8/6/2019 2factor Pro Mzc
1/61
Page | 4Project Report TwoFactor Authentication
TABLE OF CONTENTS
1. INTRODUCTION ........7
2. SYSTEM STUDY ........6
2.1 Study of existing system .....................6
2.2 Study of proposed system ....................6
3. SYSTEM ANALYSIS ............11
3.1 Feasibility study .................11
3.1.1 Operation feasibility ................11
3.1.2 Technical feasibility ........ 12
3.1.3 Economicalfeasibility.......13
4. SYSTEM SPECIFICATION .13
4.1 Hardware specification ...13
4.2 Software specification ........13
4.3 Languages used ..............13
4.3.1 Java ..................13
4.3.2 JSP....15
4.3.3 JavaScipt...18
4.3.4 J2ME.18
4.3.5 J2EE..23
4.3.6 MySQL.....24
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
2/61
Page | 5Project Report TwoFactor Authentication
5. SYSTEM DESIGN ........26
5.1 Logical Design .................27
5.2 Input Design ....................28
5.3 Output Design .................28
5.4 Physical Design.29
5.5 Modular Design.30
5.6 Database Design31
5.7 DFD...32
6. DETAILED DESIGN..............................................................35
6.1 Module Description ......................35
6.2 Table Design.............................................................................................37
7. STSTEM TESTING & IMPLEMENTATION......................39
7.1 System Tesing ..........39
7.1.1 Unit Testing ...............41
7.1.2 Module Level Testing ..................41
7.1.3 Integration & System Testing ...........41
7.1.4 Regression Testing..42
7.2 System Implementation..42
7.2.1 Implementation methods.43
7.2.2 Implementation plan44
8. FIGURES..................................................................................45
8.1 Data Flow Diagram ......45
8.2 Screen Shots .................48
8.2.1 Desktop part .................48
8.2.2 Website part .............53
8.2.3 Mobile part.....60
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
3/61
Page | 6Project Report TwoFactor Authentication
9. CONCLUSION ...63
10. REFERENCES..64
1. INTRODUCTION
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
4/61
Page | 5Project Report TwoFactor Authentication
Today security concerns are on the rise in all areas such as banks,
governmental applications, healthcare industry, military organization, educationalinstitutions, etc. Government organizations are setting standards, passing laws and
forcing organizations and agencies to comply with these standards with non-compliance
being met with wide-ranging consequences. There are several issues when it comes to
security concerns in these numerous and varying industries with one common weak link
being passwords. Most systems today rely on static passwords to verify the users
identity. However, such passwords come with major management security concerns.
Users end to use easy-to-guess passwords, use the same password in multiple accounts,
write the passwords or store them on their machines, etc. Furthermore, hackers have the
option of using many techniques to steal passwords such as shoulder surfing, snooping,
sniffing, guessing, etc.Providing usable security mechanisms that take advantage of this
wide spread use of mobile devices not only would increase the level of protection for
critical information, but may also enhance the chances that security considerations will
be embraced by the end users.
Authentication using mobile devices is one way to bring such devices into therealm of security. However, previous research efforts that use mobile devices for
authentication purposes, have employed weak authentication (i.e., only a username and
password pair) using input and output features of such devices. Weak authentication is
known for its vulnerability to several attacks, including shoulder surfing, phishing, and
key logging. Moreover, the compact size of mobile devices imposes constraints on their
efficient and consistent usability. It is unreasonable to expect a user to enter a
potentially long password into a mobile device several times a day. Likewise, we cannot
expect users to use small screens of mobile devices as a proper output device for their
daily transactions.
We propose a two-factor authentication system that employs a mobile device to
authenticate a user to a web server (i.e. an on-line banking site) through a potentially
untrusted personal computer (i.e., a client). The first factor is the combination of
username and password that are usually required by web servers. The second factor is a
one-time password that would be typed into the browser of the untrusted client and sent
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
5/61
Page | 6Project Report TwoFactor Authentication
to the web server. In our implementation of OTPs, we provide the users with a list of
randomly generated OTPs following SHA1 algorithm including security against
shoulder surfing attacks. Storing the long term credentials on the mobile device prevents
from repetitive entry of potentially long username and passwords into a mobile device
and enables the users to use long and possibly more complicated passwords for their
accounts. Furthermore, using an OTP as a secondary authentication credential changes
the whole authentication process from weak authentication to strong authentication, thus
bringing more security for the users. We have implemented this authentication
mechanism using JAVA Mobile Information Device Profile (MIDP) for J2ME on a
relevant Mobile phone.
In addition to a description of this authentication protocol, we present the results
of security and usability evaluations of our two-factor mobile authentication system.
The security analysis evaluates the mobile authentication mechanism against an
adversary model. Our analysis shows that the security of our devised method is
improved over similar authentication approaches that use mobile devices, due to the
addition of the OTP which leads to having a strong authentication mechanism. Further
more, the results of our usability study show that our participants were willing to adopt
the new technology once became aware of the potential threats to their passwords when
using untrusted computers. Participants indicated they would accept a lower level of
usability in return for the higher level of security of the mobile technology. However,
for this new technology to be a complete replacement to conventional
username/password based systems, it should be significantly simpler.
Security Evaluation of the Mobile Authentication Mechanism
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
6/61
Page | 7Project Report TwoFactor Authentication
There are a variety of attacks that require to be considered while analyzing the
security of our method and this method is secure against the following types of attacks.
-Key Logging Attacks
-Lost or Stolen Mobile Device
-Lost or Stolen List of OTPs
-Shoulder Surfing
-Phishing Man-in-the-Middle Attack
-Passive Man-in-the-Middle Attack
-Active Man-in-the-Middle Attack
- Denial of Service Attack
2. SYSTEM STUDY
System study aims at establishing requests for the system to be acquired,
developed and installed. It involves studying and analyzing the ways of an organization
currently processing the data to produce information. Analyzing the problem thoroughly
forms the vital part of the system study. In system analysis, prevailing situation of
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
7/61
Page | 5Project Report TwoFactor Authentication
problem is carefully examined by breaking them into sub problems. Problematic areas
are identified and information is collected. Data gathering is essential to any analysis of
requests. It is necessary that this analysis familiarizes the designer with objectives,
activities and the function of the organization in which the system is to be implemented.
