Вы находитесь на странице: 1из 63

Introduction

Scope
The project is confined to the intranet in an organization. This application makes
sure that security services such as secrecy, authentication, integrity and non-repudiation
are provided to the communicating parties.

Objective
This project has been developed keeping in view the security features that need to
be implemented in the networks following the fulfillment of these objectives:

To develop an application that deals with the security threats that arises in the
network.

To enable the end-users as well as the organizations come out with a safe
messaging communication without any threats from intruders or unauthorized
people.

To deal with the four inter-related areas of network security namely Secrecy,
Authentication, Non-repudiation and Integrity.

Project Overview
This application makes use of Digital Signature Algorithm (DSA) along with a hash
function. The hash code is provided as input to a signature function along with a
random number generated for this particular signature. The signature function also
depends on the senders private key and a set of parameters known to a group of At
the receiving end, verification is performed. The receiver generates a quantity that is a
function of the public-key components, the senders public key, and the hash code of
the incoming message. If this quantity matches with one of the components of the
signature, then the signature is validated.
This application makes sure that the security services Authentication, Secrecy,
Integrity, and Non-repudiation are provided to the user.

This application allows to keep the information out of the hands of unauthorized
persons. This is called Secrecy.

It also deals with determining whom a person is communicating with before


revealing sensitive information or entering a business deal. This is called
Authentication.

Non-repudiation deals with proving that a particular message was sent by a


particular person in case he denies it later.

Integrity makes sure whether a particular message has been modified or


something has been added to it.

Objective
The main objective of this project is to facilitate the interaction between educational
institutes, students and their parents so that all those lackings can be overcome that
maybe hamper the future of the students. It can also helps in bringing the different
perspectives by different persons in seeing the students behavior and talent. With this the
various activities of the students can also be tracked. Suggestions from parents can also
be welcomed.
In short, this will always be of great advantage for the educational institutes.

Project Description
Project Profile
Product Name

: DigitalSignature (A secure Messaging system)

Project Objective

: This application makes sure that the security


services Authentication, Secrecy, Integrity,
and Non-repudiation are provided to the user.
Therefore, intruders cannot gain access to
classified information.

SDLC Model

: Water Fall Model

Development
Technologies

: Java/J2EE

Application Server

Back-End Database

: Oracle Database 10g Enterprise Edition

Location

: Noida

Oracle Weblogic Application Server Enterprise


Edition

Problem Definition
Message authentication protects two parties who exchange messages from any
third party. However, it does not protect the two parties against each other. Several forms
of disputes between the two parties are possible.
For example, suppose that A sends an authenticated message to B. Consider the
following disputes that could arise:
1. B may forge a different message and claim that it came from A. B would simply
have to create a message and append an authentication code using the key that A
and B share.
2. A may deny sending the message. Because it is possible for B to forge a message,
there is no way to prove that A did in fact send the message.
The most attractive solution to this problem is the Digital Signature. The Digital
Signature is analogous to the handwritten signature. It must have the following
properties:

It must be able to verify the author and the date and time of the signature.

It must be able to authenticate the contents at the time of the signature.

The signature must be verified by third parties, to resolve disputes.

Thus, the digital signature function includes the authentication function. Based on the
above properties, the following requirements can be formulated for the digital signatures:

The signature must be a bit pattern that depends on the message being signed.

The signature must use some information unique to the sender, to prevent both
forgery and denial.

It must be relatively easy to produce the digital signature.

It must be relatively easy to recognize and verify the digital signature.

It must be computationally infeasible to forge a digital signature, either by


constructing a new message for an existing digital signature or by constructing a
fraudulent digital signature for a given message.

It must be practical to retain a copy of the digital signature in storage.

Proposed System and Targeted User


Existing system
These days almost all organizations around the globe use a messaging system to
transfer data among their employees through their exclusive intranet. But the security
provided is not of high standards. More and more unauthorized people are gaining access
to confidential data.

Disadvantages

The validity of sender is not known.

The sender may deny sending a message that he/she has actually sent and
similarly the receiver may deny the receipt that he/she has actually received.

