vin u full report

1INTEGRATION OF SOUND SIGNATURE AND GRAPHICLEPASSWORD AUTHENTICATION SYSTEM

IN ARMY

INTRODUCTION

Department of MCA P.E.S.C.E Mandya 2012


IN ARMY

CHAPTER 1

1. INTRODUCTION

Passwords are used for (a) Authentication (Establishes that the user is who theysay they are). (b)

Authorization (The process used to decide if theauthenticated person is allowed to access

specificinformation or functions) and(c) Access Control (Restriction of access-includes

authentication & authorization). Mostly user select password that is predictable. This happens

with both graphical and text based passwords. Users tend to choose memorable password,

unfortunately it means that the passwords tend to follow predictable patterns that are easier for

attackers to guess. While the predictability problem can be solved by disallowing user choice and

assigning passwords to users, this usually leads to usability issues since users cannot easily

remember such random passwords. Number of graphical password systems have been

developed, Study shows that text-based passwords suffers with both security and usability

problems. According to a recent news article, a security team at a company ran a network

password cracker and within 30 seconds and they identified about 80% of the passwords . It is

well know that the human brain is better at recognizing and recalling images than text, graphical

passwords exploit this human characteristic.

Here a graphical password system with a supportive sound signature to increase the

remembrance of the password is discussed. In proposed work a click-based graphical password

scheme called Cued Click Points (CCP) is presented. In this system a password consists of

sequence of some images in which user can select one click-point per image. In addition user is

asked to select a sound signature corresponding to each click point this sound signature will be

used to help the user in recalling the click point on an image. System showed very good

Performance in terms of speed, accuracy, and ease of use. Users preferred CCP to Pass Points,

saying that selecting and remembering only one point per image was easier and sound signature

helps considerably in recalling the click points.



IN ARMY

The module contain

1. User profile Vector(master)

2. Create Detailed Vector

3. Compare User Profile/login Vector

PREVIOUS WORK

Considerable work has been done in this area,The best known of these systems are Passfaces .

Brostoff and Sasse carried out an empirical study of Passfaces, which illustrates well how a

graphical password recognition system typically operates. Blonder-style passwords are based on

cued recall. A user clicks on several previously chosen locations in a single image to log in. As

implemented by Passlogix Corporation (Boroditsky), the user chooses several predefined regions

in an image as his or her password. To log in the user has to click on the same regions. The

problem with this scheme is that the number of predefined regions is small, perhaps a few dozens

in a picture. The password may have to be up to 12 clicks for adequate security, again tedious for

the user. Another problem of this system is the need for the predefined regions to be readily

identifiable. In effect, this requires artificial, cartoon-like images rather than complex, real-world

scenes. Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users click one

point on each of 5 images rather than on five points on one image. It offers cued-recall and

introduces visual cues that instantly alert valid users if they have made a mistake when entering

their latest click-point (at which point they can cancel their attempt and retry from the

beginning). It also makes attacks based on hotspot analysis more challenging. As shown in

Figure 1, each click results in showing a next-image, in effect leading users down a “path” as

they click on their sequence of points. A wrong click leads down an incorrect path, with an

explicit indication of authentication failure only after the final click. Users can choose their

images only to the extent that their click-point dictates the next image. If they dislike the

resulting images, they could create a new password involving different click-points to get

different images.:



IN ARMY

PROPOSED WORK

In the proposed work we have integrated sound signature to help in recalling the password. No

system has been devolved so far which uses sound signature in graphical password

authentication. Study says that sound signature or tone can be used to recall facts like images,

text etc. In daily life we see various examples of recalling an object by the sound related to that

object .

3.1. Profile Vectors-

The proposed system creates user profile as follows-

Master vector -(User ID, Sound Signature frequency, Tolerance)

Detailed Vector - (Image, Click Points)

As an example of vectors -Master vector (Smith , 2689, 50)

Detailed Vector( ) Image Click points

1 (123,678)

2 (176,134)

3 (450,297)

4 (761,164)



IN ARMY

LITERATURE SURVEY



IN ARMY

CHAPTER : 2

LITERATURE SURVEY

2.1 Project Survey

We have proposed a approach which uses sound signature to recall graphical password click

points. No previously developed system used this approach this system is helpful when user is

logging after a long time. In future systems other patterns may be used for recalling purpose like

touch of smells, study shows that these patterns are very useful in recalling the associated objects

like images or text. The module contain User profile Vector(master), Create Detailed Vector,

Compare User Profile/login Vector ,The module has a security features with Password facility to

ensure validity of user, Intelligent validation for each entry, User defined data access, and Data

security. Users click on one point per image for a sequence of images. The next image is based

on the previous click-point. We present the results of an initial user study which revealed

positive results. Performance was very good in terms of speed, accuracy, and number of errors.

Users preferred CCP to Pass Points saying that selecting and remembering only one point per

image was easier, and that seeing each image triggered their memory of where the corresponding

point was located. We also suggest that CCP provides greater security than Pass Points because

the number of images increases the workload for attackers or a sequence of images. The next

image displayed is based on the previous click-point so users receive immediate implicit

feedback as to whether they are on the correct path when logging in. CCP offers both improved

usability and security.

2.2 OVERVIEW OF .NET TECHNOLOGY

The .Net framework is a new computing platform that simplifies application development in the



IN ARMY

highly distributed environment of the Internet. The .NET framework is designed to fulfill the

following objectives:

Provide a consistent object-oriented programming environment whether object code is

stored and executed locally, but internet distributed, or executed remotely.

To provide a code-execution environment that minimizes software deployment and

versioning conflicts.

To provide a code-execution environment that guarantees safe execution of code,

including code created by an unknown or semi-trusted third party.

To provide a code-execution environment that eliminates the performance

problems of scripted or interpreted environments.

