A MINI PROJECT REPORT

ON
KEYPASS PASSWORD PROTECTION
MANAGER
Submitted To
Jawaharlal Nehru Technological University in partial fulfillment of the
Requirements for the award of
BACHELOR OF TECHNOLOGY
IN
INFORMATION TECHNOLOGY
Head of the Department

DEPARTMENT OF INFORMATION TECHNOLOGY

CERTIFICATE
This is to certify that the mini project entitled
KEYPASS PASSWORD PROTECTION MANAGER
Has been successfully completed by
In the partial fulfillment of the requirements for the Degree of
BACHELOR OF TECHNOLOGY
In
Information Technology
This work was carried out by them under our
Supervision and guidance during the academic year
2008-2009

INTERNAL GUIDE

HEAD OF THE DEPARTMENT

EXTERNAL EXAMINER

DECLARATION

ACKNOWLEDGEMENT

ABSTRACT

KEY PASS PASSWORD PROTECTION MANAGER

Today you need to remember many passwords. You need a password for the
Windows network logon, your e-mail account, your homepage's FTP password, online
passwords (like website member account), etc. etc. etc. The list is endless. Also, you
should use different passwords for each account. Because if you use only one
password everywhere and someone get this password you have a problem. A serious
ID problem to the owner of the. The thief would have access to your e-mail account,
homepage, etc. Unimaginable.
This system is a password manager, which helps you to manage your passwords in a
secure way. You can put all your passwords in one database, which is locked with one
master key or a key file. So you only have to remember one single master password
or select the key file to unlock the whole database. The databases are encrypted. A
facility to update and change information is provided.

Modules:
1. Login & Security
2. ID & Password Manager
3. Encryption
4. Decryption
5. Report Generation.

TABLE OF CONTENTS
1. Introduction
1.1 Purpose

1.2
1.3
1.4
1.5

IntendedAudienceandReadingSuggestions
ProductScope
ProjecttScope
References

2. OverallDescription
2.1
2.2
2.3
2.4
2.5
2.6

ProductPerspective
ProductFunctions
UserClassesandCharacteristics
OperatingEnvironment
DesignandImplementationConstraints
UserDocumentation

3. ExternalInterfaceRequirements
3.1
3.2
3.3
3.4

UserInterfaces
HardwareInterfaces
SoftwareInterfaces
CommunicationsInterfaces

4. SystemFeatures

4.1 SystemFeature1
4.2 SystemFeature2

5.OtherNonfunctionalRequirements
5.1 PerformanceRequirements
5.2 SafetyRequirements

5.3SecurityRequirements
5.4SoftwareQualityAttributes
6. Software Design
7. Screen shots
8. Testing
8.1 Purpose
8.2 Quality
8.3 Product Quality
8.4 Testing in the Iterative lifecycle
8.5 Dimensions of Testing
8.6 Stages of Testing
8.7 System Documentation
9. Bibiliography

1. INTRODUCTION
1.1

Purpose

To provide security to highly confidential data such as ids and passwords that may span
from PC applications to financial information.
1.2

Intended Audience and Reading Suggestions

Intended for Project Managers, Developers, End users and Quality Assurance Engineers.
Suggested reading the document would be overall document description, product based
information gathering followed by Infrastructure requirement.
1.3

Product Scope

1.4

Language

Java

Project Scope

1.5

Provides registration to public in order to access the application.

The user can change his password.
Registered users can store critical and confidential data in a secured form.
Unprotect and Retrieve data as and when necessary.
The data can be retrieved anytime, from anywhere and any number of
times.
Protection provided to the stored data using the DES algorithm.

