2factor Pro Mzc

8/6/2019 2factor Pro Mzc

1/61

Page | 4Project Report TwoFactor Authentication

TABLE OF CONTENTS

1. INTRODUCTION ........7

2. SYSTEM STUDY ........6

2.1 Study of existing system .....................6

2.2 Study of proposed system ....................6

3. SYSTEM ANALYSIS ............11

3.1 Feasibility study .................11

3.1.1 Operation feasibility ................11

3.1.2 Technical feasibility ........ 12

3.1.3 Economicalfeasibility.......13

4. SYSTEM SPECIFICATION .13

4.1 Hardware specification ...13

4.2 Software specification ........13

4.3 Languages used ..............13

4.3.1 Java ..................13

4.3.2 JSP....15

4.3.3 JavaScipt...18

4.3.4 J2ME.18

4.3.5 J2EE..23

4.3.6 MySQL.....24

Department of Computer Science, MZC


2/61


5. SYSTEM DESIGN ........26

5.1 Logical Design .................27

5.2 Input Design ....................28

5.3 Output Design .................28

5.4 Physical Design.29

5.5 Modular Design.30

5.6 Database Design31

5.7 DFD...32

6. DETAILED DESIGN..............................................................35

6.1 Module Description ......................35

6.2 Table Design.............................................................................................37

7. STSTEM TESTING & IMPLEMENTATION......................39

7.1 System Tesing ..........39

7.1.1 Unit Testing ...............41

7.1.2 Module Level Testing ..................41

7.1.3 Integration & System Testing ...........41

7.1.4 Regression Testing..42

7.2 System Implementation..42

7.2.1 Implementation methods.43

7.2.2 Implementation plan44

8. FIGURES..................................................................................45

8.1 Data Flow Diagram ......45

8.2 Screen Shots .................48

8.2.1 Desktop part .................48

8.2.2 Website part .............53

8.2.3 Mobile part.....60



3/61


9. CONCLUSION ...63

10. REFERENCES..64

1. INTRODUCTION



4/61


Today security concerns are on the rise in all areas such as banks,

governmental applications, healthcare industry, military organization, educationalinstitutions, etc. Government organizations are setting standards, passing laws and

forcing organizations and agencies to comply with these standards with non-compliance

being met with wide-ranging consequences. There are several issues when it comes to

security concerns in these numerous and varying industries with one common weak link

being passwords. Most systems today rely on static passwords to verify the users

identity. However, such passwords come with major management security concerns.

Users end to use easy-to-guess passwords, use the same password in multiple accounts,

write the passwords or store them on their machines, etc. Furthermore, hackers have the

option of using many techniques to steal passwords such as shoulder surfing, snooping,

sniffing, guessing, etc.Providing usable security mechanisms that take advantage of this

wide spread use of mobile devices not only would increase the level of protection for

critical information, but may also enhance the chances that security considerations will

be embraced by the end users.

Authentication using mobile devices is one way to bring such devices into therealm of security. However, previous research efforts that use mobile devices for

authentication purposes, have employed weak authentication (i.e., only a username and

password pair) using input and output features of such devices. Weak authentication is

known for its vulnerability to several attacks, including shoulder surfing, phishing, and

key logging. Moreover, the compact size of mobile devices imposes constraints on their

efficient and consistent usability. It is unreasonable to expect a user to enter a

potentially long password into a mobile device several times a day. Likewise, we cannot

expect users to use small screens of mobile devices as a proper output device for their

daily transactions.

We propose a two-factor authentication system that employs a mobile device to

authenticate a user to a web server (i.e. an on-line banking site) through a potentially

untrusted personal computer (i.e., a client). The first factor is the combination of

username and password that are usually required by web servers. The second factor is a

one-time password that would be typed into the browser of the untrusted client and sent



5/61


to the web server. In our implementation of OTPs, we provide the users with a list of

randomly generated OTPs following SHA1 algorithm including security against

shoulder surfing attacks. Storing the long term credentials on the mobile device prevents

from repetitive entry of potentially long username and passwords into a mobile device

and enables the users to use long and possibly more complicated passwords for their

accounts. Furthermore, using an OTP as a secondary authentication credential changes

the whole authentication process from weak authentication to strong authentication, thus

bringing more security for the users. We have implemented this authentication

mechanism using JAVA Mobile Information Device Profile (MIDP) for J2ME on a

relevant Mobile phone.

In addition to a description of this authentication protocol, we present the results

of security and usability evaluations of our two-factor mobile authentication system.

The security analysis evaluates the mobile authentication mechanism against an

adversary model. Our analysis shows that the security of our devised method is

improved over similar authentication approaches that use mobile devices, due to the

addition of the OTP which leads to having a strong authentication mechanism. Further

more, the results of our usability study show that our participants were willing to adopt

the new technology once became aware of the potential threats to their passwords when

using untrusted computers. Participants indicated they would accept a lower level of

usability in return for the higher level of security of the mobile technology. However,

for this new technology to be a complete replacement to conventional

username/password based systems, it should be significantly simpler.

Security Evaluation of the Mobile Authentication Mechanism



6/61


There are a variety of attacks that require to be considered while analyzing the

security of our method and this method is secure against the following types of attacks.

