MULTI LEVEL PASSWORD AUTHENTICATION USING

BIO-METRIC VERIFICATION FOR SMART ATM

A PROJECT REPORT

Submitted by

ASHMI SELIN.JS (422617104006)

BHARAHI.S (422617104010)

DINESHKUMAR.M (422617104014)

MALA.A (422617104025)

In partial fulfilment for the award of the degree

Of

BACHELOR OF ENGINEERING

IN

COMPUTER SCIENCE AND ENGINEERING

UNIVERSITY COLLEGE OF ENGINEERING, PANRUTI

ANNA UNIVERSITY: CHENNAI 600 025

APRIL 2021
 ANNA UNIVERSITY: CHENNAI 600 025

BONAFIDE CERTIFICATE

Certified that this project report “MULTI LEVEL PASSWORD

AUTHENTICATION USING BIO-METRIC VERIFICATION
FOR SMART ATM” is the bonafide work of “ASHMI SELIN. JS
(422617104006), BHARAHI. S (422617104010), DINESH KUMAR. M
(422617104014), MALA. A (422617104025)” who carried out the project work
under my supervision.

SIGNATURE SIGNATURE

Dr. S. Ayshwarya Lakshmi M.Tech., PhD. Mr. C. Bharanidharan, M.E.

HEAD OF DEPARTMENT SUPERVISIOR

Computer Science & Engineering Computer Science & Engineering

University College of Engineering University College of Engineering

Panruti – 607106 Panruti - 607106

EXAMINATION HELD ON ………………………

INTERNAL EXAMINER EXTERNAL EXAMINER

ABSTRACT

The importance of security in the authentication process as well as the

increase in threat level posed by such malware has attracted many researchers to
the field. Many attacks are successful in accessing social network accounts
since the current password-based authentication paradigms are not efficient and
robust enough as well as vulnerable to automated attacks. The simplest
alternative is complementing the single factor (password-based) authentication
process with additional identification elements, such as one-time PIN codes,
generated by the user’s own device (e.g. the smartphone) or received via SMS.
In this project, a novel method using three layer based authentication is
proposed to address the problem of shoulder-surfing attacks on authentication
schemes. First layer based on biometric based authentication system, which
provides new solutions to address the issues of security and privacy. So
implement real time authentication system using face biometrics for authorized
the person for ATM system. Second layer provide OTP verification with reverse
processing. Then implement PIN-based authentication method that operates on
ATM Application. Hybrid keypad uses the technique to blend two keypads with
different digit orderings in such a way, that the user who is close to the device is
seeing one keypad to enter the PIN, while the attacker who is looking at the
device from a bigger distance is seeing only the other keypad. The three layer
authentication process enabled when user login into the application and also
when a transaction is done.
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NO.

ABSRACT
LIST OF FIGURES
LIST OF FIGURES
LIST OF ABBREVATIONS
1 INTRODUCTION
1.1 Network SECURITY BASICS
1.2 Network Security
1.2.1 Security Management
1.3 Types of Attacks
1.4 Types of Network Security
1.5 Authentication Methods
2 LITERATURE SURVEY
2.1 SECURE THREE-FACTOR USER
AUHENTICATION SCHEME FOR
RENEWABLE ENERGY BASED
SMART GRID ENVIRONMENT
2.2 DETECTION OF NODE CAPTURE
ATTACK IN WIRELSS SENSOR
NETWORKS
2.3 LIGHTWEIGHT AND PRACTICAL
ANONYMUS AUTHENTICATION
PROTOCOL FOR RFID SYSEM USING
PHYSICALLY UNCLONABLE
FUNCTIONS
2.4 A NEW EFFICIENT CHAOTIC
MAPS BASED THREE FACTOR USER
AUTHENTICATION AND KEY
AGREEMENT SCHEME
2.5 COMMENS ON AN IMPROVED
 SECURE AND EFFICIENT
PASSWORD AND CHOAS BASED
TWO PARTY KEYS AGREEMENT
PROTOCAL
3 SYSTEM ANALYSIS
3.1 Existing System
3.2 Disadvantages
3.3 Proposed System
3.4 Advantages
4 SYSTEM REQUIREMENTS
4.1 Hardware Requirements
4.2 Software Requirements
5 SOFTWARE DESCRIPTION
5.1 Overview of Visual Studio
5.1.1 .Net Programming Dialects
5.1.2 VB.NET Features
5.1.3 Advantages of VB.NET
5.2 ASP.NET Environment
5.2.1 Features
5.3 SQL Server 8.0
5.3.1 Element of SQL Server
5.3.2 SQL API
5.3.3 HTML
6 SYSTEM DESIGING
6.1 System Architecture
6.2 Data Flow Diagram
7 SYSTEM IMPLEMENTATION
7.1 Module List
7.2 Module Description
7.3 Algorithm
8 SYSTEM TESTING
8.1 Unit Testing
8.2 Functional Testing
8.3 Integration Testing
9 SYSTEM STUDY
10 SCREENSHOTS
11 CONCULSION AND FUTURE
ENCHANCEMENT
11.1 Conclusion
11.2 Future Enhancement
 MULTI LEVEL PASSWORD
AUTHENTICATION USING BIO-METRIC
VERIFICATION FOR SMART ATM
 CHAPTER 1

INTRODUCTION

1.1 NETWORK SECURITY BASICS

Network security consists of the policies and practices adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of a computer network and network-
accessible resources. Network security involves the authorization of access to data in a
network, which is controlled by the network administrator. Users choose or are assigned an
ID and password or other authenticating information that allows them access to information
and programs within their authority. Network security covers a variety of computer networks,
both public and private, that are used in everyday jobs; conducting transactions and
communications among businesses, government agencies and individuals. Networks can be
private, such as within a company, and others which might be open to public access. Network
security is involved in organizations, enterprises, and other types of institutions. It does as its
title explains: It secures the network, as well as protecting and overseeing operations being
done. The most common and simple way of protecting a network resource is by assigning it a
unique name and a corresponding password.

1.2 NETWORK SECURITY

 Network security starts with authenticating, commonly with a username and a
password. Since this requires just one detail authenticating the user name—i.e., the password
—this is sometimes termed one-factor authentication. With two-factor authentication,
something the user 'has' is also used (e.g., a security token or 'dongle', an ATM card, or a
mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g.,
a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are
allowed to be accessed by the network users. Though effective to prevent unauthorized
access, this component may fail to check potentially harmful content such as computer
worms or Trojans being transmitted over the network. Anti-virus software or an intrusion
prevention system (IPS) helps detect and inhibit the action of such malware. An anomaly-
based intrusion detection system may also monitor the network like wire shark traffic and
may be logged for audit purposes and for later high-level analysis. Newer systems combining
unsupervised machine learning with full network traffic analysis can detect active network
attackers from malicious insiders or targeted external attackers that have compromised a user
machine or account. Communication between two hosts using a network may be encrypted to
maintain privacy.
Honeypots, essentially decoy network-accessible resources, may be deployed in a
network as surveillance and early-warning tools, as the honeypots are not normally accessed
for legitimate purposes. Techniques used by the attackers that attempt to compromise these
decoy resources are studied during and after an attack to keep an eye on new exploitation
techniques. Such analysis may be used to further tighten security of the actual network being
protected by the honeypot. A honeypot can also direct an attacker's attention away from
legitimate servers. A honeypot encourages attackers to spend their time and energy on the
decoy server while distracting their attention from the data on the real server. Similar to a
honeypot, a honeynet is a network set up with intentional vulnerabilities. Its purpose is also to
invite attacks so that the attacker's methods can be studied and that information can be used
to increase network security. A honeynet typically contains one or more honeypots.

1.2.1 SECURITY MANAGEMENTS

Security management for networks is different for all kinds of situations. A home or
small office may only require basic security while large businesses may require high-
maintenance and advanced software and hardware to prevent malicious attacks from hacking
and spamming.

1.3 TYPES OF ATTACKS

Networks are subject to attacks from malicious sources. Attacks can be from two
categories: "Passive" when a network intruder intercepts data traveling through the network,
and "Active" in which an intruder initiates commands to disrupt the network's normal
operation or to conduct reconnaissance and lateral movement to find and gain access to assets
available via the network.

Access manipulate
Not each consumer need to have access on your network. To preserve out capability
attackers, you need to apprehend every consumer and every tool. Then you could put into
effect your safety rules. You can block noncompliant endpoint devices or provide them most
effective limited get entry to. This process is community get entry to control (NAC).

Antivirus and antimalware software program

Malicious software is called for Malware that has viruses, worms, Trojans, ransomware, and
adware. Sometimes malware will infect a network but lie dormant for days or maybe weeks.
The quality antimalware packages no longer handiest scan for malware upon entry, but also
continuously music documents afterward to discover anomalies, do away with malware, and
attach damage.

Application protection
Any software you operate to run your business wishes to be covered, whether or not your IT
personnel builds it or whether or not you buy it. Unfortunately, any utility can also comprise
holes, or vulnerabilities, the ones attackers can use to infiltrate your network. Application
security encompasses the hardware, software, and techniques you use to shut the ones holes.

Behavioural analytics
To stumble on unusual community behaviour, you should recognize what everyday conduct
looks like. Behavioural analytics tools automatically parent activities that deviate from the
norm. Your security crew can then better pick out indicators of compromise that pose a
capability problem and speedy remediate threats.

Email protection
Email gateways are the number one threat vector for a safety breach. Attackers use personal
facts and social engineering techniques to build sophisticated phishing campaigns to mislead
recipients and send them to web sites serving up malware. An email protection utility blocks
incoming attacks and controls outbound messages to prevent the loss of sensitive facts.

Firewalls
Firewalls positioned up a barrier between your trusted inner community and untrusted
outdoor networks, which includes the Internet. They use a hard and fast of defined
regulations to permit or block traffic. A firewall can be hardware, software program, or both.
Cisco gives unified hazard control (UTM) devices and danger-targeted next-generation
firewalls.
Intrusion prevention structures
An intrusion prevention machine (IPS) scans network site visitors to actively block assaults.
Cisco Next-Generation IPS (NGIPS) appliances try this by way of correlating big amounts of
world risk intelligence to no longer only block malicious interest but additionally tune the
progression of suspect files and malware throughout the network to prevent the unfold of
outbreaks and reinjection.

Mobile tool safety

Cybercriminals are increasingly more targeting cell gadgets and apps. Within the next 3
years, 90 percentage of IT companies may also help corporate packages on personal cellular
gadgets. Of path, you need to manipulate which devices can get admission to your
community. You will even need to configure their connections to preserve network traffic
non-public.