Unauthorized people can gain access to classified data.

Intruders can modify the messages or the receiver himself may modify the
message and claim that the sender has sent it.

Proposed system
The system will provide the following security services:

Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With
respect to the release of message contents, several levels of protection can be identified.
The broadest service protects all user data transmitted between two users over a period of
time. For example, if a virtual circuit is set up between two systems, this broad protection
would prevent the release of any user data transmitted over the virtual circuit. Narrower
forms of this service can also be defined, including the protection of a single message or
even specific fields within a message. These refinements are less useful than the broad
approach and may even be more complex and expensive to implement. The other aspect
of confidentiality is the protection of traffic flow from analysis. This requires that an
7

attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.

Authentication
The authentication service is concerned with assuring that a communication is
authentic. In the case of a single message, such as a warning or alarm signal, the function
of the authentication service is to assure the recipient that the message is from the source
that it claims to be from. In the case of an ongoing interaction, such as the connection of a
terminal to a host, two aspects are involved. First, at the time of connection initiation, the
service assures that the two entities are authentic (i.e. that each is the entity that it claims
to be). Second, the service must assure that the connection is not interfered with in such a
way that a third party can masquerade as one of the two legitimate parties for the
purposes of unauthorized transmission or reception.

Integrity
Integrity basically means ensuring that the data messages are not modified. An
integrity service that deals with a stream of messages assures that messages are received
as sent, with no duplication, insertion, modification, reordering or replays. The
destruction of data is also covered under this service. Thus the integrity service addresses
both message modification and denial of service.

Non-repudiation
Non-repudiation prevents either sender or receiver from denying a transmitted
message. Thus, when a message is sent, the receiver can prove that the message was in
fact sent by the alleged sender. Similarly, when a message is received, the sender can
prove that the message was in fact received by the alleged receiver.

System Requirement Specification


Client Configuration
Intel Pentium IV or equivalent with :
- 512 MB RAM
- 80GB Hard Disk
- OS: Windows 2000 / XP (includes Internet Explorer version 6)
- Word processing software (Open office / MS Office)
- 100 MBPS Ethernet Card

Server Configuration
4 Servers each with following configuration :
- 1 CPU
- OS: Windows 2000 / XP (includes Internet Explorer version 6)
- RAM : 16 GB Minimum
- 120GB X 3 Hard Disk
- Oracle Application Server 10g Enterprise Edition
- Oracle Database 10g Enterprise Edition

Database Description
Entity: Login_digisafe
Role: To maintain the username and the related password of different users.
Attributes:
NAME
Username
Password
Question
Answer
Check1

NULL?
Not null
Not null

TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Number

Entity: Inbox_digisafe
Role: To maintain the received mails of different users.
Attributes:

NAME
Username_sender
Username_receiver
Subject
Message
Message_digest
Message_key
Message_date
Check1

NULL?
Not null
Not null

TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Long raw
Varchar2
Date
Number

Not null
Not null
Not null
Not null

Entity: sent_digisafe
Role: To maintain the sent mails of different users.
Attributes:
NAME
Username_sender
Username_receiver
Subject
Message
Message_date

NULL?
Not null
Not null

TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Date

Not null

Entity: certificate_digisafe
Role: To maintain the certificate of different users.
Attributes:
NAME
Username
Cfile

NULL?
Not null

TYPE
Varchar2
Varchar2

Entity: attachment_digisafe
Role: To maintain the files attached with message of different users.

Attribute:
10

NAME
Message_date
Attach1
Message_digest1
Attach2
Message_digest2
Attach3
Message_digest3
Attach4
Message_digest4
Attach5
Message_digest5

NULL?

