Professional Documents
Culture Documents
SYSTEM
CHAPTER ONE
INTRODUCTION
1.0 INTRODUCTION
Technology has made the daily life of people easier. It has also opened many options during the
emergencies like a pandemic, natural disaster, etc. Internet is a part of technology which has become
the most important aspect in our life these days. Surfing through the internet became essential in daily
life for most of the people on Earth. According to (www.statista.com), in January 2021, there were 4.66
billion (59.5 percent of the global population), active users worldwide. Because of easy access to the
internet, ordering foods or products online gained its value throughout time. There are two means of
online shopping, one is the website, and another is through the mobile application. [Johnson. J. 2021,
statista, Data retrieved on 1st of May 2021.] Since early 2020, the world is going through a rough
patch, which people have never seen since the World War II. Now this pandemic is the most concerned
topic in the whole world. Everyday life has been interrupted worldwide. People are still trying to be
safe and continue their daily life. But to fight this epidemic, almost every country is imposing
lockdown and curfew. Even people cannot lead an everyday life these days, and everyone still needs to
hosting or Linux hosting (c-Panel). A hosting is a online space where you will put your all PHP files or
html files. So the question is which one is the best? Windows hosting or Linux hosting. Answer is
Linux c-Panel hosting. You will have more control and option on Linux hosting. I will suggest you to
buy hosting from Hostgator OR from bluehost. I am using Hostgator hosting which is very good.
Second is domain, domain name is URL address of your hosting files. For
example www.blueappsoftware.com it is my website domain name. you can buy domain name from
any provider like Godaddy, BigRock. After buying domain name you will have to link it with your
hosting provider. To do so you have to set name server name on your domain.
The "Online E-commerce Application" has been developed to override the problems usual in the
practicing manual Application. This software is supported to eliminate and in some cases reduce the
hardships faced by this existing Application. Moreover this Application is designed for the particular
need of the company to carry out operations in a smooth and effective manner.
Due to the pandemic outbreak, more people are stuck at home either because of sickness. A demanding
situation has been created for delivery services. Since going out for dining and shopping is no longer a
safe option, consumers turn to delivery services for treating themselves during the days of social
distancing. Many delivery services such as Amazon, eBay, AliExpress, Wolt, Foodora, and UberEATS
have responded to the crisis by expanding their services and introducing contactless delivery options to
eliminate the risk of spreading the virus between the customer and courier. Depending on this situation,
this current project has started to develop. The project is called "DailyShop." It is an Android based e-
commerce mobile application. This application is currently in development. It will help both consumers
and employees of the super shops stay safe during this global pandemic and maintain social distancing
to reduce the spread of the virus. There are two systems in how the e-commerce application runs its
operation. Many e-commerce applications/ companies have their product and own logistics, and they
have their existing consumers. This application runs their business by producing the products by
themselves or purchased from a few specific companies. They advertise the products under their
company banner. The second system is, e-commerce company works as a third party, where they
introduce the product seller and the consumers in a single platform. In this system, they charge some
Mobile applications have transformed the way people connect with one another. With the passage of
time and technological advancements, many new variations have emerged. Not just in terms of lifestyle
quality, but also in terms of how services are obtained. It’s all down to technology, specifically mobile
phones. The number of people who use a mobile phone has increased by millions or even billions.
The COVID-19 outbreak affected the overall performance of the company and reduced the scope of
enterprise-customer engagement. Mobile applications, on the other hand, can reach a specific group of
mobile apps that reap the benefits of evolving technology is a challenge for the leading mobile app
development businesses.
Depending on the market, mobile app needs may vary. Healthcare applications, for example, will have
different functionality than an e-commerce or marketplace app. You must create an intelligent
application based on the demands of the customers that fulfil the users’ requirements promptly. It
implies that if a mobile application provides a solution to a user’s problem, your business app will
Both the Android and iOS systems have their own set of advantages and provide a wide range of
capabilities. It is dependent on your needs as to whichever platform you seek. However, of the
two, Android App Development Services has risen to prominence among users and consumers.
Software Fragmentation.
Device Fragmentation.
Testing Fragmentation.
Programming Languages.
Integration of third-party APIs.
Security Issues.
App Visibility.
This study aims to make us understand the intensity of the current world situation ... It is an Android
The goal for mobile app UI and UX design is to create excellent user experiences, making your app
interactive, intuitive, and user-friendly. While polished UI designs will help with early adoption, your
app must have intuitive user experiences to keep app users engaged.
Creating robust mobile applications and learn how to integrate them with other services. Creating
intuitive, reliable mobile apps using the android services and components. Create a seamless user
1.4 METHODOLOGY
The selection of a good development model will produce an effective and efficient product. The right
choice of development model will produce the right product. One of the characteristics of the accuracy
of the product developed is that the product can be applied properly and provides benefits for its users.
In addition, the results of developing a good Android-based E-Commerce mobile application can
facilitate the ornamental plant business that is occupied. The method to be used for Android-based E-
Commerce mobile application development is ADDIE. The ADDIE model is a colloquial term used to
describe a systematic approach. ADDIE is an abbreviation that refers to the main processes of the
Research and Development (RnD)-based system development process consisting of 5 abbreviations (1)
Analysis (Analysis), (2) Design (Design), (3) Development (Development), ( 4) Implementation, (5)
Evaluation [14]. Some of the reasons for choosing the ADDIE method are: The ADDIE model is a
model that provides opportunities for continuous evaluation and revision in every phase that is passed.
