Project Report ON: Department of Master of Computer Applications

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 89

PROJECT REPORT ON

PROVABLY SECURET NESTED ONE-TIME SECRET MECHANISMS FOR FAST MUTUAL AUTHENTICATION AND KEY EXCHANGE IN MOBILE COMMUNICATIONS A Project Report Submitted To Jawaharlal Nehru Technological University, Hyderabad For the partial fulfillment of the Requirement For the Award of Degree of MASTER OF COMPUTER APPLICATIONS Done by Mr.K.Anjaneyulu. Sri Rajasekhar, Assistant Professor Dept.Of MCA SVITS, Mahabubnagar. Reg.No.08571F0012

Under The Esteemed Guidance Of

DEPARTMENT OF MASTER OF COMPUTER APPLICATIONS

Department of MASTER OF COMPUTER APPLICATION

Sree Visvesvaraya Institute of Technology & Science (Affiliated to J.N.T.U, Hyderabad, Approved by AICTE, New Delhi) Chowdarpally, Mahabubnagar, Andhrapradesh. 2008-2011

AUTHENTICATION OF PEOPLE BY THEIR TYPING PATTERNS

CONTENTS

Abstract 1 Introduction 1.1.General 1.2.Objective 1.3.Existing System 1.4.Proposed System 1.5.Proposed System Features 2 System Analysis 2.1.Overview 2.2.Modules 3 Feasibility Report 3.1.Introduction 3.2.Technical Feasibility 3.3.Operational Feasibility 3.4.Economic Feasibility 9-10 5-8 1-4

4 Requirements 4.1.SDLC Methodology 4.2.Functional Requirements

11-16

4.3.Non- Functional Requirements 4.4.Hardware Requirements 4.5.Software Requirements


5

Design Engineering 5.1.General 5.2.Activity Diagram 5.3.Use Case Diagram 5.4.Sequence Diagram 5.5.Collaboration Diagram 5.6.Class Diagram

17-27

6 7

Technology Description Snapshots software Testing

28-58 59-71 72-79 80 81

8 9 10

Conclusion References

Abstract

The deficiencies of traditional password-based access systems have become more acute as these systems have grown in size and scope. Researchers are actively investigating ways to improve the security of password systems or offer replacements. One category of improvements uses keystroke biometrics, an approach which seeks to identify an individual by their typing characteristics. Since 1980, a number of techniques have been proposed for accurately harnessing keystroke dynamics for system authentication and other novel uses. But do these systems deliver on their promise to increase system security and simultaneously ease the burden of logging into systems and remembering passwords? And do databases of users' keystroke profiles present additional privacy concerns? The keystroke bio metrics is used with the application in news reporting system. It will detect the person who send the news is the reporter or some other person who hacked the user name and password of the system. First the pattern of the reporter is stored with the server system. Server after receiving the text then it matches with the text pattern information in it.

1. INTRODUCTION
1.1. General:
As an attempt to develop more powerful authentication system, with low cost and good acceptance by users, we proposed here an authentication mechanism based on biometric information of human typing patterns. At the movement we present a complete description of the architecture with the multi pattern verification units and results of first phase implementation of the mechanism based on single pattern verification unit among Multilayer perception, Learning-Vector-Quantization, Self-Organizing Neural Networks and Support Vector machine. Today, all computer based system claims for more sophisticated mechanisms to guarantee the information security. The fast evolution of communication systems provided us a great volume of information anywhere any time. The security question became proprietary. Making these systems reliable and secure is one of the most important challenges of the communication evolution. Authentication is the way to correctly verify one person who he or she claims to be. Many research works have been developed on the way to correctly identify somebody. Since old times, the humans try to identify each other correctly. The most traditional way to confirm that some body who he or she claims to be is to verify his or her handwritten signature. In computer systems, similar issue should be considered. All information systems adopt some king of authentication. The most common mechanism is called user name and password. This mechanism consists of basically of an association between a public information (username normally every one knows it) that uniquely identify the user on
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

the system, and a secret word (no body beyond the user should know it) that confirms that the person associated by that user name is who he or she to be. This mechanism presents some drawbacks that make it very week. Some of its drawbacks are: Persons choose easy to break passwords as family names and birthday dates; persons normally write their passwords in places of easy access; one can easily see one password on steal it with no knowledge of disclosure. On the other hand, to develop an additional authentication mechanism that carries some advantages like low cost; high performance and high acceptability are not easy. User name and password are easy to implement (low cost) and are largely acceptable by the users. Thats why still most famous authentication mechanism applied nowadays. There are three main techniques to verify ones identification: some thing a person knows (a code); some thing a person posses (a card); some ting a person has (a characteristic). All these three techniques can be combined on the way to produce more efficient identification system. Naturally if we apply all the three techniques together a more secure authentication mechanism will be produced. However we still have to evaluate the cost and the acceptance issues involved in establishing a more sophisticated authentication mechanism. The last technique is based on ones biometrics characteristics. A biometrical system is a pattern recognition system that establishes the authenticity either specific physiological characteristics (some particular structural characteristics such as hand size or iris format and color) or behavioral characteristics (some particular behavioral characteristic such as typing speed or writing pressure) inherent to a user.. One kind of biometrical behavioral characteristic that can be used to provide a particular identification is the dynamics characteristics of

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

someones typing or the human typing pattern. this approach is possible and effective.

Many studies shown that

Combined with traditional authentication system, the user typing information can be of some help to identify users more precisely. Considering behavioral typing information to authenticate users can be very convenient because not extra hardware is necessary. All the behavioral information can be obtained by software systems, what generally implies lower cost than hardware development. Moreover nothing changes in the way the user authenticates himself, what makes it more acceptable. However the great question that lies on the kind of authentication is how precisely can we verify the user typing behavioral characteristics. Many studies, as mentioned before, have shown that this kind of identification is viable but still far from obtaining satisfactory indices of FAR (False Alarm Rate) and IPR (Impostor pass rate) if compared with other biometric techniques like finger printing. We will show that FAR and IPR go on opposite directions It means if we try to reduce one of these indices the other will grow up. To evaluate typing characteristics two main measures have to be obtained about ones typing: Results presented in this work indicate that combining two or more techniques can bring better results in terms of IPR and FAR. In statistical approach FAR and IPR Decrease 41% and 22% respectively in neural network approach 21% and 6% respectively.

The authentication mechanism proposed here can operate in two modes: new user registration and user authentication. In the first case, the mechanism will record the user username, password and typing profile. The typing profile is then analyzed and stored so that it can be used during the authentication phase. In this mode, the user will be asked to type his user name and password about 10 times.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

1.2. Objective:
The main purpose of the system is to develop a secure, cheap and effective security system for securing the computer applications and data based on typing biometrics called typing patterns.

1.3. Existing System:


The traditional way to authenticate the user to access the computer systems is password based authentication. Many cases noted based on the stealing passwords and information theft leads to huge losses. In this way the user will have two things with him the username every one knows it and the password which the user only knows. The user will logs into the system by using the user name and the secret password.

