HIGHLY SECURED NET BANKING SYSTEM USING DIGITAL

FINGERPRINT RECOGNITION TECHNIQUES

Abstract

Online banking (or Internet banking or E-banking) allows customers of

a financial institution to conduct financial transactions on a secured website operated by
the institution, which can be a retail bank, virtual bank, credit union or building society.

To access online banking, the customer would go to the financial institution's

website, and enter the online banking facility using the customer number and password.
Some financial institutions have set up additional security steps for access, but there is no
consistency to the approach adopted.

Though single password authentication is still in use, it by itself is not considered

secure enough for online banking in some countries. Basically there are two different
security methods in use for online banking. With the widespread applications of digital
fingerprint techniques used for net banking authentication systems. The digital finger
print working based on file based password method that represents any file act as a
password.
Existing

A system model is a systematic approach towards software development. Before

any building is built it is necessary to make the drawing of that building, similar is
the case with any software. Here also before any coding of the software begins, it
is necessary to make the model of the software.

A model basically specifies all the steps to be followed during the system

development. This makes the task of the engineer quite simple and helps him

build software, which is less error prone.

Tasks accomplished by system modeling are:

 Define the processes that serve the needs of the view under consideration.
 Represent the behavior of the processes and the assumptions on which
behavior is based.
 Explicitly define both exogenous and endogenous input to the model.
 Represent all linkages that will enable the engineer to better understand
the view.
Proposed

Advantages of the System

Advantages of the system over manual record handling are as follows:

 Removes redundancy.
 Reduces errors.
 Provides better protection.
 Makes work easier.
 Reduces manual labor.

HARDWARE & SOFTWARE REQUIREMENTS:

HARDWARE REQUIREMENTS:

· System : Pentium IV 2.4 GHz.

· Hard Disk : 250 GB.
· Monitor : 15 VGA Color.
· Mouse : Optical.
· Ram : 1 GB

SOFTWARE REQUIREMENTS:

· Operating system : Windows XP Professional.

· Coding Language : Java (Jdk 1.6) with Servlet and JSP.

· Database : My-SQL 5.0

. Server : Tomcat 7.0

. IDE : Eclipse 3.6

SOFTWARE ENVIRONMENT

JAVA TECHNOLOGY
Java technology is both a programming language and a platform.

THE JAVA PROGRAMMING LANGUAGE

The Java programming language is a high-level language that can be characterized by all of the
following buzzwords:
 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure
With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
language called Java byte codes —the platform-independent codes interpreted by the interpreter
on the Java platform. The interpreter parses and runs each Java byte code instruction on the
computer. Compilation happens just once; interpretation occurs each time the program is
executed. The following figure illustrates how this works.
You can think of Java byte codes as the machine code instructions for the Java Virtual Machine
(Java VM). Every Java interpreter, whether it’s a development tool or a Web browser that can
run applets, is an implementation of the Java VM. Java byte codes help make “write once, run
anywhere” possible. You can compile your program into byte codes on any platform that has a
Java compiler. The byte codes can then be run on any implementation of the Java VM. That
means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.

THE JAVA PLATFORM

A platform is the hardware or software environment in which a program runs. We’ve
already mentioned some of the most popular platforms like Windows 2000, Linux,
Solaris, and MacOS. Most platforms can be described as a combination of the operating
system and hardware. The Java platform differs from most other platforms in that it’s a
software-only platform that runs on top of other hardware-based platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What Can Java Technology Do? Highlights what
functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.
 Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a
bit slower than native code. However, smart compilers, well-tuned interpreters, and just-
in-time byte code compilers can bring performance close to that of native code without
threatening portability.
WHAT CAN JAVA TECHNOLOGY DO?
The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Web, you’re probably already familiar with
applets. An applet is a program that adheres to certain conventions that allow it to run
within a Java-enabled browser.

However, the Java programming language is not just for writing cute, entertaining applets
for the Web. The general-purpose, high-level Java programming language is also a
powerful software platform. Using the generous API, you can write many types of
programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples
of servers are Web servers, proxy servers, mail servers, and print servers. Another
specialized program is a servlet. A servlet can almost be thought of as an applet that runs
on the server side. Java Servlets are a popular choice for building interactive web
applications, replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers, though, servlets
run within Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
 Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
  Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
 Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
 Software components: Known as JavaBeansTM, can plug into existing
component architectures.
 Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts what
is included in the Java 2 SDK.

HOW WILL JAVA TECHNOLOGY CHANGE MY LIFE?