Network segmentation
Software-defined segmentation puts network visitors into one of a kind classifications and
makes imposing safety rules easier. Ideally, the classifications are based on endpoint
identification, not mere IP addresses. You can assign get right of entry to rights primarily
based on function, area, and extra so that the proper stage of get right of entry to is given to
the proper human beings and suspicious gadgets are contained and remediated.

Security information and event management

SIEM products pull collectively the information that your safety body of workers needs to
pick out and reply to threats. These products are available in numerous paperwork, which
includes physical and virtual home equipment and server software program.

Web security
A web protection solution will manipulate your staff’s internet use, block web-based totally
threats, and deny get admission to malicious web sites. It will shield your web gateway on
website online or inside the cloud. It also refers to the companion way you take to defend
your own internet site.

Wireless safety
Wireless networks are not as at ease as stressed ones. Without stringent security measures,
putting in a wi-fi LAN may be like setting Ethernet ports anywhere, along with the car
parking zone. To save you an exploit from taking maintain, you need merchandise
specifically designed to protect a wi-fi community.

1.4 TYPES OF NETWORK SECURITY

Access control

Not every user should have access to your network. To keep out potential attackers,
you need to recognize each user and each device. Then you can enforce your security
policies. You can block noncompliant endpoint devices or give them only limited access.
This process is network access control (NAC).

Antivirus and antimalware software

"Malware," short for "malicious software," includes viruses, worms, Trojans,
ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days
or even weeks. The best antimalware programs not only scan for malware upon entry, but
also continuously track files afterward to find anomalies, remove malware, and fix damage.
Application security
Any software you use to run your business needs to be protected, whether your IT
staff builds it or whether you buy it. Unfortunately, any application may contain holes, or
vulnerabilities, those attackers can use to infiltrate your network. Application security
encompasses the hardware, software, and processes you use to close those holes.

Behavioural analytics
To detect abnormal network behaviour, you must know what normal behaviour looks
like. Behavioural analytics tools automatically discern activities that deviate from the norm.
Your security team can then better identify indicators of compromise that pose a potential
problem and quickly remediate threats.

Email security
Email gateways are the number one threat vector for a security breach. Attackers use
personal information and social engineering tactics to build sophisticated phishing campaigns
to deceive recipients and send them to sites serving up malware. An email security
application blocks incoming attacks and controls outbound messages to prevent the loss of
sensitive data.

Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted outside
networks, such as the Internet. They use a set of defined rules to allow or block traffic. A
firewall can be hardware, software, or both. Cisco offers unified threat management (UTM)
devices and threat-focused next-generation firewalls.

Intrusion prevention systems

An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the progression of
suspect files and malware across the network to prevent the spread of outbreaks and
reinjection.

Mobile device security

 Cybercriminals are increasingly targeting mobile devices and apps. Within the next 3
years, 90 percent of IT organizations may support corporate applications on personal mobile
devices. Of course, you need to control which devices can access your network. You will also
need to configure their connections to keep network traffic private.

Network segmentation
Software-defined segmentation puts network traffic into different classifications and
makes enforcing security policies easier. Ideally, the classifications are based on endpoint
identity, not mere IP addresses. You can assign access rights based on role, location, and
more so that the right level of access is given to the right people and suspicious devices are
contained and remediated.

Security information and event management

SIEM products pull together the information that your security staff needs to identify
and respond to threats. These products come in various forms, including physical and virtual
appliances and server software.

Web security
A web security solution will control your staff’s web use, block web-based threats,
and deny access to malicious websites. It will protect your web gateway on site or in the
cloud. "Web security" also refers to the steps you take to protect your own website.

Wireless security

Wireless networks are not as secure as wired ones. Without stringent security
measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including
the parking lot. To prevent an exploit from taking hold, you need products specifically
designed to protect a wireless network.

1.5 AUTHENTICATION METHODS

With the rapid development of Wi-Fi conversation networks and e-commerce

applications akin to e-banking, transaction-oriented application, protecting customers’
anonymity in the safety-valuable functions could be very critical. Within the contemporary
years, several transactions for cellular devices exist on the web or Wi-Fi networks due to the
portability of the cellular contraptions similar to laptops, shrewd playing cards and wise
telephones. In a patron server atmosphere, the authentication schemes are the depended on
add-ons in an effort to shield the touchy expertise towards a malicious adversary by way of
providing variety of services equivalent to user credentials privateness, comfy mutual
authentication, and SK protection. In the true-life functions, two-factor authentication (the
password together with a wise card) turns into a easy approach for authentication in
protection-valuable applications comparable to e-banking, e-tailing and e-well-being services.

Password Authentication Method

Smart- card-cantered password authentication is likely one of the most handy and
typically used two-factor authentication mechanisms. This technology has been greatly
deployed in quite a lot of varieties of authentication applications which incorporate far off
host login, on-line banking and entry manipulate of constrained vaults, activation of
protection contraptions, and lots of extra. A sensible-card situated password authentication
scheme includes a server S and a customer A (with identity IDA). In the beginning, S
securely issues a smart-card to A with the wise-card being personalized with admire to IDA
and an initial password. This segment is referred to as the registration segment and is applied
best as soon as for each customer. In a while, A can access S within the login-and-
authentication phase, and this section will also be implemented as commonly as wanted.
Nonetheless, in this section, there could have more than a few sorts of passive and active
adversaries in the communication channel between A and S. They may be able to eavesdrop
messages and even alter, dispose of or insert messages into the channel. The protection
intention of the scheme in this segment is to be certain mutual authentication between A and
S. In detailed, the purchaser is required to each have the sensible-card and comprehend the
password with a purpose to carry out the wise-card-established password authentication
effectively with server S. In other words, the scheme must furnish two-factor authentication.
There are any other necessities/residences that are fascinating in observe. For
instance, A could want to exchange password occasionally. Conventionally, this requires A to
have interaction with S and S has to keep a password database for its purchasers. In this
paper, we recommend the thought of letting a change the password at will without interacting
with or notifying S (at the same time making certain two-factor authentication), and also
casting off any password database on the server side. Beneath are the reasons. Lots of the
present methods require the server to keep a database for the passwords or derived values of
the passwords of its purchasers. The derived values of the passwords may also be received
through using a password-founded KDF (key derivation operate) which takes a password and
a known random price called salt and practice a hash operate or a block cipher for a number
of iterations. Nevertheless, this procedure not simplest introduces scalability concern to the
server but also makes the systems suffer from disastrous loss when the server is compromised
and the password database is stolen via adversaries.
Present programs also undergo from other skills security vulnerabilities. One
outstanding difficulty is safety towards offline guessing attack (often referred to as offline
dictionary assault). The reason of offline guessing attack is to compromise a customer’s
password through exhaustive search of all possible password values. In a password-
established atmosphere, passwords are viewed to be brief and human memorizable, and the
corresponding password house is so small that an adversary is in a position to enumerate all
possible values within the area within some cheap period of time. For example, most of the
ATM deployments use PINs (personal identification numbers) of simplest fthis to 6 digits
long, so the password space has no a couple of million possible values. Hence, an additional
security requirement for wise-card-established password authentication is security towards
offline guessing attack. In particular, compromising a patron’s sensible-card must not allow
an adversary to launch offline guessing attack in opposition to the patron’s password. In
observe the adversary may just steal the wise-card and extract the entire information stored in
it through reverse engineering. This concept is paying homage to password-founded
authentication protocols.
The difference is that for password-situated authentication protocols, the focal point is
on stopping adversaries from getting any useful know-how about the password from the
transcripts of protocol runs under the idea that the 2 speaking parties should not
compromised, at the same time for intelligent-card-headquartered password authentication
schemes, we extra require that the consumer’s password will have to stay relaxed even after
the client’s clever-card is compromised.
 CHAPTER 2
LITERATURE SURVEY

2.1 Title: Secure three-factor user authentication scheme for renewable-energy-based

smart grid environment.

Authors: Wazid, Mohammad, Ashok Kumar Das, Neeraj Kumar, and Joel JPC
Rodrigues.

Propose a new efficient Three-factor User Authentication Scheme for a Renewable

Energy based Smart Grid environment (TUASRESG), which uses the lightweight
cryptographic computations such as one-way hash functions, bitwise XOR operations and
elliptic curve cryptography (ECC). The detailed security analysis shows the robustness of
TUAS-RESG against various well-known attacks. Moreover, TUAS-RESG provides superior
security with additional features, such as dynamic smart meter addition, flexibility for
password and biometric update, user and smart meter anonymity, and untraceability as
compared to other related existing schemes.

Here describe a new three-factor lightweight authentication protocol for renewable

energy based smart grid environment (TUAS-RESG), where a user Ui and a smart meter SMj
authenticate each other in the network. After successful mutual authentication between Ui
and SMj , boths entities will establish a session key SKij for their future secure
communications. The three factors used in TUAS-RESG are: 1) mobile device MDi of a user
Ui ; 2) password PWi of Ui ; and 3) biometrics BIOi of Ui . TUAS-RESG contains the six
phases: 1) pre-deployment; 2) offline user registration; 3) login; 4) authentication and key
agreement; 5) password and biometric update; and 6) dynamic smart meter addition. The
notations listed in Table I are used for describing and analyzing TUAS-RESG. The security
of TUAS-RESG is thoroughly analyzed, and it shows that TUAS-RESG has the ability to
defend various known attacks. In addition, TUAS-RESG supports additional functionality
features, such as password and biometric update phase, and smart meter addition phase.
Moreover, TUASRESG provides better trade-off among security, functionality features, and
communication and computation costs as compared to other schemes.

2.2 Title: Detection of node capture attack in wireless sensor networks.

Authors: Agrawal, Sarita, Manik Lal Das, and Javier Lopez.

Present a novel approach of program integrity verification (PIV) protocol to detect

whether a node is captured. The cluster head equipped with trusted platform module (TPM)
verifies by comparing the program memory content of the sensor node before and after
capture. The proposed TPM-enabled PIV (TPIV) protocol uses dynamically computed hash-
based key and pseudorandom function for detection of a captured node in the network. The
security analysis of the TPIV protocol reveals that the probability of a node capture attack
victim eluding the PIV and leaking the secret of any noncaptured node is negligible. The
proposed TPIV protocol can detect the captured node even in the presence of a strong
adversary capable of putting additional memory to elude the PIV.