To make the developer experience consistent across widely varying types of applications, such as

windows-based applications and web-based applications.

The .NET framework has two main components: the common language runtime and the .NET

framework class library. The common language runtime is the foundation of the .NET

framework. You can think of the runtime as an agent that manages code at execution time,

providing core services such as memory management, thread management, and remoting, while

also enforcing strict type safety and other forms of code accuracy that ensure security and

robustness.Code that targets the runtime is known as managed code, while code that does not

target the runtime is known as unmanaged code.

The class library, the other main component of the .NET framework, is a comprehensive, object-

oriented collection of reusable types that you can use to develop applications ranging from

traditional command-line or graphical user interface applications to applications based on the

latest innovations provided by ASP.NET, such as web forms and XML web services.



IN ARMY

Fig:2.1 .Net Framework

Fig2.1: .Net Framework

Deliver solutions anywhere, anytime, and on any device Migrate legacy solutions develop using

the tools and languages of choice better develop, deliver, and maintain solution produce Secured,

stable, and manageable solutions

2.3 COMMON LANGUAGE RUNTIME (CLR)


Windows Application Web Applications Console Application

BASE CLASS LIBRARY

CLRCTS

CLS

Common Language Runtime

Base Class Library Support

Thread Support Com Marshaler

Type Checker Exception Manager

Security Engine Debug Engine

IL to Native

Compilers

Code

Manager

Garbage

CollectorClass Loader


IN ARMY

The heart of .net Framework is Common Language Runtime (CLR). All .NET compliant

languages run in a common, managed runtime execution environment. With the CLR, you can

rely on code that is accessed from different languages. There is a huge benefit. One coder can

write one module in C# and another can access and use it from VB.NET. Automatically object

management, the .NET languages take care of memory issues automatically. These are few listed

benefits which you get from CLR.

2.4 ASP.NET

ASP.NET is more than the next version of Active Server Pages (ASP); it provides a unified Web

development model that includes the services necessary for developers to build enterprise-class

Web applications. While ASP.NET is largely syntax compatible with ASP, it also provides a

new programming model and infrastructure for more scalable and stable applications that help

provide greater protection.

ASP.NET is a compiled, .NET-based environment; we can author applications in any .NET

compatible language, including Visual Basic .NET, C#, and Jscript .NET. Additionally, the

entire

.NET Framework is available to any ASP.NET application. Developers can easily access the

benefits of these technologies, which include the managed common language runtime

environment, type safety, inheritance, and so on.

Developers can use Web Forms or XML Web services when creating an ASP.NET application,

or combine these in any way they see fit.


Fig:2.2 Common Language Runtime(CLR)


IN ARMY

Each is supported by the same infrastructure that allows you to use authentication schemes;

caches frequently used data, or customize your application’s configuration, to name only a few

possibilities.

Web Forms allow you to build powerful forms-based Web pages. When building these pages,

you can use ASP.NET server controls to create common UI elements, and program them for

common tasks.

An XML Web service provides the means to access server functionality remotely. Using XML

Web services, businesses can expose programmatic interfaces to their data or business logic,

which in turn can be obtained and manipulated by client and server applications.

XML Web services enable the exchange of data in client-server or server-server scenarios, using

standards like HTTP and XML messaging to move data across firewalls. XML Web services are

not tied to a particular component model, and running on any operating system can access XML

Web services.

2.5 ADO.NET

ADO.NET Object model

ADO.NET provides consistent access to data sources such as Microsoft SQL Server, as well as

data sources exposed through OLE DB and XML. Data-sharing consumer applications can use

ADO.NET to connect to these data sources and retrieve, manipulate, and update data.

ADO.NET cleanly factors data access from data manipulation into discrete components that can

be used separately or in tandem.

ADO.NET includes .NET Framework data providers for connecting to a database, executing

commands, and retrieving results.

Those results are either processed directly, or placed in an ADO.NET DataSet object in order to

be exposed to the user in an ad-hoc manner, combined with data from multiple sources, or

remoted between tiers.



IN ARMY

The ADO.NET DataSet object can also be used independently of a .NET Framework data

provider to manage data local to the application or sourced from XML.

The ADO.NET classes are found in System.Data.dll, and are integrated with the XML classes

found in System.Xml.dll.

When compiling code that uses the System.Data namespace, reference both System.Data.dll and

System.Xml.dll. For an example of compiling an ADO.NET application using a command line

compiler.

ADO.NET provides functionality to developers writing managed code similar to the

functionality provided to native COM developers by ADO. For a discussion of the differences

between ADO and ADO.NET, see “ADO.NET for the ADO Programmer.

ADO.NET Object Model

Fig:2.3 ADO .Net Object Model

CONNECTING TO A DATA SOURCE

In ADO.NET you use a Connection object to connect to a specific data source by supplying

necessary authentication information in a connection string. The connection object you use



IN ARMY

depends on the type of data source.

DbConnection object: the .NET Framework Data Provider for OLE DB includes an

OleDbConnection object, the .NET Framework Data Provider for SQL Server includes a

SqlConnection object, the .NET Framework Data Provider for ODBC includes an

OdbcConnection object, and the .NET Framework Data Provider for Oracle includes an

OracleConnection object.

COMMANDS AND PARAMETERS

After establishing a connection to a data source, you can execute commands and return results

from the data source using a DbCommand object. You can create a command using one of the

command constructors for the .NET Framework data provider you are working with.

Constructors

can take optional arguments, such as an SQL statement to execute at the data source, a

DbConnection object, or a DbTransaction object. You can also configure those objects as

properties of the command. You can also create a command for a particular connection using the

CreateCommand method of a DbConnection object. The SQL statement being executed by the

command can be configured using the CommandText property.

