EVENT ATTENDANCE SYSTEM USING ONE TIME ......The time also will be saved because the students do not...
98
EVENT ATTENDANCE SYSTEM USING ONE TIME PASSWORD (OTP) NURUL FARHANA BINTI BASAR BACHELOR OF COMPUTER SCIENCE (COMPUTER NETWORK SECURITY) UNIVERSITI SULTAN ZAINAL ABIDIN 2018
Transcript of EVENT ATTENDANCE SYSTEM USING ONE TIME ......The time also will be saved because the students do not...
EVENT ATTENDANCE SYSTEM USING ONE TIME
PASSWORD (OTP)
NURUL FARHANA BINTI BASAR
BACHELOR OF COMPUTER SCIENCE
(COMPUTER NETWORK SECURITY)
UNIVERSITI SULTAN ZAINAL ABIDIN
2018
EVENT ATTENDANCE SYSTEM USING ONE TIME PASSWORD (OTP)
NURUL FARHANA BINTI BASAR
Bachelor of Computer Science (Computer Network Security)
Faculty of Informatics and Computing
Universiti Sultan Zainal Abidin, Terengganu, Malaysia
AUGUST 2018
i
DECLARATION
I hereby declare that this report is based on my original work except for quotations
and citations, which have been duly acknowledged. I also declare that it has not been
previously or concurrently submitted for any other degree at Universiti Sultan Zainal
Abidin or other institutions.
________________________________
Name : Nurul Farhana Binti Basar
Date : …………………………….
ii
CONFIRMATION
This is to confirm that:
The research conducted and the writing of this report was under my supervision.
________________________________
Name : Dr Mohamad Afendee Bin Mohamed
Date : ..................................................
iii
DEDICATION
Assalamualaikum w.b.t, firstly I would like to express my gratitude to Allah the
Almighty for his grace and the Mercy in completing my project.
Then, I would like to thank my supervisor for this Final Year Project, Dr. Mohamad
Afendee Bin Mohamed for being a responsible and supporting lecturer to guide and aid
me towards the accomplishment of this project. Thank you for brainstorming the ideas
along the solution together for me illustrate the main idea and help in understanding my
project more.
Next, I would like to appreciate to all member of panels for their valuable feedback and
their comment on improving my project for better purpose especially during my project
presentation. All the comments and feedback help me improve a lot of my presentation
skills and my project progress.
Last but not least, a lot of thanks to my beloved mother and father, family and friends
for never ending support, encouragement and advice for brightening my spirit to
complete this final year project. A great thanks again for all of those who are involved
in my Final Year Project.
iv
ABSTRACT
In universities, there are many events that have been organized to the
student. This event helps the student to improve their knowledge and skill. By
attending the event, student shows that they are not only academically concerned but
also curriculum-oriented. Merit is important to universities students as their point to
stay in college. Most of these events are awarded with merit, so students who are
attentive to their merits may attend events held by universities to improve their merits.
Normally, the event attendance is using manual recording by using a piece of paper
and pen. This way is not systematically enough and not efficient. There are many
problems arise when using the manual recording. This manual recording consumes
more time because the attendees need to queue for a long time just to sign the
attendance. Besides, the event organizer also might spend hours checking and waiting
the attendees to sign at the door with a piece of paper or spreadsheet. As an alternative
to overcome the difficulties, Event Attendance System for Students Using One-Time
Password (OTP) is being developed so that there is no use of manual recording. The
event organizer does not need to provide paper and pen to do the manual recording.
The time also will be saved because the students do not need to queue just to sign the
attendance. This proposed system is using One-Time Password (OTP) and also Quick
Response (QR) code. OTP is a password that is valid for only one login session.
While QR code is the trademark for a type of matrix barcode (or two-dimensional
barcode) which contains the information about the item to which it is attached. The
attendance system is based on web system and also mobile application. OTP is being
used when student want to register for a first time. When the students are done doing
the registration, they will be given a password or code that valid only once to connect
them to the system. For recording the attendance, this system implemented QR code.
Once the students have scanned the QR code that being displayed at the event, their
attendance will be saved to the database automatically. As a conclusion, event
attendance system for student using OTP will be more efficient, accurate and
systematic than manual recording. This system also will contribute in improving the
event attendance system for students because of having the security element and also
the good authentication technique.
v
ABSTRAK
Di universiti, terdapat banyak acara yang telah dianjurkan kepada pelajar. Acara ini
membantu pelajar meningkatkan pengetahuan dan kemahiran mereka. Dengan
menghadiri acara tersebut, pelajar menunjukkan bahawa mereka bukan sahaja
berminat secara akademik tetapi juga berorientasikan kurikulum. Merit adalah
penting untuk pelajar universiti sebagai titik untuk tinggal di kolej. Kebanyakan acara
ini dianugerahkan dengan merit, jadi pelajar yang memperhatikan kebaikan mereka
boleh menghadiri acara yang dianjurkan oleh universiti untuk memperbaiki merit
mereka. Biasanya, kehadiran acara menggunakan rakaman manual dengan
menggunakan sekeping kertas dan pen. Cara ini tidak cukup sistematik dan tidak
cekap. Terdapat banyak masalah timbul apabila menggunakan rakaman manual.
Rakaman manual ini menggunakan lebih banyak masa kerana peserta perlu beratur
untuk masa yang lama hanya untuk menandatangani kehadiran. Selain itu, penganjur
acara juga mungkin menghabiskan berjam-jam memeriksa dan menunggu para
pelajar menandatangani kehadiran di pintu dengan sekeping kertas atau spreadsheet.
Sebagai alternatif untuk mengatasi kesukaran, Sistem Kehadiran Acara untuk Pelajar
Menggunakan Kata Laluan Satu Kali (OTP) sedang dibangunkan supaya tidak
menggunakan rakaman manual. Penganjur acara tidak perlu menyediakan kertas dan
pen untuk melakukan rakaman manual. Masa pendaftaran juga akan dapat
dipercepatkan kerana pelajar tidak perlu beratur untuk menandatangan kehadiran.
Sistem yang dicadangkan ini menggunakan kod Kata Laluan Satu Masa (OTP) dan
juga Kod Pantas (QR). OTP adalah kata laluan yang sah untuk hanya satu sesi log
masuk. Manakala kod QR adalah tanda dagangan untuk jenis kod bar matriks (atau
kod bar dua dimensi) yang mengandungi maklumat mengenai item yang dilampirkan.
Sistem kehadiran adalah berdasarkan aplikasi mudah alih. OTP sedang digunakan
apabila pelajar ingin mendaftar untuk kali pertama. Apabila pelajar selesai
melakukan pendaftaran, mereka akan diberi kata laluan atau kod yang sah hanya
sekali untuk menyambungkannya ke sistem. Untuk merakam kehadiran, sistem ini
melaksanakan kod QR. Apabila pelajar telah mengimbas kod QR yang dipaparkan di
acara tersebut, kehadiran mereka akan disimpan ke pangkalan data secara automatik.
Sebagai kesimpulan, sistem kehadiran acara untuk pelajar menggunakan OTP akan
lebih cekap, tepat dan sistematik daripada rakaman manual. Sistem ini juga akan
menyumbang dalam meningkatkan sistem kehadiran acara untuk pelajar kerana
mempunyai elemen keselamatan dan juga teknik pengesahan yang baik.
vi
CONTENTS
PAGE
DECLARATION i
CONFIRMATION ii
DEDICATION iii
ABSTRACT iv
ABSTRAK v- vii
CONTENTS viii
LIST OF TABLES ix
LIST OF FIGURES x
LIST OF ABBREVIATIONS xi
CHAPTER I INTRODUCTION
1.1 Project Background 1
1.2 Problem Statement 2
1.3 Objectives 3
1.4
1.5
Scopes
Limitation of works
3-4
4
1.6 Report Organization 5
CHAPTER II LITERATURE REVIEW
2.1 Introduction 6
2.2 Project and Research 7-21
2.3 Summary of Research Paper 22-27
CHAPTER III
METHODOLOGY
3.1 Introduction 28
3.2 System Requirement and Specification 29
3.2.1 Hardware 29
3.2.2 Software 30
3.3 System Design
3.3.1 Framework Design 31-32
3.3.2 Process Model 33-37
3.2.3 Data Model 38
vii
3.4 Algorithms 39-41
3.5 Summary 41
CHAPTER IV IMPLEMENTATION DAN RESULT
4.1 Implementation and Output 42
4.1.1 Deployment / Configuration 42
4.1.2 Interface
43-53
4.2 Testing 54
4.2.1 Types of testing 54
4.2.2 Test cases 55-61
4.3 Summary 62
CHAPTER V CONCLUSION 63
REFERENCES 64-66
viii
LIST OF TABLES
FIGURE TITLE PAGE
2.2.7.1 Summary comparison between time-based vs event-based
OTP
15
2.3.1 Summary of research paper 22-27
3.2.1.1
3.2.2.1
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
4.2.2.7
List of hardware requirement
List of software requirement
Test case for Admin Login
Test case for add update, delete, and view event
Test Case for Generate QR Code, View Attendance
Test case User Security One Time Password
Test case User Registration and Logout
Test case User View Event
Test case manage attendance
20
25
56
57
58
59
60
61
62
ix
LIST OF FIGURES
TABLE TITLE PAGE
3.3.1.1 Framework Design 32
3.3.1.2 Context Diagram (CD) 33
3.3.2.2 Data Flow Diagram (DFD) Level 0 34
3.3.2.3
3.3
4.1.2
4.1.2.a
4.1.2.b
4.1.2.c
4.1.2.d
4.1.2.e
4.1.2.f
4.1.2.g
4.1.2.h
4.1.2.i
4.1.2.j
Data Flow Diagram (DFD) Level 1
Entity Relationship Diagram(ERD)
Main Page Event Attendance Application
Admin Login
Add Event and View Event
Update and Delete Event
QR Code Generator
User Interface
User Registration
Implementation of One Time Password Algorithm
User View Event
Implementation of QR Code
Manage Attendance
35
39
44
45
46
47
48
49
50
51
52
53
54
x
LIST OF ABBREVIATIONS / TERMS / SYMBOLS
CD Context Diagram
DFD Data Flow Diagram
ERD Entity Relationship Diagram
FYP Final year project
OTP One Time Password
QR Code Quick Response Code
xi
LIST OF APPENDICES
APPENDIX TITLE PAGE
A Gantt Chart FYP 1 67
B Gantt Chart FYP 2 68
C One Time Password Code 69-76
D QR Code Scanner code 77-81
E QR Code Generator code 82-85
1
CHAPTER I
INTRODUCTION
1.1 Background
Traditionally, event attendance for students has been tedious, troublesome and
slow, as it uses the manual and traditional way of monitoring the attendance of the
students as regards to the event they will be attending. The attendees need to queue to
wait for their turns in order to check their name and matric number, also their sign using
pen and paper as a proof of their attendance in the event. The queues of students in
registration area cause delay of monitoring the attendance. Manual recording usage is
still applicable although they are not systematic and efficient enough to record the
attendance of students in the event. But now, almost every event attendance system can
be modernized. No more use of manual recording using pen and paper. Due to the
problems that arise, this paper has proposed a system which is Event Attendance System
Using One-Time Password (OTP). It comes with web based system and a mobile
application to record the attendance of students at the event systematically, accurately
and effectively. It implemented security element and algorithm approach which are
One - Time Password (OTP) and Quick Response Code (QR code). The registration is
based on One-Time Password. For recording the attendance, this system implements
QR code. This system acts as platform to monitor and manage the student attendance
in the event efficiently so that the students can be given with merit on every event that
they are attended. The merit also will be easy to calculate with this system. Then, with
this application, the student attendance can be recorded efficiently and easy to monitor.