The TPIV protocol is executed with following three phases: system setup, monitoring,
and authentication and code verification. In the system setup phase, the nodes and cluster
heads are configured and deployed in the network. Monitoring phase is a continuous process
in which a cluster head monitors the transmission of the nodes within its cluster to detect the
unusual absence of a node from the network. During the authentication and code verification
phase, a verifying server and the suspect node mutually authenticate each other and then the
verifier checks the program integrity of the suspect node.
 The proposed TPIV protocol relies on the strength of cryptographic hash function and
is capable of securely and efficiently detecting the node capture attack in the presence of an
active adversary capable of putting additional memory in the node when captured. TPIV
ensures that only an authorized verifier can execute the verification. Through experimental
results it is proved that the protocol does not allow a victim node to elude the verification
process. Moreover, the protocol prevents a captured node from revealing the secrets of other
nodes. With TPM-enabled verifier sealing the program code of nodes, the protocol does not
reveal node program code on verifier compromise. As evident from the performance analysis
and simulation results, in comparison to the pure software-based protocols, TPIV provides
additional security with significant reduction in communication, computational, and storage
overhead on the nodes.

2.3 Title: Lightweight and practical anonymous authentication protocol for RFID
systems using physically unclonable functions.

Authors: Gope, Prosanta, Jemin Lee, and Tony QS Quek.

Propose a lightweight privacy-preserving authentication protocol for RFID system by

considering ideal PUF environment. Subsequently, we introduce an enhanced protocol which
can support the noisy PUF environment. It is argued that both of our protocols can overcome
the limitations of existing schemes, and further ensure more security properties. First propose
a novel privacy preserving authentication protocol for RFID systems in ideal PUF
environments, which can deal with several security issues including the physical attacks.
Then, present enhanced protocol which can be used in the noisy PUF environments.
Subsequently, evaluate the security of the proposed schemes through the formal analysis.
Finally, demonstrate the performance of proposed protocols by comparing to that of other
existing PUF-based authentication protocols for RFID.

If there is any failure in the validation process of the aforementioned steps, then this
phase of the proposed authentication scheme will be terminated. On the other hand,
successful completion of this phase indicates that both T and S mutually authenticate each
other. Besides, it should be noted that, to ensure higher degree of privacy in the proposed
authentication protocol, the server needs to maintain the secrecy of the stored information.
 Proposed ideal PUF-based scheme can satisfy all the important required security
requirements of the RFID system, while other proposed protocols for the same environment
cannot guarantee several security requirements. For instance, none of the ideal PUF-based
existing schemes can ensure forward secrecy with the resistance of DoS attacks. Besides,
even though these schemes are based on PUF, they are still vulnerable to physical attacks
since a tag needs to store all required security credentials (i.e., secret key). Therefore, by
intelligent side-channel attacks, the attacker can easily access those secret credentials stored
in the RFID device. Then, the attacker can easily trace back all the previous communications
of the tag as the existing schemes cannot ensure forward secrecy. Furthermore, in the existing
schemes, the backend server needs to do exhaustive search to identify the tag, which makes
those schemes not scalable.

2.4 Title: A new efficient chaotic maps based three factor user authentication and key
agreement scheme.

Authors: Han, Lidong, Qi Xie, Wenhao Liu, and Shengbao Wang.

Propose a three-factor remote user authentication and key agreement scheme using
chaotic maps. In the proposed scheme, we employ a fuzzy extractor of biometric and chaotic
map as main techniques to implement the authentication scheme. It is important that both
parties will communicate some secret messages after the successful authentication process.
The session key should be encrypted to provide the confidentiality and secrecy of transmitted
data, e.g. online money transfer or secure-order placement. For providing this confidentiality
a shared-session key is required, Ui and S will need to perform some other means of
generating and sharing the session key, which will undoubtedly create computational, and
communication overhead and delay in the process.

The password change phase is not efficient to identify wrong input. When a user
enters the incorrect password, the smart card does not verify the correctness of password and
processes the password change request. However, a user could inputs a wrong password as
human may sometimes forget the password or commit some mistake. This may cause the
denial of service scenario where a user will no longer communicate with server using the
same smart card. The new scheme is secure against various attacks including password
guessing attack, replay attack, user impersonation attack, server spoofing attack, denial of
service attack. In proposed scheme, we employ fuzzy extractor and Chebyshev chaotic maps
to construct the authentication scheme. Therefore, the proposed scheme is suitable for
deployment in various low-power smart cards, in particular, the mobile computing networks.

2.5 Title: Comments on “An improved secure and efficient password and chaos-based
two-party key agreement protocol

Authors: Chen, Chien-Ming, Weicheng Fang, King-Hang Wang, and Tsu-Yang Wu.

Propose a secure two-party password-based authenticated key exchange protocol by

utilizing the semi-group property of the Chebyshev chaotic maps. In a pure password-based
protocol, it is impossible to authenticate a client in one step. If it is even possible, the attacker
can always replay this message to get himself be authenticated by the server. Moreover, the
attacker can launch an off-line password attack by |D| times of effort a honest server needs to
recover a correct password. Therefore, the message validation needs to be postponed in a
later step in order to make it secure. In addition, a verification message should contain some
more unknown messages to an attacker other than just a password. For instance a verification
message H(a||b||c||PW) where a, b, c were sent over the network or can be calculated using
messages sent over the network, this verification message is vulnerable against a password
guessing attack. Now give a quick patch to the protocol which can be compatible to the
protocol itself, which allows systems already running this protocol to survive until the
reimplementation of systems. Each user shall receive a at least 64-bits-long one-time
password (OTP) from the server whenever he or she desires to login to the system. It can be
possibly delivered via mobile phones or other secure channels. The PW needs to be entered
by the user becomes both of the memorable password and the OTP received. This protocol
would be secure if the OTP is never known to the attacker. If an OTP is revealed to the
attacker, the memorable password would still be guessable. Yet, in the next login session a
new OTP will be sent to the user and so the attacker would still be impossible to impersonate
a client.

CHAPTER 3
SYSTEM ANALYSIS

3.1 EXISTING SYSTEM

Present programs also undergo from other skills security vulnerabilities. One
outstanding difficulty is safety towards offline guessing attack (often referred to as offline
dictionary assault). The reason of offline guessing attack is to compromise a customer’s
password through exhaustive search of all possible password values. In a password-
established atmosphere, passwords are viewed to be brief and human memorizable, and the
corresponding password house is so small that an adversary is in a position to enumerate all
possible values within the area within some cheap period of time. For example, most of the
ATM deployments use PINs (personal identification numbers) of simplest 4 to 6 digits long,
so the password space has no a couple of million possible values. Hence, an additional
security requirement for wise-card-established password authentication is security towards
offline guessing attack. In particular, compromising a patron’s sensible-card must not allow
an adversary to launch offline guessing attack in opposition to the patron’s password. In
observe the adversary may just steal the wise-card and extract the entire information stored in
it through reverse engineering. This concept is paying homage to password-founded
authentication protocols.

3.2 DISADVANTAGES
• Key exchange scheme provides low community and high computation complexity.

• Running time of the client is about ten times of that at the server end.

• Guessing attack and Online dictionary attack can be occurred.

• SMS based OTP only provide for current transactions, difficult to know the specific
persons.

3.3 PROPOSED SYSTEM

The proposed scheme is implementing on a combination of the concept of multilevel

password security and the multi user access in ATM application. Multi users can share the
same account with individual face image verification process. The user has to type the
account number and password for first level verification, if failing to login they have to enter
it again. Users only need to capture their face image using web camera. The ATM server
matches the face image with the one stored on the database (the template). Along with normal
OTP system, an additional face image verification to ensure tight security. If every entered
detail is correct then user continues with face verification process then PIN is verified using
Bright Pass system. If registered user is verified the face then an OTP (one time password) is
being sent to the customer’s phone. Now the customer has to enter this OTP, if the entered
reverse OTP is correct he/she can just proceed with the transaction. A hybrid keyboard
method is implementing to address the problem of shoulder-surfing attacks on authentication
schemes. This is a PIN-based authentication method that operates on touch screen devices.
Hybrid keypad uses the technique to blend two keypads with different digit orderings in such
a way, that the user who is close to the device is seeing one keypad to enter the PIN, while
the attacker who is looking at the device from a bigger distance is seeing only the other
keypad. Based on this analysis, it seems practically almost impossible for a surveillance
camera to capture the PIN of a smartphone user when hybrid keypad is in use. This method is
implemented in a banking application. The hybrid keypad will be enabled when the PIN is
entered while login into the application.

3.4 ADVANTAGES

• Computational cost and processing time are low.

• Text passwords combined with face biometric enhance the security of user access in
ATM application.
• Face verification provides complete security of the proposed method.
• Overcome the guessing attacks and dictionary attacks.
• No need to implement additional sensors.
• SMS alert to know about transactions details up to date.

CHAPTER 4

SYSTEM REQUIREMENTS

4.1 SOFTWARE REQUIREMENTS

 Operating system : Windows OS

 Front End : C#.NET
 Back End : SQL SERVER
 Application : Windows Application
 Tool : Visual Studio 2010

4.2 HARDWARE REQUIREMENTS

 Processor : Dual core processor 2.6.0 GHZ
 RAM : 2 GB
 Hard disk : 160 GB
 Compact Disk : 650 Mb
 Keyboard : Standard keyboard
 Monitor : 15 inch color monitor

CHAPTER 5
SOFTWARE DESCRIPTION

5.1 OVERVIEW OF VISUAL STUDIO .NET

VB.NET stands for Visual Basic.NET, and it is a computer programming language developed
by Microsoft. It was first released in 2002 to replace Visual Basic 6. VB.NET is an object-
oriented programming language. This means that it supports the features of object-oriented
programming which include encapsulation, polymorphism, abstraction, and inheritance.

Visual Basic .ASP NET runs on the .NET framework, which means that it has full access to
the .NET libraries. It is a very productive tool for rapid creation of a wide range of Web,
Windows, Office, and Mobile applications that have been built on the .NET framework.
The language was designed in such a way that it is easy to understand to both novice and
advanced programmers. Since VB.NET relies on the .NET framework, programs written in
the language run with much reliability and scalability. With VB.NET, you can create
applications that are fully object-oriented, similar to the ones created in other languages like
C++, Java, or C#. Programs written in VB.NET can also interoperate well with programs
written in Visual C++, Visual C#, and Visual J#. VB.NET treats everything as an object.