1.4. Proposed System:


The proposed system will be efficient, low cost, scalable security system based on typing bio metrics. It uses the Artificially Intelligent neural networks to identify the persons. After the decision making is completed it will authorize the user.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

2. SYSTEM ANALYSIS
2.1. Overview:
The first step in developing anything is to state the requirements. This applies just as much to leading edge research as to simple programs and to personal programs, as well as to large team efforts. Being vague about your objective only postpones decisions to a later stage where changes are much more costly. The problem statement should state what is to be done and not how it is to be done. It should be a statement of needs, not a proposal for a solution. A user manual for the desired system is a good problem statement. The requestor should indicate which features are mandatory and which are optional, to avoid overly constraining design decisions. The requestor should avoid describing system internals, as this restricts implementation flexibility. Performance specifications and protocols for interaction with external systems are legitimate requirements. Software engineering standards, such as modular construction, design for testability, and provision for future extensions, are also proper. Many problems statements, from individuals, companies, and government agencies, mixture requirements with design decisions. There may sometimes be a compelling reason to require a particular computer or language; there is rarely justification to specify the use of a particular algorithm. The analyst must separate the true requirements from design and implementation decisions disguised as

requirements. The analyst should challenge such pseudo requirements, as they restrict
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

flexibility. There may be politics or organizational reasons for the pseudo requirements, but at least the analyst should recognize that these externally imposed design decisions are not essential features of the problem domain. A problem statement may have more or less detail. A requirement for a conventional product, such as a payroll program or a billing system, may have considerable detail. A requirement for a research effort in a new area may lack many details, but presumably the research has some objective, which should be clearly stated. Most problem statements are ambiguous, incomplete, or even inconsistent. Some requirements are just plain wrong. Some requirements, although precisely stated, have unpleasant consequences on the system behavior or impose unreasonable implementation costs. Some requirements seem reasonable at first but do not work out as well as the request or thought. The problem statement is just a starting point for understanding the problem, not an immutable document. The purpose of the subsequent analysis is to fully understand the problem and its implications. There is no reasons to expect that a problem statement prepared without a fully analysis will be correct. The analyst must work with the requestor to refine the requirements so they represent the requestors true intent. This involves challenging the requirements and probing for missing information. The psychological, organizational, and political considerations of doing this are beyond the scope of this book, except for the following piece of advice: If you do exactly what the customer asked for, but the result does not meet the customers real needs, you will probably be blamed anyway.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

2.2. Modules:
1. Registration

2. Password Verification
3. Identification 4. Verification

5. Decision 1. Registration: The data collector will collect the data with User Name, password and 10 Reference Samples and stores it into the Database. The raw data will undergo cluster analysis and verification units training to create Clusters and Matrix. The cluster and matrix with the user name will store in the database.
2. Password Verification:

For security purposes the password that is taken from the user interface is stored in the database in the encrypted format. To check the password when the user was entered the password is again encrypted and checked with the encrypted data. Secret key is used to encrypt the password. Hence there is less porn for an intruder to find the password.

3. Identification:

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

In this sub system the user matrix was checked with the test sample that the user entered. If it was verified then the results were sent to the verification.

4. Verification:

This subsystem will verify all the entities with clusters and taking into the consideration presstime, interkeytime and total time the results were sent to the decision.
5. Decision:

The decision will take care about the tolerance and identification of fraud user from the legitimate user and then it will take care about the granting or denying access.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

3. FEASIBILITY REPORT
3.1. Introduction:
A feasibility study is a high-level capsule version of the entire System analysis and Design Process. The study begins by classifying the problem definition. Feasibility is to determine if its worth doing. Once an acceptance problem definition has been generated, the analyst develops a logical model of the system. A search for alternatives is analyzed carefully. There are 3 parts in feasibility study.

3.2. Technical Feasibility:


Evaluating the technical feasibility is the trickiest part of a feasibility study. This is because, at this point in time, not too many detailed design of the system, making it difficult to access issues like performance, costs on (on account of the kind of technology to be deployed) etc. A number of issues have to be considered while doing a technical analysis. Understand the different technologies involved in the proposed system before commencing the project we have to be very clear about what are the technologies that are to be required for the development of the new system. Find out whether the organization currently possesses the required technologies. Is the required technology available with the organization?.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

3.3. Operational Feasibility:


Proposed project is beneficial only if it can be turned into information systems that will meet the organizations operating requirements. Simply stated, this test of feasibility asks if the system will work when it is developed and installed. Are there major barriers to Implementation? Here are questions that will help test the operational feasibility of a project:

Have the user been involved in the planning and development of the project? Early involvement reduces the chances of resistance to the system and in general and increases the likelihood of successful project. Since the proposed system was to help reduce the hardships encountered. In the existing manual system, the new system was considered to be operational feasible.

3.4. Economic Feasibility:


Economic feasibility attempts 2 weigh the costs of developing and implementing a new system, against the benefits that would accrue from having the new system in place. This feasibility study gives the top management the economic justification for the new system.A simple economic analysis which gives the actual comparison of costs and benefits are much more meaningful in this case. In addition, this proves to be a useful point of reference to compare actual costs as the project progresses. There could be various types of intangible benefits on account of automation. These could include increased customer satisfaction, improvement in product quality better decision making timeliness of information, expediting
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

10

activities, improved accuracy of operations, better documentation and record keeping, faster retrieval of information, better employee morale.

4. REQUIREMENTS

4.1. SDLC Methodology:


This document play a vital role in the development of life cycle (SDLC) as it describes the complete requirement of the system. It means for use by developers and will be the basic during testing phase. Any changes made to the requirements in the future will have to go through formal change approval process. SPIRAL MODEL was defined by Barry Boehm in his 1988 article, A spiral Model of Software Development and Enhancement. This model was not the first model to discuss iterative development, but it was the first model to explain why the iteration models. As originally envisioned, the iterations were typically 6 months to 2 years long. Each phase starts with a design goal and ends with a client reviewing the progress thus far. Analysis and engineering efforts are applied at each phase of the project, with an eye toward the end goal of the project. The steps for Spiral Model can be generalized as follows: The new system requirements are defined in as much details as possible. This usually involves interviewing a number of users representing all the external or internal users and other aspects of the existing system. A preliminary design is created for the new system.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

11

A first prototype of the new system is constructed from the preliminary design. This is usually a scaled-down system, and represents an approximation of the characteristics of the final product. A second prototype is evolved by a fourfold procedure: 1. Evaluating the first prototype in terms of its strengths, weakness, and risks. 2. Defining the requirements of the second prototype. 3. Planning an designing the second prototype. 4. Constructing and testing the second prototype.

At the customer option, the entire project can be aborted if the risk is deemed too great. Risk factors might involved development cost overruns, operating-cost miscalculation, or any other factor that could, in the customers judgment, result in a less-than-satisfactory final product. The existing prototype is evaluated in the same manner as was the previous prototype, and if necessary, another prototype is developed from it according to the fourfold procedure outlined above. The preceding steps are iterated until the customer is satisfied that the refined prototype represents the final product desired. The final system is constructed, based on the refined prototype. The final system is thoroughly evaluated and tested. Routine maintenance is carried on a continuing basis to prevent large scale failures and to minimize down time.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

12

The following diagram shows how a spiral model acts like:

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

13

Fig 1.0-Spiral Model

4.2. ADVANTAGES:

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

14

Estimates(i.e. budget, schedule etc .) become more relistic as work progresses, because important issues discoved earlier. It is more able to cope with the changes that are software development generally entails. Software engineers can get their hands in and start woring on the core of a project earlier.

4.3. Functional Requirements:


The major functional requirements of the system are as follows. 1. To generate neurons for the training the system 2. To authenticate the user based on the typing pattern 3. To create the matrix structure for r10 4. To encrypt the password 5. To store the encrypted password in the database 6. To verify the user password. 7. To create the typing patterns in of new user 8. To learn the patters from the user input 9. To authenticate the user by the Decision Making logic from learned neurons.