So that the resulting product becomes a valid and reliable product. The ADDIE model is very simple
When considering mobile app development for e-commerce, there are several key factors to remember.
Platform: Determine the target platform(s) for your mobile app development. Consider whether you
want to build a native app (iOS, Android) or a cross-platform app (using frameworks like React Native
or Flutter). Platform choice should align with your target audience and business goals.
User Experience (UX): Prioritize a seamless and intuitive user experience. Ensure that the app is easy
to navigate, visually appealing, and provides a smooth buying experience. Pay attention to factors like
product search, filtering, product details, shopping cart, and checkout process.
Performance: Mobile apps need to be fast and responsive to deliver a satisfactory user experience.
Optimize app performance by minimizing loading times, optimizing images, and implementing
efficient caching mechanisms. Performance is particularly crucial for e-commerce apps to prevent user
Integration with E-business Backend: Consider how the app will integrate with your e-commerce
backend systems, such as inventory management, order processing, and payment gateways. Ensure
smooth data synchronization between the app and your e-commerce platform to maintain accurate
Security: E-commerce mobile apps handle sensitive user data like personal information and payment
details. Security should be a top priority. Implement robust security measures, such as encryption,
secure data transmission, and adherence to industry-standard security practices, to protect user data
Personalization and Customization: Consider incorporating personalization features into your app to
enhance the user experience. Provide personalized product recommendations, user-specific promotions,
and a personalized user interface that adapts to user preferences and behavior.
Wallet Payments: E-commerce application apps should support secure and convenient payment
options. Integrate popular payment gateways and online payment systems to offer a variety of payment
options, including credit cards, digital wallets, and digital payment platforms.
Push Notifications: Implement push notification functionality to engage with your users, send relevant
updates, and notify them about offers, promotions, order status, and abandoned carts. Well-timed and
Analytics and Insights: Incorporate analytics and tracking tools to gather data about user behavior, app
usage, and sales performance. Leverage these insights to identify areas for improvement, make data-
Ongoing Maintenance and Updates: Plan for ongoing maintenance and updates to ensure the app
remains compatible with the latest mobile OS versions, devices, and evolving security requirements.
Regularly release updates to address bugs, add updated features, and enhance performance based on
user feedback.
These factors can help you design a mobile app for e-commerce that provides a superior user
experience, drives sales, and keeps you competitive in the rapidly evolving mobile commerce market.
the android operating system. The android applications offer options to be used on various devices with
This application development service for a mobile application is fairly less expensive because of free
software development tools like IDE Android Development Studio. The cost of entry is also less for
android applications and it can be easily integrated with a wide range of the network.
With Android Studio for easily getting started with App Development, the usability of various non-
specific programming languages, and the availability of SDK for free testing of android apps, the
Custom mobile app development becomes easy with this service and one can custom mobile apps with
One of the biggest offered by android application development service in mobile app development is
the open-source nature of the platform. The code of Android is easily accessible to developers free of
Integration of mobile applications with social media and social media presence in today’s world
becomes an important factor for businesses to focus upon. This app development offers optimized
Increased profits and High ROI are the ultimate results that a business wants when investing in mobile
app development. With the App Development Service one can tap into the ever-enlarging pool of
potential prospects and get huge returns for little investment done smartly.
When it comes to android advantages one can’t fail to miss the flexibility android app development
service offers. Being an open-source project Android application can be easily ported to other operating
systems.
CHAPTER TWO
LITERATURE REVIEW
Every Local Store, whether big or small, has challenges to overcome and managing the information of
Item Category, Men, woman, Child, Address, and Orders. Every Online Ecommerce Application has
different Food needs, therefore we design Exclusive employee management Applications that are
adapted to your managerial requirements. This is designed to assist in strategic planning, and will help
you ensure that your Shop is equipped with the right level of information and details for your future
goals. Also, for those busy executive who are always on the go, our Application come with remote
access features, which will allow you to manage your labour force anytime. These Application will
Over the years and due to previous incidence of Covid pandemic, a large amount of customers moved
online and as a result that fraudsters have been taking advantage of the high population of the online
banking system to commit remote authentication fraud. As a result that, banking community have come
to a conclusion of advancing the authentication system already in place to makes sure that system is
encrypted in both database of the banking system and mobile account of different holders.
Furthermore, different programmer around the world have been able to come up with various method
of authentication to prevent and act of fraud on the banking. From the various research I have made and
gone through such as the article like “strategies for fighting remote authentication fraud” by the author
Elizabeth.J, (2021)and some many more who have given their thought and ideas out to the general
public on method they have examine, tested and used to enhanced the banking system already in place.
