Final - TwofactorAuthendication

1.
0 INTRODUCTION
Online banking is a very prominent area and has many methods to make the
transactions more secure. One time passwords, two factor authentication, digital
certificate verification are considered to provide more security than general PIN number
authentication. Online Banking allows customers to conduct financial transactions on a
secure website operated by their retail or virtual bank, credit union or building society.
The proposed method guarantees that authenticating to services, online banking features
is secured.
The proposed system involves using a mobile phone as a software token for one
time password generation. The generated one time password is valid for only a short user
defined period of time and is generated by factors that are uni!ue to both, the user and the
mobile device itself. .
Module Description
Login Module
This module allows the user to enter this application by given user name and
password. The "ogin module consists of user name and password and the details are
stored in customer details. The password must along with any special character and si#e
of the password should be minimum $ characters and ma%imum &' characters.
Token Generation Module
This module is used to generate the token that is secret code at the time of user
login. (hen the user login in to this system the secret code is automatically generated
and the details will be sent to the user mobile via )*)
SMS Module
This module is used to send the secret code, to login and transaction event. +nd
the details will be sent to the customer via )*). The )*) will be sent automatically via
)*) gateway.
&
Net anking
This module enables the user to transfer the amount from his account to another
account via internet. In this case more security is needed to done this process. )o the
)*) based password verification is implemented in this process for making secured
transaction. Before the amount transfer this system will send the secret code to the user
through )*) and ask to confirm the transaction. +fter the confirmation only the amount
will be transfer to the receiver account.
!ccount Transaction"
Online payment details will be updated immediately in the centrali#ed server.
Transfer re!uest from the customer will be validated by server, if the user founds as a
correct person, they can make their net transfer.
#ro$ile Update"
The user,s profile will be done by logon user. It has the facility to update their
login information like password and mobile number also. -ere security should be strictly
followed in order to continue further to update their profile. )o the )*) code generated
dynamically will be sent to user,s mobile, then the user has to input the security code to
confirm their updates.
'
1.1 COST %STIM!TION S&ST%M IN T'% (!RMING
.or developing this software and hardware re!uirements needed the less cost of
developing the software package takes five months duration.
De)elop*ent Speci$ication"
This includes salaries and other employment costs of the staff involved in the
development pro/ect and all associated costs.
Setup cost"
This includes the costs of putting the system into place. These consist mainly of
the costs of any new hardware and ancillary e!uipment but will also includes the costs of
file conversion, recruitment and staff training.
Operational Cost"
It consists of costs of operating the system into place. These consist mainly of the
costs of any new hardware and ancillary e!uipment but will also include cost of file
conversion, recruitment and staff training.
0
ene$its *a+ ,e categori-ed as $ollo.s"
Direct ,ene$its"
These accrue directly from the operation of the proposed system. These could
for e%ample1 include reduction in salary bills through introduction of a new,
computeri#ed system.
!ccessi,le indirect ,ene$its"
These are generally secondary benefits, such as increased accuracy through the
introduction of a more user friendly screen design where we might be able to estimate in
errors and hence costs, of the proposed system.
Intangi,le ,ene$its"
These are generally longer term or benefits that are considered very difficult to
!uantify. 2nhanced /ob interest can lead to reduced staff turn over and hence lower
recruitment costs.
3
1./ N%%D (OR COM#UT%RI0%D S&ST%M IN T'% (!RMING
4omputers are one of the most important tasks between people in everyday life.
One would find it very difficult to live without computers. If computer all over the world
come to a half or stand still, it would be like the earth has stopped revolving. 4omputer is
must in today,s life. No matter is what application it is a computer assisted system much
more beneficial than the manual system. 4omputers help not only in aspects for faster.
4omputations but also lies in the most important factor of accuracy.
Technology has developed at a very faster rate but the most important aspect of
any system is the human knowhow and the use of ideas to gear the computer. )o that it
perform re!uired task. This process is essentially what system development is all about.
Online banking is a very prominent area and has many methods to make the
transactions more secure Protection through single password authentication, as is the case
in most secure Internet shopping sites, is not considered secure enough for personal
online banking applications. Transactions in online banking differ from general internet
shopping transactions. +ttacks on online banking deceive the user to steal login data. +
weak password is easy to remember, open to potential attacks. It is not secured in many
cases and risks are high.
#ro)iding e$$icient control
Providing efficient control.
To provide easy way to handle the data.
To provide high data security.
To provide easy data accessing.
5
1.1 S!LI%NT (%!TUR%S O( T'% S&ST%M
It provide the secure online banking services
It avoid the hackers tried to access the account
Third party cannot login into the system without given OTP password
This reduces the tedious work of an employee in bank.
Protection against viruses, Tro/an horses, and )pywarelike software
Protection from hackers
Protects against replaying of a captured user,s password
Protects against e%haustive searching for a user,s password
To provide the data integrity
To use )-+ +lgorithm to produce the )*) Token
