Brind

Session Authentication Password Using Image
CHAPTER-I
1. INTRODUCTION
1.1. OVERVIEW OF THE PROJECT

Access to computer systems is most often based on the use of alphanumeric passwords.
However, users have difficulty remembering a password that is long and random-appearing.
Instead, they create short, simple, and insecure passwords. Graphical passwords have been
designed to try to make passwords more memorable and easier for people to use and, therefore,
more secure. Using a graphical password, users click on images rather than type alphanumeric
characters. This Project describes the Pass Points system, its security characteristics, and the
empirical study we carried out comparing Pass Points to alphanumeric passwords. In the
empirical study participants learned either an alphanumeric or graphical password and
subsequently carried out three longitudinal trials to input their passwords over a period of five
weeks. The results show that the graphical group took longer and made more errors in learning
the password, but that the difference was largely a consequence of just a few graphical
participants who had difficulty learning to use graphical passwords.
1.2. OBJECTIVE OF THE PROJECT

Textual passwords are the most common method used for authentication. But textual
passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder
surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most
of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be
combined with images or colors to generate session passwords for authentication. Session
passwords can be used only once and every time a new password is generated. In this, two
techniques are proposed to generate session passwords using image which are resistant to
shoulder surfing. These methods are suitable for Personal Digital Assistants.
KGISL Institute of Information ManagementPage 1
1.3 BACKGROUND STUDY

1.3.1 STUDY ON EXISTING SYSTEM
Computer systems and the information they store and process are valuable resources
which need to be protected. Computer security systems must also consider the human factors
such as ease of a use and accessibility. Current secure systems suffer because they mostly ignore
the importance of human factors in security. An ideal security system considers security,
reliability, usability, and human factors. All current security systems have flaws which make
them specific for well trained and skilled users only. A password is a secret that is shared by the
verifier and the customer. Passwords are simply secrets that are provided by the user upon
request by a recipient. They are often stored on a server in an encrypted form so that a
penetration of the file system does not reveal password lists. Passwords are the most common
means of authentication because they do not require any special hardware. Typically passwords
are strings of letters and digits, i.e. they are alphanumeric. Such passwords have the disadvantage
of being hard to remember. Weak passwords are vulnerable to dictionary attacks and brute force
attacks where as Strong passwords are harder to remember
1.3.2 PROBLEM AND WEAKNESS OF CURRENT SYSTEM
The passwords should be at least 8 characters long.

The password should not be easy to relate to the user(e.g., last name, birth date)
Ideally the user should combine upper and lower case letters and digits
Users tend to write password down or use the same passwords for different accounts.
Key-space is limited to 64 ASCII characters.
CHAPTER-II
2. SYSTEM ANALYSIS
2.1 STUDY ON PROPOSED SYSTEM
2.1.1 DEFINING THE PROBLEM
Though, users have difficulty remembering a password that is long and random-appearing.
Instead, they create short, simple, and insecure passwords. Graphical passwords have been
designed to try to make passwords more memorable and easier for people to use and, therefore,
more secure. Using a graphical password, users click on images rather than type alphanumeric
characters.
Graphical password is an authentication system that works by having the user select from
images in a specific order, presented in a graphical user interface (GUI).It can be used in web
login application, atm machines, and mobiles devices.
2.1.2 DEVELOPING SOLUTION STRATEGIES
A password is a secret that is shared by the verifier and the customer. Passwords are
simply secrets that are provided by the user upon request by a recipient. They are often stored
on a server in an encrypted form so that a penetration of the file system does not reveal password
lists. Passwords are the most common means of authentication because they do not require any
special hardware. Typically passwords are strings of letters and digits, i.e. they are alphanumeric.
Such passwords have the disadvantage of being hard to remember. Weak passwords are
vulnerable to dictionary attacks and brute force attacks where as Strong passwords are harder to
remember
ADVANTAGES OF PROPOSED SYSTEM
Though, users have difficulty remembering a password that is long and random-
appearing. Instead, they create short, simple, and insecure passwords.

Graphical passwords have been designed to try to make passwords more memorable and
easier for people to use and, therefore, more secure.

Using a graphical password, users click on images rather than type alphanumeric
characters.
Dictionary attacks are infeasible
On-average-millions of years to break into the system
Easy to memorize
Key-space is unlimited
MODULES
1. Pattern Selection
2. Picture Selection
3. Registration
4. Login
MODULE DESCRIPTION
1. Pattern Selection
In Pattern Selection phase the user will be choose the patterns such as POINT, LINE,
and ELLIPSE. They may select the pattern depending upon their capabilities and also they
have a choice to select any one of the pattern or combined together. But they should choose one
pattern.
2. Picture selection
Picture selection phase there are two ways for selecting picture password authentication.
1. User defines pictures: Pictures are selected by the user from the hard disk or any other image
supported devices.