This project is main focusing on majorly two aspect of the authentication system to apply on the
banking system currently function. As we all bank user know, the current system uses either your SMS
or EMAIL to send a code of numeric value known as the OTP of any act of authentication to allow
authorization access. Multiple cases have been report of a case whereby a customer either lose his Sim
card attach to his bank and his OTP get compromised and fraudster take advantage an carryout fraud on
that account. All this possible to the absence of a good encryption system put in place to encrypt every
Android Studio is the official integrated development environment (IDE) for Google Android
Operating system, built on JetBrains' Intellij IDEA software and designed specifically for Android
Development. Android Studio was announced on May 16, 2013 at the Google. It supports application
development within the Android operating system, Android Studio uses a Gradle-based build system,
emulator, code templates, and Github integration. Every project in Android Studio has one or more
modalities with source code and resource files. These modalities include Android app modules, Library
modules, and Google App Engine modules which is very helpful for us. It also helps our team to
Building and designing android applications working in coordination with the design and the testing
team to develop better products with fewer bugs To work with different API's and data sources Fix
Dart Google had its first ever release of Flutter 1.0 last December, after having it in beta mode for over
18 months. Dart is the programming language used to code Flutter apps. Dart is another product by
Google and released version 2.1, before Flutter, in November. As it is starting out, the Flutter
community is not as extensive as React Native, Ionic, or Xamarin. A while back, I discovered a liking
for JavaScript. I was ecstatic to be working on a React Native mobile app for my internship. I enjoy
coding hybrid mobile apps too, so wanted to give Flutter a try, as I had done Xamarin sometime last
year. At my first glance of Flutter (and Dart), I felt be fuddled and couldn’t seem to understand
anything. They even had a section on their docs for developers moving from React Native. So, I took to
digging deeper on all things Dart. Dart looks a bit like C and is an object-oriented programming
language. So, if you prefer the C languages or Java, Dart is the one for you, and you’ll likely be
proficient in it. Dart is not only used for mobile app development but is a programming language it’s
used to build just about anything on the web, servers, desktop and of course, mobile applications Dart,
when used in web applications, is transpiled to JavaScript so it runs on all web browsers. The Dart
installation comes with a VM as well to run the .dart files from a command-line interface. The Dart
files used in Flutter apps are compiled and packaged into a binary file (.apk or .ipa) and uploaded to
app stores.
2.2.3. FLUTTER
Flutter is a free and open-source mobile UI framework created by Google and released in May 2017. In
a few words, it allows you to create a native mobile application with only one codebase. This means
that you can use one programming language and one codebase to create two different apps (for iOS and
Android) To develop with Flutter, you will use a programming language called Dart. The language was
created by Google in October 2011, but it has improved a lot over these past years. Flutter is a cross-
platform UI toolkit that is designed to allow code reuse across operating systems such as iOS and
Android, while also allowing applications to interface directly with underlying platform services. The
goal is to enable developers to deliver high-performance apps that feel natural on different platforms,
embracing differences where they exist while sharing as much code as possible.
2.2.4. JAVASCRIPT
JavaScript is a scripting or programming language that allows you to implement complex features on
web pages every time a web page does more than just sit there and display static information for you to
look at displaying timely content updates, interactive maps, animated 2D/3D graphics, scrolling video
jukeboxes, etc. — you can bet that JavaScript is probably involved. It is the third layer of the layer cake
of standard web technologies, two of which (HTML and CSS) we have covered in much more detail in
2.2.5. NODE JS
applications. In the following "hello world" example, many connections can be handled concurrently.
Upon each connection, the callback is fired, but if there is no work to be done, Node.js will sleep. This
is in contrast to today's more common concurrency model, in which OS threads are employed. Thread-
based networking is relatively inefficient and very difficult to use. Furthermore, users of Node.js are
free from worries of dead-locking the process, since there are no locks. Almost no function in Node.js
directly performs I/O, so the process never blocks. Because nothing blocks, scalable systems are very
reasonable to develop in Node.js. Node.js is similar in design to, and influenced by, systems like
2.2.6. MYSQL
MySQL is a fast, easy-to-use RDBMS being used for many small and big businesses. MySQL is
developed, marketed and supported by MySQL AB, which is a Swedish company. MySQL is
MySQL is released under an open-source license. So you have nothing to pay to use it.
MySQL is a very powerful program in its own right. It handles a large subset of the functionality of
MySQL works on many operating systems and with many languages including PHP, PERL, C, C++,
JAVA, etc.
MySQL works very quickly and works well even with large data sets.
MySQL is very friendly to PHP, the most appreciated language for web development.
2.2.7. Mysql-Workbench
MySQL Workbench is a unified visual tool for database architects, developers, and DBAs. MySQL
Workbench provides data modeling, SQL development, and comprehensive administration tools for
server configuration, user administration, backup, and much more. MySQL Workbench is available on
Windows, Linux and Mac OS X. MySQL Workbench enables a DBA, developer, or data architect to
visually design, model, generate, and manage databases. It includes everything a data modeler needs
for creating complex ER models, forward and reverse engineering, and also delivers key features for
performing difficult change management and documentation tasks that normally require much time and
effort.