$
/.0 !C2GROUND STUD&
%3isting S+ste*
There is no specific tool in past developed for software developers to solve the
issues while on developing application. In the e%isting system, there are limitations like
inconsistency of data, lots of repetitive paper work and time consuming reference work.
This hapha#ard fashion in maintenance leads to the problem of integrating the various
departments. In general online money transfer process has account verification process,
and second level filtering while on third party fund transfer. 2ven though previous
applications running in ))" layer, if the hacker breaks this wall they may misuse the
account holder details. Only userid, password mechanism has been used in previous to
ensure authentication.
/.1.1 Dra.,acks o$ %3isting s+ste*
-ave minimum level of security
If the customer needs any customi#ation or want to integrate with their some other
applications they might need the help of +PI providers
This transaction procedure has huge process and takes long time for virtual money
transfer
2%pensive for startup level companies
6
/./ #roposed S+ste*
To overcome some of the pitfalls in e%isting system, this proposed system has
been developed after careful study, as well as compared with e%isting system.
7emerits in the e%isting system analy#ed and checked carefully, and then we
found solutions for those problems.
The proposed system integrates )*) gateway model in account accessing and
transaction module. To authenticate only the right person to access their online
accounts, the registration process stores the users IP address from account
activation machine. In login process the IP address will be tested initially and the
)*) will be sent if the user found to access from some other machines.
/./.1 !d)antages in proposed S+ste*
The modifications rendered by the customer can be easily updateable, because the
developer has to modify the web service alone, not the entire source
4ompared with previous implementations, this process takes less time for net
transfer and assures the safety
*ulti level security procedure screens the users in all way, and )*) gateway
authenticates the user at every time and alert the account holders in their every
transaction
)*) gateway gives more security to online payment transfer and ensures
reliability and increases the customer confidentiality
8
1.0 S%L%CTION O( T'% ORG!NI0!TION
2IC% In$os+ste*s
2IC% IN(OS&ST%MS
2IC% IN(OS&ST%MS is a professional website designing, 4ustomi#ed
software development, Business process Outsourcing 9 IT:IT2) ; Internet marketing
company providing full featured web services including B'B +c!uisition ; B'4
ecommerce solutions and acting as an offshore development center for overseas
development firms. <I42 Infosystems is an innovative company, based in India that
provides a series of (ebbased and software applications that have helped their customer
to create successful business ventures through online initiatives. <I42 Infosystems
provide all the services that a company needs to get online from web designing to web
hosting and manage leadingedge (eb sites and ebusiness applications. =uality and
4lient )atisfaction are primarily the telling factors of <I42 Infosystems
success in the domestic market. 2ver since its inception, 2IC% In$os+ste*s has accrued
continuous growth in all its business functions and this has been possible only due to its
commitment, !uality training methodologies, the services it offers, knowledge sharing
with industry leaders and professional approach.
Ser)ices
Professional (eb 7esign
)2O concerts, Internet *arketing
Pay per 4lick 4ampaign
"ink Building, 2commerce )olution
(eb +pplication 7evelopment
>
*ultimedia Presentations
4ustomi#ed )oftware development
Business Process Outsourcing IT:IT.
4.0 #ROL%M (ORMUL!TION
Protection through single password authentication, as is the case in most secure
Internet shopping sites, is not considered secure enough for personal online banking
applications. Transactions in online banking differ from general internet shopping
transactions. +ttacks on online banking deceive the user to steal login data. + weak
password is easy to remember, open to potential attacks. It is not secured in many cases
and risks are high.
4.1 M!IN O5%CTI6%"
The main ob/ective of this pro/ect is to provide the additional functionality to the
users more security on their transactions. Phishing attack by the hackers is avoided.
4./ S#%CI(IC O5%CTI6%"
Protection against viruses, Tro/an horses, and )pywarelike software
Protection from hackers
Protects against replaying of a captured user,s password
Protects against e%haustive searching for a user,s password
To provide the data integrity
To use )-+ +lgorithm to produce the )*) Token
&?
4.1. M%T'ODOLOG&"
Met7odolog+ is defined as,
The analysis of the principles of methods, rules, and postulates employed by a
discipline
The systematic study of methods that are, can be, or have been applied within a
discipline or
+ particular procedure or set of procedures
+ secured authentication for online banking can be done using two factor
authentication techni!ues. 7ynamic <ey Token is used for performing the banking
operation.
SHA (Secure Hash Algorithm)
-ashing which is used in many encryption algorithms is the transformation of a
string of characters into a shorter fi%edlength value or key that represents the original
string. The hashing algorithm is called the hash function. + cryptographic hash function
is a procedure, which takes a block of data and gives a fi%edsi#e bit string, the
@cryptographicA hash value. They have many information security applications, including
digital signatures, message authentication codes, and other forms of authentication.
)-+ @)ecure -ash +lgorithmA is one among a number of cryptographic hash functions. It
is a series of cryptographic hash functions1
)-+&, the &$?bit version.
)-+', a newer revision with four variants1 )-+''3, )-+'5$, )-+083 and
)-+5&'.
)-+0, an under development version.
&&
4.4 #L!T(ORM"
4.4.1 'ard.are Con$iguration
Processor 1 Intel Pentium IB
C+* 1 '5$ *B
*emory 1 $3 *B
-ard 7isk 1 3? DB
.loppy 1 &.33*B
I:O 7evices 1 )tandard <eyboard ; "ogitech *ouse
4.4./ So$t.are Con$iguration
.ront2nd 1 +)P.N2T '??5
Back2nd 1 )=")2CB2C '???