2.1 STUDY OF EXISTING SYSTEM
Most systems today rely on static passwordsto verify the users identity which
can affect security management. Passwords are known to be one of the easiest targets
of hackers whom uses many techniques to steal passwords such as shoulder surfing,
snooping, sniffing, guessing, etc. Users tend to use easy-to-guess passwords, use same
password in multiple accounts, write passwords or store them on their machines, etc.
2.2 STUDY OF PROPOSED SYSTEM
The proposed method guarantees that authenticating to services, such as online
banking or ATM machines, is done in a very secure manner. The proposed system
involves using a mobile phone as a software token for One Time Password
generation. The generated One Time Password is valid for only a short user defined
time period and is generated by factors that are unique the user .
3. SYSTEM ANALYSIS
The primary goal of the system analyst is to improve the efficiency of the
existing system. For that the study of specification of the requirements is very essential.
For the development of the new system, a preliminary survey of the existing system will
be conducted. Investigation is done whether the up gradation of the system into an
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
8/61
Page | 5Project Report TwoFactor Authentication
application program could solve the problems and eradicate the inefficiency of the
existing system.
3.1 FEASIBILITY STUDY
The initial investigation points to the question whether the project is feasible. A
feasibility is conducted to identify the best system that meets the all the requirements.
This includes an identification description, an valuation of the proposed systems and
selection of the best system for the job. The requirements of the system are specified
with a set of constraints such as system objectives and the description of the out puts. It
is then duty of the analyst to evaluate the feasibility of the proposed system to generate
the above results. Three key factors are to be considered during the feasibility study.
3.1.1 Operation Feasibility
An estimate should be made to determine how much effort and care will go into
the developing of the system including the training to be given to the user. Usually,
people are reluctant to changes that come in their progression. The computer
initialization will certainly affected the turn over, transfer and employee job status.
Hence an additional effort is to be made to train and educate the users on the new way
of the system.
3.1.2 Technical Feasibility
The main consideration is to be given to the study of available resources of the
organization where the software is to be implemented. Here the system analyst evaluates
the technical merits of the system giving emphasis on the performance, Reliability,
maintainability and productivity.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
9/61
Page | 5Project Report TwoFactor Authentication
By taking the consideration before developing the proposed system, the
resources availability of the organization was studied. The organization was immense
computer facilities equipped with sophisticated machines and the software hence this
technically feasible.
3.1.3 Economic Feasibility
Economic feasibility is the most important and frequently used method for
evaluating the effectiveness of the proposed system. It is very essential because the
main goal of the proposed system is to have economically better result along with
increased efficiency. Cost benefit analysis is usually performed for this purpose. It is the
comparative study of the cost verses the benefit and savings that are expected from the
proposed system. Since the organization is well equipped with the required hard ware,
the project was found to be economically.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
10/61
Page | 13Project Report Two
Factor Authentication
4. SYSTEM SPECIFICATION
4.1 HARDWARE SPECIFICATION
Processor : Pentium IV OR Above
Primary Memory : 256 MB RAM
Storage : 40 GB Hard Disk
4.2 SOFTWARE SPECIFICATION
Front end : Java , J2ME ,J2EE
Back end : My SQL
Operating system : Windows
IDE : Net beans
4.3 LANGUAGES USED
4.3.1 JAVA
Java was conceived by James Gosling, Patrick Naughton, Chris Warth, Ed Frank
and Mike Sheridan at Sun Microsystems Inc. in 1991.The primary motivation was the
need for a platform-independent language that could be used to create software to be
embedded in various consumer electronic devices, such as microwave ovens and
remote controls. Java can be used to create two types of programs: applications and
applets. An applet is an application designed to be transmitted over the Internet andexecuted by a Java-enabled web browser. An applet is actually a tiny Java program,
dynamically downloaded across the network, just like an image, sound files, or video
clip.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
11/61
Page | 14Project Report Two
Factor Authentication
Javas Magic: The Byte Code
The key that allows Java to solve both the security and the portability problems just
described is that the output of a Java compiler is not executable code. Rather, it is Byte
code. Byte code is a highly optimized set of instruction designed to be executed by the
Java run-time system, which is called the Java Virtual Machine (JVM).That is in its
standard form, the JVM is an interpreter for Byte code. This may come as a bit of
surprise. Translating a Java program into Byte code helps to makes it much easier to run
a program in a wide variety of environments. The reason is straightforward: only theJVM needs to be implemented for each platform. Once the run-time package exists for a
given system, any Java Program can run on it.
Java Features
Like all other Computer languages, the elements of java dont exist in isolation. Rather
they work together to form the language as a whole. However, this interrelatedness can
make it difficult to describe one aspect of java without involve several others .Object
oriented programming is the core of java. Java is related to C++ which is a direct decent
of C. Much of the character of Java is inherited from these two languages. From C java
derives its syntax. Many of the javas object oriented features were influenced by C++.
In fast several of Javas designing characteristics come from its predecessors. More over
the creation of java is deeply rooted in the process of refinement and adaptation that has
been occurring in computer programming languages for the past three decades. The key
features of java are summed up as follows.
Simple: - java was designed to be easy for the professional programmers to learn
and use effectively.
Source: - Java provides firewall security.
Portable: - Java is portable language.
Object-oriented: - Object oriented programming is the core of java.
Robust: - Provide multiplatform environment.
Multithreaded: - Programs that do many things simultaneously.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
12/61
Page | 15Project Report Two
Factor Authentication
Interpreted: - Java enables the creation of cross platform programs by compiling
into an intermediate representation called java byte code.
