLEE stands for Service Logic Execution Environment. A SLEE is essential in the communications industry where it provides an event processing application environment with high throughput and low latency.

• Throughput - average rate of successful message delivery over a communication channel (in a communications network)
• Latency - Delay (how much time it takes for a packet of data to get from one designated point to another) 

Now back to the main topic; JAIN SLEE


JAIN SLEE/JSLEE is a Service Logic Execution Environment based on Java. The actual definition is Java APIs for Intelligent Networks Service Logic Execution Environment.

This is the only industry standard focusing on portable communications applications. Therefore it happens to be essential for mobile application providers. Since Java is also based on the concept 'Write Once, Run Anywhere', implementing JAIN SLEE enables communications applications to be written once and run on many different implementations of JAIN SLEE. A variety of companies including IBM, Motorola, Siemens, Vodafone, Sun Microsystems etc have contributed for the development of this specification.

   

So how does JAIN SLEE ensure the development of portable applications?

This is achieved by the combination of a programming language API, a clear technical specification, a Reference Implementation, and a variety of tests that a vendor must pass to ensure that the product is complies to the JAIN SLEE specification.

The advantage of JAIN APIs is that they enable the rapid development of Next Generation telecom products and services on the Java platform. JAIN SLEE provides the central component to these JAIN APIs. 

The specification includes a component model for structuring the application logic of communications applications as a collection of reusable object-orientated components, which ensures the rapid development of robust applications. In addition, it also specifies the way for composing these components into higher level, more sophisticated services. Furthermore it also defines the contract between these components and the container that will host these components at run-time. 

                                                                                                                             

Virtual Private Network

Virtual Private Networks which are more popularly known as VPNs is the topic of today's blog entry.

So what are these VPNs?
Before explaining about VPNs I guess its better to explain on why Virtual Networks came a trend in the first place. Earlier, Companies wanting to connect their offices and employees in different locations had to implement WANs (Wide Area Networks) using private leased lines. Although this was a great solution in the sense of security purposes of the company network, the huge cost associated with it became unbearable to companies with time especially when the distance between those different offices was longer. So what was the solution?
It came in the form of  VPNs.

VPNs provide a way for companies to establish a virtual connection between their LANs residing in offices at different locations. This virtual network shall be implemented through a public network such as Internet eliminating the need of real-time company owned lines.

Currently, VPNs are a huge favorite with companies/organizations wanting to connect their networks to external sources at a reasonable cost and desirable amount of security. These sources can be their own offices in different locations, employees who require access to the company network via remote-access, external third companies which want to establish communications with the company private network.

So how do VPNs ensure the security of the data being transferred through the VPNs. This actually happens via establishing a secure VPN. Secure VPNs use various methods to ensure the security such as secure protocols, encryption methods, authentication schemes etc.

One of the other major benefits of VPNs other than cost and security, is its scalability. The networks can grow freely without any substantial costs. In addition, VPNs provide a reliable method of communication among the parties involved.

SMS Broadcasting

Typically we hear the word 'broadcast' in relation to topics such as TV and Radio. Then what is SMS broadcasting for? SMS broadcasting is an unfamiliar term to most of us. However it is a simple concept with big advantages.

With SMS broadcasting, companies are able to send a large number of SMS messages to a set of people. These people could be clients of the organization or its own employees. The broadcasting can happen to a set of selected MSISDN numbers treated as one group or to every available mobile number. When groups of MSISDN numbers are created, company becomes capable of sending customized messages to different groups.

SMS broadcasting facility is typically used to send news and alerts (e.g.:- emergency alerts) to large groups of people. The most valuable outcome of  such a service lies in emergency situations. For example Dialog Telekom, Sri Lanka uses this method to send emergency messages such as Tsunami alerts to its subscribers. Therefore it is not just another service.

Most SMS broadcasting platforms provide real-time reporting and delivery status facilities to the companies making analysis procedures easier. one message can be sent to a large group of subscribers or different messages can be sent to diffent groups of users through the current SMS broadcasting services. All you have to do is provide a list of MSISDNs to the service provider or use them from your own database.

Mobile Reporting

This is an emerging trend  in the field of news and content generation. Hence, I decided I had better write a blog entry on it since I am mostly focusing on mobile technologies. 

What happens in Mobile reporting is that a mobile phone is used as a reporting tool. This is particularly useful in areas that lack modern Internet infrastructure (E.g.:- Sub Sahara Africa, Central Asia, South America, Latin America) because the mobile phone is low in cost when compared to more traditional reporting equipment.

The methodology

User creates and combines text, photo and video and produces a multimedia based report. The content will be edited on the phone before being uploaded to the internet via mobile network or Internet connection. Usually mobile reporting is used for publishing reports to the web. This is mostly due to the fact that current mobile technology not yet allowing for the production of high end video which in turn affecting the video content being uploaded. Since low quality video is suitable for Internet, it does not become an issue when uploading content to the web .