Browser 1 I2 $.? or "ater
4.4.1 So$t.are Description
!S#.N%T is a web application framework developed and marketed by *icrosoft
to allow programmers to build dynamic web sites, web applications and web services. It
was first released in Eanuary '??' with version &.? of the .N2T .ramework, and is the
successor to *icrosoftFs +ctive )erver Pages @+)PA technology. +)P.N2T is built on the
4ommon "anguage Cuntime @4"CA, allowing programmers to write +)P.N2T code
using any supported .N2T language. The +)P.N2T )O+P e%tension framework allows
+)P.N2T components to process )O+P messages
*icrosoft recommends dealing with dynamic program code by using the code
behind model, which places this code in a separate file or in a specially designated script
tag. 4odebehind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb
while the page file is MyPage.aspx @same filename as the page file @+)PGA, but with the
final e%tension denoting the page languageA. This practice is automatic in *icrosoft
Bisual )tudio and other I72s. (hen using this style of programming, the developer
&'
writes code to respond to different events, like the page being loaded, or a control being
clicked, rather than a procedural walk through the document.
+)P.N2T gives the ability to create web applications that meet demands that arise
when they must process large numbers of re!uests simultaneously. 7escribes how to use
the performance counters that are delivered with .N2T .ramework, as well as how to
create the own performance counter ob/ects to customi#e the way in which you monitor
your applications, services and drivers.
+)P.N2T is a unified (eb 7evelopment platform that provides the services
necessary to build enterpriseclass web applications. (hile +)P.N2T is largely synta%
compatible with +ctive )erver Pages @+)PA, it provides a new programming model and
infrastructure that allow you to create powerful new class of applications. +)P.N2T is
part of the .N2T framework and allows to take full advantage of the features of the
4ommon "anguage Cuntime such as type safety, inheritance, language interoperability
and versioning.
+)P.N2T aims for performance benefits over other scriptbased technologies
@including 4lassic +)PA by compiling the serverside code to one or more 7"" files on
the web server. This compilation happens automatically the first time a page is re!uested
@which means the developer need not perform a separate compilation step for pagesA.
This feature provides the ease of development offered by scripting languages with the
performance benefits of a compiled binary. -owever, the compilation might cause a
noticeable but short delay to the web user when the newlyedited page is first re!uested
from the web server, but wonFt again unless the page re!uested is updated further.
S8L Ser)er /000
*icrosoft )=" )erver '??? includes powerful features to support international
operations and environments. 2%tensive multilingual features make )=" )erver '??? a
compelling database product and applications platform. This article provides a complete
overview of how to use these features in a global conte%t. This article is not limited to a
&0
list of features but also will e%plain how international:multilingual re!uirements can
affect many aspects of a pro/ect.
)=" )erver '??? includes a set of administration and development tools that
improve upon the process of installing, deploying, managing and using )=" )erver
across several sites. )=" )erver '??? also supports a standardsbased programming
model integrated with the (indows 7N+, making use of )=" )erver databases and data
warehouses a seamless part of building powerful and scalable systems. These features
allows to rapidly deliver )=" )erver applications that customers cam implement with a
minimum of installation and administrative overhead.
)=" )erver includes tools for e%tracting and analy#ing summary data for online
analytical processing. )=" )erver also includes tools for visually designing databases
and analy#ing data .The )=" )erver '??? database engine includes integrated G*"
support. It also has the scalability, availability, and security features re!uired to operate as
the data storage component of the largest (eb )ites. The )=" )erver '??? programming
model is integrated with the (indows 7N+ architecture for developing web applications.
&3
9.0 S&ST%M !N!L&SIS !ND D%SIGN
9.1 (act (inding
.act finding is an e%tremely important component of the communication process
which presents its own special set of problems and opportunities to people working to
increase the constructiveness of intractable conflicts. .acts are pieces of information
about the world that can be independently verified by generally accepted research
methods as reliable and a sound bases for decision making and dispute resolution. The
.acts that may be involve technical !uestions such as1 the company, the cost of
constructing the websites, risks associated with the data security, or the amount of money
that a company can afford to pay its employees and its employees and still remain
competitive.
9./ (easi,ilit+ !nal+sis
+ feasibility analysis is conducted to select the best system that meets
performance re!uirements. This entities an identification description, an evaluation of
candidate systems, and the selection of the best system for the /ob.
2conomic .easibility
Technical .easibility
Behavioral .easibility
&5
%cono*ic (easi,ilit+"
2conomic analysis is the most fre!uently used method for evaluating the
effectiveness of the candidate system. *ore commonly known as cost:benefit analysis.
The procedure is to determine the benefits and savings that benefits out weight costs, then
decision is made to design and implement the system. Otherwise, further /ustification or
alterations in the proposed system will have to be made if it is to have enhanced to
approve.
Tec7nical (easi,ilit+"
Technical analysis centers on the e%isting computer system and to what e%tent if
can support the proposed addition. This involves financial considerations to
accommodate technical enhancement. If the budget is a serious constraint then the pro/ect
is /udged not feasibility.
e7a)ioral (easi,ilit+"
+n estimate should be made of how strong a reaction the user staff is likely to
