IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

1. INTRODUCTION

1.1 AIM
In proposed system, we use a click-based graphical password system. During
password creation, there is a small view port area that is randomly positioned on the image.
Users must select a click-point within the view port. If they are unable or unwilling to select a
point in the current view port, they may press the Shuffle button to randomly reposition the
view port. The view port guides users to select more random passwords. Therefore this works
encouraging users to select more random, and difficult passwords to guess.

1.2 OBJECTIVES
Unfortunately, these passwords are broken mercilessly by intruders by several simple
means such as masquerading, Eaves dropping and other rude means say dictionary attacks,
shoulder surfing attacks, social engineering attacks [10][1].To mitigate the problems with
traditional methods, advanced methods have been proposed using graphical as passwords.
The idea of graphical passwords first described by Greg Blonder (1996). For Blonder,
graphical passwords have a predetermined image that the sequence and the tap regions
selected are interpreted as the graphical password. Since then, many other graphical password
schemes have been proposed. The desirable quality associated with graphical passwords is
that psychologically humans can remember graphical far better than text and hence is the best
alternative being proposed. There is a rapid and growing interest in graphical passwords for
they are more or infinite in numbers thus providing more resistance. The major goal of this
work is to reduce the guessing attacks as well as encouraging users to select more random,
and difficult passwords to guess.

Department of computer engineering, SMSK, kondapur Page 1

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

2. SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

In existing system password are mostly of text oriented. So the password can be
broken by intruders by masquerading, brute force attack, dictionary attack etc. There are
some application existing with graphical passwords, their major drawback is larger memory
space.Some have prone to shoulder surfing attack. In Cued Click Point, the user have select
click point in five different images in sequence based on the previous image. The drawback
of the concept is it is difficult to remember the click points in different images.

2.2 PROPOSED SYSTEM

In proposed system, we use a click-based graphical password system. During
password creation, there is a small view port area that is randomly positioned on the image.
Users must select a click-point within the view port. If they are unable or unwilling to select a
point in the current view port, they may press the Shuffle button to randomly reposition the
view port. The view port guides users to select more random passwords. Therefore this works
encouraging users to select more random, and difficult passwords to guess.

2.3 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system analysis
the feasibility study of the proposed system is to be carried out. This is to ensure that the
proposed system is not a burden to the company. For feasibility analysis, some
understanding of the major requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

 ECONOMICAL FEASIBILITY
 TECHNICAL FEASIBILITY
 SOCIAL FEASIBILITY

2.3.1 TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the

Department of computer engineering, SMSK, kondapur Page 2

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for
implementing this system.
2.3.2 ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the developed
system as well within the budget and this was achieved because most of the technologies
used are freely available. Only the customized products had to be purchased.
2.3.3 SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about the system
and to make him familiar with it. His level of confidence must be raised so that he is also able
to make some constructive criticism, which is welcomed, as he is the final user of the system.

2.4SYSTEM REQUIREMENTS SPECIFICATION

2.4.1 SOFTWARE REQUIREMENT SPECIFICATION

Software Requirements Specification plays an important role in creating quality

software solutions. Specification is basically a representation process. Requirements are
represented in a manner that ultimately leads to successful software implementation.
Requirements may be specified in a variety of ways. However there are some guidelines
worth following: -
 Representation format and content should be relevant to the problem
 Information contained within the specification should be nested
 Diagrams and other notational forms should be restricted in number and
consistent in use.
 Representations should be revisable.
The software requirements specification is produced at the culmination of the analysis
task. The function and performance allocated to the software as a part of system engineering

Department of computer engineering, SMSK, kondapur Page 3

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

are refined by establishing a complete information description, a detailed functional and

behavioral description, and indication of performance requirements and design constraints,
appropriate validation criteria and other data pertinent to requirements.
An Outline of the Software Requirements Specification
A simplified outline can be given for the framework of the specifications. This is
according to the IEEE Standards.
2.4.2 USER REQUIREMENT SPECIFICATION

The user interface helps the users upon the system in searching through the existing
data and required services. The operational user interface also helps in adding new data as
and when required. Also the user can update/delete the data if wish to. There is no restriction
or access rights for the user to access the system. The interface helps the users with all the
transactional states like data insertion, data deletion and data updation.

2.4.2.1FUNCTIONAL REQUIREMENTS

Requiremen Requirement Specification Priority

t ID (A/B/C)
Image_01 A system should provide provision to the user to register.

Image_02 A system should provide a provision to the user to select an

image.
Image_03 A system should provide a provision to the user to generate
graphical password from selected image.
Image_04 A system should provide a provision to the user to compare
graphical password from input image for login.
Image_05 A system should provide a provision to Login user.

Image_06 A system should provide a provision to the user to compare

graphical password from input image for user to make
transactions.
Image_07 A system should provide provision to user to make his
transactions.
Image_08 A system should provide provision for user to deposit.

Department of computer engineering, SMSK, kondapur Page 4

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Image_09 System should provide a provision for user to withdrawal.

Image_10 System should provide a provision for user to view transaction

reports.
Table 2.4.2.1 Functional Requirements

2.4.3 NON-FUNCTIONAL REQUIREMENTS

Non-functional requirements describe user-visible aspects of the system that are not
directly related to functionality of the system.

 User Interface: A menu interface has been provided to the client to be user friendly.
 Documentation: The client is provided with an introductory help about the client
interface and the user documentation has been developed through help hyperlink.
 Performance Constraints: Requests should be processed within no time.Users
should be authenticated for accessing the requested data.
 Error Handling and Extreme Conditions: In case of User Error, the System should
display a meaningful error message to the user, such that the user can correct his
Error. The high level components in proposed system should handle exceptions that
occur while connecting to database server, IOExceptions etc.
 Quality Issues: Quality issues refer to how reliable, available and robust should the
system be? While developing the proposed system the developer must be able to
guarantee the reliability transactions so that they will be processed completely and
accurately. The ability of system to detect failures and recovery from those failures
refers to the availability of system. Robustness of system refers to the capability of
system providing information when concurrent users requesting for information.
 Acceptance Criteria: The developer will have to demonstrate and show to the user
that the system works by testing with suitable test cases so that all conditions are
satisfied.

