A Secure Peer-to-Peer Exchange of Sensitive Data

Project Overview

Synchrony works with many companies, like Walmart, to provide their financial services. On a webpage operated by Lowe’s, or another of Synchrony’s clients, there may need to be a link to a page operated by Synchrony - a page for signing up for a rewards card to get a discount, for instance. That link would open a new browser window, where sensitive information, like credit card numbers, may be submitted. That window, upon closing, must then send that sensitive data securely back to the first window, without needing to send any information between Synchrony’s and Lowe’s servers. Ideally, the information would be encrypted by Synchrony and then ‘sent’ back to the clients original window. This will allow Synchrony’s clients to more easily integrate their services without having to match any changes to their backend servers.

High-level Requirements

The code used for this project must be easily implementable by Synchrony’s client’s (e.g. Walmart) website. The client should not have to make any physical infrastructure changes to accomodate our solution; only modification to the web page. The transfer must be secure in every way we can make it secure; ideally, purely inter-process communication on the user’s computer, with encrypted data - meaning a malicious packet sniffer would have to be running on the user’s computer and be able to crack the encrypted transmission to be able to see the sensitive information. The end goal will be to have the client only communicating their own servers, and to have Synchrony’s clients communicate with their server and then with the parent windows.

Project Management

Bitbucket Link: https://bitbucket.org/cps491s19-team3/scrum-team3-project/src/master/

Trello board Link: https://trello.com/b/eCHsq61g/scrum-team3-project

Project homepage: https://cps491s19-team3.bitbucket.io/

Project Presentation: Click here to see our presentation slides