2. System defines pictures: pictures are selected by the user from the database of the password
system.
Users may select any pixels in the image as click-points for their password. During password
creation, most of the image is dimmed except for a small view port area that is randomly
positioned on the image. Users must select a click-point within the view port. If they are unable
or unwilling to select a point in the current view port, they may press the Shuffle button to
randomly reposition the view port. The view port guides users to select more random passwords
that are less likely to include hotspots. A user who is determined to reach a certain click-point
may still shuffle until the view port moves to the specific location, but this is a time consuming
and more tedious process.
3. Register
In this phase the user already choose the options like any type of pattern and picture then
they must draw the pattern on the picture to store in the database for registration process. After
completing the pattern drawn the registration will be completed.
4. Login
In this phase, after registration process the user must validate the pattern by using the
login .The session refers to a limited time of communication between two systems. The user
must give the right option; otherwise the session will be expired.
2.2 SYSTEM SPECIFICATION

The software should be developed according to the system. The user interface module should be
developed in such a way that the user can easily operate the system. The most important
responsibility of developer is maintenance. He is responsible to give support to the customer
when they are getting problem related to the software.
2.2.1 APPLICATION SPECIFICATION

THREE-TIER ARCHIETECTURE

Three-tier architecture introduces a server between the client and the server. The login act
as the Presentation Layer which user draw the pattern. The validation performs in the Business
Layer. The pattern stored in the Data Layer. Session authenticate password uses the 3-tier
application is a program, which is organized into three major disjunctive layers. These layers are,
Presentation layer (Front end)
Business layer (Logical)
Data layer (Backend)
Fig 2.1 Three Tiered Client/Server Architecture

Application layer
Application layer is the form which provides the user interface to either programmer of
end user. Programmer uses this layer for designing purpose and to get or set the data back and
forth.
Business layer
This layer is a class which we use to write the function which works as a mediator to
transfer the data from Application or presentation layer or data layer. In the three tier architecture
we never let the data access layer to interact with the presentation layer.
Data Access Layer

This layer is also a class which we use to get or set the data to the database back and
forth. This layer only interacts with the database. We write the database queries or use stored
procedures to access the data from the database or to perform any operation to the database.
2.2.2. NETWORK SPECIFICATION
LANs - Local Area Networks are really the basic building blocks of all internetworks. These
technologies are implemented at the Data Link Layer of the OSI model or layer 2. This is
because these network technologies are largely determined by the physical media they share and
how they control access to this shared medium. This Data Link Layer is also called the MAC Media Access Layer. The basic traffic format at this level is called a frame.
So, in LANs, communication can only deal with MAC addresses which are serial number like
device identifiers. Things like IP addresses are only necessary when routing data across LAN
segments through an internetwork. These 2nd layer technologies can only support switched
internetwork operations. They are only good for local areas or simple paths over longer
distances, where not much guidance to deliver the data is needed.
2.2.3 HARDWARE SPECIFICATION
Processor
: Pentium IV 2.4 GHz.
Hard Disk
: 40 GB.
Floppy Drive
: 1.44 Mb.
Monitor
: 14 Colour Monitor.
Mouse
: Optical Mouse.
RAM
: 512 Mb.
Keyboard
: 101 Keyboards.
2.2.4 SOFTWARE SPECIFICATION

Software
: JAVA SE 7 SDK, Eclipse
Language
Java
Operating System : Windows XP

Back End
: SQLite
2.2.5 SOFTWARE ENVIRONMENT


JAVA
Java is the first programming language designed from ground up with network
programming in mind. The core API for Java includes classes and interfaces that provide uniform
access to a diverse set of network protocols. As the Internet and network programming has
evolved, java has maintained its cadence. New APIs and toolkit have expanded the available
options for the java network programmer.
Java is both a programming language and an environment for executing programs written
in java language. Unlike traditional compilers, which convert source code into machine level
instructions, the java compiler translates java source code into instructions that are interpreted by
the runtime Java Virtual Machine. So unlike language like C and C++, Java is an interpreted
language
Java Environment
The Java environment is composed of several separate entities.
Java Language
This is a language that follows object-oriented concept used to create executable contents
such as applications and applets. But Java is not pure object oriented language, it does not
support multiple inheritance & Operator overloading.
Java Runtime Environment
The Runtime Environment used to execute the code. It is made up of the java language
and java virtual machine. It is portable and it is platform neutral.
Java Application
Applications are programs written in java to carry out certain tasks on standalone local
computer. Execution of a stand-alone program involves two steps.
Compiling the source code in to byte code using Javac.
Executing byte code program using java interpreter
Java Applets
Java applets are pieces of java code that are embedded in HTML document using the
applet tag. When the browser encounters such code it automatically download it and execute it.
Java Virtual Machine


It is a specification to which java codes must be written. All java code is to be compiled
in this nonexistent virtual machine. Writing the code that compiles in JVM ensures platform
independence.
Advantages of Java
Robust
Secure
Portable
ABOUT THE TOOL

NETBEANS IDE
The Net Beans Platform allows applications to be developed from a set of modular
software components called modules. A module is a Java archive file that contains Java classes
written to interact with the Net Beans Open APIs and a manifest file that identifies it as a
module.
SQLite
SQLite is an Open Source database. SQLite supports standard relational database features
like SQL syntax, transactions and prepared statements. The database requires limited memory at
runtime (approx. 250 Kbyte) which makes it a good candidate from being embedded into other
runtimes. SQLite supports the data types TEXT (similar to String in Java), INTEGER (similar to
long in Java) and REAL (similar to double in Java). All other types must be converted into one
of these fields before getting saved in the database.
2.3 COST ESTIMATION AND SCHEDULING