use e-banking, and banks benefit from a competitive edge over other market participants. However, due
to the fraudulent activity of fraudsters, e-banking security has drawn attention; up to this point, a lack
of appropriate e-banking security has discouraged many consumers from using the service. An
overview of the security concerns relating to online banking is given in this article. The challenges and
traits of e-banking fraud have also been duplicated. This study also looked at several fraud and attack
detection techniques, as well as certain security precautions for e-banking services. Based on the
opinions of experts, this study ranked the different e-banking security strategies and models. The
research revealed that "Transaction Monitoring" was the model that worked the best, while "Virtual
Keyboards," "Browser Protection," and "Device Identification" were the models that performed the
worst. The first portion of this essay addressed the subject of interest, while the second section included
background knowledge on e-banking. The third portion of the article contained the literature review,
and the last section contained the study's conclusion. International Journal of Innovation, Creativity and
This research ranked the major e-banking security strategies and models based on professional
judgment. The results showed that "Transaction Monitoring" was the model that worked the best, while
"Virtual Keyboards," "Browser Protection," and "Device Identification" were the models that
performed the worst. The first portion of this essay explained the subject at hand, while the second
section gave an overview of e-banking. The literature review was located in the third portion of the
essay, while the conclusion was located in the last section. This report clearly illustrates the
requirement for stronger verification in online banking. It describes the primary security issues and
criminal activity driving the demand for enhanced authentication, as well as the expansion of the
internet channel pushed by customers and financial institutions. This research makes complicated
alternatives easier to understand when adopting improved authentication in the online banking
environment and acts as a reference for doing so. Based on the expertise and experience of customers
and industry professionals, it offers a thorough analysis of the many authentication options available as
automatically and used to authenticate a user for a single transaction or login session (Kathleen & Ivy,
2018). A user-created password, One weak and/or reused on many different accounts, in particular, is
less secure than OTP. OTPs can be used to replace or add authentication login data, providing an
additional safety layer. The unique password removes key IT and security professionals facing
password security vulnerabilities. They do not need to worry about password composition guidelines,
bad and weak passwords, sharing credentials or the reuse in several accounts and systems of the same
password. (Kathleen & Ivy, 2018). Another benefit of one-time passwords is that they expire in
minutes, preventing attackers from collecting and reusing the secret codes clearly explained by
2.6 SUMMARY
The important paradigm of SMS OTP that is the Mobile Transaction Authorization Number, that’s put
on to authorize transactions of the person. In this particular mechanism, the OTP is delivered as a text
message on the user’s mobile device. Nevertheless, the protection of SMS OTP depends on the
confidentiality of SMS, which is trusted by the security of movable networks [40]. While authenticator
Apps count during a shared secret, which both the server and the App have to store. This “seed” is
mixed with the period to produce the multi-factor authentication code. In our method, the TOTP based
onetime password authentication for secure electronic payment process aims to be raised by utilizing
TLS connection between server and client Apps. Because the seed is discussed making use of the
secure link, therefore it is never, exposed. User verification has become more and more important than
ever for electronic payments. Various authentication stages were described in previous approaches, as
they did with the knowledge-based methods in the authentication stage. The security mechanism for
usernames and passwords that can easily be accessed through guessing and password based attacks.
There is also a possibility to develop user authentication methods for multi-factor implementations.
This study suggested a user authentication framework focused on TOTP for electronic payments that
are concrete with biometric features. In addition, the proposed study recommends the possibility of
biometric fingerprints verification during user authentication. The fingerprint method appears to be one
of the most secure means for authentication in the electronic payments world in order to reduce future
security vulnerabilities. However, the proposed system is free of cost. The program-offering site
likewise should make use of this product to improve the protection of the program, charging no extra
cost. Because user have no SMS, services associated with the device so there will be absolutely no cost
of SMS to user and server. This method could be lodged in a broad range of applications to provide
CHAPTER THREE
METHODOLOGY
In the proposed method, we have utilized TOTP as a starting algorithm to produce needed onetime
passwords. TOTP is dependent on HTOP; However, HTOP is used counter whereas TOTP is a time-
based algorithm. TOTP is going to generate an innovative worth after a determined period. This
particular occasion is known as the time step. TOTP supports HMAC-SHA2 and HMAC-SHA1 hash
functions [37]. The proposed system has two phases, namely: registration stage, an authentication
phase. A comprehensive explanation of each phase is provided below. Before making use of this
service, the user should register the information of theirs during a procedure known as the registration
phase. Verification of that information may just be achieved by a procedure known as an authentication
phase. Each of the suggested materials and strategies are completed in the system during both
registration process as well as the login procedure, their process flow is reviewed in this area. In Table
ADVANTAGES
1. TOTP is more secure TOTP tend to be more secure because they are only valid for a specific period.
The extra criteria required to be met greatly increase the security. 2. TOTP Offers Flexibility with
Various Token Options A TOTP authenticator can be embedded in both dedicated hardware tokens as
implementing it in software (also known as a software token) you avoid the costs associated with
necessary TOTP codes can be generated and accepted offline if the devices have the same secret
key/seed and are in sync. This allows them to individually create TOTP codes and compare them
against each other. Some models was adopted in regards to the development of the banking app after
which the integration of the security feature was later added in line with the objectives of the project.
The Model adopted includes: (1)Waterfall model (2)Spiral model (3)V model (4)Agile model
WATERFALL MODEL The waterfall model is utilized for projects with clearly defined objectives to
be reached because it is designed or set up in a way that stresses sequential operation. The paradigm
moves progressively downward through the stages of software implementation, as its name suggests.
