e-Fraud Prevention based on the Self- Authentication of e-Documents

1. Introduction:
We consider a method for preventing e-Fraud in which a image is encrypted with a
floating point cipher using a convolution operation and then output will generate in a image
cipher text. The output is then ‘embedded’ in a host image to hide the encrypted information.
Decryption is accomplished by: (i) extracting the binary image from the host image; (ii)
correlating the result with the original cipher. In principle, any cipher generator can be used
for this purpose and the method has been designed to operate with images. The approach has
a variety of applications and in this paper, we focus on the authentication and self-
authentication of e-documents (letters and certificates, for example) that are communicated
over the Internet and are thereby vulnerable to e-Fraud (e.g. modification, editing,
counterfeiting etc.).

2. System Analysis:

2.1 EXISTING SYSTEM

The weaknesses of all encryption systems is that the form of the output data (the
cipher text), if intercepted, alerts the intruder to the fact that the information being transmitted
may have some importance and that it is therefore worth attacking and attempting to decrypt
it. This aspect of cipher text transmission can be used to propagate disinformation, achieved
by encrypting information that is specifically designed to be intercepted and decrypted. In
this case, we assume that the intercept will be attacked, decrypted and the information
retrieved. There is no security when transmitting the data from one end to another.

2.2 PROPOSED SYSTEM

The main objective of the proposed system is to hide the encrypted message or a
secret data in to an image which further act as a carrier of secret data and to transmit to the
destination securely without any modification. If there are any perceivable changes when
inserting or embedding the information into the image or if any distortions occur in the image
or on its resolution there may be a chance for an unauthorized person to modify the data. So,
the data encryption into an image and decryption and steganography is used to protect the
data from unauthorized person, this plays a major role in the project. The scheme allows for
the authentication and self authentication of documents such as letters, certificates and other
image based data. For example, the self-authentication of e-documents sent as attachments
 e-Fraud Prevention based on the Self- Authentication of e-Documents

over the internet provides a unique facility for many legal and financial transactions that have
traditionally relied on paper based documents to secure authenticity.

PROCESS FLOW:

3.System Requirement Specification:

3.1 MODULE DESCRIPTION:

Number of Modules
After careful analysis the system has been identified to have the following modules:

1. File Upload And Encryption

2. Hiding Text
3. Text Extraction
4. Decryption

1. File Upload And Encryption:

Admin upload the files using filename and filed. The user will search the uploaded
files and select file and send request to admin. Admin view the user requested file and send
secret key with image in which text embed into the image .The binary image should be
converted in to block of bytes using serialization. The key will encrypt using an encryption
algorithm. Use the encryption function to encrypt the numeric plaintext values using the
 e-Fraud Prevention based on the Self- Authentication of e-Documents

public key. The encrypted function gives an integer value, and then converts the integer value
in to hexadecimal value. Concatenate the hexadecimal value to form a cipher text.

2. Hiding Text:

Steganography is the process of hiding the one information in to other sources of

information like text, image or audio file so that it is not visible to the natural view. Here, the
image is encrypted, then encrypted information hidden in a host image It is a simple approach
to embedding a message in to the image. The Least Significant Bit insertion varies according
to number of bits in an image. The encrypted text is hiding in changed to the bit of secret
message. The encrypted information is hidden in a cover image is called as stegoimage. The
stego key is used to extract the hidden data from a stegoimage. The stego key is a secret key
used to protect the hidden message in an image. The stegoimage should be sent as an
attachment to destination.

3. Text Extraction:

The stegoimage can view using the image upload path. The hidden text is extracted
from the host image using a stego key. The stego key is used to extract the text from the
image. The stego key finds the text hidden in image file. Extract the text from an image;
finally get the secret data and the hidden message stored in a file.

4. Decryption:

The encrypted information extract from an image and using a private key to decrypt
the hiddenmessage. Break the ciphertext into small blocks of data that are the same length as
the public key modulus. The blocks of data containing a hexadecimal string. The interpret
each hexadecimal string as a decimal integer value. Use the decryption function to decrypt
the integer values using the private key. Represent each decrypted value as a pair of bytes. By
using decryption the ciphertext convert in to block of bytes .After decryption the bytes
converted in to binary image using deserialization. The binary image is converted in to image
by using dequantization.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

3.2 SDLC METHODOLOGIES

This document play a vital role in the development of life cycle (SDLC) as it
describes the complete requirement of the system. It means for use by developers and will be
the basic during testing phase. Any changes made to the requirements in the future will have
to go through formal change approval process.

SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model
of Software Development and Enhancement. This model was not the first model to discuss
iterative development, but it was the first model to explain why the iteration models.

As originally envisioned, the iterations were typically 6 months to 2 years long. Each
phase starts with a design goal and ends with a client reviewing the progress thus far.
Analysis and engineering efforts are applied at each phase of the project, with an eye toward
the end goal of the project.

The steps for Spiral Model can be generalized as follows:

 The new system requirements are defined in as much details as possible. This
usually involves interviewing a number of users representing all the external or
internal users and other aspects of the existing system.

 A preliminary design is created for the new system.

 A first prototype of the new system is constructed from the preliminary design.
This is usually a scaled-down system, and represents an approximation of the
characteristics of the final product.

 A second prototype is evolved by a fourfold procedure:

1. Evaluating the first prototype in terms of its strengths, weakness, and risks.
2. Defining the requirements of the second prototype.
3. Planning an designing the second prototype.
4. Constructing and testing the second prototype.

 At the customer option, the entire project can be aborted if the risk is deemed too
great. Risk factors might involved development cost overruns, operating-cost
miscalculation, or any other factor that could, in the customer’s judgment, result in a
less-than-satisfactory final product.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

 The existing prototype is evaluated in the same manner as was the previous
prototype, and if necessary, another prototype is developed from it according to the
fourfold procedure outlined above.

 The preceding steps are iterated until the customer is satisfied that the refined
prototype represents the final product desired.

 The final system is constructed, based on the refined prototype.

