brind

CHAPTER-I

1. INTRODUCTION

1.1. OVERVIEW OF THE PROJECT

Access to computer systems is most often based on the use of alphanumeric passwords.

However, users have difficulty remembering a password that is long and random-appearing.

Instead, they create short, simple, and insecure passwords. Graphical passwords have been

designed to try to make passwords more memorable and easier for people to use and, therefore,

more secure. Using a graphical password, users click on images rather than type alphanumeric

characters. This Project describes the Pass Points system, its security characteristics, and the

empirical study we carried out comparing Pass Points to alphanumeric passwords. In the

empirical study participants learned either an alphanumeric or graphical password and

subsequently carried out three longitudinal trials to input their passwords over a period of five

weeks. The results show that the graphical group took longer and made more errors in learning

the password, but that the difference was largely a consequence of just a few graphical

participants who had difficulty learning to use graphical passwords.

1.2. OBJECTIVE OF THE PROJECT

Textual passwords are the most common method used for authentication. But textual

passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder

surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most

of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be

combined with images or colors to generate session passwords for authentication. Session

passwords can be used only once and every time a new password is generated. In this, two

techniques are proposed to generate session passwords using image which are resistant to

shoulder surfing. These methods are suitable for Personal Digital Assistants.

KGISL Institute of Information Management Page 1

1.3 BACKGROUND STUDY

1.3.1 STUDY ON EXISTING SYSTEM

Computer systems and the information they store and process are valuable resources

which need to be protected. Computer security systems must also consider the human factors

such as ease of a use and accessibility. Current secure systems suffer because they mostly ignore

the importance of human factors in security. An ideal security system considers security,

reliability, usability, and human factors. All current security systems have flaws which make

them specific for well trained and skilled users only. A password is a secret that is shared by the

verifier and the customer. ”Passwords are simply secrets that are provided by the user upon

request by a recipient.” They are often stored on a server in an encrypted form so that a

penetration of the file system does not reveal password lists. Passwords are the most common

means of authentication because they do not require any special hardware. Typically passwords

are strings of letters and digits, i.e. they are alphanumeric. Such passwords have the disadvantage

of being hard to remember. Weak passwords are vulnerable to dictionary attacks and brute force

attacks where as Strong passwords are harder to remember

1.3.2 PROBLEM AND WEAKNESS OF CURRENT SYSTEM

The passwords should be at least 8 characters long.

The password should not be easy to relate to the user(e.g., last name, birth date)

Ideally the user should combine upper and lower case letters and digits

Users tend to write password down or use the same passwords for different accounts.

Key-space is limited to 64 ASCII characters.


CHAPTER-II

2. SYSTEM ANALYSIS

2.1 STUDY ON PROPOSED SYSTEM

2.1.1 DEFINING THE PROBLEM


Though, users have difficulty remembering a password that is long and random-appearing.

Instead, they create short, simple, and insecure passwords. Graphical passwords have been

designed to try to make passwords more memorable and easier for people to use and, therefore,

more secure. Using a graphical password, users click on images rather than type alphanumeric

characters.

Graphical password is an authentication system that works by having the user select from

images in a specific order, presented in a graphical user interface (GUI).It can be used in web

login application, atm machines, and mobiles devices.

2.1.2 DEVELOPING SOLUTION STRATEGIES

A password is a secret that is shared by the verifier and the customer. ”Passwords are

simply secrets that are provided by the user upon request by a recipient.” They are often stored

on a server in an encrypted form so that a penetration of the file system does not reveal password

lists. Passwords are the most common means of authentication because they do not require any

special hardware. Typically passwords are strings of letters and digits, i.e. they are alphanumeric.

Such passwords have the disadvantage of being hard to remember. Weak passwords are

vulnerable to dictionary attacks and brute force attacks where as Strong passwords are harder to

remember


ADVANTAGES OF PROPOSED SYSTEM


Though, users have difficulty remembering a password that is long and random-

appearing. Instead, they create short, simple, and insecure passwords.

Graphical passwords have been designed to try to make passwords more memorable and

easier for people to use and, therefore, more secure.

Using a graphical password, users click on images rather than type alphanumeric

characters.

Dictionary attacks are infeasible

On-average-millions of years to break into the system

Easy to memorize

Key-space is unlimited

MODULES

1. Pattern Selection

2. Picture Selection

3. Registration

4. Login

MODULE DESCRIPTION

1. Pattern Selection

In Pattern Selection phase the user will be choose the patterns such as “POINT, LINE,

and ELLIPSE”. They may select the pattern depending upon their capabilities and also they

have a choice to select any one of the pattern or combined together. But they should choose one

pattern.

2. Picture selection

Picture selection phase there are two ways for selecting picture password authentication.


1. User defines pictures: Pictures are selected by the user from the hard disk or any other image

supported devices.

2. System defines pictures: pictures are selected by the user from the database of the password

system.