2
1.2 Problem Statement
The problem that occurs makes this application develop which are:
i. The event attendance for student is taken manually using a pen and a piece of
paper that needed the student to check their name, matric no and do their sign
at the right place as a proof of their attendance in the event.
ii. The use of manual recording consumes more time because the attendees need
to queue for a long time just to sign the attendance. Sometimes, congestion
occurs at the attendance counter.
iii. The students that have been registered might absent and cheating by asking
their friends to sign for them to just get the merit point without attending the
event.
Because of this problem, a system and an application may be needed in order to record
the event attendance of the students more accurately without have to record it manually.
No more use of paper and pen. One-time password will be given on each registration
that has been made by the students while QR code will be displaying at the event hall.
This system will record the attendance of the student automatically and saved into the
databases when the students are scanning the QR code using their smartphone. This
system saved time, more efficient and also systematic.
3
1.3 OBJECTIVES
The objective is important to achieve the goal. The main objectives for this project are:
i. To study the feasibility of One-Time Password (OTP) and Quick Response
Code (QR code) technology in Event Attendance System.
ii. To develop the Event Attendance System for Students using One-Time
Password (OTP) and Quick Response Code (QR code).
iii. To evaluate the usability of Event Attendance System using One-Time
Password.
1.4 SCOPE
1.4.1 Scope of User
This application involves the admin and user.
1. Admin
- Insert, Create, Update and Delete the information of event
- Generate new code to verify and record attendance of the students
- View the details of student that have made the registration
2. End User
- Get up to date about new event and upcoming event that will be held
- Update the attendance to the event
- View the information related to event
- Scan the QR code that is being displayed
4
1.4.2 System Scope
The scope of system is:
1.4.2.1 User Registration
In the student registration form, the student has to enter phone number. The users only
register once using SMS verification and do not needs to login after complete the
verification.
1.4.2.2 Event Management System
Event Management System is a system which manages information of an event.
- This system shows event in the interface.
- Admin is allowed to add new event into the database
- Admin is able to edit event information in the database
- Admin is allowed to delete event information in the database
1.4.2.3 College event
The student can able to keep up to date the event management activities while admin
can keep update the new event and manage the college activity and event.
1.4.2.4 Event Attendance
Student can able to scan the QR code as their proof attending the event while Admin
can able to view and display the name of the students attending the event
1.5 Limitation of Work
Every application has their limitations which are:
i. Wi-Fi or Data Connectivity. This application can be access only when there is
a Wi-Fi connection or any data connectivity for performing client server
process, OTP and QR code authentication.
5
1.6 Report Organization
This report is divided into 5 chapters. Chapter 1, Introduction are discussing
about project background, problems statement, objectives of the project, scopes and also
limitation of work while building this project.
In Chapter 2 which is Literature Review, it explains the research about an
existing system. Methods and technique are studied to develop and implement in the
application.
In Chapter 3, it discusses about the methodology to be used in this project.
System requirement and specification also included in this chapter which is the list of
hardware and software. For system design, the framework design, process model which
is Context Diagram and Data Flow Diagram Level 0 and Level 1, and also data model
which is Entity Relationship Diagram is explained in this chapter. The algorithm used
is explain with more deep in this chapter.
In Chapter 4 involves implementation and testing whereby the application being
developed and implemented the method or algorithm and the process testing the
application. A few screenshot of application and test case that I have develop is provided
in this chapter.
Finally, in Chapter 5 which is conclusion and discussion. In this section, the
conclusion was made based on the result. This section also describes the achievement
of the expected results, expectations and suggestion for improvement and enhancement
to the result of proposed project.
6
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
This chapter will discuss and portrays the literature review for the Event
Attendance System for Students Using One-Time Password (OTP) that being
developed. Firstly, we need to understand what literature review is. A literature
review is about past research or recent research or what need to search or seek
the truth for the purpose portraying or illustrate the research problem, solutions
and the importance of seeking a solution. A literature review is not about
information gathering. In a given subject or chosen topic area, the literature
review shows in-depth grasp and summarize prior research that linked to the
research subject. Literature review involves the process of reading journals,
articles, book and research paper and later on analyzing, evaluating, and
summarizing scholarly materials about a specific topic. It can be guideline to
develop a new system so that the new system can provide a better and more
functional than the existing systems. The discussions about the new system are
done based on the literature review guidelines.
7
2.2 Project and Research
2.2.1 Event Management System
This paper [1] proposed to maintain the College Event information and organize the
event and to send the Student Registration time through sums with verification code to
the student using mobile application based on Android App. The Application is mainly
focused on Event based service to the company, College network in mobile application.
This application also helps to maintain the users account and its various details. The
main advantage of using this application is it reduces the direct communication to
student and avoids the mall function of the student to event join and participating for
android to android where ever it is. The database design and coding techniques has
highly enhanced and optimized. This makes the application an overall user friendly and
easy for naive users. This application being as a platform to know the events, to apply
for the events, and this application automatically generates Token Number to the
students via SMS during the registration of students including scheduled timings. To
understand use of this application, consider the flow of actions happening, by this
application college can register the students, after registering, college can login, after
login, college can post the Technical fest / event details including name, logo, address,
venue of the event, date, event conducting time, cost of events to participate etc.
students who are participating in the event can view details posted by the colleges.
Below is the module description for this project:
Admin Login: In the Admin login form, the administrator has to enter the
username and password to login into the event management system menu
form.
Main Menu: In the event management system main menu form, the menus are
split into event details, registration, token details and reports.
Event Details: In the event details form, it includes the event id, event name,
event organizer, and event fee and event contact number.
Student Registration: In the student registration form, the student has to enter
the student name, department, college name, email identification and the
phone number. The student details are allowed to store in the centralized
database with an automatic generated event id.
8
Token details: In the token details form, once the user enters the event id and
clicks the search button. The submitted query will be processed with the server
and the event name is displayed in the page screen.
As mentioned above, the event management system is useful for the students that help
the user to provide information regarding the event that are conducted in college. This
project also proposed a scope for future enhancements which are to add additional
functions to Android application such as improved user interface is deployment on the
Android market and to develop the event management application for the Blackberry
OS using principles of code reuse.
2.2.2 Android Application for Event Management System
This paper [2] discusses android application for event management system. The
proposed system is an application that is designed to manage and handle the events of
an organization. Mobile registration is the next generation of registration that leads
attractive way of event details delivery especially used in an organization. The
application provides portability as it is used on a mobile device and can be carried
anywhere. Since the application is used on android device, it improves connectivity
between the participants and the coordinators, thus the institution will be to provide
with more transparent system altogether. Not only does the connectivity improve, the
application also decreases a substantial amount of paperwork that is otherwise needed
for the daily tasks in an institution. It is a useful tool that can be used by all the members
of the institution, anywhere, anytime on an Android mobile device. Since the mobile
device makes all the tasks, there is no paperwork involved and it provides direct access
to the participants and coordinators. Direct access, here, means that the participants can
clarify their event details with the coordinators irrespective of where they are at a given
time. To design proposed project, smart phones with android operating system are
chosen because navigation rate of android OS is 70 percent. It is open source and free
ware. The application is consistent with all Android versions ranging from Gingerbread
2.3 to Lollipop 5.0.1, so that students who cannot afford to buy high end mobiles and
institutes located in remote, rural area can also take the advantage of this application.
The projects aim at designing an event app which could effectively manage the events
in an organization. This application contains the database which has the details of the
participants, their name, and the events they are willing to participate, their registration
9
id, and event details like day, venue, time, etc. Participants instead of registering in the
websites or using paperwork, they can simply use this mobile application to register.
After the comparisons done by the administrator they are provided with the unique id.
The advantage of application is that the existing system has been taken and made
portable by creating an application that can be used on a mobile device, both by
participants and organizers. Convenience is not only the key advantage for portability,
it also reduces the amount of paperwork by a substantial margin. Basically, the main
objective of android based event management system is to obtain the advantages on
hand-held devices like mobile devices which allow accessing the events at anywhere
and anytime by the participants. The application will not only help the participants to
obtain notifications from the admin, but it will also help the organizers by providing a
convenient system to communicate with the participants and inform them about
upcoming submissions and events.