4.4. Non- Functional Requirements:


The major non-functional Requirements of the system are as follows 1. Usability The system is designed with completely automated process hence there is no or less user intervention.

2. Reliability The system is more reliable because of the qualities that are inherited from the chosen platform java. The code built by using java is more reliable.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

15

3. Performance This system is developing in the high level languages and using the advanced front-end and back-end technologies it will give response to the end user on client system with in very less time. 4. Supportability The system is designed to be the cross platform supportable. The system is supported on a wide range of hardware and any software platform, which is having JVM, built into the system. 5. Implementation The system is implemented in web environment. The apache tomcat is used as the web server and windows xp professional is used as the platform.
6. Interface The user interface is based on HTML and XHTML.

4.5. Hardware Requirements:


Processor RAM Hard disk Monitor Mouse : : : : : Pentium IV 128 MB 20 GB Color monitor 3 buttons

4.6. Software Requirements:


AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

16

Operating System Language Database :

Windows XP/2000 Java (J2sdk1.6.0)

Oracle 10g

5. DESIGN ENGINEERING
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

17

5.1. General:
Design is a meaningful engineering representation of something that is to be built. Software design is a process through which the requirements are translated into a representation of the software. Design is the place where quality is fostered in software engineering. Design is the perfect way to accurately translate a customers requirement in to a finished software product. Design creates a representation or model, provides detail about software data structure, architecture, interfaces and components that are necessary to implement a system. This chapter discusses about the design part of the project. Here in this document the various UML diagrams that are used for the implementation of the project are discussed.

5.2. Activity Diagram:


The purpose of activity diagram is to provide a view of flows and what is going on inside a use case or among several classes. Activity diagram can also be used to represent a classs method implementation. A token represents an operation. An activity is shown as a round box containing the name of the operation. An outgoing solid arrow attached to the end of activity symbol indicates a transition triggered by the completion.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

18

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

19

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

20

Activity Diagram

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

21

5.3. Use Case Diagram:


A use case diagram is a graph of actors, a set of use cases enclosed by a system boundary, communication (participation) associations between the actors and users and generalization among use cases. The use case model defines the outside (actors) and inside (use case) of the systems behavior. Admin Use case:

Login

Register New User

Admin

View Typing pattern Samples

Logout

Usecase diagram

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

22

Register Use case:

S y ste m En te r U se rNa m e L o g in T o S y s t e m < < in c lu d e > > En te r P a s sw o rd < < e x t<e < d >c lu d e > > n in > Ch e ck P a ssw o rd

U ser

A u t h e n t ic a t i o n

< < in c lu d e > > < < in c lu d e >C>h e c k T y p in g P a t t e r n Se n d Ne w s

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

23

5.4.

Sequence Diagram:

Sequence diagram are an easy and intuitive way of describing the behavior Of a system by viewing the interaction between the system and its environment. A Sequence diagram shows an interaction arranged in a time sequence. A sequence diagram has two dimensions: vertical dimension represents time; the horizontal Dimension represents different objects. The vertical line is called is the objects life line. The lifeline represents the objects existence during the interaction.

U ser

U serBean

P assw o rd V erificatio n D A Odent I

U tility Glo b al V erifierD ecisio n DA O I d entificatio nD A O

1 : g etU serN am e() 3 : getP assw ord () 4 : g etT S () 5 : checkU ser() 2 : getC luster()

6 : rep lySend T o U ser() 8 : EncodeP assw o rd( ) 10 : setT S() 11 : accessG ran ted () 12 : replySend T o U ser()

7 : getM atrix()

9 : view M atrix()

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

24

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

25

5.5. Collaboration Diagram:


The collaboration diagram represents a collaboration, which is a set of objects Related in a particular context, and interaction, which is a set of messages exchanged among the objects within the collaboration to achieve a designed Outcome.

DecisionDA O 2 : getCluster() dent Passw ord V erification DAIO

I dentificationDA O 9 : view Matrix() 7 : getMatrix() 12 : replySendT oU ser() U tility Global Verifier

10 : setT S() 11 : accessGranted() 6 : replySendT oU ser() 8 : EncodePassw ord() 5 : checkU ser() 4 : getT U serBean S() 1 : getU serN am e() 3 : getPassw ord()

U ser

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

26

5.6. Class Diagram:


UML Class diagram shows the static structure of the model. The class diagram is a collection of static modeling elements, such as classes and their relationships, connected as a graph to each other and to their contents

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

27

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

28

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

29

6. TECHNOLOGY DESCRIPTION
6.1. General

A programming tool or software tool is a program or application that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs that can be combined together to accomplish a task. The Chapter describes about the software tool that is used in our project. 6.2. Java Technology Initially the language was called as oak but it was renamed as Java in 1995. The primary motivation of this language was the need for a platformindependent (i.e., architecture neutral) language that could be used to create software to be embedded in various consumer electronic devices. Java is a programmers language. Java is cohesive and consistent. Except for those constraints imposed by the Internet environment, Java gives the programmer, full control. Finally, Java is to Internet programming where C was to system programming.

Importance of Java to the Internet Java has had a profound effect on the Internet. This is because; Java expands the Universe of objects that can move about freely in Cyberspace. In a network, two categories of objects are transmitted between the Server and the Personal computer. They are: Passive information and Dynamic active programs. The Dynamic, Self-executing programs cause serious problems in the areas of Security and probability.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

30

Java can be used to create two types of programs Applications and Applets: An application is a program that runs on our Computer under the operating system of that computer. It is more or less like one creating using C or C++. Javas ability to create Applets makes it important. An Applet is an application designed to be transmitted over the Internet and executed by a Java compatible web browser. An applet is actually a tiny Java program, dynamically downloaded across the network, just like an image. But the difference is, it is an intelligent program, not just a media file. It can react to the user input and dynamically change. Features of Java Security Every time you that you download a normal program, you are risking a viral infection. Prior to Java, most users did not download executable programs frequently, and those who did scan them for viruses prior to execution. Most users still worried about the possibility of infecting their systems with a virus. In addition, another type of malicious program exists that must be guarded against. This type of program can gather private information, such as credit card numbers, bank account balances, and passwords. Java answers both these concerns by providing a firewall between a network application and your computer. When you use a Java-compatible Web browser, you can safely download Java applets without fear of virus infection or malicious intent. Portability For programs to be dynamically downloaded to all the various types of platforms connected to the Internet, some means of generating portable executable code is needed .As you will see, the same mechanism that helps ensure security also helps create portability. Indeed, Javas solution to these two problems is both elegant and efficient.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

31

The Byte code The key that allows the Java to solve the security and portability problems is that the output of Java compiler is Byte code. Byte code is a highly optimized set of instructions designed to be executed by the Java run-time system, which is called the Java Virtual Machine (JVM). That is, in its standard form, the JVM is an interpreter for byte code. Translating a Java program into byte code helps makes it much easier to run a program in a wide variety of environments. The reason is, once the runtime package exists for a given system, any Java program can run on it. Although Java was designed for interpretation, there is technically nothing about Java that prevents on-the-fly compilation of byte code into native code. Sun has just completed its Just In Time (JIT) compiler for byte code. When the JIT compiler is a part of JVM, it compiles byte code into executable code in real time, on a piece-by-piece, demand basis. It is not possible to compile an entire Java program into executable code all at once, because Java performs various run-time checks that can be done only at run time. The JIT compiles code, as it is needed, during execution. Java Virtual Machine (JVM) Beyond the language, there is the Java virtual machine. The Java virtual machine is an important element of the Java technology. The virtual machine can be embedded within a web browser or an operating system. Once a piece of Java code is loaded onto a machine, it is verified. As part of the loading process, a class loader is invoked and does byte code verification makes sure that the code thats has been generated by the compiler will not corrupt the machine that its loaded on. Byte code verification takes place at the end of the compilation process to make sure that is all accurate and correct. So byte code verification is integral to the compiling and executing of Java code.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