Users may select any pixels in the image as click-points for their password. During password

creation, most of the image is dimmed except for a small view port area that is randomly

positioned on the image. Users must select a click-point within the view port. If they are unable

or unwilling to select a point in the current view port, they may press the Shuffle button to

randomly reposition the view port. The view port guides users to select more random passwords

that are less likely to include hotspots. A user who is determined to reach a certain click-point

may still shuffle until the view port moves to the specific location, but this is a time consuming

and more tedious process.

3. Register

In this phase the user already choose the options like any type of pattern and picture then

they must draw the pattern on the picture to store in the database for registration process. After

completing the pattern drawn the registration will be completed.

4. Login

In this phase, after registration process the user must validate the pattern by using the

login .The session refers to a limited time of communication between two systems. The user

must give the right option; otherwise the session will be expired.

2.2 SYSTEM SPECIFICATION

The software should be developed according to the system. The user interface module should be

developed in such a way that the user can easily operate the system. The most important

responsibility of developer is maintenance. He is responsible to give support to the customer

when they are getting problem related to the software.


2.2.1 APPLICATION SPECIFICATION

THREE-TIER ARCHIETECTURE

Three-tier architecture introduces a server between the client and the server. The login act

as the Presentation Layer which user draw the pattern. The validation performs in the Business

Layer. The pattern stored in the Data Layer. Session authenticate password uses the 3-tier

application is a program, which is organized into three major disjunctive layers. These layers are,

Presentation layer (Front end)

Business layer (Logical)

Data layer (Backend)

Fig 2.1 Three Tiered Client/Server Architecture

Application layer

Application layer is the form which provides the user interface to either programmer of

end user. Programmer uses this layer for designing purpose and to get or set the data back and

forth.

Business layer


This layer is a class which we use to write the function which works as a mediator to

transfer the data from Application or presentation layer or data layer. In the three tier architecture

we never let the data access layer to interact with the presentation layer.

Data Access Layer

This layer is also a class which we use to get or set the data to the database back and

forth. This layer only interacts with the database. We write the database queries or use stored

procedures to access the data from the database or to perform any operation to the database.

2.2.2. NETWORK SPECIFICATION

LANs - Local Area Networks are really the basic building blocks of all internetworks. These

technologies are implemented at the Data Link Layer of the OSI model or layer 2. This is

because these network technologies are largely determined by the physical media they share and

how they control access to this shared medium. This Data Link Layer is also called the MAC -

Media Access Layer. The basic traffic format at this level is called a frame.

So, in LANs, communication can only deal with MAC addresses which are serial number like

device identifiers. Things like IP addresses are only necessary when routing data across LAN

segments through an internetwork. These 2nd layer technologies can only support switched

internetwork operations. They are only good for local areas or simple paths over longer

distances, where not much guidance to deliver the data is needed.

2.2.3 HARDWARE SPECIFICATION

Processor : Pentium IV 2.4 GHz.

Hard Disk : 40 GB.

Floppy Drive : 1.44 Mb.

Monitor : 14’ Colour Monitor.

Mouse : Optical Mouse.

RAM : 512 Mb.

Keyboard : 101 Keyboards.

2.2.4 SOFTWARE SPECIFICATION

Software : JAVA SE 7 SDK, Eclipse


Language : Java

Operating System : Windows XP

Back End : SQLite

2.2.5 SOFTWARE ENVIRONMENT

JAVA

Java is the first programming language designed from ground up with network

programming in mind. The core API for Java includes classes and interfaces that provide

uniform access to a diverse set of network protocols. As the Internet and network programming

has evolved, java has maintained its cadence. New APIs and toolkit have expanded the available

options for the java network programmer.

Java is both a programming language and an environment for executing programs written

in java language. Unlike traditional compilers, which convert source code into machine level

instructions, the java compiler translates java source code into instructions that are interpreted by

the runtime Java Virtual Machine. So unlike language like C and C++, Java is an interpreted

language

Java Environment

The Java environment is composed of several separate entities.

Java Language

This is a language that follows object-oriented concept used to create executable contents

such as applications and applets. But Java is not pure object oriented language, it does not

support multiple inheritance & Operator overloading.

Java Runtime Environment

The Runtime Environment used to execute the code. It is made up of the java language

and java virtual machine. It is portable and it is platform neutral.

Java Application

Applications are programs written in java to carry out certain tasks on standalone local

computer. Execution of a stand-alone program involves two steps.

Compiling the source code in to byte code using Javac.

Executing byte code program using java interpreter

Java Applets


Java applets are pieces of java code that are embedded in HTML document using the

applet tag. When the browser encounters such code it automatically download it and execute it.

Java Virtual Machine

It is a specification to which java codes must be written. All java code is to be compiled

in this nonexistent virtual machine. Writing the code that compiles in JVM ensures platform

independence.

Advantages of Java

Robust

Secure

Portable

ABOUT THE TOOL

NETBEANS IDE

The Net Beans Platform allows applications to be developed from a set of modular

software components called modules. A module is a Java archive file that contains Java classes

written to interact with the Net Beans Open APIs and a manifest file that identifies it as a

module.