 The final system is thoroughly evaluated and tested. Routine maintenance is

carried on a continuing basis to prevent large scale failures and to minimize down
time.

The following diagram shows how a spiral model acts like:

Fig 1.0-Spiral Model

 e-Fraud Prevention based on the Self- Authentication of e-Documents

ADVANTAGES

 Estimates(i.e. budget, schedule etc .) become more relistic as work progresses, because
important issues discoved earlier.

 It is more able to cope with the changes that are software development generally entails.

 Software engineers can get their hands in and start woring on the core of a project earlier.

3.3 Software Required:

 Operating System : Windows 95/98/2000/NT4.0.

 Server : Apache 7.0

 Front End : HTML.

 Scripts : JavaScript.

 Database : MySql, PhpMyAdmin.

 Programming Languages : PHP5.5 and Java 7.0.

3.4Hardware Required:

 System : Pentium IV 2.4 GHz

 Hard Disk : 40 GB

 Floppy Drive : 1.44 MB

 Monitor : 15 VGA colour

 Mouse : Logitech.

 Keyboard : 110 keys enhanced.

 RAM : 256 MB
 e-Fraud Prevention based on the Self- Authentication of e-Documents

4.System Design:

4.1 UML Diagrams

Use Case Diagram:

 e-Fraud Prevention based on the Self- Authentication of e-Documents

Class Diagram:
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Sequence Diagram:

Activity Diagram:
 e-Fraud Prevention based on the Self- Authentication of e-Documents

4.2 E-R Diagram:

 e-Fraud Prevention based on the Self- Authentication of e-Documents

5. TECHNOLOGY DESCRIPTION

HTML
HTML, an initialism of Hypertext Markup Language, is the predominant markup language
for web pages. It provides a means to describe the structure of text-based information in a document
— by denoting certain text as headings, paragraphs, lists, and so on — and to supplement that text
with interactive forms, embedded images, and other objects. HTML is written in the form of labels
(known as tags), surrounded by angle brackets. HTML can also describe, to some degree, the
appearance and semantics of a document, and can include embedded scripting language code which
can affect the behavior of web browsers and other HTML processors.

HTML is also often used to refer to content of the MIME type text/html or even more broadly
as a generic term for HTML whether in its XML-descended form (such as XHTML 1.0 and later) or
its form descended directly from SGML Hyper Text Markup Language

Hypertext Markup Language (HTML), the languages of the World Wide Web (WWW), allows users
to produces Web pages that include text, graphics and pointer to other Web pages (Hyperlinks).

HTML is not a programming language but it is an application of ISO Standard 8879, SGML
(Standard Generalized Markup Language), but specialized to hypertext and adapted to the Web. The
idea behind Hypertext is that instead of reading text in rigid linear structure, we can easily jump from
one point to another point. We can navigate through the information based on our interest and
preference. A markup language is simply a series of elements, each delimited with special characters
that define how text or other items enclosed within the elements should be displayed. Hyperlinks are
underlined or emphasized works that load to other documents or some portions of the same document.

HTML can be used to display any type of document on the host computer, which can be
geographically at a different location. It is a versatile language and can be used on any platform or
desktop.

HTML provides tags (special codes) to make the document look attractive. HTML tags are
not case-sensitive. Using graphics, fonts, different sizes, color, etc., can enhance the presentation of
the document. Anything that is not a tag is part of the document itself.
Basic HTML Tags:
<! -- --> specifies comments

<A>……….</A> Creates hypertext links

 e-Fraud Prevention based on the Self- Authentication of e-Documents

<B>……….</B> Formats text as bold

<BIG>……….</BIG> Formats text in large font.

<BODY>…</BODY> Contains all tags and text in the HTML document

<CENTER>...</CENTER> Creates text

<DD>…</DD> Definition of a term

<DL>...</DL> Creates definition list

<FONT>…</FONT> Formats text with a particular font

<FORM>...</FORM> Encloses a fill-out form

<FRAME>...</FRAME> Defines a particular frame in a set of frames

<H#>…</H#> Creates headings of different levels(1 – 6 )

<HEAD>...</HEAD> Contains tags that specify information about a document

<HR>...</HR> Creates a horizontal rule

<HTML>…</HTML> Contains all other HTML tags

<META>...</META> Provides meta-information about a document

<SCRIPT>…</SCRIPT> Contains client-side or server-side script

<TABLE>…</TABLE> Creates a table

<TD>…</TD> Indicates table data in a table

<TR>…</TR> Designates a table row

<TH>…</TH> Creates a heading in a table

Attributes

The attributes of an element are name-value pairs, separated by "=", and written
within the start label of an element, after the element's name. The value should be enclosed in
single or double quotes, although values consisting of certain characters can be left unquoted
in HTML (but not XHTML).Leaving attribute values unquoted is considered unsafe.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Most elements take any of several common attributes: id, class, style and title. Most
also take language-related attributes: lang and dir.

The id attribute provides a document-wide unique identifier for an element. This can
be used by stylesheets to provide presentational properties, by browsers to focus attention on
the specific element or by scripts to alter the contents or presentation of an element. The class
attribute provides a way of classifying similar elements for presentation purposes. For
example, an HTML document (or a set of documents) may use the designation
class="notation" to indicate that all elements with this class value are all subordinate to the
main text of the document (or documents). Such notation classes of elements might be
gathered together and presented as footnotes on a page, rather than appearing in the place
where they appear in the source HTML.

An author may use the style non-attributal codes presentational properties to a

particular element. It is considered better practice to use an element’s son- id page and select
the element with a stylesheet, though sometimes this can be too cumbersome for a simple ad
hoc application of styled properties. The title is used to attach subtextual explanation to an
element. In most browsers this title attribute is displayed as what is often referred to as a
tooltip. The generic inline span element can be used to demonstrate these various non-
attributes.

The preceding displays as HTML (pointing the cursor at the abbreviation should
display the title text in most browsers).

Advantages

 A HTML document is small and hence easy to send over the net. It is small because it
does not include formatted information.
 HTML is platform independent.
 HTML tags are not case-sensitive.