32

Overall Description

Java Source

Java byte code

JavaVM

Picture showing the development process of JAVA Program

.Class Java Java programming uses to produce byte codes and executes them. The first
box indicates that the Java source code is located in a. Java file that is processed with a Java compiler called javac. The Java compiler produces a file called a. class file, which contains the byte code. The .Class file is then loaded across the network or loaded locally on your machine into the execution environment is the Java virtual machine, which interprets and executes the byte code. Java Architecture Java architecture provides a portable, robust, high performing environment for development. Java provides portability by compiling the byte codes for the Java Virtual Machine, which is then interpreted on each platform by the run-time environment. Java is a dynamic system, able to load code when needed from a machine in the same room or across the planet. Compilation of code When you compile the code, the Java compiler creates machine code (called byte code) for a hypothetical machine called Java Virtual Machine (JVM). The JVM is supposed to execute the byte code. The JVM is created for overcoming the issue of portability. The code is written and compiled for one machine and interpreted on all machines. This machine is called Java Virtual Machine.

Compiling and interpreting Java Source Code


AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

33

Source Code
Java Java Interpreter Java Byte code Macintosh (PC) Interpreter Java (Spare) Interpreter (Macintosh) SPARC (Platform Independ ent)

.. ..

PC Compiler

..

Compiler

Compiler

During run-time the Java interpreter tricks the byte code file into thinking that it is running on a Java Virtual Machine. In reality this could be a Intel Pentium Windows 95 or SunSARC station running Solaris or Apple Macintosh running system and all could receive code from any computer through Internet and run the Applets. Simple Java was designed to be easy for the Professional programmer to learn and to use effectively. If you are an experienced C++ programmer, learning Java will be even easier. Because Java inherits the C/C++ syntax and many of the object oriented features of C++. Most of the confusing concepts from C++ are either left out of Java or implemented in a cleaner, more approachable manner. In Java there are a small number of clearly defined ways to accomplish a given task.

Object-Oriented

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

34

Java was not designed to be source-code compatible with any other language. This allowed the Java team the freedom to design with a blank slate. One outcome of this was a clean usable, pragmatic approach to objects. The object model in Java is simple and easy to extend, while simple types, such as integers, are kept as high-performance non-objects. Robust The multi-platform environment of the Web places extraordinary demands on a program, because the program must execute reliably in a variety of systems. The ability to create robust programs was given a high priority in the design of Java. Java is strictly typed language; it checks your code at compile time and run time. Java virtually eliminates the problems of memory management and deallocation, which is completely automatic. In a well-written Java program, all run time errors can and should be managed by your program.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

35

6.3. JAVA SWING

Swing is a widget toolkit for java. The main characteristics of the Swing toolkit are platform independent, customizable, extensible, configurable and lightweight.. It has a rich set of widgets. From basic widgets like Buttons, Labels, Scrollbars to advanced widgets like Trees and Tables. Swing is a part of JFC, Java Foundation Classes. It is a collection of packages for creating full featured desktop applications. JFC consists of AWT, Swing, Accessibility, Java 2D, and Drag and Drop. JComponent

All Swing components whose names begin with "J" descend from the jcomponent API class. For example, JPanel, JScrollPane, JButton, and JTable all inherit from JComponent. However, JFrame doesn't because it implements a top-level container. The JComponent class extends the Container api class, which itself extends Component api . The Component class includes everything from providing layout hints to supporting painting and events. The Container class has support for adding components to the container and laying them out.

JPanel

The JPanel class provides general-purpose containers for lightweight components. By default, panels do not add colors to anything except their own background; however, you can easily add borders to them and otherwise customize their painting.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

36

JFrame

JFrame is Swing's version of Frame and is descended directly from that class. It is used to create Windows in a Swing program. The components added to the frame are referred to as its contents; these are managed by the contentPane. To add a component to a JFrame, we must use its contentPane instead.

JButton

The JButton object generally consists of a text label and/or image icon that describes the purpose of the button , an empty area around the text/icon and border.

JLabel

JLabel, descended from JComponent, is used to create text labels. It can display text but images as well.

JTextArea

JTextArea component is used to accept several lines of text from user. JTextArea can be used in conjunction with class JScrollPane to achieve scrolling. The underlying JScrollPane can be forced to always or never have either the vertical or horizontal scrollbar.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

37

JList

JList provides a scrollable set of items from which one or more may be selected. JList can be populated from an Array or Vector. JsList does not support scrolling directly, instead, the list must be associated with a scrollpane. The view port used by the scroll pane can also have a userdefined border. JList actions are handled using ListSelectionListener. The Swing Message Box Windowing environments commonly contain a standard set of message boxes that allow you to quickly post information to the user or to capture information from the user. In Swing, these message boxes are contained in JOptionPane sophisticated), but the ones most commonly used are probably the message dialog and confirmation dialog, invoked using the static JOptionPane.showMessageDialog( ) and JOptionPane. showConfirmDialog( ). Package Javax.Imageio Description The main package of the Java Image I/O API. Many common image I/O operations may be performed using the static methods of the ImageIO class.This package contains the basic classes and interfaces for describing the contents of image files, including metadata and thumbnails (IIOImage); for controlling the image reading process (ImageReader, ImageReadParam, and ImageTypeSpecifier) and image writing process (ImageWriter and ImageWriteParam); for performing transcoding between formats (ImageTranscoder), and for reporting errors (IIOException).

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

38

JFileChooser File choosers provide a GUI for navigating the file system, and then either choosing a file or directory from a list, or entering the name of a file or directory. To display a file chooser, you usually use the JFileChooser API to show a modal dialog containing the file chooser.A JFileChooser is a dialog to select a file or files. The return value of the three methods is one of the following: JFileChooser.CANCEL_OPTION, if the user clicks Cancel. JFileChooser.APPROVE_OPTION, if the user click an OK/Open/Save button. JFileChooser.ERROR_OPTION, if the user closes the dialog A return value of JFileChooser.APPROVE_OPTION, indicates that you can call its getSelectedFile or getSelectedFiles methods:

public java.io.File getSelectedFile () public java.io.File[] getSelectedFile s ()

JFileChooser has supporting classes: FileFilter class, FileSystemView class, FileView. FileFilter class is for restricting files and directories to be listed in the FileView of the JFileChooser. The FileView controls how the directories and files are listed within the JFileChooser. The FileSystemView is an abstract class that tries to hide file system-related operating system specifics from the file chooser.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