Let the total lines of project estimated to be 4000 lines.
Then total kilo lines of code(KLOC)=3 KLOC
According to the basic COCOMO model:
(Assuming the team to be organic)
Effort=2.4(KLOC)1.05

=2.4(4)1.05
Effort=10 PM
Time=2.5(Effort)0.38
=2.5(10)0.38
Time=6 Months
Cost= 5.4*10,000
=
54,000
Group Size=Effort/Time
=10/6
Group Size= 2 Persons
2.4 FINAL OUTLINE OF THE PROPOSED SYSTEM

The proposed system overcomes all the drawbacks of the existing system.
Some of the significant accrued benefits include,
The system has the capability for easy integration with other systems.
The user can access from anywhere
It is a platform independent.
New modules can be added to the existing system with less effort
CHAPTER-III
3. DESIGN AND DEVELOPMENT PROCESS

3.1 FUNDAMENTAL DESIGN CONCEPTS
Although the degree of interest in each concept has varied over the year, each has
stood the test of time. Each provides the software designer with a foundation from which more
sophisticated design methods can be applied. Fundamental design concepts provide the necessary
framework for getting it right.
A software design is a meaningful engineering representation of some Software
product that is to be built. A design can be traced to the customers requirements and can be
assessed for quality against predefined criteria.
During the design process the software requirements model is transformed into
design models that describe the details of the data structures, system architecture, interface, and
components. Each design product is reviewed for quality before moving to the next phase of
software development.
3.2 DESIGN NOTATIONS

DATA FLOW DIAGRAM
Analysis model help us to understand the relationship between different
components in the system design. Analysis model shows user more clearly, how a system will
function. This is the first technical representation of a system. The analysis is modeling must
achieve three primary objectives.
To establish a basis for creation of software design.

To describe what the user requires.
To define a set of requirement that can be validated once the software is built Data
Flow Diagram.
A Data Flow Diagram is a graphical technique that depicts information flow and
transforms that are applied as data move from input to output. The DFD is used to represent
increasing information flow and functional details. A level 0 DFD, also called a fundamental
system model or a Context Model, represents the entire software elements as a bubble with input
and output indicated by incoming and outgoing arrows respectively. Additional process and
information flow parts are represented in the next level i.e., Level 1 DFD. Each of the processes

represented at Level 1 are sub functions of overall system depicted in the Context Model. Any
processes, which are complex in Level 1, will be further represented into sub functions in the
next Level, i.e., in level 2.
Basic DFD symbols:
To Construct a Data Flow Diagram, we use
Arrow
Circles
Open End Box
Squares
Arrow
An arrow identifies the data flow in motion. It is a pipeline through which information is
flown like the rectangle in the Flow Chart.
Data may flow a source to a processor and from a data store or process. An arrow line
depicts the flow, with the arrowhead pointing in the direction of flow.
Circle
Circle stands for process that converts the data into information
A process represents transformation where incoming data flow is changed into outgoing
flows.
Rectangle

A Rectangle defines a source or destination of system data. A source is a person or a part
of organization, which enters or receives information from the system but is considered to be
outside the context of the data flow model.
Open End Box

An Open End Box represents a data store, data at rest or temporary reposition of data.
A graphical picture of the logical steps and sequence involved in a procedure or a

program is called a flow chart. Unlike detailed flow chart, Data Flow Diagram does not supply
detailed description of the modules but graphically describes a systems data how the data
interact with the system.
Six rules for considering the Data flow Diagram
Arrows should not cross each other

Squares, circles and Data Store must have names
Decomposed data flow squares and circles can have the same names.
Choose meaningful names for data flow
Draw all data flows around the outside of the diagram.

3.2.1 CONTEXT FLOW DIAGRAM
Fig 3.1 Context Flow Diagram

3.2.2 LEVEL 1 DATA FLOW DIAGRAM
Fig 3.2 Level 1 Data Flow Diagram
KGISL Institute of Information ManagementPageClose

14
Pending
Tasks

3.2.3. STRUCTURE CHART
A structure chart is a design tool, constructed of squares representing the different
modules in the system, and lines that connect them. The lines represent the connection and or
ownership between activities and sub activities as they are used in organization charts.
Programmers use a structure chart to build a program in a manner similar to how an architect
uses a blueprint to build a house. In the design stage, the chart is drawn and used as a way for the
client and the various software designers to communicate.
Structure Chart is used to show the hierarchical arrangement of the modules in a Session
Authentication Password Using Image. Each rectangular box in the structure chart represents a
form and module. The names of the forms are written inside the box. An arrow joins two forms
that have an invocation relationship.
A structure chart depicts
the size and complexity of the system, and

number of readily identifiable functions and modules within each function and
whether each identifiable function is a manageable entity or should be broken
down into smaller components
The module and forms in the Session Authentication Password Using Image represents
in the below structure chart.
Pattern selection
Picture selection
Three patterns
Select various
pictures from
gallery
Line
Registration
Register the pattern