have toward the development of a computeri#ed system. It is common knowledge the
computer installations have something to do with turnover, transfer and changes in
employee /ob status. Therefore it is understandable that the introduction of a candidate
system re!uires special effort to educates, sell, and train the staff on new ways of
conducting business.
&$
9.1 Output Design
One of the most important factors of the system is the output it produces. Output
refers to the results and information that is generated by the system. Basically, the output
from a computer system is used to communicate the result of processing to the user.
Output design is the process that involves designing necessary outputs which helps the
user according to their re!uirements. 2fficient output design should improve the system
relationship with the user and help in decisionmaking.
Once the +dmin gives all kinds of data as input, the appropriate changes will be
made in the database automatically. (hen the user selects Biew 4*) the website with
changes made by the +dmin can be viewed clearly.
4*) pro/ect has si% main links as follows. -ome, +bout Hs, Training, )oftware
package, -ardware and 4ontacts )uppose if the admin has made changes in the banner
and footer information of -omepage, the change will be reflected only in the output
design. Only +dmin has the rights to modify the contents and its outcome will be seen in
the output design.
&6
!ccount Transaction Details
&8
9.4 Input Design
Input design is the overall system design which re!uires careful attention. Input
design process is to design the various input needed in a machine oriented format. The
input design involves providing an interface between the user and the computer system. It
is essential to design the interface in such a way that it makes the user entry easy and
makes input free from errors. In 4*) , the +dmin is the main person for the input
design. The entire pro/ect focuses on four main sections Banner, "ink, .ooter and
4ontent area.
In the banner section we give the input as Banner id, image and Banner title.
These inputs will be checked and directly updated to the database. The link section is
very important and in 4*) it focuses on $ main parts. They are -ome, +bout Hs,
Training, )oftware re!uirements, -ardware and 4ontact Hs. 2very link has a uni!ue link
Id, title, url and the description about the link. 2ach time these inputs will be checked
and then updated to the database.
In the footer section we give input as footerid, Image and footer information.
These types of inputs will also be checked and updated to the database. The content area
is the section where we can add contents about the organi#ation or any other useful
information. 2very page in the 4*) can be edited : updated using these four main
parts.
&>
'?
'&
New +ccount 4reation
''
'0
'3
'5
'$
9.: Code Design
The main purpose of performing code design is to simplify the coding to achieve
better coding. The loading is prepared in such a way that the internal procedures are more
meaningful. Balidation manager is displayed for each column.
The loading of the variable is done in such a way that the other one who has
developed the package can understand its purpose.
Sa*ple Code
Registration
Imports )ystem.7ata.)!l4lient
Partial 4lass +ccountCegistration
Inherits )ystem.(eb.HI.Page
7im conn +s New )!l4onnection
7im .unkI4ode +s New .unkIProIDenerator
Protected )ub btnCegisterI4lick@ByBal sender +s Ob/ect, ByBal e +s
)ystem.2vent+rgsA -andles btnCegister.4lick
7im accno +s )tring J t%taccno.Te%t.Trim
7im accname +s )tring J t%taccname.Te%t.Trim
7im houseno +s )tring J t%thouseno.Te%t.Trim
7im building +s )tring J t%tbuilding.Te%t.Trim
If building J KK Then building J KK
7im street +s )tring J t%tstreet.Te%t.Trim
7im area +s )tring J t%tarea.Te%t.Trim
7im landmark +s )tring J t%tlandmark.Te%t.Trim
If landmark J KK Then landmark J KK
7im city +s )tring J t%tcity.Te%t.Trim
7im state +s )tring J t%tstate.Te%t.Trim
7im country +s )tring J KIndiaK
7im mobile +s )tring J t%tmobile.Te%t.Trim
7im mailid +s )tring J t%tmail.Te%t.Trim
7im HserId +s )tring J KK
7im HserPass +s )tring J .unkI4ode.DenerateIHserIdPass
'6
F inset into "ogin Table
Try
7im 4md +s )!l4ommand
4md J New )!l4ommand
4md.4ommandTe%t J Kinsert into TabIHserI"ogin K ; I
K @HserIPassword,HserI"evel,HserI"oginIIP,HserI4reationI7ateA K ; I
K values @FK ; HserPass ; KF,0,F?F,Det7ate@AAK
4md.4onnection J conn
4md.2%ecuteNon=uery@A
4md.4ommandTe%t J K)elect ma%@HserI"oginII7A from TabIHserI"oginK
HserId J 4md.2%ecute)calar@A.To)tring
4md.4ommandTe%t J K insert into TabIHserI+ccount K ; I
K @HserI"oginII7, accNo,
accName,houseNo,building,street,area,landmark,city,state,country,mobile,mailidA K ; I
K values@K ; HserId ; K,FK ; accno ; KF,FK ; accname ; KF,FK ; houseno ; I
KF,FK ; building ; KF,FK ; street ; KF,FK ; area ; KF,FK ; landmark ; KF,FK ; city
; KF,FK ; I
state ; KF,FK ; country ; KF,FK ; mobile ; KF,FK ; mailid ; KFAK
F+dded Balance Table
4md J New )!l4ommand@KInsert into TabIHserIBalance values@K ; HserId ;
K,?AK, connA
t%taccname.Te%t J KK
t%taccno.Te%t J KK
t%thouseno.Te%t J KK
t%tbuilding.Te%t J KK
t%tarea.Te%t J KK
t%tcity.Te%t J KK
t%tstate.Te%t J KK
t%tcity.Te%t J KK
t%tcountry.Te%t J KK
t%tmail.Te%t J KK
t%tmobile.Te%t J KK
t%tlandmark.Te%t J KK
'8
7im ms +s )tring J .unkI4ode.)endICegistrationI)*)@mobile, accno,
HserPassA
.unkI4ode.)endI*ail@HserId, mailid, accnoA
"abelInfo.Te%t J KCegistered +nd )*) )ent to the +ccount -olderFs *obile . . . K
; vb4r"f ; I
KLhr:MLbM2%tra Info. 1 L:bMK ; ms.To)tring
4atch e% +s 2%ception
"abelInfo.Te%t J e%.*essage
2nd Try
2nd )ub
Protected )ub PageI"oad@ByBal sender +s Ob/ect, ByBal e +s )ystem.2vent+rgsA
-andles *e."oad
conn.4onnection)tring J
4onfiguration*anager.4onnection)trings@K4on)trINesBankKA.4onnection)tring
conn.Open@A
7im NaviI*ain +s *enu J 4Type@*aster..ind4ontrol@K*enu*ainKA, *enuA
7im NaviI+dmin +s *enu J 4Type@*aster..ind4ontrol@K*enu+dminKA, *enuA
NaviI*ain.Bisible J .alse
NaviI+dmin.Bisible J True
2nd )ub
Protected )ub PageI"oad4omplete@ByBal sender +s Ob/ect, ByBal e +s
)ystem.2vent+rgsA -andles *e."oad4omplete
t%taccno.Te%t J .unkI4ode.+ccNumber
2nd )ub
Protected )ub PageIHnload@ByBal sender +s Ob/ect, ByBal e +s )ystem.2vent+rgsA
-andles *e.Hnload
conn.4lose@A
2nd )ub