-Key Logging Attacks

-Lost or Stolen Mobile Device

-Lost or Stolen List of OTPs

-Shoulder Surfing

-Phishing Man-in-the-Middle Attack

-Passive Man-in-the-Middle Attack

-Active Man-in-the-Middle Attack

- Denial of Service Attack

2. SYSTEM STUDY

System study aims at establishing requests for the system to be acquired,

developed and installed. It involves studying and analyzing the ways of an organization

currently processing the data to produce information. Analyzing the problem thoroughly

forms the vital part of the system study. In system analysis, prevailing situation of



7/61


problem is carefully examined by breaking them into sub problems. Problematic areas

are identified and information is collected. Data gathering is essential to any analysis of

requests. It is necessary that this analysis familiarizes the designer with objectives,

activities and the function of the organization in which the system is to be implemented.

2.1 STUDY OF EXISTING SYSTEM

Most systems today rely on static passwordsto verify the users identity which

can affect security management. Passwords are known to be one of the easiest targets

of hackers whom uses many techniques to steal passwords such as shoulder surfing,

snooping, sniffing, guessing, etc. Users tend to use easy-to-guess passwords, use same

password in multiple accounts, write passwords or store them on their machines, etc.

2.2 STUDY OF PROPOSED SYSTEM

The proposed method guarantees that authenticating to services, such as online

banking or ATM machines, is done in a very secure manner. The proposed system

involves using a mobile phone as a software token for One Time Password

generation. The generated One Time Password is valid for only a short user defined

time period and is generated by factors that are unique the user .

3. SYSTEM ANALYSIS

The primary goal of the system analyst is to improve the efficiency of the

existing system. For that the study of specification of the requirements is very essential.

For the development of the new system, a preliminary survey of the existing system will

be conducted. Investigation is done whether the up gradation of the system into an



8/61


application program could solve the problems and eradicate the inefficiency of the

existing system.

3.1 FEASIBILITY STUDY

The initial investigation points to the question whether the project is feasible. A

feasibility is conducted to identify the best system that meets the all the requirements.

This includes an identification description, an valuation of the proposed systems and

selection of the best system for the job. The requirements of the system are specified

with a set of constraints such as system objectives and the description of the out puts. It

is then duty of the analyst to evaluate the feasibility of the proposed system to generate

the above results. Three key factors are to be considered during the feasibility study.

3.1.1 Operation Feasibility

An estimate should be made to determine how much effort and care will go into

the developing of the system including the training to be given to the user. Usually,

people are reluctant to changes that come in their progression. The computer

initialization will certainly affected the turn over, transfer and employee job status.

Hence an additional effort is to be made to train and educate the users on the new way

of the system.

3.1.2 Technical Feasibility

The main consideration is to be given to the study of available resources of the

organization where the software is to be implemented. Here the system analyst evaluates

the technical merits of the system giving emphasis on the performance, Reliability,

maintainability and productivity.



9/61


By taking the consideration before developing the proposed system, the

resources availability of the organization was studied. The organization was immense

computer facilities equipped with sophisticated machines and the software hence this

technically feasible.

3.1.3 Economic Feasibility

Economic feasibility is the most important and frequently used method for

evaluating the effectiveness of the proposed system. It is very essential because the

main goal of the proposed system is to have economically better result along with

increased efficiency. Cost benefit analysis is usually performed for this purpose. It is the

comparative study of the cost verses the benefit and savings that are expected from the

proposed system. Since the organization is well equipped with the required hard ware,

the project was found to be economically.



10/61

Page | 13Project Report Two

Factor Authentication

4. SYSTEM SPECIFICATION

4.1 HARDWARE SPECIFICATION

Processor : Pentium IV OR Above

Primary Memory : 256 MB RAM

Storage : 40 GB Hard Disk

4.2 SOFTWARE SPECIFICATION

Front end : Java , J2ME ,J2EE

Back end : My SQL

Operating system : Windows

IDE : Net beans

4.3 LANGUAGES USED

4.3.1 JAVA

Java was conceived by James Gosling, Patrick Naughton, Chris Warth, Ed Frank

and Mike Sheridan at Sun Microsystems Inc. in 1991.The primary motivation was the

need for a platform-independent language that could be used to create software to be

embedded in various consumer electronic devices, such as microwave ovens and

remote controls. Java can be used to create two types of programs: applications and

applets. An applet is an application designed to be transmitted over the Internet andexecuted by a Java-enabled web browser. An applet is actually a tiny Java program,

dynamically downloaded across the network, just like an image, sound files, or video

clip.



11/61



Javas Magic: The Byte Code

The key that allows Java to solve both the security and the portability problems just

described is that the output of a Java compiler is not executable code. Rather, it is Byte

code. Byte code is a highly optimized set of instruction designed to be executed by the

Java run-time system, which is called the Java Virtual Machine (JVM).That is in its

standard form, the JVM is an interpreter for Byte code. This may come as a bit of

surprise. Translating a Java program into Byte code helps to makes it much easier to run

a program in a wide variety of environments. The reason is straightforward: only theJVM needs to be implemented for each platform. Once the run-time package exists for a

given system, any Java Program can run on it.

Java Features

Like all other Computer languages, the elements of java dont exist in isolation. Rather

they work together to form the language as a whole. However, this interrelatedness can

make it difficult to describe one aspect of java without involve several others .Object

oriented programming is the core of java. Java is related to C++ which is a direct decent

of C. Much of the character of Java is inherited from these two languages. From C java

derives its syntax. Many of the javas object oriented features were influenced by C++.

In fast several of Javas designing characteristics come from its predecessors. More over

the creation of java is deeply rooted in the process of refinement and adaptation that has

been occurring in computer programming languages for the past three decades. The key

features of java are summed up as follows.

Simple: - java was designed to be easy for the professional programmers to learn

and use effectively.