Department of computer engineering, SMSK, kondapur Page 5

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

SYSTEM CONFIGURATION
Hardware System Configuration:

 Processor : Pentium –III

 Speed : 1.1 Ghz
 RAM : 256 MB(min)
 Hard Disk : 20 GB

Software System Configuration:

 Operating System : Windows95/98/2000/XP

 Front End : JAVA, Swing

 Database : MySQL

 Database Connectivity : JDBC

Department of computer engineering, SMSK, kondapur Page 6

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3. SYSTEM DESIGN

3.1 INPUT DESIGN

The input design is the link between the information system and the user. It comprises
the developing specification and procedures for data preparation and those steps are
necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur by
having people keying the data directly into the system. The design of input focuses on
controlling the amount of input required, controlling the errors, avoiding delay, avoiding
extra steps and keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design considered the
following things:
 What data should be given as input?
 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error occur.
3.1.1 OBJECTIVES
1. Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.
2. It is achieved by creating user-friendly screens for the data entry to handle large volume of
data. The goal of designing input is to make data entry easier and to be free from errors. The
data entry screen is designed in such a way that all the data manipulates can be performed. It
also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in
maize of instant. Thus the objective of input design is to create an input layout that is easy to
follow
3.1.2 OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to

Department of computer engineering, SMSK, kondapur Page 7

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output.
 Designing computer output should proceed in an organized, well thought out manner;
the right output must be developed while ensuring that each output element is
designed so that people will find the system can use easily and effectively. When
analysis design computer output, they should Identify the specific output that is
needed to meet the requirements.
 Select methods for presenting information.
 Create document, report, or other formats that contain information produced by the
system.

The output form of an information system should accomplish one or more of the following
objectives.
 Convey information about past activities, current status or projections of the
 Future.
 Signal important events, opportunities, problems, or warnings.
 Trigger an action.
 Confirm an action.
3.2 HIGH LEVEL DESIGN
3.2.1 SYSTEM DESIGN
A System design is an architecture which identifies different working(possible)
systems interacting with our main working system.

Image Database
Process System

3.2.2 SUB SYSTEM DESIGN

When a system is large and too complex to understand we divide the core system into parts
called Sub Systems.

UI Image Process Database

Sub System Sub System

Department of computer engineering, SMSK, kondapur Page 8

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.2.3 BLOCK DESIGN

Dividing the system into blocks which can be handled or designed in parallel to
achieve the time and efficiency constraints including the core requirement as per defined by
the client.

Registration Login Handler Transaction

Handler Handler

Database View
Handler Transaction

3.3 UML DIAGRAMS

The UML is a language for
 Visualizing
 Specifying
 Constructing
 Documenting
These are the artifacts of a software-intensive system.
A Conceptual Model of UML
The three major elements of UML are
 The UML’s basic building blocks
 The rules that dictate how those building blocks may be put together.
 Some common mechanisms that apply throughout the UML.

Basic building blocks of the UML. The vocabulary of UML encompasses three kinds of
building blocks:

 Things
 Relationships
 Diagrams

Department of computer engineering, SMSK, kondapur Page 9

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Things are the abstractions that are first-class citizens in a model;

Relationships tie these things together;
Diagrams group the interesting collection of things.
Things in UML: There are four kind of things in the UML
 Structural things
 Behavioral things.
 Grouping things
 An notational things
These things are the basic object oriented building blocks of the UML.They are used to write
well-formed models.

3.3.1 STRUCTURAL THINGS

Structural things are the nouns of the UML models. These are mostly static parts of
the model, representing elements that are either conceptual or physical. In all, there are seven
kinds of Structural things.
Class
A class is a description of a set of objects that share the same attributes, operations,
relationships, and semantics. A class implements one or more interfaces. Graphically a class
is rendered as a rectangle, usually including its name, attributes and operations, as shown
below.
Interface
An interface is a collection of operations that specify a service of a class or component. An
interface describes the externally visible behavior of that element

ISpelling

Graphically the interface is rendered as a circle together with its name.

Department of computer engineering, SMSK, kondapur Page 10

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Collaboration
Collaboration defines an interaction and is a society of roles and other elements that
work together to provide some cooperative behavior that’s bigger than the sum of all the
elements. Graphically, collaboration is rendered as an ellipse with dashed lines, usually
including only its name as shown below.

Chain of
Responsibility

Use Case
Use case is a description of a set of sequence of actions that a system performs that
yields an observable result of value to a particular thing in a model. Graphically, Use Case is
rendered as an ellipse with dashed lines, usually including only its name as shown below.

Place Order

Active Class
An active class is a class whose objects own one or more processes or threads and
therefore can initiate control activity. Graphically, an active class is rendered just like a class,
but with heavy lines usually including its name, attributes and operations as shown below.

SPOL

EMPLOYEE

DEATILS

Suspend ()
Flush ()

Department of computer engineering, SMSK, kondapur Page 11

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Component
Component is a physical and replaceable part of a system that conforms to and

provides the realization of a set of interfaces. Graphically, a component is rendered as a

rectangle with tabs, usually including only its name, as shown below.

orderform.java

Node
A Node is a physical element that exists at run time and represents a computational
resource, generally having at least some memory and often, processing capability.
Graphically, a node is rendered as a cube, usually including only its name, as shown below.

server

3.3.2 BEHAVIORAL THINGS

Behavioral Things are the dynamic parts of UML models. These are the verbs of a model,
representing behavior over time and space.

Interaction
An interaction is a behavior that comprises a set of messages exchanged among a set
of objects within a particular context to accomplish a specific purpose. Graphically, a
message is rendered as a direct line, almost always including the name if its operation, as
shown below.

Display

Department of computer engineering, SMSK, kondapur Page 12

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

State Machine
A state machine is a behavior that specifies the sequence of states an object are an
interaction goes through during its lifetime on response to events, together with its responses
to those events. Graphically, a state is rendered as a rounded rectangle usually including its
name and its sub-states, if any, as shown below.

Waiting

3.3.3 GROUPING THINGS

Grouping things are the organizational parts of the UML models. These are the boxes
into which a model can be decomposed.
Package
A package is a general-purpose mechanism for organizing elements into groups.

Business Rules

3.3.4 ANNOTATIONAL THINGS

Annotational things are the explanatory parts of the UML models.

Note
A note is simply a symbol for rendering constraints and comments attached to an
element or a collection of elements. Graphically a note is rendered as a rectangle with dog-
eared corner together, with a textual or graphical comment, as shown below.

Department of computer engineering, SMSK, kondapur Page 13

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.4 RELATIONSHIPS IN THE UML

There are four kinds of relationships in the UML:
 Dependency
 Association
 Generalization
 Realization

3.4.1DEPENDENCY:This is relationship between two classes whenever one class is

completely dependent on the other class. Graphically the dashed line represents it with
arrow pointing to the class that it is being depended on.

3.4.2ASSOCIATION:It is a relationship between instances of the two classes. There is

an association between two classes if an instance of one class must know about the other
in order to perform its work. In a diagram, an association is a link connecting two classes.
Graphically it is represented by line as shown.