2nd 4lass
User Login
Imports .unkIProIDenerator
Partial 4lass BankI"ogin
'>
7im .unkI4ode +s New .unkIProIDenerator
Protected )ub "ogin&I+uthenticate@ByBal sender +s Ob/ect, ByBal e +s
)ystem.(eb.HI.(eb4ontrols.+uthenticate2vent+rgsA -andles "ogin&.+uthenticate
7im 47 +s New )!l4ommand@Kselect T".HserI"oginII7 as H)CII7,
HserIPassword as H)CIP+)),K ; I
KHserI"oginIIP,accNo,accName,mobile,mailid from
TabIHserI"ogin T" K ; I
K /oin TabIHserI+ccount T+ on T+.HserI"oginII7 like K ; I
K T".HserI"oginII7 and HserI"evel J 0 and K ; I
K T".HserI"oginII7 like FK ; "ogin&.HserName.To)tring ; I
KF and T".HserIPassword like FK ; "ogin&.Password.To)tring ;
KFK, connA
7im Cd +s )!l7ataCeader J 47.2%ecuteCeader
If Cd.Cead Then
)ession@KH)CII7KA J Cd@KH)CII7KA.To)tring
)ession@KH)CINameKA J Cd@KaccNameKA.To)tring
)ession@KH)CI+cNOKA J Cd@KaccNoKA.To)tring
)ession@K2mailKA J Cd@KmailidKA.To)tring
)ession@K*obileKA J Cd@KmobileKA.To)tring
.unkI4ode.)endI)ecurityI)*)@Cd@KmobileKA.To)tring,
.unkI4ode.DenerateI)*)Pass@A, )ession@KH)CII7KAA
e.+uthenticated J True
F)erver.Transfer@KO:HserI+ccInfo.asp%K, TrueA
Cesponse.Cedirect@KO:HserI"oginI)*).asp%KA
2lse
)ession.4lear@A
"ogin&..ailureTe%t J K(rong Hser Name ; Password . . . K
2nd If
2nd )ub
-andles *e."oad
conn.Open@A
2nd )ub
-andles *e.Hnload
conn.4lose@A
2nd )ub
2nd 4lass
0?
User Login SMS
Partial 4lass BankI"oginI)*)
-andles *e."oad
conn.Open@A
2nd )ub
Protected )ub DoI"oginI4lick@ByBal sender +s Ob/ect, ByBal e +s
)ystem.2vent+rgsA -andles DoI"ogin.4lick
7im cmd +s New )!l4ommand
cmd.4ommandTe%t J K)elect )*)I4ode .rom TabIHserITempI)*) where
HserI"oginII7JK ; )ession@KH)CII7KA.To)tring
cmd.4onnection J conn
If t%tI2nterI)*).Te%t.Trim J cmd.2%ecute)calar.To)tring Then
cmd J New )!l4ommand@K7elete .rom TabIHserITempI)*) where
HserI"oginII7JK ; )ession@KH)CII7KA.To)tring, connA
cmd.2%ecuteNon=uery@A
Cesponse.Cedirect@KO:HserI+ccInfo.asp%KA
2lse
)ession.4lear@A
Cesponse.Cedirect@KO:"ogout.asp%KA
2nd If
2nd )ub
-andles *e.Hnload
conn.4lose@A
2nd )ub
2nd 4lass
User Transaction
0&
Partial 4lass HserITrans
7im 4onn +s New
)!l4onnection@4onfiguration*anager.4onnection)trings@K4on)trINesBankKA.4onnectio
n)tringA
-andles *e."oad
4onn.Open@A