It is true that VB.NET is an evolved version of Visual Basic 6, but it's not compatible with it.
If you write your code in Visual Basic 6, you cannot compile it under VB.NET.

Visual Studio .Net is the fast application improvement device for BASIC. Visual Studio .Net
offers complete mix with ASP.NET and empowers to move and customize server controls
and outline Web Forms as they ought to show up when client sees them. A percentage of
alternate points of interest of making BASIC applications in Visual Studio .Net are

 Visual Studio .Net is a Rapid Application (RAD) apparatus. Rather than adding every
control to the Web Form automatically, it serves to include these controls by utilizing tool
stash, sparing programming endeavors.

 Visual Studio .Net backings custom and composite controls. Can make custom
controls that embody a typical usefulness that may need to use in various applications.

 Visual Studio .Net makes a glorious showing of rearranging the creation and
utilization of Web Services. Mush of the software engineer neighborly stuff (making all the
XML-based reports) happens consequently, without much exertion on the developer's side.

 A characteristic based writing computer program is an effective idea that empowers

Visual Studio .Net to mechanize a considerable measure of software engineer unpleasant
assignments.

5.1.1 .NET programming dialects

The .NET Framework gives an arrangement of instruments that assistance to assemble code
that works with the .NET Framework, Microsoft gives an arrangement of dialects that are as
of now .NET perfect. Fundamental is one of those dialects.

The following reasons make VB.Net a widely used professional language −

  Modern, general purpose.

 Object oriented.

 Component oriented.

 Easy to learn.

 Structured language.

 It produces efficient programs.

 It can be compiled on a variety of computer platforms.

 Part of .Net Framework.

5.1.2 VB.NET Features

VB.NET comes loaded with numerous features that have made it a popular programming
language amongst programmers worldwide. These features include the following:

 VB.NET is not case sensitive like other languages such as C++ and Java.
 It is an object-oriented programming language. It treats everything as an object.
 Automatic code formatting, XML designer, improved object browser etc.
 Garbage collection is automated.
 Support for Boolean conditions for decision making.
 Simple multithreading, allowing your apps to deal with multiple tasks simultaneously.
 Simple generics.
 A standard library.
 Events management.
 References. You should reference an external object that is to be used in a VB.NET
application.
 Attributes, which are tags for providing additional information regarding elements
that have been defined within a program.
 Windows Forms- you can inherit your form from an already existing form.

5.1.3 Advantages of VB.NET

The following are the pros/benefits you will enjoy for coding in VB.NET:
  Code will be formatted automatically.
 Use object-oriented constructs to create an enterprise-class code.
 Can create web applications with modern features like performance counters, event
logs, and file system.
 Can create your web forms with much ease through the visual forms designer. You
will also enjoy drag and drop capability to replace any elements that you may need.
 Can connect your applications to other applications created in languages that run on
the .NET framework.
 Will enjoy features like docking, automatic control anchoring, and in-place menu
editor all good for developing web applications.

5.2 ASP.NET ENVIRONMENT

Dynamic Server Pages were discharged by Microsoft to empower the formation of element
pages taking into account client information and cooperation with a Web website. ASP.NET
enhances the first ASP by giving code-behind. With ASP.NET and code-behind, the code and
HTML can be isolated.

ASP.NET Web administrations are XML-construct benefits that are presented with respect to
the Internet that can be gotten to by other Web administrations and Web administration
customers.

ASP.NET is more than the following form of Active Server Pages (ASP); it is a brought
together Web advancement stage that gives the administrations important to designers to
fabricate undertaking class Web applications. While ASP.NET is to a great extent sentence
structure perfect with ASP, it likewise gives another programming model and foundation for
more secure, versatile, and stable applications.

ASP.NET is an assembled, .NET-based environment; you can creator applications in any

.NET perfect dialect, including VisualBasic.NET, BASIC, and JScript.NET. Furthermore, the
whole .NET Framework is accessible to any ASP.NET application. Engineers can
undoubtedly get to the regale of these advances, which incorporate oversaw normal dialect
runtime environment, sort wellbeing, legacy, et cetera.
ASP.NET has been intended to work consistently with WYSIWYG HTML editors and other
programming instruments, including Microsoft Visual Studio .NET. Does this make Web
improvement simpler, as well as gives every one of the advantages that these apparatuses
bring to the table, including a GUI that designers can use to drop server controls onto a Web
page and completely coordinated investigating backing. Engineers can browse the
accompanying two elements when making a " ASP.NET application, Web Forms and Web
administrations, or consolidate these in any capacity they see fit.

 Web Forms permits you to assemble intense structures based Web pages. At the point
when building these pages, you can utilize ASP.NET server controls to make normal Ul
components, and system them for basic assignments. These controls permit you to quickly
assemble a Web Form out of reusable implicit or custom segments, rearranging the code of a
page.

 An XML Web administration gives the intends to get to server usefulness remotely

5.2.1 FEATURES

 Intuitive C++ based Language

Utilize a dialect displayed on C++ linguistic structure, instantly commonplace to C++ and
Java designers, and also natural new dialect builds that incredibly streamline advancement
errands

 Reliable Interoperability

Utilize code to call local Windows APIs, use pre-constructed COM parts, and influence
existing ActiveX controls to flawlessly coordinate existing applications and segments.

 Advanced, Component-Oriented Language

 Exploit inborn backing for properties, indexers, delegates, single and

multidimensional clusters, propelled legacy, traits, forming, and XML remarks.
 Capable Debugging and Testing Tools

ASP .NET incorporates a capable remote and multi-dialect debugger, empowering engineers
to test applications and fabricate solid multi-level arrangements that compass process limits
and are composed in different programming dialects.

Net framework class library

Addition experienced and capable, constructed in usefulness, including a rich arrangement of

accumulation classes, systems administration bolster, multithreading bolster, string and
customary expression classes, and wide backing for XML, XML patterns, XML namespaces,
XSLT, XPath, and SOAP.

Powerful Web Development Environment:

Make Web-based arrangements in C# utilizing the mutual Web Forms Designer and XML
Designer. Engineers can likewise utilize IntelliSense elements and label finish or pick the
WYSIWYG manager for move and customize creating to construct intelligent Web
applications.

. NET Framework

Microsoft planned VB from the beginning to exploit its new .NET Framework. The .NET
Framework is comprised of four sections, the Common Language Runtime, an arrangement
of class libraries, an arrangement of programming dialects, and the ASP.NET environment.
The .NET Framework was composed on account of three objectives. In the first place, it was
planned to make Windows applications considerably more solid, while likewise furnishing an
application with more prominent level of security.

Second, it was proposed to improve the advancement of Web applications and

administrations that work in the conventional sense, as well as on cell phones too. Finally, the
structure was intended to give a solitary arrangement of libraries that would work with
various dialects. The .NET Framework is the base for the new Microsoft .NET Platform.
Furthermore, it is a typical situation for building, conveying, and running Web applications
and Web Services. The .NET Framework contains a typical dialect runtime and basic class
libraries - like ADO .NET, ASP .NET and Windows Forms - to give propelled standard
administrations that can be coordinated into a mixed bag of PC frameworks. The .NET
Framework gives a component rich application environment, streamlined improvement and
simple mix between various diverse advancement dialects. The .NET Framework is dialect
nonpartisan. At present it bolsters C++, C#, Visual Basic, and Jscript. Microsoft's Visual
Studio.NET is a typical advancement environment for the new .NET Framework.

Coordinating with IIS

IIS is the web server is utilized here. IIS 5.0 or above is key for the ASP.NET for the earth.
This arrival of ASP.NET uses IIS 5.0 as the priKim host environment. IIS dependably accept
that an arrangement of accreditations maps to a Windows NT record and uses them to verify
a client. There are three various types of validation accessible in IIS 5.0: BASIC, DIGEST,
and INTEGRATED WINDOWS Authentication (NTLM or Kerberos). You can choose the
kind of verification to use in the IIS regulatory administrations.

On the off chance that you ask for a URL containing an ASP.NET application, the
solicitation and confirmation data are given off to the application. ASP.NET gives the two
extra sorts of verification depicted in the accompanying table.

Web Service

Web administrations are ostensibly the most energizing and improve elements of Microsoft's.
NET activity and they are liable to significantly influence the way business collaborate
utilizing PC application. Rundown of conceivable Web administrations is as changes as the
rundown of conceivable business opportunities. Web administration would normally perform
a center business administration, for example, client confirmation, Visa approval, valuing a
derivates security, submitting a buy request for a stock or estimating a same-day shipment.

A web administration is a part that performs a capacity or administration. A segment is a bit

of programming that has a very much characterized interface, shrouded internals, and the
ability of being found. By "found" implies that you can figure out what the part' manages
without expecting to see the code inside of it. A segment is like a strategy since we can call it
with contentions that fit an arrangement of parameters, and it has the ability of returning
results.

A web administration might likewise return data to the guest. This administration dwells
some place on the Web and can be gotten to from different areas on the Web. For this
administration to be called, there are various components that must be set up. To start with,
the guest must' know how to call the administration. Second, the call must be made over the
Web. At long last, the “web administration must know how to react”.

Database Management System

A database management system is a software application which is used for managing

different databases. It helps us to create and manage database. With the help of DBMS we
take care following tasks –

1. Data Security

2. Data Backup

3. Manages huge amount of data

4. Data export & import

5. Serving multiple concurrent database requests

6. Gives us a way to manage the data using programming languages.

Types of Databases

There are two types of databases

1. Relational Database

2. Non-relational Database

Non-relational databases:

Data is not organized in form of tables. Data is stored in form of key & value pairs. The
examples of non-relational databases are: JSON & XML.

We cannot interact with non-relational databases using SQL.

Relational Databases:

In relational database, data is organized in form of tables. A table contains rows and columns
of data. Table has a unique key to identify each row of the table. SQL is used to interact with
relational databases.

5.3 SQL SERVER 8.0

SQL stands for Structured Query Language. SQL is the language used to create, edit and
manipulate a database. In other words, SQL is used to manage data held within a relational
database management system (RDBMS).

Because this is a database design series, we will not be working with SQL directly, but will
design our database to work with SQL in the future (once it is completely designed and ready
to be programmed).

SQL is the general language used to communicate with relational database management
systems. This means that we use SQL to communicate to MySQL, Oracle, SQL Server, etc…
So learning about SQL will help you with a lot of different things! A RDBMS takes SQL and
uses it to do something with the database. The SQL can come directly from us hand-typing it
or it can come from another source (such as a PHP script).