3.4.3GENERALIZATION:An inheritance is a link indicating one class is a super class

of the other. A generalization has a triangle pointing to the super class. Graphically it is
represented by line with a triangle at end as shown.

3.4.4 REALIZATION:

Department of computer engineering, SMSK, kondapur Page 14

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.5 UML DIAGRAMS

Diagrams play a very important role in the UML. There are nine kind of modeling diagrams
as follows:

 Class Diagram
 Use Case Diagram
 Object Diagram
 Sequence Diagram
 Collaboration Diagram
 State Chart Diagram
 Activity Diagram
 Component Diagram
 Deployment Diagram

3.5.1 CLASS DIAGRAM

Class diagrams are the most common diagrams found in modeling object-oriented
systems. A class diagram shows a set of classes, interfaces, and collaborations and their
relationships. Graphically, a class diagram is a collection of vertices and arcs.

Contents:
Class Diagrams commonly contain the following things:

 Classes

 Interfaces
 Collaborations
 Dependency
 Generalization
 Association Relationships

Department of computer engineering, SMSK, kondapur Page 15

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Fig 3.5.1 Class Diagram

Department of computer engineering, SMSK, kondapur Page 16

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.5.2 OBJECT DIAGRAM

Fig 3.5.2 Object Diagram

3.5.3 USE CASE DIAGRAM

Use Case diagrams are one of the five diagrams in the UML for modeling the
dynamic aspects of systems(activity diagrams, sequence diagrams, state chart diagrams and
collaboration diagrams are the four other kinds of diagrams in the UML for modeling the
dynamic aspects of systems). Use Case diagrams are central to modeling the behavior of the
system, a sub-system, or a class. Each one shows a set of use cases and actors and
relationships.

Fig 3.5.3 Use Case Diagram

Department of computer engineering, SMSK, kondapur Page 17

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Common Properties
A Use Case diagram is just a special kind of diagram and shares the same common
properties, as do all other diagrams- a name and graphical contents that are a projection into
the model. What distinguishes a use case diagram from all other kinds of diagrams is its
particular content.
Contents
Use Case diagrams commonly contain:

Use Cases
Actors
Dependency, generalization, and association relationships
Like all other diagrams, use case diagrams may contain notes and constraints. Use
Case diagrams may also contain packages, which are used to group elements of your model
into larger chunks. Occasionally, you will want to place instances of use cases in your
diagrams, as well, especially when you want to visualize a specific executing system.

3.5.4 INTERACTION DIAGRAM

An Interaction diagram shows an interaction, consisting of a set of objects and their
relationships, including the messages that may be dispatched among them. Interaction
diagrams are used for modeling the dynamic aspects of the system.
A sequence diagram is an interaction diagram that emphasizes the time ordering of
the messages. Graphically, a sequence diagram is a table that shows objects arranged along
the X-axis and messages, ordered in increasing time, along the Y-axis and messages, ordered
in increasing time, along the Y-axis.

Contents
Interaction diagrams commonly contain:

Objects

Links
Messages
Like all other diagrams, interaction diagrams may contain notes and constraints.

Department of computer engineering, SMSK, kondapur Page 18

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

(a) For User Registration

Fig 3.5.4 (a) Interaction Diagram For User Registration

(b) For User Login

Fig 3.5.4 (b) Interaction Diagram for User Login

3.5.5 SEQUENCE DIAGRAM

A sequence diagram is an interaction diagram that emphasizes the time ordering of the
messages. Graphically, a sequence diagram is a table that shows objects arranged along the
X-axis and messages, ordered in increasing time, along the Y-axis.Typically you place the

Department of computer engineering, SMSK, kondapur Page 19

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

object that initiates the interaction at the left, and increasingly more sub-routine objects to the
right. Next, you place the messages that these objects send and receive along the Y-axis , in
order of increasing time from top to the bottomSequence diagrams have two interesting
features:
 There is the object lifeline. An object lifeline is the vertical dashed line that
represents the existence of an object over a period of time. Most objects that
appear in the interaction diagrams will be in existence for the duration of the
interaction, so these objects are all aligned at the top of the diagram, with their
lifelines drawn from the top of the diagram to the bottom.
 There is a focus of the control. The focus of control is tall, thin rectangle that
shows the period of time during which an object is performing an action, either
directly or through the subordinate procedure. The top of the rectangle is aligns
with the action; the bottom is aligned with its completion.

Contents
Sequence diagrams commonly contains
Objects
Object Life Line
Focus of Control
(a) For User Registration

Fig 3.5.5 (a) Sequence Diagram For User Registration

Department of computer engineering, SMSK, kondapur Page 20

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

(b) For User Login

Fig 3.5.5 (b) Sequence Diagram for User Login

3.5.6 ACTIVITY DIAGRAM

An Activity Diagram is essentially a flow chart showing flow of control from activity
to activity. They are used to model the dynamic aspects of as system. They can also be used
to model the flow of an object as it moves from state to state at different points in the flow of
control.
An activity is an ongoing non-atomic execution with in a State machine. Activities
ultimately result in some action, which is made up of executable atomic computations that
result in a change of state of distinguishes a use case diagram from all other kinds of
diagrams is its particular content.

Department of computer engineering, SMSK, kondapur Page 21

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Fig 3.5.6 Activity Diagram

Contents
Activity diagrams commonly contain:

Fork

Start & End Symbol

3.5.7 STATE CHART DIAGRAM
A state chart diagram shows a state machine. State chart diagrams are used to model
the dynamic aspects of the system. For the most part this involves modeling the behavior of
the reactive objects. A reactive object is one whose behavior is best characterized by its
response to events dispatched from outside its context. A reactive object has a clear lifeline
whose current behavior is affected by its past.
A state chart diagram show a state machine emphasizing the flow of control from
state to state. A state machine is a behavior that specifies the sequence of states an object
goes through during its lifetime in response to events together with its response to those
events. A state is a condition in the life of the object during which it satisfies some
conditions, performs some activity or wait for some events. An event is a specification of a
significant occurrence that has a location in time and space.
Graphically a state chart diagram is a collection of vertices and arcs.
Contents

Department of computer engineering, SMSK, kondapur Page 22

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

State chart diagram commonly contain:

Simple states and Composite states.
Transitions, including events and actions.