Distributed: - Java is designed for distributed environment of internet, because it
handles TCP/IP protocol.
Dynamic: - Java programs carry with them substantial amounts of run time type
information that is used to verify and resolve access to object at runtime. This
makes it possible to dynamic link code in an expedient manner.
4.3.2. JSP-JAVA SERVER PAGES
JSP is now an integral part for developing web-based applications using Java,
because of its ability to separate presentation from logic implementation by combining
standard mark up text with scripting elements and object-oriented components. JSP
provides excellent front-end technology for applications that are deployed over the web.
A key element of the J2EE Application Model is the use of the web as a
preferred mechanism for data delivery between the applications and the end user,
relying on the web browser as a primary user interface for enterprise software. A proto
typical web application can be composed from:
Java Runtime Environment(s) running in the server (required).
JSP page(s) that handle requests and generate the dynamic content.
Servlet(s) that handle request and generate dynamic content.
Server-side Java Beans components that encapsulate behaviour and state.
Static HTML, DHTML, XHTML, XML and similar pages.
Client-side Java Applets, Java Beans components and arbitrary Java class
files.
Java Runtime Environment(s) (downloadable via the plug-in) running in
the client(s).
The Java Server Pages specification inherits from the servlet specificationthe concepts of Applications, Contexts, Sessions, Requests and Responses.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
13/61
Page | 16Project Report Two
Factor Authentication
JSP is a java based technology that simplifies the process of developing
dynamic web sites. With JSP, web designers and developers can quickly incorporate
dynamic elements into web pages using embedded java and simple mark-up tags. These
tags provide the HTML designer with a way to access data and business logic stored
inside java objects. Java Server Pages are text files with the extension .jsp, which take
the place of traditional HTML pages. JSP files contain traditional HTML along with
embedded code that allows the developer to access data from the java code running on
the server.
JSP offers several benefits for dynamic content generation. As a Java-based
technology, it enjoys all of the advantages that the Java language provides with respect
to development and deployment. As an object-oriented language with strong typing,
encapsulation, exception handling, and automatic memory management, use of Java
leads to increased programmer productivity and more robust code. Because compiled
Java byte code is portable across all platforms that support a JVM, use of JSP does not
lock us into using a specific hardware platform, operating system, or server software. If
a switch in any of these components becomes necessary, all JSP pages and associated
Java classes can be migrated over as is. Because JSP is vendor-neutral, developers and
system architects can select best of breed solutions at all stages of JSP deployment .JSP
technology is the Java platform technology for building applications containing
dynamic web content such as HTML, DHTML, XHTML, and XML. The Java Server
Pages technology enables the authoring of web pages that create dynamic content easily
but with maximum power and flexibility. The Java Server Pages technology offers a
number of advantages:
Write Once, Run Anywhere properties
The Java Server Pages technology is platform independent, both in its dynamic
Web pages, its Web servers, and its underlying server components. We can author JSP
pages on any platform, run them on any Web server or Web enabled application server,
and access them from any web browser. We can also build the server components on
any platform and run them on any server.
High quality tool support
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
14/61
Page | 17Project Report Two
Factor Authentication
The Write Once, Run Anywhere properties of JSP allows the user to choose
best-of-breed tools. Additionally, an explicit goal of the Java Server Pages design is to
enable the creation of high portable tools.
Reuse of components and tag libraries
The Java Server Pages technology emphasizes the use of reusable components
such as Java Bean components, Enterprise Java Beans components and tag libraries.
These components can be used in interactive tools for component development and page
composition. This saves considerable development time while giving the cross-platform
power and flexibility of the Java programming language and other scripting languages.
Separation of dynamic and static content
The Java Server Pages technology enables the separation of static content from
dynamic content that is inserted into the static template. This greatly simplifies the
creation of content. This separation is supported by beans specifically designed for the
interaction with server-side objects, and, specifically, by the tag extension mechanism.
Support for scripting and actions
The Java Server Pages technology supports scripting elements as well as actions.
Actions permit the encapsulation of useful functionality in a convenient form that can
also be manipulated by tools. Scripts provide mechanism to glue together this
functionality in a per-page manner.
Web access layer for N-tier enterprise application architecture
The Java Server pages technology is an integral part of the Java 2Platform
Enterprise Edition (J2EE), which brings Java technology to enterprise computing. We
can now develop powerful middle-tier server applications, using a web site that uses
Java Server Pages technology as a front end to Enterprise Java Beans components in a
J2EE complaint.
4.3.3. JAVA SCRIPT
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
15/61
Page | 18Project Report Two
Factor Authentication
JavaScript is use for validation purposes usually at the client-side, which do not
require the server. It is a programming language integrated with HTML. JavaScript
facilitates the developer with properties related to document windows, frames, forms,
loaded documents and links. This scripting language also traps user events so programs
can be developed for such events. This is an interpreter-based language and source code
files are directly executed at runtime. JavaScript includes built-in objects related to the
current windows and documents as well as objects such as Math, String, Date functions
respectively. Since JavaScript is an object-based language, it supports instances,
methods and properties.
The browsers support JavaScript. In JavaScript, the document object refers to
whatever web page the reader is currently looking through which is also the
document that contains the JavaScript code. The links are objects within the document
object. Date, button, checkbox, elements array from password are the other objects
available. JavaScript statements are used to build loops into the script so that commands
can be executed several times.
Event handlers are those parts of language that tell JavaScript to send or to carry
out some actions. The event handlers go into regular HTML tags.
Can display custom dialog boxes on the screen, i.e. alert (), confirm ()
and prompt ().
Have two data types Numbers and Strings.
JavaScript has custom functions and allows user to write code to have
user-defined functions.
