Digital Solutions External

Synchronous Data Exchange

the sender and receiver take turns sending and acknowledging data exchanges

Asynchronous Data Exchange

the sender sends data but does not wait for a response

REST

Representational State Transfer. Set of rules for building web applications/APIs. Stateless - The server provides whatever information the client needs to interact with the service. 

Stateless Services

A client/browser can interact with a server in complex ways by following a uniform and predefined set of stateless operations.

Stateless Meaning

The client will send any relevant information to the server within a query, so the server does not need to know the exact state of the client to respond to the client’s queries.

API

data exchange application that enables two software components to communicate with each other using a set of definitions and protocols. Request → API → Server → API → Client

API Key

Unique code provided to a user which identifies them and authenticates their use of an API. Used to control and track an API’s usage.

JSON

Javascript Object Notation. Does not use end tags. Quicker to read and write. Easier to parse values.

XML

Similar to HTML. All elements must be closed, no built-in tags. Easily readable but requires an XML parser to access.

Network Transmission Principles

Elements of sending data between two networked devices

Latency

delay between the time an application requests data and the time it receives it. influenced by serialisation, propagation, switching and queuing

Jitter

irregular latency in data transmission (lag/stuttering) caused by irregular packet transmission and network congestion. Often noticeable in synchronous exchanges.

Jitter examples

Stuttering when streaming videos, delays in voice/video calls, distortion or choppy audio, lag and stuttering when online gaming

Guarantee

Quality of service guarantee – some packets are prioritised over others to reduce latency or variance in packet delay.

Best-Effort Services

no guarantee of timeliness

Differentiated Services

some traffic is treated better than other traffic

Guaranteed Services

some network bandwidth is reserved for critical applications

Timeliness

timeliness of delivery - how long it takes for a data packet to be transmitted to a recipient. Data processing can be adjusted for time sensitive applications.

Hard deadline

late data is discarded

Soft deadline

late data is used but is not as accurate

No deadlines

data delivered via best-effort approach

Network Transmission Protocols

rules that define the exchange of data packets between networked devices

Communication Protocols

Protocols that determine rules and formats to transfer data across networks. Relate to syntax, authentication, semantics, and error detection e.g. HTTP, TCP, IP, FTP, VPN

HTTP

Hyper-text transfer protocol. Request-response stateless transmission protocol that allows communication between a server and client. Sends data as plain text. No encryption or authentication.

HTTP Request

Contains a method type (GET/POST/ PUT/DELETE) and URI (Uniform Resource Identifier).

HTTP Response

Contains success or error code and messages containing requested data

HTTPS

Secure version of HTTP. Uses Transport Layer Security (TLS) or Secure Socket Layer (SSL) to encrypt transmission using public key encryption methods.

SSL

When data is requested via HTTPS, the web server sends an SSL certificate to the client which contains a public encryption key. Public key is used in an SSL handshake to establish secure session.

Transmission Control Protocol (TCP)

Protocol that guarantees that all data packets received will be identical to and in the same order as those sent. Times packet transmission in case of corruption or loss (packet re-transmitted)

Internet Protocol (IP)

Facilitates routing data packets across networks using addressing and control information. Works along with TCP in delivering packets.

File Transfer Protocol (FTP)

Allows for the transfer of computer files between a server and a client on a computer network by establishing two TCP connections, one for data transfer and the other for control. Slow (one control connection used for multiple transfers) and stateful. Usually requires sign in.

Virtual Private Network (VPN)

Encrypted connection between two network devices. Adds extra protection to data packets (e.g. SSL) – known as ‘tunnelling’. Most use public key encryption which ensures data integrity and authentication during data exchanges

Hashing

Operation that takes any string of text, regardless of length or size, as an input and provides a fixed-length indistinguishable string as an output. One way.

Purpose of Hashing

Protects data from unauthorized access in the case of a data breach

Data Compression

Reduces file size by getting rid of unnecessary data. Compress using ZIP, GZIP

Benefits of Data Compression

Conserves storage capacity, faster file transfers, minimises costs for hardware storage and network capacity

Lossy Compression

Data is lost. Used for graphics, audio files etc. where deletion of some data has little effects

Lossless Compression

Does not lose data. Can be returned to original file size. Used for executable files, text, spreadsheet files etc. where loss of data would change information

Full Disk Encryption (FDE)

Encryption of data at rest. When you save a file on disk/hard drive, it is automatically encrypted.

File Encryption

the manual encryption of an individual file

End to End Encryption

Encrypts data on the sender's device and decrypts it only on the recipient's device, ensuring that the data is unreadable to intermediaries, including the service provider. Other encryption methods only encrypt data at rest or in transit.

Confidentiality

Preventing unauthorised access to data

Integrity

Preventing data from unauthorised changes (errors, malicious intercepting/altering) to maintain accuracy, completeness and consistency across its life cycle, ensuring reliability

Availability

Preventing the malicious interference with data transmission which stops data reaching its required destination e.g. preventing DDoS attacks

Encryption

Encoding (converting) data using mathematical formulas into a form that only an intended recipient can decode. Prevents unauthorised access to data in transit and storage.