Fig 3.5.7 Start Chart Diagram

Department of computer engineering, SMSK, kondapur Page 23

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.5.8 DEPLOYMENT DIAGRAM

Fig 3.5.8 Deployment Diagram

3.6 DATA FLOW DIAGRAMS

Data flow diagram is a structure analysis tool that is used for graphical representation
of Data processes through any organization. The data flow approach emphasis on the logic
underlying the system, by using combination of only 4 symbols. It follows a top down
approach. A full description of a system actually consists of set of DFD s, which comprises of
various levels. And initial over view model is exploded lower level diagrams that show
additional feature of the system. Further each process can be broken down into a more
detailed DFD. This occurs repeatedly until sufficient details are described.The top-level
diagram is often called a “context diagram”. It contains a single process, but it plays a very
important role in studying the current system. The context diagram defines the system that
will be studied in the sense that it determines the boundaries. Anything that is not inside the
process identified in the context diagram will not be part of the system study. It represents the
entire software element as a single bubble with input and output data indicated by incoming
and outgoing arrows respectively.

Department of computer engineering, SMSK, kondapur Page 24

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

TYPES OF DATA FLOW DIAGRAMS

Data Flow Diagrams are of two types as follows:

3.6.1 Physical DFD
3.6.2 Logical DFD

3.6.1 PHYSICAL DFD

Structured analysis states that the current system should be first understand correctly.
The physical DFD is the model of the current system and is used to ensurethat the current
system has been clearly understood. Physical DFDs shows actual devices, departments, and
people etc., involved in the current system

3.6.2 LOGICAL DFD

Logical DFDs are the model of the proposed system. They clearly should show the
requirements on which the new system should be built. Later during design activity this is
taken as the basis for drawing the system’s structure charts.

Basic Notation
The Basic Notation used to create a DFD’s are as follows:
Dataflow: Data move in a specific direction from an origin to a destination.

Process: People, procedures, or devices that use or produce (Transform) Data. The
physical component is not identified.

Source: External sources or destination of data, which may be People, programs,

organizations or other entities.

Data Store: Here data are stored or referenced by a process in theSystem

Department of computer engineering, SMSK, kondapur Page 25

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.7 DESIGN
Design is the first step in moving from problem domain to the solution domain.
Design is essentially the bridge between requirements specification and the final solution.
The goal of design process is to produce a model or representation of a system, which can be
used later to build that system. The produced model is called the “Design of the System”. It
is a plan for a solution for the system.

3.7.1 SYSTEM DESIGN

Data Flow Diagram / Use Case Diagram / Flow Diagram
The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of the input data to the system, various processing carried
out on these data, and the output data is generated by the system.

3.7.1.1 PROCESS DIAGRAM

Fig 3.7.1.1 Process Diagram

Department of computer engineering, SMSK, kondapur Page 26

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

3.7.1.2 DATA FLOW DIAGRAMS

(A) Level 0

Fig 3.7.1.2 (a) level 0 of data flow diagram

(B)Level 1

Fig 3.7.1.2 (b) Level 1 of Data Flow Diagram

Department of computer engineering, SMSK, kondapur Page 27

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

4. CODING AND IMPLEMENTATION

4.1 INTRODUCTION

Software Environment
Java Technology
Java technology is both a programming language and a platform.
The Java Programming Language
The Java programming language is a high-level language that can be characterized by
all of the following buzzwords:

 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a program so that
you can run it on your computer. The Java programming language is unusual in that a
program is both compiled and interpreted. With the compiler, first you translate a program
into an intermediate language called Java byte codes —the platform-independent codes
interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java
byte code instruction on the computer. Compilation happens just once; interpretation occurs
each time the program is executed. The following figure illustrates how this works.

Department of computer engineering, SMSK, kondapur Page 28

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web
browser that can run applets, is an implementation of the Java VM. Java byte codes help
make “write once, run anywhere” possible. You can compile your program into byte codes on
any platform that has a Java compiler. The byte codes can then be run on any implementation
of the Java VM. That means that as long as a computer has a Java VM, the same program
written in the Java programming language can run on Windows 2000, a Solaris workstation,
or on an iMac.

The Java Platform

A platform is the hardware or software environment in which a program runs.
We’ve already mentioned some of the most popular platforms like Windows 2000,
Linux, Solaris, and MacOS. Most platforms can be described as a combination of the
operating system and hardware. The Java platform differs from most other platforms
in that it’s a software-only platform that runs on top of other hardware-based
platforms.

Department of computer engineering, SMSK, kondapur Page 29

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java
platform and is ported onto various hardware-based platforms.
The Java API is a large collection of ready-made software components that
provide many useful capabilities, such as graphical user interface (GUI) widgets. The
Java API is grouped into libraries of related classes and interfaces; these libraries are
known as packages. The next section, What Can Java Technology Do? Highlights
what functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.

Native code is code that after you compile it, the compiled code runs on a
specific hardware platform. As a platform-independent environment, the Java
platform can be a bit slower than native code. However, smart compilers, well-tuned
interpreters, and just-in-time byte code compilers can bring performance close to that
of native code without threatening portability.
What Can Java Technology Do?

The most common types of programs written in the Java programming

language are applets and applications. If you’ve surfed the Web, you’re probably
already familiar with applets. An applet is a program that adheres to certain
conventions that allow it to run within a Java-enabled browser. However, the Java
programming language is not just for writing cute, entertaining applets for the Web.

Department of computer engineering, SMSK, kondapur Page 30

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

The general-purpose, high-level Java programming language is also a powerful

software platform. Using the generous API, you can write many types of programs.
An application is a standalone program that runs directly on the Java platform.
A special kind of application known as a server serves and supports clients on a
network. Examples of servers are Web servers, proxy servers, mail servers, and print
servers. Another specialized program is a servlet. A servlet can almost be thought of
as an applet that runs on the server side. Java Servlets are a popular choice for
building interactive web applications, replacing the use of CGI scripts. Servlets are
similar to applets in that they are runtime extensions of applications. Instead of
working in browsers, though, servlets run within Java Web servers, configuring or
tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
 The Essentials: Objects, strings, threads, numbers, input and output, data structures,
system properties, date and time, and so on.
 Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
 Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed in
the appropriate language.
 Security: Both low level and high level, including electronic signatures, public and
private key management, access control, and certificates.
 Software Components: Known as JavaBeansTM, can plug into existing component
architectures.
 Object Serialization: Allows lightweight persistence and communication via Remote
Method Invocation (RMI).
 Java Database Connectivity (Jdbctm): Provides uniform access to a wide range of
relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts
what is included in the Java 2 SDK.

Department of computer engineering, SMSK, kondapur Page 31

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

How will java technology change my life?