4.3.4. J2ME
Sun Microsystems defines J2ME as "a highly optimized Java run-time
environment targeting a wide range of consumer products, including pagers, cellular
phones, screen-phones, digital set-top boxes and car navigation systems."Announced in
June 1999 at the JavaOne Developer Conference, J2ME brings the cross-platform
functionality of the Java language to smaller devices, allowing mobile wireless devices
to share applications. With J2ME, Sun has adapted the Java platform for consumer
products that incorporate or are based on small computing devices.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
16/61
Page | 19Project Report Two
Factor Authentication
General J2ME architecture
J2ME uses configurations and profiles to customize the Java Runtime Environment
(JRE).As a complete JRE, J2ME is comprised of a configuration, which determines the
JVM used, and a profile, which defines the application by adding domain-specific
classes. The configuration defines the basic run-time environment as a set of core
classes and a specific JVM that run on specific types of devices. The profiledefines the
application; specifically, it adds domain-specific classes to the J2ME configuration to
define certain uses for devices.
Configurations overview
The configuration defines the basic run-time environment as a set of core classes and a
specific JVM that run on specific types of devices. Currently, two configurations existfor J2ME, though others may be defined in the future:
Connected Limited Device Configuration (CLDC) is used specifically with the
KVM for 16-bit or 32-bit devices with limited amounts of memory. This is the
configuration (and the virtual machine) used for developing small J2ME
applications. Its size limitations make CLDC more interesting and challenging
(from a development point of view) than CDC. CLDC is also the configuration
that we will use for developing our drawing tool application. An example of a
small wireless device running small applications is a Palm hand-held computer.
Connected Device Configuration (CDC)is used with the C virtual machine
(CVM) and is used for 32-bit architectures requiring more than 2 MB of
memory An example of such a device is a Net TV box.
Connected Limited Device Configuration (CLDC)
CLDC was created by the Java Community Process, which has standardized this
"portable, minimum-footprint. Java building block for small, resource-constrained
devices," as defined on Sun Microsystems' Web site. The J2ME CLDC configuration
provides for a virtual machine and set of core libraries to be used within an industry-
defined profile. As mentioned in Section 2, a profile defines the applications for
particular devices by supplying domain-specific classes on top of the base J2ME
configuration. The K virtual machine (KVM), CLDC's reference implementation of a
virtual machine, and its KJava profile run on top of CLDC. CLDC outlines the most
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
17/61
Page | 20Project Report Two
Factor Authentication
basic set of libraries and Java virtual machine features required for each implementation
of J2ME on highly constrained devices. CLDC targets devices with slow network
connections, limited power (often battery operated), 128 KB or more of non-volatile
memory, and 32 KB or more of volatile memory. Volatile memory is non-persistent and
has no write protection, meaning if the device is turned off, the contents of volatile
memory are lost. With non-volatile memory, contents are persistent and write protected.
CLDC devices use non-volatile memory to store the run-time libraries and KVM, or
another virtual machine created for a particular device. Volatile memory is used for
allocating run-time memory.
CLDC requirements
CLDC defines the following requirements:
Full Java language support (except for floating pointer support, finalization, and
error
handling)
Full JVM support
Security for CLDC
Limited internationalization support
Inherited classes -- all classes not specific to CLDC must be subsets of J2SE
1.3classes
Classes specific to CLDC are in javax.microedition package and subpackages
Connected Device Configuration (CDC)
Connected Device Configuration (CDC) has been defined as a stripped-down version ofJava 2 Standard Edition (J2SE) with the CLDC classes added to it. Therefore, CDC was
built upon CLDC, and as such, applications developed for CLDC devices also run on
CDC devices. CDC, also developed by the Java Community Process, provides a
standardized, portable, full-featured Java 2 virtual machine building block for consumer
electronic and embedded devices, such as smartphones, two-way pagers, PDAs, home
appliances, point-of-sale terminals, and car navigation systems. These devices run a 32-
bit microprocessor and have more than 2 MB of memory, which is needed to store the C
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
18/61
Page | 21Project Report Two
Factor Authentication
virtual machine and libraries .While the K virtual machine supports CLDC, the C virtual
machine (CVM) supports CDC.
Profiles overview
The profile defines the type of devices supported by your application. Specifically, it
adds domain-specific classes to the J2ME configuration to define certain uses for
devices. Profiles are built on top of configurations. Two profiles have been defined for
J2ME and are built on CLDC: KJava and Mobile Information Device Profile (MIDP).
These profiles are geared toward smaller devices. A skeleton profile on which you
create your own profile, the Foundation Profile, is available for CDC. However, for this
tutorial, we will focus only on profiles built on top of CLDC for smaller devices.
Target devices for J2ME applications developed using CLDC generally have the
following
Characteristics:
160 to 512 kilobytes of total memory available for the Java platform
Limited power, often battery powered
Network connectivity, often with a wireless, inconsistent connection and with
limited
bandwidth
User interfaces with varying degrees of sophistication; sometimes with no
interface at all
Some devices supported by CLDC include wireless phones, pagers,
mainstream personal digital assistants (PDAs), and small retail payment terminals.
According to Sun Microsystems, target devices for CDC generally have the following
characteristics:
Powered by a 32-bit processor
Two megabytes or more of total memory available for the Java platform
Devices that require the full functionality of the Java 2 "Blue Book" virtual
machine
Network connectivity, often with a wireless, inconsistent connection and with
limited bandwidth
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
19/61
Page | 22Project Report Two
Factor Authentication
User interfaces with varying degrees of sophistication; sometimes with no
interface
Some devices supported by CDC include residential gateways, Smartphone and
communicators, PDAs, organizers, home appliances, point-of-sale terminals, and car
navigation systems.
Profile 1: KJava
KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is
built on top of the CLDC configuration. The KJava virtual machine, KVM, accepts thesame byte codes and class file format as the classic J2SE virtual machine. KJava
contains a Sun-specific API that runs on the Palm OS. The KJava API has a great deal
in common with the J2SE Abstract Windowing Toolkit (AWT). However, because it is
not a standard J2ME package, its main package is com.sun.kjava. We'll learn more
about the KJava API later in this tutorial when we develop some sample applications.