We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than
other languages. We believe that Java technology will help you do the following:
 Get started quickly: Although the Java programming language is a powerful
object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
 Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language can
be four times smaller than the same program in C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer bugs.
  Develop programs more quickly: Your development time may be as much as
twice as fast versus writing the same program in C++. Why? You write fewer
lines of code and it is a simpler programming language than C++.
 Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The
100% Pure JavaTM Product Certification Program has a repository of historical
process manuals, white papers, brochures, and similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
 Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded
“on the fly,” without recompiling the entire program.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax that
is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they
are installed when you setup a separate database application, such as SQL Server Client or
Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program
and each maintains a separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle or
SQL Server. We only mention these two as an example. There are ODBC drivers available for
several dozen popular database systems. Even Excel spreadsheets and plain text files can be
turned into data sources. The operating system uses the Registry information written by ODBC
Administrator to determine which low-level ODBC drivers are needed to talk to the data source
(such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent
to the ODBC application program. In a client/server environment, the ODBC API even handles
many of the network issues for the application programmer.
The advantages of this scheme are so numerous that you are probably thinking there must
be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to
the native database interface. ODBC has had many detractors make the charge that it is too slow.
Microsoft has always claimed that the critical factor in performance is the quality of the driver
software that is used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance is somewhat
analogous to those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs, which means you finish sooner. Meanwhile, computers get faster every year.

JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface
is achieved through the use of “plug-in” database connectivity modules, or drivers. If a database
vendor wishes to have JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
 To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.
Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon
after.
The remainder of this section will cover enough information about JDBC for you to know what it
is about and how to use it effectively. This is by no means a complete overview of JDBC. That
would fill an entire book.

JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because of
its many goals, drove the development of the API. These goals, in conjunction with early
reviewer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC are
as follows:

1. SQL Level API

The designers felt that their main goal was to define a SQL interface for Java. Although
not the lowest database interface level possible, it is at a low enough level for higher-level
tools and APIs to be created. Conversely, it is at a high enough level for application
programmers to use it confidently. Attaining this goal allows for future tool vendors to
“generate” JDBC code and to hide many of JDBC’s complexities from the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to
support a wide variety of vendors, JDBC will allow any query statement to be passed through
it to the underlying database driver. This allows the connectivity module to handle non-
standard functionality in a manner that is suitable for its users.
3. JDBC must be implemental on top of common database interfaces
The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal
allows JDBC to use existing ODBC level drivers by the use of a software interface. This
interface would translate JDBC calls to ODBC and vice versa.
4. Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that they
should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method of
completing a task per mechanism. Allowing duplicate functionality only serves to confuse
the users of the API.

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less error
appear at runtime.

7. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to
perform with JDBC. However, more complex SQL statements should also be possible.

Finally we decided to proceed the implementation using Java Networking.

And for dynamically updating the cache table we go for MS Access database.

Java ha two things: a programming language and a platform.

Java is a high-level programming language that is all of the following

Simple Architecture-neutral

Object-oriented Portable

Distributed High-performance
 Interpreted multithreaded

Robust Dynamic

Secure

Java is also unusual in that each Java program is both compiled and interpreted.
With a compile you translate a Java program into an intermediate language called Java
byte codes the platform-independent code instruction is passed and run on the
computer.

Compilation happens just once; interpretation occurs each time the program is
executed. The figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a Java development
tool or a Web browser that can run Java applets, is an implementation of the Java VM.
The Java VM can also be implemented in hardware.

Java byte codes help make “write once, run anywhere” possible. You can compile
your Java program into byte codes on my platform that has a Java compiler. The byte
codes can then be run any implementation of the Java VM. For example, the same
Java program can run Windows NT, Solaris, and Macintosh.
MODULE DESCRIPTIONS:
There are many modules in this system they are mentioned below
Admin Session
 Login module
 Account Types (View Only )
 Branch Details (Add, Delete, Modify)
 Account Details (Add, Delete, Modify)
 Image Details (Text Images)

GRAPHICAL PASSWORD GENERATION

Discreatization is used to just allow the correct click-points to be accepted in the
region without storing exact click-point co-ordinates. Centered Descreatization offers centre
tolerance such that during password creation an invisible grid is overlaid in such a way that the
grid comes in centre with respect to selected click-point and the grid size used is 2r×2r. It divides
an image into square\ tolerance regions, to verify whether a login click-point comes within the
same tolerance region as the original click-point. During password creation the grid’s location is
set for every click point and there is a identical tolerance area centered around the original click-
point, by calculating the appropriate (x,y) and grid offset (Gx,Gy) (in pixels) from a (0,0) origin
at the top-left corner of the image. Later during user login, the system uses the originally
recorded grid offsets to place the grid and determine the acceptance.
Customer Session
 Login Module with Password Protection
 Providing Account Number and giving User Share to Server
 Fetching Server Share based on Account Number
 Producing Visual Cryptography Image
 Login Verification
 Home Page
o Balance Enquiry
o Mini Statement
o Fund Transfer
o Transaction Details
System Design
Data Flow Diagram:

 The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of the input data to the system, various processing
carried out on these data, and the output data is generated by the system.
 A DFD is a graphical representation of the "flow" of data through an information
system, modeling its process aspects. Often they are a preliminary step used to create
an overview of the system which can later be elaborated. DFDs can also be used for
the visualization of data processing (structured design).
 A DFD shows what kinds of data will be input to and output from the system, where the
data will come from and go to, and where the data will be stored. It does not show
information about the timing of processes, or information about whether processes will
operate in sequence or in parallel.
INPUT DESIGN

Input design is one of the most expensive phases of the operation of computerized system
and is often the major problem of a system. A large number of problems with the system
can usually be traced back to fault input design and method. Needless to say, therefore
that the input data is the life block of a system and has to be analyzed and designed with
the most consideration.