39

JScrollPane JScrollPane is a jquery plugin which allows you to replace the browsers default vertical scrollbars on any block level element with an overflow:auto style. jScrollPane is crossbrowser, working on all browsers that support jquery and it also degrades gracefully. If a user's browser doesn't support jQuery or has JavaScript turned off then they will see the browsers default scrollbars. If the mouse wheel plugin is included in the page then the scroll panes will respond to mouse wheel events as well. jScrollPane is built on top of the awesome jQuery library and utilises the dimensions plugin and (optionally) the mouse wheel plugin. To place a component in one of the corners of the JScrollPane, call setCorner(String key, Component corner) key is 1. JScrollPane.LOWER_LEFT_CORNER, 2. JScrollPane.LOWER_RIGHT_CORNER, 3. JScrollPane.UPPER_LEFT_CORNER, or 4. JScrollPane.UPPER_RIGHT_CORNER Class BufferedImage java.lang.Object java.awt.Image java.awt.image.BufferedImage All Implemented Interfaces: RenderedImage, WritableRenderedImage

public class BufferedImage extends Image implements WritableRenderedImage

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

40

JCreator JCreator is a powerful IDE for java. JCreator is the best development tool for programming. It is faster, more efficient and more reliable than other IDEs. Therefore it is the perfect tool for programmers of every level, from learning programmer to Java-specialist. JCreator provides the user with a wide range of functionality such as Project management, project templates, code-completion, debugger interface, editor with syntax highlighting, wizards and a fully customizable user interface With JCreator you can directly compile or run your Java program without activating the main document first. JCreator will automatically find the file with the main method or the html file holding the java applet, then it will start the appropriate tool. JCreator is written entirely in C++, which makes it fast and efficient compared to the Java based editors/IDE's.

Java Database Connectivity What Is JDBC? JDBC is a Java API for executing SQL statements. (As a point of interest, JDBC is a trademarked name and is not an acronym; nevertheless, JDBC is often thought of as standing for Java Database Connectivity. It consists of a set of classes and interfaces written in the Java programming language. JDBC provides a standard API for tool/database developers and makes it possible to write database applications using a pure Java API. Using JDBC, it is easy to send SQL statements to virtually any relational database. One can write a single program using the JDBC API, and the program will be able to send SQL statements to the appropriate database.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

41

The combinations of Java and JDBC lets a programmer write it once and run it anywhere. What Does JDBC Do? Simply put, JDBC makes it possible to do three things:

Establish a connection with a database Send SQL statements Process the results.

JDBC versus ODBC and other APIs At this point, Microsoft's ODBC (Open Database Connectivity) API is that probably the most widely used programming interface for accessing relational databases. It offers the ability to connect to almost all databases on almost all platforms. So why not just use ODBC from Java? The answer is that you can use ODBC from Java, but this is best done with the help of JDBC in the form of the JDBCODBC Bridge, which we will cover shortly. The question now becomes "Why do you need JDBC?" There are several answers to this question: 1. ODBC is not appropriate for direct use from Java because it uses a C interface. Calls from Java to native C code have a number of drawbacks in the security, implementation, robustness, and automatic portability of applications. 2. A literal translation of the ODBC C API into a Java API would not be desirable. For example, Java has no pointers, and ODBC makes copious use of them, including the notoriously error-prone generic pointer "void *". You can think of JDBC as ODBC translated into an object-oriented interface that is natural for Java programmers. 3. ODBC is hard to learn. It mixes simple and advanced features together, and it has complex options even for simple queries. JDBC, on the other
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

42

hand, was designed to keep simple things simple while allowing more advanced capabilities where required. 4. A Java API like JDBC is needed in order to enable a "pure Java" solution. When ODBC is used, the ODBC driver manager and drivers must be manually installed on every client machine. When the JDBC driver is written completely in Java, however, JDBC code is automatically installable, portable, and secure on all Java platforms from network computers to mainframes. Two-tier and Three-tier Models The JDBC API supports both two-tier and three-tier models for database access. In the two-tier model, a Java applet or application talks directly to the database. This requires a JDBC driver that can communicate with the particular database management system being accessed. A user's SQL statements are delivered to the database, and the results of those statements are sent back to the user. The database may be located on another machine to which the user is connected via a network. This is referred to as a client/server configuration, with the user's machine as the client, and the machine housing the database as the server. The network can be an Intranet, which, for example, connects employees within a corporation, or it can be the Internet.

JAVA Application JDBC Client machine

DBMS-proprietary protocol

Database

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

DBMS

server

43

Java applet or Html browser

Client machine (GUI)

HTTP, RMI, or CORBA calls

Application Server (Java) JDBC

Server machine (business Logic) DBMS-proprietary protocol Database server

DBMS

In the three-tier model, commands are sent to a "middle tier" of services, which then send SQL statements to the database. The database processes the SQL statements and sends the results back to the middle tier, which then sends them to the user. MIS directors find the three-tier model very attractive because the middle tier makes it possible to maintain control over access and the kinds of updates that can be made to corporate data. Another advantage is that when there is a middle tier, the user can employ an easy-to-use higher-level API which is translated by the middle tier into the appropriate low-level calls. Finally, in many cases the three-tier architecture can provide performance advantages.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

44

Until now the middle tier has typically been written in languages such as C or C++, which offer fast performance. However, with the introduction of optimizing compilers that translate Java byte code into efficient machinespecific code, it is becoming practical to implement the middle tier in Java. This is a big plus, making it possible to take advantage of Java's robustness, multithreading, and security features. JDBC is important to allow database access from a Java middle tier.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

45

6.4. JDBC Driver Types The JDBC drivers that we are aware of at this time fit into one of four categories: JDBC-ODBC bridge plus ODBC driver Native-API partly-Java driver JDBC-Net pure Java driver Native-protocol pure Java driver

6.4.1. JDBC-ODBC Bridge If possible, use a Pure Java JDBC driver instead of the Bridge and an ODBC driver. This completely eliminates the client configuration required by ODBC. It also eliminates the potential that the Java VM could be corrupted by an error in the native code brought in by the Bridge (that is, the Bridge native library, the ODBC driver manager library, the ODBC driver library, and the database client library). What Is the JDBC- ODBC Bridge? The JDBC-ODBC Bridge is a JDBC driver, which implements JDBC operations by translating them into ODBC operations. To ODBC it appears as a normal application program. The Bridge implements JDBC for any database for which an ODBC implemented as the Sun.jdbc.odbc Java package and contains a native library used to access ODBC. The Bridge is a joint development of Innersole and Java Soft. driver is available. The Bridge is

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

46

6.4.2. JDBC connectivity The JDBC provides database-independent connectivity between the J2EE platform and a wide range of tabular data sources. JDBC technology allows an Application Component Provider to: Perform connection and authentication to a database server Manager transactions Move SQL statements to a database engine for preprocessing and execution Execute stored procedures Inspect and modify the results from Select statements Database: A database management system (DBMS) is computer software designed for the purpose of managing databases, a large set of structured data, and run operations on the data requested by numerous users. Typical examples of DBMSs include Oracle, DB2, Microsoft Access, Microsoft SQL Server, Firebird, PostgreSQL, MySQL, SQLite, FileMaker and Sybase Adaptive Server Enterprise. DBMSs are typically used by Database administrators in the creation of Database systems. Typical examples of DBMS use include accounting, human resources and customer support systems. Originally found only in large companies with the computer hardware needed to support large data sets, DBMSs have more recently emerged as a fairly standard part of any company back office. Description A DBMS is a complex set of software programs that controls the organization, storage, management, and retrieval of data in a database. A DBMS includes: A modeling language to define the schema of each database hosted in the DBMS, according to the DBMS data model.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

47

The four most common types of organizations are the hierarchical, network, relational and object models. Inverted lists and other methods are also used. A given database management system may provide one or more of the four models. The optimal structure depends on the natural organization of the application's data, and on the application's requirements (which include transaction rate (speed), reliability, maintainability, scalability, and cost).