TYPE
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2
Varchar2

11

System Development Methodologies


Different types of system development methodologies are used in designing information
system. Depending upon the actual requirement of the system, different approaches for
data processing are adopted. However, some system groups recommend a centralized
data processing system while others may go in for a distributed data processing system.
In a centralized data processing, one or more centralized computers are used for
processing and the retrieval of information is done from them. The distributed processing
system involves a number of computers located remotely in the branches/departments of
the organization. The client/server technology is also gaining popularity these days.
DATA PROCESSING SYSTEM
Data processing techniques are very much dependent on the kind of applications and the
working environment. The activities involved in data processing are along departmental
lines and application based such as Store Management, Production Planning & Control,
Sales Accounting, Financial Accounting, Student Information System, etc. The basic
input data are the real resource of data processing.
Depending upon the application area, working environment and the needs of the
management, there are basically two approaches to data processing:
l. Centralized data processing
2. Decentralized data processing
CENTRALISED DATA PROCESSING SYSTEM
With the increasing use of computer based data processing, there has been a growing
tendency in the minds of management to centralize the data processing activities. A
separate department EDP (Electronic Data Processing) department is established to carry
out the data processing work of different departments in the organization.
The centralized data processing system provides the following benefits:
l. The emergence of data takes place only at one place.
2. The loss of data is minimized.
3. The methods and machines can be standardized.
4. Services of more competent and technical personnel can be taken.

12

5. It is also very cost-effective particularly in the case of large operations.


6. Duplication of work can be avoided.
The disadvantages, however, are:
l Lack of cooperation from managers, who do not like to be under control of centralized
Data Processing department.
2. Resistance from managers for mechanization of the data processing activities relating
to their various functions.
3. It is difficult to provide equitable services to various departments.
4. The data security is also questioned.
DECENTRALISED DATA PROCESSING SYSTEM
In the decentralized data processing system, there is really a divisional breakdown of
computing services. Each division, unit or department handles its own computer needs
and does not like to interact with any other division, unit or department. It is well suited
to a decentralized mangement scheme in which organizational autonomy
is important. Arguments in support of decentralized data processing include the
following:
l Familiarity with local problems
2. Rapid response to local processing needs
3. Profit-and-loss responsibility can be easily fixed
The drawbacks of the decentralized data processing system are:
l. There is duplication of activities and redundancy in the maintenance of files.
2. It is difficult to maintain uniformity in the procedures throughout the organization.
3.The overall cost of the data processing for the organization is more.

INFORMATION SYSTEM
The information system aims at providing detailed information on a timely basis
throughout the organization so that the top management can take proper and effective
decisions. The information system cuts across departmental lines and help achieving
overall optimization for the organization.

13

The organization is viewed as a network of inter-related sub-systems rather than as a


hierarchy of manager-subordinate relationship. The information system can be of two
types:
l. Integrated information system
2. Distributed information system
(1) Integrated Information System- The integrated information system is based on the
presumption that the data and information are used by more than one system in the
organization. Accordingly, data and information are channeled into a reservoir or
database. All the data processing and provision of information is derived and taken from
this common database.
(b) Distributed Information System- There are opinion that development of an integrated
information system is embodied with several practical problems and therefore, not
feasible. This view has been reinforced by the failure of integrated systems in various
large organizations. The concept of a distributed information system has emerged as an
alternative to the integrated information system. In the distributed information system,
there are information sub-systems that form islands of information systems.
CLIENT\SERVER SYSTEM
The limitations of the network\file server system have led to the development of the
client\server system. It delivers the benefits of the network-computing model along with
the stored data access. Any local area network could be considered as client\server
system, since work-stations (clients) request services such as data, program file or
printing from server.
A client\server has three distinct components, each focusing on a specific job: a data-base
server, a client application and a network.
DATABASE SERVER
A server (or back end) manages the resources such as database, efficiently and
optimally among various clients that simultaneously request the server for the same
resources. Database server mainly concertrates on the following tasks.
l. Managing a single database of information among many
concurrent users.
14

2. Controlling database access and other security requirements.


3. Protecting database of information with backup and recovery
features.
4. Centrally enforcing global data integrity rules across all client
applications.
CLIENT APPLICATION
A client application (the front end) is the part of the system that users apply to interact
with data. The client application in a client/server model focus on the following job:
l. Presenting an interface between the user and the resource to complete the job
2. Managing presentation logic.
3. Performing application logic.
4. Validating data entry
5. Managing the request traffic of receiving and sending information from database
server.
NETWORK
The third component of client/server system is network. The communication software are
the vehicles that transmit data between the clients and the server in client server system.
Both the client and the server run communication software that allows them to talk across
the network.

