Web-based Electronic Identity Card Authentication

for managing Active Directory Account

Project Synopsis submitted in partial fulfillment of the

PROFESSIONAL DIPLOMA IN
ADVANCE COMPUTING

By

Rony Hancco
Kevin Rojas
Under the supervision of

Ankit Goyal
Jagjot Singh Wadali

India-Peru Centre of Excellent of Information Technology

CDAC- INICTEL-UNI, LIMA PERU
AUGUST 2015
0

ABSTRACT

The purpose of this project is to show the utility of the new Peruvian electronic Identity Card
(eID) as authenticator for various non-profit and commercial applications for cutting down the
time of any business process or any public/private paperwork.
This project will use Active Directory, Database and techniques using object-oriented analysis
and design for the development of application.
And the application will give user the opportunity to recover or unblocking his Active Directory
Account using his own eID without the support of the IT Team; only will notify them via e-mail
of the event. By eliminating this common incident of recovering account, it should save time to
the IT Team and users.
KEYWORDS: eID, Smart Card, Authentication, Active Directory, Time Reducing.

Table of Contents
1.
2.
3
4
5
6

Introduction
Paper/Technique description on which the project was implemented
Description of the tool used for simulation / validation
Experiments and Results
How the problem is being extended for dissertation
Timeline Chart

Page No.
3
3
4
5
5
6

Chapter 1
Introduction
This project aims to demonstrate a use that can have the electronic Identity Card (eID) in the
authentication process for applications managing passwords and unlocking accounts without user
administrator.
In Peruvian companies, usually when a user does not remember his password, he has few
attempts until his account is blocked. Given this unlucky incident, the user have to call the
helpdesk or generate a request for unblocking or resetting his password in Help Desk application
Web and the answer from support staff usually takes about 30 minutes stopping the normal
development of the activities of the user. The management of accounts in the Active Directory,
which centralizes all the data, allows users to unblock or change their passwords, but an
administrator user of Active Directory is required.
We can reduce this time to 3-5 minutes using the new Peruvian eID to authenticate the user and
allow him recover or unblock his account directly in the Active Directory Server due to
uniqueness that eID gives us.

Chapter 2
Paper/Technique description on which the project was implemented
In this project we use analysis and design oriented object and it is necessary the UML diagrams
as use cases, class, activity diagram, deployment diagram.
First, we define the interactions of eID with PIN validation as authentication process. If PIN is
successful, the application allows us to use two options, reset password or unblock account. In
other case, the application sends a notification to support staff by email for unauthorized
operation.
3

The interaction between the application and eID is send electronic signal with the microchip,
first open the context and enters the PIN (from one to eight digits). This behavior with details is
show in UML interaction diagram.
When the user pass the authentication, the application allows manage two operation with Active
Directory, each operations will be stored in database and the application send a notification via
email. For show the interaction between servers we draw the deployment diagram.

Chapter 3
Description of the tool used for simulation / validation
Active Directory Server
The project requires the manager of users accounts, Active Directory Server 2008. This service
allows register user data information as email, name, account net and groups, additionally allows
define rules or policies for all users accounts as password expiration.
Oracle Database
The logs regarding changes of account should be registered in Oracle Database 11g. The project
needs to register all changes for each account operation (reset password, unlock account), this
information should be stored and organized in the repository.
Visual Studio 2012
The Application will be written in C# using Visual Studio 2012. Programming in C# allows us to
reuse components for managing Windows services as Active Directory.
Microsoft Exchange 2010
Anytime the user makes change in his account then the application Web send him a confirmation
email, it is necessary a mail Server, in this case Microsoft Exchange 2010.
Java Card IO

For interaction with eID, we need to reuse packages of Java, Java Card IO, this component
allows us validate PIN and fingerprint.
Smart Card Reader
The device for interaction with the eID should be given by Peruvian document national
Specification.

Chapter 4
Experiments and Results

Get the input from Smart Card Reader with Java Card IO using an Applet.

The result of the authentication from Applet application will be sent to Authentication
Module in the Active Directory Server and stored in the Database.

If the Authentication is correct, the action request will be executed in the Active
Directory.

Then, the Application will send emails to the user and the Support Staff about the request.

If the Authentication is incorrect, the action request will not be executed and will send a
email to the Support Staff.

Chapter 5
How the problem is being extended for dissertation
The developed code in this project could be reused for other authentication projects with eID for
different purposes as authorizations or online request in national or private companies. The
reusable components allow us reduce time for applications development.

Chapter 6
Timeline Chart
5

PDF Document 1