DataAdapters and DataReaders

You can use the ADO.NET DataReader to retrieve a read-only, forward-only stream of data from

a database. Results are returned as the query executes, and are stored in the network buffer on the

client until you request them using the Read method of the DataReader. Using the DataReader

can increase application performance both by retrieving data as soon as it is available, and (by

default) storing only one row at a time in memory, reducing system overhead.

A DataAdapter is used to retrieve data from a data source and populate tables within a DataSet.

The DataAdapter also resolves changes made to the DataSet back to the data source. The

DataAdapter uses the Connection object of the .NET Framework data provider to connect to a


http://msdn.microsoft.com/en-us/library/system.data.common.dbconnection.aspx

http://msdn.microsoft.com/en-us/library/system.data.dataset.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbcommand.commandtext.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbconnection.createcommand.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbtransaction.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbconnection.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbcommand.aspx

http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oracleconnection.aspx

http://msdn.microsoft.com/en-us/library/system.data.odbc.odbcconnection.aspx

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.aspx

http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection.aspx


IN ARMY

data source, and it uses Command objects to retrieve data from and resolve changes to the data

source.

Each .NET Framework data provider included with the .NET Framework has a DbDataReader

and a DbDataAdapter object: the .NET Framework Data Provider for OLE DB includes an

OleDbDataReader and an OleDbDataAdapter object, the .NET Framework Data Provider for

SQL Server includes a SqlDataReader and a SqlDataAdapter object, the .NET

Framework Data Provider for ODBC includes an Odbc DataReader and an OdbcDataAdapter

object, and the .NET Framework Data Provider for Oracle includes an OracleDataReader

OracleDataAdapter object.

THE DATASET

DataSets in ADO .NET are objects that store data in a memory cache, allowing access to the data

even with the application disconnected from the databases. The structure of a

System.Data.DataSet is similar to that of a relational database. It is organized in a hierarchical

object mode of tables, rows, columns, constraints, and relationships. A DataSet can be typed or

untyped.

Typed DataSets derive its table and column structure from a schema file and is easier to

program. Either a typed or untyped dataset can be used in applications. ADO.NET gives better

support to typed datasets. A DataSet is located in System.Data NameSpace. DataSets are

memory structures that do not contain any data by default. DataSets will have to be filled with

data. This can be done in several ways.

Microsoft SQL Server (RDBMS)

Databases and the Internet have enabled worldwide collaboration and information sharing by

extending the reach of database applications throughout organizations and communities. Both

small businesses and global enterprises have users all over the world who require access to data

24 hours a day. Without this data access, revenue and customers can be lost, penalties can be


http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oracledataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oracledatareader.aspx

http://msdn.microsoft.com/en-us/library/system.data.odbc.odbcdataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.odbc.odbcdatareader.aspx

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqldataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbdataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbdatareader.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbdataadapter.aspx

http://msdn.microsoft.com/en-us/library/system.data.common.dbdatareader.aspx


IN ARMY

owed, and bad press can have a lasting effect on customers and a company’s reputation. Building

a high availability IT infrastructure is critical to the success and well being of all enterprises in

today’s fast moving economy.

The following five points explains what the critical high availability solution areas are, why and

what Oracle’s offerings in each of these areas are.

SQL SERVER is one of the leading database management systems (DBMS) because it is the

only Database that meets the uncompromising requirements of today’s most demanding

information systems. From complex decision support systems (DSS) to the most rigorous online

transaction processing (OLTP) application, even application that require simultaneous

DSS and OLTP access to the same critical data, SQL Server leads the industry in both

performance and capability

SQL SERVER is a truly portable, distributed, and open DBMS that delivers unmatched

performance, continuous operation and support for every database.

SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially designed

for online transactions processing and for handling large database application.

SQL SERVER with transactions processing option offers two features which contribute to very

high level of transaction processing throughput, like ‘The row level’.

2.6 An Overview of .NET Framework

First and foremost, .NET is a framework that covers all the layers of software development from

the operating system up. It provides the richest level of integration among presentation

technologies, component technologies, and data technologies ever seen on a Microsoft platform.

Secondly, the entire architecture has been created to make it as easy to develop Internet



IN ARMY

applications as it is to develop for the desktop environment.

DOT NET actually "wraps" the operating system, insulating software developed with .NET from

most operating system specifics such as file handling and memory allocation.

This prepares for a possible future in which the software developed for .NET is portable to a

wide variety of hardware and operating system foundations. (Beta one of Visual Studio.NET

supports all versions of Windows 2000 plus Windows NT4, Windows 9x, and Windows.

The major components of the .NET framework are shown in the below diagram:

Fig 2.4 The .NET Framework Overview

The framework starts all the way down at the memory management and component loading

level, and goes all the way up to multiple ways of rendering user and program interfaces. In

between, there are layers that provide just about any system-level capability that a developer

would need.

At the base is the Common Language Runtime, often abbreviated to CLR. This is the heart of the

.NET framework, the engine that drives key functionality. It includes, for example, a common

system of data types. These common types, plus a standard interface convention, make cross-

language inheritance possible. In addition to allocation and management of memory, the CLR

also does reference counting for objects, and handles garbage collection. The middle layer



IN ARMY

includes the next generation of standard system services such as ADO.NET and XML.

These services are brought under the control of the framework, making them universally

available and standardizing their usage across languages.

The top layer includes user and program interfaces. Windows Forms (often informally referred to

as Win Forms) are a new way to create standard Win32 desktop applications, based on the

Windows Foundation Classes (WFC) produced for J++. Web Forms provide a powerful, forms-

based UI for the web. Web Services, which are perhaps the most revolutionary, provide a

mechanism for programs to communicate over the Internet using SOAP. Web Services provide

an analog of COM and DCOM for object brokering and interfacing, but based on Internet

technologies so that allowance is made for integration even with non-Microsoft platforms. Web

Forms and Web Services, comprise the Internet interface portion of .NET, and are implemented

through a section of the .NET Framework referred to as ASP.NET.

