highly confidential security system - sole survivors - inital release

8/12/2019 Highly Confidential Security System - Sole Survivors - Inital Release

1/34

Highly Confidential Security System Version 1.0 Software Requirements Specification 20-12-2012 Sole Survivors

Sole Survivors | Hindusthan College of Engineering and Technology 1

sole survivors

Highly Confidential Security System

Software Requirements Specification

Version 1.0

Mentor

Mr.R.Jayaraj (Asst. Professor), Department of CSE

Members

Arun Prasath.S - 090105107008Jojy George - 100405107005

Prabhu.E - 100405107013

Vivek Andrew Sha - 090105107121

College - Hindusthan College of Engineering and Technology, Coimbatore 641032

Department - Computer Science and Engineering

State - Tamil Nadu


2/34



Revision History

Date Version Description Author

20-12-2012 1.0 Initial Release Sole Survivors


3/34



Table of ContentsDescription Page No

1. Introduction 4 - 9

1.1 Methodology 4

1.2 Purpose .. .. 5

1.3 Scope . .. 5

1.4 Definitions, Acronyms and Abbreviations .. 6

1.5 References . . 7

1.6 Technologies to be used . . 7

1.7 Tools to be used . . 7

1.8 Overview .. 9

2. Overall Description 9 - 18

2.1 Product Perspective . 9

2.2 Product Functions. 10

2.3 Software Interface . 10

2.4 Hardware Interface . 11

2.5 User Characteristics . 12

2.6 Constraints .. 12

2.7 Assumptions and Dependencies 122.8 Architecture Design . 13

2.9 Use Case Model Survey ... 14

2.10 Database Design .. 15

2.11 ER diagram . 16

3. Specific Requirements 17 - 33

3.1 Use Case Reports . 17

3.2 Activity Diagrams 20

3.3 Sequence Diagrams . 29

4. Supporting Information 34

4.1 Index . 34


4/34



1. Introduction

In day-to-day life it is quite hard to remember all confidential data like Mail Id, Password, bank

account number, Insurance policy number, PAN number, Driving License number, education certificate

Numbers, Some highly value scan copy, some confidential photo, music and videos. Crypto Locker is a

highly secure web application to store all confidential data in single credential.

1.1 Methodology

The Rational Unified Process brings together elements from all of the generic process models,

supports iteration and illustrates good practice in specification and design. The RUP is normally described

from three perspectives:

A dynamic per spective that shows the phases of the model over time

A static perspective that shows the process activities that are enacted

A practi ce perspecti ve that suggests good practices to be used during the process


5/34



Inception

The goal of the inception phase is to establish a business case for the system. Identifying all

external entities that will interact with the system and defining these interactions. This information is used

to assess the contribution of system to business. Elaboration

The goals of the elaboration phase are to develop an understanding of the problem domain,

establish an architectural framework, develop project plan and identify key project risks.

Construction

This phase is concerned with system design, programming and testing. Parts of the system are

developed in parallel and integrated during this phase.

Transition

This is the final phase of RUP and is concerned with moving the system from the developmentcommunity to the user community and making it work in real environment.

1.2 Purpose

Crypto Locker is a web application developed for secure and easy access of data. Crypto Locker

is a useful and convenient application that spares you the trouble of remembering the passwords and

securing the files. This application helps people to store their passwords and various types of files like

photos, music and videos in a secure and efficient manner. The application which we develop here uses

state of the art encryption technology to secure files and access over anywhere in the world using the

internet.

1.3 Scope

There are two basic users Administrator, User.

All users have their own profile in Crypto Locker.

Administrator has an ability to manage the registered user profiles and organize the files stored in

the server.

Administrator has the ability to provide the notification message to the logged users via webpage.

Public peoples are the users used this web application to protect their important details in single

credentials.

Citizens (users) can access their files through internet from anywhere in the world.


6/34



1.4 Definitions, Acronyms and Abbreviations

AJAX - Asynchronous JavaScript and XML is about updating parts of a web page, without reloading the

whole page.

Database platform (DB2) - DB2 Database is the database management system that delivers a

flexible and cost effective database platform to build robust on demand business applications and supports

the J2EE and web services standards.

WASCE - Websphere Application Server Community Edition is an application server that runs and

supports J2EE and web service applications.

UML - Unified Modeling Language is a standard language for writing software blueprints. The UML

may be used to visualize, specify, construct and document

XML - eXtensible Markup Language is a text based format that let developers describe, deliver and

exchange structured data between a range of applications to client for display and manipulation.

JSP - Java Server Pages is used to create dynamic web content.

J2EE - Java 2 Enterprise Edition is a programming platform which is a part of java platform fordeveloping and running distributed java.