7im NaviI*ain +s *enu J 4Type@*aster..ind4ontrol@K*enu*ainKA, *enuA
NaviI*ain.Bisible J .alse
7im NaviIHser +s *enu J 4Type@*aster..ind4ontrol@K*enuHserKA, *enuA
NaviIHser.Bisible J True
F)ession@KH)CII7KA J K'&??'?&36K
7im 4md +s )!l4ommand
7im =ry +s )tring J K)elect Balance .rom TabIHserIBalance where
HserI"oginII7JK ; )ession@KH)CII7KA.To)tring
4md J New )!l4ommand@=ry, 4onnA
"itIBalance.Te%t J .ormatNumber@4md.2%ecute)calarA
"itI+cNo.Te%t J )ession@KH)CI+cNOKA
=ry J K)elect TransII7 ,TransI7ate , K ; I
KTransIInfo ,cast@TransI7ebit as 7ecimal@&?,'AA as F7ebitF,K ; I
Kcast@TransI4redit as 7ecimal@&?,'AA as F4reditFK ; I
K.rom TabIHserITransaction (here HserI"oginII7JK ;
)ession@KH)CII7KA.To)tring ; K order by TransII7K
4md J New )!l4ommand@=ry, 4onnA
7im 7C +s )!l7ataCeader J 4md.2%ecuteCeader
FDB.+utoDenerate4olumns J True
DB.7ata)ource J 7C
DB.7ataBind@A
DB.4olumns@&A.Item)tyle.-ori#ontal+lign J -ori#ontal+lign.Cight
2nd )ub
0'
9.; Data,ase Design
The database design involves creation of tables. Tables are represented in
physical database as stored files. They have their own independent e%istence. + table
consists of rows and columns. 2ach column corresponds to a piece of information
called field. + set of fields constitutes a record. The record contains all the
information, specific to a particular item.
Ta,le" User Transaction
Primary <ey1 transIid
Hni!ue <ey1 userIloginIid
(ield Na*e Data T+pe Si-e Description
TransII7 numeric &? Transaction I7
HserI"oginII7 numeric &' "ogin I7
TransI7ate smalldatetime Transaction 7ate
TransIInfo te%t 5? Transaction
Information
TransI4redit numeric &? Transaction 4redit
TransI7ebit numeric &? Transaction 7ebit
Cemarks te%t 5? Cemarks
Ta,le" User Te*porar+ SMS
(oreign 2e+" user<login<id
)*)I4ode varchar &' )*) secret code
Ta,le" User Login
00
HserIPassword varchar '? Hser Password
HserI"evel numeric ' Hser Cole
HserI"oginIIP char &5 Hser,s "ogin IP
+ddress
HserI"astI"ogin smalldatetime 3 Hser,s last "ogin
7ate
HserI4reationI7ate smalldatetime 3 Hser 4reation 7ate
Ta,le" User alance
Balance numeric &3 +ccount Balance
03
Ta,le" User !ccount
#ri*ar+ 2e+" accNo
accNo Barchar &5 +ccount Number
accName varchar 5? +ccount
houseNo varchar &? -ouse Number
building varchar $? Builaing Name
)treet varchar 5? )treet Name
+rea varchar 5? +rea Name
"andmark varchar 5? "andmark Name
4ity varchar 5? 4ity
)tate varchar 5? )tate
4ountry varchar 5? 4ountry
*obile varchar &? *obile Number
*ailed varchar $? *ail I7
Ta,le" Re=uests
#ri*ar+ 2e+" re=<id
Ce!II7 Numeric &' Ce!uests I7
HserI"oginII7 Numeric &' "ogin I7
Ce!I7ate )malldatetime 3 Ce!uest 7ate
Ce!I.or te%t 5? Ceason for Ce!uest
Ce!I*obileNumber vrchar 5? Ce!uester *obile
Number
Ce!I)tatus varchar &? Ce!uest status
9.> 6alidation C7ecks
Balidation testing can be defined in many ways, but a simple definition is that
validation succeeds when the software is in manner, that is reasonably e%pected by the
customer. )oftware validation is achieved through a series of black bo% test that
05
demonstrate conformability with re!uirements. +fter validation testing has conducted,
one of the two possible conditions e%ists.
The function or performance characteri#ed confirm the specification and are
e%pected.
The deviation from a specification is found and a deficiency list is created.
*odules tested for Balidation1
*aster *odule 1 Tested for proper input
-omepage *odule 1 Tested for mandatory inputs 2g1 Paragraph inputs
4ontact Page ; +bout the 4ompany1 2mail Balidation, Pincode, Phone No and title field
validations are made.
Training *odule 1 4ourse id: 4ode tested for course name prefi%.
(ield le)el )alidation
*andatory .ield 1 4hecked for input. Input can be alphanumeric value.
2mail .ield 1 Tested for alphanumeric value, must start with alphabet,
*ust contain P symbol.
Phone Number 1 4hecked for 4ountry code and I)7 code
Pincode 1 *ust be within the range of $ digits.
2%ample1 In the user account registration form, the phone number must be entered
as a numeric value and email id must be in a valid format. Otherwise it will
produce an error message. )imilarly in all the forms the re!uired fields are
validated.
0$
:.0 D%6%LO#M%NT O( S&ST%M !ND T%STING
S+ste* Testing
The test phase is an important part in software development. It performs a very
critical role for assurance and for ensuring the reliability of the software. It is the stage of
implementation which ensures that system works accurately and effectively before the
live operation commences.
T%STING M%T'ODOLOGI%S
)ystem testing is state of implementation, which is aimed at ensuring that the
system works accurately and efficiently as e%pect before live operation commences.
It certifies that the whole set of programs hang together.
)ystem testing re!uires a test plan that consists of several key activities and
step for run program, string, system and user acceptance testing. The implementation
of newly designed package is important in adopting a successful new system.
Testing is the important stage in software development. the system test in
implementation stage in software development process. The system testing
implementation should be confirmation that all is correct and an opportunity to show
the users that the system works as e%pected. It accounts the largest percentage of
technical effort in the software development process.
Testing phase in the development cycle validates the code against the
functional specification testing is vital to achievement of the system goals. The
ob/ective of the testing is to discover errors to fulfills this ob/ective a series of test
step unit, integration. validation and system tests were planned and e%ecuted the test
steps are1
06
Unit testing"
Hnit testing focuses verification efforts on the smallest unit of software
design, the module. This is also known as Q*odule TestingR. The modules are tested
separately. This testing is carried out during programming stage itself. Hnit testing
specifies paths in the module,s control structure to ensure complete coverage and
ma%imum error detection. This test focuses on each module individually, ensuring
that it functions properly as a unit.
+ccording to the pro/ect, the given /ava source code is tested for used and
unused variables, different visual basic source codes are taken as input and variables
are listed within each and every class and tested for their correctness.