2.2.3 UNIVERSITY SEMINARS ATTENDANCE CHECKING SYSTEM USING
QR CODE IMAGE SCANNER
This paper [3] discussed about seminars at universities or at any other organizations that
required having checking attendance list for their participant. From this way, teachers
and students can register their name for specified seminar at the same time that they
attend in the seminar hall. This new technique can be done by using QR Code Image
scanner and Mobile Smart Phone, which scan the displayed QR Code image on the
seminars Screen, before seminars Start. There are many drawbacks when using old
system or manual system. One of these drawbacks that can be seen through using old
system is that the attendees must wait till the sheet list of names reached to their desk.
Moreover, in some cases the list of the names may lose, and all the participants lose
their registration process. Another weakness point in this old technique is that required
that sometimes there are not enough spaces for other people to write put in their names,
which means lack of spaces. Also to those problems that face current registration
process there are some other main important issues that face this system:
1. Most of the universities in Kurdistan Region of Iraq (KRG), from example
University of Sulaimani, it is required as an obligation that their teaching staff
must attend seminars for collecting points for their QoS.
10
2. In some faculties, their QoS center still work with lots of papers and
documents. Also, each teacher that is a member of teaching the community in
the faculty must name which is stored in the QoS Database.
3. The number of paper works may exceed more than hundred teachers profile in
some colleges or faculties, and some them of the have more than five
departments. Also, in each department there are lots of teachers.
In the new proposed system, university academic staff must have their mobile
smartphones have been registered into the university's database. Thus, it is required that
the information of each university member staff mobile phone must be stored including
MAC Address and Phone number. All this information will be stored in the central
database that contains all the academic data, for instance, teachers and employee’s
personal information. Also, there will be a QR Code image will be displayed on
seminars screen before the seminar starts about 5 to 10 minutes. Moreover, this
opportunity will be given due to give sometimes for attendees to scan the displayed QR
code. This process of scanning the QR system can be held through mobile applications
that specified for scanning and decoding the Image. The purpose of doing image
scanning in beginning and the end of seminars is to restrict the attendees to stick to the
seminars to the end of the session. This is because of many attendees leave the seminars
just 5-10 minutes of starting seminars, which, in fact, the seminars session will last to 1
hour to 1hour and a half. There are also purposes of quality assurance (QAS) system.
This system is applied to all teachers in the many education organizations. So, it is
required from them to collect points as passive and active. With passive points, they
must attend as many seminars as possible to collect many points. In this research, it has
been concluded that the number of smartphone users is increased in different countries
and continents. This is the main reason that leads developers and research to include
most of their software development smartphones as mobile technologies. The
researcher has investigated that using QR Code scanning through Smartphones for
absent checking is valuable. Thus, due to capabilities to hold and interpret data
according the owner of the mobile devices. It means that every teacher in the university
will have their encoded data. So, the researcher reached to a point in research to restrict
to make fraud with seminar attendances and to make the restriction that attendees must
stick to the seminars session time completion. This paper also proposed future work that
will be possible to enlarge this system to cover a wider area of QAS for example,
11
teachers can check their point on a daily basis or weekly or even monthly. This will help
them to track their lack of points.
2.2.4 One-Time Password via SMS
This paper [4] describes a method of implementing two factor authentication using
mobile phones. The proposed system involves using a mobile phone as a software
token for One Time Password generation. SMS-based OTP is one of the most user
friendly multi-factor authentication mechanisms today that does not require an
additional device. One time passwords, or OTP, are used (as the name indicates) for
a single session or transaction. OTP SMS provides a 2 stage security while utilizing
Internet Banking. By using a one-time password that is sent to our mobile phone in
addition to our user ID and static password, you have a high level security. The
passwords generated by the OTP SMS are one time passwords. Meaning that the
OTP SMS password we have used for one of our transactions can't be used for a
second time by us or another person. One-time passwords sent over SMS (text
messages) were designed to prevent replay attacks and add an additional layer of
log on security. A unique password or code is sent to the user via text, and that code
must be entered along with a traditional username and password combination to
allow access to a site or authorize a transaction. OTP over SMS is a form of multi-
factor authentication. There are basically three types of one-time passwords. The
first uses a mathematical algorithm to generate a new password based on the
previous password. The second is based on time synchronization between the
authentication server and the user providing the password. The third uses a
mathematical algorithm, but the new password is based on a challenge and a
counter. Below is a list of these five different solutions, which serves as a
representative sample of all the different solutions that exist which are SMS
authentication with Session ID verification, One-time password from PC to SMS,
One-time password from SMS to PC, SIM strong authentication via mobile phone
and Software token in the mobile phone. This paper also shows the implementation
issue on how the software generates a one-time password. First the user registers in
the system control panel software that is installed on a server. Then the user by
pressing the request key (on the software installed on mobile embedded) one-time
12
password request is sent to the server. After a few moments the user request is
received by the server and then it will be checked and user authentication process
begins. After approval of the user identity, the server responds to user requests and
the user password requested will code by encryption algorithms, and it sent to the
user. Software installed on the user's phone has received one-time password and
then decode it and show it to the user. And the end, the user types the password
received in own panel. Server processes the user OTP password and in the case the
accuracy that allows the user to login to the user’s page. For conclusion, in this
paper, they have presented an application for one-time password generation and
transaction between server and mobile handset. The advantage of this application
compared to the similar software is using of highly complex and non-return
encryption algorithm, which relationship between user and network security is fully
guaranteed and the high flexibility of the software, enabling it to different
communication methods such as SMS and USSD.
2.2.5 Two Factor Authentication Using Smartphone Generated One Time
Password
This paper [5] explains a method of how the two factor authentication implemented
using SMS OTP or OTP generated by Smartphone- One Time Password to secure user
accounts. The proposed method guarantees authenticating online banking features are
secured also this method can be useful for e-shopping & ATM machines. The proposed
system involves generating and delivering a One Time Password to mobile phone.
Smartphone can be used as token for creating OTP or OTP can be send to mobile phone
in form of SMS. The generated OTP is valid for only for short period of time and it is
generated and verified using Secured Cryptographic Algorithm. A typical solution is
based on giving the user a hardware token that generates one-time-passwords, i.e.
passwords for single session or transaction usage. Moreover, token also have
disadvantages which include the cost of purchasing, issuing, and managing the tokens
or cards. In this paper, we propose a securely generated and verified OTP using
smartphone. Installing third-party applications allows mobile phones to provide
expanded new services other than communication. The use of mobile phone as a
software token will make it easier for the customer to deal with multiple two-factor
13
authentication systems and will also reduce the cost of manufacturing, distributing and
maintaining millions of hardware tokens. Sometimes OTP is sent to user mobile phone
as a SMS with Transaction details. For system design and implementation, they propose
a computer-based software token. This is supposed to replace existing hardware token
devices. The System involves generation of Secured OTP using Cryptographic
algorithm and delivering it to user’s mobile in the form of SMS or user can able to create
his own OTP using smartphone and validating the OTP using same Cryptographic
algorithm. The proposed system is secured and consists of two parts: (1) the server
software, (2) the client software: Client application on PC for transaction & android
application on smartphone for creating OTP. Two factor authentication methods have
recently been introduced to meet the needs of organizations for providing stronger
authentication options to its users. The proposed work focuses on the implementation
of two-factor authentication methods using mobile phones. It provides an overview of
the various parts of the system and the capabilities of the system. The proposed system
has two option of running, either using a free and fast connection-less method or a
slightly more expensive SMS based method. This paper also discussed about future
deployments that include a more user friendly GUI, extending the algorithm to work on
various mobile phone platforms. In addition to the use of Bluetooth and WLAN features
on mobile phones for better security and cheaper token generation.
2.2.6 TrustOTP: Transforming Smartphones into Secure One-Time Password
(OTP) Tokens
Nowadays, in this era of technology, there is an increasing number of enterprise
employees who need to remotely access the corporate networks and by the end of
2015, more than 1.3 billion workers worldwide will routinely work beyond the
traditional office environment. Moreover, around the same time, more mobile devices
are being widely used to perform business transactions by mobile workers. But
usually, enterprise have traditionally used two-factor authentication to secure
employee’s remote access to corporate resources. Due to this, OTP is widely adopted
by the enterprise in their two-factor authentication solutions. Time-based OTP
(TOTP) and HMAC-based OTP (HOTP) that is event based are the most popular OTP
used. Software-based OTP solutions cannot guarantee the confidentiality of the
14
generated passwords or even the seed when the mobile OS is compromise. Moreover,
they also suffer from denial-of-service attacks when the mobile OS crashes. In the
other hand, hardware-based OTP token can solve these security problems in the
software-based OTP, however, it is inconvenient for the users to carry physical tokens
with them. So in summary, this paper [6] proposed a new design of secure OTP
Tokens using smartphones which provides the flexibility of the software tokens and
hardware tokens. It's also capable of prevent all type of attacks from the malicious
mobile OS and still can continue to display the OTP even if the mobile crashes. This
new design also will provide trusted graphical user interface that display the OTP on
the same screen. This new design is already being implemented with TrustOTP
prototype and the evaluation results show that TrustOTP can work efficiently using
just a small amount of power consumption.
2.2.7 Time versus Event Based One-Time Password
In this paper [7], the researcher compares the two main approaches to one-time
passwords (OTP) which are time-based OTP and event-based OTP. Their main
conclusion is that they are very similar from both a security and usability perspective
(with each having slight advantages of a different nature). It is a well-known fact that
plain password-based authentication is highly problematic. Beyond the fact that many
users are not aware of the adversarial threats that exist and therefore engage in
insecure behaviour, it is often impossible for a user to remember all of her passwords.