15

Initial Investigation and System Requirements


PRELIMINARY INVESTIGATION
Things are expected to get even more critical since the companys growing numbers of
clients and related requirements have been projected to demand a massive number of
employees in the coming future from the past and the todays date. Such events and
projections have forced a strong need for modification in the current way of handling
activities. it is better to implement the latest of it rather than to go through the pain of
updating the system over and over again. Also the solution would be developed by inhouse developers.

Their time have to be managed with their other client dependent

schedules.

TECHNOLOGIES USED
SOFTWARE REQUIREMENT SPECIFICATION
In system engineering and software engineering, requirements analysis encompasses
those tasks that go into determining the needs or conditions to meet for a new or altered
product, taking account of the possibly conflicting requirements of the various
stakeholders, such as beneficiaries or users. Systematic requirements analysis is also
known as requirements engineering. It is sometimes referred to loosely by names such as
requirements gathering, requirements capture, or requirements specification. The term
requirements analysis can also be applied specifically to the analysis proper (as opposed
to elicitation or documentation of the requirements, for instance). Requirements analysis
is critical to the success of a development project. Requirements must be actionable,
measurable, testable, related to identified business needs or opportunities, and defined to
a level of detail sufficient for system design.
Requirement analysis is done in order to understand the problem the software
system is to solve. The problem could be automating an existing manual process,
developing a new automated system, or a combination of the two. The emphasis in

16

requirements analysis is on identifying what is needed from the system, not how the
system will achieve its goals. There are at least two parties involved in the software
development-a client and a developer. The developer has to develop the system to satisfy
the clients needs. The developer does not understand the clients problem domain, and
the client does not understand the issues involved in the software systems. This causes a
communication gap, which has to be adequately bridged during requirements analysis.
SYSTEM REQUIREMENTS
HARDWARE SPECIFICATION
OPERATING SYSTEM

: Ubuntu Linux 11.10 or Windows XP,Vista,7

PROCESSOR

: 32/64 bit, I3

RAM

: 2 GB

HARD DISK

: 40 GB

MONITOR

: SVGA Monitor (800 * 600RESOLUTIONS)

CLOCK SPEED

: 266 MHz

SOFTWARE SPECIFICATION
DESIGNING LANGUAGE

: HTML, CSS

PROGRAMMING LANGAGE

: Java(JSE 7)

WEB TECHNOLOGIES/
FRAMEWORKS

: JEE6(JSP) & Struts 2.2.3

DATA BASE

: My SQL5/Oracle log

IDE

: ECLIPSE INDIGO

SERVER

: Tomcat 7.0.25/Glassfish 3

17

FEATURES OF SOFTWARE
Windows XP/2000 Advantages
The computing world was presented with the first release of the totally
new and revolutionary operating system. Microsoft windows performance and features
that previously has been accessible only on $20,000 annotations became instantly
available to anyone with a high-end personal computer. Windows is now Microsoft
Corporations premier operating system. Designed around a powerful and well thought
software architecture, the primary features that allow Windows to use the full power of
todays processors are
Scalability
The ability to run on a single pc chip with a single user up to a multi-user, microprocessor and
network installation.
The Windows GUI
The familiar graphical user interfaces it presents to the world.