All of these are available to any language that is based on the .NET platform. For completeness,

there is also a console interface that allows creation of character-based applications (not shown

in the diagram 2.4).

Common Language Runtime

Let's start with a definition. A runtime is an environment in which programs are executed. The

Common Language Runtime is therefore the environment in which we run our .NET applications

that have been compiled to a common language, namely Microsoft Intermediate Language

(MSIL), often referred to simply as IL. Runtimes have been around even longer than DOS, but

the Common Language Runtime (CLR) is as advanced over traditional runtimes as a light bulb is

over a candle. Here's a quick diagrammatic summary of the major pieces of the CLR.

As shown in the figure, that small part in the middle, called Execution Support contains most of

the capabilities normally associated with a language runtime (such as the VBRUNxxx.DLL

runtime used with Visual Basic). The rest is new, at least for Microsoft platforms. Understanding



IN ARMY

the CLR is key to understanding the rest of .NET, hence, here is a short introduction.

Fig 2.5 The Common Language Runtime

Language interoperability is the ability of the code to interact with code that is written using a

different programming language. Language interoperability can help maximum code reuse and,

therefore, improve the efficiency of the development process. Because developers use a wide

variety of tools and technologies, each of which might support different features and types, it has

historically been difficult to ensure language interoperability. However, language compilers and

tools that target the common language runtime benefit from the runtime’s built-in support for

language interoperability. To ensure that you can develop managed code that can be fully used

by developers using any programming language, a set of language features and rules for using

them called the Common Language Specification (CLS) has been defined. Components that

follow these rules and expose only CLS features are considered CLS compliant. If your

component uses only CLS features in the API that it exposes to other code (including derived

classes), the component is guaranteed to be accessible from any programming language that

supports the CLS. Components that adhere to the CLS rules and use only the features included in

the CLS are said to be CLS-compliant components.

Common Type Systems

The Common Type System (CTS) defines how types are declared, used, and managed in the

runtime, and is also an important part of the runtime’s support for cross-language integration.



IN ARMY

The CTS performs the following functions:

Establish a framework that helps enable cross-language integration, type safety, and high

performance code execution.

Provides an object-oriented model that supports the complete implementation of many

programming languages.

Define rules that languages must follow, which helps ensure that objects written in

different languages can interact with each other.

The CTS also defines the rules that ensure that the data types of objects written in various

languages are able to interact with each other.

.Net Framework4.0

The Microsoft .NET Framework 4 provides the following new features and improvements:

Improvements in Common Language Runtime (CLR) and Base Class Library (BCL)

Performance improvement including better multicore support, background garbage

collection, and profiler attach on server.

New memory mapped file and numeric types.

Easier debugging including dump debugging, Watson minidumps, mixed mode

debugging for 64 bit and code contracts..

Innovations in the Visual Basic and C# languages, for example statement lambdas,

implicit line continuations, dynamic dispatch, and named/optional parameters.

Improvements in Data Access and Modeling

The .NET Framework 4 also offers significant performance gains for WF-based workflows.

Improvements to Windows Communication Foundation (WCF) such as support for WCF

Workflow Services enabling workflow programs with messaging activities, correlation



IN ARMY

support. Additionally, .NET Framework 4 provides new WCF features such as service

discovery, routing service, REST support, diagnostics, and performance

Innovative new parallel-programming features such as parallel loop support, Task

Parallel Library (TPL), Parallel LINQ (PLINQ), and coordination data structures which

let developers harness the power of multi-core processors.

2.7 ASP.NET Technology

F Active Server Pages has been arguably the leading choice for web developers building dynamic

Websites on Windows Web servers. ASP has gained popularity by offering the simplicity of

flexible scripting via several languages. That, combined with the fact that’s built into every

Microsoft Windows-based Web server, has made ASP difficult act to follow.

Early in 2002, Microsoft released its new technology for Internet development. Originally called

ASP, it was finally released as ASP.NET, and represents a leap forward from ASP both in

sophistication and productivity for developers can now choose between several fully-fledged

programming languages. Development in ASP.NET requires not only an understanding of

HTML and Web design, but also a firm grasp of the concepts of object-oriented programming

and development. ASP.NET is a server side technology for developing web applications based

on the Microsoft.Net Framework.

Advantages of ASP.NET

ASP.NET pages are compiled, not interpreted .Instead of reading and interpreting your code

every time a dynamic page is requested, ASP.NET compiles dynamic pages into efficient binary

files that the server can execute very quickly. This represents a big jump in performance when

compared with the technology’s interpreted predecessor, ASP.

ASP.NET has full access to the functionality of the .NET Framework. Support for XML,

Web Services, database interaction, email, regular expression and many other technologies are

built right into .NET which saves you from having to reinvent the wheel.



IN ARMY

ASP.NET allows you to separate the server-side code in your pages from HTML layout.

Disadvantages of ASP.NET

ASP.NET is a Microsoft technology. While this isn’t a problem in itself, it does mean

that, at least for now, you need to use a Windows server to run an ASP.NET Website .If

your organization uses Linux or some operating system for its Web servers, you’re out of

luck.

Serious ASP.NET development requires an understanding of object-oriented

programming.

Using C# with ASP.NET

C# is a simple, modern, object oriented and type-safe programming derived from C and C++.

ASP.NET has been described as a technology and not a language. ASP.NET pages can be made

from one of many languages. As C# comes free with ASP.NET –so when you install ASP.NET

you get C# as well. In other words, creating web pages using C# and using ASP.NET to derive it.