in the image
Point
circle
Fig 3.3 Structure Chart
3.3 DESIGN PROCESS

Login
Verify the
registered pattern
is same or not

3.3.1 DATABASE DESIGN
Software design is the iterative process through which requirements are translated into a
Blueprint for constructing the S/W. The design must implement all the explicit requirements
contained in the analysis model, and it must accommodate all the implicit requirements desired
by the customer. The design must be readable, understandable for those who generate code and
for those who test subsequently support the software. The design should provide a complete
picture of the software, addressing the data, functional, behavioral domains from an
implementation perspective.
To design an application it is necessary to design a database file. These files are called
tables. After designing the output and input, tables must be organized according to the storage
needs of the back end used. Normalization procedure is used to avoid duplication of data and to
produce feasibility necessary to support different functional requirements. In this project some
fields are assigned as primary key. The repeating data are removed and are placed in the
corresponding entity. In the master table primary key is assigned and this is referenced by the
same field in the transaction table which is assigned there as foreign key. Every non key attribute
in this system are non-transitively dependent on primary key. The records are retrieved by
selecting the primary key.
Normalization
It is a technique for designing relational database tables to minimize duplication of information.
The goals of normalization are,
Eliminating redundant data
Ensuring data dependencies make sense.
3.3.2. TABLE STRUCTURE

TABLE NAME: TB_MASTER_PICTURES
PRIMARY KEY: VCH_PICTURE_ID
COLUMN NAME
DATA TYPE
CONSTRAINT
Vch_picture_id
Varchar(10)
Primary Key
Blob_pictures
Blob
Not Null
DESCRIPTION
Auto generation of
picture id for each
pictures
Storing pictures
Table 3.2 It contain the details of the picture
TABLE NAME: TB_CHILD_REGISTRATION

PRIMARY KEY: VCH_USER_ID
FOREIGN KEY: VCH_PICTURE_ID
COLUMN NAME
DATA TYPE
CONSTRAINT
Vch_user_id
Varchar(10)
Primary Key
Vch_picture_id
Varchar(10)
Foreign Key, Not Null
Int_position
Int(200)
Not Null
Table 3.2 It contain the details of the registration
DESCRIPTION
Auto generation of
user id
Select picture id from
database
Indicate the position
3.3.3 INPUT DESIGN

The input design is the process of converting the user-oriented inputs in to the computerbased format. For providing a good input design for the application easy data input and selection
features are adopted.
The input design requirements are user friendliness and consistent format. The input form
comprises of Login form, which play a major role in the project that screens the unauthorized
user entering into the system. The given below the Input screens.
Picture Selection
Registration
Picture Selection
Description: Select the Picture from gallery for register the pattern.
Input: Select the picture from Database.
Process: Store the picture in the table
Table: Tb_Master_Picture
Registration
Description: Register the pattern such as line, point, and circle in the image.
Input: Draw the pattern as per instruction.
Process: Store the pattern in the table
Table: Tb_Child_Registration
3.3.4 OUTPUT DESIGN
The output design presents the manipulated data to the end user. The output design acts as
medium of communication to the user by providing the desired data that may be either a stored
data fetched from the database or may be manipulated result displayed to the user for
confirmation before it is stored into the database.
The quality output is one, which meets the requirements of the end user and presents the
information clarity. In any system results of processing are communicated to the users and to

other systems through outputs. The output design deals with determining how the information is
to be displayed for immediate need and also for the hard copy output. The given below the
output screens.
3.4 DEVELOPMENT APPROACH

Project development approach
Software process model
To solve actual problems in industry settings, software engineer or a team of engineers must
incorporate a development strategy that encompasses the process, methods and tools layers and
generic phases. This strategy is often referred to as process model or a software engineering
paradigm. A process model for software engineering is chosen based on the nature of the project
and application, the methods and tools to be used, and the controls and deliverables that are
required.
The Linear Sequential Model
System/Information Engineering
Analysis
Design
Code
Test
Fig 3.4Linear Sequential Model

System/information Engineering and Modeling
System engineering and analysis encompasses require gathering at the system level.
Information engineering encompasses requirements gathering at the strategic business level.
Software requirement analysis
To understand the nature of the program to be built, the S/W engineer must understand
The information domain of the software.

