Implementation of Authentication Token based user registration and

Access based on One time password for profile search with multi-
notification by email and SMS

Abstract- Any Application where the authentication of the user profile is important
because of the two basic reasons: One where the false registration need to be avoided and
another where to protect the notification by anti spammer application and to protect under
the rule of national do not contact registry compliance is important. The Authentication
token based user registration implementation protect for either issues of false registration
as well as to protect the mass or multi notification against anti-spammer and as well as to
meet the compliance of national do not call regulations. Repository of skill profile for any
application service provider is a very important data set so to access such distributed
applications at multi user location must be protected against any unauthorized access with
compromised password by any means of key logger, virtual key board logger, phishing,
Spyware or password attack etc so user authentication is a most important protocol in a
distribution network. So implementation of One Time Password authentication system
will be implemented. One-Time Verifier Token authentication is a method to reduce the
potential for compromised user credentials. The concept behind One-Time Verifier
Token is that every session initiated by a user generates a unique user credential that is
only valid for that session or for a very short period of time. Even if an attacker is capable
of obtaining this user credential, it may either no longer be valid or be prohibited from
additional use. This Synopsis will highlight the implementation of the strong
implementation of such secure protocols for access to web server. Along with the strong
authentication for access and token based user registration , this project propose a unique
multiple-entity based search engine for the user profile and contacting them by multiple
selection and notifying them by POP and SMTP based email notification by
implementing Java Mail API and Short message Service by GSM based SIM generated
by implementing Java Communication API. And ultimately as a whole the entire
implementation could emerge as an Application Service provider with multi-functional
Server implementation with complete control of application server along with all security
servers with multi-user access based disturbed enterprise application.

1
Keyword: Authentication One-Time Verifier, Java Mail API, Java Communication API
logger, Phishing, Spyware or password

Project Modules:

User Characteristics Based Module:

User Registration module:

It is very important to authenticate the user registration for any web enabled distributed
entire application where the further notification needs to be sent, to meet the
following objectives:

To avoid false registration

To maintain the IP signature for protecting against anti-spammer.
To main the acceptance for further notification by e-mail/SMS to meet the compliance of
National Do not call registry.

Random User ID and Temp Password

user Id and Password Algorithm

Random Token Algorithm

Token
User Registration form E-mail Server
Application Server

SMSC Server

User ID and Password Sent to email Box

Mail Box

Token
Registration
Complete

2
 Figure : 1.0

Subscriber Administration Module:

Subscriber Administration module is implemented to add profile of the subscriber and

control and view on the subscriber.

Administrator

User Account User System- Online Monitoring Publish Online Notice

Creation Settings

Logout

Figure : 2.0

Subscriber Module:
The application is one of the unique authentication based access based on OTP and at the
access to the application, the subscriber can search the profile based on various
parameters. After the search result of the profile it could be saved as searched result by a
name for any further reference. The searched profile can be notified by email or by SMS
either as a single contact of notifying in a group.

3
 User Login Page GSM SMSC Server

New Activation Key generated

Activatio
n
Key
Incorrect Activation Correct Activation Key
Key

Access into User’s Priviledge

Account

Search Save Searched Profile SMS /Email Template Send email/SMS

Profile
Account
Information

Logout

According to Add
functionalities Change Password
Modify
Group email/SMS Single Notice
Delete email/SMS
Contact US

Figure : 3.0

4
Technical Characteristics Based Module:
1. Random number Algorithm based token verifier
2. One-Time Password Algorithm
3. Multiple-factor based profile search engine
4. Multi-selected email and SMS based Notification system

Random
No.
Generation
Database
Authenticate Code Server

Application Server
Workstation-A

Server-1 Server-2
Workstation-B Main Application

Server-3

Workstation-C

User-ID

Workstation-D E-Mail Password SMSC-Server

Figure : 4.0

SYSTEM REQUIREMENT SPECIFICATION

End-Users

1. Minimum Hardware Requirement specification:

a. Intel Pentium III Processor, 2 GB RAMHardisk, 20 GB HDD,CD-ROM
b. GSM Modem: Q24PL002 Series GSM kit, Wavecom

5
 c. LAN/ Internet Connection to Server Machine

d. TCP/IP network for communication between clients and server or

Wireless LAN

2. Software Requirement Specification:

a. Operating System: Windows NT 4.0/2000/XP
b. Programming Tool: J2EE
c. Java Communication API 3.0, Java Mail API
d. IDE: My Eclipse, NetBeans 5.5
e. Application Server: Apache Tomcat (Version 5.5.9)

Reference :

[1] L. Lamport, “Password authentication with insecure communication,”

Communications of the ACM, vol. 24, no. 11, 1981, pp. 770-772.
[2] N. Haller, “The S/KEY one-time password system,” in Proc. Symposium on
Network and Distributed System Security, 1994, pp. 151-157.
[3] A. Biryukov, J. Lano, and B. Preneel, “Cryptanalysis of the alleged secureID
hash function,” in Proc. Selected Areas in Cryptography, 2003.
[4] B. Ross, C. Jackson, N. Miyake, D. Boheh, and J. C. Mitchell, “Stronger
password authentication using browser extensions,” in Proc. USENIX Security
Symposium, Aug. 2005.
[5] J. A. Halderman, B. Walters, and E. W. Felten, “A convenient method for
securely managing password,” in Proc. World Wide Web (WWW) Conference,
May 2005.