Integration Testing
7ata can be lost across the interfaceS one module can have an adverse effect on
others. Integration testing is a systematic testing for constructing program structure.
(hile at the same time conducting tests to uncover errors associated within the interface.
Integration testing addresses the issues associated with the dual problems of verification
and program construction. +fter the software has been integrated a set of high order sets
are conducted. The ob/ective is to take unit tested modules and combine them test it as a
whole. Thus, in the integrationtesting step, all the errors uncovered are corrected for the
ne%t testing steps.
6alidation Testing
The outputs that come out of the system are as a result of the inputs that go in
to the system. )o, for the correct and the e%pected outputs the inputs that go in to the
system should be correct and proper. )o this testing is done to check if the inputs are
correct and they are validated before it goes in to the system for processing.
08
2g1 In the user registration form, the phone number must be entered as a numeric
value and email id must be in a valid format. Otherwise it will produce an error
message. )imilarly in all the forms the re!uired fields are validated.
Output Testing"
+fter performing the validation testing, the ne%t step is output testing of the
proposed system, since no system could be useful if it does not produce the re!uired
output in the specified format. +sking the users about the format re!uired by them
tests the outputs generated or displayed by the system under consideration. -ence the
output format is considered in 'waysone is on screen and another is printed format.
0>
;.0 IM#L%M%NT!TION S&ST%M M!INT%N!NC%
Implementation includes all the activities that takes place to convert the old
system to the new one. Proper implementation is essential to provide a reliable system to
meet the organi#ation re!uirements.
Before installing the software the client must be sure that the following changes
are made. The 4lient must check for the )oftware and the -ardware re!uirements. The
)oftware re!uirements are (eb )erver II), framework '.?. The 4lient must create a
virtual directory in the II) to run the pro/ect and configure it.
To e%ecute the pro/ect in the browser the local path must be noted http1:: "ocal
-ost: 4ontent *anagement must be given. The -omepage of 4*) will be opened. In
that two options will be available they are +dmin 4*) and the Biew 4*).
If the +dmin 4*) is selected, the +dmin can manage the contents. -e can edit:
delete: update the contents. +ll the operations will be directly updated in the database.
Once all the necessary changes have been made, the Biew 4*) option is selected to view
the final output.
To +ccess from outside we need to purchase domain, -osting )pace, ftp to
transfer the software files from Offline to Online. Hsing the 7omain Name we can
access the files.
3?
S&ST%M M!INT%N!NC%
The maintenance phase of the software cycle is the time in which a software
product performs useful work. +fter the system is successfully implemented, it should be
maintained in a proper manner. )ystem maintenance is an important aspect in the
software development life cycle. The need for system maintenance is for it to make
adaptable to the changes in the environment. There may be social, technical and other
environmental changes that affect the system, which is being implemented.
Once a system is successfully implemented, it should be maintained in a proper
manner. )ystem maintenance is an important aspect in the )oftware 7evelopment "ife
4ycle. The need for )ystem maintenance is for it to make adaptable to the changes in the
environment.
In 4*) we can enhance the pro/ect by adding some additional modules. If the
particular organi#ation e%pands its growth by adding some additional services, then we
can also add some divisions and integrate it to the pro/ect.
The system is developed to satisfy the current needs of the organi#ation. In future
if there are any functional problem, then Online troubleshooting can be made. The
developer can directly login through the pro/ect ftp and make the necessary changes.
3&
>.0 CONCLUSION
To promote security in online transaction, and eliminate the pitfalls in previous
applications this pro/ect has been developed. Hser having bank account and have net