The dominant model in use today is the ad hoc one embedded in SQL, despite the objections of purists who believe this model is a corruption of the relational model, since it violates several of its fundamental principles for the sake of practicality and performance. Many DBMSs also support the Open Database Connectivity API that supports a standard way for programmers to access the DBMS.

Data structures (fields, records, files and objects) optimized to deal with very large amounts of data stored on a permanent data storage device (which implies relatively slow access compared to volatile main memory).

A database query language and report writer to allow users to interactively interrogate the database, analyze its data and update it according to the users privileges on data. It also controls the security of the database. Data security prevents unauthorized users from viewing or updating the database. Using passwords, users are allowed access to the entire database or subsets of it called subschemas. For example, an employee database can contain all the data about an individual employee, but one group of users may be authorized to view only

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

48

payroll data, while others are allowed access to only work history and medical data.

If the DBMS provides a way to interactively enter and update the database, as well as interrogate it, this capability allows for managing personal databases. However, it may not leave an audit trail of actions or provide the kinds of controls necessary in a multiuser organization. These controls are only available when a set of application programs are customized for each data entry and updating function.

A transaction mechanism, that ideally would guarantee the ACID properties, in order to ensure data integrity, despite concurrent user accesses (concurrency control), and faults (fault tolerance). It also maintains the integrity of the data in the database. The DBMS can maintain the integrity of the database by not allowing more than one user to update the same record at the same time. The DBMS can help prevent duplicate records via unique index constraints; for example, no two customers with the same customer numbers (key fields) can be entered into the database. See ACID properties for more information (Redundancy avoidance).

The DBMS accepts requests for data from the application program and instructs the operating system to transfer the appropriate data. When a DBMS is used, information systems can be changed much more easily as the organization's information requirements change. New

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

49

categories of data can be added to the database without disruption to the existing system. Organizations may use one kind of DBMS for daily transaction processing and then move the detail onto another computer that uses another DBMS better suited for random inquiries and analysis. Overall systems design decisions are performed by data administrators and systems analysts. Detailed database design is performed by database administrators. Database servers are specially designed computers that hold the actual databases and run only the DBMS and related software. Database servers are usually multiprocessor computers, with RAID disk arrays used for stable storage. Connected to one or more servers via a high-speed channel, hardware database accelerators are also used in large volume transaction processing environments.

SQL Structured Query Language (SQL) is the language used to manipulate relational databases. SQL is tied very closely with the relational model. In the relational model, data is stored in structures called relations or tables. SQL statements are issued for the purpose of: Data definition: Defining tables and structures in the database (DDL used to create, alter and drop schema objects such as tables and indexes). Data manipulation: Used to manipulate the data within those schema objects (DML Inserting, Updating, Deleting the data, and Querying the Database). A schema is a collection of database objects that can include: tables, views, indexes and sequences
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

50

List of SQL statements that can be issued against an Oracle database schema are:

ALTER - Change an existing table, view or index definition (DDL) AUDIT - Track the changes made to a table (DDL) COMMENT - Add a comment to a table or column in a table COMMIT Make all recent changes permanent (DML -

(DDL)

transactional)

CREATE - Create new database objects such as tables or views DELETE - Delete rows from a database table (DML) DROP - Drop a database object such as a table, view or index GRANT - Allow another user to access database objects such as INSERT - Insert new data into a database table (DML) No AUDIT - Turn off the auditing function (DDL) REVOKE - Disallow a user access to database objects such as ROLLBACK - Undo any recent changes to the database (DML SELECT - Retrieve data from a database table (DML) TRUNCATE - Delete all rows from a database table (can not be UPDATE - Change the values of some data items in a database

(DDL)

(DDL)

tables or views (DDL)


tables and views (DDL)

Transactional)

rolled back) (DML)

table (DML)

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

51

a. Persistent Data Management

The persistent data in this project is handled by the Oracle 10g Release 2 DataBase System, The data is distributed over many sites because to handle the huge database it is very complicated to handle on a single system. It incurs more cost to purchase a storage system of that capacity. The persistent data designed on a single node would be as follows. Database normalization is a design technique by which relational database tables are structured in such a way as to make them invulnerable to certain types of logical inconsistencies and anomalies. Tables can be normalized to varying degrees: relational database theory defines "normal forms" of successively higher degrees of stringency, so, for example, a table in third normal form is less open to logical inconsistencies and anomalies than a table that is only in second normal form. Although the normal forms are often defined (informally) in terms of the characteristics of tables, rigorous definitions of the normal forms are concerned with the characteristics of mathematical constructs known as relations. Whenever information is represented relationallythat is, roughly speaking, as values within rows beneath fixed column headingsit makes sense to ask to what extent the representation is normalized.

Problems addressed by normalization

A table that is not sufficiently normalized can suffer from logical inconsistencies of various types, and from anomalies involving data operations. In such a table:

The same fact can be expressed on multiple records; therefore updates to the table may result in logical inconsistencies. For example, each record in an unnormalized "DVD
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

52

Rentals" table might contain a DVD ID, Member ID, and Member Address; thus a change of address for a particular member will potentially need to be applied to multiple records. If the update is not carried through successfullyif, that is, the member's address is updated on some records but not othersthen the table is left in an inconsistent state. Specifically, the table provides conflicting answers to the question of what this particular member's address is. This phenomenon is known as an update anomaly.

There are circumstances in which certain facts cannot be recorded at all. In the above example, if it is the case that Member Address is held only in the "DVD Rentals" table, then we cannot record the address of a member who has not yet rented any DVDs. This phenomenon is known as an insertion anomaly.

There are circumstances in which the deletion of data representing certain facts necessitates the deletion of data representing completely different facts. For example, suppose a table has the attributes Student ID, Course ID, and Lecturer ID (a given student is enrolled in a given course, which is taught by a given lecturer). If the number of students enrolled in the course temporarily drops to zero, the last of the records referencing that course must be deletedmeaning, as a side-effect, that the table no longer tells us which lecturer has been assigned to teach the course. This phenomenon is known as a deletion anomaly.

Ideally, a relational database should be designed in such a way as to exclude the possibility of update, insertion, and deletion anomalies. The normal forms of relational database theory provide guidelines for deciding whether a particular design will be vulnerable to such anomalies. It is possible to correct an unnormalized design so as to make it adhere to the demands of the normal forms: this is normalization. Normalization typically involves decomposing an unnormalized table into two or more tables which, were they to be combined (joined), would convey exactly the same information as the original table.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

53

Background to normalization: definitions

Functional dependency:Attribute B has a functional dependency on attribute A if, for each value of attribute A, there is exactly one value of attribute B. For example, Member Address has a functional dependency on Member ID, because a particular Member Address value corresponds to every Member ID value. An attribute may be functionally dependent either on a single attribute or on a combination of attributes. It is not possible to determine the extent to which a design is normalized without understanding what functional dependencies apply to the attributes within its tables; understanding this, in turn, requires knowledge of the problem domain.

Trivial functional dependency: A trivial functional dependency is a functional dependency of an attribute on a superset of itself. {Member ID, Member Address} {Member Address} is trivial, as is {Member Address} {Member Address}.

Full functional dependency: An attribute is fully functionally dependent on a set of attributes X if it is a) functionally dependent on X, and b) not functionally dependent on any proper subset of X. {Member Address} has a functional dependency on {DVD ID, Member ID}, but not a full functional dependency, for it is also dependent on {Member ID}.