Profile 2: MIDP
MIDP is geared toward mobile devices such as cellular phones and pagers. The MIDP,
like KJava, is built upon CLDC and provides a standard run-time environment that
allows new applications and services to be deployed dynamically on end-user
devices.MIDP is a common, industry-standard profile for mobile devices that is not
dependent on a specific vendor. It is a complete and supported foundation for mobile
application development.
MIDP contains the following packages, the first three of which are core CLDC
packages, plus three MIDP-specific packages like* java.lang
* java.io
* java.util
* javax.microedition.io
* javax.microedition.lcdui
* javax.microedition.midlet
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
20/61
Page | 23Project Report Two
Factor Authentication
4.3.5. J2EE
Short forJava 2 PlatformEnterpriseEdition. J2EE is a platform-independent,
Java-centric environment from Sun for developing, building and deploying Web-based
enterprise applications online. The J2EE platform consists of a set of services, APIs, and
protocols that provide the functionality for developing multitiered, Web-based
applications.
Some of the key features and services of J2EE:
At the client tier, J2EE supports pure HTML, as well as Java applets or
applications. It relies on Java Server Pages and servlet code to create HTML or
other formatted data for the client.
Enterprise JavaBeans (EJBs) provide another layer where the platform's logic is
stored. An EJB server provides functions such as threading, concurrency,
security and memory management. These services are transparent to the author.
Java Database Connectivity (JDBC), which is the Java equivalent to ODBC, is
the standard interface for Java databases.
The Java servlet API enhances consistency for developers without requiring agraphical user interface.
4.3.6. MySQL
MySQL database has become the world's most popular Open source database
because of its consistency, fast performance, high reliability and ease of use. It has also
become the database of choice for a new generation of applications built on the LAMP
stack (Linux, Apache, MySQL, PHP / Perl / Python). MySQL runs on more than 20
platforms including Linux, Windows, OS/X, HP-UX, AIX, Netware, giving you the
kind of flexibility that puts you in control. MySQL offers a comprehensive range of
certified software, support, training and consulting.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
21/61
Page | 24Project Report Two
Factor Authentication
MySQL is a multithreaded, multi-user SQL Database Management System. My
SQL's implementation of a relational database is an abstraction on top of a computers
file system. The relational database abstraction allows collection of data items to be
organized as a set of formally described tables. Data can be accessed or reassembled
from these tables in many different ways, which do not require any reorganization of
the database tables themselves.
MySQL is popular for web applications such as MediaWiki or Drupal and act as
the database component of the LAMP ,MAMP and WAMP
platforms(Linux/Mac,Windows-Apache MySQL-PHP/Perl/Python), and for open
-source bug tracking tools like Bugzilla
Its popularity as a web application is closely tied with the popularity of PHP ,
which is often combined with MySQL and nicknamed Dynamic Duo .It is easy to find
many references that combines the two in websites and books(PHP and MySQL for
Dummies,PHP and MySQL Bible, Beginning PHP and MySQL etc).
Relational database speak SQL (Structured Query Language). SQL is a standard
interactive programming language for getting information from and updating a
relational database. Although SQL itself is both an ANSI and an ISO standard, many
database products support SQL with proprietary extensions to the standard language.
SQL queries take the form of a command language that lets you select, insert, update,
find out the location of data, and so forth.
My SQL Features:
Cross platform support
Stored procedures
Triggers
Cursors
True VARCHAR support
Updated views
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
22/61
Page | 25Project Report Two
Factor Authentication
Very fast and much reliable for any type of application.
Very lightweight application.
Command line tool is very powerful and can be used to run SQL queries
against database.
Supports indexing and binary objects.
Allows changing the structure of table while server is running.
It has a wide user base.
It is a very fast thread-based memory allocation system.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
23/61
Page | 26Project Report Two
Factor Authentication
5. SYSTEM DESIGN
System design is the solution to the creation of a new system. This phase is
composed of several systems. This phase focuses on the detailed implementation of the
feasible system. It emphasizes on translating design specifications to performance
specification. System design has two phases of development logical and physical
design.
During logical design phase the analyst describes inputs (sources), out puts
(destinations), databases (data sores) and procedures (data flows) all in a format that
meats the uses requirements. The analyst also specifies the user needs and at a level that
virtually determines the information flow into and out of the system and the data
resources. Here the logical design is done through data flow diagrams and database
design.
The physical design is followed by physical design or coding. Physical design
produces the working system by defining the design specifications, which tell the
programmers exactly what the candidate system must do. The programmers write the
necessary programs that accept input from the user, perform necessary processing on
accepted data through call and produce the required report on a hard copy or display it
on the screen.
5.1 LOGICAL DESIGN
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
24/61
Page | 27Project Report Two
Factor Authentication
Logical design of an information system shows the major features and also how
they are related to one another. The first step of the system design is to design logical
design elements. This is the most creative and challenging phase and important too.
Design of proposed system produces the details of the state how the system will meet
the requirements identified during the system analysis that is, in the design phase we
have to find how to solve the difficulties faced by the existing system. The logical
design of the proposed system should include the details that contain how the solutions
can be implemented. It also specifies how the database is to be built for storing and
retrieving data, what kind of reports are to be created and what are the inputs to be given
to the system. The logical design includes input design, output design, and database
design and physical design.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
25/61
Page | 28Project Report TwoFactor Authentication
5.2 INPUT DESIGN
The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and those
steps are necessary to put transaction data into a usable form for processing data entry.
The activity of putting data into the computer for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur
by having people keying the data directly into the system. The design of input focuses
on controlling the amount of input required, controlling errors, avoiding delay, avoiding
extra steps and keeping the process simple.
The system needs the data regarding the asset items, depreciation rates, asset
transfer, physical verification for various validation, checking, calculation and report
generation.. The error raising method is also included in the software, which helps to
raise error message while wrong entry of input is done. So in input design the following
things are considered.