SQLite

SQLite is an Open Source database. SQLite supports standard relational database features

like SQL syntax, transactions and prepared statements. The database requires limited memory at

runtime (approx. 250 Kbyte) which makes it a good candidate from being embedded into other

runtimes. SQLite supports the data types TEXT (similar to String in Java), INTEGER (similar to

long in Java) and REAL (similar to double in Java). All other types must be converted into one

of these fields before getting saved in the database.

2.3 COST ESTIMATION AND SCHEDULING

Let the total lines of project estimated to be 4000 lines.

Then total kilo lines of code(KLOC)=3 KLOC


According to the basic COCOMO model:

(Assuming the team to be organic)

Effort=2.4(KLOC)1.05

=2.4(4)1.05

Effort=10 PM

Time=2.5(Effort)0.38

=2.5(10)0.38

Time=6 Months

Cost= 5.4*10,000

= 54,000

Group Size=Effort/Time

=10/6

Group Size= 2 Persons

2.4 FINAL OUTLINE OF THE PROPOSED SYSTEM

The proposed system overcomes all the drawbacks of the existing system.

Some of the significant accrued benefits include,

The system has the capability for easy integration with other systems.

The user can access from anywhere

It is a platform independent.

New modules can be added to the existing system with less effort

KGISL Institute of Information ManagementPage 10

CHAPTER-III

3. DESIGN AND DEVELOPMENT PROCESS

3.1 FUNDAMENTAL DESIGN CONCEPTS

Although the degree of interest in each concept has varied over the year, each has

stood the test of time. Each provides the software designer with a foundation from which more

sophisticated design methods can be applied. Fundamental design concepts provide the necessary

framework for “getting it right”.

A software design is a meaningful engineering representation of some Software

product that is to be built. A design can be traced to the customer’s requirements and can be

assessed for quality against predefined criteria.

During the design process the software requirements model is transformed into

design models that describe the details of the data structures, system architecture, interface, and

components. Each design product is reviewed for quality before moving to the next phase of

software development.

3.2 DESIGN NOTATIONS

DATA FLOW DIAGRAM

Analysis model help us to understand the relationship between different

components in the system design. Analysis model shows user more clearly, how a system will

function. This is the first technical representation of a system. The analysis is modeling must

achieve three primary objectives.

To establish a basis for creation of software design.

To describe what the user requires.

To define a set of requirement that can be validated once the software is built Data

Flow Diagram.


A Data Flow Diagram is a graphical technique that depicts information flow and

transforms that are applied as data move from input to output. The DFD is used to represent

increasing information flow and functional details. A level 0 DFD, also called a fundamental

system model or a Context Model, represents the entire software elements as a bubble with input

and output indicated by incoming and outgoing arrows respectively. Additional process and

information flow parts are represented in the next level i.e., Level 1 DFD. Each of the processes

represented at Level 1 are sub functions of overall system depicted in the Context Model. Any

processes, which are complex in Level 1, will be further represented into sub functions in the

next Level, i.e., in level 2.

Basic DFD symbols:

To Construct a Data Flow Diagram, we use

Arrow

Circles

Open End Box

Squares

Arrow

An arrow identifies the data flow in motion. It is a pipeline through which information is

flown like the rectangle in the Flow Chart.

Data may flow a source to a processor and from a data store or process. An arrow line

depicts the flow, with the arrowhead pointing in the direction of flow.

Circle

Circle stands for process that converts the data into information


A process represents transformation where incoming data flow is changed into outgoing

flows.

Rectangle

A Rectangle defines a source or destination of system data. A source is a person or a part

of organization, which enters or receives information from the system but is considered to be

outside the context of the data flow model.

Open End Box

An Open End Box represents a data store, data at rest or temporary reposition of data.

A graphical picture of the logical steps and sequence involved in a procedure or a

program is called a flow chart. Unlike detailed flow chart, Data Flow Diagram does not supply

detailed description of the modules but graphically describes a system’s data how the data

interact with the system.

Six rules for considering the Data flow Diagram

Arrows should not cross each other

Squares, circles and Data Store must have names

Decomposed data flow squares and circles can have the same names.

Choose meaningful names for data flow


Draw all data flows around the outside of the diagram.

3.2.1 CONTEXT FLOW DIAGRAM

Fig 3.1 Context Flow Diagram

3.2.2 LEVEL 1 DATA FLOW DIAGRAM


Fig 3.2 Level 1 Data Flow Diagram

3.2.3. STRUCTURE CHART

A structure chart is a design tool, constructed of squares representing the different

modules in the system, and lines that connect them. The lines represent the connection and or

ownership between activities and sub activities as they are used in organization charts.

Programmers use a structure chart to build a program in a manner similar to how an architect

uses a blueprint to build a house. In the design stage, the chart is drawn and used as a way for the

client and the various software designers to communicate.