The steps in this paradigm must be performed one after the other before moving on to the next. The
waterfall approach is best suited for projects that do not anticipate unanticipated changes mid-
development since it prohibits going back to previously accomplished phases. The fact that the
software cannot be seen or tested until the very end of development also increases the risk and
unpredictability of the project. Testing is frequently hurried, and fixing errors can be expensive.
After the registration is done, the client app creates an eight digit onetime password (OTP) that may be
utilized for the authentication aim. The registration process of the proposed system can be seen in Fig.
4. However the registration process of the proposed system as working as follows. Step 1: The user
input his credential information IDi on the server. Step 2: The server determines the client's info and
recovers the client's public key PKIDi Step 3: the server then choices an arbitrary string TOTP, have a
period slot, and encrypts it together with the public element to get (1) Step 4: The server generates the
QR code in the payment side. Step 5: The client decodes the QR code with (2) Step 6: The arbitrary
string is encrypted together with the client's public key PKIDi, the client is able to read the TOTP
string just over the device of user by (3) and type in the TOTP within the terminal with an actual
Notation Description
EN Encryption string
QR Quick Response
DEC Decryption
3.2.2. Authentication Phase
The authentication service has to authenticate the client whenever the client wants to access the system.
The authorization service checks server data and database identification Identities. The value submitted
by the client would be compared to the current value of the server. When the values are both identical,
the authentication is successful; the new value will be used to change the old value for the server.
5 illustrates the method of authentication of the proposed system. The details authentication steps of the
Step 2: The server determines the client's info and regains the client's public key
Step 6: Once the app verify the registered user, then the app ready for decode the QR code.
Step 7: the user will get TOTP number after decode the QR code.
Step 8: the user will input the TOTP number in the server side, if matched,
In this paper, we proposed TOTP based on authentication for enhanced electronic payments
authentication security. The system design includes various entities, like a prospect, a smartphone, a
user’s PC and a server. The user is an individual with little to no knowledge of cryptographic codes,
such as passwords and complicated mathematical equations. The terminal of a user is a computer of a
user that is used to connect to a server for money transfers [38]. The user has a smartphone that stores
the public key certification of the digital certificate or the server furnished with a camera. The server is
the method entity belonging to the monetary institution that interrelates with the user by carrying out
all the back end operations. In deep agreement with the present moment, TOTP uses a secret shared
between client and server to produce a onetime use code [39]. Through executing the disgust secret
through the algorithm, the client experiences the code with the server being able, during the whole
algorithm, to confirm the published chip with a similar secret. The cipher is equally relevant for an
imbued amount of time, usually thirty seconds [32]. The flow looks like firstly operator logs directly
into an application program with username as well as the password, now view a text field asking to
type in the newest launch and code TOTP client on their cell phone. Fig. 6 displays the proposed
framework architecture of the proposed system. The user gets a TOTP token by scanning the QR code.
In the first phase, users open the Internet browser for login their account details getting a username
password together with TOTP. Within the next stage, it provides an authentication need on the identity
authentication server. In the last stage, verification on the request is used by confirming the allowed
individual through identity authentication server. The request may be accepted in the last stage and
maybe denied. The onetime password is made on the subject of the server using seed exchange, after
which provided via a Transport Layer Security (TLS) tunnel about the client mobile program. The
client will solely be authenticated whether it suits the password on the server on the server part. It is
moreover secure than the SMS solution, since the transmission of the cipher is not intermediate. The
function is the algorithm. To stay behind safe, mutual confidentiality should be reserved for this
process.
significant part within connecting the breach between the server and the user. In order to offer secure
user authentication device, which works mutual authentication in between entities, thus, the proposed
method uses the TOTP algorithm of RFC 6234 to compute the OTP required authenticating the user
and finishing the login process [27]. The android application syndicates three components: the shared
secret, timestamp and server challenge [33], in the mobile to make a token of 8 or more 8 digits so long
as it applies the TOTP algorithm. Random details are essential, and they are utilized by the 8 bytes
utilizes tokens and the shared secret. The system is depended both server side and client side. Some
parameters are needed for the establishment of a TOTP authentication. The following steps are
For the TOTP generation, users and servers will know or be able to measure the current UNIX
period. A secret key must be shared between user and server. The hidden key may be used as a pre-
existing
key between the parties. On the other side, the secret key may be produced by means of a main
agreement protocol during agreement between the parties. This is a secure communication.
The HMAC-Based One Time Password (OTP) will be the main component for the algorithm.
The same time value is required for both the user and the server.
In this paper, we use the Time Based onetime password authentication algorithm to secure an
electronic payment. The TOTP method is generally utilized in applications, which have to limit time
like mobile banking and applications transactions. This section summarizes the key functionality and
discussing regarding the OTP authentication system their methods. In the earlier methods found there
are already various stages in the authentication task, as there they have worn SMS OTP Authentication
within the authentication phase. Right here we have used TOTP its combat with specific QR Code of
user that could be a fruitful method for supplying great protection on the authentication procedure.