2.8 Features of C# Language

Simple

Object-oriented

Interoperability

Type safe

SIMPLE

No Pointers.

Unsafe operations such as direct memory access are not allowed.

In C# there is no use of “::” or “->” operator.



IN ARMY

Since it is on .NET it inherits the features of automatic memory management.

Integer’s value such as 0 and 1 are no longer accepted as Boolean values. Boolean values are

pure true or false in C# of “=” operator and “==” operator. “==” operator is used for

comparison operation and “=” is used for assignment operation.

OBJECT-ORIENTED

C# supports data encapsulation, polymorphism, interfaces, and inheritance.

(int,float,double) are not objects in java but c# has introduced structures(structs) which

enable the primitive type to become objects

int i;

String a = i.Tostring; //conversion or boxing

INTEROPERABILITY

C# includes native support for the computer windows based applications.

Allowing restricted use of native pointers.

Users need not explicitly implement unknown and other computer interfaces those

Features are built in.

C# allows the users to use pointers as unsafe code blocks to manipulate your old code

TYPE-SAFE

In c3 we cannot perform unsafe casts like convert to a Boolean.

Value types are initialized to zeros and reference type objects are initialized to null by

the compiler automatically.

Arrays are zero based indexed and are bound checked.

Overflow of types can be checked.

2.9 Introduction to SQL Server



IN ARMY

SQL was invented and developed by IBM in early 1970’s stands for structured query language.

IBM was able to demonstrate how to control relational database using SQL.

The Structured Query Language (SQL) comprises one of the fundamental building blocks of

modern database architecture. SQL defines the methods used to create and manipulate relational

databases on all major platforms. At first glance, the language may see intimidating and complex

but it’s really not all that bad.

Requirements and provides innovative capabilities that increase employee effectiveness,

integrate heterogeneous IT ecosystems and maximize capital and operating budgets. SQL Sever

provides the enterprise data management platform your organization needs to adapt quickly in a

fast-change environment. With the lowest implementation and maintenance costs in the industry.

SQL Server delivers rapid return on your data management investment. SQL Server supports the

rapid development of enterprise-class business applications that can give your company a critical

competitive advantage.

Benchmarked for scalability, speed and performance, SQL Server is a fully enterprise-class

database product, providing core support for Extensible Mark-up Language (XML) and Internet

queries.

A table is a primary database object of sol that is used to store data. A table holds data in the

form of rows and columns.

2.10 Features of SQL Server 2008

Policy Based Management

Management is centralized, thereby reducing the need to configure each server

separately.

Backwards compatibility supports managing instances of SQL Server 2008, SQL



IN ARMY

Server 2005, and SQL Server 2000.

Data Compression

Save disk storage.

Enable compression option for individual tables or indexes.

Compression can improve disk I/O and memory utilization.

Transparent Data Encryption

Implements strong encryption keys and certificates to secure data.

Does not increase the size of the database.

Data Auditing

Enables compliance with security regulations.

Simple configuration using SQL Server Management Studio.

Minimal impact on performance because audit data is stored outside of SQL Server database files.

Dates and Times

New data types: Date, Time, Date Time Offset

File Stream:

New data type VarBinary(Max) FileStream for managing binary data.

Table Value Parameters:

The ability to pass an entire table to a stored procedure.

Backup Compression

Save storage space.



IN ARMY

Compressed backups can be stored on tape or on disk.

Simple configuration using SQL Server Management Studio.

Default state of all backups on a server to be compressed can be configured.

2.11 MVC Architecture

The methodology to be followed is “Model-View-Controller” (MVC). Using this design pattern

results in separation of the application data from the ways that the data can be accessed or

viewed as well as from the mapping between system events (such as user interface events) and

application behaviors.

The MVC methodology consists of three component types. The Model represents the application

data along with methods that operate on that data. The View component displays that data to the

user. The Controller translates user actions such as mouse movement and keyboard input and

dispatches operation on the Model. As a result, the Model will update the View to reflect

changes to the data. The figure below the functions of each of these component types as well as

the relationships between them.



IN ARMY

Fig 2.6 MVC Architecture

When this paradigm is used properly, the Model should have no involvement in translating the

format of input data. This translation should be performed by the Controller. In addition, the

Model should not carry any responsibility for determining how the results should be displayed.

The Model-View-Controller Model offers the following benefits

Clarifies application design through separation of data modeling issues from data display

and interaction

Allows the same data to be viewed in many ways

Allows the same data to be viewed by many users

Enhances reusability by separating application functionality from presentation

Increases flexibility, because data model, user interaction, and data display can be

“pluggable”.



IN ARMY

SYSTEM REQUIREMENT SPECIFICATION

CHAPTER : 3

SYSTEM REQUIREMENT SPECIFICATION

3.1 Software requirements specification

A software requirements specification (SRS) is a comprehensive description of the intended

purpose and environment for software under development. The SRS fully describes what the

software will do and how it will be expected to perform. Software Requirement Specification



IN ARMY

(SRS) is a fundamental document, which forms the foundation of the software development

process.

SRS describes the functionality, characteristics and constraints that are applicable for the

application. The SRS can be defined as a condition of capacity needed by a user to solve a

problem or achieve an objective. SRS helps the events to understand their own needs.

SRS provides a reference for validation of the final report.

A high quality SRS is a perquisite to high quality software.

A high quality SRS reduces the development cost.

Functional Requirements for Admin

1. User profile Vector(master)

2. Create Detailed Vector

3. Compare User Profile/login Vector

Non-Functional Requirements

These are the requirements that are not directly concerned with specific functions delivered by

the software. These include software interface requirements, hardware interface requirements

which include all the software and hardware requirements.