Structure Chart is used to show the hierarchical arrangement of the modules in a Session

Authentication Password Using Image. Each rectangular box in the structure chart represents a

form and module. The names of the forms are written inside the box. An arrow joins two forms

that have an invocation relationship.

A structure chart depicts

the size and complexity of the system, and

number of readily identifiable functions and modules within each function and


Close Pending

Tasks

whether each identifiable function is a manageable entity or should be broken

down into smaller components

The module and forms in the Session Authentication Password Using Image represents

in the below structure chart.


Pattern selection

Session Authentication Password Using Image

Picture selection Registration Login

Three patterns

Line

Point

circle

Select various pictures from gallery

Register the pattern in the image

Verify the registered pattern is same or not

Fig 3.3 Structure Chart

3.3 DESIGN PROCESS

3.3.1 DATABASE DESIGN

Software design is the iterative process through which requirements are translated into a

“Blueprint” for constructing the S/W. The design must implement all the explicit requirements

contained in the analysis model, and it must accommodate all the implicit requirements desired

by the customer. The design must be readable, understandable for those who generate code and

for those who test subsequently support the software. The design should provide a complete

picture of the software, addressing the data, functional, behavioral domains from an

implementation perspective.

To design an application it is necessary to design a database file. These files are called

tables. After designing the output and input, tables must be organized according to the storage

needs of the back end used. Normalization procedure is used to avoid duplication of data and to

produce feasibility necessary to support different functional requirements. In this project some

fields are assigned as primary key. The repeating data are removed and are placed in the

corresponding entity. In the master table primary key is assigned and this is referenced by the


same field in the transaction table which is assigned there as foreign key. Every non key attribute

in this system are non-transitively dependent on primary key. The records are retrieved by

selecting the primary key.

Normalization

It is a technique for designing relational database tables to minimize duplication of information.

The goals of normalization are,

Eliminating redundant data

Ensuring data dependencies make sense.

3.3.2. TABLE STRUCTURE

TABLE NAME: TB_MASTER_PICTURES

PRIMARY KEY: VCH_PICTURE_ID

COLUMN NAME DATA TYPE CONSTRAINT DESCRIPTION

Vch_picture_id Varchar(10) Primary KeyAuto generation of picture id for each

pictures

Blob_pictures Blob Not Null Storing pictures

Table 3.2 It contain the details of the picture

TABLE NAME: TB_CHILD_REGISTRATION

PRIMARY KEY: VCH_USER_ID

FOREIGN KEY: VCH_PICTURE_ID


COLUMN NAME DATA TYPE CONSTRAINT DESCRIPTION

Vch_user_id Varchar(10) Primary KeyAuto generation of

user id

Vch_picture_id Varchar(10) Foreign Key, Not NullSelect picture id from

database

Int_position Int(200) Not Null Indicate the position

Table 3.2 It contain the details of the registration

3.3.3 INPUT DESIGN

The input design is the process of converting the user-oriented inputs in to the computer-

based format. For providing a good input design for the application easy data input and selection

features are adopted.

The input design requirements are user friendliness and consistent format. The input form

comprises of Login form, which play a major role in the project that screens the unauthorized

user entering into the system. The given below the Input screens.

Picture Selection

Registration

Picture Selection

Description: Select the Picture from gallery for register the pattern.

Input: Select the picture from Database.

Process: Store the picture in the table

Table: Tb_Master_Picture

Registration

Description: Register the pattern such as line, point, and circle in the image.


Input: Draw the pattern as per instruction.

Process: Store the pattern in the table

Table: Tb_Child_Registration

3.3.4 OUTPUT DESIGN

The output design presents the manipulated data to the end user. The output design acts

as medium of communication to the user by providing the desired data that may be either a

stored data fetched from the database or may be manipulated result displayed to the user for

confirmation before it is stored into the database.

The quality output is one, which meets the requirements of the end user and presents the

information clarity. In any system results of processing are communicated to the users and to

other systems through outputs. The output design deals with determining how the information is

to be displayed for immediate need and also for the hard copy output. The given below the

output screens.

3.4 DEVELOPMENT APPROACH

Project development approach

Software process model

To solve actual problems in industry settings, software engineer or a team of engineers must

incorporate a development strategy that encompasses the process, methods and tools layers and

generic phases. This strategy is often referred to as process model or a software engineering

paradigm. A process model for software engineering is chosen based on the nature of the project

and application, the methods and tools to be used, and the controls and deliverables that are

required.

The Linear Sequential Model


System/Information Engineering

Analysis Design Code Test

Fig 3.4Linear Sequential Model

System/information Engineering and Modeling

System engineering and analysis encompasses require gathering at the system level.

Information engineering encompasses requirements gathering at the strategic business level.

Software requirement analysis

To understand the nature of the program to be built, the S/W engineer must understand

The information domain of the software.

Required function.

Behavior.

Performance &Interface.

Design

It focuses four distinct attributes of a program

Data structure

Software architecture

Interface representations &

Procedural (Algorithmic) Detail.