What data should be given as input?
How the data should be arranged or coded?
The dialogue to guide the operating personnel in providing input.
Methods for preparing input validations and steps to follow when error occur
The samples of screen layout are given in the appendix.
5.3 OUTPUT DESIGN
Computer output is the most important and direct information source to the user.
Output design is a process that involves designing necessary outputs in the form of
reports that should be given to the users according to the requirements. Efficient,
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
26/61
Page | 29Project Report TwoFactor Authentication
intelligible output design should improve the systems relationship with the user and
help in decision making. Since the reports are directing referred by the management for
taking decisions and to draw conclusions they must be designed with almost care and
the details in the reports must be simple, descriptive and clear to the user. So while
designing output the following things are to be considered.
Determine what information to present
Arrange the presentation of information in an acceptable format
Decide how to distribute the output to intended receipts
Depending on the nature and future use of output required, they can be displayed
on the monitor for immediate need and for obtaining the hardcopy. The options for the
output reports are given in the appendix.
5.4 PHYSICAL DESIGN
The process of developing the program software is referred to as physical
design. We have to design the process by identifying reports and the other outputs the
system will produce. Coding the program for each module with its logic is performed in
this step. Proper software specification is also done in this step.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
27/61
Page | 30Project Report Two
Factor Authentication
5.5 MODULAR DESIGN
A software system is always divided into several sub systems that makes it
easier for the development. A software system that is structured into several subsystems
makes it easy for the development and testing. The different subsystems are known as
the modules and the process of dividing an entire system into subsystems is known as
modularization or decomposition.
A system cannot be decomposed into several subsystems in any way. There
must some logical barrier, which facilitates the separation of each module. The
separation must be simple but yet must be effective so that
the development is not affected.
The system under consideration has been divided into several modules taking in
consideration the above-mentioned criteria.
Modules are:-
-Administrator-Client-Server-Mobile-OTP Generation
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
28/61
Page | 31Project Report TwoFactor Authentication
5.6 DATABASE DESIGN
The overall objective in the development of database technology has been to
treat data as an organizational resource and as an integrated whole. DBMS allow data to
be protected and organized separately from other resources. Database is an integrated
collection of data. The most significant form of data as seen by the programmers is data
as stored on the direct access storage devices. This is the difference between logical and
physical data.
Database files are the key source of information into the system. It is the process
of designing database files, which are the key source of information to the system. The
files should be properly designed and planned for collection, accumulation, editing and
retrieving the required information.
The organization of data in database aims to achieve three major objectives: -
Data integration.
Data integrity.
Data independence.
The proposed system stores the information relevant for processing in the MS
SQL SERVER database. This database contains tables, where each table corresponds to
one particular type of information. Each piece of information in table is called a field or
column. A table also contains records, which is a set of fields. All records in a table
have the same set of fields with different information. There are primary key fields that
uniquely identify a record in a table. There are also fields that contain primary key from
another table called foreign keys.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
29/61
Page | 32Project Report Two
Factor Authentication
5.7 DFD
The data flow diagram is used for classifying system requirements to major
transformation that will become programs in system design. This is starting point of the
design phase that functionally decomposes the required specifications down to the lower
level of details. It consists of a series of bubbles joint together by lines.
Bubbles: Represent the data transformations.
Lines: Represents the logic flow of data.
Data cant rigger events and can be processed to useful information. Systems
analysis recognizes the central goal of data in organizations .This dataflow analysis tells
a great deal about how organization objectives are accomplished.
Dataflow analysis studies the use of data in each activity. It documents these
finding in the DFDs. Dataflow analysis give the activities of a system from the view
point of data where it originates , how they are used or hanged or where they go,
including the stops along the way from their destination. The components of dataflow
strategy span both the requirements and systems design. The first part is called
dataflow analysis.
As the name suggests, we didnt use the dataflow analysis tools exclusively for
the analysis stage but also in the designing phase with documentation.
Notations used in Dataflow Diagram
The logic dataflow diagrams can be drawn using four simple notations i.e., special
symbols or icons and the annotation that associates them with a specific system .Since
the choice of notation we follow, does not affect impede or catalyze the system process ;
we used three symbols from YOURDON notation and one from Gain and Sarson
notation as specified below.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
30/61
Page | 33Project Report Two
Factor Authentication
Element References Symbols
Data Flow Process
Process
Data Store
Source/Sink
Description:
Process: Describes how each input data is converted to output data
Data Store: Describes the repositories of data in a system.
Data Flow: Describes the data flowing between process, Data stores andexternal entities.
Source: An external entity causing the origin of data.
Sink: An external entity, which consumes the data
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
31/61
Page | 34Project Report Two
Factor Authentication
Context Diagram
The top level diagram is often called a context diagram. It contains a
single process, but it plays a very important role in studying the current system. Thecontext diagram defines the system that will be studied in the sense that it determines
the boundaries. Anything that is not inside the process identified in the context diagram
will not be part of the system study. It represents the entire software element as a single
bubble with input and output data indicated by incoming and outgoing arrows
respectively.
Types of Dataflow Diagram
DFDs are of two types:
1. Physical DFD
Structures analysis states that the current system should be first understood
correctly. The physical DGD is a model of the current system and is used to ensure that
the current system is clearly understood. Physical DFDs show actual devices,
departments, peoples etc involved in the current system.
2. Logical DFD
Logical DFDs are a model of the proposed system. They clearly show the
requirements on which the new system should be built. Later during the design activity
this is taken as the basis for drawing the system's structure charts.
6. DETAILED DESIGN
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
32/61
Page | 35Project Report Two
Factor Authentication
6.1 MODULE DESCRIPTION
Administrator
The bank administrator can
add or remove
- Branch details ,Account types, Accounts.
