Date | May 2018 | Marks available | 2 | Reference code | 18M.2.SL.TZ0.7 |
Level | SL | Paper | 2 | Time zone | no time zone |
Command term | State | Question number | 7 | Adapted from | N/A |
Question
Home banking allows individuals to perform operations over the Internet on their own bank accounts.
Access to a bank’s home banking services requires, as a first step, identification and authentication of the user. Individuals log on the bank web site, and enter their own personal space by providing their full account number and a personal code that the bank gave them. The processing of this information takes place on the server side.
Outline the relationship between the Internet and the world wide web (WWW).
Explain why the choice of browser should not affect a customer’s ability to access their bank account details.
State two features that make HTTPS more suitable than HTTP in the context of home banking.
Explain why server-side processing is used in this case.
The 20 most recent account transactions can be displayed on screen in a webpage that uses XML. A print-out of all transactions of the past three months may be obtained by clicking an onscreen button on the webpage. The print-out is landscape oriented and shows many more columns than are displayed on the screen.
Describe how this processing takes place with reference to the use of XML and XSLT.
Markscheme
Award up to [2 max].
Award [1 max] for Internet and [1 max] for WWW.
Internet is a network of (networks of) computers that can communicate one with each other;
To exchange/access information through the WWW;
The WWW is a way to access/share/exchange information using software applications;
Using the Internet as a physical medium;
Internet allows the transmission of data;
That constitute the information that applications on the WWW may want to share/access/exchange;
The WWW provides, through hyperlinks, a level of connectivity of resources (logical connectivity);
Which can be physically sparse, but connected in a network in the Internet;
Award up to [4 max]:
Award [1] for defining the term “standards” and award [1] for a development up to [2 max];
Award [1] for defining the term “protocol(s)” and award [1] for a development up to [2 max];
Standards are applied by the browser;
For interpreting the HTML (XML);
So that the all information will appear, and also (more or less) as expected;
Protocols are used;
To build up the communication at different levels of the architecture;
All browsers will rely upon the same internet protocols (TCP/IP);
That is essential for interoperability in transmission/communication;
So that the IP address is retrieved (via the DNS server);
Award [2 max] for a generic response.
Award up to [2 max]:
HTTPS authenticates the web site;
HTTPS encrypts the data that need to be transferred;
Award up to [3 max]:
The bank needs to store all passwords in its server, including the credentials given to the users;
So that the comparison with the individual’s entry happens in the bank with the local database;
To the purpose of guaranteeing security;
And to possibly perform other operations (tracking log-ins or transactions);
The bank cannot send out password to be processed on the client’s side;
This will not be a guarantee for security for the bank/it may introduce vulnerabilities/sensitive data cannot be sent out in the public domain;
Hence the comparison with the individual’s entry must happen in the bank with the local database;
Note: Do not award marks between clusters.
Award up to [3 max]:
XML is used to create/organize the data on the internal database;
By clicking the virtual button a script is run that transforms the information on the database into the print-out form;
Stylesheet in XSLT transforms XML into an output form;
The script contains instructions on how to access the database (which fields are relevant) and how to present the information for the final form for the printer;
By clicking the virtual button a script is run;
Which uses XML to retrieve/select the required data from the internal database/server;
Which is displayed using XSLT into an appropriate output form (on the screen);
The script also contains instructions for the correct printout of data;
Note: Do not award marks between clusters.