JavaScript

JavaScript is a script-based programming language that was developed by Netscape

Communication Corporation. JavaScript was originally called Live Script and renamed as
JavaScript to indicate its relationship with Java. JavaScript supports the development of both
client and server components of Web-based applications. On the client side, it can be used to
 e-Fraud Prevention based on the Self- Authentication of e-Documents

write programs that are executed by a Web browser within the context of a Web page. On the
server side, it can be used to write Web server programs that can process information
submitted by a Web browser and then update the browser’s display accordingly.

Even though JavaScript supports both client and server Web programming, we prefer
JavaScript at Client side programming since most of the browsers supports it. JavaScript is
almost as easy to learn as HTML, and JavaScript statements can be included in HTML
documents by enclosing the statements between a pair of scripting tags

<SCRIPTS>..</SCRIPT>.

<SCRIPT LANGUAGE = “JavaScript”>

JavaScript statements

</SCRIPT>

Here are a few things we can do with JavaScript:

 Validate the contents of a form and make calculations.

 Add scrolling or changing messages to the Browser’s status line.
 Animate images or rotate images that change when we move the mouse over them.
 Detect the browser in use and display different content for different browsers.
 Detect installed plug-ins and notify the user if a plug-in is required.
We can do much more with JavaScript, including creating entire application.

Advantages

 JavaScript can be used for Sever-side and Client-side scripting.

 It is more flexible than VBScript.
 JavaScript is the default scripting languages at Client-side since all the browsers supports it.

Java Technology

Initially the language was called as “oak” but it was renamed as “Java” in 1995. The primary
motivation of this language was the need for a platform-independent (i.e., architecture neutral)
language that could be used to create software to be embedded in various consumer electronic
devices.

 Java is a programmer’s language.

 e-Fraud Prevention based on the Self- Authentication of e-Documents

 Java is cohesive and consistent.

 Except for those constraints imposed by the Internet environment, Java gives the
programmer, full control.
 Finally, Java is to Internet programming where C was to system programming.

Importance of Java to the Internet

Java has had a profound effect on the Internet. This is because; Java expands the
Universe of objects that can move about freely in Cyberspace. In a network, two categories of
objects are transmitted between the Server and the Personal computer. They are: Passive
information and Dynamic active programs. The Dynamic, Self-executing programs cause
serious problems in the areas of Security and probability. But, Java addresses those concerns
and by doing so, has opened the door to an exciting new form of program called the Applet.

Java can be used to create two types of programs

Applications and Applets : An application is a program that runs on our Computer
under the operating system of that computer. It is more or less like one creating using C or
C++. Java’s ability to create Applets makes it important. An Applet is an application
designed to be transmitted over the Internet and executed by a Java –compatible web
browser. An applet is actually a tiny Java program, dynamically downloaded across the
network, just like an image. But the difference is, it is an intelligent program, not just a media
file. It can react to the user input and dynamically change.

Features of Java Security

Every time you that you download a “normal” program, you are risking a viral
infection. Prior to Java, most users did not download executable programs frequently, and
those who did scan them for viruses prior to execution. Most users still worried about the
possibility of infecting their systems with a virus. In addition, another type of malicious
program exists that must be guarded against. This type of program can gather private
information, such as credit card numbers, bank account balances, and passwords. Java
answers both these concerns by providing a “firewall” between a network application and
your computer.

When you use a Java-compatible Web browser, you can safely download Java applets
without fear of virus infection or malicious intent.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Portability

For programs to be dynamically downloaded to all the various types of platforms

connected to the Internet, some means of generating portable executable code is needed .As
you will see, the same mechanism that helps ensure security also helps create portability.
Indeed, Java’s solution to these two problems is both elegant and efficient.

The Byte code

The key that allows the Java to solve the security and portability problems is that the
output of Java compiler is Byte code. Byte code is a highly optimized set of instructions
designed to be executed by the Java run-time system, which is called the Java Virtual
Machine (JVM). That is, in its standard form, the JVM is an interpreter for byte code.

Translating a Java program into byte code helps makes it much easier to run a
program in a wide variety of environments. The reason is, once the run-time package exists
for a given system, any Java program can run on it.

Although Java was designed for interpretation, there is technically nothing about Java
that prevents on-the-fly compilation of byte code into native code. Sun has just completed its
Just In Time (JIT) compiler for byte code. When the JIT compiler is a part of JVM, it
compiles byte code into executable code in real time, on a piece-by-piece, demand basis. It is
not possible to compile an entire Java program into executable code all at once, because Java
performs various run-time checks that can be done only at run time. The JIT compiles code,
as it is needed, during execution.

Java Virtual Machine (JVM)

Beyond the language, there is the Java virtual machine. The Java virtual machine is an
important element of the Java technology. The virtual machine can be embedded within a
web browser or an operating system. Once a piece of Java code is loaded onto a machine, it is
verified. As part of the loading process, a class loader is invoked and does byte code
verification makes sure that the code that’s has been generated by the compiler will not
corrupt the machine that it’s loaded on. Byte code verification takes place at the end of the
compilation process to make sure that is all accurate and correct. So byte code verification is
integral to the compiling and executing of Java code.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Overall Description

Java Source Java byte code JavaVM

Java .Class

Fig 15: Picture showing the development process of JAVA Program

Java programming uses to produce byte codes and executes them. The first box
indicates that the Java source code is located in a. Java file that is processed with a Java
compiler called javac. The Java compiler produces a file called a. class file, which contains
the byte code. The .Class file is then loaded across the network or loaded locally on your
machine into the execution environment is the Java virtual machine, which interprets and
executes the byte code.

Java Architecture

Java architecture provides a portable, robust, high performing environment for

development. Java provides portability by compiling the byte codes for the Java Virtual
Machine, which is then interpreted on each platform by the run-time environment. Java is a
dynamic system, able to load code when needed from a machine in the same room or across
the planet.