Source: - Java provides firewall security.

Portable: - Java is portable language.

Object-oriented: - Object oriented programming is the core of java.

Robust: - Provide multiplatform environment.

Multithreaded: - Programs that do many things simultaneously.



12/61



Interpreted: - Java enables the creation of cross platform programs by compiling

into an intermediate representation called java byte code.

Distributed: - Java is designed for distributed environment of internet, because it

handles TCP/IP protocol.

Dynamic: - Java programs carry with them substantial amounts of run time type

information that is used to verify and resolve access to object at runtime. This

makes it possible to dynamic link code in an expedient manner.

4.3.2. JSP-JAVA SERVER PAGES

JSP is now an integral part for developing web-based applications using Java,

because of its ability to separate presentation from logic implementation by combining

standard mark up text with scripting elements and object-oriented components. JSP

provides excellent front-end technology for applications that are deployed over the web.

A key element of the J2EE Application Model is the use of the web as a

preferred mechanism for data delivery between the applications and the end user,

relying on the web browser as a primary user interface for enterprise software. A proto

typical web application can be composed from:

Java Runtime Environment(s) running in the server (required).

JSP page(s) that handle requests and generate the dynamic content.

Servlet(s) that handle request and generate dynamic content.

Server-side Java Beans components that encapsulate behaviour and state.

Static HTML, DHTML, XHTML, XML and similar pages.

Client-side Java Applets, Java Beans components and arbitrary Java class

files.

Java Runtime Environment(s) (downloadable via the plug-in) running in

the client(s).

The Java Server Pages specification inherits from the servlet specificationthe concepts of Applications, Contexts, Sessions, Requests and Responses.



13/61



JSP is a java based technology that simplifies the process of developing

dynamic web sites. With JSP, web designers and developers can quickly incorporate

dynamic elements into web pages using embedded java and simple mark-up tags. These

tags provide the HTML designer with a way to access data and business logic stored

inside java objects. Java Server Pages are text files with the extension .jsp, which take

the place of traditional HTML pages. JSP files contain traditional HTML along with

embedded code that allows the developer to access data from the java code running on

the server.

JSP offers several benefits for dynamic content generation. As a Java-based

technology, it enjoys all of the advantages that the Java language provides with respect

to development and deployment. As an object-oriented language with strong typing,

encapsulation, exception handling, and automatic memory management, use of Java

leads to increased programmer productivity and more robust code. Because compiled

Java byte code is portable across all platforms that support a JVM, use of JSP does not

lock us into using a specific hardware platform, operating system, or server software. If

a switch in any of these components becomes necessary, all JSP pages and associated

Java classes can be migrated over as is. Because JSP is vendor-neutral, developers and

system architects can select best of breed solutions at all stages of JSP deployment .JSP

technology is the Java platform technology for building applications containing

dynamic web content such as HTML, DHTML, XHTML, and XML. The Java Server

Pages technology enables the authoring of web pages that create dynamic content easily

but with maximum power and flexibility. The Java Server Pages technology offers a

number of advantages:

Write Once, Run Anywhere properties

The Java Server Pages technology is platform independent, both in its dynamic

Web pages, its Web servers, and its underlying server components. We can author JSP

pages on any platform, run them on any Web server or Web enabled application server,

and access them from any web browser. We can also build the server components on

any platform and run them on any server.

High quality tool support



14/61



The Write Once, Run Anywhere properties of JSP allows the user to choose

best-of-breed tools. Additionally, an explicit goal of the Java Server Pages design is to

enable the creation of high portable tools.

Reuse of components and tag libraries

The Java Server Pages technology emphasizes the use of reusable components

such as Java Bean components, Enterprise Java Beans components and tag libraries.

These components can be used in interactive tools for component development and page

composition. This saves considerable development time while giving the cross-platform

power and flexibility of the Java programming language and other scripting languages.

Separation of dynamic and static content

The Java Server Pages technology enables the separation of static content from

dynamic content that is inserted into the static template. This greatly simplifies the

creation of content. This separation is supported by beans specifically designed for the

interaction with server-side objects, and, specifically, by the tag extension mechanism.

Support for scripting and actions

The Java Server Pages technology supports scripting elements as well as actions.

Actions permit the encapsulation of useful functionality in a convenient form that can

also be manipulated by tools. Scripts provide mechanism to glue together this

functionality in a per-page manner.

Web access layer for N-tier enterprise application architecture

The Java Server pages technology is an integral part of the Java 2Platform

Enterprise Edition (J2EE), which brings Java technology to enterprise computing. We

can now develop powerful middle-tier server applications, using a web site that uses

Java Server Pages technology as a front end to Enterprise Java Beans components in a

J2EE complaint.

4.3.3. JAVA SCRIPT



15/61



JavaScript is use for validation purposes usually at the client-side, which do not

require the server. It is a programming language integrated with HTML. JavaScript

facilitates the developer with properties related to document windows, frames, forms,

loaded documents and links. This scripting language also traps user events so programs

can be developed for such events. This is an interpreter-based language and source code

files are directly executed at runtime. JavaScript includes built-in objects related to the

current windows and documents as well as objects such as Math, String, Date functions

respectively. Since JavaScript is an object-based language, it supports instances,

methods and properties.

The browsers support JavaScript. In JavaScript, the document object refers to

whatever web page the reader is currently looking through which is also the

document that contains the JavaScript code. The links are objects within the document

object. Date, button, checkbox, elements array from password are the other objects

available. JavaScript statements are used to build loops into the script so that commands

can be executed several times.