The decisions made during the input design are:

 To provide cost effective method of input.

 To achieve the highest possible level of accuracy.

 To ensure that input is understood by the user.

System analysts decide the following input design details like, what data item to input,
what medium to use, how the data should be arranged or coded data items and transaction
needing validations to detect errors and at last the dialogue to guide users in providing
input. Input data of a system may not be necessarily a raw data captured in the system
form scratch. These can also be the output of another system or sub-system. The design
of input covers all phases of input from the certain of initial data to actual entering the
data to the system for processing.
OUTPUT DESIGN

Output design generally refers to the results and information that are generated by the
system. For many end-users, output is the main reason for developing the system and the
basis on which they evaluate the usefulness of the application.

The objective of a system finds its shape in terms of output. The analysis of the objective
of a system leads to determination of outputs. Outputs of a system can take various
forms. The most common are reports, screens displays printed form, graphical drawing
etc. the outputs vary in terms of their contents, frequency, timing and format. The users
of the output, its purpose and sequence of details to be printed are all considered.

When designing output, the system analyst must accomplish things like, to determine
what information to be present, to decide whether to display or print the information and
select the output medium to distribute the output to intended recipients.

External outputs are those, whose destination will be outside the organization and which
require special attention as the project image of the organization.

Internal outputs are those, whose destination is within the organization. It is to be

carefully designed, as they are the user’s main interface with the system. Interactive
outputs are those, which the user uses in communication directly with the computer.
SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub assemblies, assemblies and/or a finished product It is the
process of exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.

UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program logic
is functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.

INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of components is
correct and consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.
FUNCTIONAL TEST
Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or

special test cases. In addition, systematic coverage pertaining to identify Business process flows;
data fields, predefined processes, and successive processes must be considered for testing.
Before functional testing is complete, additional tests are identified and the effective value of
current tests is determined.

SYSTEM TEST
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions
and flows, emphasizing pre-driven process links and integration points.

WHITE BOX TESTING

White Box Testing is a testing in which in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is purpose. It is
used to test areas that cannot be reached from a black box level.
BLACK BOX TESTING
Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box .you cannot “see” into it. The test provides inputs and
responds to outputs without considering how the software works.

TEST STRATEGY AND APPROACH

Field testing will be performed manually and functional tests will be written in detail.

TEST OBJECTIVES

 All field entries must work properly.

 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.
FEATURES TO BE TESTED

 Verify that the entries are of the correct format

 No duplicate entries should be allowed
 All links should take the user to the correct page.
INTEGRATION TESTING
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by interface
defects.

The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level –
interact without error.

ACCEPTANCE TESTING
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional requirements.
SYSTEM IMPLEMENTATION

The purpose of System Implementation can be summarized as follows: making the new system
available to a prepared set of users (the deployment), and positioning on-going support and
maintenance of the system within the Performing Organization (the transition). At a finer level of
detail, deploying the system consists of executing all steps necessary to educate the Consumers
on the use of the new system, placing the newly developed system into production, confirming
that all data required at the start of operations is available and accurate, and validating that
business functions that interact with the system are functioning properly. Transitioning the
system support responsibilities involves changing from a system development to a system
support and maintenance mode of operation, with ownership of the new system moving from the
Project Team to the Performing Organization.

A key difference between System Implementation and all other phases of the lifecycle is that all
project activities up to this point have been performed in safe, protected, and secure
environments, where project issues that arise have little or no impact on day-to-day business
operations. Once the system goes live, however, this is no longer the case. Any miscues at this
point will almost certainly translate into direct operational and/or financial impacts on the
Performing Organization. It is through the careful planning, execution, and management of
System Implementation activities that the Project Team can minimize the likelihood of these
occurrences, and determine appropriate contingency plans in the event of a problem.
LIST OF PROCESS

This phase consists of the following processes:

 Prepare for System Implementation, where all steps needed in advance of actually
deploying the application are performed, including preparation of both the production
environment and the Consumer communities.

 Deploy System, where the full deployment plan, initially developed during System
Design and evolved throughout subsequent lifecycle phases, is executed and validated.

 Transition to Performing Organization, where responsibility for and ownership of

the application are transitioned from the Project Team to the unit in the Performing
Organization that will provide system support and maintenance.