We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than
other languages. We believe that Java technology will help you do the following:
 Get Started Quickly: Although the Java programming language is a powerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with
C or C++.
 Write less code: Comparisons of program metrics (class counts, method counts, and
so on) suggest that a program written in the Java programming language can be four
times smaller than the same program in C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer bugs.
 Develop programs more quickly: Your development time may be as much as twice
as fast versus writing the same program in C++. Why? You write fewer lines of code
and it is a simpler programming language than C++.
 Avoid platform dependencies with 100% Pure Java: You can keep your program
portable by avoiding the use of libraries written in other languages. The 100% Pure

Department of computer engineering, SMSK, kondapur Page 32

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

JavaTM Product Certification Program has a repository of historical process manuals,

white papers, brochures, and similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
 Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded “on
the fly,” without recompiling the entire program.

4.2 ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface
for application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it
should be. Application developers have much more important things to worry about than the
syntax that is needed to port their program from one database to another when business needs
suddenly change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they are
installed when you setup a separate database application, such as SQL Server Client or Visual
Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this
program and each maintains a separate list of ODBC data sources.
From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of
the database vendor. The source code of the application doesn’t change whether it talks to
Oracle or SQL Server. We only mention these two as an example. There are ODBC drivers

Department of computer engineering, SMSK, kondapur Page 33

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

available for several dozen popular database systems. Even Excel spreadsheets and plain text
files can be turned into data sources. The operating system uses the Registry information
written by ODBC Administrator to determine which low-level ODBC drivers are needed to
talk to the data source (such as the interface to Oracle or SQL Server). The loading of the
ODBC drivers is transparent to the ODBC application program. In a client/server
environment, the ODBC API even handles many of the network issues for the application
programmer.
The advantages of this scheme are so numerous that you are probably thinking there
must be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking
directly to the native database interface. ODBC has had many detractors make the charge that
it is too slow. The availability of good ODBC drivers has improved a great deal recently. And
anyway, the criticism about performance is somewhat analogous to those who said that
compilers would never match the speed of pure assembly language. Maybe not, but the
compiler (or ODBC) gives you the opportunity to write cleaner programs, which means you
finish sooner. Meanwhile, computers get faster every year.

4.3 JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent
interface is achieved through the use of “plug-in” database connectivity modules, or drivers.
If a database vendor wishes to have JDBC support, he or she must provide the driver for each
platform that the database and Java run on. To gain a wider acceptance of JDBC, Sun based
JDBC’s framework on ODBC. As you discovered earlier in this chapter, ODBC has
widespread support on a variety of platforms. Basing JDBC on ODBC will allow vendors to
bring JDBC drivers to market much faster than developing a completely new connectivity
solution.
JDBC was announced in March of 1996. It was released for a 90 day public review
that ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was
released soon after. The remainder of this section will cover enough information about JDBC
for you to know what it is about and how to use it effectively. This is by no means a complete
overview of JDBC. That would fill an entire book.

Department of computer engineering, SMSK, kondapur Page 34

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

4.3.1 JDBC Goals

Few software packages are designed without goals in mind. JDBC is one that, because
of its many goals, drove the development of the API. These goals, in conjunction with early
reviewer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC
are as follows:
 SQL Level API
The designers felt that their main goal was to define a SQL interface for Java.
Although not the lowest database interface level possible, it is at a low enough level
for higher-level tools and APIs to be created. Conversely, it is at a high enough level
for application programmers to use it confidently. Attaining this goal allows for future
tool vendors to “generate” JDBC code and to hide many of JDBC’s complexities from
the end user.

 SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort
to support a wide variety of vendors, JDBC will allow any query statement to be
passed through it to the underlying database driver. This allows the connectivity
module to handle non-standard functionality in a manner that is suitable for its users.

 JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal
allows JDBC to use existing ODBC level drivers by the use of a software interface.
This interface would translate JDBC calls to ODBC and vice versa.
 Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that
they should not stray from the current design of the core Java system.

 Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method
of completing a task per mechanism. Allowing duplicate functionality only serves to
confuse the users of the API.

Department of computer engineering, SMSK, kondapur Page 35

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

 Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less
error appear at runtime.

 Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to
perform with JDBC. However, more complex SQL statements should also be
possible.

Finally we decided to proceed the implementation using Java

Networking.

And for dynamically updating the cache table we go for MS Access database.

Java ha two things: a programming language and a platform.

Java is a high-level programming language that is all of the following

Simple Architecture-neutral

Object-oriented Portable

Distributed High-performance

Interpreted multithreaded

Robust Dynamic

Secure

Java is also unusual in that each Java program is both compiled and interpreted.
With a compile you translate a Java program into an intermediate language called
Java byte codes the platform-independent code instruction is passed and run on the
computer.

Compilation happens just once; interpretation occurs each time the program is
executed. The figure illustrates how this works.

Department of computer engineering, SMSK, kondapur Page 36

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Java Interpreter
Program

Compilers My Program

You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a Java development
tool or a Web browser that can run Java applets, is an implementation of the Java
VM. The Java VM can also be implemented in hardware.

Java byte codes help make “write once, run anywhere” possible. You can compile
your Java program into byte codes on my platform that has a Java compiler. The
byte codes can then be run any implementation of the Java VM. For example, the
same Java program can run Windows NT, Solaris, and Macintosh.

4.4 NETWORKING

TCP/IP stack: The TCP/IP stack is shorter than the OSI one:

TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a connectionless

protocol.

Department of computer engineering, SMSK, kondapur Page 37

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers

each datagram independently of the others. Any association between datagram must be
supplied by the higher layers. The IP layer supplies a checksum that includes its own
header. The header includes the source and destination addresses. The IP layer handles
routing through an Internet. It is also responsible for breaking up large datagram into
smaller ones for transmission and reassembling them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the
contents of the datagram and port numbers. These are used to give a client/server model -
see later.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It

provides a virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer which gives
the IP address. This encodes a network ID and more addressing. The network ID falls into
various classes according to the size of the network address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other addressing.
Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class D
uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is currently
on one sub network and uses 10-bit addressing, allowing 1024 different hosts.

Department of computer engineering, SMSK, kondapur Page 38

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of 256
machines that can be on the subnet.

Total address

The 32 bit address is usually written as 4 integers separated by dots.

Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To
send a message to a server, you send it to the port for that service of the host that it is
running on. This is not location transparency! Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network connections.

A socket is created using the call socket. It returns an integer that is like a file descriptor. In
fact, under Windows, this handle can be used with Read File and Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero, and
type will depend on whether TCP or UDP is used. Two processes wishing to communicate
over a network create a socket each. These are similar to two ends of a pipe - but the actual
pipe does not yet exist.