Compilation of code

When you compile the code, the Java compiler creates machine code (called byte
code) for a hypothetical machine called Java Virtual Machine (JVM). The JVM is supposed
to execute the byte code. The JVM is created for overcoming the issue of portability. The
code is written and compiled for one machine and interpreted on all machines. This machine
is called Java Virtual Machine.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Compiling and interpreting Java Source Code

Java
PC Compiler Interpreter
Java
Source (PC)
Code Byte code
……….. Macintosh Java
……….. Compiler Interpreter
(Macintosh)
……….. (Platform
SPARC Independe Java
Compiler nt) Interpreter
(Spare)
…………

Fig 16: Compiling and interpreting Java Source Code

During run-time the java interpreter tricks the byte code file into thinking that it is
running on a Java Virtual Machine. In reality this could be a Intel Pentium Windows 95 or
SunSARC station running Solaris or Apple Macintosh running system and all could receive
code from any computer through Internet and run the Applets.
Java was designed to be easy for the Professional programmer to learn and to use
effectively. If you are an experienced C++ programmer, learning Java will be even easier.
Because Java inherits the C/C++ syntax and many of the object oriented features of C++.
Most of the confusing concepts from C++ are either left out of Java or implemented in a
cleaner, more approachable manner. In Java there are a small number of clearly defined ways
to accomplish a given task.

Object-Oriented

Java was not designed to be source-code compatible with any other language. This
allowed the Java team the freedom to design with a blank slate. One outcome of this was a
clean usable, pragmatic approach to objects. The object model in Java is simple and easy to
extend, while simple types, such as integers, are kept as high-performance non-objects.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Robust

The multi-platform environment of the Web places extraordinary demands on a

program, because the program must execute reliably in a variety of systems. The ability to
create robust programs was given a high priority in the design of Java. Java is strictly typed
language; it checks your code at compile time and run time.
Java virtually eliminates the problems of memory management and de-allocation,
which is completely automatic. In a well-written Java program, all run time errors can –and
should –be managed by your program.

Java Database Connectivity

JDBC
JDBC is a Java API for executing SQL statements. (As a point of interest, JDBC is a
trademarked name and is not an acronym; nevertheless, JDBC is often thought of as standing
for Java Database Connectivity. It consists of a set of classes and interfaces written in the
Java programming language.

Using JDBC, it is easy to send SQL statements to virtually any relational database.
One can write a single program using the JDBC API, and the program will be able to send
SQL statements to the appropriate database. The combinations of Java and JDBC lets a
programmer write it once and run it anywhere.

Use of JDBC

Simply put, JDBC makes it possible to do three things:

 Establish a connection with a database
 Send SQL statements
 Process the results.

JDBC versus ODBC and other APIs

At this point, Microsoft's ODBC (Open Database Connectivity) API is that probably the most
widely used programming interface for accessing relational databases. It offers the ability to
connect to almost all databases on almost all platforms.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

So why not just use ODBC from Java? The answer is that you can use ODBC from Java, but
this is best done with the help of JDBC in the form of the JDBC-ODBC Bridge, which we
will cover shortly. The question now becomes "Why do you need JDBC?" There are several
answers to this question:

 ODBC is not appropriate for direct use from Java because it uses a C interface. Calls
from Java to native C code have a number of drawbacks in the security,
implementation, robustness, and automatic portability of applications.
 A literal translation of the ODBC C API into a Java API would not be desirable. For
example, Java has no pointers, and ODBC makes copious use of them, including the
notoriously error-prone generic pointer "void *". You can think of JDBC as ODBC
translated into an object-oriented interface that is natural for Java programmers.
 ODBC is hard to learn. It mixes simple and advanced features together, and it has
complex options even for simple queries. JDBC, on the other hand, was designed to
keep simple things simple while allowing more advanced capabilities where required.
 A Java API like JDBC is needed in order to enable a "pure Java" solution. When
ODBC is used, the ODBC driver manager and drivers must be manually installed on
every client machine. When the JDBC driver is written completely in Java, however,
JDBC code is automatically installable, portable, and secure on all Java platforms
from network computers to mainframes.

JDBC Driver Types

The JDBC drivers that we are aware of at this time fit into one of four categories:

 JDBC-ODBC bridge plus ODBC driver

 Native-API partly-Java driver
 JDBC-Net pure Java driver
 Native-protocol pure Java driver

JDBC-ODBC Bridge

If possible, use a Pure Java JDBC driver instead of the Bridge and an ODBC driver.
This completely eliminates the client configuration required by ODBC. It also eliminates the
potential that the Java VM could be corrupted by an error in the native code brought in by the
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Bridge (that is, the Bridge native library, the ODBC driver manager library, the ODBC driver
library, and the database client library).

The JDBC-ODBC Bridge is a JDBC driver, which implements JDBC operations by

translating them into ODBC operations. To ODBC it appears as a normal application
program. The Bridge implements JDBC for any database for which an ODBC driver is
available. The Bridge is implemented as the

Sun.jdbc.odbc Java package and contains a native library used to access ODBC. The
Bridge is a joint development of Innersole and Java Soft.

JDBC connectivity

The JDBC provides database-independent connectivity between the J2EE platform

and a wide range of tabular data sources. JDBC technology allows an Application
Component Provider to:

 Perform connection and authentication to a database server

 Manager transactions
 Move SQL statements to a database engine for preprocessing and execution
 Execute stored procedures
 Inspect and modify the results from Select statements
Database:

A database management system (DBMS) is computer software designed for the

purpose of managing databases, a large set of structured data, and run operations on the data
requested by numerous users. Typical examples of DBMSs include Oracle, DB2, Microsoft
Access, Microsoft SQL Server, Firebird, PostgreSQL, MySQL, SQLite, FileMaker and
Sybase Adaptive Server Enterprise. DBMSs are typically used by Database administrators in
the creation of Database systems. Typical examples of DBMS use include accounting, human
resources and customer support systems.

Originally found only in large companies with the computer hardware needed to
support large data sets, DBMSs have more recently emerged as a fairly standard part of any
company back office.