This process translates the requirements in to representation, and the design is documented.

Code generation

The design is translated in to machine readable form in code generation

Testing

The testing process focuses

The logical internals of the software.

Ensuring all the statements have been tested

On the Functional Externals.


Ensure that the Defined input will produce the actual Results.

Support

Software will undergo a change after it is delivered to the customer. Change will occur

because

Errors have been encountered.

S/W must be adapted to accommodate to new environment.

CHAPTER – IV

4. TESTING AND IMPLEMENTATION

4.1 SYSTEM TESTING

System testing is a type of testing to confirm that all code modules work as specified, and

that the system as a whole performs adequately on the platform on which it will be deployed.

System testing should be performed by testers who are trained to plan, execute, and report on

application and system code. They should be aware of scenarios that might not occur to the end

user, like testing for null, negative, and format inconsistent values.

System testing of software or hardware is testing conducted on a complete, integrated system to

evaluate the system's compliance with its specified requirements. A tester should be able to

repeat the steps that caused an error. Test techniques include, but are not limited to, the process

of executing a program or application with the intent of finding software bugs.

4.1.1 TESTING AND METHODOLOGIES


Requirements Trace ability

As most interested portion is whether the system is meeting its requirements or not, for

that testing should be planned so that all requirements are individually tested. We checked the

output of certain combination of inputs, which gives desirable results, or not. Strictly stick to the

requirements specifications, gives the path to get desirable results from the system.

Tested Items

Tested items are like sending request to administrator, solving the sent request by the

Assignee, changing password of Assignee and student, sending user feedback, adding new

categories, adding new departments etc.

Testing Schedule

Testing has been done for each procedure back-to-back so that errors and omissions can

be found as early as possible. Once the system has been developed fully testing procedure is

followed on other machines, which differs in configuration.

Software Testing involves executing an implementation of the software with test data and

examining the outputs of the software and its operational behavior to check that it is performing

as required.

Different testing techniques are as described below:

Black-box Testing

In Black-Box Testing or Functional Testing, the output of the module and software, is

taken into consideration, i.e. whether the software gives proper output as per the requirements or

not. In another words, this testing aim to test a program's behavior against it specification

without making any reference to the internal structure of the program or the algorithms used.


Therefore the source code is not needed, and so even purchased modules can be tested. The

program just gets a certain input and its functionality is examined by observing the output.

This can be done in the following way:

Input Interface

Processing

Output Interface

The tested program gets certain inputs. Then the program does its job and generates a certain

output, which is collected by a second interface. This result is then compared to the expected

output, which has been determined before the test.

White-box Testing

White Box testing is used as an important primary testing approach. Here code is inspected

to see what it does; tests are designed to exercise the code. Code is tested using code scripts,

driver etc that are employed to directly interface with and drive the code.

Integration Testing

After the individual modules were tested out, the integration procedure is done to create a

complete system. This integration process involves building the system and testing the resultant

system for problems that arise from component interactions.

The top-down strategy is applied to validate high-level components of a system before design

and implementations have been completed.

TEST CASES

Test Cases using Unit Testing:- Picture Selection Module

Test Id Test Condition Test Input Actual Expected Test


Description Data Result Result Result

LF_01User select the

Picture

User selects the picture from

gallery-

System accepts the

Picture

System should accept the

picture

Pass

LF_02User crop the

pictureUser does not

crop the picture-

System does not accepts the picture

System shows error message

Pass

LF_05User saves the

picture

User crops the picture and then

save it.-

System accepts the

picture

System should accept the

picturePass

LF_08User discard the picture

User wants to select other

picture choose discard

-

System discard the

selected picture

System should discard the

selected picture

Pass

Table 4.1 Picture table done with Unit testing

Screen


Fig 4.1 Picture Selection Form

Integration Testing


Test case for Integration Testing: Registration

Test ID

Test Condition

Test DescriptionInput Data

Actual Result

Expected Result

Test

Result

IG_01User

register the pattern

User submit the register it redirects

into login form-

System accepts the

data

System should accepts the data

Pass

IG_02User

forget the pattern

User draw the pattern wrongly it redirects the pin

number page

-

System does not accept the wrong

pattern

System should show the pin number page

Pass

Table 4.2 Register table done with Integration testing

Screen

Fig 4.2 Register Form

Validation Testing


Validation testing ensures that the software has been build satisfies the customer

requirements. Validation testing is used to validate the fields in the form. It mainly focuses on

text field and numeric field. But in this project it validates pattern

Test ID

Test

Condition

Test Description

Input Data

Actual Result

Expected Result

Test

Result

LF_01Draw the Pattern

Draw the correct pattern as per

given instructions

-System accept only correct

pattern

System should accept only

correct patternPass

LF_02Forget the

patternUser forget the

pattern-

System shows access denied

System should show error message

Pass

Table 4.2 Register table done with Validation testing

Screen

Fig 4.3 Login Form

4.2 QUALITY ASSURANCE


Quality assurance consists of the auditing and reporting functions of management. The goal of

quality assurance is to provide management with the data entries necessary to be informed about

the product quality thereby gaining the goal of insight and confidence that the product quality is

meeting.