Department of computer engineering, SMSK, kondapur Page 39

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

4.5 JFREE CHART

JFreeChart is a free 100% Java chart library that makes it easy for developers to
display professional quality charts in their applications. JFreeChart's extensive feature set
includes:
 A consistent and well-documented API, supporting a wide range of chart types;
 A flexible design that is easy to extend, and targets both server-side and client-side
applications;

Support for many output types, including Swing components, image files (including
PNG and JPEG), and vector graphics file formats (including PDF, EPS and SVG);
JFreeChart is "open source" or, more specifically, free software. It is distributed under the
terms of the GNU Lesser General Public License (LGPL), which permits use in proprietary
applications.

 Map Visualizations
Charts showing values that relate to geographical areas. Some examples include: (a)
population density in each state of the United States, (b) income per capita for each
country in Europe, (c) life expectancy in each country of the world. The tasks in this
project include:Sourcing freely redistributable vector outlines for the countries of the
world, states/provinces in particular countries (USA in particular, but also other areas);
Creating an appropriate dataset interface (plus default implementation), a rendered, and
integrating this with the existing XYPlot class in JFreeChart;
Testing, documenting, testing some more, documenting some more.

 Time Series Chart Interactivity

Implement a new (to JFreeChart) feature for interactive time series charts --- to
display a separate control that shows a small version of ALL the time series data, with a
sliding "view" rectangle that allows you to select the subset of the time series data to
display in the main chart.

 Dashboards

There is currently a lot of interest in dashboard displays. Create a flexible dashboard

mechanism that supports a subset of JFreeChart chart types (dials, pies, thermometers,

Department of computer engineering, SMSK, kondapur Page 40

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

bars, and lines/time series) that can be delivered easily via both Java Web Start and an
applet.

 Property Editors
The property editor mechanism in JFreeChart only handles a small subset of the
properties that can be set for charts. Extend (or reimployment) this mechanism to provide
greater end-user control over the appearance of the charts.

4.6 TOMCAT 6.0 WEB SERVER

Tomcat is an open source web server developed by Apache Group. Apache Tomcat is
the servlet container that is used in the official Reference Implementation for the Java Servlet
and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are
developed by Sun under the Java Community Process. Web Servers like Apache Tomcat
support only web components while an application server supports web components as well
as business components (BEAs Weblogic, is one of the popular application server)..

4.7MYSQL DATABASE

MySQL, the most popular Open Source SQL database management system, is
developed, distributed, and supported by MySQL. MySQL is a commercial company,
founded by the MySQL developers. It is a second generation Open Source company that
unites Open Source values and methodology with a successful business model.

 MySQL is a database management system.

 A database is a structured collection of data. It may be anything from a simple
shopping list to a picture gallery or the vast amounts of information in a corporate
network. To add, access, and process data stored in a computer database, you need a
database management system such as MySQL Server. Since computers are very good
at handling large amounts of data, database management systems play a central role in
computing, as standalone utilities, or as parts of other applications.
 MySQL is a relational database management system.

A relational database stores data in separate tables rather than putting all the data in
one big storeroom. This adds speed and flexibility. The SQL part of “MySQL” stands for
“Structured Query Language.” SQL is the most common standardized language used to

Department of computer engineering, SMSK, kondapur Page 41

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

access databases and is defined by the ANSI/ISO SQL Standard. The SQL standard has been
evolving since 1986 and severalversions exist. In this manual, “SQL-92” refers to the
standard released in 1992, “SQL:1999” refers to the standard released in 1999, and
“SQL:2003” refers to the current version of the standard. We use the phrase “the SQL
standard” to mean the current version of the SQL Standard at any time.

 MySQL software is Open Source.

Open Source means that it is possible for anyone to use and modify the software.
Anybody can download the MySQL software from the Internet and use it without paying
anything. MySQL Server was originally developed to handle large databases much faster
than existing solutions and has been successfully used in highly demanding production
environments for several years. Although under constant development, MySQL Server today
offers a rich and useful set of functions. Its connectivity, speed, and security make MySQL
Server highly suited for accessing databases on the Internet.

 MySQL Server works in client/server or embedded systems.

 The MySQL Database Software is a client/server system that consists of a multi-
threaded SQL server that supports different backends, several different client
programs and libraries, administrative tools, and a wide range of application
programming interfaces (APIs). We also provide MySQL Server as an embedded
multi-threaded library that you can link into your application to get a smaller,
faster, easier-to-manage standalone product.
 A large amount of contributed MySQL software is available. It is very likely that
your favorite application or language supports the MySQL Database Server.

Internals and Portability

 Written in C and C++

 Tested with a broad range of different compilers.
 Works on many different platforms..
 Uses GNU Automake, Autoconf, and Libtool for portability.
 The MySQL Server design is multi-layered with independent modules.
 Fully multi-threaded using kernel threads. It can easily use multiple CPUs if they are
available.

Department of computer engineering, SMSK, kondapur Page 42

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

 Provides transactional and non-transactional storage engines.

 Uses very fast B-tree disk tables (MyISAM) with index compression.
 Relatively easy to add other storage engines. This is useful if you want to provide an
SQL interface for an in-house database.
 A very fast thread-based memory allocation system.
 Very fast joins using an optimized one-sweep multi-join.
 In-memory hash tables, which are used as temporary tables.
 SQL functions are implemented using a highly optimized class library and should be
as fast as possible. Usually there is no memory allocation at all after query
initialization.
 The MySQL code is tested with Purify (a commercial memory leakage detector) as
well as with Valgrind, a GPL tool
 The server is available as a separate program for use in a client/server networked
environment.

Scalability and Limits

 Handles large databases. We use MySQL Server with databases that contain 50
million records. We also know of users who use MySQL Server with 60,000 tables
and about 5,000,000,000 rows.

Security

 A privilege and password system that is very flexible and secure, and that allows host-
based verification.
 Passwords are secure because all password traffic is encrypted when you connect to a
server.