Event handlers are those parts of language that tell JavaScript to send or to carry

out some actions. The event handlers go into regular HTML tags.

Can display custom dialog boxes on the screen, i.e. alert (), confirm ()

and prompt ().

Have two data types Numbers and Strings.

JavaScript has custom functions and allows user to write code to have

user-defined functions.

4.3.4. J2ME

Sun Microsystems defines J2ME as "a highly optimized Java run-time

environment targeting a wide range of consumer products, including pagers, cellular

phones, screen-phones, digital set-top boxes and car navigation systems."Announced in

June 1999 at the JavaOne Developer Conference, J2ME brings the cross-platform

functionality of the Java language to smaller devices, allowing mobile wireless devices

to share applications. With J2ME, Sun has adapted the Java platform for consumer

products that incorporate or are based on small computing devices.



16/61



General J2ME architecture

J2ME uses configurations and profiles to customize the Java Runtime Environment

(JRE).As a complete JRE, J2ME is comprised of a configuration, which determines the

JVM used, and a profile, which defines the application by adding domain-specific

classes. The configuration defines the basic run-time environment as a set of core

classes and a specific JVM that run on specific types of devices. The profiledefines the

application; specifically, it adds domain-specific classes to the J2ME configuration to

define certain uses for devices.

Configurations overview

The configuration defines the basic run-time environment as a set of core classes and a

specific JVM that run on specific types of devices. Currently, two configurations existfor J2ME, though others may be defined in the future:

Connected Limited Device Configuration (CLDC) is used specifically with the

KVM for 16-bit or 32-bit devices with limited amounts of memory. This is the

configuration (and the virtual machine) used for developing small J2ME

applications. Its size limitations make CLDC more interesting and challenging

(from a development point of view) than CDC. CLDC is also the configuration

that we will use for developing our drawing tool application. An example of a

small wireless device running small applications is a Palm hand-held computer.

Connected Device Configuration (CDC)is used with the C virtual machine

(CVM) and is used for 32-bit architectures requiring more than 2 MB of

memory An example of such a device is a Net TV box.

Connected Limited Device Configuration (CLDC)

CLDC was created by the Java Community Process, which has standardized this

"portable, minimum-footprint. Java building block for small, resource-constrained

devices," as defined on Sun Microsystems' Web site. The J2ME CLDC configuration

provides for a virtual machine and set of core libraries to be used within an industry-

defined profile. As mentioned in Section 2, a profile defines the applications for

particular devices by supplying domain-specific classes on top of the base J2ME

configuration. The K virtual machine (KVM), CLDC's reference implementation of a

virtual machine, and its KJava profile run on top of CLDC. CLDC outlines the most



17/61



basic set of libraries and Java virtual machine features required for each implementation

of J2ME on highly constrained devices. CLDC targets devices with slow network

connections, limited power (often battery operated), 128 KB or more of non-volatile

memory, and 32 KB or more of volatile memory. Volatile memory is non-persistent and

has no write protection, meaning if the device is turned off, the contents of volatile

memory are lost. With non-volatile memory, contents are persistent and write protected.

CLDC devices use non-volatile memory to store the run-time libraries and KVM, or

another virtual machine created for a particular device. Volatile memory is used for

allocating run-time memory.

CLDC requirements

CLDC defines the following requirements:

Full Java language support (except for floating pointer support, finalization, and

error

handling)

Full JVM support

Security for CLDC

Limited internationalization support

Inherited classes -- all classes not specific to CLDC must be subsets of J2SE

1.3classes

Classes specific to CLDC are in javax.microedition package and subpackages

Connected Device Configuration (CDC)

Connected Device Configuration (CDC) has been defined as a stripped-down version ofJava 2 Standard Edition (J2SE) with the CLDC classes added to it. Therefore, CDC was

built upon CLDC, and as such, applications developed for CLDC devices also run on

CDC devices. CDC, also developed by the Java Community Process, provides a

standardized, portable, full-featured Java 2 virtual machine building block for consumer

electronic and embedded devices, such as smartphones, two-way pagers, PDAs, home

appliances, point-of-sale terminals, and car navigation systems. These devices run a 32-

bit microprocessor and have more than 2 MB of memory, which is needed to store the C



18/61



virtual machine and libraries .While the K virtual machine supports CLDC, the C virtual

machine (CVM) supports CDC.

Profiles overview

The profile defines the type of devices supported by your application. Specifically, it

adds domain-specific classes to the J2ME configuration to define certain uses for

devices. Profiles are built on top of configurations. Two profiles have been defined for

J2ME and are built on CLDC: KJava and Mobile Information Device Profile (MIDP).

These profiles are geared toward smaller devices. A skeleton profile on which you

create your own profile, the Foundation Profile, is available for CDC. However, for this

tutorial, we will focus only on profiles built on top of CLDC for smaller devices.

Target devices for J2ME applications developed using CLDC generally have the

following

Characteristics:

160 to 512 kilobytes of total memory available for the Java platform

Limited power, often battery powered

Network connectivity, often with a wireless, inconsistent connection and with

limited

bandwidth

User interfaces with varying degrees of sophistication; sometimes with no

interface at all

Some devices supported by CLDC include wireless phones, pagers,

mainstream personal digital assistants (PDAs), and small retail payment terminals.