Social database frameworks are the most critical database frameworks utilized as a part of the
product business today. A standout amongst the most remarkable frameworks is Microsoft
SQL Server. SQL Server is a database administration framework created and showcased by
Microsoft. It runs solely under Windows NT and Windows 95/98.

 The most critical parts of SQL Server 8 are:

 SQL Server is anything but difficult to utilize.

 SQL Server scales from a portable tablet to symmetric multiprocessor frameworks.

 SQL Server gives information warehousing elements that as of recently have just been
accessible in Oracle and other more costly DBMSs.
A database framework is a general gathering of distinctive database programming segments
and databases containing the parts viz. Database application projects, Front-End segments,
Database administration frameworks, and Databases.

 A database framework must give the accompanying elements:

 A mixture of client interfaces

 Physical information autonomy

 Logical information autonomy

 Query advancement

 Data honesty

 Concurrency control

 Backup and recuperation

 Security and approval

SQL Server is a Relational Database Management System. The SQL Server social dialect is
called Transact-SQL.SQL is resource arranged dialect. This implies that SQL can inquiry
numerous lines from one or more tables utilizing only one announcement. This component
permits the utilization of this dialect at a coherently larger amount than procedural dialects.
Another vital property of SQL is its non-procedurally. SQL contains two sub dialects DDL
and DML.

SQL Server functions as a characteristic augmentation of Windows NT and windows

95/98.SQL Server is generally simple to oversee through the utilization of a graphical
registering environment for each undertaking of framework and database organization. SQL
Server uses administrations of Windows NT to offer new or expanded database capacities, for
example, sending and accepting messages and overseeing login security.

The SQL Server chairman's essential device for connecting with the framework is Enterprise
Manager. The Enterprise Manager has two primary purposes: Administration of the database
server and Management of database items.
 SQL Server Query Analyzer gives a graphical presentation of the execution
arrangement of a question and a programmed segment that recommends which list ought to
be utilized for a chose inquiry. This intelligent segment of SQL Server performs the
assignments like:

 Generating and executing Transact-SQL explanations

 Putting away the produced Transact-SQL explanations in a document

 Analyzing execution gets ready for produced inquiries

 Graphically representing the execution arrangement for a chose question.

A put away method is an exceptional sort of clump written in Transact-SQL utilizing the
SQL dialect and SQL augmentations. It is saved money on the database server to enhance the
execution and consistency of monotonous undertakings. SQL Server backings put away
methods and framework techniques. Put away techniques can be utilized for the
accompanying purposes: to control access approval, to make a review trial of exercises in
database tables, to discrete information definition & information control articulations
concerning a database & every single comparing application.

The database article perspective can be utilized for:

 Restricting the utilization of specific sections and lines of tables - that is to control
access to a specific piece of one or more tables,

 To shroud the points of interest of confounded inquiries, to limit embedded &

redesigned qualities to certain extents.

The Query Optimizer is the piece of SQL Server that chooses how to best perform a question.
It creates a few inquiry execution gets ready for the given question & chooses the
arrangement with the most minimal expense.

SQL Server can work in one of two security modes:

 Windows NT

 Mixed
Windows NT security mode solely utilizes Windows NT client records to sign into the SQL
Server framework. Blended mode permits clients to associate with SQL Server utilizing the
Windows NT security framework or the SQL Server framework. Moreover it gives three
security offices to controlling access to database objects:

 Transact-SQL explanations GRANT, DENY, and REVOKE.

 Views.

 Stored methodology

A Windows NT client record or a SQL server login name permits a client to sign into the
SQL server framework. A client who hence needs to get to a database of the framework
needs a database client record to work in the DB. In this manner clients must have a DB
client represent each DB they need to utilize. In the event that there is no such record the
client may be permitted to work in the DB under the visitor account."

Put away methods can likewise be utilized to limit information access. The confinement of
information access utilizing put away methodology is based upon the property that the
consent to execute a put away' strategy is free of any authorization for DB objects that are
referenced by the put away system.

SQL server gives an instrument called a trigger for upholding procedural respectability
requirements.

A DBMS handles 2 sorts of honesty requirements:

 Declarative Integrity limitations characterized utilizing CREATE& ALTER

TABLE articulations.

 Procedural honesty requirements took care of by triggers.

A trigger is an instrument that is conjured when a specific activity happens on a specific

table. Every trigger has 3 general parts:

 A name

 The activity

 The execution
SQL server keeps record of every change it makes to the db amid an exchange. This is
essential in the event that a lapse happens amid the execution of the exchange. For this
situation all already executed explanations inside of the exchange must be moved back. SQL
server keeps every one of these records, specifically the previously, then after the fact values,
in one or more documents called the exchange log. Each DB of the SQL server framework
has its own particular exchange log. Concurrency in multi-client frameworks, for example,
SQL Server has chosen impact of execution. At the point when access to the information is
taken care of such that stand out project at once can utilize the information, preparing
moderates significantly. SQL Server like all different DBMSs takes care of this issue utilizing
exchanges. All announcements inside an exchange manufacture a nuclear unit. This implies
that either all announcements are executed or for the situation of disappointment, all
announcements are wiped out.

5.3.1 Elements of SQL Server

Microsoft SQL Server bolsters a full arrangement of elements that outcome in the
accompanying. SQL incorporates an arrangement of managerial and advancement
instruments that enhance our capacity to introduce, convey, oversee and use SQL Server over
a few locales.

 Adaptability

The same database motor can be utilized crosswise over stages going from smart phones
Microsoft Windows95 to substantial; multiprocessor servers running Microsoft Windows NT,
Enterprise Edition.

 Ease in building information distribution centers

SQL Server incorporates instruments for removing and examining synopsis information for
online investigative preparing (OLAP). SQL Server likewise incorporates apparatuses for
outwardly planning databases and breaking down information utilizing English based
inquiries.

5.3.2 SQL API (SQL Application Programming Interface)

Implanted SQL applications utilize the DB-library DLL to get to SQL server. The SQL
Server ODBC driver clients don't get to Microsoft SQL Server straightforwardly. They utilize
an application kept in touch with access the information in SQL Server. SQL Server can
likewise be gotten to through COM, Microsoft ActiveX, or Windows DNA (Windows
Distributed Internet Applications Architecture) parts. Applications are composed to get to
SQL Server through a database Application Programming Interface (API).

Web Clients

A Web customer comprises of two sections:

 Dynamic Web pages containing different sorts of markup dialect which are created by
Web parts running in the Web level.

 Web program, which renders the pages got from the server.

A Web customer is now and again called a slim customer. Slim customers as a rule don't
question databases, execute complex business guidelines, or associate with legacy
applications.

Within SQL, we have two forms of languages. These forms differ in that one is used to build
and edit the structure of the database while the other is used to create and edit the actual data
within the database. These two languages are known as data definition language and data
manipulation language.

Data Definition Language (DDL)

Data definition language is one of the subcategories of SQL. It is used to define and work
with the database schema (structure). This includes the attributes (columns) within each table,
the name of each table, the name of the database, and the connection of keys between tables.
Here are general explanations of the types of commands in DDL:

CREATE – used to create the database, the tables, and the columns within each table. Within
the create statement we also define the data type of each column. A data type is literally the
type of data we are supposed to store within each column, whether it be an integer, a date, or
a string.
ALTER – used to alter existing database structures. This includes adding columns and more.

RENAME – This is used to…rename.

DROP – This is used to destroy your database or table.

Data Manipulation Language (DML)

Data manipulation language is used to work with the actual data within the database. if we
looked at an example with a users table, the table is created with DDL while the value “Caleb
Curry” is entered using DML.

The main statement in DML are:

SELECT – this is used to select data from our database. We first say SELECT and then we
say what columns to select. After we say what columns, we specify what tables using FROM.
After we select what columns and what tables we can limit our results using a WHERE
clause.

INSERT INTO – This is used to insert new values.

UPDATE – This is used to change values.

DELETE – this is used to delete values (the database structure stays the same, only inserted
values are removed).

5.3.3 HTML

HTML is a markup language for describing web documents (web pages).

 Hyper is the opposite of linear. It used to be that computer programs had to move in a
linear fashion. This before this, this before this, and so on. HTML does not hold to
that pattern and allows the person viewing the World Wide Web page to go anywhere,
any time they want.
 Text is what you will use. Real, honest to goodness English letters.
  Mark up is what you will do. You will write in plain English and then mark up what
you wrote. More to come on that in the next Primer.
 Language because they needed something that started with “ L ” to finish HTML and
Hypertext Markup Louie didn’t flow correctly. Because it’s a language, really but the
language is plain English.

HTML remains for Hyper Text Markup Language. It is a basic content designing dialect used
to make hypertext records. It is a stage free dialect not at all like most other programming
dialect. HTML is impartial and can be utilized on numerous stage or desktop. It is this
component of HTML that makes it mainstream as standard on the WWW.

This adaptable dialect permits the making of hypertext connections, otherwise called
hyperlinks. These hyperlinks can be utilized to unite reports on diverse machine, on the same
system or on an alternate system, or can even indicate purpose of content in the same record.

HTML is utilized for making archives where the accentuation is on the presence of the
record. It is likewise utilized for DTP. The records made utilizing HTML can have content
with diverse sizes, weights and hues. It can also contain graphics to make the document more
effective.

CHAPTER 6
SYSTEM DESIGN
6.1 SYSTEM ARCHITECTURE

System architecture involves the high level structure of software system abstraction, by using
decomposition and composition, with architectural style and quality attributes. A software
architecture design must conform to the major functionality and performance requirements of
the system, as well as satisfy the non-functional requirements such as reliability, scalability,
portability, and availability. System architecture must describe its group of components, their
connections, interactions among them and deployment configuration of all components.

Fig 6.1 System Architecture

6.2 DATA FLOW DIAGRAM

1. The DFD is also called as bubble chart. It is a simple graphical formalism that can be used
to represent a system in terms of input data to the system, various processing carried out on
this data, and the output data is generated by this system.

2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to
model the system components. These components are the system process, the data used by
the process, an external entity that interacts with the system and the information flows in the
system.

3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.

4. DFD is also known as bubble chart. A DFD may be used to represent a system at any level
of abstraction. DFD may be partitioned into levels that represent increasing information flow
and functional detail.