References
1) Java

a) Java Black Book

b) JSP2.0 Dream tech Publication
c) JSP Work Publications
d) www.w3schools.com

2) Database

a) Databases in Java, Worth

b) Database, C.J Dates

2.OverallDescription

2.1ProductPerspective
In the present scenario every person is associated with some id and password. It may
pertain to accessing the PC, the web, emails, financial institutions, access to credit cards,
ATMs etc. Most often a person tries to remember them in order to use it. It is always
known that a person or individual confuses between passwords of different ids. Some
individuals in order to avoid confusion also adapt to use a common password for all ids.
Both of the above can either lead to misplaced password or forgotten password or easily
hacked when the single password is known. Some individuals even try to save critical
information in books or registers or electronic diaries and carry them along. The
possibility of this carrier being lost or damaged is high. In the present scenario certain
passwords can be recovered after a procedural delay. In some cases the password can not
be reset easily and the user has to forgo or close the account permanently as in the case of
mails.
The project is to maintain a centralized server that, stores critical information and be
accessible to the user from anywhere, anytime. The server can now remember any
amount of ids and passwords irrespective of even their lengths. Highly useful when data
such as a credit card, debit card number etc that have larger number of digits or characters
cannot be remembered easily. In order to provide higher level security the data is stored
in an unreadable format. To provide this scenario the server implements the DES
algorithm using the visual studio. Similarly whenever the data needs to be unprotected
and used the decryption ensures that the data is recovered without any loss or alterations.

2.2ProductFunctions

Register a user.

Store information with security.

Retrieve information as and when required.

Multi-tier architecture enables less maintenance as only the server is of

importance.

Generate report either on a single user id or list of Ids.

Keys are auto generated, associated with password ensures the protection level is
higher.

Length of the keys altered each time to suite user needs.

The user need not remember the keys instead only filenames.

Both the key and password within the application is maintained encrypted.

The details of the account, key, protected file is stored into the database but not
the actual password.

2.3UserClassesandCharacteristics
The application can be used by general public, organizations etc without having to be
specific to any community. The user who has registered only has access to this
application.

2.4OperatingEnvironment
Software Requirements:

Operating System

Windows OS (2000 or higher)

Language

Java

Front End

HTML, JSP

Backend

Ms-Access

Web server

Tomcat

Hardware Requirements (Minimum)

Processor

PIV

Ram

512 Mb

Hard Disk

40 GB Space

Monitor

VGA Color (256)

2.5DesignandImplementationConstraints
The application is designed using JSP. Hence all the design or screens are done using
web pages. The constraints are that JVM should be available and running for the
application to execute. As the database is in Ms-Access, Ms-Office should be installed.
Tomcat should be installed and running.

2.6UserDocumentation
The product is provided with built-in manual that would help the end user use the system
for functioning.

3.ExternalInterfaceRequirements
3.1UserInterfaces
The application provides with keyboard shortcuts and a facility to use the mouse to
trigger the required actions. They act as shortcuts and provide an easy navigation within
the software. Output data to the user including errors and exceptions are displayed
through message boxes and dialogs using HTML.

3.2HardwareInterfaces
The application concentrates on the multi tier scenario and has no dependency on the
network or protocols. When executed on a standalone machine no additional peripheral
requirements are needed.

3.3SoftwareInterfaces
The incoming data to the product would be raw text data and outgoing data would be
binary. Ms-access, JVM and Tomcat are the needed software interfaces.

4.SystemFeatures
1. Login & Security

The module deals with authentication of the users using the application. There are
basically two types of users Administrator & the public.
Each of the above users are associated with user id and password. The user id is
unique to each user. The users login with the specified id and password to access their
schema information. Additional facility to change their password is also provided.
2. ID & Password Manager
This module deals with storing as many IDs and correlated passwords into the
database. Each user can have more than one id stored. The password is sent to the
Blowfish encryption module to have it encrypted or converted to cipher text before it
can be stored in the database. Each id acts as the primary key for that password. The
id is then used to retrieve the associated password later.
3. DES Encryption
DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although
the effective key strength is only 56 bits, as explained below). It takes a 64-bit block
of plaintext as input and outputs a 64-bit block of cipher text. Since it always operates
on blocks of equal size and it uses both permutations and substitutions in the
algorithm, DES is both a block cipher and a product cipher.
DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the
cipher text. It has been found that the number of rounds is exponentially proportional
to the amount of time required to find a key using a brute-force attack. So as the
number of rounds increases, the security of the algorithm increases exponentially.
4. DES Decryption
DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although
the effective key strength is only 56 bits, as explained below). It takes a 64-bit block
of plaintext as input and outputs a 64-bit block of cipher text. Since it always operates
on blocks of equal size and it uses both permutations and substitutions in the
algorithm, DES is both a block cipher and a product cipher.
DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce
the cipher text. It has been found that the number of rounds is exponentially
proportional to the amount of time required to find a key using a brute-force attack.
So as the number of rounds increases, the security of the algorithm increases
exponentially
5. Report Generation
The module allows the users of the application to view the following reports :1. Password for a particular user id.
2. Tabulated listing of all user account and related passwords.