A number of different authentication mechanisms are used today in order to alleviate
this problem. One-time-password authentication (or OTP) is just one of these
mechanisms. In this method, login is performed using a different, essentially random
password each time. The passwords are generated by a device, most commonly a
hardware token associated with the user, and so the password is not based on the
user’s memory. This greatly increases security. Furthermore, by adding a personal
secret PIN or password that the user needs to provide in order to authenticate, strong
two-factor authentication is achieved. There are two main approaches to OTP. In the
first approach, called time-based OTP, the one-time password changes at frequent
intervals (say, every two minutes). In the second approach, called event-based OTP,
15
the one-time password is generated by pressing a button on the OTP device. The
cryptographic mechanism underlying both approaches is the same. Each one-time
password is generated by applying a random-looking cryptographic function to a
unique series value. In the time-based case, the value is the current time. In the event-
based case, the value is a sequence number that is incremented with each button click.
We stress that each device is initialized with a secret key that makes prediction of the
one-time passwords infeasible to an outside attacker. The researcher also stress that
the current time and sequence numbers are not secret and the security rests on the
inability to predict the output of the cryptographic function on the current number due
to the secret key. Lastly, the researcher concludes that both OTP approaches greatly
enhance security beyond password-based authentication. From both a security and
usability perspective, time-based and event-based OTP mechanisms have distinct
relative advantages and ultimately we regard them as being equally effective. Below is
the summary of comparison between time-based versus event-based OTP.
Table 2.2.7.1 Summary comparison between time-based vs event-based OTP.
Security Convenience
Time-based OTP Pro: OTP values are valid for a
short period of time
Con: OTP values can be
obtained easily by a by-stander
Pro: The OTP value can be simply
read off the screen
Con: The OTP value may change
while it is being entered
Event-based OTP Pro: An attacker would need
undetected physical access to the
device
Con: An OTP value is valid
until a new OTP value is used
Pro: The OTP value is generated at
the user’s request; no value change
after a short amount of time
Con: The user must press a button
to generate the OTP value
16
2.2.8 Development of the online student attendance monitoring system (SAMS™)
based on QR-codes and mobile devices
This paper [8] thus outlines the development of an online student attendance monitoring
system (named (𝑆𝐴𝑀𝑆𝑇𝑀)) based on QR codes and mobile devices. This design was
chosen due to its simplicity and cost-effectiveness. The only equipment required by the
user (lecturers and students) is a mobile internet device such as a tablet computer or a
smartphone. This paper describes the overall architecture as well as the flow of its
implementation in the class room. The method of surveying the effectiveness and user
feedback of the system is also discussed. The main advantage of the system is a more
accurate and quicker method of recording and monitoring student attendance. With this
system, it will be quantitatively easier to discern the students based on their diligence
in attending classes, and thus also predict their performance due to the correlation
between attendance and academic performance. The researcher propose a QR-code
based system, in combination with mobile devices to display and scan the QR-codes.
This thus removes the need for any additional hardware, noting that in Malaysia there
is high ownership of mobile internet-capable devices, especially in the form of smart-
phones as well as high mobile internet usage, with an increasing aerial coverage and
penetration over time. This paper also discussed the early anecdotal and response to this
plan as well as initial performance tests and comparison with other systems. For the
design of the online Student Attendance Monitoring System (𝑆𝐴𝑀𝑆𝑇𝑀), the researcher
utilizes two technologies widely used at present, namely the Internet-enabled mobile
devices and QR codes. Student interaction with the system is through a unique QR code
that is reserved for each student. A QR code (quick response code) is basically a two
dimensional bar code. The QR codes that are generated for each student can be displayed
using a smartphone or printed if the student does not have a smart phone. When students
attend classes, the code will be scanned by lecturers using mobile devices such as
smartphones and tablets. The scanned QR codes will directly interact with the web-
based (𝑆𝐴𝑀𝑆𝑇𝑀) system and record the student attendance. The Student Attendance
Monitoring System (𝑆𝐴𝑀𝑆𝑇𝑀) itself consists of two main components the (𝑆𝐴𝑀𝑆𝑇𝑀)
server and the (𝑆𝐴𝑀𝑆𝑇𝑀) app. Access to the system is via a user name and
corresponding password. This is for security and also enables access for different
categories of users to the online system, for example a lecturer or system administrator.
17
The main page also offers a hint if a user forgets the user name or password. After the
student information has been updated, a unique QR code can be generated for each
student. The QR code is sent via email. Once all students have received their QR codes,
it can thus be used to record their attendance. The (𝑆𝐴𝑀𝑆𝑇𝑀) app is a dedicated
software application intended for better integration of QR code scanning with the
(𝑆𝐴𝑀𝑆𝑇𝑀) systems as a whole. An initial performance test has been performed by
measuring the response time of scanning QR codes on commercial mobile devices over
various networks. The tests were performed using a Ninetology Black Pearl II
smartphone over Wi-Fi and HSDPA as well as using a Samsung Galaxy Note II device
over 4G LTE. The response time depends on many factors such as the screen size (larger
screens may take longer), mobile device processing speed, network speed, camera speed
and user handling. In conclusion, with this system, the technology that is presently
widely used can be utilised so that students can benefit more from lessons by their
presence without burdening the instructors.
2.2.9 A Students Attendance System Using QR Code
This paper [9] proposes a system that is based on a QR code, which is being
displayed for students during or at the beginning of each lecture. The students will
need to scan the code in order to confirm their attendance. The paper explains the high
level implementation details of the proposed system. It also discusses how the system
verifies student identity to eliminate false registrations. With the widespread of
smartphones among university students, this paper addresses the problem of such a
waste in the lecture time and proposes a system that offers to reduce it. The proposed
solution offers a QR code for the students to scan it via a specific smartphone
application. The code along with the student identity taken by the application will
confirm the students’ attendance. This way, the system will save not only time but
also efforts that were supposed to be put by instructors during each lecture. It will
speed up the process of taking attendance and leave much time for the lecture to be
given properly. The proposed system also takes care of preventing unauthorized
attendance registration using multi-factor authentication. The proposed system lies
between online learning and traditional learning as a facilitation for the attendance
18
record-keeping process, in a way that enriches the lecture time so that it can better be
utilized in giving useful materials rather than wasting the time taking attendance. The
system requires a simple login process by the class instructor through its Server
Module to generate an encrypted QR code with specific information. During the
class, or at its beginning, the instructor displays an encrypted QR code to the students.
The students can then scan the displayed QR code using the system Mobile Module,
provided to them through the smartphone market by the university. Along with the
student’s facial image captured by the mobile application at the time of the scan, the
Mobile Module will then communicate the information collected to the Server Module
to confirm attendance. The whole process should take less than a minute for any
student as well as for the whole class to complete their attendance confirmation.
Smartphones may communicate with the server via either the local Wi-Fi coverage
offered by the institution or through the internet. the system is composed of two
modules which are the Server and the Mobile Modules. The Server Module performs
the following tasks which mediates students’ attendance requests with the eLearning
system, generates a QR code for the instructor, runs Identity check and runs Location
check. The Mobile Module is the part that students usually install on their smart
phones. The proposed system will need three steps from each student. These steps are
opening the application, capturing the face, and scanning the QR code. The system
uses multi-factor authentication to authenticate students. As conclusion, the
researchers have proposed a way to automate this process using the students’ devices
rather than the instructor’s device. The proposed system allows fraud detection based
on the GPS locations as well as the facial images taken for each student.
2.2.10 Android Application for Event Management and Information Propagation
This paper [10] intends to solve the problems of propagating news and information, and
also alleviate the problem of traditional event managing procedures such as lots of paper
work, or long queue at the registration desk. The objective of this project is to develop
an android application which provides interesting news and events. Moreover, users
will be able to manage their event participation, such as reserving their seats in events,
19
registering at the event site, and so on. More importantly, this application uses QR code
to provide an easy way to verify participants’ identity in an event. This application
focuses on solving problems of event registration and management by using QR code,
and also providing news, information of events, and project ideas which are the given
senior project topics for university students. First of all, users will be able to reserve and
manage their event participation via this application, also receive the QR code to
participate in each event after reservation. Additionally, this application provides
significant information and news of many interesting events from the event provider. In
conclusion, this application will help the event providers by using QR code in
verification. Moreover, it will provide significant information of each event and project
topics to users to be able to reach from anywhere, any time. This application system
consists of two main components which are front-end system and back-end system. The
Front-end System is the information displaying section which queries the data from the
remote database and also able to send data to be stored in the database. Moreover, the
staff side front-end system will send the participant information to the server to verify
their identity. The Back-end System is the database management section which always
interacts with the front-end system. Additionally, it will send the required data to
the front-end system whenever the request is sent. This application consists of six main
modules which are Authentication System, Member Management System, News
Management System, Event Management System, Project Ideas Management System,
and Administrator Management System. As conclusion, this application will provide
significant information of events in order to be easily reached by users and will be able
to manage their event participation. Additionally, this application can be used from
everywhere, anytime. More importantly, integrating QR code will provide more
convenience to handle events because it able to complete authentication in one scan.