DFD LEVEL 0

Login
Admin

Create ATM Application

Set Hiding PIN System

Add Account Details Database

DFD LEVEL-1
 Login using Password
User

Face Verification

Reverse OTP Verification

PIN Verification using Hiding PIN

Access ATM Application

View Report Database

CHAPTER 7
 SYSTEM IMPLEMENTATION

7.1 MODULE LIST

 User Credentials
 Password Authentication
 Face Image Verification
 Reverse OTP Verification
 Hybrid PIN with Shuffling
 ATM Application

7.2 MODULE DESCRIPTION

User Credentials

Before a user can be authenticated to the system, he has to be registered with the
system for the first time. This step is called registration. So, for a new user, he has to get
registered with a system and then authenticated before he can request services. In a basic
authentication process, a user presents some credentials like user ID and some more
information to prove that the user is the true owner of the user ID. This process is simple and
easy to implement.
 User Register Details

Face Capture

Application Access Data Storage

Password Authentication

Authentication is the process of determining whether a user should be allowed to

access to a particular system or resource. User can’t remember strong password easily and the
passwords that can be remembered are easy to guess. A password authentication system
should encourage strong and less predictable passwords while maintaining memorability and
security. This password authentication system allows user choice while influencing users
towards stronger passwords. In this module we can implement authentication phase. After
registration, user enters into the system using login setting. At first, face image capture and
recognize the face.

Enter Username & Password

User
Login

Password Verification
Pass to
Next Level
Face Image Verification

After registration, user can set password using face capture process. At first, camera is
enabling in system for capture the face. Face identification is a one-to-many matching
process that compares a query face image against all the template images in a face database to
determine the identity of the query face. The identification of the test image is done by
locating the image in the database that has the highest similarity with the test image. Here
feature vector is made from important values of the image from each filter Energy, mean and
standard deviation forming a 40 value feature vector for every image. The input facial
features are matching with database using grassman learning algorithm.

Face Capture
User

Feature Extraction

Face image Classification Database

Reverse OTP Verification

A One Time Password is a string of characters or numbers automatically generated to

be used for one single login attempt. One Time Passwords can be sent to the user’s phone via
SMS is used to protect web-based services, private credentials and data. OTP’s will minimize
the risk of fraudulent login attempts and come in all shapes and sizes, but always add an extra
layer of authentication. The risk of fraud is drastically reduced if the user doesn’t only have
to fill in his user name and password but also needs OTP have to complete the login. Here
user should enter their OTP in reverse order. This will enhance the efficiency compared with
existing OTP based authentication system.
 Get OTP
User

Enter Reverse OTP OTP

Verificatio
n

Hybrid PIN with Shuffling

The User PIN Authentication page enables user to add user PIN records into the
device one at a time. If the details entered matches with the details available, the user will be
allowed to process further transaction. If no match found, the user have to re enter the details
again. PINs are used in secure banking transactions. Hiding Password is process on hiding
numeric digits into digital patterns. While entering the PIN, the keypad will be changed to a
hybrid keypad. The hybrid keypad is a combination of two keypads. Shuffling Patterns is
used for hiding the PINs from unauthorized access. The user entered pin will get hide on
keyboard and that may be shuffled after every authentication process. The digital numbers are
shuffled randomly every time.

Hybrid PIN
User

Enter PIN Number

PIN Verification Database

ATM Application

Users are allowed to access ATM application, when they are completing PIN
verification. Admin has permission to view user details and user transaction details. The user
should select the receiver name and the account number. Then, the amount to be transferred
should be entered. The normal keypad will change to hybrid keypad while entering
transaction password. The transaction details will be reflected in the corresponding accounts.
The logout is used to exit from the application. After closing the session using logout option,
the keypad will get shuffled.

Access Application
User

Make Transaction

Data Update Database

7.3 ALGORITHM
Grassmann algorithm:

Representing the data on Grassmann manifolds is popular in quite a few image and
video recognition tasks. In order to enable deep learning on Grassmann manifolds, this paper
proposes a deep network architecture which generalizes the Euclidean network paradigm to
Grassmann manifolds. In particular, we design full rank mapping layers to transform input
Grassmannian data into more desirable ones, exploit orthogonal re-normalization layers to
normalize the resulting matrices, study projection pooling layers to reduce the model
complexity in the Grassmannian context, and devise projection mapping layers to turn the
resulting Grassmannian data into Euclidean forms for regular output layers. To train the deep
network, we exploit a stochastic gradient descent setting on manifolds where the connection
weights reside on, and study a matrix generalization of backpropagation to update the
structured data. The popular applications of Grassmannian data motivate us to build a deep
neural network architecture for Grassmannian representation learning. For this purpose, the
new network architecture is designed to take Grassmannian data directly as input, and learns
new favorable Grassmannian data that are able to improve the final visual tasks. In other
words, the new network aims to deeply learn Grassmannian data on their underlying
Riemannian manifolds in an endto-end learning architecture. To perform discriminant
learning on Grassmann manifolds, many works embed the Grassmannian into a Euclidean
space. This can be achieved either by tangent space approximation of the underlying
manifold, or by exploiting a positive definite kernel function to embed the manifold into a
reproducing kernel Hilbert space. In both of such two cases, any existing Euclidean technique
can then be applied to the embedded data, since Hilbert spaces respect Euclidean geometry.
For example, first embeds the Grassmannian into a high dimensional Hilbert space, and then
applies traditional Fisher analysis method. Obviously, most of these methods are limited to
the Mercer kernels and hence restricted to use only kernel based classifiers. Moreover, their
computational complexity increases steeply with the number of training samples.

The Grassmann manifold G(m, D) is the set of m-dimensional linear subspaces of the
RD. The G(m, D) is a m(D−m)-dimensional compact Riemannian manifold.

An element of G(m, D) can be represented by an orthonormal matrix Y of size D by

m such that Y = Im, where Im is the m by m identity matrix. For example, Y can be the m
basis vectors of a set of pictures in RD.

However, the matrix representation of a point in G(m, D) is not unique: two matrices
Y1 and Y2 are considered the same if and only if span(Y1) = span(Y2), where span(Y )
denotes the subspace spanned by the column vectors of Y . Equivalently, span(Y1) =
span(Y2) if and only if Y1R1 = Y2R2 for some R1, R2 ∈ O(m). With this understanding, we
will often use the notation Y when we actually mean its equivalence class span(Y ), and use
Y1 = Y2 when we mean span(Y1) = span(Y2), for simplicity.

Formally, the Riemannian distance between two subspaces is the length of the
shortest geodesic connecting the two points on the Grassmann manifold. However, there is a
more intuitive and computationally efficient way of defining the distances using the principal
angles.
 CHAPTER 8
SYSTEM TESTING
8.1 SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality
of components, sub assemblies, assemblies and/or a finished product It is the process of
exercising software with the intent of ensuring that the Software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

8.2 TYPES OF TESTS

8.2.1 Unit testing

Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches
and internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests
perform basic tests at component level and test a specific business process, application,
and/or system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined inputs and
expected results.

8.2.2 Integration testing

Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of
components is correct and consistent. Integration testing is specifically aimed at exposing the
problems that arise from the combination of components.

8.2.3 Functional test

Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user
manuals.

Functional testing is centered on the following items:

Valid Input: identified classes of valid input must be accepted.

Invalid Input: identified classes of invalid input must be rejected.

Functions: identified functions must be exercised.

Output: identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or

special test cases. In addition, systematic coverage pertaining to identify Business process
flows; data fields, predefined processes, and successive processes must be considered for
testing. Before functional testing is complete, additional tests are identified and the effective
value of current tests is determined.

8.2.4 Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be conducted as
two distinct phases.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.

Test objectives

 All field entries must work properly.

 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.

Features to be tested
  Verify that the entries are of the correct format
 No duplicate entries should be allow
 All links should take the user to the correct page.

8.2.5 Integration Testing

Software integration testing is the incremental integration testing of two or more integrated
software components on a single platform to produce failures caused by interface defects.

The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company
level – interact without error.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

Acceptance Testing

User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
 CHAPTER 9
SYSTEM STUDY
SOURCE CODE
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class BankHome : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=G:\NewProject2020-
21\PGproject\JMC\PinFace\IllusionPin\IllusionPin\illusiontb.mdf;Integrated
Security=True;User Instance=True");
SqlCommand cmd;

public BankHome()
{
InitializeComponent();
}

private void BankHome_Load(object sender, EventArgs e)

{

private void textBox4_KeyDown(object sender, KeyEventArgs e)

{
 if (e.KeyCode < Keys.D0 || e.KeyCode > Keys.D9)
{
if (e.KeyCode < Keys.NumPad0 || e.KeyCode > Keys.NumPad9)
{
if (e.KeyCode != Keys.Back)
{
//nonnumberenter = true;
string abc = "Please enter numbers only.";
textBox5.Text = "";

DialogResult result1 = MessageBox.Show(abc.ToString(), "Validate

numbers", MessageBoxButtons.OK);
}
}
}
if (Control.ModifierKeys == Keys.Shift)
{
//nonnumberenter = true;
string abc = "Please enter numbers only.";
DialogResult result1 = MessageBox.Show(abc.ToString(), "Validate numbers",
MessageBoxButtons.OK);

}
}

private void textBox6_Enter(object sender, EventArgs e)

{
string pattern = null;
pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)
+[a-zA-Z]{2,9})$";

if (System.Text.RegularExpressions.Regex.IsMatch(textBox5.Text, pattern))
{
//MessageBox.Show("Valid Email address ");
}
else
{
textBox4.Text = "";

MessageBox.Show("Not a valid Email address ");

}
}

private void dateTimePicker1_ValueChanged(object sender, EventArgs e)

{
int age = DateTime.Today.Year - dateTimePicker1.Value.Year;

textBox3.Text = age.ToString();
 if (age < 18)
{
//MessageBox.Show("Age Limit Low!");
}

private void button1_Click(object sender, EventArgs e)

{

string gender;
if (radioButton1.Checked == true)
{
gender = radioButton1.Text;
}
else
{
gender = radioButton2.Text;
}

cmd = new SqlCommand("select * from regtb where Accno ='" + comboBox1.Text +

"' or UserId='" + textBox9.Text + "' ", con);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

MessageBox.Show("Already Register This userid or Account Number");