According to Sun Microsystems, target devices for CDC generally have the following

characteristics:

Powered by a 32-bit processor

Two megabytes or more of total memory available for the Java platform

Devices that require the full functionality of the Java 2 "Blue Book" virtual

machine

Network connectivity, often with a wireless, inconsistent connection and with

limited bandwidth



19/61



User interfaces with varying degrees of sophistication; sometimes with no

interface

Some devices supported by CDC include residential gateways, Smartphone and

communicators, PDAs, organizers, home appliances, point-of-sale terminals, and car

navigation systems.

Profile 1: KJava

KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is

built on top of the CLDC configuration. The KJava virtual machine, KVM, accepts thesame byte codes and class file format as the classic J2SE virtual machine. KJava

contains a Sun-specific API that runs on the Palm OS. The KJava API has a great deal

in common with the J2SE Abstract Windowing Toolkit (AWT). However, because it is

not a standard J2ME package, its main package is com.sun.kjava. We'll learn more

about the KJava API later in this tutorial when we develop some sample applications.

Profile 2: MIDP

MIDP is geared toward mobile devices such as cellular phones and pagers. The MIDP,

like KJava, is built upon CLDC and provides a standard run-time environment that

allows new applications and services to be deployed dynamically on end-user

devices.MIDP is a common, industry-standard profile for mobile devices that is not

dependent on a specific vendor. It is a complete and supported foundation for mobile

application development.

MIDP contains the following packages, the first three of which are core CLDC

packages, plus three MIDP-specific packages like* java.lang

* java.io

* java.util

* javax.microedition.io

* javax.microedition.lcdui

* javax.microedition.midlet



20/61



4.3.5. J2EE

Short forJava 2 PlatformEnterpriseEdition. J2EE is a platform-independent,

Java-centric environment from Sun for developing, building and deploying Web-based

enterprise applications online. The J2EE platform consists of a set of services, APIs, and

protocols that provide the functionality for developing multitiered, Web-based

applications.

Some of the key features and services of J2EE:

At the client tier, J2EE supports pure HTML, as well as Java applets or

applications. It relies on Java Server Pages and servlet code to create HTML or

other formatted data for the client.

Enterprise JavaBeans (EJBs) provide another layer where the platform's logic is

stored. An EJB server provides functions such as threading, concurrency,

security and memory management. These services are transparent to the author.

Java Database Connectivity (JDBC), which is the Java equivalent to ODBC, is

the standard interface for Java databases.

The Java servlet API enhances consistency for developers without requiring agraphical user interface.

4.3.6. MySQL

MySQL database has become the world's most popular Open source database

because of its consistency, fast performance, high reliability and ease of use. It has also

become the database of choice for a new generation of applications built on the LAMP

stack (Linux, Apache, MySQL, PHP / Perl / Python). MySQL runs on more than 20

platforms including Linux, Windows, OS/X, HP-UX, AIX, Netware, giving you the

kind of flexibility that puts you in control. MySQL offers a comprehensive range of

certified software, support, training and consulting.



21/61



MySQL is a multithreaded, multi-user SQL Database Management System. My

SQL's implementation of a relational database is an abstraction on top of a computers

file system. The relational database abstraction allows collection of data items to be

organized as a set of formally described tables. Data can be accessed or reassembled

from these tables in many different ways, which do not require any reorganization of

the database tables themselves.

MySQL is popular for web applications such as MediaWiki or Drupal and act as

the database component of the LAMP ,MAMP and WAMP

platforms(Linux/Mac,Windows-Apache MySQL-PHP/Perl/Python), and for open

-source bug tracking tools like Bugzilla

Its popularity as a web application is closely tied with the popularity of PHP ,

which is often combined with MySQL and nicknamed Dynamic Duo .It is easy to find

many references that combines the two in websites and books(PHP and MySQL for

Dummies,PHP and MySQL Bible, Beginning PHP and MySQL etc).

Relational database speak SQL (Structured Query Language). SQL is a standard

interactive programming language for getting information from and updating a

relational database. Although SQL itself is both an ANSI and an ISO standard, many

database products support SQL with proprietary extensions to the standard language.

SQL queries take the form of a command language that lets you select, insert, update,

find out the location of data, and so forth.

My SQL Features:

Cross platform support

Stored procedures

Triggers

Cursors

True VARCHAR support

Updated views



22/61



Very fast and much reliable for any type of application.

Very lightweight application.

Command line tool is very powerful and can be used to run SQL queries

against database.

Supports indexing and binary objects.

Allows changing the structure of table while server is running.

It has a wide user base.

It is a very fast thread-based memory allocation system.



23/61



5. SYSTEM DESIGN

System design is the solution to the creation of a new system. This phase is

composed of several systems. This phase focuses on the detailed implementation of the

feasible system. It emphasizes on translating design specifications to performance

specification. System design has two phases of development logical and physical

design.

During logical design phase the analyst describes inputs (sources), out puts

(destinations), databases (data sores) and procedures (data flows) all in a format that

meats the uses requirements. The analyst also specifies the user needs and at a level that

virtually determines the information flow into and out of the system and the data

resources. Here the logical design is done through data flow diagrams and database

design.

The physical design is followed by physical design or coding. Physical design

produces the working system by defining the design specifications, which tell the

programmers exactly what the candidate system must do. The programmers write the

necessary programs that accept input from the user, perform necessary processing on

accepted data through call and produce the required report on a hard copy or display it

on the screen.

5.1 LOGICAL DESIGN



24/61



Logical design of an information system shows the major features and also how

they are related to one another. The first step of the system design is to design logical

design elements. This is the most creative and challenging phase and important too.