Authentication

Verifying the identity of a sender or receiver of data using a digital signature or authentication code

Checksum

data ‘fingerprint’ which ensures data is transmitted accurately without corruption or loss

Block Cipher

Encrypts plaintext symbols in blocks (more secure)

Stream Cipher

Convert each symbol of plaintext into ciphertext one by one (faster)

Symmetric Encryption

Uses the same key to encrypt/decrypt

Asymmetric Encryption

Uses receiver’s public key for encryption and private key for decryption - secure from users without private key

Feistel Network

Used in the construction of block ciphers. Very similar or identical set of iterative structural processes to encrypt or decrypt the same block of data.

Sequence

a series of steps or instructions that follow one after the other

Iteration

a number of instructions or a process is repeated in a loop to avoid redundancy in written code

Condition

logical expression that is true or false

Selection

Choosing whether code runs or not based on a condition e.g. if statement

Functions

Defining a sequence of code with a name that can be called by other code. Used to avoid repeating code.

Variables

Containers that store (remember) data so it can be used elsewhere in a sequence of code

Assignment

Storing a data value (stated or calculated) in a variable location

Modularisation

Reducing a systems complexity by breaking its code into smaller seperate sections thus allowing different sections to be used in different parts of the application.

Substitution Cipher

Text is encrypted by replacing each letter in the plaintext with another character based on a secret key

Caesar cipher

simple substitution cipher. each letter is shifted by a constant amount.

Polyalphabetic Cipher

Substitution cipher where the amount each letter is shifted by changes over the course of the message

Vigenere Cipher

A random keyword is created and repeated to match the length of the message. Each letter in the message is shifted by the numerical value of its corresponding letter in the keyword, or a cipher table can be used.

Gronsfeld Cipher

A numeric key is created and repeated to match the length of the message. Each letter in the message is shifted by its corresponding numerical value.

One-Time Pad Encryption

A one-time key the length of the message is randomly generated and given to both the sender and receiver. Each letter in plaintext is combined with its corresponding character in the key using an XOR operation allowing it to be decrypted by the receiver performing the same operation with the ciphertext and the key. The key is then discarded.

Issues with Ciphers

Easily broken computationally allowing unauthorised access

Elements of Visual Communication

Line, space, colour, shape, tone, texture, form, scale, proportion

Principles of Visual Communication

Hierarchy, balance, contrast, alignment, proximity, harmony, repetition

Accessibility

Ability to be used by many different people, including those with disabilities

Effectiveness

Ability of users to use the system to do the work they need to do, includes reliability

Utility

Ability of the system to provide all the functionality that users need

Safety

Ability for users to make mistakes and recover from them

Learnability

How easy a system is to learn

APP 1

Personal information must be managed in an open and transparent way. Have a clearly expressed and up to date privacy policy.

APP 2

Individuals should have the option of not identifying themselves or using a pseudonym unless the entity is required or authorised by law to deal with identified individuals

APP 3

Organisations can only solicit and collect personal information that is reasonably necessary and from the individual concerned and it must be collected lawfully and fairly.

APP 4

Most unsolicited personal information must be destroyed or de-identified ASAP unless it is from a Commonwealth record. If the organisation is not required to destroy the information, they can manage it using APPS 5-13

APP 5

An organisation must notify an individual about the collection of their personal information, before or at the time of collection as well as inform them of the purposes of collection, the privacy policy, and consequences if information is not collected.

APP 6

Organisation can only use or disclose personal information for the reason it was collected

APP 7

An organisation must not use or disclose personal information for the purpose of direct marketing.

APP 8

Before an organisation discloses personal information to an overseas recipient, they must ensure that the overseas recipient does not breach the APPs in relation to the information

APP 9

An organisation should not use a government related identifier as its own identifier of an individual or disclose any government related identifiers

APP 10

Personal information should be accurate, up to date, and complete

APP 11

An organisation must protect personal information from misuse, interference, loss and unauthorised access, modification, or disclosure.

APP 12

An individual must be given access to their personal information if requested

APP 13

Organisations should correct personal information that is not accurate, up to date, complete, relevant or is misleading

%

for zero or more unknown characters

_

for a single unknown character

WHERE

filter rows of a select query based on a specific condition

LIKE

used for partial matching

IN

allows you to specify multiple conditions in a where statement

HAVING

filter grouped rows in a select query (calculation functions)

GROUP BY

used with calculation functions to group results by a matching condition

inner-join

uses a matching field to select data from multiple tables

create a new table

CREATE TABLE table name (

column name datatype null value

primary key (column name)

)

delete a table

DROP TABLE table name

add/delete/modify columns

ALTER TABLE table name, ADD column name datatype DROP/RENAME/ALTER column name

add a new record to a table

INSERT INTO table name (column1, column2, column3, ...) VALUES (value1, value2, value3, ...)

modify an existing record

UPDATE table name
SET column1 = value1
WHERE condition