}
else
{

dr.Close();

cmd = new SqlCommand("insert into regtb

values(@Accno,@FirstName,@LastName,@Gender,@Dob,@Age,@MobileNo,@Email,@
Address,@AadharNo,@UserId,@Password,@Pin,@Balance)", con);
cmd.Parameters.AddWithValue("@Accno", comboBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", textBox1.Text);
cmd.Parameters.AddWithValue("@LastName", textBox2.Text);
cmd.Parameters.AddWithValue("@Gender", gender);
cmd.Parameters.AddWithValue("@Dob", dateTimePicker1.Text);
cmd.Parameters.AddWithValue("@Age", textBox3.Text);
 cmd.Parameters.AddWithValue("@MobileNo", textBox4.Text);
cmd.Parameters.AddWithValue("@Email", textBox5.Text);
cmd.Parameters.AddWithValue("@Address", textBox6.Text);
cmd.Parameters.AddWithValue("@AadharNo", textBox7.Text);
cmd.Parameters.AddWithValue("@UserId", textBox8.Text);
cmd.Parameters.AddWithValue("@Password", textBox9.Text);
cmd.Parameters.AddWithValue("@Pin", "");
cmd.Parameters.AddWithValue("@Balance", textBox11.Text);

cmd.ExecuteNonQuery();

MessageBox.Show("Record Save!");

Form1 ff = new Form1();

ff.uname = textBox8.Text;
ff.Show();

}
con.Close();

private void button2_Click(object sender, EventArgs e)

{
comboBox1.Text = "";
textBox1.Text = "";
textBox11.Text = "";
textBox2.Text = "";
textBox3.Text = "";
textBox4.Text = "";
textBox5.Text = "";
textBox6.Text = "";
textBox7.Text = "";
textBox8.Text = "";
textBox9.Text = "";

private void userDetailsToolStripMenuItem_Click(object sender, EventArgs e)

{
UserDetails uu = new UserDetails();
 uu.Show();

private void statementinfoToolStripMenuItem_Click(object sender, EventArgs e)

{
Statementinfo ss = new Statementinfo();
ss.Show();
}

private void logoutToolStripMenuItem_Click(object sender, EventArgs e)

{
UserDetails uu = new UserDetails();
uu.Close();

Statementinfo ss = new Statementinfo();

ss.Close();

Home ff = new Home();

ff.Show();
this.Close();

}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class BankHome : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public BankHome()
{
 InitializeComponent();
}

private void BankHome_Load(object sender, EventArgs e)

{

private void textBox4_KeyDown(object sender, KeyEventArgs e)

{
if (e.KeyCode < Keys.D0 || e.KeyCode > Keys.D9)
{
if (e.KeyCode < Keys.NumPad0 || e.KeyCode > Keys.NumPad9)
{
if (e.KeyCode != Keys.Back)
{
//nonnumberenter = true;
string abc = "Please enter numbers only.";
textBox5.Text = "";

DialogResult result1 = MessageBox.Show(abc.ToString(), "Validate

numbers", MessageBoxButtons.OK);
}
}
}
if (Control.ModifierKeys == Keys.Shift)
{
//nonnumberenter = true;
string abc = "Please enter numbers only.";
DialogResult result1 = MessageBox.Show(abc.ToString(), "Validate numbers",
MessageBoxButtons.OK);

}
}

private void textBox6_Enter(object sender, EventArgs e)

{
string pattern = null;
pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)
+[a-zA-Z]{2,9})$";

if (System.Text.RegularExpressions.Regex.IsMatch(textBox5.Text, pattern))
{
//MessageBox.Show("Valid Email address ");
}
else
{
textBox4.Text = "";

MessageBox.Show("Not a valid Email address ");

 }
}

private void dateTimePicker1_ValueChanged(object sender, EventArgs e)

{
int age = DateTime.Today.Year - dateTimePicker1.Value.Year;

textBox3.Text = age.ToString();

if (age < 18)

{
//MessageBox.Show("Age Limit Low!");
}

private void button1_Click(object sender, EventArgs e)

{

string gender;
if (radioButton1.Checked == true)
{
gender = radioButton1.Text;
}
else
{
gender = radioButton2.Text;
}

cmd = new SqlCommand("select * from regtb where Accno ='" + comboBox1.Text +

"' or UserId='" + textBox9.Text + "' ", con);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

MessageBox.Show("Already Register This userid or Account Number");

}
else
{

dr.Close();
 cmd = new SqlCommand("insert into regtb
values(@Accno,@FirstName,@LastName,@Gender,@Dob,@Age,@MobileNo,@Email,@
Address,@AadharNo,@UserId,@Password,@Pin,@Balance)", con);
cmd.Parameters.AddWithValue("@Accno", comboBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", textBox1.Text);
cmd.Parameters.AddWithValue("@LastName", textBox2.Text);
cmd.Parameters.AddWithValue("@Gender", gender);
cmd.Parameters.AddWithValue("@Dob", dateTimePicker1.Text);
cmd.Parameters.AddWithValue("@Age", textBox3.Text);
cmd.Parameters.AddWithValue("@MobileNo", textBox4.Text);
cmd.Parameters.AddWithValue("@Email", textBox5.Text);
cmd.Parameters.AddWithValue("@Address", textBox6.Text);
cmd.Parameters.AddWithValue("@AadharNo", textBox7.Text);
cmd.Parameters.AddWithValue("@UserId", textBox8.Text);
cmd.Parameters.AddWithValue("@Password", textBox9.Text);
cmd.Parameters.AddWithValue("@Pin", "");
cmd.Parameters.AddWithValue("@Balance", textBox11.Text);

cmd.ExecuteNonQuery();

MessageBox.Show("Record Save!");

}
con.Close();

private void button2_Click(object sender, EventArgs e)

{
comboBox1.Text = "";
textBox1.Text = "";
textBox11.Text = "";
textBox2.Text = "";
textBox3.Text = "";
textBox4.Text = "";
textBox5.Text = "";
textBox6.Text = "";
textBox7.Text = "";
textBox8.Text = "";
textBox9.Text = "";
 }

private void userDetailsToolStripMenuItem_Click(object sender, EventArgs e)

{
UserDetails uu = new UserDetails();
uu.Show();

private void statementinfoToolStripMenuItem_Click(object sender, EventArgs e)

{
Statementinfo ss = new Statementinfo();
ss.Show();
}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class BankLogin : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public BankLogin()
{
InitializeComponent();
}

private void button2_Click(object sender, EventArgs e)

{
textBox1.Text = "";
textBox2.Text = "";
int[] array = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
 array = ShuffledArray(array);

foreach (int s in array)

{
Console.WriteLine(s);
}

protected int[] ShuffledArray(int[] myArray)

{
int count = myArray.Length - 1;
int[] newArray = new int[count + 1];

Random rnd = new Random();

var randomNumbers = Enumerable.Range(1, count).OrderBy(i =>
rnd.Next()).ToArray();

int index = 0;
foreach (int i in randomNumbers)
{
newArray[index] = myArray[i];
index++;
}

return newArray;
}

private void button1_Click(object sender, EventArgs e)

{
if (textBox1.Text == "bank" & textBox2.Text == "bank")
{
BankHome ss = new BankHome();
ss.Show();
}
else
{
MessageBox.Show("Username or Password Incorrect!");

}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class Deposit : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public string accno;

string bal;

public Deposit()
{
InitializeComponent();
}

private void Deposit_Load(object sender, EventArgs e)

{

label1.Text = accno;

con.Open();
cmd = new SqlCommand("select * from regtb where Accno='" + accno + "' ", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

bal = dr["Balance"].ToString();

con.Close();
}
 decimal balance, amt;

private void button2_Click(object sender, EventArgs e)

{
balance = Convert.ToDecimal(bal);

if (textBox1.Text != "")
{

amt = Convert.ToDecimal(textBox1.Text);
balance = balance + amt;

cmd = new SqlCommand("update regtb set Balance='" + balance + "' where

Accno='" + accno + "' ", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();

cmd = new SqlCommand("insert into transtb values('" + accno + "','Deposit','" +

accno + "','" + textBox1.Text + "','" + System.DateTime.Now.ToShortDateString() + "')",
con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Deposit Completed!");

}
else
{
MessageBox.Show("Please Enter Deposit Amount!");

}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace IllusionPin
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

private void button1_Click(object sender, EventArgs e)

{
BankLogin bb = new BankLogin();
bb.Show();

private void button3_Click(object sender, EventArgs e)

{

public static Random r = new Random();

public static int number;
private void button4_Click(object sender, EventArgs e)
{
//work
//if (textBox1.Text == "")
//{
// //Response.Write("first enter you count number");

// MessageBox.Show("");
//}
//else
//{
// number = Convert.ToInt32(textBox1.Text);
// List<int> available = new List<int>(number);
// for (int i = 1; i <= number; i++)
// available.Add(i);
// List<int> result = new List<int>(number);
// while (available.Count > 0)
// {
// int index = r.Next(available.Count);
// result.Add(available[index]);
// available.RemoveAt(index);
// }

// listBox1.Items.Clear();
 // for (int i = 0; i < result.Count; i++)
// {
// // Response.Write(result[i] + "-");

// listBox1.Items.Add(result[i].ToString());
// }
//}
}

private void button2_Click(object sender, EventArgs e)

{
UserLogin ll = new UserLogin();
ll.Show();

}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class Illusionpin : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public string id, pass;

public Illusionpin()
{
InitializeComponent();
}
 public static Random r = new Random();
public static int number;
string path =
System.IO.Path.GetDirectoryName(Application.ExecutablePath).ToString();

string s1, s2, s3, s4, s5, s6, s7, s8, s9,s10;

private void Illusionpin_Load(object sender, EventArgs e)

{
string ss = "9";

number = Convert.ToInt32(ss);
List<int> available = new List<int>(number);
for (int i = 0; i <= number; i++)
available.Add(i);
List<int> result = new List<int>(number);
while (available.Count > 0)
{
int index = r.Next(available.Count);
result.Add(available[index]);
available.RemoveAt(index);
}

for (int i = 0; i < result.Count; i++)

{

if (i == 0)
{
pictureBox1.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s1 = result[i].ToString();

}
else if (i == 1)
{
pictureBox2.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s2 = result[i].ToString();

}
else if (i == 2)
 {
pictureBox3.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s3 = result[i].ToString();
}
else if (i == 3)
{
pictureBox4.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s4 = result[i].ToString();
}
else if (i == 4)
{
pictureBox5.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");
s5 = result[i].ToString();
}
else if (i == 5)
{
pictureBox6.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");
s6 = result[i].ToString();
}
else if (i == 6)
{
pictureBox7.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");
s7 = result[i].ToString();
}
else if (i == 7)
{
pictureBox8.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s8 = result[i].ToString();
}
else if (i == 8)
{
pictureBox9.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");

s9 = result[i].ToString();
}
else if (i == 9)
{
pictureBox10.Image = new Bitmap(path + "\\Pin\\" + result[i] + ".png");
s10 = result[i].ToString();
}

private void pictureBox1_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s1;
}
else
{
MessageBox.Show("Four Digit Number Only");

private void pictureBox2_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s2;