HTTP - Hypertext Transfer Protocol is a transaction oriented client/server protocol between web browser

and a Web Server.

HTTPS - Secure Hypertext Transfer Protocol is a HTTP over SSL (secure socket layer).

RAD - Rational Application Developer is a development tool that helps to design web pages and also

helps to design the diagrams like ER, Database schema diagrams and to generate DDL.

WAS (Websphere Application Server) - It is an application server that runs business applications and

supports the J2EE and web services standards.


7/34



SOA: Service-Oriented Architecture is a set of principles and methodologies for designing and

developing software in the form of interoperable services.

1.5 References

IBM TGMC Sample Synopsis.

Software Engineering Theory and Practice (2 nd Edition) - Shari Lawrence Pfleeger

Database Management Systems - Navathe.

Object Oriented Modeling and Design with UML (2 nd Edition) - Michael Blaha, James

Rambaugh.

Java Complete Reference (7 th Edition) Herbert Schildt.

Cryptography and Network Security William Stallings

1.6 Technologies to be used

J2EE : Programming Platform for developing and running distributed Java

AJAX : Updating parts of a web page, without reloading the whole page.

SOA : Set of principles and methodologies for designing and developing software in the form

of interoperable services.

UML : Standard for writing software blueprints, and used to visualize, specify, construct anddocument.

XML : XML is a text based format that let developers describe, deliver and exchange

structured data between a range of applications to client for display and manipulation.

Jasper: Jasper Reports is an open source Java reporting tool that can write to a variety of

targets, such as: screen, a printer, into PDF, HTML, Microsoft Excel, RTF, ODT, Comma-

separated values or XML files.

1.7 Tools to be used

Rational RoseRational Rose is an object-oriented programming (OOP) and unified modeling language (UML)

tool to design enterprise-level software applications and components. It creates visual software

application models under object-oriented principles. Example application models include the creation of

actors, use cases, relationships, entities, etc. It uses classical UML concepts to graphically model software

applications. This facilitates documenting the environment, requirements and overall design.


8/34



Eclipse

Eclipse is a multi-language software development environment comprising an integrated

development environment (IDE) and an extensible plug-in system.

WPS

WPS stands for Wi-Fi Protected Setup and was designed to simplify the process of configuring

security on wireless networks.

Rational Software Architect (RSA)

IBM Rational Software Architect, (RSA) made by IBM's Rational Software division, is a

comprehensive modeling and development environment that uses the Unified Modeling Language (UML)

for designing architecture for C++ and Java 2 Enterprise Edition (J2EE) applications and web services.

Development tool RAD

IBM Rational Application Developer for Web Sphere Software (RAD) is an integrated

development environment (IDE), made by IBM's Rational Software division, for visually designing,

constructing, testing, and deploying Web services, portals, and Java (J2EE) applications.

Websphere Application Server (WAS)

IBM Websphere Application Server (WAS), a software application server, is the flagship product

within IBM's Websphere brand. WAS is built using open standards such as Java EE, XML, and Web

Services.

Web server WASCE

Websphere Application Server Community Edition (from now on WASCE) is a free, certified

Java EE 5 server for building and managing Java applications. It is IBM's supported distribution of

Apache Geronimo that uses Tomcat for servlet container and Axis 2 for web services. Over 15 WASCE

developers are committers in the Apache Geronimo project.

DB2 ( Database 2)

DB2 is a family of relational database products provides an open database environment that runs

on a wide variety of computing platforms. A DB2 database can grow from a small single-user application

to a large multi-user system.


9/34



1.8 Overview

The SRS will include two sections, namely:

Overall Description

This section will describe major components of the system, interconnections, and external

interfaces.

Specific Requirements

This section will describe the functions of actors, their roles in the system and the constraints

faced by the system.

2. Overall Descriptions

2.1 Product Perspective

The Crypto Locker is available for use by the administrator and the user. The administrator and

users will use the webpage as a front end. The browser goes through an http server. Application server

manages the connection between the front end and backend, all types of information and data, that are

necessary for the users are stored in DB2.


10/34



2.2 Product Functions

The Crypto Locker service provides the user interface (UI) to user and administrator for creating

their profiles.

This product has the ability to send the Account verification link to the users mail , while

creating their account.

This product has the abilit y to send Password Reset link to the users mail, if the user forgets

the password for accessing the account.

This product is able to detect the users browsers.

This product provides the users to create the locker facilities for Bank account information,

Music, Video and Image files.

This product allows the registered users to store their important details on a server in an encrypted

format and while downloading, it is automatically decrypted.

This product provides the facility for administrators to generate the reports on users logs in .PDF

and Microsoft Excel formats.