Required function.
Behavior.
Performance &Interface.
Design
It focuses four distinct attributes of a program
Data structure
Software architecture
Interface representations &
Procedural (Algorithmic) Detail.
This process translates the requirements in to representation, and the design is documented.
Code generation
The design is translated in to machine readable form in code generation
Testing
The testing process focuses
The logical internals of the software.
Ensuring all the statements have been tested
On the Functional Externals.
Ensure that the Defined input will produce the actual Results.
Support
Software will undergo a change after it is delivered to the customer. Change will occur
because
Errors have been encountered.
S/W must be adapted to accommodate to new environment.
CHAPTER IV
4. TESTING AND IMPLEMENTATION
4.1 SYSTEM TESTING
System testing is a type of testing to confirm that all code modules work as specified, and
that the system as a whole performs adequately on the platform on which it will be deployed.
System testing should be performed by testers who are trained to plan, execute, and report on
application and system code. They should be aware of scenarios that might not occur to the end
user, like testing for null, negative, and format inconsistent values.
System testing of software or hardware is testing conducted on a complete, integrated system to
evaluate the system's compliance with its specified requirements. A tester should be able to
repeat the steps that caused an error. Test techniques include, but are not limited to, the process
of executing a program or application with the intent of finding software bugs.
4.1.1 TESTING AND METHODOLOGIES
Requirements Trace ability
As most interested portion is whether the system is meeting its requirements or not, for
that testing should be planned so that all requirements are individually tested. We checked the
output of certain combination of inputs, which gives desirable results, or not. Strictly stick to the
requirements specifications, gives the path to get desirable results from the system.
Tested Items
Tested items are like sending request to administrator, solving the sent request by the
Assignee, changing password of Assignee and student, sending user feedback, adding new
categories, adding new departments etc.
Testing Schedule
Testing has been done for each procedure back-to-back so that errors and omissions can
be found as early as possible. Once the system has been developed fully testing procedure is
followed on other machines, which differs in configuration.
Software Testing involves executing an implementation of the software with test data and
examining the outputs of the software and its operational behavior to check that it is performing
as required.
Different testing techniques are as described below:
Black-box Testing
In Black-Box Testing or Functional Testing, the output of the module and software, is
taken into consideration, i.e. whether the software gives proper output as per the requirements or
not. In another words, this testing aim to test a program's behavior against it specification
without making any reference to the internal structure of the program or the algorithms used.
Therefore the source code is not needed, and so even purchased modules can be tested. The
program just gets a certain input and its functionality is examined by observing the output.
This can be done in the following way:
Input Interface
Processing
Output Interface
The tested program gets certain inputs. Then the program does its job and generates a certain
output, which is collected by a second interface. This result is then compared to the expected
output, which has been determined before the test.
White-box Testing
White Box testing is used as an important primary testing approach. Here code is inspected
to see what it does; tests are designed to exercise the code. Code is tested using code scripts,
driver etc that are employed to directly interface with and drive the code.
Integration Testing
After the individual modules were tested out, the integration procedure is done to create a
complete system. This integration process involves building the system and testing the resultant
system for problems that arise from component interactions.
The top-down strategy is applied to validate high-level components of a system before design
and implementations have been completed.
TEST CASES
Test Cases using Unit Testing:- Picture Selection Module
Test Id
Test Condition
Test
Description
LF_01
User select the

Picture
User selects the

picture from
gallery
LF_02
User crop the

picture
User does not

crop the picture
LF_05
User saves the

picture
User crops the

picture and then
save it.
User discard
the picture
User wants to
select other
picture choose
discard
LF_08
Test
Input
Data
Actual
Result
Expected
Result
System
accepts the
Picture
System should
accept the
picture
System does
not accepts
the picture
System shows
error message
Pass
System
accepts the
picture
System should
accept the
picture
Pass
System
discard the
selected
picture
System should
discard the
selected
picture
Pass
Result
Pass

Table 4.1 Picture table done with Unit testing
Screen
Fig
4.1 Picture Selection Form
Integration Testing
Test case for Integration Testing: Registration
Test
ID
Test
Condition
Test Description
IG_01
User
register
the pattern
User submit the

register it redirects
into login form
IG_02
User
forget the
pattern
User draw the

pattern wrongly it
redirects the pin
number page
Actual
Result
Expected
Result
System
accepts the
data
System should
accepts the data
Pass
System does
not accept
the wrong
pattern
System should
show the pin
number page
Pass
Table 4.2 Register table done with Integration testing
Screen
Fig
Test
Input
Data
4.2 Register Form
Result
Validation Testing
Validation testing ensures that the software has been build satisfies the customer
requirements. Validation testing is used to validate the fields in the form. It mainly focuses on
text field and numeric field. But in this project it validates pattern
Test
ID
Test
Test
Test Description
Input
Data
Actual
Result
Expected
Result
LF_01
Draw the
Pattern
Draw the correct

pattern as per
given
instructions
System accept
only correct
pattern
System should
accept only
correct pattern
Pass
LF_02
Forget the
pattern
User forget the

pattern
System shows
access denied
System should
show error
message
Pass
Condition
Table 4.2 Register table done with Validation testing
Screen
Result
Fig
4.3 Login Form
4.2 QUALITY ASSURANCE

Quality assurance consists of the auditing and reporting functions of management. The goal of
quality assurance is to provide management with the data entries necessary to be informed about
the product quality thereby gaining the goal of insight and confidence that the product quality is
meeting.
Greater emphasis on quality in organization requires quality assurance. The development process
must include checks throughout the process to ensure that the final product meets the original
user requirements.
On the development process quality assurance process is integrated into a linear development
cycle through validation and verification performed at crucial system development steps .The
goals of the management is to institute and monitor a quality assurance program with in the
development process .Quality assurance includes,
Validation of the system against requirements.
Provide the security for hackers.
4.2.1 GENERIC RISKS


A risk is a potential event with negative consequences that has not happened yet. However
a risk could also be defined as the event with unforeseen positive consequences. By identifying
the risks we can avoid failures and increase the success rate of our system.
4.2.2 SECURITY TECHNOLOGIES& POLICIES
Security is necessary in today's environment because data processing represents a
concentration of valuable assets in the form of information, equipment, and personnel. Security
and privacy must focus on controlling unauthorized access. The following security policies are
implemented in our system. They are
Security
Authorization and Access Control.
Session Management.
4.3 SYSTEM IMPLEMENTATION