Deposit and withdraw
View all cash transactions
Freeze accounts
Client
After registering with the organization, the client must install the OTP
generation software from the server to his mobile.
The client requests for OTP at the time of login.
If the server passwords match and client is authorized, he is directed to his
account where he can
Transfer fund between accounts
View account balance
Server
A server is implemented to generate the OTP on the organizations side.
The server consists of a database containing the client identification
information.
Stored on both the server and clients mobile at registration time.
Both parties generate the OTP at the same point of time.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
33/61
Page | 36Project Report Two
Factor Authentication
Mobile
A J2ME program is developed and installed on the
mobile phone to generate the OTP.
The program has an easy-to-use GUI that is developed using the Net
Beans drag and drop
interface.
OTP Generation
SHA1 algorithm
Factors used
Username
Password
Date -Using the last two digits of the year and the date and month
makes the OTP unique for that particular date.
Hour, Minute
6.2 TABLE DESIGN
Registration Table Table: regtb
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
34/61
Page | 37Project Report Two
Factor Authentication
Primary key: Customer Id
Column name Data type Description
cust_id Int(15) Customer-Id
fn Varchar(50) First name
ln Varchar(50) Last name
addr Varchar(250) Address
mn Int(10) Mobile no
ei Varchar(50) Email_id
un Varchar(15) User name
pw Varchar(15) Password
Account DetailsTable: acctdet
Primary key: Account NumberForeign Key: Customer -Id
Column name Data type Description
acctno Int(15) Account Number
cust_id Int(15) Last name
acctype Varchar(50) Address
minbal Double User name
curtbal Double Password
Staff DetailsTable: employee
Primary key: Staff-Id
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
35/61
Page | 38Project Report Two
Factor Authentication
Column name Data type Description
sid Int(15) Staff-Id
fn Varchar(50) First name
ln Varchar(50) Last name
addr Varchar(250) Address
mn Int(10) Mobile no
ei Varchar(50) Email_id
un Varchar(15) User name
pw Varchar(15) Password
IFSC CodesTable: banksPrimary key: ifsc
Column name Data type Description
ifsc Varchar(15) IFSC codes
7. SYSTEM TESTING AND IMPLEMENTATION
7.1 SYSTEM TESTING
System testing is a critical aspect of Software Quality Assurance and represents
the ultimate review of specification, design and coding. Testing is a process of
executing a program with the intent of finding an error. A good test is one that has a
probability of finding an as yet undiscovered error. The purpose of testing is to identify
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
36/61
Page | 39Project Report Two
Factor Authentication
and correct bugs in the developed system. Nothing is complete without testing. Testing
is the vital to the success of the system.
In the code testing the logic of the developed system is tested. For this every
module of the program is executed to find an error. To perform specification test, the
examination of the specifications stating what the program should do and how it should
perform under various conditions.
Unit testing focuses first on the modules in the proposed system to locate errors.
This enables to detect errors in the coding and logic that are contained within that
module alone. Those resulting from the interaction between modules are initially
avoided. In unit testing step each module has to be checked separately.
System testing does not test the software as a whole, but rather than integration
of each module in the system. The primary concern is the compatibility of individual
modules. One has to find areas where modules have been designed with different
specifications of data lengths, type and data element name.
Testing and validation are the most important steps after the implementation of
the developed system. The system testing is performed to ensure that there are no errors
in the implemented system. The software must be executed several times in order to
find out the errors in the different modules of the system.
Validation refers to the process of using the new software for the developed
system in a live environment i.e., new software inside the organization, in order to find
out the errors. The validation phase reveals the failures and the bugs in the developed
system. It will be come to know about the practical difficulties the system faces when
operated in the true environment. By testing the code of the implemented software, the
logic of the program can be examined. A specification test is conducted to check
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
37/61
Page | 40Project Report Two
Factor Authentication
whether the specifications stating the program are performing under various conditions.
Apart from these tests, there are some special tests conducted which are given below:
Peak Load Tests: This determines whether the new system will handle the
volume of activities when the system is at the peak of its processing demand. The test
has revealed that the new software for the agency is capable of handling the demands at
the peak time.
Storage Testing: This determines the capacity of the new system to store
transaction data on a disk or on other files. The proposed software has the required
storage space available, because of the use of a number of hard disks.
Performance Time Testing: This test determines the length of the time used by
the system to process transaction data.
In this phase the software developed Testing is exercising the software to
uncover errors and ensure the system meets defined requirements. Testing may be done
at 4 levels
Unit Level
Module Level
Integration & System
Regression
7.1.1 UNIT TESTING
A Unit corresponds to a screen /form in the package. Unit testing focuses on
verification of the corresponding class or Screen. This testing includes testing of control
paths, interfaces, local data structures, logical decisions, boundary conditions, and error
handling. Unit testing may use Test Drivers, which are control programs to co-ordinate
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
38/61
Page | 41Project Report Two
Factor Authentication
test case inputs and outputs, and Test stubs, which replace low-level modules. A stub is
a dummy subprogram.
7.1.2 MODULE LEVEL TESTING
Module Testing is done using the test cases prepared earlier. Module is defined
during the time of design.
7.1.3 INTEGRATION & SYSTEM TESTING
Integration testing is used to verify the combining of the software modules.
Integration testing addresses the issues associated with the dual problems of verification
and program construction. System testing is used to verify, whether the developed
system meets the requirements.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
39/61
Page | 42Project Report Two
Factor Authentication
7.1.4 REGRESSION TESTING
Each modification in software impacts unmodified areas, which results serious
injuries to that software. So the process of re-testing for rectification of errors due to
modification is known as regression testing.
Installation and Delivery:
Installation and Delivery is the process of delivering the developed and tested
software to the customer. Refer the support procedures.
Acceptance and Project Closure:
Acceptance is the part of the project by which the customer accepts the product.
This will be done as per the Project Closure, once the customer accepts the product;
closure of the project is started. This includes metrics collection, PCD, etc.
