angelos barmpoutis [email protected] web-based authentication technique for systems without...
TRANSCRIPT
Angelos Barmpoutis [email protected]
1
Web-based Authentication Technique for Systems
without database Server
Angelos BarmpoutisAristotle University of Thessaloniki
Angelos Barmpoutis [email protected]
2
Introduction
We would like to: Control software access Know the users of a product
• Communication• Commerce
Angelos Barmpoutis [email protected]
3
Techniques
Algorithmic techniques Database server techniques Web-based technique
Angelos Barmpoutis [email protected]
4
Algorithmic technique There is an algorithm that produces
access passwords
• Every user sets a username• A unique registry code is required
Angelos Barmpoutis [email protected]
5
Algorithmic technique Server is not required Network is not required
Algorithm can’t be changed Distance System - User
Angelos Barmpoutis [email protected]
6
Server technique There is a server and a database
with the data of the users
Every user opens an account Users set a password Users can update their data
Angelos Barmpoutis [email protected]
7
Server technique Small distance System-User Real-time procedures
Database server cost Network required
Angelos Barmpoutis [email protected]
8
Web-based technique It is a combination of the algorithmic
and database server techniques
Every user opens an account Small distance System - User There isn’t any database server No database server cost
Angelos Barmpoutis [email protected]
9
Features We don’t want to have a database
server
but… We want every user to open an
account Every user can open an account and
have access every time!
Angelos Barmpoutis [email protected]
10
New user
1. Every new user fills a registry form2. There is a PIN generator algorithm3. Then the user receives an e-mail
with a password
So, every time somebody can open an account
Angelos Barmpoutis [email protected]
11
PIN Generator The algorithm remains stable But input can be changed So we use variable web-file input
We can “change” the algorithm Safer technique
PIN Generator(username string, variables from web-file)
Angelos Barmpoutis [email protected]
12
Entrance algorithm1. A user gives his username-PIN combination. Set
FLAG=false.2. Set this username as input to the Generator algorithm
and generate a temporary PIN. 3. If user PIN = temporary PIN then set FLAG=true and go
to step 6. Else go to step 4. 4. Search a web-placed database file, for a record with the
username-PIN combination. 5. If username-PIN was found then set FLAG=true. 6. Result = FLAG.
Angelos Barmpoutis [email protected]
13
Entrance algorithm
• There is a database web-file• Personal data of users are stored
How? Remember…1. Every new user fills a form2. Receives a password form PINGen.3. Access with username and the PIN
Angelos Barmpoutis [email protected]
14
Update personal data Every user can update his data This isn’t a real-time procedure
Updated data are send by e-mail to the system administrator
Administrator uses an e-mail data collector and updates the database web-files
He is the only person, who changes the database web-files
Angelos Barmpoutis [email protected]
15
Web-based technique An e-mail account is used Few MB space in the web
Users have their account New accounts can be opened and
accessed every time Accounts can be updated Database server isn’t required
Angelos Barmpoutis [email protected]
16
Diagram of technique
Registration form
Username: … Email: …
Submit
Software product
Username: … PIN: …
Enter
Database control
Update web files
User
Administrator
PIN
Form's data
PIN Generator web-file
Database web-file
System Users Software System Web-placed files
Angelos Barmpoutis [email protected]
17
Advantages Small System-User distance Because of account opening Real-time account opening Because of PIN Generator Users can update their personal data Because of using e-mail protocol But… this isn’t a real-time procedure
Angelos Barmpoutis [email protected]
18
Combination of features
Features Algorithmic Database Server
Web-based
User accounts
No Yes Yes
Database server
No Yes No
PIN Generator
Yes No Yes
Web required
No Yes Yes
Angelos Barmpoutis [email protected]
19
Database length / Users
0 Users
Database length
Users Users
Database length
Database length
0 0
a) Algorithmic b) With database c) Web-based
Angelos Barmpoutis [email protected]
20
Uses
Web-based authentication and usercontrolling technique is useful to: Web services e-learning e-commerce Advertising methods Small companies Personal Pages etc
Angelos Barmpoutis [email protected]
21
Example Free music catalog software This software is a multimedia
application with texts, photos, sounds, videos etc
Users are controlled by this web-based technique
Angelos Barmpoutis [email protected]
22
Example
1. A new user sets a username and he fills the registration form
2. He receives an e-mail with a PIN3. He uses the username and PIN to
have access to the system4. He changes his password5. Administrator updates the
database files
Angelos Barmpoutis [email protected]
23
Diagram of technique
Registration form
Username: … Email: …
Submit
Software product
Username: … PIN: …
Enter
Database control
Update web files
User
Administrator
PIN
Form's data
PIN Generator web-file
Database web-file
System Users Software System Web-placed files
Angelos Barmpoutis [email protected]
24
Implementation
PSIFIAK Digital Circuit Designer & Simulatorwww.psifiak.8m.com
Informatics Department of Aristotle University of Thessaloniki uses Psifiak-Digital Circuit Designer and Simulator, for academic purpose, during Digital Circuit Design and Digital Electronics courses.
Angelos Barmpoutis [email protected]
26
Summary Web-based authentication technique
is a combination of the algorithmic and the database server techniques.
There isn’t a database server, we use the e-mail protocol
Many advantages Is useful to free web services, e-
commerce, e-learning, etc.
Angelos Barmpoutis [email protected]
27
References
1. Andrew S. Tanembaum, Computer Networks, 3rd Edition, Prentice-Hall Inc, 1996
2. Raghu Ramakrishnan, Johannes Gehrke, Database Management Systems, The McGraw-Hill Companies Inc, 1998
3. Stallings W., Network and Internetwork Security, Engelwood Cliffs, Prentice-Hall, 1995b
4. Merkle R.C, Fast Software Encryption Functions, Advances in Cryptology-CRYPTO '90 Proceedings, New York, Springer-Verlag, 1991
5. Van Der Linden P, Just Java, Engelwood Cliffs, Prentice-Hall, 1996
Angelos Barmpoutis [email protected]
28
Web-based Authentication Technique for Systems without database Server
Angelos BarmpoutisInformatics Department, School of Science Aristotle University of Thessaloniki
e-mail: [email protected]: http://users.auth.gr/angelbarVoice: +30 – 6972686728
Psifiak: http://www.psifiak.8m.com
Angelos Barmpoutis [email protected]
29
Web-based Authentication Technique for Systems without database Server
Thank you!