Front End (J2EE)


Sun Microsystems provides specifications for a comprehensive suite of technologies to
solve large scale distributed system problems. This suite is the Java 2 Enterprise Edition,
commonly known as J2EE. The J2EE Platform provides a component-based approach to
the design, development, assembly, and deployment of enterprise applications.
The J2EE platform is designed to provide server-side and client-side support for
developing enterprise, multi-tier applications. Such applications are typically configured
as a client tier to provide the user interface, one or more middle-tier modules that provide
client services and business logic for an application, and backend enterprise information
systems providing data management.
J2EE APIs
JDBC Java Database Connectivity
RMI IIOP - Remote Method Invocation over Internet Inter-Orb Protocol

18

EJB Enterprise Java Beans


Java Servlet
JSP Java Server Pages
JMS Java Message Service
JNDI Java Naming and Directory Interface
J2EE Technologies

Figure 1: J2EE Container

J2EE applications are made up of components. A J2EE component is a self-contained


functional software unit that is assembled into a J2EE application with its related classes
and files and that communicates with other components. The J2EE specification defines
the following J2EE components:
The Component technologies to hold the business logic. (JSP, Servlets and EJB)
The Service technologies to provide supported services to application
components (JDBC, JTA, JNDI)
The Communication technologies transparent to appln programmer, provide the
mechanism for communication among different parts of the application JavaMail,
RMI-IIOP)

19

J2EE does not specify the nature and structure of the runtime.
J2EE Container capability of the runtime to manage application components.
J2EE APIs specifies the contract between the applications and the container.
Different Containers Web, EJB, Applet, application client.
The J2EE platform uses a multi-tiered distributed application model. Application logic is
divided into components according to function, and the various application components
that make up a J2EE application are installed on different machines depending on the tier
in the multi-tiered J2EE environment to which the application component belongs
Client-tier components run on Client machine.
Web-tier components run on the J2EE server.
Business-tier components run on the J2EE server.
Enterprise information system (EIS)-tier software runs on the EIS server.

Enterprise JavaBeans(EJB)
Enterprise JavaBeans (EJB) technology is a J2EE technology for developing business
components in a component-based, enterprise Java application. Business components
developed with EJB technology are often called Enterprise JavaBeans components or
simply "enterprise beans."
They are re-usable software units containing business logic.
An EJB is just a collection of Java classes and an XML Request, bundled into a
single unit.
Java classes must follow certain rules and provide certain callback methods.
There are three types of enterprise beans:

20

Session beans
o Stateful
o Stateless
Entity beans
o Bean-managed Persistence (BMP)
o Container-managed Persistence (CMP)
o Enterprise Javabeans Query Language
Message-driven beans

Session beans
A session bean represents a single unique session between a client and an instance of the
bean. A session bean can't be shared. One instance of the bean is tied to a specific client
in a specific session. The session bean exposes methods that a client can call to execute
business tasks on the server. When Client's session ends, the session bean is no longer
associated with that client.
There are two types of session beans: stateful and stateless.
o Stateful
A stateful session bean maintains data about the unique client-bean session in its instance
variables. The data represents the state (often called the "conversational state") of that
specific session. The conversational state is maintained for the life of Client-bean
association. Significantly, this means that the data is maintained across operations.
o Stateless
A stateless session bean does not maintain conversational state for its client. Because a
stateless session bean cannot maintain conversational state across methods, it's typically
used for one-step tasks, such as sending an email that confirms an online order.
Entity beans
An entity bean represents data in a storage medium, such as a relational database. Each
entity bean may correspond to a table in a relational database, and each instance of the

21

bean corresponds to a row in that table. Entity beans are not limited to representing
relational databases. They can represent data in other types of data stores, but the
majority of enterprise applications that use EJB technology access data in relational
databases.
An entity bean can manage its own persistence (this is called bean-managed persistence)
or let the EJB container manage it (container-managed persistence). With bean-managed
persistence, the entity bean code includes SQL statements that access the database. With
container-managed persistence, the EJB container automatically generates the necessary
database access calls.

Message Driven Beans


A message-driven bean processes asynchronous messages typically sent through the Java
Message Service (JMS) API. Asynchronous messaging frees the message sender from
waiting for a response from the message receiver.
A message-driven bean can process messages sent by any J2EE component (such as an
application client, another enterprise bean, or a web component) or by a JMS application
or system that does not use J2EE technology. Often message-driven beans are used to
route messages. This makes them useful in many business-to-business communication
scenarios.