Implementation is the stage of the project where the theoretical design is turned into a
working system. At this stage the main work load, the greatest upheaval and the major impact on
the existing system shifts to the user department. If the implementation is not carefully planned a
controlled it can cause and confusion.
Implementation includes all those activities that take place to convert from the old system to the
new one. The new system may be totally new, replacing an existing manual or automated system
or it may be a major modification to an existing system. Successful implementation may not
guarantee improvement in the organization using the new system, but improper installation will
prevent it.
4.3.1 Implementation Procedures
Implementation of software refers to the final installation of the package in its real
environment, to the satisfaction of the intended users and the operation of the system.
The active user must be aware of the benefits of using the system.
Their confidence in the software is built up.
Proper guidance is imparted to the user so that he is comfortable in using the
application.
The user must know that for viewing the result, the server program should be running
in the server.
If the server object is not up running on the server, the actual processes wont take
place.
4.3.2 User Training

Our entire system was developed very user friendly. No extra training was required to use
our system. Our system automatically guides (fully user guided) the user to give input and to
produce the output.
4.3.3 Operational Documentation

An online help which gives the clear idea about our system was attached with our system.
Whenever the user needs guidance he can get help from the help manual.
4.4 SYSTEM MAINTENANCE

The maintenance phase of the software cycle is the time in which a software product
performs useful work. After a system is successfully implemented, it should be maintained in a
proper manner. System maintenance is an important aspect in the software development life
cycle.
The need for system maintenance is for it to make adaptable to the changes in the system
environment. There may be social, technical and other environmental changes, which affect a
system, which is being implemented. Software product enhancements may involve providing
new functional capabilities, improving user displays and mode of interaction, upgrading the
performance characteristics of the system.
Maintenance is actually implementation of the review plan as important as it is
programmers and analyst is to perform or identify with him or herself with the maintenance.

Analyst and programmers spend fair more time maintaining programmer then they do writing
them Maintenances account for 50-80% of total system development.
4.4.1 Adaptability, Enhancement and Fixation
Our system was developed to accept the new changes in the system environment. There
may be social, technical and other environmental changes, which affect a system, which is being
implemented. Our system was developed in the way to adapt the enhancements which may
involve providing new functional capabilities, improving user displays and mode of interaction,
upgrading the performance characteristics of the system.
CHAPTER-V
5. CONCLUSION
The proposed Cued Click Points scheme shows promise as a usable and memorable
authentication mechanism. By taking advantage of users ability to recognize images and the
memory trigger associated with seeing a new image, CCP has advantages over Pass Points in
terms of usability. Being cued as each images shown and having to remember only one clickpoint per image appears easier than having to remember an ordered series of clicks on one
image.
CCP offers a more secure alternative to Pass Points. CCP increases the workload for
attackers by forcing them to first acquire image sets for each user, and then conduct hotspot
analysis on each of these images.
5.1 SCOPE FOR FURTHER ENHANCEMENT

In future it has great scope. It can be used everywhere instead of text-based password .I
can increase the security of this system by increasing the number of levels used, the number of
tolerance squares used.

In future development we can also add challenge response interaction. In challenge
response interactions, server will present a challenge to the client and the client need to give
response according to the condition given. If the response is correct then access is granted. Also i
can limit the number a user can enter the wrong password.
5.2 BIBLIOGRAPHY
BOOKS
Android 4: New features for Application Development

Android Application Development Cookbook-john whiley & sons
Android Community Experts-Beijing Cambridge Farnham Kln Sebastopol
Android in Action Third Edition
BEGINNING ANDROID 4 APPLICATION DEVELOPMENT
Developing Android Applications with Adobe AIR by Vronique Brossier
WEB REFERENCES
www.stackoverflow.com,
www.tutorialpoin.com
www.google.co.in
www.androidtutorial.com
www.android.com,
www.androidschool.com
ANNEXURES
1. INPUT DESIGN
Home Page
Screen 5.1 Home page

Gesture Selection
Screen 5.2 Gesture Selection Page

Picture Selection
Screen 5.3 Picture page

Crop the Picture
Screen 5.4 Crop page

Time Out
Screen 5.5 Session page

Register
Screen 5.6 Register page
2. OUTPUT DESIGN
Login
Screen 5.7 Login page

Login Incorrect
Screen 5.8 Login page
3. SOURCE CODE
HomeChooser
package com.TwinBlade.PicturePassword;
import android.app.Activity;
import android.app.AlertDialog.Builder;
import android.content.ComponentName;
import android.content.Context;
import android.content.DialogInterface;
import android.content.DialogInterface.OnClickListener;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.SharedPreferences.Editor;

import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.os.Bundle;
import android.preference.PreferenceManager;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.CheckBox;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
public class HomeChooser extends Activity
implements View.OnClickListener
{
private List<String> homeLaunchersComponentArray = new ArrayList();
CheckBox mBoot;
private ComponentName mComponentName;
private Context mContext;
Button mDisable;

