keypass password protection manager
TRANSCRIPT
A
MINIOR PROJECT REPORTON
KEYPASS PASSWORD PROTECTION MANAGER
Submitted by
HEMANT KUMAR Uni.Roll No.08ESMIT021
SANJAY TIWARI. Uni.Roll No.08ESMIT049
CHARUL BHUDIRAJA Uni.Roll No.08ESMIT013
in partial fulfillment for the award of the degree
of
BACHELOR OF TECHNOLOGY
in
INFORMATION TECHNOLOGY
St.Margaret Engineering College,NeemranaRAJASTHAN TECHNICAL UNIVERSITY, KOTA
DEC-2012
1
St.Margaret Engineering College, Neemrana
BONAFIDE CERTIFICATE
Certified that this project report “KEYPASS PROTECTION MANAGER” is the
bonafide work of “CHARUL BUDHIRAJA(08ESMIT013),HEMANT KUMAR
(08ESMIT021) and SANJAY TIWARI (08ESMIT049)”, who carried out the project
work under our supervision, towards partial fulfillment of the requirements of the Degree
of Bachelor of Technology in Information & Technology Engineering from Rajasthan
Technical University, Kota.
Internal Supervisor External Supervisor
MR. KASHINATH DHARA MR. SHAILENDRA SONI
Asst. Professor Asst. Professor
CS/IT Department CS/IT Department
Date: 2.1.2012
2
St. Margaret Engineering College ,Neemrana
CERTIFICATE OF AUTHENTICATION
We solemnly declare that this project report “KEYPASS PROTECTION MANAGER”
is the Bonafide work done purely by us, carried out under the supervision of
Mr. Kashinath Dhara, towards partial fulfillment of the requirements of the Degree of
Bachelor of Technology in Information Technology from Rajasthan Technical
University, Kota during the year 2011 - 2012. It is further certified that this work has not
been submitted, either in part of in full, to any Other department of the Rajasthan
Technical University, or any other University, institution or Elsewhere, or for publication
in any form.
Date: Signature of the Student
2-1-2012 CHARUL 08ESMIT013
HEMANT 08ESMIT021
SANJAY 08ESMIT049
3
ACKNOWLEDGEMENT
We are grateful to St. Margaret Engineering College, for permitting us to undergo for a
minor project for the development of an expert system. While developing this project, we
have learnt a lot. This will be an un-forgetful experience. While developing this project, a
lot of difficulties were faced by us. But it was the help of some special people that we
have gained much confidence and developed the project quite well.
We would like to thanks Mr. KASHINATH DHARA and Mr.SHAILENDRA SONI
to co-ordinate with us and provide us the information needed to complete the analysis
part of this project.
4
ABSTRACT
KEY PASS PASSWORD PROTECTION MANAGER
Today you need to remember many passwords. You need a password for the Windows
network logon, your e-mail account, your homepage's FTP password, online passwords
(like website member account), etc. etc. etc. The list is endless. Also, you should use
different passwords for each account. Because if you use only one password everywhere
and someone get this password you have a problem. A serious ID problem to the owner
of the. The thief would have access to your e-mail account, homepage, etc.
Unimaginable.
This system is a password manager, which helps you to manage your passwords in a
secure way. You can put all your passwords in one database, which is locked with one
master key or a key file. So you only have to remember one single master password or
select the key file to unlock the whole database. The databases are encrypted. A facility
to update and change information is provided.