Back End (Oracle 10g Database and Application Server)


Oracle Wwblogic Application Server Enterprise Edition
Includes: Oracle Forms Services, Oracle Reports Services, TopLink, Portal, Discoverer
Viewer, Discoverer Plus (Web Functionality), Identity Management (LDAP), Application
Interconnect Toolkit, Workflow, Wireless Option, Personalization, and 5 JDeveloper
Named User Plus licenses per Processor.
Oracle Database 10g Enterprise Edition
Includes: JServer Enterprise Edition, interMedia, Objects Option, Networking Kit,
Objects for OLE, Advanced Replication Option, Distributed Option, Parallel Query
Option, (including bitmap indexes and parallel bitmap-star query), SQL*Plus, Visual
22

Information Retrieval and Workflow. Also included are: Advanced Backup & Recovery,
Queuing, Advanced, Connection Manager & Pooling, 64-bit option, MPI, OCI, ODBC
Driver, Enterprise Manager and Enterprise backup utility.

Other Features of ORACLE

23

Client/Server
(distributed
processing)
environments
Large databases and
spaces management

To take full advantage of a given computer system or


network, Oracle allows processing to be split between
the database server and Client application programs.

Oracle supports the largest of databases, potentially


100 terabytes in size. To make efficient use of
expensive hardware devices, it allows full control of
space usage.
Many
concurrent Oracle supports large numbers of concurrent users
database users
executing a variety of database applications operating
on the same data. It minimizes data contention and
guarantees data concurrency.
High
transaction Oracle maintains the preceding features with a high
processing
degree of overall system performance.
performance
High availability
Oracle can work 24x7 with no down time for quite a
large amount of time.
Controlled
Oracle can selectively control the availability of data,
availability
at the database level and sub-database level. For
example, an administrator can disallow use of a
specific application so that the applications data can
be reloaded, without affecting other applications.
Database enforced Oracle enforces data integrity, business rules that
integrity
dictate the standards for acceptable data. As a result,
the costs of coding and managing checks in many
database applications are eliminated.
Distributed Systems For networked, distributed environments, Oracle
combines the data physically located on different
computers into one logical database that can be
accessed by all network users. Distributed systems
have the same degree of user transparency and data
consistency as non-distributed systems, yet receive the
advantages of local database management.
Oracle also offers the heterogeneous option that allows
users to access data on some non-Oracle databases
transparently.
Portability
Oracle software is ported to work under different
operating systems. Applications developed for Oracle
can be ported to any operating system with little or no
modification.
Compatibility
Oracle software is compatible with industry standards,
including most industry standard operating systems.
Applications developed for Oracle can be used on
virtually any system with little or no modification.
Connection ability
Oracle software allows different types of computers
and operating systems to share information across
network.
Replicated
Oracle software lets you replicate groups of tables and
environment
their supporting objects to multiple sites. Oracle
supports replication of both data-and schema-level
changes to these sites. Oracles flexible replication
24
technology supports basic primary site replication as
well as advanced dynamic and shared-ownership
models.

JAVA Script
JavaScript was originally developed by Brendan Eich of Netscape under the name
Mocha, later LiveScript, and finally renamed to JavaScript. The change of name from
LiveScript to JavaScript roughly coincided with Netscape adding support for Java
technology in its Netscape Navigator web browser. JavaScript was first introduced and
deployed in the Netscape browser version 2.0B3 in December of 1995. When web
developers talk about using JavaScript in Internet Explorer, they are actually using
JScript. The choice of name proved to be a source of much confusion. As of 2006, the
latest version of the language is JavaScript 1.7. The previous version 1.6 corresponded to
ECMA-262 Edition 3 like JavaScript 1.5, except for Array extras, and Array and String
generics. ECMAScript, in simple terms, is a standardized version of JavaScript. The
ECMA-357 standard specifies E4X, a language extension dealing with XML. JavaScript
is a prototype-based scripting language with a syntax loosely based on C. Like C, the
language has no input or output constructs of its own. Where C relies on standard I/O
libraries, a JavaScript engine relies on a host environment into which it is embedded.
There are many such host environment applications, of which web technologies are the
best-known examples. These are examined first.
One major use of web-based JavaScript is to write functions that are embedded in or
included from HTML pages and interact with the Document Object Model (DOM) of the
page to perform tasks not possible in HTML alone. Some common examples of this
usage follow.
Opening or popping up a new window with programmatic control over the size,
position and 'look' of the new window (i.e. whether or not the menus, toolbars, etc.
are visible).
Validation of web form input values to make sure that they will be accepted before
they are submitted to the server.
Changing images as the mouse cursor moves over them: This effect is often used
to draw the user's attention to important links displayed as graphical elements.