Button mEnable;
private PackageManager mPackageManager;
Button mSelect;
private SharedPreferences mSharedPreferences;
private void selectLauncher()
{
ArrayList localArrayList = new ArrayList();
Intent localIntent = new Intent("android.intent.action.MAIN");
localIntent.addCategory("android.intent.category.HOME");
List localList = this.mPackageManager.queryIntentActivities(localIntent, 0);
Iterator localIterator;
if (localList != null)
localIterator = localList.iterator();
while (true)
{
if (!localIterator.hasNext())
{
CharSequence[]arrayOfCharSequence=(CharSequence[])localArrayList.toArray(newCharSeque
nce[localArrayList.size()]);
AlertDialog.Builder localBuilder = new AlertDialog.Builder(this);
localBuilder.setTitle("Options for ");

localBuilder.setItems(arrayOfCharSequence, new DialogInterface.OnClickListener()
{
Publicvoid onClick(DialogInterface paramAnonymousDialogInterface, int paramAnonymousInt)
{
PreferenceManager.getDefaultSharedPreferences(HomeChooser.this.mContext).edit().putString(
"HomeLauncher",
(String)HomeChooser.this.homeLaunchersComponentArray.get(paramAnonymousInt)).commit(
);
}
}).show();
return;
}
ResolveInfo localResolveInfo = (ResolveInfo)localIterator.next();
if (localResolveInfo.activityInfo.packageName.equals("com.TwinBlade.PicturePassword"))
continue;
try
{
ApplicationInfolocalApplicationInfo2=this.mPackageManager.getApplicationInfo(localResolveI
nfo.activityInfo.packageName, 0);
localApplicationInfo1 = localApplicationInfo2;
ActivityInfo localActivityInfo = localResolveInfo.activityInfo;
ComponentNamelocalComponentName=newComponentName(localActivityInfo.applicationInfo
.packageName, localActivityInfo.name);

this.homeLaunchersComponentArray.add(localComponentName.flattenToString());
localArrayList.add((String)this.mPackageManager.getApplicationLabel(localApplicationInfo1));
}
catch (Exception localException)
{
while (true)
ApplicationInfo localApplicationInfo1 = null;
}
}
}
public void onClick(View paramView)
{
switch (paramView.getId())
{
case 2131427346:
default:
case 2131427348:
case 2131427349:
case 2131427347:
case 2131427345:
}

while (true)
{
return;
this.mPackageManager.setComponentEnabledSetting(this.mComponentName, 1, 1);
Utilities.mHomeLauncherOnBoot = false;
continue;
this.mPackageManager.setComponentEnabledSetting(this.mComponentName, 0, 1);
continue;
selectLauncher();
continue;
if (this.mBoot.isChecked())
this.mSharedPreferences.edit().putBoolean("StartOnBoot", true).commit();
else
this.mSharedPreferences.edit().putBoolean("StartOnBoot", false).commit();
}
}
public void onCreate(Bundle paramBundle)
{
super.onCreate(paramBundle);
setContentView(2130903045);
this.mContext = this;

this.mSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this);
this.mPackageManager = getPackageManager();
this.mComponentName=newComponentName("com.TwinBlade.PicturePassword","com.TwinBl
ade.PicturePassword.HomeLauncher");
this.mEnable = ((Button)findViewById(2131427348));
this.mDisable = ((Button)findViewById(2131427349));
this.mSelect = ((Button)findViewById(2131427347));
this.mBoot = ((CheckBox)findViewById(2131427345));
this.mEnable.setOnClickListener(this);
this.mDisable.setOnClickListener(this);
this.mSelect.setOnClickListener(this);
this.mBoot.setOnClickListener(this);
this.mBoot.setChecked(this.mSharedPreferences.getBoolean("StartOnBoot", false));
}
}
Image
package com.TwinBlade.PicturePassword;
import android.annotation.SuppressLint;
import android.app.Activity;
import android.content.Intent;
import android.graphics.Bitmap.CompressFormat;

import android.net.Uri;
import android.os.Bundle;
import android.provider.MediaStore.Images.Media;
import android.view.Display;
import android.view.View;
import android.view.View.OnClickListener;
import android.view.WindowManager;
import android.widget.Button;
import com.android.camera.CropImageIntentBuilder;
import java.io.File;
import java.io.FileOutputStream;
import org.acra.ACRA;
import org.acra.ErrorReporter;
@SuppressLint({"WorldWriteableFiles"})
public class Image extends Activity
implements View.OnClickListener
{
private static final int REQ_CODE_CROP_IMAGE = 2;
private static final int REQ_CODE_PICK_IMAGE = 1;
private int mDisplayHeight;
private int mDisplayWidth;