5
TABLE OF CONTENTS
1. Introduction 9
1.1 Purpose
1.2 Intended Audience and Reading Suggestions
1.3 Product Scope
1.4 Projectt Scope
1.5 References
2. Overall Description 11
2.1 Product Perspective
2.2 Product Functions
2.3 User Classes and Characteristics
2.4 Operating Environment
2.5 Design and Implementation Constraints
2.6 User Documentation
3. External Interface Requirements 14
3.1 User Interfaces
3.2 Hardware Interfaces
3.3 Software Interfaces
3.4 Communications Interfaces
4. System Features 15
4.1 System Feature 1
4.2 System Feature 2
6
5. Other Nonfunctional Requirements 16
5.1 Performance Requirements
5.2 Safety Requirements
5.3 Security Requirements
5.4 Software Quality Attributes
6. Software Design 18
7. Screen shots 25
8. Testing 43
8.1 Purpose
8.2 Quality
8.3 Product Quality
8.4 Testing in the Iterative lifecycle
8.5 Dimensions of Testing
8.6 Stages of Testing
8.7 System Documentation
9. Bibiliography 46
7
LIST OF FIGURES
1. Use-Case diagram 18
2. Class diagram 19
3. Sequence diagram 20
3.1 Sequence diagram login 20
3.2 Sequence diagram change password 21
3.3 Sequence diagram protect data 22
3.4 Sequence diagram unprotect data 23
4. Activity diagram 24
5.Screenshots:
Fig1 25
Fig2 26
Fig3 27
Fig4 28
Fig5 29
Fig6 30
Fig7 31
Fig8 32
Fig9 33
Fig10 34
Fig11 35
Fig12 36
Fig13 37
Fig14 38
Fig15 39
Fig16 40
Fig17 41
Fig18 42
8
1. INTRODUCTION
1.1 Purpose
To provide security to highly confidential data such as id’s and passwords that may span
from PC applications to financial information.
1.2 Intended Audience and Reading Suggestions
Intended for Project Managers, Developers, End users and Quality Assurance Engineers.
Suggested reading the document would be overall document description, product based
information gathering followed by Infrastructure requirement.
1.3 Product Scope
Language : Java(J2EE)
1.4 Project Scope
Provides registration to public in order to access the application.
The user can change his password.
Registered users can store critical and confidential data in a secured form.
Unprotect and Retrieve data as and when necessary.
The data can be retrieved anytime, from anywhere and any number of
times.
Protection provided to the stored data using the MD5 algorithm.
1.5 References
1) Java a) Java
b) JSP2.0 Dream tech Publication
9
2) Database a) Databases in Java, Worth
b) Database, SQL
10
2. Overall Description
2.1Product Perspective
In the present scenario every person is associated with some id and password. It may
pertain to accessing the PC, the web, emails, financial institutions, access to credit cards,
ATM’s etc. Most often a person tries to remember them in order to use it. It is always
known that a person or individual confuses between passwords of different id’s. Some
individuals in order to avoid confusion also adapt to use a common password for all id’s.
Both of the above can either lead to misplaced password or forgotten password or easily
hacked when the single password is known. Some individuals even try to save critical
information in books or registers or electronic diaries and carry them along. The
possibility of this carrier being lost or damaged is high. In the present scenario certain
passwords can be recovered after a procedural delay. In some cases the password can not
be reset easily and the user has to forgo or close the account permanently as in the case of
mails.
The project is to maintain a centralized server that, stores critical information and be
accessible to the user from anywhere, anytime. The server can now remember any
amount of id’s and passwords irrespective of even their lengths. Highly useful when data
such as a credit card, debit card number etc that have larger number of digits or
characters cannot be remembered easily. In order to provide higher level security the data
is stored in an unreadable format. To provide this scenario the server implements the
DES algorithm using the visual studio. Similarly whenever the data needs to be
unprotected and used the decryption ensures that the data is recovered without any loss or
alterations.
11
2.2 Product Functions
• Register a user.
• Store information with security.
• Retrieve information as and when required.
• Multi-tier architecture enables less maintenance as only the server is of
importance.
• Generate report either on a single user id or list of Id’s.
• Keys are auto generated, associated with password ensures the protection level is
higher.
• Length of the keys altered each time to suite user needs.
• The user need not remember the keys instead only filenames.
• Both the key and password within the application is maintained encrypted.
• The details of the account, key, protected file is stored into the database but not
the actual password.
2.3User Classes and Characteristics
The application can be used by general public, organizations etc without having to be
specific to any community. The user who has registered only has access to this
application.
2.4Operating Environment
Software Requirements:
Operating System : Windows 7(Home Basic)
Language : Java
Front End : HTML, JSP
12
Backend : SQL
Web server : Apache Tomcat
Hardware Requirements (Minimum)
Processor : PIV MB
Ram : 512
Hard Disk : 40 GB Space
Monitor : VGA Color (256)
2.5Design and Implementation Constraints
The application is designed using JSP. Hence all the design or screens are done using
web pages. The constraints are that JVM should be available and running for the
application to execute. As the database is in SQL, SQLYog should be installed. Tomcat
should be installed and running.