25

Feasibility Study
Depending on the results of the initial investigation, the survey is expanded to a more
detailed feasibility study. Feasibility study is a test of system proposal according to its
workability, impact on the organization, ability to meet user needs, and effective use of
resources. The objective of the feasibility study is not to solve the problem but to
acquire a sense of its scope . During the study, the problem definition is crystallized
and aspects of the problem to be included in the system are determined.

26

Consequently, costs and benefits are described with greater accuracy at this stage.
It consists of the following:
Statement of the problem: A carefully worded statement of the problem that led to
analysis.
1. Summary of finding and recommendations: A list of the major
findings and recommendations of the study. It is ideal for the user
who requires quick access to the results of the analysis

of the

system under study. Conclusion are stated , followed by a list of


the recommendation and a justification for them.
2. Details of findings : An outline of the methods and

procedures

under-taken by the existing system, followed by coverage of the


objectives and procedures of the candidate system. Included are also
discussions of output reports, file structures, and costs and benefits
of the candidate system.
3. Recommendations

and

conclusions: Specific

recommendations

regarding the candidate system, including personnel assignments,


costs, project schedules, and target dates.

TECHNICAL FEASIBILITY
This involves financial considerations to accommodate technical enhancements. If the
budget is a serious constraint, then the project is judged not feasible.

ECONOMICAL FEASIBILITY
With the help of banking application it will lead to decrease in cost of opening and
maintaining offices which will be more than the cost of developing and maintaining the
Application.

27

OPERATIONAL FEASIBILITY
This Application is very easy to operate as it is made user friendly. Main consideration is
users easy access to all the functionality of the Application.