7.2 SYSTEM IMPLEMENTATION
Implementation includes all those activities that take place to convert from the
old system to the new. The old system consists of manual operations, which is operated
in a very different manner from the proposed new system. A proper implementation is
essential to provide a reliable system to meet the requirements of the organizations. An
improper installation may affect the success of the computerized system.
7.2.1 IMPLEMENTATION METHODS
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
40/61
Page | 43Project Report Two
Factor Authentication
There are several methods for handling the implementation and the consequent
conversion from the old to the new computerized system.
The most secure method for conversion from the old system to the new system is
to run the old and new system in parallel. In this approach, a person may operate in the
manual older processing system as well as start operating the new computerized system.
This method offers high security, because even if there is a flaw in the computerized
system, we can depend upon the manual system. However, the cost for maintaining two
systems in parallel is very high. This outweighs its benefits. Another commonly method
is a direct cut over from the existing manual system to the computerized system. The
change may be with in a week or with in a day. There are no parallel activities.
However, there is no remedy in case of a problem. This strategy requires careful
planning.
A working version of the system can also be implemented in one part of the
organization and the personnel will be piloting the system and changes can be made as
and when required. But this method is less preferable due to the loss of entirety of the
system.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
41/61
Page | 44Project Report Two
Factor Authentication
7.2.2 IMPLEMENTATION PLAN
The implementation plan includes a description of all the activities that must
occur to implement the new system and to put it into operation. It identifies the
personnel responsible for the activities and prepares a time chart for implementing the
system. The implementation plan consists of the following steps.
List all files required for implementation.
Identify all data required to build new files during the implementation.
List all new documents and procedures that go into the new system.
The implementation plan should anticipate possible problems and must be able
to deal with them. The usual problems may be missing documents; mixed data formats
between current and files, errors in data translation, missing data etc.
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
42/61
Page | 45Project Report Two
Factor Authentication
8. FIGURES
The different modules, forms and tables in our system are displayed here.
8.1 DATA FLOW DIAGRAM
The following dataflow diagrams show the control flow in our system.
Fig 8.2: Level 1 of administrator
Fig 8.3: Level 2 of administrator
Fig 8.4: Level 1 of user
Fig 8.5: Level 2 of user
Fig 8.1
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
43/61
Page | 46Project Report Two
Factor Authentication
Fig 8.2
Fig 8.3
Fig 8.4
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
44/61
Page | 47Project Report Two
Factor Authentication
Fig 8.5
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
45/61
Page | 48Project Report Two
Factor Authentication
8.2 SCREEN SHOTS
8.2.1 DESKTOP PART
Fig 8.2.1.a Login Form
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
46/61
Page | 49Project Report Two
Factor Authentication
Fig 8.2.1.b Users Registration Form
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
47/61
Page | 50Project Report Two
Factor Authentication
Fig 8.2.1.c Staff process Form
Fig 8.2.1.d Registration completed Form
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
48/61
Page | 51Project Report Two
Factor Authentication
Fig 8.2.1.e Transaction Form
Fig 8.2.1.f Transaction Form 2
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
49/61
Page | 52Project Report Two
Factor Authentication
Fig 8.2.1.g New Account Form
Fig 8.2.1.h Confirmation Form
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
50/61
Page | 53Project Report Two
Factor Authentication
8.2.2 WEBSITE PART
Fig 8.2.2.a Login1
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
51/61
Page | 54Project Report Two
Factor Authentication
Fig 8.2.2.b Login2
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
52/61
Page | 55Project Report Two
Factor Authentication
Fig 8.2.2.c Home Page
Fig 8.2.2.d Fund Transfer Page
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
53/61
Page | 56Project Report Two
Factor Authentication
Fig 8.2.2.e Fund Transfer1
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
54/61
Page | 57Project Report Two
Factor Authentication
Fig 8.2.2.f View Balance
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
55/61
Page | 58Project Report Two
Factor Authentication
Fig 8.2.2.g Fund Transfer2
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
56/61
8/6/2019 2factor Pro Mzc
57/61
Page | 60Project Report Two
Factor Authentication
8.2.3 MOBILE PART
Fig 8.2.3.1 Application Login
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
58/61
Page | 61Project Report Two
Factor Authentication
Fig 8.2.3.2 Option List
Fig 8.2.3.3 Login
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
59/61
Page | 62Project Report Two
Factor Authentication
Fig 8.2.3.4 OTP Generation
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
60/61
Page | 63Project Report Two
Factor Authentication
9. CONCLUSION
We have successfully completed our project Synchronized Two-factor
Authentication Using Mobile Phones in the time span allotted and put together to
form the main system. The modules were tested separately. Testing of the whole system
has been done with sample data and output obtained according to the requirements.
We have described our mobile two-factor authentication mechanism for the
purpose of protecting long term credentials of users, particularly when they must
authenticate while using an untrusted computer. This approach uses a combination of
stored credentials on mobile devices and one-time passwords to assure the
confidentiality of long term credentials.
The main advantage of our mechanism is its comparatively stronger
authentication to other existing approaches.
The selection of JSP has greatly enhanced the capability and user friendliness of
the system. Also the support of a powerful of database My SQL added to its merit.
10. REFERENCES
Department of Computer Science, MZC
8/6/2019 2factor Pro Mzc
61/61
Page | 64Project Report Two
Factor Authentication
TextBooks:
[1] Addison-Wesley, Java(TM) Language Specification, The (3rd Edition)
[2] John W. Muchow, Core J2ME Technology and MIDP
[3} Deepak Alur , Dan Malks ,John Crupi, Core J2EE Patterns: Best
Practices and Design Strategies
Websites:
[1] google.com (google books)
[2] www.javabeginner.com
[3] www.w3schools.com
[4] www.mysql.com
http://google.com/http://www.w3schools.com/http://www.mysql.com/http://google.com/http://www.w3schools.com/http://www.mysql.com/