Department of computer engineering, SMSK, kondapur Page 43

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

4.8 CODING

Program Coding
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package imageprocess;

/**
*
* @author Administrator
*/
import java.awt.*;
import java.awt.event.*;
import java.awt.geom.Area;
import java.awt.geom.Path2D;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.sql.*;
import java.sql.DriverManager;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.swing.*;

/**
*
* @author Administrator
*/
public class CompareImage extends JFrame implements ActionListener
{

JPanel panel=new JPanel();

Container c;

static JLabel picture=new JLabel();

JLabel name=new JLabel("Name");

JLabel password=new JLabel("Password");
JLabel filename=new JLabel("FileName");

JTextField nametext=new JTextField();

JTextField passwordtext=new JTextField();
JTextField filenametext=new JTextField();

Department of computer engineering, SMSK, kondapur Page 44

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

JButton upload=new JButton("Upload");

JButton Compare=new JButton("Display");
JButton Browse=new JButton("Browse");
JButton viewport=new JButton("Viewport");

static ImageIcon icon;

File file;
BufferedImage image;
static Image pic;

static byte[] bytes = null;

CompareImage() throws IOException

{

c=(JPanel)getContentPane();
c.setLayout(null);
c.setBackground(Color.WHITE);

picture.setBounds(50,100,400,325);

filename.setBounds(600,100,100,30);
filenametext.setBounds(720,100,300,30);

name.setBounds(600,150,100,30);
password.setBounds(600,200,100,30);

nametext.setBounds(720,150,100,30);
passwordtext.setBounds(720,200,100,30);

Browse.setBounds(530,400,100,20);
upload.setBounds(650,400,100,20);
Compare.setBounds(770,400,100,20);
viewport.setBounds(770,450,100,20);

c.add(picture);
c.add(filename);
c.add(filenametext);
c.add(name);
c.add(nametext);
c.add(password);
c.add(passwordtext);

Department of computer engineering, SMSK, kondapur Page 45

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

c.add(viewport);
c.add(upload);
c.add(Compare);
c.add(Browse);

viewport.addActionListener(this);
upload.addActionListener(this);
Compare.addActionListener(this);
Browse.addActionListener(this);

public void actionPerformed(ActionEvent ae)

{
if(ae.getSource()==upload)
{
Connection connection = null;

PreparedStatement psmnt = null;

FileInputStream fis;

String filename=filenametext.getText();
String name=nametext.getText();
String password=passwordtext.getText();
try
{

Class.forName("com.mysql.jdbc.Driver");

connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root","");

File image = new File(filename);

psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)");

psmnt.setString(1,name);
psmnt.setString(2,filename);

fis = new FileInputStream(image);

psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length()));

int s = psmnt.executeUpdate();
}

Department of computer engineering, SMSK, kondapur Page 46

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

catch(Exception ee)
{

else if(ae.getSource()==Compare)
{

String filename=filenametext.getText();

try
{
File file=new File(filename);
BufferedImage image=ImageIO.read(file);

ImageIcon icon=new ImageIcon(image);

picture.setIcon(icon);

}
catch(Exception ee)
{

}
}
else if(ae.getSource()==Browse)
{
JFileChooser chooser = new JFileChooser();

try {

File f = new File(new File("filename.txt").getCanonicalPath());

chooser.setSelectedFile(f);
}
catch (IOException e1)
{
}
int retval = chooser.showOpenDialog(Browse);
if (retval == JFileChooser.APPROVE_OPTION){
File field = chooser.getSelectedFile();
filenametext.setText(field.getAbsolutePath());

Department of computer engineering, SMSK, kondapur Page 47

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

else if(ae.getSource()==viewport)
{
System.out.println("aa");
}

}
}

public static void main(String[] arg) throws IOException

{

JFrame pixel=new CompareImage();

pixel.setSize(1000,700);
pixel.setVisible(true);
pixel.setLocationRelativeTo(null);

}
}

Department of computer engineering, SMSK, kondapur Page 48

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

5. TESTING

5.1 SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality
of components, subassemblies, assemblies and/or a finished product It is the process of
exercising software with the intent of ensuring that the Software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

5.2 TYPES OF TESTING

 Unit testing
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program inputs produce valid outputs. All
decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge
of its construction and is invasive. Unit tests perform basic tests at component level
and test a specific business process, application, and/or system configuration. Unit
tests ensure that each unique path of a business process performs accurately to the
documented specifications and contains clearly defined inputs and expected results.
 Integration testing
Integration tests are designed to test integrated software components to determine if
they actually run as one program. Testing is event driven and is more concerned with
the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is
specifically aimed at exposing the problems that arise from the combination of
components.

Department of computer engineering, SMSK, kondapur Page 49

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

 Functional test
Functional tests provide systematic demonstrations that functions tested are available
as specified by the business and technical requirements, system documentation, and
user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input: identified classes of invalid input must be rejected.
Functions: identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key
functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes
must be considered for testing. Before functional testing is complete, additional tests
are identified and the effective value of current tests is determined.
 System Testing
System testing ensures that the entire integrated software system meets requirements.
It tests a configuration to ensure known and predictable results. An example of system
testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration
points.
 White Box Testing
White Box Testing is a testing in which in which the software tester has knowledge of
the inner workings, structure and language of the software, or at least its purpose. It is
purpose. It is used to test areas that cannot be reached from a black box level.
 Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box
.you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.

Department of computer engineering, SMSK, kondapur Page 50

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

5.3 UNIT TESTING

Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be conducted as
two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.
Features to be tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.

5.4 INTEGRATION TESTING

Software integration testing is the incremental integration testing of two or more integrated
software components on a single platform to produce failures caused by interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company
level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

5.5 ACCEPTANCE TESTING

User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

Department of computer engineering, SMSK, kondapur Page 51

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

Test Test Case Procedure Expecting Exhibiting

Case behavior behavior Result
ID

User to register. User has to select User has to be New user is

‘New User’ option registered if the registered.
1 Pass
and enter the details entered details
of user. are true else
return error
message.

2 User to insert an User has to the User has to Uaer Pass

image. Browse option and browse an selected an
select the required image. image.
image as input.

3 User to Create User has to select User has to User is

Graphical ‘create Password’ create Graphical created Pass
Password. option and browse a password. Graphical
graphical image to password.
create graphical
password.

4 User to compare User has to select an User has to User Pass

images. image as input to insert an image. inserted an
compare Graphical image.
password to match.

5 User to get User has to select User has to login User is

Login. ‘registered user’ if the entered logged in. Pass
option and enter the login details are
login details. true else return
error display
message.

Department of computer engineering, SMSK, kondapur Page 52

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6 User to deposit. User has to select User has to be User got

‘deposit’ option and deposited. deposited. Pass
transact the amount.

7 User to User has to select User has to be User is Pass

withdrawal. ‘withdrawal’ option withdrawal. withdrawn
and transact the amount.
amount.

8 User to view User has to select User has to view User viewed Pass
transaction ‘transaction Report’ the transaction the
reports. and enter the reports if transaction
password details. entered details reports.
are true else
return error
message.