Here we have compared the usability considerations of SMS OTP and TOTP. The comparison of
existing methods with the proposed system outcome is shown in Table III, where the usability
considerations are discussed in Table IV for both SMS OTP AND TOTP. The important paradigm of
SMS OTP that is the Mobile Transaction Authorization Number, that’s put on to authorize transactions
of the person. In this particular mechanism, the OTP is delivered as a text message on the user’s mobile
device. Nevertheless, the protection of SMS OTP depends on the confidentiality of SMS, which is
trusted by the security of movable networks [40]. While authenticator Apps count during a shared
secret, which both the server and the App have to store. This “seed” is mixed with the period to
produce the multi-factor authentication code. In our method, the TOTP based onetime password
authentication for secure electronic payment process aims to be raised by utilizing TLS connection
between server and client Apps. Because the seed is discussed making use of the secure link, therefore
it is never, exposed. User verification has become more and more important than ever for electronic
payments. Various authentication stages were described in previous approaches, as they did with the
knowledge-based methods in the authentication stage. The security mechanism for usernames and
passwords that can easily be accessed through guessing and password based attacks [41-42]. There is
also a possibility to develop user authentication methods for multi-factor implementations. This study
suggested a user authentication framework focused on TOTP for electronic payments that are concrete
with biometric features. In addition, the proposed study recommends the possibility of biometric
fingerprints verification during user authentication. The fingerprint method appears to be one of the
most secure means for authentication in the electronic payments world in order to reduce future
security vulnerabilities [43-44]. However, the proposed system is free of cost. The program-offering
site likewise should make use of this product to improve the protection of the program, charging no
extra cost. Because user have no SMS, services associated with the device so there will be absolutely
no cost of SMS to user and server. This method could be lodged in a broad range of applications to
TOOLS Drawio: Is a free and open source cross-platform graph drawing software. Its interface can be
used to create diagrams such as flowcharts, wireframes, UML diagram, organizational charts and
network diagrams. Figma: is a prototyping tools which is primarily web based, with additional office
features enabled by desktop applications for windows. The mobile app allow viewing and interacting
with Figma prototypes in real time mobile devices. The feature set of Figma focuses on use in user
interface and user experience design with emphasis on real time collaboration. Visual studio: Visual
Studio is an IDE made by Microsoft and used for different types of software development such as
computer programs, websites, web apps, web services, and mobile apps. It contains completion tools,
compilers, and other features to facilitate the software development process. The Visual Studio IDE
(integrated development environment) is a software program for developers to write and edit their
code. Its user interface is used for software development to edit, debug and build code. Visual Studio
includes a code editor supporting IntelliSense (the code completion component) as well as code
refactoring. The integrated debugger works both as a sourcelevel debugger and a machine-level
debugger. The technique used to achieve the statement of problem above is discussed in this section.
The password generated is created using the current time and it also factors in a secret key. An example
of this OTP generation is the Time Based OTP Algorithm (TOTP) described as follows: 1. Backend
server generates the secret key 2. The server shares secret key with the service generating the OTP 3. A
hash based message authentication code (HMAC) is generated using the obtained secret key and time.
This is done using the cryptographic SHA-1 algorithm. Since both the server and the device requesting
the OTP, have access to time, which is obviously dynamic, it is taken as a parameter in the algorithm.
Here, the UNIX timestamp is considered which is independent of time zone i.e. time is calculated in
algorithm. The code generated is 20 bytes long and is thus truncated to the desired length suitable for
the user to enter. Here dynamic truncation is used. For the 20-byte code
We look at the last character, here a. The decimal value of which is taken to determine the offset from
which to begin truncation. Starting from the offset value, 10 the next 31 bits are read to obtain the
string “6482b6d3″. The last thing left to do, is to take our hexadecimal numerical value, and convert it
to decimal, which gives 1686288083. All we need now are the last desired length of OTP digits of the
obtained decimal string, zeropadded if necessary. This is easily accomplished by taking the decimal
string, modulo 10 ^ number of digits required in OTP. We end up with “288083” as our TOTP code. 2.
A counter is used to keep track of the time elapsed and generate a new code after a set interval of time
OTP generated is delivered to user by the methods described above. 3.5 Ethical Consideration No
profession or industry has maintained higher standards of conduct nor provided greater public service
than the banking industry. Banks have traditionally recognized their duty to act in a manner of public
trust and confidence which is one of their utmost priority. The relational context between the bank and
customer during transfer or receiving of fund via digital means remained relatively problematized.
Rather than assuming an anonymous interface between the banking industry and the customer or client,
with specific ethical issues related to it. These consideration work to maintain scientific integrity,
enhance the project validity and to protect the rights of the party involved in the development. Some of
the ethical consideration that were considered during the development of this project are:
Confidentiality
Result communication
Anonymity
Requirement specification is a collection of requirement that are to be imposed on the design and
verification of the product. The specification also contains other related information necessary for the
design, OTP verification and maintenance of the banking App. System specification of the banking are
sub divided into two: the hard ware specification and the software specification. Below gives a tabular
This are requirements specification for a software system, is a description of the behavior of a system
to be developed and may include a set of use cases that describe interactions the users will have with
the software. This are requirements specification for a software system, is a description of the behavior
of a system to be developed and may include a set of use cases that describe interactions the users will
have with the software. The software requirements specification document enlists enough and
necessary requirements that are required for the project development. To derive the requirements, we
need to have clear and thorough understanding of the products to be developed or being developed.
Below is the detailed explanation of the functional requirement specification and the nonfunctional
requirement.