Description
 e-Fraud Prevention based on the Self- Authentication of e-Documents

A DBMS is a complex set of software programs that controls the organization, storage,
management, and retrieval of data in a database. A DBMS includes:

 A modeling language to define the schema of each database hosted in the DBMS,
according to the DBMS data model.
 The four most common types of organizations are the hierarchical, network, relational
and object models. Inverted lists and other methods are also used. A given database
management system may provide one or more of the four models. The optimal
structure depends on the natural organization of the application's data, and on the
application's requirements (which include transaction rate (speed), reliability,
maintainability, scalability, and cost).
 The dominant model in use today is the ad hoc one embedded in SQL, despite the
objections of purists who believe this model is a corruption of the relational model,
since it violates several of its fundamental principles for the sake of practicality and
performance. Many DBMSs also support the Open Database Connectivity API that
supports a standard way for programmers to access the DBMS.
 Data structures (fields, records, files and objects) optimized to deal with very large
amounts of data stored on a permanent data storage device (which implies relatively
slow access compared to volatile main memory).
 A database query language and report writer to allow users to interactively interrogate
the database, analyze its data and update it according to the users privileges on data.
 It also controls the security of the database.
 Data security prevents unauthorized users from viewing or updating the database.
Using passwords, users are allowed access to the entire database or subsets of it called
subschemas. For example, an employee database can contain all the data about an
individual employee, but one group of users may be authorized to view only payroll
data, while others are allowed access to only work history and medical data.
 If the DBMS provides a way to interactively enter and update the database, as well as
interrogate it, this capability allows for managing personal databases. However, it
may not leave an audit trail of actions or provide the kinds of controls necessary in a
multi-user organization. These controls are only available when a set of application
programs are customized for each data entry and updating function.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

 A transaction mechanism, that ideally would guarantee the ACID properties, in order
to ensure data integrity, despite concurrent user accesses (concurrency control), and
faults (fault tolerance).
 It also maintains the integrity of the data in the database.
 The DBMS can maintain the integrity of the database by not allowing more than one
user to update the same record at the same time. The DBMS can help prevent
duplicate records via unique index constraints; for example, no two customers with
the same customer numbers (key fields) can be entered into the database. See ACID
properties for more information (Redundancy avoidance).

The DBMS accepts requests for data from the application program and instructs the
operating system to transfer the appropriate data.

When a DBMS is used, information systems can be changed much more easily as the
organization's information requirements change. New categories of data can be added to the
database without disruption to the existing system.

Organizations may use one kind of DBMS for daily transaction processing and then
move the detail onto another computer that uses another DBMS better suited for random
inquiries and analysis. Overall systems design decisions are performed by data administrators
and systems analysts. Detailed database design is performed by database administrators.

Database servers are specially designed computers that hold the actual databases and
run only the DBMS and related software. Database servers are usually multiprocessor
computers, with RAID disk arrays used for stable storage. Connected to one or more servers
via a high-speed channel, hardware database accelerators are also used in large volume
transaction processing environments.

DBMSs are found at the heart of most database applications. Sometimes DBMSs are built
around a private multitasking kernel with built-in networking support although nowadays
these functions are left to the operating system.

SQL

Structured Query Language (SQL) is the language used to manipulate relational

databases. SQL is tied very closely with the relational model.

In the relational model, data is stored in structures called relations or tables.

 e-Fraud Prevention based on the Self- Authentication of e-Documents

SQL statements are issued for the purpose of:

Data definition: Defining tables and structures in the database (DDL used to create, alter and
drop schema objects such as tables and indexes).

Data manipulation: Used to manipulate the data within those schema objects (DML
Inserting, Updating, Deleting the data, and Querying the Database).

A schema is a collection of database objects that can include: tables, views, indexes
and sequences

List of SQL statements that can be issued against an Oracle database schema are:

 ALTER - Change an existing table, view or index definition (DDL)

 AUDIT - Track the changes made to a table (DDL)
 COMMENT - Add a comment to a table or column in a table (DDL)
 COMMIT - Make all recent changes permanent (DML - transactional)
 CREATE - Create new database objects such as tables or views (DDL)
 DELETE- Delete rows from a database table (DML)
 DROP - Drop a database object such as a table, view or index (DDL)
 GRANT - Allow another user to access database objects such as tables or views
(DDL)
 INSERT - Insert new data into a database table (DML)
 No AUDIT - Turn off the auditing function (DDL)
 REVOKE - Disallow a user access to database objects such as tables and views
(DDL)
 ROLLBACK - Undo any recent changes to the database (DML - Transactional)
 SELECT - Retrieve data from a database table (DML)
 TRUNCATE - Delete all rows from a database table (can not be rolled back) (DML)
 UPDATE- Change the values of some data items in a database table (DML)

SERVLETS

Introduction
The Java web server is JavaSoft's own web Server. The Java web server is just a part
of a larger framework, intended to provide you not just with a web server, but also with tools.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

To build customized network servers for any Internet or Intranet client/server system.
Servlets are to a web server, how applets are to the browser.

About Servlets

Servlets provide a Java-based solution used to address the problems currently

associated with doing server-side programming, including inextensible scripting solutions,
platform-specific APIs, and incomplete interfaces.

Servlets are objects that conform to a specific interface that can be plugged into a
Java-based server. Servlets are to the server-side what applets are to the client-side - object
byte codes that can be dynamically loaded off the net. They differ from applets in that they
are faceless objects (without graphics or a GUI component). They serve as platform
independent, dynamically loadable, pluggable helper byte code objects on the server side that
can be used to dynamically extend server-side functionality.