transfer facility can make transactions in online. This pro/ect is developed in ' stages.
One application maintains bank customer, their deposits and withdrawal details and the
net banking facility provided for individual users. +nother application is developed for
user,s online money transfer.
To transfer money in online, the customer must have uni!ue login details. If the
user changes their login location the system confirm the user identity by sending security
code to the concerned user,s mobile. )ecurity system is applied in money transaction
module by implementing )*) gateway. Before the user transfers their money they need
to give security code generated by the system.
Transactions will be held between account holder and other account holder by
ensuring the user identity. 4onfirmed and authori#ed user could transfer their money to
other users via online.
3'
?.0 SUGG%STIONS (OR (UTUR% @OR2
This pro/ect is developed to meet the present re!uirement. But it can be enhanced
further to suit in all applications. Presently this system is developed for single domain,
ie., for individual bank only. But it needs to be enhanced and integrated with all online
money transaction applications. But hacking and brute force attacks in online money
transfer applications are still continuing problem in internet.
)o this )*) model can be implemented in other applications also. +s well as this
pro/ect is developed for single virtual bank alone, but in future this application should be
modified and adopted with other bank sectors in real time, to give productivity in
application development.
30
10.0 ILIOGR!#'&
R%(%R%NC%S
Cichard *ansfield,R!S#.NetR, -ungry minds Publications, .irst 2dition. Thearon
*illis,R!S#.Net Data,asesR, (iley7reamtech Press, )econd 2dition.
Eeffery P *c *anuns nd 4hris <insman,R6. NetR, 2nterprise Publications, '??$
2dition.
7an +ppleman,R6. Net #rogra**ingR, Paralyph Press and 7reamtech, '??5
2dition.
Cichard 2 .airly,RSo$t.ar.e %ngineering ConceptsR, Tata *cDrawhill
Publications, '??? 2dition.
.utrell )hafer,R8ualit+ So$t.are #roAect Manage*entR Dalgotia Publications,
&>>$.
+nil 7esai,RS8L Ser)er /000 ackup and Reco)er+R, *cDraw -ill, '??5
2dition.
@%SIT%S"
http1::www.codepro/ect.com
http1::www.aspdotnetheaven.com
http1::www.a&vbcode.com
http1::www.support.microsoft.com
http1::www.startaspdotnet.com
http1::www.csharpcorner.com
33
http1::www.dotnetspider.com
!##%NDIC%S
!. Data (lo. in Organi-ation le)el
CONT%BT (LO@ DI!GR!M"
L%6%L 1 DI!GR!M"
Le)el /
35
)ecure Net
Banking
using )*)
Hser
Transaction
4ustomer
"ogin
)*) +lerts
+dmin
"ogin
+dd Party
Biew
Transaction
4ustomer
*anage Party
.und
Transferred
+vail
Balance
Third
Party
Cegistrati
on
Ceg. Hser
Party Info
Biew Ceports
Cegistration
Hser
Transacti
on -ome
)hopping
Cegistration
HI7, P(7:
IP Berification
Hser
Hser
"ogin
)tores IP
+ddress
Balid Hser
)end
)*)
)end to
*obile
Biew
Transactio
ns
.und
Transfer
+dd
Party
)end
)*) to
+pprove
Transfer
)ecret 4ode as
)*) Transaction
Ceports
Transacti
on
+pproval
Transfer .und
Party Info
4onfirm to
Transfer
Profile
Hpdate
Hser Prf
)*) to *obile
)*) to *obile
*obile Number
. Data Dictionar+
+ data dictionary is a computerbased catalogue or dictionary containing
metadata, that is, data about data. + data dictionary includes a software component to
manage a database of data definitions, that is, metadata about the structure, data elements,
and other characteristics of an organi#ation,s databases.
+ data dictionary is a collection description of the data ob/ects or items in a data
model for the benefit of programmers and others to need to refer to them. + first step in
analy#ing a system of ob/ects with which users interact is to identify each ob/ects and its
relationship to other ob/ects. This process is called data modeling.
(hen developing programs that use the data model, a data dictionary can be
consulted to understand where a data item fits in the structure, what values it may
contain, and basically what the data item means in real world terms

3$
C. S!M#L% (ORMS
Screen S7ot
)ecured net banking using sms1
36
38
3>
5?
5&
5'
50
53
55
5$
56
58
5>
$?
$&
$'
$0
$3
$5
$$
$6
$8
$>
6?
6&

Final - TwofactorAuthendication

Uploaded by

Copyright:

Available Formats

Final - TwofactorAuthendication

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final - TwofactorAuthendication

Uploaded by

Copyright:

Available Formats

1.

You might also like