Greater emphasis on quality in organization requires quality assurance. The development process

must include checks throughout the process to ensure that the final product meets the original

user requirements.

On the development process quality assurance process is integrated into a linear development

cycle through validation and verification performed at crucial system development steps .The

goals of the management is to institute and monitor a quality assurance program with in the

development process .Quality assurance includes,

Validation of the system against requirements.

Provide the security for hackers.

4.2.1 GENERIC RISKS

A risk is a potential event with negative consequences that has not happened yet. However

a risk could also be defined as the event with unforeseen positive consequences. By identifying

the risks we can avoid failures and increase the success rate of our system.

4.2.2 SECURITY TECHNOLOGIES& POLICIES

Security is necessary in today's environment because data processing represents a

concentration of valuable assets in the form of information, equipment, and personnel. Security

and privacy must focus on controlling unauthorized access. The following security policies are

implemented in our system. They are

Security

Authorization and Access Control.

Session Management.

4.3 SYSTEM IMPLEMENTATION


Implementation is the stage of the project where the theoretical design is turned into a

working system. At this stage the main work load, the greatest upheaval and the major impact on

the existing system shifts to the user department. If the implementation is not carefully planned a

controlled it can cause and confusion.

Implementation includes all those activities that take place to convert from the old system to the

new one. The new system may be totally new, replacing an existing manual or automated system

or it may be a major modification to an existing system. Successful implementation may not

guarantee improvement in the organization using the new system, but improper installation will

prevent it.

4.3.1 Implementation Procedures

Implementation of software refers to the final installation of the package in its real

environment, to the satisfaction of the intended users and the operation of the system.

The active user must be aware of the benefits of using the system.

Their confidence in the software is built up.

Proper guidance is imparted to the user so that he is comfortable in using the

application.

The user must know that for viewing the result, the server program should be running

in the server.

If the server object is not up running on the server, the actual processes won’t take

place.

4.3.2 User Training

Our entire system was developed very user friendly. No extra training was required to use

our system. Our system automatically guides (fully user guided) the user to give input and to

produce the output.

4.3.3 Operational Documentation


An online help which gives the clear idea about our system was attached with our system.

Whenever the user needs guidance he can get help from the help manual.

4.4 SYSTEM MAINTENANCE

The maintenance phase of the software cycle is the time in which a software product

performs useful work. After a system is successfully implemented, it should be maintained in a

proper manner. System maintenance is an important aspect in the software development life

cycle.

The need for system maintenance is for it to make adaptable to the changes in the system

environment. There may be social, technical and other environmental changes, which affect a

system, which is being implemented. Software product enhancements may involve providing

new functional capabilities, improving user displays and mode of interaction, upgrading the

performance characteristics of the system.

Maintenance is actually implementation of the review plan as important as it is

programmers and analyst is to perform or identify with him or herself with the maintenance.

Analyst and programmers spend fair more time maintaining programmer then they do writing

them Maintenances account for 50-80% of total system development.

4.4.1 Adaptability, Enhancement and Fixation

Our system was developed to accept the new changes in the system environment. There

may be social, technical and other environmental changes, which affect a system, which is being

implemented. Our system was developed in the way to adapt the enhancements which may

involve providing new functional capabilities, improving user displays and mode of interaction,

upgrading the performance characteristics of the system.

CHAPTER-V


5. CONCLUSION

The proposed Cued Click Points scheme shows promise as a usable and memorable

authentication mechanism. By taking advantage of users’ ability to recognize images and the

memory trigger associated with seeing a new image, CCP has advantages over Pass Points in

terms of usability. Being cued as each images shown and having to remember only one click-

point per image appears easier than having to remember an ordered series of clicks on one

image.

CCP offers a more secure alternative to Pass Points. CCP increases the workload for

attackers by forcing them to first acquire image sets for each user, and then conduct hotspot

analysis on each of these images.

5.1 SCOPE FOR FURTHER ENHANCEMENT

In future it has great scope. It can be used everywhere instead of text-based password .I

can increase the security of this system by increasing the number of levels used, the number of

tolerance squares used.

In future development we can also add challenge response interaction. In challenge

response interactions, server will present a challenge to the client and the client need to give

response according to the condition given. If the response is correct then access is granted. Also i

can limit the number a user can enter the wrong password.