28

System Design
ER Diagram

Figure 2: ER Diagram

29

UML Diagram

Figure 3: UML Diagram

30

Data Flow Diagrams

0th Level DFD

Figure 4: Data Flow Diagram

31

Figure 5: 1st level DFD

32

2ND Level DFDS

Figure 6: 2nd level DFDs

33

CHANGE PASSWORD

Figure 7: Change Password

34

Compose Mail

Figure 8: Compose Mail

35

Validate Mail

Figure 9: Validate Mail

36

Create Certificate

Figure 10: Create Certificate

37

Sent Mail

Figure 11: Sent Mail

38

Screen Shots
Screen 1 - Login Screen

Figure 12: Screen Shot 1- Login Screen

39

Screen 2.1 Home Screen


This is home page of Administrator

Figure 13: Screen Shot 2.1- Home Screen

40

This is home page of User

Figure 14: Screen - User Home Screen

41

Screen 2.2 Create Certificate

Figure 15: Screen Shot 2.2- Create Certificate

42

Create Successfully

Figure 16: Screen - Create Successfully

43

Screen 3 Compose
Writing

Figure 17: Screen Shot 3 - Compose

44

Attaching files

Figure 18: Screen Attach Files

45

Write your massage

Figure 19: Screen Write your massage

46

Encryption

Figure 20: Screen Encryption

47

Signing

Figure 21: Screen Signing

Insert addresses

48

Figure 22: Screen Insert addresses

49

Screen 4 Registration

Figure 23: Screen Shot 4 - Registration

50

Registration Successfully

Figure 24: Screen - Registration Successfully

51

Screen 5 Edit Profile

Figure 25: Screen Shot 5 Edit Profile

52

Screen 6 Change Password

Figure 26: Screen Shot 6 Change Password

53

Screen 7 Forgot Password

Figure 27: Screen Shot 7 Forgot Password

Answer the Security Question

54

Figure 28: Screen Answer the Security Question

Recovered Password

55

Figure 29: Screen Recovered Password

56

Screen 8 Sent Mail

Figure 30: Screen Shot 8 Sent Mail

57

Open Sent Mail

Figure 31: Screen Open Sent Mail

58

SYSTEM TESTING AND IMPLEMENTATION


59

The testing and implementation they are important and final phases. All the process that
has been done is just a trail or by assumption. All the required hardware & software is
prepared for the testing so that some errors or some modifications may be required for
further proceeding.
SYSTEM TESTING
Testing is vital to the success of the system. System testing makes a logical assumption
that if all parts of the system are correct. The goal will be successfully achieved. There
are four steps with in, they are,

Unit Testing

Integration Testing

Validation testing

Output Testing

UNIT TESTING
In this testing, the smaller part of the project is tested first that is modules and the
sub functions present in the project. It seems to be working satisfactorily with out the
errors and that shows the unit testing is successful.
INTEGRATION TESTING
The integration testing is a part that the software makes all functions behaviors
and process required. The errors which are uncovered are integrated testing, are corrected
during this phase. The collection of the functions are tested and found with errors are
rectified .So that the result can be easily obtained in a successful manner.
VALIDATION TESTING
The validation part is very much essential for each every application projects so that
each data can be validated in a good manner. In some cases the records are created according to
the key of the corresponding table to which it has been referenced for data constraint for good
secured database. While testing the system by using test data errors are again uncovered and
corrected by using above testing steps and corrections are also noted for future use. If there is
any error then it is allowed for testing from the beginning.

60

OUTPUT TESTING
The output is major required part of the development of the project. The output is tested
for required format, if it does not acquire such format then the testing is done or any screen
modification is alone for the further operations. The output testing is mainly for the two things
they are,

On screen format

Print format

The screen is found to be correct as the format designed according to the user needs for
the hard copy also; the output comes out as specified by the user. Hence output testing
doesnt result in any correction in the system.

SYSTEM IMPLEMENTATION
Training the operating staff
Installing hardware
Installing terminals
Installing telecommunication network before system is up and running.
In the implementation phase, the project reached its fruition. After the
development phase of the SDLC is complete, the system is implemented. The software,
which was designed in design and programmed in development phase of the SDLC, was
installed on all the PCs that require it. The personas using the program was trained
during this phase of the SDLC. Moreover, both the hardware and software are tested.
Although we found and fixed many problems, almost invariably, the users helped us to
uncover problems that we were unable to simulate.
These were the main activities performed by us in the course of the project, which lead
to its proper completion.

POST IMPLEMENTATON REVEIW

61

When computer based systems are built therefore we must develop mechanism for
evaluating controlling and making modifications, maintenance issued to improve the case
with which the changes can be accommodated and reduce the amount of expended on its
maintenance activity occurs because it is unreasonable to assume that software testing
will uncover all latest errors in a large software system. The final event in the post
implementation flow is review that revalidates all elements of the system configuration
and ensures correctness, after the software maintenance, software reviews is being
conducted for future maintenance effort and provides feedback, which is important to
effectively management of software organization.

62

References and Bibliography


Web Reference

www.java.sun.com
Official Java Website

www.java.sun.com/developer/onlineTraining/J2EE/Intro2/j2ee.html
Training for J2EE

www.java.sun.com/j2se/1.4.2/docs/api/index.html
J2SE Online Documentation from Sun

www.w3schools.com
JavaScript Tutorials

Books

API DOCS JAVA, J2EE, Java Mail, Java Servlets, JSPs


By: Sun Microsystems

Java2 - The Complete Reference(7TH Edition)


By: Herbert Schildt

JSP - The Complete Reference


By: Philhanna

Oracle 10g
By: Ivan Baross

Software Engineering
By: Roger Pressman

Head First Servlets & JSP


By: Bryan Bashan, Kathy Sierra & Bert Bates

63