For example, an HTTP Servlets can be used to generate dynamic HTML content.
When you use Servlets to do dynamic content you get the following advantages:

 They are faster and cleaner than CGI scripts

 They use a standard API (the Servlets API)
 They provide all the advantages of Java (run on a variety of servers without needing
to be rewritten).
Attractiveness of Servlets

There are many features of Servlets that make them easy and attractive to use. These
include:

 Easily configured using the GUI-based Admin tool

 Can be loaded and invoked from a local disk or remotely across the network.
 Can be linked together, or chained, so that one Servlets can call another Servlets, or
several Servlets in sequence.
 Can be called dynamically from within HTML pages, using server-side include tags.
 Are secure - even when downloading across the network, the Servlets security model
and Servlets sandbox protect your system from unfriendly behavior.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Advantages of the Servlet API

One of the great advantages of the Servlet API is protocol independence. It assumes
nothing about:

 The protocol being used to transmit on the net

 How it is loaded
 The server environment it will be running in
These qualities are important, because it allows the Servlet API to be embedded in
many different kinds of servers. There are other advantages to the Servlet API as well. These
include:

 It’s extensible - you can inherit all your functionality from the base classes made
available to you.
 It’s simple, small, and easy to use.

Fig 17:J2EE Architecture

Features of Servlets

 Servlets are persistent. Servlet are loaded only by the web server and can maintain
services between requests.
 Servlets are fast. Since Servlets only need to be loaded once, they offer much
better performance over their CGI counterparts.
 Servlets are platform independent.
 Servlets are extensible. Java is a robust, object-oriented programming language,
which easily can be extended to suit your needs
 e-Fraud Prevention based on the Self- Authentication of e-Documents

 Servlets are secure.

 Servlets can be used with a variety of clients.

Loading Servlets

Servlets can be loaded from three places

From a directory that is on the CLASSPATH. The CLASSPATH of the

JavaWebServer includes service root/classes/ which is where the system classes reside.

From the <SERVICE_ROOT /Servlets/ directory. This is *not* in the server’s class
path. A class loader is used to create Servlets from this directory. New Servlets can be added
- existing Servlets can be recompiled and the server will notice these changes.

From a remote location, for this a code base like http: // nine.eng / classes / foo / is
required in addition to the Servlets class name. Refer to the admin GUI docs on Servlet
section to see how to set this up.

Loading Remote Servlets

Remote Servlets can be loaded by:

 Configuring the Admin Tool to setup automatic loading of remote Servlets

 Setting up server side include tags in. shtml files

Invoking Servlets

A Servlet invoker is a Servlet that invokes the "service" method on a named Servlet.
If the Servlet is not loaded in the server, then the invoker first loads the Servlet (either from
local disk or from the network) and the then invokes the "service" method. Also like applets,
local Servlets in the server can be identified by just the class name. In other words, if a
Servlet name is not absolute, it is treated as local.

A client can invoke Servlets in the following ways:

 The client can ask for a document that is served by the Servlet.
 The client (browser) can invoke the Servlet directly using a URL, once it has been
mapped using the Servlet Aliases section of the admin GUI.
 The Servlet can be invoked through server side include tags.
 The Servlet can be invoked by placing it in the Servlets/ directory.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

 The Servlet can be invoked by using it in a filter chain.

Java Server Pages (JSP)

Java server Pages is a simple, yet powerful technology for creating and maintaining
dynamic-content web pages. Based on the Java programming language, Java Server Pages
offers proven portability, open standards, and a mature re-usable component model .The Java
Server Pages architecture enables the separation of content generation from content
presentation. This separation not eases maintenance headaches; it also allows web team
members to focus on their areas of expertise. Now, web page designer can concentrate on
layout, and web application designers on programming, with minimal concern about
impacting each other’s work.

Features of JSP

Portability

Java Server Pages files can be run on any web server or web-enabled application
server that provides support for them. Dubbed the JSP engine, this support

involves recognition, translation, and management of the Java Server Page lifecycle
and its interaction components.

Components

It was mentioned earlier that the Java Server Pages architecture can include reusable
Java components. The architecture also allows for the embedding of a scripting language
directly into the Java Server Pages file. The components current supported include Java
Beans, and Servlets.

Processing

A Java Server Pages file is essentially an HTML document with JSP scripting or tags.
The Java Server Pages file has a JSP extension to the server as a Java Server Pages file.
Before the page is served, the Java Server Pages syntax is parsed and processed into a Servlet
 e-Fraud Prevention based on the Self- Authentication of e-Documents

on the server side. The Servlet that is generated outputs real content in straight HTML for
responding to the client.

Access Models

A Java Server Pages file may be accessed in at least two different ways. A client’s request
comes directly into a Java Server Page. In this scenario, suppose the page accesses reusable
Java Bean components that perform particular well-defined computations like accessing a
database. The result of the Beans computations, called result sets is stored within the Bean as
properties. The page uses such Beans to generate dynamic content and present it back to the
client.

In both of the above cases, the page could also contain any valid Java code. Java Server
Pages architecture encourages separation of content from presentation.

Fig 18:Access Models

Steps in the execution of a JSP Application

 The client sends a request to the web server for a JSP file by giving the name of the
JSP file within the form tag of a HTML page.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

 This request is transferred to the JavaWebServer. At the server side JavaWebServer

receives the request and if it is a request for a jsp file server gives this request to the
JSP engine.
 JSP engine is program which can under stands the tags of the jsp and then it
converts those tags into a Servlet program and it is stored at the server side.

6.Coding

RSA.java

import java.math.*;

import java.io.*;

import java.util.zip.*;

import java.util.*;

class RSAVal

public int j=0;

public int p=3,q=11;

public int n,v,d;

public int k=0,i=0;

public double em=0;

public int ekey=0,dkey=0;

public int m=2;

public void cal() throws Exception

 e-Fraud Prevention based on the Self- Authentication of e-Documents

n=p*q;

v=(p-1)*(q-1);

for(k=2;k<=100;k++)

i=findGCD(k,v);

if(i==1)

break;

else

continue;

for(d=1;d<=1000;d++)

i=(d*k)%v;

if(i==1)

break;

else

continue;

double d1=Math.pow(m,k);

em=(Math.pow(m,k))%n;

ekey=(int)em;

String eke="A$b";

String eke1=eke+ekey;
 e-Fraud Prevention based on the Self- Authentication of e-Documents

System.out.println("Enter College Code");

Scanner sc=new Scanner(System.in);

String clogin=sc.nextLine();

String clogin1=clogin.trim();

System.out.println("Enter Encryption key");

String s1=sc.nextLine();