5.OTHERNONFUNCTIONALREQUIREMENTS
5.1PerformanceRequirements
No external factor influences performance as the application is standalone. Higher
memory is recommended for faster execution. However when executed from intranet or
internet good bandwidth, less congestion and shortest route to reach the server would
enhance the performance.

5.2SafetyRequirements
No harm is expected from the use of the product either to the OS or any data.

5.3ProductSecurityRequirements
The product is protected from un-authorized users from using it. The system allows only
authenticated users to work on the application. The users of the system are registered
users.

5.4SoftwareQualityAttributes
The product is user friendly as it is developed using web pages. The application is
reliable and ensures its functioning maintaining the users and their confidential data. As it
is developed in java it is interoperable on any OS. The system requires minimum
maintenance.

6. SOFTWARE DESIGN

UML DIAGRAMS
USE CASE DIAGRAM:
A use case is a set of scenarios that describes an interaction between a user and a
system. A use case diagram displays the relationship among actors and use cases. The two
main components of a use case diagram are use cases and actors.

CLASS DIAGRAM:

A class diagram is a type of static structure diagram that describes the structure of a
system by showing the systems classes ,their attributes and the relationships between the
classes.

SEQUENCE DIAGRAM:

A sequence diagram demonstrates the behavior of objects in a use case by

describing the objects and the messages they pass. The diagrams are read left to right and
descending.
Sequence diagram for login:

Sequence diagram for change password:

Sequence diagram for protect data:

Sequence diagram for unprotect data:

ACTIVITY DIAGRAM:

Activity diagrams describe the workflow behavior of a system. Activity diagrams

are similar to State diagrams because activities are the state of doing something. The diagrams describe
the state of activities by showing the sequence of activities performed.

Activity diagram for change password (A)

Activity diagram for protect data(B)

7.SCREENSHOTS

Home page

Fig 1
The homepage will be appeared as above

Fig.2
When we click on contact us button in the Fig 1 ,the above screen appears displaying
the contact details

Fig 3
When we click on register button in Fig 2 the above screen Fig 3 appears , where the user
has to fill the required fields to register himself.

Fig 4
The registration is successful for the user Arvind.

Fig 5
After registration of a user is successful, he has to login with the correct user Id and
password. In this screen an invalid password is entered.

Fig 6
As the invalid password is entered the above screen Fig 6 is displayed.

Fig 7
When the correct user Id and password are provided the above screen fig 7 appears.

Fig 8
To change password click on change password icon in Fig 7, the Fig 8 appears where the
user has to provide the details that are asked.

Fig 9
If the original password does not match with the password that is given in Fig 8,the above
screen Fig 9 appears saying that password is mismatch, Try again.

Fig 10
Now give the identical password.

Fig 11
Now the password is reset for account Arvind.

Fig 12
To generate keys click on the Generate key option , the above screen appears, where
we have to specify a key file name in .txt form.

Fig 13
The key is generated successfully, if the given key file name doesnt exist.

Fig 14
To protect the data click on Protect Data option, then the above screen appears where
the account id should be provided giving the description of the account in the account
description field and the password to protect is the password which we want to protect,
the protection date will be generated automatically and the master key is the key file
name that is given during the generating key and the protected file is the location given
where we want to store the file.

Fig 15
After giving all the details the password is protected successfully.

Fig 16
To recover the data click on the unprotect data option and the above screen appears
where we need to give our account Id and master Key.

Fig 17
As the given master key is invalid the above screen appears.

Fig 18
Give the correct Master Key.

Fig 19
The password is recovered.

Fig 20
To view keys click on view keys option, then it gives the list of accounts that has
been created by the user with the description and key. Arvind has created an account
suresh@gmail.com which is displayed in the above screen.

8.TESTING
8.1 PURPOSE:
The purpose of testing is to assess product quality. It helps to strengthen and stabilize
the architecture early in the development cycle. We can verify through testing, the various
interactions, integration of components and the requirements which were implemented. It
provides timely feedback to resolve the quality issues, in a timely and cost effective
manner. The test workflow involves the following:
Verifying the interactions of components.
Verifying the proper integration of components.
Verifying that all requirements have been implemented correctly.
Identifying and ensuring that all discovered defects are addressed before the
software is deployed.