5.2 BIBLIOGRAPHY


BOOKS

Android 4: New features for Application Development

Android™ Application Development Cookbook-john whiley & sons

Android Community Experts-Beijing • Cambridge • Farnham • Köln • Sebastopol

Android in Action Third Edition

BEGINNING ANDROID™ 4 APPLICATION DEVELOPMENT

Developing Android Applications with Adobe AIR by Véronique Brossier

WEB REFERENCES

www.stackoverflow.com ,

www.tutorialpoin.com

www.google.co.in

www.androidtutorial.com

www.android.com ,

www.androidschool.com

ANNEXURES

1. INPUT DESIGN


http://www.android.com/

http://www.google.co.in/

http://www.stackoverflow.com/

Home Page

Screen 5.1 Home page

Gesture Selection

Screen 5.2 Gesture Selection Page

Picture Selection


Screen 5.3 Picture page

Crop the Picture

Screen 5.4 Crop page

Time Out


Screen 5.5 Session page

Register

Screen 5.6 Register page

2. OUTPUT DESIGN


Login

Screen 5.7 Login page

Login Incorrect

Screen 5.8 Login page

3. SOURCE CODE


HomeChooser

package com.TwinBlade.PicturePassword;

import android.app.Activity;

import android.app.AlertDialog.Builder;

import android.content.ComponentName;

import android.content.Context;

import android.content.DialogInterface;

import android.content.DialogInterface.OnClickListener;

import android.content.Intent;

import android.content.SharedPreferences;

import android.content.SharedPreferences.Editor;

import android.content.pm.ActivityInfo;

import android.content.pm.ApplicationInfo;

import android.content.pm.PackageManager;

import android.content.pm.ResolveInfo;

import android.os.Bundle;

import android.preference.PreferenceManager;

import android.view.View;

import android.view.View.OnClickListener;

import android.widget.Button;

import android.widget.CheckBox;


import java.util.ArrayList;

import java.util.Iterator;

import java.util.List;

public class HomeChooser extends Activity

implements View.OnClickListener

{

private List<String> homeLaunchersComponentArray = new ArrayList();

CheckBox mBoot;

private ComponentName mComponentName;

private Context mContext;

Button mDisable;

Button mEnable;

private PackageManager mPackageManager;

Button mSelect;

private SharedPreferences mSharedPreferences;

private void selectLauncher()

{

ArrayList localArrayList = new ArrayList();

Intent localIntent = new Intent("android.intent.action.MAIN");

localIntent.addCategory("android.intent.category.HOME");

List localList = this.mPackageManager.queryIntentActivities(localIntent, 0);


Iterator localIterator;

if (localList != null)

localIterator = localList.iterator();

while (true)

{

if (!localIterator.hasNext())

{

CharSequence[]arrayOfCharSequence=(CharSequence[])localArrayList.toArray(newCharSeque

nce[localArrayList.size()]);

AlertDialog.Builder localBuilder = new AlertDialog.Builder(this);

localBuilder.setTitle("Options for ");

localBuilder.setItems(arrayOfCharSequence, new DialogInterface.OnClickListener()

{

Publicvoid onClick(DialogInterface paramAnonymousDialogInterface, int paramAnonymousInt)

{

PreferenceManager.getDefaultSharedPreferences(HomeChooser.this.mContext).edit().putString(

"HomeLauncher",

(String)HomeChooser.this.homeLaunchersComponentArray.get(paramAnonymousInt)).commit(

);

}

}).show();

return;


}

ResolveInfo localResolveInfo = (ResolveInfo)localIterator.next();

if (localResolveInfo.activityInfo.packageName.equals("com.TwinBlade.PicturePassword"))

continue;

try

{

ApplicationInfolocalApplicationInfo2=this.mPackageManager.getApplicationInfo(localResolveI

nfo.activityInfo.packageName, 0);

localApplicationInfo1 = localApplicationInfo2;

ActivityInfo localActivityInfo = localResolveInfo.activityInfo;

ComponentNamelocalComponentName=newComponentName(localActivityInfo.applicationInfo

.packageName, localActivityInfo.name);

this.homeLaunchersComponentArray.add(localComponentName.flattenToString());

localArrayList.add((String)this.mPackageManager.getApplicationLabel(localApplicationInfo1));

}

catch (Exception localException)

{

while (true)

ApplicationInfo localApplicationInfo1 = null;

}

}

}


public void onClick(View paramView)

{

switch (paramView.getId())

{

case 2131427346:

default:

case 2131427348:

case 2131427349:

case 2131427347:

case 2131427345:

}

while (true)

{

return;

this.mPackageManager.setComponentEnabledSetting(this.mComponentName, 1, 1);

Utilities.mHomeLauncherOnBoot = false;

continue;

this.mPackageManager.setComponentEnabledSetting(this.mComponentName, 0, 1);

continue;

selectLauncher();

continue;


if (this.mBoot.isChecked())

this.mSharedPreferences.edit().putBoolean("StartOnBoot", true).commit();

else

this.mSharedPreferences.edit().putBoolean("StartOnBoot", false).commit();

}

}

public void onCreate(Bundle paramBundle)