StringTokenizer st = new StringTokenizer(s1,"b");

String skey1="",kkey="";

while(st.hasMoreTokens())

skey1=st.nextToken();

kkey=st.nextToken();

String skey=skey1.trim();

String tkey=kkey.trim();

dkey=Integer.parseInt(tkey);

double kdm=Math.pow(em,d);

int dm1=(int)kdm;

double dm=(Math.pow(dkey,d))%n;

int dmkey=(int)dm;

if(clogin1.equals("5005"))
 e-Fraud Prevention based on the Self- Authentication of e-Documents

if((dmkey==m)&&(eke1.equals(s1)))

FileInputStream fis=new FileInputStream("d:/qpe/filee.pdf");

FileOutputStream fos=new FileOutputStream("d:/qpd/filed.pdf");

InflaterInputStream iis=new InflaterInputStream(fis);

int data;

while((data=iis.read())!=-1)

fos.write(data);

fos.close();

iis.close();

else

System.out.println("Wrong Key");

else

System.out.println("wrong Password..");

public static int findGCD(int number1, int number2) {

//base case

if(number2 == 0){

return number1;

}
 e-Fraud Prevention based on the Self- Authentication of e-Documents

return findGCD(number2, number1%number2);

Zip.java

import java.io.*;

import java.util.zip.*;

class Zip

public static void main(String args[]) throws Exception

FileInputStream fis=new FileInputStream("5005-02-12-2014.pdf");

FileOutputStream fos=new FileOutputStream("qpe/5005-02-12-2014e.pdf");

DeflaterOutputStream dos=new DeflaterOutputStream(fos);

int data;

while((data=fis.read())!=-1)

dos.write(data);

fis.close();

dos.close();

RSA.java Class

import java.io.*;

import java.util.zip.*;

import java.util.*;

class RSA

public static void main(String args[]) throws Exception

 e-Fraud Prevention based on the Self- Authentication of e-Documents

RSAVal de=new RSAVal();

de.cal();

7. TESTING
Software Testing is the process used to help identify the correctness, completeness,
security, and quality of developed computer software. Testing is a process of technical
investigation, performed on behalf of stakeholders, that is intended to reveal quality-related
information about the product with respect to the context in which it is intended to operate.
This includes, but is not limited to, the process of executing a program or application with the
intent of finding errors. Quality is not an absolute; it is value to some person. With that in
mind, testing can never completely establish the correctness of arbitrary computer software;
testing furnishes a criticism or comparison that compares the state and behavior of the
product against a specification. An important point is that software testing should be
distinguished from the separate discipline of Software Quality Assurance (SQA), which
encompasses all business process areas, not just testing.
There are many approaches to software testing, but effective testing of complex
products is essentially a process of investigation, not merely a matter of creating and
following routine procedure. One definition of testing is "the process of questioning a product
in order to evaluate it", where the "questions" are operations the tester attempts to execute
with the product, and the product answers with its behavior in reaction to the probing of the
tester[citation needed]. Although most of the intellectual processes of testing are nearly
identical to that of review or inspection, the word testing is connoted to mean the dynamic
analysis of the product—putting the product through its paces. Some of the common quality
attributes include capability, reliability, efficiency, portability, maintainability, compatibility
 e-Fraud Prevention based on the Self- Authentication of e-Documents

and usability. A good test is sometimes described as one which reveals an error; however,
more recent thinking suggests that a good test is one which reveals information of interest to
someone who matters within the project community.

Testing Concepts
Testing

Testing Methodologies
 Black box Testing:
 White box Testing.
 Gray Box Testing.

Levels of Testing
 Unit Testing.
 Module Testing.
 Integration Testing.
 System Testing.
 User Acceptance Testing.

Types Of Testing
 Smoke Testing.
 Sanitary Testing.
 Regression Testing.
 Re-Testing.
 Static Testing.
 Dynamic Testing.
 Alpha-Testing.
 Beta-Testing.
 Monkey Testing.
 Compatibility Testing.
 Installation Testing.
 Adhoc Testing.
 Ext….
 e-Fraud Prevention based on the Self- Authentication of e-Documents

TCD (Test Case Documentation)

STLC
o Test Planning.
o Test Development.
o Test Execution.
o Result Analysis.
o Bug-Tracing.
o Reporting.
Microsoft Windows – Standards
Manual Testing
Automation Testing (Tools)
o Win Runner.
o Test Director.
Testing:

The process of executing a system with the intent of finding an error. Testing is defined as the
process in which defects are identified, isolated, subjected for rectification and ensured that
product is defect free in order to produce the quality product and hence customer satisfaction.
Quality is defined as justification of the requirements
Defect is nothing but deviation from the requirements
Defect is nothing but bug.
Testing --- The presence of bugs
Testing can demonstrate the presence of bugs, but not their absence
Debugging and Testing are not the same thing!
Testing is a systematic attempt to break a program or the AUT
Debugging is the art or method of uncovering why the script /program did not execute
properly.
Testing Methodologies:

Black box Testing: is the testing process in which tester can perform testing on an
application without having any internal structural knowledge of application.
Usually Test Engineers are involved in the black box testing.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

White box Testing: is the testing process in which tester can perform testing on an
application with having internal structural knowledge.
Usually The Developers are involved in white box testing.

Gray Box Testing: is the process in which the combination of black box and white box
tonics’ are used.
Test Planning:
1. Test Plan is defined as a strategic document which describes the procedure how to perform
various testing on the total application in the most efficient way.
2. This document involves the scope of testing,
3. Objective of testing,
4. Areas that need to be tested,
5. Areas that should not be tested,
6. Scheduling Resource Planning,
7. Areas to be automated, various testing tools Used.