Multivalued dependency: A multivalued dependency is a constraint according to which the presence of certain rows in a table implies the presence of certain other rows: see the Multivalued Dependency article for a rigorous definition.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

54

Superkey: A superkey is an attribute or set of attributes that uniquely identifies rows within a table; in other words, two distinct rows are always guaranteed to have distinct superkeys. {DVD ID, Member ID, Member Address} would be a superkey for the "DVD Rentals" table; {DVD ID, Member ID} would also be a superkey.

Candidate key: A candidate key is a minimal superkey, that is, a superkey for which we can say that no proper subset of it is also a superkey. {DVD ID, Member ID} would be a candidate key for the "DVD Rentals" table.

Non-prime attribute: A non-prime attribute is an attribute that does not occur in any candidate key. Member Address would be a non-prime attribute in the "DVD Rentals" table.

Primary key: Most DBMSs require a table to be defined as having a single unique key, rather than a number of possible unique keys. A primary key is a candidate key which the database designer has designated for this purpose.

History Edgar F. Codd first proposed the process of normalization and what came to be known as the 1st normal form:

There is, in fact, a very simple elimination procedure which we shall call normalization.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

55

Through decomposition non-simple domains are replaced by "domains whose elements are atomic (non-decomposable) values." Edgar F. Codd, A Relational Model of Data for Large Shared Data Banks In his paper, Edgar F. Codd used the term "non-simple" domains to describe a heterogeneous data structure, but later researchers would refer to such a structure as an abstract data type. Normal forms The normal forms (abbrev. NF) of relational database theory provide criteria for determining a table's degree of vulnerability to logical inconsistencies and anomalies. The higher the normal form applicable to a table, the less vulnerable it is to such inconsistencies and anomalies. Each table has a "highest normal form" (HNF): by definition, a table always meets the requirements of its HNF and of all normal forms lower than its HNF; also by definition, a table fails to meet the requirements of any normal form higher than its HNF. The normal forms are applicable to individual tables; to say that an entire database is in normal form n is to say that all of its tables are in normal form n. Newcomers to database design sometimes suppose that normalization proceeds in an iterative fashion, i.e. a 1NF design is first normalized to 2NF, then to 3NF, and so on. This is not an accurate description of how normalization typically works. A sensibly designed table is likely to be in 3NF on the first attempt; furthermore, if it is 3NF, it is overwhelmingly likely to have an HNF of 5NF. Achieving the "higher" normal forms (above 3NF) does not usually require an extra expenditure of effort on the part of the designer, because 3NF tables usually need no modification to meet the requirements of these higher normal forms. First normal form

The criteria for first normal form (1NF) are:

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

56

A table must be guaranteed not to have any duplicate records; therefore it There must be no repeating groups, i.e. no attributes which occur a

must have at least one candidate key.

different number of times on different records. For example, suppose that an employee can have multiple skills: a possible representation of employees' skills is {Employee ID, Skill1, Skill2, Skill3 ...}, where {Employee ID} is the unique identifier for a record. This representation would not be in 1NF.

Note that all relations are in 1NF. The question of whether a given

representation is in 1NF is equivalent to the question of whether it is a relation. Second normal form The criteria for second normal form (2NF) are:

The table must be in 1NF. None of the non-prime attributes of the table are functionally dependent

on a part (proper subset) of a candidate key; in other words, all functional dependencies of non-prime attributes on candidate keys are full functional dependencies. For example, consider a "Department Members" table whose attributes are Department ID, Employee ID, and Employee Date of Birth; and suppose that an employee works in one or more departments. The combination of Department ID and Employee ID uniquely identifies records within the table. Given that Employee Date of Birth depends on only one of those attributes namely, Employee ID the table is not in 2NF.

Note that if none of a 1NF table's candidate keys are composite i.e.

every candidate key consists of just one attribute then we can say immediately that the table is in 2NF. Third normal form The criteria for third normal form (3NF) are:

The table must be in 2NF.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

57

There are no non-trivial functional dependencies between non-prime

attributes. A violation of 3NF would mean that at least one non-prime attribute is only indirectly dependent (transitively dependent) on a candidate key, by virtue of being functionally dependent on another non-prime attribute. For example, consider a "Departments" table whose attributes are Department ID, Department Name, Manager ID, and Manager Hire Date; and suppose that each manager can manage one or more departments. {Department ID} is a candidate key. Although Manager Hire Date is functionally dependent on {Department ID}, it is also functionally dependent on the non-prime attribute Manager ID. This means the table is not in 3NF. Boyce-Codd normal form The criteria for Boyce-Codd normal form (BCNF) are:

The table must be in 3NF. Every non-trivial functional dependency must be a dependency on a

superkey. Fourth normal form The criteria for fourth normal form (4NF) are:

The table must be in BCNF. There must be no non-trivial multivalued dependencies on something

other than a superkey. A BCNF table is said to be in 4NF if and only if all of its multivalued dependencies are functional dependencies. Fifth normal form The criteria for fifth normal form (5NF and also PJ/NF) are:

The table must be in 4NF. There must be no non-trivial join dependencies that do not follow from the

key constraints. A 4NF table is said to be in the 5NF if and only if every join dependency in it is implied by the candidate keys.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

58

Domain/key normal form Domain/key normal form (or DKNF) requires that a table not be subject to any constraints other than domain constraints and key constraints. Sixth normal form This normal form was, as of 2005, only recently proposed: the sixth normal form (6NF) was only defined when extending the relational model to take into account the temporal dimension. Unfortunately, most current SQL technologies as of 2005 do not take into account this work, and most temporal extensions to SQL are not relational. See work by Date, Darwen and Lorentzos for a relational temporal extension, or see TSQL2 for a different approach.

In our project the normalization satisfies up to Third Normal Form. The Tables used in our project are as follows.

Table Name: Column Name Un Pw Role

Users Type Varchar2 Varchar2 Varchar2 Size 30 30 50 Description Not Null Not Null The role of the user admin or customer

Table Name:

Rs

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

59

Column Name Un

Type Varchar 2

Size 30

Description Userid foreign key of for the users table

Pt

Varchar 2

500

Ikt Tt

Number Number

500 6

7. SCREENSHOTS

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

60

Login form

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

61

Secure login

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

62

Admin panel

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

63

Registration form

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

64

Registration Login

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

65

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

66

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

67

Logout form

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

68

Secure login

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

69

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

70

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

71

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

72

Success form

8. SOFTWARE TESTING
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

73

8.1. General Software Testing is the process used to help identify the correctness, completeness, security and quality of developed computer software. Testing is a process of technical investigation, performed on behalf of stakeholders, that is intended to reveal quality-related information about the product with respect to the context in which it is intended to operate. In general, software engineers distinguish software faults from software failures. Our project" Visual cryptography For Cheating Prevention is tested with the following testing methodologies. Developing Methodologies The test process begins by developing a comprehensive plan to test the general functionality and special features on a variety of platform combinations. Strict quality control procedures are used. The process verifies that the application meets the requirements specified in the system requirements document and is bug free. The following are the considerations used to develop the framework for developing the test methodologies. Acquire and study the test strategy A team very familiar with the business risks associated with the software normally develops test strategy, the test team develops tactics. Thus the test team needs to acquire and study the test strategy. The test tactics are analyzed and studied for finding our various test factors, risks and effects. The risk involved in our project is implementing the encoding of the image. So, the proper knowledge about the testing strategies should be gained in order to avoid such high level risks.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