Many organizations focus on the functional aspect of the system-WHAT it does -rather than the

non-functional - HOW it does it. Non-functional elements comprise everything from

performance to security to usability. Without clear, early definition of non-functional

requirements, it is possible that a system could be delivered which does exactly what the

customer wants, but is difficult to use, slow, insecure, or is not scalable. Once again, this can

lead to the development rework, although some non-functional areas are so integral to the design

of the product, it can be difficult to correct them without starting the project again.



IN ARMY

3.2 Hardware Requirements

Processor Intel Dual Core

RAM 512 MB and above

Hard Disk 60 GB Hard Disk Space and above

Table: 3.1 Hardware requirements

3.3 Software Requirements

Operating System Windows XP and above

Presentation ASP.NET

Database SQL Server 2008

Language C#

Web Server IIS [Internet Information Server]

Development kit Visual Studio 2010

Table: 3.2 Software requirements



IN ARMY

SYSTEM ANALYSIS

CHAPTER : 4

SYSTEM ANALYSIS



IN ARMY

4.1 Existing system

The advantages of the existing system are as follows:

It is very simple in nature & doesn’t provide much functionality, thus reducing

complexity of the system.

Its provide simplicity in the password

It doesn’t require employees to know about computers at all i.e. it doesn’t require training

Because of manual work it doesn’t require any investment in computers or any other

Peripherals.

The existing system it doesn’t take too much of time to login a system

Disadvantages of existing system:

The main disadvantages of existing system is security problem. User is difficult to remembering a password. In existing system we didn’t use c c p technique.

In previous system only predefined points only we click otherwise it won’t allow to login

Password predictability is very high in previous system.

Hacker can easily identify the passwords using some algorithm.

4.2 Proposed system

In the proposed work we have integrated sound signature to help in recalling the password. No

system has been devolved so far which uses sound signature in graphical password

authentication. Study says that sound signature or tone can be used to recall facts like images,

text . In daily life we see various examples of recalling an object by the sound related to that

object .



IN ARMY

Advantages of the proposed system

Integration of sound signature is convenient and better way to use, because it brings

safety and security

User friendly and Compatible on all windows based systems

Upgradeable with slight modification in coding.

Easy application maintenance due to its robustness

Menu driven navigation to facilitate simple and quick access to required functionality.

A central database for all the data related to ensure data consistency

Easier and faster data entry with menu support

In proposed system to difficult to guess a password and hack a particular account



IN ARMY

SYSTEM DESIGN

CHAPTER: 5



IN ARMY

SYSTEM DESIGN

5.1 Introduction:

System design is process to design the system, here ‘‘INTEGRATION OF SOUND SIGNATURE

AND GRAPHICLE PASSWORD AUTHENTICATION SYSTEM IN ARMY’’. It is a

reduction of an entire system by studying the various operations performed and their relationship

within the system and the requirement of its success. One aspect of design is defining the

boundaries of the system and determining whether or not the candidate system should consider

other related system.

The idea of system has been more practical and necessary in computerizing the interrelationship

and integration of operations, especially when using computers. Thus it’s a way of thinking

organizations and their problems. An organizational consists of several interrelated and

interlocking components.

The most creative and challenging phase of the system life cycle is system design. The term

design describes a final system and the process by which it is developed. It refers to the technical

specifications that will be applied in implementing the candidate system. It also includes the

construction of programs and program testing. The key question involved here is “How the

problem should be solved”.

5.2 DATABASE

Database Design is an important and challenging task. Good Design requires although

understanding of the data associated with an enterprise and how it issued, as well as good

grasp of the features supported by the DBMS. Logical database design also known as database

design or data modeling, studies basic properties nd interrelationship among data items, with

the aim of providing faithful representation of such item in the basic data structure of

database.The very first in designing a database application is to understand what

Information the database must store for the given enterprise and what integrity constraints or

business rules applied to the data.

DATAFLOW DIAGRAM:

Department of MCA P.E.S.C.E Mandya 2012Registration Process

Login Trial


IN ARMY


Get Unique ID

Select Sound Signature Fetch User Profile Vector

Read User ID

Select Tolerances Level Level

Detect Mouse Position on Image

Show Image from User Profile

Select Image

Select & Click on Pass Point

Want More Image

Nu of Images<5

Play Sound Signature

Compare Login & User Vector

Play Random Sound

Create User Profile Vector

If Mouse POS=User Profile

Get Click Points & Prepaire Login Vector

If d<D

Logon Imposter


IN ARMY

5.3 INTRODUCTION TO E-R CONCEPT

The E-R approach attempt to define a number of data classification objects. These fundamental

data classification objects are : An Entity is a collection of distinguishable real world objects

with common properties. An entity is represented by a rectangle in an E-R diagram. An entity is

usually mapped to an actual table, and each row of the table corresponds to one of the

distinguishable real world objects that makeup the entity, called an entity instance.

Database Table

A database is a collection of interrelated data stored with minimum redundancy to serve many

users quickly and efficiently. The general objective of database design is to make the data access

easy, inexpensive and flexible to the user.

Field Name Data type Description

UserName Varchar(MAX) Name of user

Select Image Position Int integer

play int Play that video in

particular time

Played Time int Integer value

Table 5.1 : Log In



IN ARMY

Field Name Data type Description

UserName Varchar(50) Username

Select Image Position int Select particular image

position

Play int Video will be played

Played Time int Played time is displayed

D O B Date Enter a date of birth

Sex Varchar(50) Enter a sex

Addres Varchar(MAX) Enter a user addres

City Varchar(MAX) Enter a user city

Email Varchar(MAX) Enter a user emailid

Table 5.2 : Registrationform

File Id Int Number of files in that

database

Filname char Which we uploaded that

file name should be

mentioned

File select choose Choose a particular file

location

Table 5.3 Upload Files



IN ARMY

Field name Data type Description

Select field of files Varchar(50) Patient ID

play int Video is loaded

Played time int We can puase video in correct

uploaded time

Table 5.5 : File download

5.4 ACITIVITY DIAGRAM

Activity diagrams show a sequence of actions of actions, they must indicate the starting point of

the sequences. The official UML name for the start point of the activity is initial state. It is the

point at which you begin reading the action sequences. The initial state is drawn as a solid

circle with a transaction line that connects it to the first action in the of the activities sequence of

sequence actions. The activities are performed are represented in the soft bordered Rectangles,



IN ARMY

where as the validation process is presented in hallow diamond.