Test Development:
Test case Development (check list)
Test Procedure preparation. (Description of the Test cases).
Implementation of test cases.Observing the result.
Result Analysis:
Expected value: is nothing but expected behavior Of application.
Actual value: is nothing but actual behavior of application
Bug Tracing: Collect all the failed cases, prepare documents.
Reporting: Prepare document (status of the application)
Types Of Testing:
Smoke Testing: is the process of initial testing in which tester looks for the availability of all
the functionality of the application in order to perform detailed testing on them. (Main check
is for available forms)
Sanity Testing: is a type of testing that is conducted on an application initially to check for
the proper behavior of an application that is to check all the functionality are available before
the detailed testing is conducted by on them.
Regression Testing: is one of the best and important testing. Regression testing is the
process in which the functionality, which is already tested before, is once again tested
 e-Fraud Prevention based on the Self- Authentication of e-Documents

whenever some new change is added in order to check whether the existing functionality
remains same.
Re-Testing: is the process in which testing is performed on some functionality which is
already tested before to make sure that the defects are reproducible and to rule out the
environments issues if at all any defects are there.
Static Testing: is the testing, which is performed on an application when it is not been
executed.ex: GUI, Document Testing
Dynamic Testing: is the testing which is performed on an application when it is being
executed.ex: Functional testing.
Alpha Testing: it is a type of user acceptance testing, which is conducted on an application
when it is just before released to the customer.

Beta-Testing: it is a type of UAT that is conducted on an application when it is released to

the customer, when deployed in to the real time environment and being accessed by the real
time users.

Monkey Testing: is the process in which abnormal operations, beyond capacity operations
are done on the application to check the stability of it in spite of the users abnormal behavior.

Compatibility testing: it is the testing process in which usually the products are tested on the
environments with different combinations of databases (application servers, browsers…etc)
In order to check how far the product is compatible with all these environments platform
combination.

Installation Testing: it is the process of testing in which the tester try to install or try to
deploy the module into the corresponding environment by following the guidelines produced
in the deployment document and check whether the installation is successful or not.

Adhoc Testing:Adhoc Testing is the process of testing in which unlike the formal testing
where in test case document is used, with out that test case document testing can be done of
an application, to cover that testing of the future which are not covered in that test case
document. Also it is intended to perform GUI testing which may involve the cosmotic issues.
 e-Fraud Prevention based on the Self- Authentication of e-Documents

8. Output Screens

RAR File downloading steps:

Step 1: URL open

 e-Fraud Prevention based on the Self- Authentication of e-Documents

Step 2:

Enter Your College

Code in Login Id Box

Enter Your Password in

Password Box

After you logged In the below page will be shown

Step 3:
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Click on break RAR file

Password

The protected rar file will be download in your system.

Save this file.

Extracting File Steps:

Step 1:
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Select Extract to foldername

Step 2:

We are sending passwords to your mobile before one hour of an examinations:

Like

Rar file Password: 1234 Type your rar file password

Encrypted File Password: A$@8 Like 1234

 e-Fraud Prevention based on the Self- Authentication of e-Documents

Then press ok button.

Step 3:

Select keys,qpd,qpe folders and copy this folders into D:// drive(Local disk (D)).
 e-Fraud Prevention based on the Self- Authentication of e-Documents

Type D:

Run a program (To decrypt a file):

Step 1:
Open Command Prompt.

Then Press Enter

 e-Fraud Prevention based on the Self- Authentication of e-Documents

Step 2: Type cd keys

Type cd keys in command prompt (To change)

Type java RSA

Then Press Enter

Step 3:

Then press Enter the system will be ask your college code(Like 1234 ) and Encryption key (Like
A$@8).

College Code like 1234

Encryption key A$@8

 e-Fraud Prevention based on the Self- Authentication of e-Documents

Then press Enter

After completion of this above process to open qpd folder in d: drive

Finally the file decrypted.

9. Conclusion
 e-Fraud Prevention based on the Self- Authentication of e-Documents

One of the principal weaknesses of all encryption systems is that the form of the
output data (the cipher text), if intercepted, alerts the intruder to the fact that the information
being transmitted may have some importance and that it is therefore worth attacking and
attempting to decrypt it. This aspect of cipher text transmission can be used to propagate
disinformation, achieved by encrypting information that is specifically designed to be
intercepted and decrypted. In this case, we assume that the intercept will be attacked,
decrypted and the information retrieved. The ‘key’ to this approach is to make sure that the
ciphertext is relatively strong (but not too strong!) and that the information extracted is of
good quality in terms of providing the attacker with ‘intelligence’ that is perceived to be
valuable and compatible with their expectations, i.e. information that reflects the
concerns/interests of the individual(s) and/or organization(s) that encrypted the data. This
approach provides the interceptor with a ‘honey pot’ designed to maximize their confidence
especially when they have had to put a significant amount of work in to ‘extracting it’. The
trick is to make sure that this process is not too hard or too easy. ‘Too hard’ will defeat the
object of the exercise as the attacker might give up; ‘too easy’, and the attacker will suspect a
set-up!
 e-Fraud Prevention based on the Self- Authentication of e-Documents

10. Bibliography

Reference text books

 Core java volume-II Advanced features 7th edition by Cay S.Horstmannand Gary Cornell
(Pearson education).
 Java Servlet Programming by O’relly publishers
 Java Complete Reference 5th edition by Herbert Schildt (Tata McGraw Hill).
 Algorithm and applications in java 3rd edition by SatrajSahni (Tata McGraw Hill).
 Classical Data Structures by Samantha (Pearson education).
 Java Server Programming 2.0 with complete J2EE concepts included (apress).
 Software Engineering practice and principles 6th edition by Roger Pressmen (Tata McGraw
Hill).
 Java How to program 5th edition Deitel and Deitel(Prentice Hall of India).
 Internet & World Wide Web How to program 3rd edition by Deitel&Deitel and Goldberg
(Pearson education).
 Web enabled commercial application development using Java 2.0 by Ivan Bayross (Prentice
Hall of India).
 Data base System Concepts 4th edition by Silbershatz, Korth, and Sudharshan(Tata McGraw
Hill).
 Fundamentals of Data base systems 4th edition by RamezElmasri and
ShamkantB.Navathe(Pearson education).

Websites

 www.javaworld.com
 www.apaache.org
 www.java.sun.com
 www.w3schools.com
 www.itpapers.com