Design of proposed system produces the details of the state how the system will meet

the requirements identified during the system analysis that is, in the design phase we

have to find how to solve the difficulties faced by the existing system. The logical

design of the proposed system should include the details that contain how the solutions

can be implemented. It also specifies how the database is to be built for storing and

retrieving data, what kind of reports are to be created and what are the inputs to be given

to the system. The logical design includes input design, output design, and database

design and physical design.



25/61


5.2 INPUT DESIGN

The input design is the link between the information system and the user. It

comprises the developing specification and procedures for data preparation and those

steps are necessary to put transaction data into a usable form for processing data entry.

The activity of putting data into the computer for processing can be achieved by

inspecting the computer to read data from a written or printed document or it can occur

by having people keying the data directly into the system. The design of input focuses

on controlling the amount of input required, controlling errors, avoiding delay, avoiding

extra steps and keeping the process simple.

The system needs the data regarding the asset items, depreciation rates, asset

transfer, physical verification for various validation, checking, calculation and report

generation.. The error raising method is also included in the software, which helps to

raise error message while wrong entry of input is done. So in input design the following

things are considered.

What data should be given as input?

How the data should be arranged or coded?

The dialogue to guide the operating personnel in providing input.

Methods for preparing input validations and steps to follow when error occur

The samples of screen layout are given in the appendix.

5.3 OUTPUT DESIGN

Computer output is the most important and direct information source to the user.

Output design is a process that involves designing necessary outputs in the form of

reports that should be given to the users according to the requirements. Efficient,



26/61


intelligible output design should improve the systems relationship with the user and

help in decision making. Since the reports are directing referred by the management for

taking decisions and to draw conclusions they must be designed with almost care and

the details in the reports must be simple, descriptive and clear to the user. So while

designing output the following things are to be considered.

Determine what information to present

Arrange the presentation of information in an acceptable format

Decide how to distribute the output to intended receipts

Depending on the nature and future use of output required, they can be displayed

on the monitor for immediate need and for obtaining the hardcopy. The options for the

output reports are given in the appendix.

5.4 PHYSICAL DESIGN

The process of developing the program software is referred to as physical

design. We have to design the process by identifying reports and the other outputs the

system will produce. Coding the program for each module with its logic is performed in

this step. Proper software specification is also done in this step.



27/61



5.5 MODULAR DESIGN

A software system is always divided into several sub systems that makes it

easier for the development. A software system that is structured into several subsystems

makes it easy for the development and testing. The different subsystems are known as

the modules and the process of dividing an entire system into subsystems is known as

modularization or decomposition.

A system cannot be decomposed into several subsystems in any way. There

must some logical barrier, which facilitates the separation of each module. The

separation must be simple but yet must be effective so that

the development is not affected.

The system under consideration has been divided into several modules taking in

consideration the above-mentioned criteria.

Modules are:-

-Administrator-Client-Server-Mobile-OTP Generation



28/61


5.6 DATABASE DESIGN

The overall objective in the development of database technology has been to

treat data as an organizational resource and as an integrated whole. DBMS allow data to

be protected and organized separately from other resources. Database is an integrated

collection of data. The most significant form of data as seen by the programmers is data

as stored on the direct access storage devices. This is the difference between logical and

physical data.

Database files are the key source of information into the system. It is the process

of designing database files, which are the key source of information to the system. The

files should be properly designed and planned for collection, accumulation, editing and

retrieving the required information.

The organization of data in database aims to achieve three major objectives: -

Data integration.

Data integrity.

Data independence.

The proposed system stores the information relevant for processing in the MS

SQL SERVER database. This database contains tables, where each table corresponds to

one particular type of information. Each piece of information in table is called a field or

column. A table also contains records, which is a set of fields. All records in a table

have the same set of fields with different information. There are primary key fields that

uniquely identify a record in a table. There are also fields that contain primary key from

another table called foreign keys.



29/61



5.7 DFD

The data flow diagram is used for classifying system requirements to major

transformation that will become programs in system design. This is starting point of the

design phase that functionally decomposes the required specifications down to the lower

level of details. It consists of a series of bubbles joint together by lines.

Bubbles: Represent the data transformations.

Lines: Represents the logic flow of data.

Data cant rigger events and can be processed to useful information. Systems

analysis recognizes the central goal of data in organizations .This dataflow analysis tells

a great deal about how organization objectives are accomplished.

Dataflow analysis studies the use of data in each activity. It documents these

finding in the DFDs. Dataflow analysis give the activities of a system from the view

point of data where it originates , how they are used or hanged or where they go,

including the stops along the way from their destination. The components of dataflow

strategy span both the requirements and systems design. The first part is called

dataflow analysis.

As the name suggests, we didnt use the dataflow analysis tools exclusively for

the analysis stage but also in the designing phase with documentation.

Notations used in Dataflow Diagram

The logic dataflow diagrams can be drawn using four simple notations i.e., special

symbols or icons and the annotation that associates them with a specific system .Since

the choice of notation we follow, does not affect impede or catalyze the system process ;

we used three symbols from YOURDON notation and one from Gain and Sarson

notation as specified below.



30/61



Element References Symbols

Data Flow Process

Process

Data Store

Source/Sink

Description:

Process: Describes how each input data is converted to output data

Data Store: Describes the repositories of data in a system.

Data Flow: Describes the data flowing between process, Data stores andexternal entities.

Source: An external entity causing the origin of data.

Sink: An external entity, which consumes the data



31/61



Context Diagram

The top level diagram is often called a context diagram. It contains a

single process, but it plays a very important role in studying the current system. Thecontext diagram defines the system that will be studied in the sense that it determines

the boundaries. Anything that is not inside the process identified in the context diagram

will not be part of the system study. It represents the entire software element as a single

bubble with input and output data indicated by incoming and outgoing arrows

respectively.