Fig5.2: Activity Diagram



IN ARMY

5.5Use Case Diagram

Use cases are used during the analysis phase of a project to identify and partition system

functionality. They separate the system into actors and use cases.

Actors represent roles that can are played by users of the system. Those users can be humans,

other computers, pieces of hardware, or even other software systems. The only criterion is that

they must be external to the part of the system being partitioned into use cases. They must supply

stimuli to that part of the system, and the must receive outputs from it.Use cases describe the

behavior of the system when one of these actors sends one particular stimulus. This behavior is

described textually. It describes the nature of the stimulus that triggers the use case; the inputs

from and outputs to other actors, and the behaviors that convert the inputs to the outputs.



IN ARMY

5.6 Sequence Diagram

A Sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that

shows how processes operate with one another and in what order.It is a construct of a Message

Sequence Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and

timing diagrams.


http://en.wikipedia.org/wiki/Timing_diagram_(Unified_Modeling_Language)

http://en.wikipedia.org/wiki/Message_Sequence_Chart

http://en.wikipedia.org/wiki/Message_Sequence_Chart

http://en.wikipedia.org/wiki/Interaction_diagram


IN ARMY

Fig5.4: Sequence Diagram

5.7 CLASS DIAGRAM

A class diagram, also referred to as object modeling, is the main static analysis diagram. These

diagrams show the static structure of the model.A class diagram is a collection of static modeling



IN ARMY

elements, such as classes and their relationships, connected as a graph to each other and to their

contents.

Fig5.5: Class Diagram



IN ARMY

SYSTEM TESTING

CHAPTER: 6



IN ARMY

SYSTEM TESTING AND VALIDATION

Software testing plays a very critical role for quality assurance and for ensuring the reliability of

software. During testing the program to be tested is executed with a set of test cases, and the

output of the program for the test cases is evaluated to determine if the program is performing as

it expected. A series of tests have to be performed for the user acceptance.

Software testing is a critical element of software quality assurance and represents the ultimate

reviews of Specification, Design and Coding. Preparation of test data itself plays a vital role in

the system testing. While testing the system with the test data, errors were detected and rectified.

A project is incomplete without successful testing. A program or system design is perfect only

when communication between the user and the designer is complete and clear. A successful

system design helps in efficient testing. Testing is vital to the success of a system. An elaborate

test data is prepared and the system is tested using the test data. While testing, if errors are noted,

corrections are made. The corrections need to be noted for future use. Both hardware and

software securities must be ensured for the system to run smoothly in future.

Software Testing Strategies:

White Box Testing

The code testing strategy checks for the correctness of every statement in the program. To

follow this testing strategy, there should be test cases that result in execution of every instruction

in the program or module; that is every path in the program is tested. The tested cases should

guarantee that independent paths within a module are executed at least once.

Black Box Texting:

To perform black box testing, the analyst examines the specifications stating what the program

or module should do and how it should perform under various conditions. Then, test cases are

developed for various conditions and submitted for processing. By examining the results, the

analyst can examine whether the program performs according the specified requirements.



IN ARMY

Testing Methodologies:

Unit Testing

The source code is normally divided into modules, which in turn are divided into smaller units

called units. These units have specific behavior. The test done on these units of code is called

unit test. Unit test depends upon the language on which the project is developed. Unit tests

ensure that each unique path of the project performs accurately to the documented specifications

and contains clearly defined inputs and expected results.

Each input form was tested for errors; all errors were detected in the development stage itself

and corrected. One of the major errors, in this level is the data connectivity error i.e., connecting

the front end application to the database which were tested and was achieved in this project.

Integration Testing

Testing two or more modules or functions together with the intent of finding interface defects

between the modules or functions. On a larger level, integration testing can involve a putting

together of groups of modules and functions with the goal of completing and verifying that the

system meets the system requirements.

The goal of this testing is to see if the modules can be integrated properly, the emphasis being on

testing interfaces between modules .In this project there are two main modules which were

developed and were tested for integration.

The Employee Registration which are posted in one form should be fetched as the employee

details in the other form (EMPLOYEE MONTHLY SALARY). This testing of Integration was

done and was achieved in this project.

User Acceptance Testing



IN ARMY

User acceptance of a system is the key factor for the success of any system. The system under

consideration is tested for user acceptance by constantly in touch with the prospective system

user at time of developing and making changes wherever required is done in regard to the

following point:

Input screen design

Output screen design

Menu driven system

Output Testing:

After performing the validation testing, the next steps are output testing of the proposed system,

since no system could be useful if it does not produce the required output in the specific format.

The outputs displayed by the systems are tested, by comparing with the format required by the

user. Here the output format is considered in two ways: one is on screen and another in printed

format.

Validation Testing:

At the culmination of integration testing, software is completely assembled as a package,

interfacing errors have been covered and corrected and a final series of software test validation

testing was carried out. Validation testing can be defined in many ways, but a simple definition is

that validation succeeds when the software functions in a manner that can be reasonably

expected by the end user. The validation test includes the validation of the fields of the records.

Each field of the records in the modules is tested separately.