{

super.onCreate(paramBundle);

setContentView(2130903045);

this.mContext = this;

this.mSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this);

this.mPackageManager = getPackageManager();

this.mComponentName=newComponentName("com.TwinBlade.PicturePassword","com.TwinBl

ade.PicturePassword.HomeLauncher");

this.mEnable = ((Button)findViewById(2131427348));

this.mDisable = ((Button)findViewById(2131427349));

this.mSelect = ((Button)findViewById(2131427347));

this.mBoot = ((CheckBox)findViewById(2131427345));

this.mEnable.setOnClickListener(this);

this.mDisable.setOnClickListener(this);


this.mSelect.setOnClickListener(this);

this.mBoot.setOnClickListener(this);

this.mBoot.setChecked(this.mSharedPreferences.getBoolean("StartOnBoot", false));

}

}

Image

package com.TwinBlade.PicturePassword;

import android.annotation.SuppressLint;

import android.app.Activity;

import android.content.Intent;

import android.graphics.Bitmap.CompressFormat;

import android.net.Uri;

import android.os.Bundle;

import android.provider.MediaStore.Images.Media;

import android.view.Display;

import android.view.View;

import android.view.View.OnClickListener;

import android.view.WindowManager;

import android.widget.Button;

import com.android.camera.CropImageIntentBuilder;

import java.io.File;


import java.io.FileOutputStream;

import org.acra.ACRA;

import org.acra.ErrorReporter;

@SuppressLint({"WorldWriteableFiles"})

public class Image extends Activity

implements View.OnClickListener

{

private static final int REQ_CODE_CROP_IMAGE = 2;

private static final int REQ_CODE_PICK_IMAGE = 1;

private int mDisplayHeight;

private int mDisplayWidth;

Button mExternal;

Button mInternal;

private Uri getFileUri()

{

try

{

openFileOutput("PhotoData.jpg", 2).close();

return Uri.fromFile(new File(getFilesDir(), "PhotoData.jpg"));

}

catch (Exception localException)


{

while (true)

{

Utilities.showToast(this, "Error Writing Data To Internal Storage \n Storage Unaccessible", 4,

true);

ACRA.getErrorReporter().handleException(localException);

}

}

}

protected void onActivityResult(int paramInt1, int paramInt2, Intent paramIntent)

{

super.onActivityResult(paramInt1, paramInt2, paramIntent);

switch (paramInt1)

{

default:

case 1:

case 2:

}

while (true)

{

return;


if (paramInt2 == -1)

{

CropImageIntentBuilderlocalCropImageIntentBuilder=newCropImageIntentBuilder(this.mDispl

ayWidth, this.mDisplayHeight, this.mDisplayWidth, this.mDisplayHeight, getFileUri());

localCropImageIntentBuilder.setSourceImage(paramIntent.getData());

startActivityForResult(localCropImageIntentBuilder.getIntent(this), 2);

}

else

{

finish();

continue;

if (paramInt2 != -1)

Utilities.showToast(this, "Image Not Cropped", 4, true);

finish();

}

}

}

public void onAttachedToWindow()

{

super.onAttachedToWindow();

if (SetupWizard.mSetupRunning)


sendBroadcast(new Intent("com.TwinBlade.PicturePassword.SETUP_NEXT"));

}

public void onClick(View paramView)

{

switch (paramView.getId())

{

default:

case 2131427350:

case 2131427351:

}

while (true)

{

return;

Intent localIntent2 = new Intent("android.intent.action.GET_CONTENT");

localIntent2.setType("image/*");

startActivityForResult(localIntent2, 1);

continue;

IntentlocalIntent1=newIntent("android.intent.action.PICK",MediaStore.Images.Media.EXTERN

AL_CONTENT_URI);

localIntent1.setType("image/*");

localIntent1.putExtra("crop", "true");


localIntent1.putExtra("scale", true);

localIntent1.putExtra("aspectX", this.mDisplayWidth);

localIntent1.putExtra("aspectY", this.mDisplayHeight);

localIntent1.putExtra("return-data", false);

localIntent1.putExtra("output", getFileUri());

localIntent1.putExtra("outputFormat", Bitmap.CompressFormat.JPEG.toString());

startActivityForResult(localIntent1, 2);

}

}

public void onCreate(Bundle paramBundle)

{

super.onCreate(paramBundle);

setContentView(2130903046);

if (!Utilities.landscapeMode())

setRequestedOrientation(1);

while (true)

{

Display localDisplay = getWindowManager().getDefaultDisplay();

this.mDisplayWidth = localDisplay.getWidth();

this.mDisplayHeight = localDisplay.getHeight();

this.mInternal = ((Button)findViewById(2131427350));


this.mExternal = ((Button)findViewById(2131427351));

this.mInternal.setOnClickListener(this);

this.mExternal.setOnClickListener(this);

return;

setRequestedOrientation(0);}}}



3. ABBREVATIONS

CCP Cued Click Points

SDK Software Development Kit

DFD Data Flow Diagram

API Application Programming Interface

GUI Graphical User Interface

brind

Documents

graphical passwords

session passwords

strong passwords

projecttextual passwords

weak passwords

insecure passwords

use of alphanumeric

password lists