8.2 QUALITY:
The common usage of the term quality refers to a number of things: principally it
means the absence of defects, but more importantly, a fitness for a desired purpose. The
ultimate goal of testing is to assess the quality of the end product. Quality assessments
often consider process quality and organizational factors as well as direct product quality.

8.3 PRODUCT QUALITY:

The role of testing is not to assure quality, but to assess it, and to provide timely
feedback so that quality issues can be resolved in a timely and cost-effective manner.

8.4 TESTING IN THE ITERATIVE LIFECYCLE:

Testing is not a single activity, nor is it a phase in the project during which we assess
quality. If developers are to obtain timely feedback on evolving product quality, testing
must occur throughout the lifecycle: we can test the broad functionality of early
prototypes: we can test the stability, coverage and performance of the architecture while
there is still an opportunity to fix it; and we can test the final product to assess its
readiness for delivery to customers.

8.5 DIMENSIONS OF TESTING:

To assess product quality, different kinds of tests, each one with a different focus, are
needed. These tests can be categorized by several dimensions:

8.5.1Quality dimension: The major quality characteristic or attribute that is the

focus of test.
8.5.2Stage of testing: The point in the lifecycle at which the test, usually
limited to a single quality dimension.
8.5.3Type of testing: The specific test objective for an individual test, usually
limited to a single quality dimension.

8.5.2 STAGES OF TESTING

Testing is not a single activity, executed all at once. Testing is executed against
different types of targets in different stages of the software development. Test stages
progress from testing small elements of the system, such as components (unit testing), to
testing completed systems (system testing). The four stages have the following purposes:

8.5.2.1Unit test: The smallest testable elements of the system are tested
individually; typically at the same time those elements are implemented.
8.5.2.2Integration test: The integrated units (or components or subsystems) are
tested.
8.5.2.3System test: the complete application and system (one or more
applications) are tested.
8.5.2.4Acceptance test: The complete application (or system) is tested by end
users (or representatives) for the purpose of determining readiness for
deployment.

These stages occur throughout the lifecycle, with varying emphasis. An

early conceptual prototype user in the inception phase to assess the viability of the
product vision will be subjected to acceptance tests. Architectural prototype
developed during the elaboration phase be subjected to integration and system tests to
validate architectural integrity and performance of key architectural elements.

TEST CASES
Module: Login
Filename: login.vb
Test

Input

Received Output

Act Output

Desc

Valid Login

User Id,
Password

Login Success

Login
Success

Test Passed!
Control
Transferred to
Menu Options

Invalid Login

User Id,
Password

Login Failed

Login Failed

Test Passed!
Try Again

Invalid Login

Null,Null

Login Failed

Login Failed

Test Passed!
Try Again

Input

Received Output

Act Output

Desc

Id,new pwd,
conf pwd Info

Success

Success

Test Passed!
Password
updated

Module : change password

Filename : register.vb
Test
Update
Password

Module : Key Gen

Filename : key.jsp
Test

Input

Received
Output

Act Output

Desc

Generate Key

Key file

Success

Success

Test Passed!
Key generated
& saved to
database

Generate Key

Key file

Failed

Failed

Test Passed!
Try Again, No
path found

Module : Protect data

Filename : protect.jsp
Test

Input

Received
Output

Act Output

Desc

Protect data

Acct Id, Desc,

pwd, key file,
protection file

Success

Success

Test Passed!
Data
encrypted &
Saved to db
with user ID

Protect data

Acct Id, Desc,

pwd, key file,
protection file

Failed

Failed

Test Passed!
Incomplete
data.

Module : Unprotect data

Filename : uprotect.jsp
Test

Input

Received
Output

Act Output

Desc

Un Protect
data

Acct Id, key

file,

Success

Success

Test Passed!
Data
dencrypted &
displayed

Un Protect
data

Acct Id, key

file,

Failed

Failed

Test Passed!
Invalid key

9. BIBILIOGRAPHY:
Reference:
http://java.sun.com/products/jsp
http://jspguru.com
http://www.w3schools.com