74

Determine the type of development project The type of the development refers to the platform or methodology for developing the project. As it is been a simulation project we go for the prototyping. The prototypes are simply predefined structure or model, which can be used for further modeling. By using the prototypes we can modify the existing module of the application for some other specific operations. Here the test tactics is to verify that all the tools are used properly and to test functionality. Determine the type of software system The type of software system relates to the type of processing which will be encountered by the system. In this project, the software system we prefer to use is Java . We have chosen Java for its portability and its support to graphics & multimedia specifically for image processing. Determine the scope of the software system The scope of the project refers to the overall activities or operation to be included into the system being tested. The scope of the new system varies from that of the existing one. In the existing system, a large overhead occurs in contrast and pixel expansion. Also, the verification process is not efficient in the existing system. In this project, the pixel expansion is optimal because only two sub pixels are added each and every pixel. Also, each and every participants are verified or authentication. Identify the tactical risks The tactical risk is the subsets at a lower level of the strategic risks. The risks related to the application and its methodologies are identified. The risk involved in our project is implementing the encoding of the image.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

75

Determine when the testing should occur In the above processes we have identified the type of processing, scope and risks associated with our project. The testing can occur throughout all the phases of the project. During the analysis phase, the testing strategy and requirements are determined. In design phase, the complexities in design with respect to the requirements are determined and structural and functional test conditions are also tested. During implementation, the design consistency is determined. In test phase, the overall testing of the application is being done and previously the adequacy of the testing plan is also determined. In maintenance phase, the testing for modifying and reusing the system is done. Build the system test plan The test plan of the project should provide all the information on the application that is being tested. The test plan is simply a model that has to be followed during the progression of the testing. The test plan consists of the sequential set of procedures to test the application. Initially, the selection process of both secret and verification images are tested. Then the test is carried out for encoding of image, verification process and finally decoding process. Build the unit test plan In this case we are dividing the system into three different components or units each having specific functions. The three different components of the system are browser window designing, browser events handling and adding speech to the browser. The main purpose of the unit test plan is to eliminate the errors and bugs during the initial stage of the implementation. As the errors get debugged in the initial stage, the less complex the overall testing after integrating all the units of the system. The unit testing plan can be either simple or complex based on the functionality of that unit.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

76

8.2. TESTING TECHNIQUE - TOOL SELECTION PROCESS In this process the appropriate testing process is selected from various testing methodologies such as prototyping model, waterfall model etc and the selection is done by the means of analyzing the nature of the project. We go for Waterfall model. Determine SDLC phase This phase involves the structural testing of the project which will be used for easy implementations of the functions. Though structural testing is so much associated with the coding phase, the structural testing should be carried out at all the phases of the lifecycle. These evaluates that all the structures are tested and sound. Identify the criteria to test In this phase the testing unit is trained with the necessary constraints and limit with which the project is to be tested. In our project the testing unit is trained to test whether the image to be encoded is in the PGM format. Select type of test Individual responsible for testing may prefer to select their own technique and tool based on the test situation. For selecting the appropriate testing process the project should be analyzed with the following three testing concepts:

1. Structural versus functional testing 2. Dynamic versus static testing 3. Manual versus automatic testing After analyzing through the above testing concepts we divided to test our project in Waterfall model testing methodology.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

77

Figure 8.1 Testing technique and tool selection process


AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

78

8.2.1 Structural Testing Structural analysis based test sets are tend to uncover errors that occur during coding of the program. The properties of the test set are to reflect the internal structure of the program. Structural testing is designed to verify that the developed system and programs work as specified in the requirement. The objective is to ensure that the product is designed structurally sound and will function correctly. 8.2.2. Functional Testing Functional testing ensures that the requirements are properly satisfied by the application system. The functions are those tasks that the system is designed to accomplish. This is not concerned with how processing occurs but rather with the results of the processing. The functional analysis based test sets tend to uncover errors that occurred in implementing requirements or design specifications. Select technique After selecting the appropriate testing methodology we have to select the necessary testing technique such as stress testing, execution testing, recovery testing, operation testing, compliance testing and security testing. We are performing operation testing by testing whether all the components perform its intended operations. Select test method We have to select the testing method which is to be carried out throughout the lifecycle. The two different methods are static and dynamic. Dynamic testing needs the program to be executed completely before testing. This is a traditional concept where the faults detected at the end will be very hard to rectify. In static process the program is tested for each and every line and the testing process is allowed to pass through only after rectifying the occurred fault.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

79

8.3. Mode of testing It is necessary to select the test mode in which the testing method to be carried out. The two different modes are manual and automated tool. The real time projects needs frequent interactions. So, it is impossible to carry out the testing process by means of automated tool. Our project uses manual testing. 8.3.1. Unit test technique This phase examines the techniques, assessment and management of unit testing and analysis. Testing and analysis strategies are categorized according to whether they goal is functional or structural or combination of these. It will assist a software engineer to define, conduct and evaluate unit tests and to assess new unit test techniques. 8.3.2. System Testing Once the entire system has been built then it has to be tested against the "System Specification" to check if it delivers the features required. It is still developer focused, although specialist developers known as systems testers are normally employed to do it. In essence System Testing is not about checking the individual parts of the design, but about checking the system as a whole. In effect it is one giant component. System testing can involve a number of specialist types of test to see if all the functional and non-functional requirements have been met. 8.3.3. Acceptance Testing Acceptance Testing checks the system against the "Requirements". It i s similar to systems testing in that the whole system is checked but the impo rtant difference is the change in focus. Systems Testing checks that the syst em that was specified has been delivered. Acceptance Testing checks that th e system delivers what was requested. The customer, and not the developer should always do acceptance testing.
AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

80

8.3.4. Regression Testing This involves assurance that all aspects of an application system remain functional after testing. The introduction of change is the cause of problems in previously tested segments. It is retesting unchanged segments of the application system. It normally involves rerunning tests that have been previously executed to ensure that the same results can be achieved currently as achieved when the segments were last tested.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

81

9. CONCLUSION

Future works consists of implementing the full architecture of the mechanism with multiple verification units working together to get better pattern recognition indices.New studies on the subject will be accomplished concerning more the psychological aspect of each user in many different state of consciousness along the his/her working day. The influence of many different types of keyboard will be studied as well.

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

82

10. REFERENCES
1.Monrose, F. and Rubin, D.A. (2000) Keystroke dynamics for biometrical identification, Future Generation Computer Systems, v.16, p.351-359 2Stallings, W. (1998) Cryptography and network security: principles and practice.2.ed. Upper Saddle River, New Jersey: Prentice Hall, 1998. 569p. 3Monrose, F. and Rubin, A. (1997) Authentication via Keystroke, Proceedings of the 4th ACM conference on Computer and communications security, p.48 56 4Lin, D. (1997) Computer Access Authentication with Neural Network Based Keystroke Identity Verification International Conference on Neural Networks, v. 1 ,9-12 June, p.174 -178 5Napier, R. and Laverty, W. and Mahar D. and Henderson, R. and Hiron, M. and Wagner, M. (1995) Keyboard user verification: toward an accurate, efficient, and ecologically valid algorithm, Int. Journal Human-Computer Studies, v.43, p.213-222 6. Pankanti, S. and Bolle, R.M. and Jain A. (2000) Biometrics: The future of identification IEEE Computer, Feb., p.46-49 7.Miller, B. (1994) Vital signs of identity, IEEE Spectrum, Feb., p.22-30 8 .Liu, S. and Silverman, M. (2001) Practical Guide to biometrical security IT PRO,Jan./Feb., p.27-32

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

83

AUTHENTICATION OF PEOPLE BY THEIRTYPING PATTERNS

84

You might also like