2.6User Documentation
The product is provided with built-in manual that would help the end user use the system
for functioning.
13
3.External Interface Requirements
3.1User Interfaces
The application provides with keyboard shortcuts and a facility to use the mouse to
trigger the required actions. They act as shortcuts and provide an easy navigation within
the software. Output data to the user including errors and exceptions are displayed
through message boxes and dialogs using HTML.
3.2Hardware Interfaces
The application concentrates on the multi tier scenario and has no dependency on the
network or protocols. When executed on a standalone machine no additional peripheral
requirements are needed.
3.3Software Interfaces
The incoming data to the product would be raw text data and outgoing data would be
binary. SQL, JVM and Tomcat are the needed software interfaces.
14
4. System Features
1. Login & Security
The module deals with authentication of the users using the application. There are
basically two types of users – Administrator & the public.
Each of the above users are associated with user id and password. The user id is unique to
each user. The users login with the specified id and password to access their schema
information. Additional facility to change their password is also provided.
2.ID & Password Manager
This module deals with storing as many IDs and correlated passwords into the database.
Each user can have more than one id stored. The password is sent to the Blowfish
encryption module to have it encrypted or converted to cipher text before it can be stored
in the database. Each id acts as the primary key for that password. The id is then used to
retrieve the associated password later.
3.MD5 Encryption
The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words,
denoted A, B, C and D. These are initialized to certain fixed constants. The main
algorithm then operates on each 512-bit message block in turn, each block modifying the
state. The processing of a message block consists of four similar stages, termed rounds;
each round is composed of 16 similar operations based on a non-linear function f,
modular addition, and left rotation.
15
4.Report Generation
The module allows the users of the application to view the following reports :-
1.Password for a particular user id.
2.Tabulated listing of all user account and related passwords.
16
5. OTHER NON FUNCTIONAL REQUIREMENTS
5.1Performance Requirements
No external factor influences performance as the application is standalone. Higher
memory is recommended for faster execution. However when executed from intranet or
internet good bandwidth, less congestion and shortest route to reach the server would
enhance the performance.
5.2Safety Requirements
No harm is expected from the use of the product either to the OS or any data.
5.3Product Security Requirements
The product is protected from un-authorized users from using it. The system allows only
authenticated users to work on the application. The users of the system are registered
users.
5.4Software Quality Attributes
The product is user friendly as it is developed using web pages. The application is
reliable and ensures its functioning maintaining the users and their confidential data. As it
is developed in java it is interoperable on any OS. The system requires minimum
maintenance.
17
6. SOFTWARE DESIGN
UML DIAGRAMS
USE CASE DIAGRAM:
A use case is a set of scenarios that describes an interaction between a user and a system.
A use case diagram displays the relationship among actors and use cases. The two main
components of a use case diagram are use cases and actors.
18
CLASS DIAGRAM:
A class diagram is a type of static structure diagram that describes the structure of a
system by showing the system’s classes ,their attributes and the relationships between the
classes.
19
SEQUENCE DIAGRAM:
A sequence diagram demonstrates the behavior of objects in a use case by describing the
objects and the messages they pass. The diagrams are read left to right and descending.
Sequence diagram for login:
20
Sequence diagram for change password:
21
Sequence diagram for protect data:
22
Sequence diagram for unprotect data:
23
ACTIVITY DIAGRAM:
Activity diagrams describe the workflow behavior of a system.The diagrams describe the
state of activities by showing the sequence of activities performed.
24
7. SCREENSHOTS
Home page
Fig 1
The homepage will be appeared as above
25
Fig.2
When we click on “contact us” button in the Fig 1 ,the above screen appears
displaying the contact details
26
Fig 3
When we click on register button in Fig 2 the above screen Fig 3 appears, where the user
has to fill the required fields to register himself.
27
Fig 4
The registration is successful for the user Arvind.
28
Fig 5
After registration of a user is successful, he has to login with the correct user Id and password. In this screen an invalid password is entered.
29
Fig 6
As the invalid password is entered the above screen Fig 6 is displayed.