20
2.2.11 QR code based secure OTP distribution scheme for authentication in
Net-Banking
In this paper [11], the researcher is presenting a new authentication scheme for secure
OTP distribution in net banking through QR codes and email. One Time Passwords
(OTP) is passwords which are valid only for a session to validate the user within
a specified amount of time. Hence for each session the user will be validated using new
OTP. They are also helpful in preventing replay attacks, phishing attacks and other
attacks on basic static passwords. QR codes are used to store textual information in the
form of images that can be read by any smart device including most mobile phones. QR
codes can be considered as two-dimensional bar codes. System consists of a web service
that will generate alpha-numerical OTPs using pseudo-random numbers and current
timestamp. Use of timestamp further assures security and uniqueness of OTP. The
alpha-numerical password string is then encrypted using Advanced Encryption
Standard (AES). The key for the algorithm will be ATM pin of the user since it is unique
for every user and can be obtained by Bank Server in every login session through
account number. The AES algorithm is used here since not only it provides higher
security but also it improves performance in such critical systems. The encrypted string
is then converted to QR image by the Bank Server. It is then sent to the concerned user
using email as transmission medium via SMTP. User then downloads the QR code
image and uploads it in standard application that is made available to him by net-
banking provider. The application provides space for QR image to be uploaded and user
then enters his ATM pin which is used to decrypt the string read from QR code. The
validation of the pin is carried out by sending request to the bank server. If the ATM
pin is entered correctly, application displays the OTP that was generated for the session.
User then enters the OTP for net-banking and completes authentication. Then any type
of transaction can be carried out online on the service provider website. Proposed
scheme has higher degree of complexity than all existing systems and clearly the time
required to crack the scheme will be more than the useful lifetime of OTPs. OTPs are
generated for a session and have a short lifetime. It’s not possible to use the OTP after
their expiry. Popularity of QR codes makes the method user friendly. The proposed
system satisfies the high security requirements of the online users and protects them
against various security attacks. Also the system does not require any technical pre-
21
requisite and this makes it very user-friendly. Hence, QR code proves to be versatile at
the same time beneficial for both the customers in terms of security and vendors in terms
of increasing their efficiency.
2.2.12 Online Banking Authentication System using Mobile-OTP with QR code
In this paper [12], the researcher proposes a new Online Banking Authentication
system. This authentication system used Mobile OTP with the combination of QR-code
which is a variant of the 2D barcode. The researcher propose Online Banking
Authentication System use Mobile OTP, one of the OTP generate device which has
same security as the existing OTP and with the convenience of mobile features, and the
used of semi-permanent. This reduction in acquisition costs as well as easy to download
the brother deployment, if the introduction of financial. In addition, user does not
require a separate cost except for the initial download costs.
22
2.3 Summary of the Research paper
Table 2.3.1 Summary of research paper
Author Title Description Advantage Dis
advantage
M.Mahalakshmi,
S.Gomathi and
S.Krithika
(2016)
Event
Management
System
The main idea of
this project is To
send the Student
Registration time
through sums
with verification
code to the
student using
mobile
application based
on Android App.
-It reduces the
direct
communication
to student
-Avoid the
mall function
of the student
to event join
and
participating
for android to
android where
ever it is.
Need
internet
connection
for some
applications
R Deepika1, R
Gayathri2, T
Saravanakumar3,
K
Vigneshwaran4,
K Vignesh5,
(2016)
Android
Application
for Event
Management
System
the main
objective is to
obtain the
advantages on
hand-held
devices like
mobile devices
which allow
accessing the
events at
anywhere and
anytime by the
participants.
-It will also
help the
organizers by
providing a
convenient
system
submissions
and events.
-It reduces the
amount of
paperwork by a
substantial
margin.
-
23
Miran Hikmat
Mohammed,
Baban, (2015)
University
Seminars
Attendance
Checking
System
Using
QR Code
Image
Scanner
Students can
register their
name for
specified
seminar at the
same time that
they attend in the
seminar hall.
-This new
technique can be
done by using
Mobile Smart
Phone, which
Scan the
displayed QR
Code image on
the seminars
Screen, before
seminars Start.
-Using QR
Code scanning
through
Smartphones
for absent
checking is
valuable.
-Thus, due to
capabilities to
hold and
interpret data
according the
owner of the
mobile devices.
-Teachers
cannot
check their
point on a
daily basis
or weekly
or even
monthly.
-They
cannot track
their lack of
points.
One-Time
Passwords via
SMS
One-Time
Passwords
via SMS
-This paper
describes a
method of
implementing
two factor
authentication
using mobile
phones.
-A mobile phone
as a software
token for One
Time Password
generation.
-Have a high
level security
-Prevent replay
attacks and
add an
additional
layer of log on
security.
-Use of highly
complex and
non-return
encryption
algorithm.
The shorter
the OTP
message,
the easier it
is to be
hacked.
24
Sagar
Acharya1,
Apoorva
Polawar2, P.Y.
Pawar3,
(2013)
Two Factor
Authentication
Using
Smartphone
Generated
One Time
Password
-The proposed
system
involves
generating and
delivering a
One Time
Password to
mobile phone.
Smartphone
can be used as
token for
creating OTP
or OTP can be
send to mobile
phone in form
of SMS.
The use of
mobile phone
as a software
token will
make it easier
for the
customer to
deal with
multiple
two-factor
authentication
systems.
-Reduce the
cost of
manufacturing.
-They have to
install OTP
generation
software in all
clients
mobile.
-both mobile
and server has
to be always
synchronized.
He Sun1,2,3,
Kun Sun1,
Yuewu Wang2,
and Jiwu Jing2,
(2015)
TrustOTP:
Transforming
Smartphones
into Secure
One-Time
Password
Tokens
-In this paper,
a secure OTP
solution that
can achieve
both the
flexibility of
software
tokens and the
security of
hardware
tokens by
using ARM
TrustZone
technology.
-Can prevent
all types of
attacks from
the malicious
mobile OS and
continue to
display the
OTP even if
the mobile OS
crashes.
-when the
mobile
operating
system is
compromised,
it cannot
guarantee the
confidentiality
of the
generated
OTPs or even
the seeds.
25
A. A. ABD.
RAHNI11,2,*,
N. ZAINAL1,2,
M. F.
ZAINAL
ADNA1, N. E.
OTHMAN3,
M. F.
BUKHORI1,2,
(2015)
Development of
The Online
Student
Attendance
Monitoring
System(𝑆𝐴𝑀𝑆𝑇𝑀)
Based on QR-
Codes and
Mobile Devices.
-They propose
a QR-code
based system,
combine with
mobile
devices to
display and
scan the QR-
codes.
-This design
was chosen
due to its
simplicity and
cost-
effectiveness.
The main
advantage of
the system is
a more
accurate and
quicker
method of
recording
and
monitoring
student
attendance.
-
Fadi Masalha,
Nael
Hirzallah,
(2014)
A Students
Attendance
System Using QR
Code
-This paper
proposes a
system that is
based on a QR
code, which is
being
displayed for
students
during or at the
beginning of
each lecture.
-The students
will need to
scan the code
in order to
confirm their
attendance.
-The system
will save not
only time but
also efforts
that were
supposed to
be put by
instructors
during each
lecture.
-It will speed
up the
process of
taking
attendance
-
26
Phanuphong
Hathaiwichian, Lapas
Siriwittayacharoen
Apinat
Wongwachirawanich,
and Chaiyong
Ragkhitwetsagul
(2014)
Android
Application
for Event
Management
and
Information
Propagation
-This project
alleviates the
problem of
traditional
event
managing
procedures
such as lots of
paper work,
or long queue
at the
registration
desk.
-This
application
uses QR
code to
provide an
easy way to
verify
participants’
identity in
an event.
-This
application
can be used
from
everywhere,
anytime.
-
Abhas Tandon1,Rahul
Sharma2, Sankalp
Sodhiya3,P.M.Durai
Raj Vincent4 , (2013)
QR Code
based secure
OTP
distribution
scheme for
Authentication
in Net-
Banking.
In this paper,
the researcher
is presenting
a new
authentication
scheme for
secure OTP
distribution in
net banking
through QR
codes and
email.
-The system
does not
require any
technical
pre-requisite
and this
makes it
very user-
friendly.
- QR code
proves to be
versatile at
the same
time
beneficial.
OTPs are
generated
for a
session
and have a
short
lifetime.
It’s not
possible to
use the
OTP after
their
expiry
27
Young Sil
Lee*, Nack
Hyun Kim**,
Hyotaek
Lim***,
HeungKuk
Jo***, Hoon
Jae Lee***
(2015)
Online
Banking
Authentication
System
using Mobile-
OTP with QR-
code
In this paper,
they propose a
new Online
Banking
Authentication
system.
This
authentication
system used
Mobile OTP
with the
combination
of QR-code
which is a
variant of the
2D barcode.
-One of the
OTP generate
device which
has same
security as the
existing
OTP.
-This reduce
in acquisition
costs.
-Barcode is
fast, easy,
accurate and
automatic data
collection
method.
-Barcode
enables
products to be
tracked
efficiently and
accurately at
speeds net
possible using
manual data
entry system.
-
28
CHAPTER 3
METHODOLOGY
3.1 Introduction
In this chapter, it will clearly define the flow of application with the methodology being
used in this project. The methodology is the description in the thesis to achieve the
object which is describing the way doing or the design for carrying out research of the
development of a procedure. Methodology is used to ensure the systematic process of
developing the project and perform theoretical analysis of the methods applied to a field
of studies. The methodology also must be able to solve all the problems arising in the
system analysis to ensure that this project is complete and able to work well. For this
project, waterfall methodology has been chosen. The phases of waterfall model are
requirement analysis, system design, implementation, testing, deployment and
maintenance. In requirement analysis, all possible requirements of the system to be
developed are captured in this phase and documented in a requirement specification
doc. For system design, the requirement specifications from first phase are studied in
this phase and system design is prepared. System design helps in specifying hardware
and system requirements and also helps in defining overall system architecture. It
involves the Context Diagram (CD), Data Flow Data (DFD) and Entity Relationship
Diagram (ERD). The next phase is implementation. With inputs from system design,
the system is first developed in small programs called units, which are integrated in the
next phase. Each unit is developed and tested for its functionality which is referred to
as Unit Testing. Then, testing phase is occurring. All the units developed in the
implementation phase are integrated into a system after testing of each unit. Post
integration the entire system is tested for any faults and failures. After testing is done,
the system is being deployed. Last is maintenance to measure the effectiveness of the
system.