Each module is subjected to test run along with sample data. The individually tested modules are

integrated into a single system. Testing involves executing the real data information is used in

the program the existence of any program defect is inferred from the output.

The texting should be planned so that all the requirements are individually tested.



IN ARMY

The other Validation is the username and password, Only if the person as an authorized he is

allowed to enter into the system else he cannot enter.

Each and every control which is used in our project is validated. For ex: The user is not allowed

to enter character in place of numeric and vice versa. All the required fields should be entered

by the user to navigate to the next form.

System Testing

System testing is actually a series of different tests whose primary purpose is to fully exercise

the computer based system.

Although each test has a different purpose, all work should verify that all system elements have

been properly integrated and perform allocated functions, being the most important test, the

performance test is covered briefly below:

Performance testing:

Performance testing is designed to test the run-time performance of software within the context

of an integrated system. Performance testing occurs throughout all steps in the testing process.

Even at the unit level, the performance of an individual module may be accessed as tests are

conducted. However, it is not until all system elements are fully integrated that the true

performance of a system can be ascertained.

Website Cookie Testing

Cookie is small information stored in text file on user’s hard drive by web server. This

information is later used by web browser to retrieve information from that machine. Generally

cookie contains personalized user data or information that is used to communicate between

different web pages.

Cookies are nothing but the user’s identity and used to track where the user navigated

throughout the web site pages. The communication between web browser and web server is

stateless.



IN ARMY

Test cases Test case area InputExpected output

Actual result Status

1Verification of database connection

Enter Login nameDisplay an Error Message “ Can’t connect database”.

Accept database

Failed

2

Enter Login

name(connect

data base)

Accept database Accept database

Passed

3 Verification of

connection sting

Enter Patient ID Display an Error

Message “Error in

Connection string”.

Accept

connection

string

Failed

4

Enter Patient

ID(valid

connection string)

Accept connection

string

Accept

connection

string

Passed

5 Verification of Log

In

Invalid user name Display an error

message “invalid

username”

Display an error

message

“invalid

username”

Passed

6

Valid user name User Logged in and gets list of names. User Logged in

and gets list of names.

Passed

7 Verification of Patient name

Unknown Patient Name

Display an Error Message “Enter Exist name”.

Accept patient name

Failed

8 valid Patient Name

Accept Patient Name Accept Patient

Name Passed

9

Verification of Patient test

Not exist patient test

Display an Error Message “Record does not exit”.

Display an Error Message “Record does not exit”.

Passed

10 Exist test name Shows test result

Shows test Passed



IN ARMY

result

11

Verification of

patient age Invalid data type Display an Error Message “Invalid data type”

Display an Error Message “Invalid data type”

Passed

IMPLEMENTATION



IN ARMY

CHAPTER: 7

IMPLEMENTATION

Implementation is the process of converting a new or a revised system design into an operational

One. The objective is to put the new or revised system that has been tested into operational while

holding costs, risks, and personal irritation to the minimum. A critical aspect of the

implementation process is to ensure that there will be no disrupting the functioning of the

organization. The best method for gaining control while implanting any new system would be to

use well planned test for testing all new programs. Before production files are used to test live

data, test files must be created on the old system, copied over to the new system, and used for the

initial of each program.

Another factor to be considered in the implementation phase is the acquisition of the

hardware and software. Once the software is developed for the system and testing is carried out,

it is then the process of making the newly designed system fully operational and consistent in

performance . for this the following steps will be followed for the implementation of the

system.

Implementation planning:



IN ARMY

A through and logical thought should be put in for planning the implementation , which Involves

sound knowledge in the following areas:

Personal needs

Programming tools selected

System training plan

Equipped installation plan

System conversion plan

System test plan



IN ARMY

CONCLUSION



IN ARMY

CHAPTER: 8

CONCLUSION

We have proposed a system which uses sound signature to recall graphical password

click points. No previously developed system used this approach this system is helpful

when user is logging after a long time. In future systems other patterns may be used for

recalling purpose like touch of smells, study shows that these patterns are very useful in

recalling the associated objects like images or text.

.



IN ARMY

FUTURE ENHANCEMENT



IN ARMY

CHAPTER: 9

FUTURE ENHANCEMENT

In future systems other patterns may be used for recalling purpose like touch of smells, study

shows that these patterns are very useful in recalling the associated objects like images or text.



IN ARMY



IN ARMY

BIBLIOGRAPHY

BIBLIOGRAPHY

[1] Mathew MacDonald, “Begining ASP.NET 3.5 in c# 2008”, Second edition

[2] Jason Beres,Et.Al, Mathew MacDonald ,Visual Basic .NET Programming BIBLE, Wiley

Dreamtech India Pvt.Ltd, By Bill Evjen,

[3] Bill Evjen, Rockford Lhotka, Billy Hollis, Bill Sheldon, Kent Sharkey, Tim

Mccarthy,Rama Ramachandran, Professional Visual Basic 2005, Wiley Dreamtech



IN ARMY

Publications, Edition 2006.

[4] Microsoft SQL Server 2008 Database Design And Implementation, Prentice Hall Of

Inadia, Second Edition By Microsoft Corporation.

[5] Bible, Mridula Parihar Et Al, ASP.NET.Published By Hungry Minds, Inc,909 Third

Avenue New York,NY 10022.

Websites:

http://www.w3schools.com/aspnet/

http://msdn.microsoft.com/en-us/aa336522

http://www.learnvisualstdio.net/asp.net2.0

http://www.msdn/asp.net2.0/defalut.aspx/

http://www.ieee.org

http://www.sourcefordgde.com


http://www.sourcefordgde.com/

http://www.ieee.org/

vin u full report

Documents

graphiclepassword

structured

user profile

ole db includes

graphical

common language

xml web services

sql server