The functional requirements specification describes what the banking app must be able to do. It
describes a software system or its component. Below is the functional requirement table
Every system or website development must include a good system design. The system design involves
the process of designing the element of a system such as the architecture, modules and components.
The different interfaces of the component and the data that flows through that system are also part of
the system design. The diagram basically shows how the actors (Customer, Cashier and Admin)
interact with the main system and between each other based on their roles. User stories are defined for
each actor, which lists the exact activity done with the system. Finally, there is Use cases which are
defined processes/functions for actors. Combining actors, user stories and use cases gives us a Use case
diagram. The following are the listings of user stories and use cases for each actor. User stories
a. Customer:
Customer will get information about various account types with details.
Customers will be able to have options for different electronic cards and choose it
Customers should be able to do daily transactions like paying bills and getting OTP for every
transactions made.
b. Staff:
Staff will be able to verify and authenticate different date of customers and integrate it to the system
Tracking all the general activities of each end users with update alert and any required changes
the user's point of view, as well as the various actions performed by the user as the actor.
1. Registration, authentication and verification Each data of customers should be registered to generate
a login system for each defined role with proper documentation. The data should be authenticated and
2. General and specific function associated with roles of each users: Customers should be able to
register itself and get login info for doing monetary transactions. A proper track of these transactions
3. Data storage and information processing: All the interaction between admin, customers and cashier
should be structurally stored by each of them based on the roles like online transactions of each
customer. All the information should be processed with its authentication, accountability and final
An activity diagram is a model that depicts the steps in the execution of a task or activity from a use
case.
3.6.6 Control Flow Diagram
Control flow diagram for this implementation describes the flow of the process or review of the
It is a model that establishes relationships between people, objects, places,concepts or events within a
system. It is very vital to project data modellingfor the database. It also helps in defining processes and
develop relationaldatabase. Basically, it helps us to create a database model for our system including
different entities revolving in our system. There are five basic components for this diagram. They are
listed below:
Entities, these are concepts or objects that can have data stored about them. They are referred as
Connecting lines.
It is a type of user interface by which any user interacts with the system via visual indicator
presentation. It is considered as use cantered design in software programming which basically means
that it is an interface for a system graphically design so that a user can access the services as accurately
as possible. The users should understand what they are doing and what they are getting from the system
knowledge of the stakeholders of the company and the requirements a simple and easily accessible GUI
is developed for this system. The GUI is developed using various tools and features available in
windows form platform. There are different sections of GUI which are defined and graphically
represented below.
3.7 Summary
This chapter has discussed the methodology that will be used in the design and implementation of this
study. It also examines the functional requirements of the application as well as system design. The
next chapter which is chapter four (4) will talk about Implementation and Testing.
CHAPTER FOUR
4.1 INTRODUCTION
This chapter is the part that puts a planned system into action and examine in details the analysis and
design of the implemented project. The present chapter discusses the implementation of the system,
highlighting the testing exercise and describing some of the main components of the system's Graphical
User Interface. It will give an output from programming language and other tools used to develop our
system.
We can emphasize the vital aspects necessary when dealing with banking activities. Main features that
was involved during the implementation of this projects are divided into three (3) sections.
Admin can sign up quickly and easily: Simplified onboarding process for the admin
System generated OTP for customers is embedded in the application using the cryptography
algorithm.
In every project implementation, several problems are encountered during the process. These problems
could be encountered at the infancy stage, middle stage or during the completion stage of the project.
Some problems that were encountered during the implementation of the development of a more
secured banking transaction authentication application using hybrid Cryptography is listed below.
Financial problems
4.4 OVERCOMING IMPLEMENTATION PROBLEMS
What was done to overcome the implementation problem listed above is to break down the
implementation process into batches. By so doing, the process will be addressed at each stage of the
project. For example, the performance and speed of each stages differ depending on the complexity of
the phase.
4.5 TESTING
The testing phase of any software development process is very crucial. The testing phase ensures that
every part of the software works as expected. The best way to perform testing is to have inputs and
expected out, then provide fill the input on the software and compare the result with the expected
output. This helps in cross checking and identifying any possible errors in the system that has been
design. Testing ensures that each functionality that has been added works according to the software
requirement. All errors are detected and remove at this stage of development. One great advantage of
the testing is that it saves cost, because all problems that might arise in the future can be identify and
fix in time. The first testing that was carried out is Functionality. The functionality tests a special type
of system testing where all the functional requirement of the software is being tested to ensure that all
component functions properly. Security testing is also carried out to check if the software is vulnerable
to security threats. Compatibility test is carried out to see how the software can run in the suitable
platforms it was designed to work on. Usability test was conducted to see if the software is easy to use
and also user friendly. Testing the functional requirements of more secured banking transaction
authentication application using hybrid cryptography aims at verifying that the website features and
operational behavior correspond to their specifications. To achieve this aim, any failures due to the
running environment should be avoided, or reduced to a minimum. Preliminary assumptions about the
running environment will have to be made before test design and execution.
User guide serves as a reference guide for working with the implemented Banking website. Users can
make use of it to have in-depth knowledge about the functions of each link button, text field and
dropdown menu. Below are screenshots that will assist user in using the implemented website.