29
3.2 System Requirement and Specification
System requirement is needed to achieve this project and assist the development of the
project that involves system requirement in hardware and software. All of these
elements are important in the process of development of this project. List of hardware
and software are shown as below:
3.2.1 Hardware Requirement
Table 3.2.1.1 below shows the list of hardware that are used in this project. Five types
of hardware are needed upon completing the application.
Table 3.2.1.1: List of hardware requirement
No Hardware Type
1 Laptop model Acer-Aspire E5-476G
2 Processor Intel® Core™ i5-8250U CPU @ 1.60Ghz
1.80Ghz
3 Memory 4.00 GB
4 Hard Disk 1.00 TB
5 Operating System version Windows 10/64-bit
30
3.2.2 Software Requirement
Table 3.2.2.1 shows the software that are used in this project development. Ten software
are used in order to build the application.
Table 3.2.2.1: List of software requirement
Num. Software Purpose
1. Android Studio IDE Android platform, design for Android
development
2. Notepad++ Cross-platform source code editor
3. Firebase One-Time-Password platform and QR Code
platform
4. Firebase Database Database for the application
5. Java JDK For developing Java application and applets
6. Google Chrome To download other requirements
7. Lucidchart.com To create CD, DFD, ERD
31
3.3.1 Framework Design of Event Attendance System Using One Time
Password(OTP)
Figure 3.3.1.1: One Time Password (User Registration)
For this project, One Time Password is being used as user registration. Firstly, user
must enter country code and also phone number. Server will save the registered phone
number. Then, the database will do mobile phone number lookup. Once the database
has found the mobile phone number, it will tell the server that the mobile phone
number is exist. Next, server will send One-Time Password to the mobile phone in the
form of SMS. After the mobile phone has received the One-Time Password, user will
enter the OTP to verify the user registration. For more details about how One-Time-
Password (OTP) works with Android will be explain in the algorithm section.
Step 1: Enter country
code and phone number
32
Figure 3.3.1.2: QR Code Data Flow (Attendance recording)
After the user has registered, the user can access the event system and apps easily.They
can view which event is available, the information of event that they want to participate
and many more. When they go to some events, attendance will be taken based on
scanning of QR code that is displayed at the event . In this project, the attendance
recording is based on QR Code scanning. Figure 3.3.2 shows QR code algorithm for
attendance recording. Database will create random number after admin generate the QR
code. Student will scan the QR code that contain random number. Then, the mobile
application will get IMEI number and random number from scanning of QR code. IMEI
(International Mobile Equipment Identity) is a unique number to identify GSM,
WCDMA, and iDEN mobile phones, as well as some satellite phones. Next, mobile
application will send the IMEI number and random number to the server. After that,
server will check either IMEI number exist or not. If exist, server will check random
number as well. Then, java session is created. Lastly, server will tell the mobile
application that authentication is okay and attendance will be record and save in the
database.
33
3.3.2 Process Model
3.3.2.1 Context Diagram
Figure 3.3.2.1 Context Diagram
As shown in figure 3.3.2.1, there is two entity involved which are admin and user. The
admin and user must register and login into the application. For admin, after admin
register into the application, admin must login with admin profile into the application.
If the login session success, all of the information that admin key in will be save in the
database. Password that admin use (static password) will be a “unique key” or ID for
the admin. After that, admin will be free to create any event, update and delete any
information. As for user, user will register into the application by using country code
and phone number by using method called One-Time Password(OTP). After that, user
will be given a six digits code as a ticket to enter into the application or event that have
been created by the admin. The six digits’ code will be sent via message. User will only
have one-time login session as the application using One-Time Password (OTP) for the
user. Apart from that, user can view all of the information that admin updated into the
application. For user, there is user attendance. The user attendance is based on the QR
code that will be scan by user at the event that they are attending. The attendance wil
be saved in the database.This application also have feedback section that is provided for
admin to check the event feedback info. User will give feedback and only admin can
view the feedback info.
34
3.3.2.2 Data Flow Diagram Level 0
Figure 3.3.2.2 Data Flow Diagram (DFD Level 0)
Data Flow Diagram (DFD) is a graphical representation of the flow data through an
information system. It shows how a system’s environmental entities, processes, and
data are interconnected and also the data is stored in the databases. It also shows what
kind of information will be input to and output from the system, where the data will
come from and go to and where the data will be stored. Figure 3.4.2.1 above shows
the DFD that consist of two entities and four processes. The two entities are admin
and user while the other four processes are register and log in, user attendance, create
and update event, event information, and event feedback. The first process that is
manage admin will involve admin. Admin to register and login into the application.
After admin register, admin profile will be save and the admin information will be
store in the login data store for admin. Second process will be the user attendance.
Only user will involve at this process as the user is the only one that need to scan QR
35
code to record their attendance when participating an event. After user has scan the
QR code, all the attendance database will be stored in the data store for authentication.
Third process will be managing event. Only admin will involve at this process as the
admin is the only one that can create and update the information. After admin already
created the event, all the databases about that event will be stored in the data store for
event. The next process is about the event information. At this point, only user will be
involving to view the event information details. All the event details will be retrieve
from the database event that is already been stored. The last process is all about the
event feedback. Both entities that is admin and user will be involve at this phase. User
will be the one that comment about the event management and the comment will be
stored in the data store named feedback. Admin can view all the comments by
retrieving the data from the feedback data store.
3.3.2.3 Data Flow Diagram Level 1
i. Manage Admin
Figure 3.3.2.3.1 Add and Update Admin
Manage Admin account allows admin to add profile and update profile.
36
ii. Manage Attendance
Figure 3.3.2.3.2 Verify Code and Count Attendance of user
Manage attendance allows user to input code and verify attendance
iii. Manage Event
Figure 3.3.2.3.3 Add, Update and Delete Event
Manage Event allows admin to add info, update info and delete info about event.
37
iv. Manage Feedback
Figure 3.3.2.3.4 Add and Update Feedback
Manage Feedback allows user to add feedback and update feedback.
38
3.3.3 Entity Relationship Diagram
Figure 3.3.3.1 ERD model for Event Attendance System Using One Time
Password(OTP) contains five entities and have their attributes.
39
3.5 Algorithm
3.5.1 One-Time Password Algorithm
For this project, the algorithm used for user registration is One-Time Password. One
Time Password is a password that is valid for only one login session or transaction.
OTP can be send to a mobile phone in the form of SMS. The types of the algorithm
used are Time –Based One Time Password. The server side has synchronized clock
which is will synchronize with client’s OTP clocks. In time-based OTP, each OTP
value is only valid for a short amount of time. Furthermore, only a single one-time
password appears on the screen at any one time and so it is not possible to obtain
future OTP values. In this project, user need to input country and mobile number and
One Time Password Server will generate One Time Password code. In order to record
the user registration, every user will generate random code for authentication. Admin
will monitor over the system from server side. The server will generate one random
code and authenticate the user registration. This approach provides security element in
preventing replay attacks, eavesdropping and any sensitive information being stolen
by the third party.
3.5.1 QR Code Algorithm
For this project, the algorithm used for recording user attendance is QR Code
Algorithm. A QR Code is a special type of barcode that can encode information like
numbers, letters and Kanji characters. There are seven steps in QR Code encoding
process which are data analysis, data encoding, error correction coding, structure final
message, module placement in matrix, data masking and format and version
information. A QR Code encodes a string of text. There are four modes for encoding
text in QR code which are numeric, alphanumeric, byte and Kanji. Each mode
encodes the text as a string of bits (1s and 0s), but each mode uses different method
for converting the text into bits. While UTF-8 can encode Kanji characters, it must use
three or four bytes to do so. Shift JIS, on the other hand, uses just two bytes to encode
each Kanji character, so Kanji mode compresses Kanji characters more efficiently. If
40
the entire input string consists of characters in the double-byte range of Shift JIS, use
Kanji mode. It is also possible to use multiple modes within the same QR code.
The next step is data encoding. In data encoding, there are four steps. First, choose the
error correction level. Second, determine the smallest version for the data. Third, add
the mode indicator and fourth, add the character count indicator. To choose the error
correction level, QR codes uses Reed Solomon error correction. This process creates
error correction codewords (bytes) based on the encoded data. A QR code reader can
use these error correction bytes to determine if it did not read the data correctly, and
the error correction codewords can be used to correct those errors. There are four
levels of error correction: L (recovers 7% of data), M (recovers 15% of data), Q
(recovers 25% of data) and H (recovers 30% of data). Then, count the number of
characters to be encoded to determine which is the smallest version that can contain
the number of characters for encoding mode and desired error correction level. Then,
we can add mode indicator which each encoding has a four-bit mode indicator that
identifies it. Next, add the character count indicator. The character count indicator is a
string of bits that represents the number of characters that are being encoded. The
character count indicator must be placed after the mode indicator. Furthermore, the
character count indicator must be a certain number of bits long, depending on the QR
version.The third step is error correction coding. As mentioned earlier, QR codes uses
error correction. This means that after create the string of data bits that represent the
text, then use those bits to generate error correction codewords using a process called
Reed-Solomon error correction. QR scanners read both the data codewords and the
error correction codewords. By comparing the two, the scanner can determine if it
read the data correctly, and it can correct errors if it did not read the data correctly.