Advantages of mobile reporting are, 

• Ability to capture text, photo and video
• Ability to capture audio
• First level editing functions
• Connection to mobile network and Internet
• Small and easy to use

Technology being used

Mobile Reporting makes use of a content repurposing platform which supports services that let content owners and users to create, share and publish multimedia content whenever and wherever they want and regardless of format or device. Such a mobile reporting platform takes care of the compatibility between the originating and the target device.

Encryption algorithms

Earlier I was talking about SMS Banking and One Time Passwords. So I guess it is the best time for me to refer to encryption algorithms as well. This might not be a familiar topic to a person who is not involved with technology much. Therefore I would try to write as simply as possible.


Simply said, encryption is used to convert data (including passwords) into a format which would make it harder or almost impossible for intruders to view. It is especially important when data is being sent over insecure platforms (E.g.:- Internet, outside networks other than your own). There are several encryption methodologies. Some are specifically used as password encryption algorithms.


The purpose of using encryption algorithms are, 

• Authentication - means, proving one's identity before granting access.
• Privacy and confidentiality - ensuring that outsiders cannot read data intended for specific parties.
• Integrity - ensuring that the message has not be modified in any way before it arrives to the intended recipient.
• Non-repudiation - ensuring that a message is truly originated from the sender.

The most popular encryption algorithms can be listed and described as follows.

Symmetric Algorithms

This uses a single key to encrypt and decrypt data. These encryption algorithms are usually fast. So they are well suited for encrypting blocks of messages at once. 

E.g.:- 

• DEA (Data Encryption Algorithm) - specified within the DES (Data Encryption Standard)
• 3DES (Triple DES) - a more reliable version
• AES (Advanced Encryption Standard) - has even become a government standard in USA
• FEAL - developed in Japan
• SKIPJACK - a top secret algorithm developed in USA for highly secured data

Asymmetric Algorithms

Asymmetric algorithms involve a pair of relative keys that encode and decode messages. 

One key is used to encrypt data into ciphertext and the other key decrypts it back into plaintext.  The encryption method involves multiplying two large prime numbers to generate a larger number that is almost impossible to revert to the original form. Asymmetric algorithms are also called as Public-key cryptography.

However, asymmetric algorithms tend to be slower than the symmetric method. Therefore, they aren't recommended for encrypting large amounts of data like the symmetric encryption method. 

So what is the advantage of such a scheme than the symmetric method?

It actually happens to be the utilization of two keys. Of the two keys, one key is used as a public key and this public key can be made publicly available, according to its name. This enables anyone to encrypt private messages. Yet, the message can only be decrypted by the party that owns the relative private key. So the real advantage of such an encryption algorithm happens to be in proving the actual origin to ensure to overall integrity of communications.

Hash Algorithms

What happens here is that it converts data of arbitrary length into a smaller fixed length(alos known as message digest/fingerprint). Such algorithms are one-way functions. Hash algorithms are often generated by the DES algorithm to encrypt online banking transactions and other communications where messages can't afford to be corrupted and more commonly used in password encryptions.

E.g.:-

• MD5 - a 128 bit message digest function
• SHA - considered more secure than MD5 since  it produces a digest of 160 bits

OTP

OTP?
OTP stands for One Time Passwords.


Since in my previous blog entry on SMS Banking I used the term OTP, I had better provide an explanation here.  OTP is actually another method to protect users from the fraudulent activities happening regrading password authentication instances. One time passwords allow the user to use a password which is only valid for a single log-in. Afterwards, that password becomes invalid and a new password will be generated for the next log-in instance. OTPs are mostly used in services such as SMS Banking to reduce the risks involved in mobile transactions. This means that even if an intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he will not be able to make use of it since it will be no longer valid.


There are 3 ways of generating OTPs. The similarity of these 3 methods is that they use 'randomness' in the genneration of passwords using their alogrithms.
The 3 methods are,

• Based on time-synchronization

Time-sync will happen between the authentication server and the client providing the password (OTPs are valid only for a short period of time)

• Using a mathematical algorithm (previous password)

It will generate a new password based on the previous password (OTPs are a chain and must be used in a predefined order).

• Using a mathematical algorithm (challenge) 

Here, the new password will be based on a challenge (e.g., a random number chosen by the authentication server or transaction details) and/or a counter.


Users will be notified of these one time passwords via SMS, through OTP-generating software in mobile phones, special electronic tokens or printed paper. 