Types of Dataflow Diagram

DFDs are of two types:

1. Physical DFD

Structures analysis states that the current system should be first understood

correctly. The physical DGD is a model of the current system and is used to ensure that

the current system is clearly understood. Physical DFDs show actual devices,

departments, peoples etc involved in the current system.

2. Logical DFD

Logical DFDs are a model of the proposed system. They clearly show the

requirements on which the new system should be built. Later during the design activity

this is taken as the basis for drawing the system's structure charts.

6. DETAILED DESIGN



32/61



6.1 MODULE DESCRIPTION

Administrator

The bank administrator can

add or remove

- Branch details ,Account types, Accounts.

Deposit and withdraw

View all cash transactions

Freeze accounts

Client

After registering with the organization, the client must install the OTP

generation software from the server to his mobile.

The client requests for OTP at the time of login.

If the server passwords match and client is authorized, he is directed to his

account where he can

Transfer fund between accounts

View account balance

Server

A server is implemented to generate the OTP on the organizations side.

The server consists of a database containing the client identification

information.

Stored on both the server and clients mobile at registration time.

Both parties generate the OTP at the same point of time.



33/61



Mobile

A J2ME program is developed and installed on the

mobile phone to generate the OTP.

The program has an easy-to-use GUI that is developed using the Net

Beans drag and drop

interface.

OTP Generation

SHA1 algorithm

Factors used

Username

Password

Date -Using the last two digits of the year and the date and month

makes the OTP unique for that particular date.

Hour, Minute

6.2 TABLE DESIGN

Registration Table Table: regtb



34/61



Primary key: Customer Id

Column name Data type Description

cust_id Int(15) Customer-Id

fn Varchar(50) First name

ln Varchar(50) Last name

addr Varchar(250) Address

mn Int(10) Mobile no

ei Varchar(50) Email_id

un Varchar(15) User name

pw Varchar(15) Password

Account DetailsTable: acctdet

Primary key: Account NumberForeign Key: Customer -Id


acctno Int(15) Account Number

cust_id Int(15) Last name

acctype Varchar(50) Address

minbal Double User name

curtbal Double Password

Staff DetailsTable: employee

Primary key: Staff-Id



35/61




sid Int(15) Staff-Id

fn Varchar(50) First name

ln Varchar(50) Last name

addr Varchar(250) Address

mn Int(10) Mobile no

ei Varchar(50) Email_id

un Varchar(15) User name

pw Varchar(15) Password

IFSC CodesTable: banksPrimary key: ifsc


ifsc Varchar(15) IFSC codes

7. SYSTEM TESTING AND IMPLEMENTATION

7.1 SYSTEM TESTING

System testing is a critical aspect of Software Quality Assurance and represents

the ultimate review of specification, design and coding. Testing is a process of

executing a program with the intent of finding an error. A good test is one that has a

probability of finding an as yet undiscovered error. The purpose of testing is to identify



36/61



and correct bugs in the developed system. Nothing is complete without testing. Testing

is the vital to the success of the system.

In the code testing the logic of the developed system is tested. For this every

module of the program is executed to find an error. To perform specification test, the

examination of the specifications stating what the program should do and how it should

perform under various conditions.

Unit testing focuses first on the modules in the proposed system to locate errors.

This enables to detect errors in the coding and logic that are contained within that

module alone. Those resulting from the interaction between modules are initially

avoided. In unit testing step each module has to be checked separately.

System testing does not test the software as a whole, but rather than integration

of each module in the system. The primary concern is the compatibility of individual

modules. One has to find areas where modules have been designed with different

specifications of data lengths, type and data element name.

Testing and validation are the most important steps after the implementation of

the developed system. The system testing is performed to ensure that there are no errors

in the implemented system. The software must be executed several times in order to

find out the errors in the different modules of the system.

Validation refers to the process of using the new software for the developed

system in a live environment i.e., new software inside the organization, in order to find

out the errors. The validation phase reveals the failures and the bugs in the developed

system. It will be come to know about the practical difficulties the system faces when

operated in the true environment. By testing the code of the implemented software, the

logic of the program can be examined. A specification test is conducted to check



37/61



whether the specifications stating the program are performing under various conditions.

Apart from these tests, there are some special tests conducted which are given below:

Peak Load Tests: This determines whether the new system will handle the

volume of activities when the system is at the peak of its processing demand. The test

has revealed that the new software for the agency is capable of handling the demands at

the peak time.

Storage Testing: This determines the capacity of the new system to store

transaction data on a disk or on other files. The proposed software has the required

storage space available, because of the use of a number of hard disks.

Performance Time Testing: This test determines the length of the time used by

the system to process transaction data.

In this phase the software developed Testing is exercising the software to

uncover errors and ensure the system meets defined requirements. Testing may be done

at 4 levels

Unit Level

Module Level

Integration & System

Regression

7.1.1 UNIT TESTING

A Unit corresponds to a screen /form in the package. Unit testing focuses on

verification of the corresponding class or Screen. This testing includes testing of control

paths, interfaces, local data structures, logical decisions, boundary conditions, and error

handling. Unit testing may use Test Drivers, which are control programs to co-ordinate



38/61



test case inputs and outputs, and Test stubs, which replace low-level modules. A stub is

a dummy subprogram.

7.1.2 MODULE LEVEL TESTING

Module Testing is done using the test cases prepared earlier. Module is defined

during the time of design.