30
Fig 7
When the correct user Id and password are provided the above screen fig 7 appears.
31
Fig 8
32
If the original password does not match with the password that is given in Fig 8,the above
screen Fig 9 appears saying that “password is mismatch, Try again”.
Fig 9
Now give the identical password.
33
Fig 10
Now the password is reset for account Arvind.
34
Fig 11
The key is generated successfully, if the given key file name doesn’t exist.
35
Fig 12
To protect the data click on “Protect Data” option, then the above screen appears where the account id should be provided giving the description of the account in the account description field and the password to protect is the password which we want to protect, the protection date will be generated automatically and the master key is the key file name that is given during the generating key and the protected file is the location given where we want to store the file.
36
Fig 13
After giving all the details the password is protected successfully.
37
Fig 14
To recover the data click on the “unprotect data” option and the above screen appears
where we need to give our account Id and master Key.
38
Fig 15
As the given master key is invalid the above screen appears.
39
Fig 16
Give the correct Master Key.
40
Fig 17
The password is recovered.
41
Fig 18
To view keys click on “view keys” option, then it gives the list of accounts that has been
created by the user with the description and key. Arvind has created an account
[email protected] which is displayed in the above screen.
42
8. TESTING
8.1 PURPOSE:
The purpose of testing is to assess product quality. It helps to strengthen and stabilize the
architecture early in the development cycle. We can verify through testing, the various
interactions, integration of components and the requirements which were implemented. It
provides timely feedback to resolve the quality issues, in a timely and cost effective
manner. The test workflow involves the following:
Verifying the interactions of components.
Verifying the proper integration of components.
Verifying that all requirements have been implemented correctly.
Identifying and ensuring that all discovered defects are addressed before the
software is deployed.
8.2 QUALITY:
The common usage of the term quality refers to a number of things: principally it means
the absence of defects, but more importantly, a fitness for a desired purpose. The ultimate
goal of testing is to assess the quality of the end product. Quality assessments often
consider process quality and organizational factors as well as direct product quality.
8.3 PRODUCT QUALITY:
The role of testing is not to assure quality, but to assess it, and to provide timely feedback
so that quality issues can be resolved in a timely and cost-effective manner.
43
8.4 TESTING IN THE ITERATIVE LIFECYCLE:
Testing is not a single activity, nor is it a phase in the project during which we assess
quality. If developers are to obtain timely feedback on evolving product quality, testing
must occur throughout the lifecycle: we can test the broad functionality of early
prototypes: we can test the stability, coverage and performance of the architecture while
there is still an opportunity to fix it; and we can test the final product to assess its
readiness for delivery to customers.
8.5 DIMENSIONS OF TESTING:
To assess product quality, different kinds of tests, each one with a different focus, are
needed. These tests can be categorized by several dimensions:
8.5.1 Quality dimension: The major quality characteristic or attribute that is the
focus of test.
8.5.2 Stage of testing: The point in the lifecycle at which the test, usually limited
to a single quality dimension.
8.5.3 Type of testing: The specific test objective for an individual test, usually
limited to a single quality dimension.
8.5.1 STAGES OF TESTING
Testing is not a single activity, executed all at once. Testing is executed against different
types of targets in different stages of the software development. Test stages progress from
testing small elements of the system, such as components (unit testing), to testing
completed systems (system testing). The four stages have the following purposes:
44
8.5.1.1Unit test: The smallest testable elements of the system are tested
individually; typically at the same time those elements are implemented.
8.5.1.2Integration test: The integrated units (or components or subsystems) are
tested.
8.5.1.3System test: The complete application and system (one or more
applications) are tested.
8.5.1.4Acceptance test: The complete application (or system) is tested by end
users (or representatives) for the purpose of determining readiness for
deployment.
These stages occur throughout the lifecycle, with varying emphasis. An early conceptual
prototype user in the inception phase to assess the viability of the product vision will be
subjected to acceptance tests. Architectural prototype developed during the elaboration
phase be subjected to integration and system tests to validate architectural integrity and
performance of key architectural elements.
45
9. BIBILIOGRAPHY:
Reference:
http://java.sun.com/products/jsp
http://jspguru.com
http://www.w3schools.com
46
47
48
49
50
51
52