Table 5.6 Test Cases

Department of computer engineering, SMSK, kondapur Page 53

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6. RESULTS

6.1 BUILDING A PROJECT

Fig: 6.1 Building a project

Department of computer engineering, SMSK, kondapur Page 54

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.2 HOME PAGE

Fig: 6.2 Home page

6.3 USER REGISTER DETAILS

Fig: 6.3 User register details

Department of computer engineering, SMSK, kondapur Page 55

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.4 GETTING THE ACKNOWLEDGEMENT

Fig: 6.4 getting the acknowledgement

6.5 CREATING A GRAPHICAL PASSWORD

Fig: 6.5 creating a graphical password

Department of computer engineering, SMSK, kondapur Page 56

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.6 SELECT THE IMAGE BY CLICKING POINTS

Fig: 6.6 Select the image by clicking points

6.7VIEW POINT OF AN IMAGE

Fig: 6.7 View point of an image

Department of computer engineering, SMSK, kondapur Page 57

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.8 X,Y POINT OF AN IMAGE PAGE

Fig: 6.8 X, Y point of an image page

6.9 CREATING OF GRAPHICAL PASSWORD

Fig: 6.9 Creating graphical password

Department of computer engineering, SMSK, kondapur Page 58

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.10 USER LOGIN PAGE

Fig: 6.10 User login page

6.11 IMAGE LOGIN PAGE

Fig: 6.11 Image login page

Department of computer engineering, SMSK, kondapur Page 59
 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.12 COMPARING THE X,Y POINTS

Fig: 6.12 comparing the X,Y points

6.13 BANKING SYSTEM PAGE

Fig: 6.13 Banking system page

Department of computer engineering, SMSK, kondapur Page 60

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.14 USER DEPOSITORY AMOUNT PAGE

Fig: 6.14 User depository amount page

6.15 AMOUNT DEPOSITED ACKNOWLEDGMENT

Fig: 6.15 Amount deposited acknowledgment

Department of computer engineering, SMSK, kondapur Page 61

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.16 USER WITHDRAW AMOUNT PAGE

Fig: 6.16 User withdraw amount page

6.17 AMOUNT WITHDRAW ACKNOWLEDGMENT

Fig: 6.17 Amount withdraw acknowledgement

Department of computer engineering, SMSK, kondapur Page 62

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.18 USER TRANSACTION DETAILS PAGE

Fig: 6.18 User transaction details page

6.19 VIEWING THE DEPOSIT & WITHDRAW HISTORY DETAILS

Fig: 6.19 Viewing the deposit & withdraw history details

Department of computer engineering, SMSK, kondapur Page 63

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

6.20 USER TRANSACTION HISTORY PAGE

Fig: 6.20 User transaction history page

6.21 VIEWING THE FINAL RESULT

Fig: 6.21 Viewing the final result

Department of computer engineering, SMSK, kondapur Page 64

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

7. CONCLUSION AND FUTURE ENHANCEMENT

A major advantage of Persuasive cued click point scheme is its large password space over
alphanumeric passwords. There is a growing interest for Graphical passwords since they are
better than Text based passwords, although the main argument for graphical passwords is
that people are better at memorizing graphical passwords than text-based passwords. Online
password guessing attacks on password-only systems have been observed for decade‟s
.Present-day attackers targeting such systems are empowered by having control of thousand
to million node botnets. In previous ATT-based login protocols, there exists a security-
usability trade-off with respect to the number of free failed login attempts (i.e., with no
ATTs) versus user login convenience (e.g., less ATTs and other requirements). In contrast,
PGRP is more restrictive against brute force and dictionary attacks while safely allowing a
large number of free failed attempts for legitimate users. PGRP is apparently more effective
in preventing password guessing attacks (without answering ATT challenges), it also offers
more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP
appears suitable for organizations of both small and large number of user accounts.

It is not possible to develop a system that makes all the requirement of the user. The user
requirement keep changing as the system is being used.

Some of the futures enhancements can be done to this system are:-

 As the technology emerges, it is possible to upgrade the system and be adaptable to
desired environment.
 Because it is based on object oriented design, any future change can be easily
adaptable.

 Based on the future security issues can be improved using emerging technologies.

Department of computer engineering, SMSK, kondapur Page 65

 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

8. BIBLIOGRAPHY

REFERENCES
[1] Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password
Authentication Using Cued Click Points”ESORICS, LNCS 4734, pp.359-374,Springer-
Verlag Berlin Heidelberg 2007.

[2] Manu Kumar, Tal Garfunkel, Dan Boneh and Terry Winograd, “Reducing Shoulder-
surfing by Using Gaze based Password Entry”, Symposium On Usable Privacy and Security
(SOUPS) , July18-20, 2007, Pittsburgh, PA, USA.

[3] Zhi Li, Qibin Sun, Yong Lain, and D. D.Giusto, „An association-based graphical
password design resistant to shoulder surfing attack‟, International Conference on
Multimedia and Expo (ICME), IEEE.2005

[4] R. Dhamija and A. Perrig, "Deja Vu: A UserStudy Using Images for Authentication," in
Proceedings of9th USENIX Security Symposium,2000.

[5] S. Akula and V. Devisetty, "Image BasedRegistration and Authentication System," in

Proceedings ofMidwes Instruction andComputing Symposium, 2004.

[6] L. Sobrado and J.-C. Birget, "Graphicalpasswords," The Rutgers Scholar, An Electronic
Bulletin forUndergraduate Research, vol. 4,2002.

[7] Sonia Chiasson, Alain Forget , RobertBiddle, P. C. van Oorschot, “User interfacedesign
affects security: patterns in click-basedgraphical passwords”, Springer-Verlag 2009.

[8] I. Jermyn, A. Mayer, F. Monrose, M. K.Reiter, and A.D. Rubin, "The Design andAnalysis
of Graphical Passwords," inProceedings of the 8th USENIXSecuritySymposium, 1999.

[9] S. Man, D. Hong, and M. Mathews, "Ashoulder surfing resistant graphical

passwordscheme," in Proceedingsof Internationalconference on security andmanagement.
LasVegas, NV, 2003.
Department of computer engineering, SMSK, kondapur Page 66
 IMPROVING LOGIN AUTHORIZATION BY PROVIDING GRAPHICAL PASSWORD

[10] A. Adams and M. A. Sasse, "Users are notthe enemy: why users compromise computer
security mechanisms and how to take remedialmeasures," Communicationsof the ACM, vol.
42,pp. 41-46, 1999.

[11] I. Jermyn, A. Mayer, F. Monrose, M. K.Reiter, and A.D. Rubin, "The Design
andAnalysis of Graphical Passwords," inProceedings of the 8th USENIXSecuritySymposium,
1999.

Department of computer engineering, SMSK, kondapur Page 67