The fourth step is structure final message. The data and error correction codewords
generated in the previous steps must now be arranged in the proper order. For large
QR codes, the data and error correction codewords are generated in blocks, and these
blocks must be interleaved according to the QR code specification. The fifth step is
module placement in matrix. After generating the data codewords and error correction
codewords and arranging them in the correct order, the bits must be place in the QR
code matrix. The codewords are arranged in the matrix in a specific way. During this
step, the patterns that are common to all QR codes will be place, such as the boxes on
the three corners. The sixth step is data masking. Certain patterns in the QR code
41
matrix can make it difficult for QR code scanners to correctly read the code. To
counteract this, the QR code specification defines eight mask patterns, each of which
alters the QR code according to a particular pattern. We must determine which of
these mask patterns results in the QR code with the fewest undesirable traits. This is
done by evaluating each masked matrix based on four penalty rules. The final QR
code must use the mask pattern that resulted in the lowest penalty score. The last step
is format and version information. The final step is to add format and (if necessary)
version information to the QR code by adding pixels in particular areas of the code
that were left blank in previous steps. The format pixels identify the error correction
level and mask pattern being used in this QR code. The version pixels encode the size
of the QR matrix and are only used in larger QR codes.
3.6 Summary
In this chapter, the methodology chosen is Waterfall Model which is suitable for my
project. System requirement includes hardware and software which are needed and
fulfils the project requirement. Android studios as a platform to develop an application.
Java Language is the universal language used in this project. System Design is
fundamental in building the project to more clear about the system. This project
accompanied by documentation for each requirement, which enables to review it for
validation. To show the flow of the project and the process of this project, context
diagram, data flow diagram, entity relationship diagram is shown in order to illustrate a
better understanding about this project. Furthermore, this chapter also stress out the
algorithm or method used that will be applied on this project.
42
CHAPTER 4
IMPLEMENTATION AND RESULT
4.1 Introduction Implementation and Output
The implementation process is must need a method to carry out, execute the project
after the system design. The system being implemented into a real prototype or integrate
software based service for the end-user. After implementation, the system testing is
executed to test the whole system for the functionality and credibility of the system
being developed. In this process, the algorithm or technique being applied along with
the development of the application. This chapter discusses the implementation,
deployment, and result of the entire application after being developed.
4.1.1 Deployment and Configuration
In this stage, the deployment takes place on deploy the system requirements to enable
development of this project. The hardware requirement being setup and testing either it
suitable and compatible with the project requirement. This project deployment uses
JavaScript to build the mobile application. For database, this project uses firebase as a
platform to save the database that need to configure and deploy to develop an
application. Firebase authentication is used to obtain One Time Password(OTP) during
user login session while firebase database is used to save all the information in this
application. All the process conducted involving software and hardware requirement
based on system design to ensure all meet the expectation.
43
4.1.2 Interfaces
The interfaces are a central part of android development application whereby shows the
flow of interfaces on an application.
Main Page
Figure 4.1.2 Main Page Event Attendance Management Application
Based on above figure 4.1.2, there are two modules which are admin and user.
44
4.1.2.1 Manage Admin
a) Login as admin
Figure 4.1.2.a Admin Login
Based on Figure 4.1.2.a, the Admin will need to Login with username and password
correctly.
45
b) Add Event
Figure 4.1.2.b Add Event and View Event
Based on figure 4.1.2.b, admin can add event information. A toast Event added
successfully will be given after added an event. Then, the new event will be displayed
below to be viewed by admin.
46
c) Update and Delete Event
Figure 4.1.2.c Update and Delete Event
Based on figure 4.1.2.c, admin can update and delete event. By long click at event, the
update and delete dialog will appear.
47
d) QR Code Generator
Figure 4.1.2.d QR Code Generator
Based on figure 4.1.2.d, admin will generate QR Code by entering text. QR Code will
be generating based on the text. A random no will be created automatically for every
generated QR Code.
48
Main Page User
e) Manage User
Figure 4.1.2.e User Interface
Based on figure 4.1.2.e, user can click at the register button to register and
click at login using otp to login.
49
f) User Registration
Figure 4.1.2.f User Registration
Based on figure 4.1.2.f, user need to enter full name, matric no and phone no to
register.
50
g) One Time Password Algorithm
Figure 4.1.2.g Implementation of One Time Password Algorithm
Based on figure 4.1.2.g, User need to find country name and input mobile phone to
request one-time password code. The server will receive the request from a user and sent a
code via SMS. The six digit will be send to the phone number and it will be detected
automatically. If not, user need to input the code to verified.
51
h) View Event
Figure 4.1.2.h View Event
Based on figure 4.1.2.h, user can view the vent that has been created by the admin.
52
i) QR Code Scanning
Figure 4.1.2.i Implementation of QR Code
Based on figure 4.1.2.i, user need to click scan button to scan the QR Code. The QR
Code generator that has been generate by admin will be scan by user using QR Code
Scanner. A toast of event name will appear. If event name that appear same as name
of event that user will be attending means that it is true. If user want to logout, user
can click at logout button.
53
j) Manage Attendance
Figure 4.1.2.j Manage Attendance
Based on figure 4.1.2.j, after user scan the QR Code and obtain the same name of
event, it will check either user exist or not. If user exist, the alert dialog will appear
shows that attendance confirmed. If not, the alert dialog will appear with caption user
is not registered.
54
4.2 Testing
4.2.1 Types of Testing
In system testing there are various types of testing can be used that meets user
requirements system’s testing. This types of testing must be suitable to test the
functionality of the whole application. The process of testing is testing module by
modules and evaluate the application to detect the differences of given input and
expected output, features of the application. The verification process is the process to
clarify application satisfies the all requirement of the project at the start of the
development phase. In meanwhile, the validation process is the process defines the
application meets the specified requirement at the end of the development phase. This
project tested by two techniques: black box testing and white box testing whereas focused
on design, interfaces, basic functionality, and security.
4.2.1.1 Black Box Testing
Black Box Testing which is known as Behavioural Testing is the method or technique
testing the internal structure or implementation or design of the application that is not
known to the tester. In other words, a method to test the application without knowing the
internal structure program or code. Supposedly, the testing is done as user’s point of view
without aware the background process that process input and output. This technique is to
detect error and dysfunctional in interfaces error, performance or behavioural error, error
in external database access or data structure of the application, interface error and
incorrect or missing functions.
4.2.1.2 White Box Testing
White Box Testing is the known as Code-Based Testing or Structural Testing in which is
the method or technique testing the internal structure or implementation or design of the
application that is known to the tester. In other words, it’s the methods or method based
on analysis focused on the system or the structure of the component. This testing is being
tested on the integration and involves the tester to possess the knowledge of the internal
structure program or code. This technique is to detect the flow of specified inputs and
output through the code, the incorrect or syntax error or poor performance in the coding
element, expected function and functionality on an individual basis.
55
4.2.2 Test Case
Test Case 1
Test Case Name: Login, Register and Log Out
Application: Event Management Application
Step Procedures Expected Result Result
1 Insert admin username and
password
Save the insert data into
database
Success
2 Insert correct username,
password for login
Verify the admin
Success
3 Click ‘Register,' ‘Login’
button .
Application redirect admin
to Login page after register
and Main page after login
Success
4 Repeat step 2 and 3 for login
using false username,
password.
Application display error
message.
Success
5 Log Out Account Log out redirected to Login
page.
Success
Precondition No credentials are currently login
Post-condition The Admin name, username, and password
saved in database.
Table 4.2.2.1 Test Case for Login, Register and Log Out
Based on table 4.2.2.1 only authenticate admin and verified admin can access to the
application
56
Test Case 2
Test Case Name: Add, Update, Delete and View Event List
Application: Event Management Application
Step Procedure Expected Result Result
1 Insert event information Save the insert data into
database
Success
2 View Success insert data
List view all data Success
3 Delete Event data
Deleted from list view Success
4 Update Event data
Updated from list view Success
5 Click ‘Insert,' ‘Update’ and
‘Delete’ button
A toast of event
added/update/delete
successfully will appear
Success
6 Empty any of field in Event
form
Display alert message
requires filling the field
Success
Precondition Admin is currently login
Post-condition Event details saved in database updated
details is updated in database and deleted
details removed from database.
Table 4.2.2.2 Test Case for Event List
Based on Table 4.2.2.2 Test Case for Event List, only admin can insert Event information,
view and delete Event information.
57
Test Case 3
Test Case Name: Generate QR Code, View attendance
Application: Event Management Application
Step Procedures Expected Result Result
1 Generate QR Code by
clicking ‘Generate’ button
Save the id of QR Code that
has been generated
Success
2 Long click at event to go
to generate QR Code page
Application redirect to QR
Code Generator page
Success
3 Empty the field that need
enter text to generate
Display alert message
requires filling the field
Success
4 Insert text to Generate QR
Code
The insert information will be
saved in the database
Success
5 Insert different text to
produce different QR
Code pattern
The masking pattern of QR
Code will change based on
input text
Success
6 Admin click at view
attendance button
Admin can view all the name
of user that has scan the QR
code for an event
Success
Precondition QR Code can be generated for every event
Post-condition QR Code details is saved in the database
Table 4.2.2.3 Test Case for QR Code Generator
Based on Table 4.2.2.3 Test Case for QR Code Generator, only admin can generate QR
Code for each Event.
58
Test Case 4
Test Case Name: User Security One Time Password
Application: Event Management Application
Step Procedure Expected Result Result
1 User Click Button ‘Login
Using OTP.’
Directed to One Time
Password page
Success
2 Select country and input
number phone and click
button ‘Continue’
Send verification code
Success
3 One Time Password code
send to user via SMS
User accepts the code
Success
4 User get the code and will be
detected automatically
Code and phone number
verified
Success
5 User get the code but not
detected automatically
User can input the code that
has been sent at SMS
manually
Success
Precondition
No credentials user being verify
No credentials user being verify
User is verified as per session
Table 4.2.2.4 Test Case for One Time Password
Based on Table 4.2.2.8, User must authenticate the number phone to pass the security One
Time Password. Unique generated code will be sent to the user via Short Message System
(SMS), and the user will be verified for the session.