7.1.3 INTEGRATION & SYSTEM TESTING

Integration testing is used to verify the combining of the software modules.

Integration testing addresses the issues associated with the dual problems of verification

and program construction. System testing is used to verify, whether the developed

system meets the requirements.



39/61



7.1.4 REGRESSION TESTING

Each modification in software impacts unmodified areas, which results serious

injuries to that software. So the process of re-testing for rectification of errors due to

modification is known as regression testing.

Installation and Delivery:

Installation and Delivery is the process of delivering the developed and tested

software to the customer. Refer the support procedures.

Acceptance and Project Closure:

Acceptance is the part of the project by which the customer accepts the product.

This will be done as per the Project Closure, once the customer accepts the product;

closure of the project is started. This includes metrics collection, PCD, etc.

7.2 SYSTEM IMPLEMENTATION

Implementation includes all those activities that take place to convert from the

old system to the new. The old system consists of manual operations, which is operated

in a very different manner from the proposed new system. A proper implementation is

essential to provide a reliable system to meet the requirements of the organizations. An

improper installation may affect the success of the computerized system.

7.2.1 IMPLEMENTATION METHODS



40/61



There are several methods for handling the implementation and the consequent

conversion from the old to the new computerized system.

The most secure method for conversion from the old system to the new system is

to run the old and new system in parallel. In this approach, a person may operate in the

manual older processing system as well as start operating the new computerized system.

This method offers high security, because even if there is a flaw in the computerized

system, we can depend upon the manual system. However, the cost for maintaining two

systems in parallel is very high. This outweighs its benefits. Another commonly method

is a direct cut over from the existing manual system to the computerized system. The

change may be with in a week or with in a day. There are no parallel activities.

However, there is no remedy in case of a problem. This strategy requires careful

planning.

A working version of the system can also be implemented in one part of the

organization and the personnel will be piloting the system and changes can be made as

and when required. But this method is less preferable due to the loss of entirety of the

system.



41/61



7.2.2 IMPLEMENTATION PLAN

The implementation plan includes a description of all the activities that must

occur to implement the new system and to put it into operation. It identifies the

personnel responsible for the activities and prepares a time chart for implementing the

system. The implementation plan consists of the following steps.

List all files required for implementation.

Identify all data required to build new files during the implementation.

List all new documents and procedures that go into the new system.

The implementation plan should anticipate possible problems and must be able

to deal with them. The usual problems may be missing documents; mixed data formats

between current and files, errors in data translation, missing data etc.



42/61



8. FIGURES

The different modules, forms and tables in our system are displayed here.

8.1 DATA FLOW DIAGRAM

The following dataflow diagrams show the control flow in our system.

Fig 8.2: Level 1 of administrator

Fig 8.3: Level 2 of administrator

Fig 8.4: Level 1 of user

Fig 8.5: Level 2 of user

Fig 8.1



43/61



Fig 8.2

Fig 8.3

Fig 8.4



44/61



Fig 8.5



45/61



8.2 SCREEN SHOTS

8.2.1 DESKTOP PART

Fig 8.2.1.a Login Form



46/61



Fig 8.2.1.b Users Registration Form



47/61



Fig 8.2.1.c Staff process Form

Fig 8.2.1.d Registration completed Form



48/61



Fig 8.2.1.e Transaction Form

Fig 8.2.1.f Transaction Form 2



49/61



Fig 8.2.1.g New Account Form

Fig 8.2.1.h Confirmation Form



50/61



8.2.2 WEBSITE PART

Fig 8.2.2.a Login1



51/61



Fig 8.2.2.b Login2



52/61



Fig 8.2.2.c Home Page

Fig 8.2.2.d Fund Transfer Page



53/61



Fig 8.2.2.e Fund Transfer1



54/61



Fig 8.2.2.f View Balance



55/61



Fig 8.2.2.g Fund Transfer2



56/61


57/61



8.2.3 MOBILE PART

Fig 8.2.3.1 Application Login



58/61



Fig 8.2.3.2 Option List

Fig 8.2.3.3 Login



59/61



Fig 8.2.3.4 OTP Generation



60/61



9. CONCLUSION

We have successfully completed our project Synchronized Two-factor

Authentication Using Mobile Phones in the time span allotted and put together to

form the main system. The modules were tested separately. Testing of the whole system

has been done with sample data and output obtained according to the requirements.

We have described our mobile two-factor authentication mechanism for the

purpose of protecting long term credentials of users, particularly when they must

authenticate while using an untrusted computer. This approach uses a combination of

stored credentials on mobile devices and one-time passwords to assure the

confidentiality of long term credentials.

The main advantage of our mechanism is its comparatively stronger

authentication to other existing approaches.

The selection of JSP has greatly enhanced the capability and user friendliness of

the system. Also the support of a powerful of database My SQL added to its merit.

10. REFERENCES



61/61



TextBooks:

[1] Addison-Wesley, Java(TM) Language Specification, The (3rd Edition)

[2] John W. Muchow, Core J2ME Technology and MIDP

[3} Deepak Alur , Dan Malks ,John Crupi, Core J2EE Patterns: Best

Practices and Design Strategies

Websites:

[1] google.com (google books)

[2] www.javabeginner.com

[3] www.w3schools.com

[4] www.mysql.com
http://google.com/http://www.w3schools.com/http://www.mysql.com/http://google.com/http://www.w3schools.com/http://www.mysql.com/

2factor Pro Mzc

Documents

Transcript of 2factor Pro Mzc