}
else
{
MessageBox.Show("Four Digit Number Only");

private void pictureBox3_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s3;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox4_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s4;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox5_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s5;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox6_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s6;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox7_Click(object sender, EventArgs e)

{
 if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s7;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox8_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s8;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox9_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s9;
}
else
{
MessageBox.Show("Four Digit Number Only");

}
}

private void pictureBox10_Click(object sender, EventArgs e)

{

if (textBox1.Text.Length < 4)
{
textBox1.Text = textBox1.Text + s10;
}
else
 {
MessageBox.Show("Four Digit Number Only");

}
}

private void button1_Click(object sender, EventArgs e)

{

private void button2_Click(object sender, EventArgs e)

{

textBox1.Text = "";

private void button1_Click_1(object sender, EventArgs e)

{

con.Open();
cmd = new SqlCommand("select * from regtb where UserId='" + id + "' and
Password='" + pass + "' and pin='" + textBox1.Text + "' ", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

MessageBox.Show("Login Successfully!");
//UserHome uu = new UserHome();
//uu.accno = dr["Accno"].ToString();
//uu.bal = dr["Balance"].ToString();
//uu.Show();

}
else
{
MessageBox.Show("Pin Incorrect!");

}
con.Close();

}
 }
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class Satement : Form
{

public string accno, bal;

SqlConnection con = new SqlConnection(@"Data
Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public Satement()
{
InitializeComponent();
}

private void button1_Click(object sender, EventArgs e)

{
label3.Text = "BALANCE : " + bal;

cmd = new SqlCommand("select * from transtb where date between '" +

dateTimePicker1.Text + "' and '" + dateTimePicker2.Text + "' and Accno='" + accno + "'",
con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;
dataGridView1.Refresh();

private void Satement_Load(object sender, EventArgs e)

{
 // label1.Text = accno;

con.Open();
cmd = new SqlCommand("select * from regtb where Accno='" + accno + "' ", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

bal = dr["Balance"].ToString();

}
else
{

}
con.Close();
}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class Statementinfo : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public Statementinfo()
{
InitializeComponent();
}
 private void Statementinfo_Load(object sender, EventArgs e)
{
cmd = new SqlCommand("select * from transtb", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;
dataGridView1.Refresh();
}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class UserDetails : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public UserDetails()
{
InitializeComponent();
}

private void UserDetails_Load(object sender, EventArgs e)

{
cmd = new SqlCommand("select * from regtb", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;
dataGridView1.Refresh();

}
 private void label12_Click(object sender, EventArgs e)
{

}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class UserHome : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public string accno,bal;

public UserHome()
{
InitializeComponent();
}

private void UserHome_Load(object sender, EventArgs e)

{
label2.Text = accno;

con.Open();
cmd = new SqlCommand("select * from regtb where Accno='" + accno + "' ", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
 bal = dr["Balance"].ToString();

}
else
{

}
con.Close();

decimal balance, amt;

private void button2_Click(object sender, EventArgs e)

{

balance = Convert.ToDecimal(bal);

amt = Convert.ToDecimal(textBox1.Text);

if (balance >= amt)

{
balance = balance - amt;

cmd = new SqlCommand("update regtb set Balance='" + balance + "' where

Accno='" + accno + "' ", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close ();

cmd = new SqlCommand("insert into transtb values('" + accno + "','Transaction','"

+ comboBox3.Text + "','" + textBox1.Text + "','" +
System.DateTime.Now.ToShortDateString() + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Transaction Completed!");
}
else
{
MessageBox.Show("Balance Low");
 }

private void depositToolStripMenuItem_Click(object sender, EventArgs e)

{
Deposit dd = new Deposit();
dd.accno = accno;
dd.Show();

private void withrawToolStripMenuItem_Click(object sender, EventArgs e)

{
Withraw ww = new Withraw();
ww.accno = accno;
ww.Show();

private void satementToolStripMenuItem_Click(object sender, EventArgs e)

{
Satement ss = new Satement();
ss.accno = accno;
ss.Show();

private void logoutToolStripMenuItem_Click(object sender, EventArgs e)

{
Satement ss = new Satement();
ss.Close();

Withraw ww = new Withraw();

ww.Close();

Deposit dd = new Deposit();

dd.Close();

Form1 ff = new Form1();

ff.Show();
this.Close();
}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace IllusionPin
{
public partial class UserLogin : Form
{

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public UserLogin()
{
InitializeComponent();
}

private void button2_Click(object sender, EventArgs e)

{
textBox1.Text = "";
textBox2.Text = "";

private void button1_Click(object sender, EventArgs e)

{

cmd = new SqlCommand("select * from regtb where userid='" + textBox1.Text + "'

and Password='" + textBox2.Text + "'", con);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

Illusionpin ii = new Illusionpin();

ii.id = textBox1.Text;
 ii.pass = textBox2.Text;

ii.Show();

}
else
{

MessageBox.Show("UserName Or Password Incorrect!");

}
con.Close();
}
}
}

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace IllusionPin
{
public partial class Withraw : Form
{
public Withraw()
{
InitializeComponent();
}

SqlConnection con = new SqlConnection(@"Data

Source=.\SQLEXPRESS;AttachDbFilename=D:\Eng
Project\IllusionPin\IllusionPin\illusiontb.mdf;Integrated Security=True;User
Instance=True");
SqlCommand cmd;

public string accno;

string bal;

private void Withraw_Load(object sender, EventArgs e)

{
label1.Text = accno;
 con.Open();
cmd = new SqlCommand("select * from regtb where Accno='" + accno + "' ", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{

bal = dr["Balance"].ToString();

}
else
{

}
con.Close();

decimal balance, amt;

private void button2_Click(object sender, EventArgs e)

{
balance = Convert.ToDecimal(bal);

amt = Convert.ToDecimal(textBox1.Text);

if (balance >= amt)

{
balance = balance - amt;

cmd = new SqlCommand("update regtb set Balance='" + balance + "' where

Accno='" + accno + "' ", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();

cmd = new SqlCommand("insert into transtb values('" + accno + "','Withdraw','" +

accno + "','" + textBox1.Text + "','" + System.DateTime.Now.ToShortDateString() + "')",
con);
con.Open();
cmd.ExecuteNonQuery();
 con.Close();
MessageBox.Show("Withdraw Completed!");
}
else
{
MessageBox.Show("Balance Low");

}
}
}
}

CHAPTER 10
SCREENSHOTS
 CHAPTER 11
CONCLUSION

The main goal and importance of the ATM system using face image is to provide
security. ATM system using fingerprint is secure, but it still has some demerits. To overcome
the challenges of the technology it can be combined with more secure features. In this project
we are using biometric security measure in the ATM system. The proposed system explains a
hybrid keypad is implemented in a ATM application. The main goal of our work was to
design a PIN-based authentication scheme that would be resistant against shoulder surfing
attacks. To this end, we created Illusion PIN. The proposed system has quantified the level of
resistance against shoulder-surfing by introducing the notion of safety distance. This means
that even if a person perceives the digits on a hybrid keypad to be equally visible to the digits
on a digital keypad, the distortion in the hybrid keypad is bigger and the visibility index has a
lower value. This is something logical, because when the reference buttons are all same color,
a digit that is even slightly visible is considered a big distortion.

FUTURE ENHANCEMENT
Future work of this project is to propose an android based application for banking
process also implement high secure measurements using Digital PIN based authentication or
Bright Pass based authentication. Also have plan to improve more security to the system with
low computation time and also this have been develop in android application for mobile
based social network access.
REFERENCES

[1] Wazid, Mohammad, Ashok Kumar Das, Neeraj Kumar, and Joel JPC Rodrigues. "Secure
three-factor user authentication scheme for renewable-energy-based smart grid
environment." IEEE Transactions on Industrial Informatics 13, no. 6 (2017): 3144-3153.

[2] Chatterjee, Santanu, Sandip Roy, Ashok Kumar Das, Samiran Chattopadhyay, Neeraj
Kumar, and Athanasios V. Vasilakos. "Secure biometric-based authentication scheme using
Chebyshev chaotic map for multi-server environment." IEEE Transactions on Dependable
and Secure Computing 15, no. 5 (2016): 824-839.

[3] Gope, Prosanta, Jemin Lee, and Tony QS Quek. "Lightweight and practical anonymous
authentication protocol for RFID systems using physically unclonable functions." IEEE
Transactions on Information Forensics and Security 13, no. 11 (2018): 2831-2843.

[4] Han, Lidong, Qi Xie, Wenhao Liu, and Shengbao Wang. "A new efficient chaotic maps
based three factor user authentication and key agreement scheme." Wireless Personal
Communications 95, no. 3 (2017): 3391-3406.

[5] Chen, Chien-Ming, Weicheng Fang, King-Hang Wang, and Tsu-Yang Wu. "Comments
on “An improved secure and efficient password and chaos-based two-party key agreement
protocol”." Nonlinear Dynamics 87, no. 3 (2017): 2073-2075.

[6] Agrawal, Sarita, Manik Lal Das, and Javier Lopez. "Detection of node capture attack in
wireless sensor networks." IEEE Systems Journal 13, no. 1 (2018): 238-247.

[7] Sahar, Bayu Aji, Azel Fayyad Rahardian, and Elvayandri Muchtar. "Fingershield ATM–
ATM Security System using Fingerprint Authentication." In 2018 International Symposium
on Electronics and Smart Devices (ISESD), pp. 1-6. IEEE, 2018.

[8] Al Imran, Md, M. F. Mridha, and Md Kamruddin Nur. "OTP Based Cardless Transction
using ATM." In 2019 International Conference on Robotics, Electrical and Signal Processing
Techniques (ICREST), pp. 511-516. IEEE, 2019.

[9] Munadi, Rendy, Arif Indra Irawan, and Yuman Fariz Romiadi. "Security System ATM
Machine with One-Time Passcode on M-Banking Application." In 2019 International
Conference on Mechatronics, Robotics and Systems Engineering (MoRSE), pp. 92-96. IEEE,
2019.

[10] Dutta, Mithun, Kangkhita Keam Psyche, and Shamima Yasmin. "ATM transaction
security using fingerprint recognition." Am J Eng Res (AJER) 6, no. 8 (2017): 2320-0847.