Button mExternal;
Button mInternal;
private Uri getFileUri()
{
try
{
openFileOutput("PhotoData.jpg", 2).close();
return Uri.fromFile(new File(getFilesDir(), "PhotoData.jpg"));
}
catch (Exception localException)
{
while (true)
{
Utilities.showToast(this, "Error Writing Data To Internal Storage \n Storage Unaccessible", 4,
true);
ACRA.getErrorReporter().handleException(localException);
}
}
}
protected void onActivityResult(int paramInt1, int paramInt2, Intent paramIntent)
{

super.onActivityResult(paramInt1, paramInt2, paramIntent);
switch (paramInt1)
{
default:
case 1:
case 2:
}
while (true)
{
return;
if (paramInt2 == -1)
{
CropImageIntentBuilderlocalCropImageIntentBuilder=newCropImageIntentBuilder(this.mDispl
ayWidth, this.mDisplayHeight, this.mDisplayWidth, this.mDisplayHeight, getFileUri());
localCropImageIntentBuilder.setSourceImage(paramIntent.getData());
startActivityForResult(localCropImageIntentBuilder.getIntent(this), 2);
}
else
{
finish();
continue;

if (paramInt2 != -1)
Utilities.showToast(this, "Image Not Cropped", 4, true);
finish();
}
}
}
public void onAttachedToWindow()
{
super.onAttachedToWindow();
if (SetupWizard.mSetupRunning)
sendBroadcast(new Intent("com.TwinBlade.PicturePassword.SETUP_NEXT"));
}
public void onClick(View paramView)
{
switch (paramView.getId())
{
default:
case 2131427350:
case 2131427351:
}
while (true)

{
return;
Intent localIntent2 = new Intent("android.intent.action.GET_CONTENT");
localIntent2.setType("image/*");
startActivityForResult(localIntent2, 1);
continue;
IntentlocalIntent1=newIntent("android.intent.action.PICK",MediaStore.Images.Media.EXTERN
AL_CONTENT_URI);
localIntent1.setType("image/*");
localIntent1.putExtra("crop", "true");
localIntent1.putExtra("scale", true);
localIntent1.putExtra("aspectX", this.mDisplayWidth);
localIntent1.putExtra("aspectY", this.mDisplayHeight);
localIntent1.putExtra("return-data", false);
localIntent1.putExtra("output", getFileUri());
localIntent1.putExtra("outputFormat", Bitmap.CompressFormat.JPEG.toString());
startActivityForResult(localIntent1, 2);
}
}
public void onCreate(Bundle paramBundle)
{

super.onCreate(paramBundle);
setContentView(2130903046);
if (!Utilities.landscapeMode())
setRequestedOrientation(1);
while (true)
{
Display localDisplay = getWindowManager().getDefaultDisplay();
this.mDisplayWidth = localDisplay.getWidth();
this.mDisplayHeight = localDisplay.getHeight();
this.mInternal = ((Button)findViewById(2131427350));
this.mExternal = ((Button)findViewById(2131427351));
this.mInternal.setOnClickListener(this);
this.mExternal.setOnClickListener(this);
return;
setRequestedOrientation(0);}}}
3. ABBREVATIONS
CCP
SDK
DFD
API
GUI
Cued Click Points

Software Development Kit
Data Flow Diagram
Application Programming Interface
Graphical User Interface

Brind

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Brind

Загружено:

Авторское право:

Доступные форматы

Session Authentication Password Using Image

1.1. OVERVIEW OF THE PROJECT

1.2. OBJECTIVE OF THE PROJECT

KGISL Institute of Information ManagementPage 1

Session Authentication Password Using Image

1.3 BACKGROUND STUDY

The passwords should be at least 8 characters long.

Session Authentication Password Using Image

ADVANTAGES OF PROPOSED SYSTEM

KGISL Institute of Information ManagementPage 3

Session Authentication Password Using Image

appearing. Instead, they create short, simple, and insecure passwords.

easier for people to use and, therefore, more secure.

KGISL Institute of Information ManagementPage 4

Session Authentication Password Using Image

2.2 SYSTEM SPECIFICATION

2.2.1 APPLICATION SPECIFICATION

Session Authentication Password Using Image

Presentation layer (Front end)

Business layer (Logical)

Data layer (Backend)

Fig 2.1 Three Tiered Client/Server Architecture

KGISL Institute of Information ManagementPage 6

Session Authentication Password Using Image

: Pentium IV 2.4 GHz.

2.2.4 SOFTWARE SPECIFICATION

: JAVA SE 7 SDK, Eclipse

Operating System : Windows XP

2.2.5 SOFTWARE ENVIRONMENT

Session Authentication Password Using Image

Compiling the source code in to byte code using Javac.

Executing byte code program using java interpreter

Java Virtual Machine

Session Authentication Password Using Image

ABOUT THE TOOL

2.3 COST ESTIMATION AND SCHEDULING

KGISL Institute of Information ManagementPage 9

Session Authentication Password Using Image

2.4 FINAL OUTLINE OF THE PROPOSED SYSTEM

Session Authentication Password Using Image

3. DESIGN AND DEVELOPMENT PROCESS

3.2 DESIGN NOTATIONS

To establish a basis for creation of software design.

Session Authentication Password Using Image

KGISL Institute of Information ManagementPage 12

Session Authentication Password Using Image

Open End Box

A graphical picture of the logical steps and sequence involved in a procedure or a

Arrows should not cross each other

KGISL Institute of Information ManagementPage 13

Session Authentication Password Using Image

Fig 3.1 Context Flow Diagram

Fig 3.2 Level 1 Data Flow Diagram

KGISL Institute of Information ManagementPageClose

Session Authentication Password Using Image

the size and complexity of the system, and

KGISL Institute of Information ManagementPage 15

Session Authentication Password Using Image

Session Authentication Password Using Image

Register the pattern

Fig 3.3 Structure Chart

3.3 DESIGN PROCESS

Session Authentication Password Using Image