Even OTPs are vulnerable to potential attacks especially if it doesn't use an encrypting  method. Importantly, it is not advisable to involve a 3rd party when providing OTPs since it brings the risk of man-in-the-middle attack. So this method is still being constantly improved in order to provide security as well as convenience to the customer. 

SMS Banking

SMS Banking is no new term for the people today. However, not all of us have used the facilities of SMS banking and hence are unaware of the amount of services it provides. In addition, most of us are unaware of any risks or the advantages of such a procedure. This blog entry will try to focus on those areas which are important in the view of the customer with a little bit of technological factors.

First of all lets us get to know the types of services we can get to experience through SMS Banking. These services are provided through 2 types of messaging technologies namely, Push messages and Pull messages.

Push messages
Push messages offer service without the customer sending a request for it. For example,

• If a sudden huge amount of cash withdrawal happens in the customers account
• Marketing focused advertisements
• Birthday greetings
• Reporting Salary/ other credits to the bank account

Pull messages
These messages offer services once the customer specifically requests it. Typically, the customer should be registered for these types of services indicating the types of alerts or reminders he/she wants. For example,

• Balance Inquiry
• Transferring of money between two of the customer's bank accounts
• Bill payments

The popularity of SMS Banking should be credited to the easy handling of bank related activities by the customer. Since mobile phone is one device the modern man is never seen without, conducting bank activities through SMS has gained immense popularity.

However, some of the risks attched to SMS based banking activities involve the insufficient amount of security of encrytion methods and SMS channels, compared to the security mechanisms used in ATM and Internet Banking. Nevertheless banks are trying to overcome this limitation by not offering high risk transactional services through this. In addition, using of  OTP or One Time Passwords is another way the banks are using to ensure the security of transactions.

No matter what the risks are, the convenience of SMS Banking methods are outweighing its negative points. Moreover it provides banks with a more efficient and fast way of notifying customers with any emergency situations such as fraudulent activities concerning the customer's account. Therefore, SMS banking tends to the next generations' choice of Banking.  

Oracle Database

So I'm into databases now. The name database suggests that it's a place to store data. However, there are few types of databases. Oracle falls into the category of relational databases. It is Relational Database Management System and is designed to allow simultaneous access to large amounts of stored information. The Oracle database architecture can be described in terms of its logical and physical structures. The physical structure consists of the files reside on the system and the logical structure of logical pieces such as the database schema.


Now for some more explanation!
So what exactly is this Logical structure of Oracle? It consists of 2 elements.


1. Tablespace


It's a logical group of related data and each database has at least one tablespace called the SYSTEM Tablespace. This SYSTEM tablespace is used to store information such as the data dictionary which stores metadata. Metadata are actually the data about data.
E.g.:- table access permissions, information about keys etc.


A tablespace comprises of a collection of one or more Datafiles. Each of these Datafiles consists of ‘Data blocks’, ‘extents’ and ‘segments’.

The 3 terms mentioned above can be easily understood in a diagram as follows.

Data Block

         

Data Block
The smallest level of space allocation/finest level of granularity in Oracle DB architecture is known as a data block. Data is stored in these data block spaces.


Extent
A specific amount of contiguous data blocks are known as an extent. This is used to store a specific type of information.


Segment 
A specific amount of extents are known a segment. This is used to store a specific type of data structure. 
E.g.:- Each table's data is stored in its own data segment; each index's data is stored in its own index segment. 


2. Schema 

Schema objects define how you see the database's data. They are a collection of logical-structure objects. A schema also defines a level of access for the users as well. All the logical objects in oracle are grouped into a schema. 

A schema is a logical grouping of objects such as:

• Tables -consists of a tablename and rows and columns of data; is the basic logical storage unit in the Oracle database
• Clusters -a set of tables physically stored together as one table that shares a common column.
• Indexes -a structure created to help retrieve data more quickly and efficiently 
• Views -a window into one or more tables. A view does not store any data; it presents table data.
• Stored procedures -a predefined SQL query that is stored in the data dictionary.
• Triggers -a procedure that is run automatically when an event occurs.
• Sequences - used to automatically generate a unique sequence of numbers in cache. 

Now comes the second part; the Physical structure of Oracle DB.

The physical structure of the Oracle database consists of 3 types of files:

1. One or more Datafiles
2. Two or more redo log files
3. One or more control files

Datafiles (.dbf files)

These Datafiles store the information contained in the database. The information for a single table can span many datafiles or many tables can share a set of datafiles. This structure helps to improve the DB performance significantly.

Redo log files (.rdo & .arc)

Oracle DB maintains logs of all the transaction against the database and stores them in the Redo Log files. The main purpose of this is to easily recover the information in the event of a system failure.

Control files

These files record control information about all of the files within the database. They maintain internal consistency and guide recovery operation. Control files have the information used to start an instance, such as the location of datafiles and redo log files.