Landing page:
It is first interface that opens when we load the application. It consists of a Sign in section where users,
cashiers and admin can login into the system. There are other divided sections such as Create
The interface allows to register as a user and open an account providing our personal details. Then we are allowed
The login interface is an interface that appears a like a form which is required to be filled up by the users of the
system which are customer user and customer user. Both customer users and customer users’ interfaces have
different functionalities.
Forgotten Password
4.6.3 Customers Details.
In this page, all user’s details such as name, Id, phone number, Email, can be edited by the user. All banking
OTP means One Time Password: it’s a temporary, secure PIN-code sent to you via SMS or e-mail that is valid
only for one session. All Citizens bnak uses OTPs during registration and account renewal, deposit or withdrawal
Phone number: your phone number needs to be entered with the correct country code. Make sure you check it!
E-mail address: check for spelling mistakes and always use your primary e-mail account
– one that you will still be using in years to come even if you change jobs, move abroad, change your surname
etc.
customer user, queue customer user, make appointment, notify customer user and generate Medical Report can all
Account Details:
4.7 SUMMARY
types of application testing have also been discussed, some screenshots of the designed
and developed application is also displayed in this chapter. Report and error reports has
also been discussed. The next chapter which is chapter five is the final chapter of this
project.
CHAPTER FIVE
5.1 SUMMARY
This project aim and objectives has been accomplished as discussed in the first chapter.
All functional requirements stated has been implemented, though other important
features like document handling and other automated processes were not implemented
because of the time frame. This application was built properly meeting standard
requirements for objective oriented programming, it is ready to deploy to live server for
end user to use as an end product. Updates or few features will be included to better the
At the course of this project, I was able to develop software development skills in PHP,
CSS and MySQL, I also learn a lot about sessions handling, development life cycle and
many others.
5.2 CONCLUSION
internet companies and protects them from collapsing or losing money. With Time-
based multifactor authentication algorithm, we improved protection of electronic
payments. Our proposed methods uses mechanisms of TOTP, where it facilitates the
user device authentication creating the onetime codes. Enabled MFA and worked with
the TOTP method to include an additional level of protection for an electronic payment
authentication layer that is going to provide additional is safe against famous attacks
such as spoofed, MITMF and tempering. The real information of the user is saved
anomalously in database.
In addition, the algorithm is used to operate an identical secret via the algorithm using a
shared secret key between the client and the server. Our system has the benefit to
authenticate the only legitimate user will acquire a chance to use the account where the
system is free of cost. Our suggested solution has shown that security efficiency for
existing method. Finally, the effort could be put on using modern environments such as
cloud computing, banking systems, e-commerce, and mobile devices. In the future, we
On the course of this project, many problems were encountered. Some of which
includes lack of knowledge of adobe CS5. The problem was solved by leaning this
programming language. Lack of adequate finance to run around for the project, this was
solved by getting money from friends and family members. Unavailability of some
research questions from text books and other sources, the solution was to interact with
some Information Technology staff whom their practical experiences really helped in
There are some limitations for the current system to which solutions can be provided as
a future development.
The website is not accessible to everyone because it is currently on a local host server.
In the future development, the following can be done to improve or enhance the website
Third party proprietary software can be implemented for card validation check.
The concept of transaction can be used to achieve the uses of multi users not having
All Citizens Bank may have better improvement in the future since the current system is
Another consideration is that the system needs large disk space in the future if it is
Al-Sukkar, H. (2005): “Toward a Model for the Acceptance of Internet Banking in Developing
Archer, M.S. (2000), Homo economicus, Homo sociologicus and Homo sentiens, in M.S. Archer
& Tritter, J.Q. (Ed.).Rational Choice theory: Resisting colonization, pp. 78-91. London:
Routledge.
Enterprises.
Christopher, G. C., Mike, L. and Amy, W. (2006): “A Logit Analysis of Electronic Banking in
Edet. O. (2008) Electronic banking Industries and Its effects. International journal of investment
Study”,
Gupta, P. K. (2008): “Internet Banking in India: Consumer Concern and Bank Strategies”,
Kannabira and Narayan (2005): “Deploying Internet Banking and E-Commerce: Case Study of a
Cryptography and Use in Mobile Money System. American Journal of Computer Science and
Madueme, I.S. (2009). Banking Efficiency and information Technology in Nigeria: An Empirical
Management,2(1): 12-19
Mahdi, A. and Zhila A... (2008): “Islamic Banking Practice and Satisfaction: Empirical Evidence
From Iran”, ACRM Journal of Business and Management Research, 3(2); 35-41
Summit held at King David Hotels, Regina Caeli Road, Awka on 8th November, 2012.
Ovia, J. (2005): “Internet Banking: Practices and Potentials in Nigeria”, A paper presented at a
seminar organized by the Institute of Chartered Accountants of Nigeria (ICAN) Lagos Sheraton
Pandey, U. S. & Shukla, S. (2010). E-Commerce and Mobile Commerce Technologies, (S.
Saunders, M. et al.,(2009). Research Methods for Business Students, 5th Ed., (Pearson Education
Shavarts, A. (2002), Russian Mafia: The Explanatory power of Rational Choice theory’
2019
Taro. (1976), Analysis of Sample Size and Sample Population in Research Methodology.
Nigerian
website.informer.com (2014).