It ask the accounts current password from the user when they want their personal credentials

from our server as a report (PDF and Excel).

2.3 Software Interface

(All users require internet for communication)

Public People (users)

Web browser (any), operating system (any)

Administrator

Web browser (any), operating system (Windows)

Web Server

WASCE, Operating System (Windows)

Data Base Server

DB2, operating system (Windows)

Development End

RAD (J2EE, java, java bean, Servlet, HTML, XML, AJAX) operating system (Windows), Web Sphere

(Web Server)


11/34



2.4 Hardware Interface

2.4.1 Minimum Requirements

Crypto Locker (Server) Processor RAM Disk Space

Storage Space Intel Pentium IV

AMD Athlon (1.8 GHz)

4 GB RAM 5 TB

DB2 9.72 1 GB RAM 1 GB

Users (Public People) Browser Processor RAM

Internet Explorer 7, Firefox 13 with

Flash Plug-ins

Intel Pentium IV AMD

Athlon (1.8 GHz)

1 GB RAM

2.4.2 Recommended Requirements

Crypto Locker (Server) Processor RAM Disk Space

Storage Space Intel Core Family (Any)

AMD Phenom

(2.2 GHz)

8 GB RAM 10 TB

DB2 9.72 2 GB RAM 2 GB

Users (Public People) Browser Processor RAM

Latest Versions of Browsers (any)

Intel Core Family (Any)

AMD Phenom

(2.2 GHz)

2 GB RAM


12/34



2.5 User Characteristics

Both users and administrator on internet will be using HTTP protocol.

Users use the FTP protocol for uploading and downloading the files from or to the server.

Administrator configures the SMTP Server for sending the mail to the user.

2.6 Constraints

GUI is only in English.

Login and password is used for the identification of the user (public people) and administrator.

Limited to HTTP, SMTP and FTP protocol.

Centralized server is used.

2.7 Assumptions and Dependencies

Crypto Locker is a platform independent web application. It is assumed that the client or user

computer has latest browser with JavaScript enabled. In addition, Firefox and Internet Explorer need the

flash plug-ins to play the media files. For configuring the SMTP Server it needs the Linux operating

system with at least kernel version 2.6.30, if server is in windows then it may need Windows Server.

Sending the message (SMS) to the users mainly depends on the network operator.


13/34



2.8 Architecture Design


14/34


15/34



Administrator

Administrator has the ability to manage the registered users profile. Administrator can send the

notification to the logged user about any changes in the service and also clarify the users doubts and

questions about the service.

System

While users are trying to create their account, Crypto System validates the users details and post

the message (success or failure) to them . Server has the ability to send the Password reset link to the

users mail, if the user forgets the password to access their account. It automatically blocks the abuse

users. When users are uploading the file, the system encrypts it by using the algorithm, when the users are

downloading their file, the system decrypts it.

2.10 Database Design


16/34



2.11 ER Diagram


17/34



3. Specific Requirements

3.1 Use Case Reports

3.1.1 Administrator

3.1.1 Use Case Report for Administrator

USECASE DESCRIPTIONRegister The administrator create their account for managing the service Username Verification It checks the provided name with already existing name during registration Sign In The admin can sign in into account and manage the serviceValidate Password The server validates the password and lets the admin use the service Profiles The admin can view their own profile Update Profile The admin can update their own profile in case of any changes

Manage user Profiles The admin can manage the field registered users profilePush Notification The admin can push/send the notification in case of any changesGenerate Reports The admin can able to generate the reports about the service Manage FAQ The admin may clarify the doubts from clients Sign out Logged out from the server


18/34



3.1.2 Public People

3.1.2 Use Case Report for Public People (Users)

USECASE DESCRIPTION

Register Citizens can create their account for using the service Username Verification It checks the provided name with already existing name during registration Sign In The user can sign in into account and use the service Validate Password The server validates the password and lets the user use the service Profiles The user can view his profileUpdate Profile The user can update his current status about the case FAQ The user can able to post and reply their answers in the forum like page View Notifications The user receive the notification message from the administrator Download File The user can download their personal data using the secret keyGenerate Reports The user can generate report from remote location.

Upload File The user can upload their personal data into the server Encryption/Decryption All data can be securely transmitted and received using Encryption algorithm Lockers It includes image, video, music, password and bank account detailsSign out Logged out from the service


19/34



3.1.3 Crypto System

3.1.3 Use Case Report for Crypto System

USECASE DESCRIPTIONEncryption The system encrypts the files from the users disk when he/she want to upload Decryption The system decrypts the files from the server when the user want to download Block abuse user Sever automatically blocks the lazy and abuse users based on the rulesValidate Registration Server Validates the user details and registers it into the database Send Mail Server sends the verification link to the user for the confirmation Send Password Token Server sends the password token in case the user forgets the password


20/34



3.2 Activity Diagrams

3.2.1 User Registration

The user is made to fill all the mandatory fields, each user must choose a unique user name. If theuser has filled a name that is already present in the database, then the user will be prompted to fill in a

different username. After this the user must enter the new password twice. When the user clicks the

submit button the database verifies all the mandatory fields are filled or not. When all the fields are filled

the verification mail is automatically send to users mail, after click the verification link the user is

registered, otherwise the user is made to fill the fields again.

3.2.1 User Registration Activity


21/34



3.2.2 Validate Registration

The user enters the registration details. The system validates the details and if the details are

found invalid the system rejects it else the system sends the verification mail to the user. The user needs

to follow the verification link to complete his registration.

3.2.2 Validate Registration


22/34



3.2.3 Login Activity

The user enters the login credentials. The System validates the login credentials. If the login

credentials are valid then the system detects the type of user. If user is a member then the system redirects

to the members home page. If the user is administrator then the system redirects to the administrators

home page.

3.2.3 Login Activity


23/34



3.2.4 Password Reset

If the user forgets his password then he should click on the Forget password link. Then the system

prompts him to enter his Mail ID. The system validates the Mail ID. If the Mail ID is valid then the

system sends the password reset mail to that Mail ID. If the Mail ID is invalid then the system displays

the error message.

3.2.4 Password Reset Activity


24/34



3.2.5 Public People

The public people (user) can login to the website using a supplied username and password. After

logging in the user can perform several tasks such as generate reports, access lockers, participate in FAQ

center, edit profiles and view the notifications sent from the administrator.

3.2.5 Public People (users) on Web


25/34



3.2.6 FAQ Page

The administrator and the user participate in the FAQ (Discussion forum) for clarifying their

doubts. Both admin and citizen can view the posts and may reply to the post, or may be post the questions

from the remote location.

3.2.6 FAQ


26/34



3.2.7 Access Lockers

A crypto Locker service is provided for the users, who need to store their confidential details in a

single password. To access the lockers first he/she need to enter their Crypto Locker credential to login.

After that he has the ability to open locker and manage that by uploading and downloading the files. He is

also able to generate the reports about their activity for a certain period in a .PDF format documented file.

3.2.7 User Access the Lockers


27/34



3.2.8 Administrator

The administrator login into their accounts home page and manage the overall activity of the

application like user management, own profile management, frequently asked Questions i.e., Discussion

forum management, notifications management and finally generate the reports.

3.2.8 Administrator on Web


28/34



3.2.9 Crypto System

The web application has the automatic controls itself. While registration the server system

validate the user details, if there is any issues then it automatically denies the registration process, and

during the upload, download process encryption and decryption process starts with the help of key

provided by the user. Also it blocks the abuse user to prevent the server from any misbehavior activities.

3.2.9 Server systems Activity


29/34



3.3 Sequence Diagrams

3.3.1 User Registration


30/34



3.3.2 Login Sequence


31/34



3.3.3 Password Reset


32/34



3.3.4 Upload Files


33/34



3.3.5 Download Files


34/34


4. Supporting Information

4.1 Index

AAbbreviations - 6

Acronyms 6

Activity Diagrams 20

Administrator 10, 15

AJAX - 6, 7

Architecture Design - 13

Assumptions - 12

C

Constraints 12

Construction - 5

Crypto Locker - 9

D

Database Design 15

Database platform 6

Development End - 10DB2 - 6, 8

Definitions - 6

Dependencies - 12

Development Tool - 8

E

Eclipse 8

Elaboration - 5

ER Diagram - 16H

Hardware - 11

HTTP - 6

IInception - 5

Interface 10, 11

Introduction - 4

J

J2EE 6, 7

JSP - 6

MMethodology - 4

Minimum Requirements - 11

O

Operating System- 10, 12

Overview 9

Overall Descriptions - 9

P

Product Perspective 9

Product Functions 10

Public People - 14

Purpose - 5

R

RAD - 6

Rational Rose - 7

RSA 8

Recommended - 11

References - 7

SScope - 5

Sequence Diagrams 29

SOA - 7

Software 10

Specific Requirements -9, 17

T

Technologies - 7Tools 7

Transition - 5

U

UML 6, 7

Use Case Model - 14

Use Case Reports 17

User - 14

User Characteristics - 12

W

WASCE 6, 8

WAS 6, 8

WPS 8

Web Server 10

X

XML 6, 7

highly confidential security system - sole survivors - inital release

Documents