59
Test Case 5
Test Case Name: User Registration and Logout
Application: Event Management Application
Step Procedure Expected Result Result
1 Insert user username,
matric number and phone
number
Save the insert data into
database
Success
2 Insert correct phone
number for login
Verify the admin
Success
3 Click ‘Register’ button Application redirect to user
registration page. After
register, a toast ‘Registration
is successful’
Success
4 Empty any of field in
User Registration form
Display alert message
requires filling the field
Success
5 Log Out Account
Log out redirected to Login
page
Success
Precondition No credentials are currently login
Post-condition New user username, matric number and phone
number saved in database
Table 4.2.2.5 Test Case for User Registration and Log Out
Based on table 4.2.2.5 only authenticate user and verified user can access to the
application
60
Test Case 6
Test Case Name: User View Event
Application: Event Management Application
Step Procedure Expected Result Result
1 User click on an event User will redirect to scan
page
Success
2 User long click on an
event
User can view all the
information about the event
Success
3 User click button
‘Feedback’
User can send feedback
about the event
Success
Precondition User Session
Post-condition All information including information
updated by admin can view by user
Table 4.2.2.6 Test Case for User’s Information Views
Based on Table 4.2.2.6 Test case for User’s Information Views, Users can see all
information, get up to date information and send feedback.
61
Test Case 7
Test Case Name: Attendance
Application: Event Management Application
Step Procedure Expected Result Result
1 User click Image Button
‘Scan’
Directed to Scan page
Success
2 User place the camera at
generated QR Code to
scan the attendance.
A toast of event name will
appear based on the QR Code
that is being scan.
Success
3 User scan the QR Code User will get alert dialog
‘attendance confirmed’ if event
name is same and user id is
exist.
Success
4 User scan the QR Code
but user is not registered
to the event
User will get alert dialog ‘user
is not register’ if phone number
is not exist.
Success
5 User scan the QR Code
but event name is not
same
User will get alert dialog ‘You
went to wrong event’ if event
name is not same.
Success
Precondition User number phone verified
Post-condition Attendance of user is saved
Table 4.2.2.7 Test Case for Attendance
Based on Table 4.2.2.7 Test case for Attendance, User needs a to scan QR code that has
been generated by admin by using QR Code Scanner to save the user attendance.
62
4.3 Summary
In this chapter whereby the implementation and testing take places. Implementation stage
is where process turn in system design into a prototype. In this step, the algorithm is
implemented. After this step, the testing phase takes places. Several testing being tested
on android application either meet the requirements. This chapter highlights the
importance of implementation phase which vital in the development and testing as
compulsory for checking the functionality of an application.
63
CHAPTER 5
CONCLUSION
In this chapter, conclusion about the contribution of this application and suggestion to
improve the application to be better in future. Event Attendance System Using One
Time Password(OTP) has met its objective by providing information to user about
event in universities and save the attendance of students to the event. This project
involved four phases which are the feasible study and literature review that study the
previous research or works. Secondly, the design and methodology phase which
includes Waterfall Model, system requirement, process model, data model, and
algorithm. This period compulsory for the next step which is implementation, testing,
and result. This phase involves the implementation of system design and algorithm
that develop the application into a prototype. Lastly, discussion and conclusion to
conclude the whole project. This project is expected to help all event management to
spread information and attract students to involve in universities event. For the future
works, this project hopefully develops further with an addition of group online chat
between admin and all user, and more with benefiting Application to easy the
management of an event.
This project expected to have a secure event management application using One Time
Password and QR Code. This project also will provide an easy access for the admin
and student involves reaching for the information about the event. Last but not least,
Event Attendance Application will help the students by spreading information about
an event and saves students and admin time while taking attendance.
64
REFERENCES
[1] M.Mahalakshmi, S.Gomathi and S.Krithika, “Event Management System”
International Journal of Trend in Research and Development, Volume 3(2), ISSN:
2394-9333, March-April 2016.
[2] R Deepika, R Gayathri, T Saravanakumar, K Vigneshwaran, K Vignesh, “Android
Application for Event Management System” International Conference on Systems,
Science, Control, Communication, Engineering and Technology 2016 [ICSSCCET
2016], February 2016.
[3] Miran Hikmat Mohammed, Baban, “UNIVERSITY SEMINARS ATTENDANCE
CHECKING SYSTEM USING QR CODE IMAGE SCANNER” International Journal
of Advance Research, IJOAR .org Volume 3, Issue 8, August 2015, Online: ISSN 2320-
9194
[4] Mohsen Gerami, Satar Ghiasvand, “One-Time Passwords via SMS” Bulletin de la
Société Royale des Sciences de Liège, Vol.: 85, 2016, p. 106 – 113
[5] Sagar Acharya, Apoorva Polawar, P.Y.Pawar, “Two Factor Authentication
Using Smartphone Generated One Time Password” IOSR Journal of Computer
Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 11, Issue 2
(May. - Jun. 2013), PP 85-90.
[6] He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing, “trustOTP: Transforming
Smartphones into Secure One-Time Password Tokens”, 2015.
[7] Andrew Y. Lindell, “Time versus Event Based One-Time Passwords” Aladdin
Knowledge Systems, 2007.
65
[8] A. A. ABD. RAHNI, N. ZAINAL, M. F. ZAINAL ADNA, N. E. OTHMAN, M.
F. BUKHORI, “DEVELOPMENT OF THE ONLINE STUDENT ATTENDANCE
MONITORING SYSTEM (𝑆𝐴𝑀𝑆𝑇𝑀) BASED ON QR-CODES AND MOBILE
DEVICES” Journal of Engineering Science and Technology Special Issue on UKM
Teaching and Learning Congress 2013, June (2015) 28 – 40
[9] Fadi Masalha, Nael Hirzallah, “A Students Attendance System Using QR
Code” (IJACSA) International Journal of Advanced Computer Science and
Applications, Vol. 5, No. 3, 2014
[10] Phanuphong Hathaiwichian, Lapas Siriwittayacharoen Apinat
Wongwachirawanich, and Chaiyong Ragkhitwetsagul, “Android Application for Event
Management and Information Propagation” The 2014 Third ICT International Student
Project Conference (ICT-ISPC2014).
[11] Abhas Tandon, Rahul Sharma, Sankalp Sodhiya, P.M.Durai Raj Vincent, “QR
Code based secure OTP distribution scheme for Authentication in Net-Banking”
International Journal of Engineering and Technology (IJET), ISSN : 0975-4024, Vol 5
No 3 Jun-Jul 2013.
[12] Young Sil Lee*, Nack Hyun Kim**, Hyotaek Lim***, HeungKuk Jo***, Hoon
Jae Lee***, “Online Banking Authentication System using Mobile-OTP with QR-
code”, 2015.
[13] Simplified Coding - https://www.youtube.com/watch?v=JZ8hwzBKsMM
Firebase Phone Authentication Android Tutorial
[14] Simplified Coding - https://www.youtube.com/watch?v=Fe7F4Jx7rwo
Android QR Code Scanner Tutorial using Zxing Library simplified coding.
[15] Simplified Coding - https://www.youtube.com/watch?v=e5pI6CSxAX8&t=30s
66
Android QR Code Generation Tutorial using Zxing Library simplified coding
[16] Simplified Coding - https://www.simplifiedcoding.net/firebase-realtime-
database-crud/ Firebase Realtime Database CRUD Operation for Android.
[17] Stack Overflow – check existing user
https://stackoverflow.com/questions/47893328/checking-if-a-particular-value-exists-
in-the-firebase-database?rq
[18] Inventory Management System -
https://www.youtube.com/watch?v=6BpQ8U2W-xo
[19] https://stackoverflow.com/questions/8800919/how-to-generate-a-qr-code-for-an-
android-application
[20] Android Studio - Phone Number Authentication with Firebase
https://www.youtube.com/watch?v=M0naRvxLE78&t=354s
67
APPENDICES
Week
Task
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Proposal title
discussion with
supervisor
FYP Title
submission and
abstract
problem
statement,objective,
scope and LR
discussion
Presentation 1
preparation
Presentation 1
FYP Proposal
Correction
Framework
Planning
Design CD, DFD,
ERD
Prepare
documentation of
propsal
Proposal slide
presentation
Designing the
interface
Final Presentation
FYP1
Report Submission
Final Submission
to Supervisor
Gantt chart (FYP 1)
68
Week
Task
1 2 3 4 5 6 7
Project Meeting
with Supervisor
Project
Development
Testing and
documentation
Project Progress
Presentation,Panel’s
Evaluation
Project
Development and
Testing
Presentation FYP 2
Send Full Report
FYP 2 to
Supervisor
Finalzing Report
and Documentation
of project
Report, Logbook
submission
69
EVENT ATTENDANCE SYSTEM USING ONE TIME PASSWORD(OTP)
One Time Password Code
activity_otp.xml
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:background="@drawable/images1"
tools:context="com.fypotpqr.test.Otp">
<RelativeLayout
android:id="@+id/relativeLayout"
android:layout_width="match_parent"
android:layout_height="200dp"
android:layout_alignParentTop="true"
android:layout_alignParentStart="true"
android:layout_marginTop="32dp">
<ImageView
android:layout_width="120dp"
android:layout_height="120dp"
android:layout_centerHorizontal="true"
android:layout_centerVertical="true"
android:background="@drawable/smartphone" />
</RelativeLayout>
<ImageView
android:id="@+id/imageView"
android:layout_width="match_parent"
android:layout_height="120dp"
android:layout_below="@id/relativeLayout"
android:layout_marginTop="-50dp"
/>
<TextView
android:id="@+id/textView"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="May I ask you phone number?"
android:textAppearance="@style/Base.TextAppearance.AppCompat.Large"
70
android:textColor="@color/colorPrimary"
android:layout_alignBottom="@+id/imageView"
android:layout_centerHorizontal="true" />
<LinearLayout
android:id="@+id/linearLayout"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:layout_below="@id/textView"
android:orientation="horizontal"
android:padding="15dp">
<Spinner
android:id="@+id/spinnerCountries"
android:layout_width="120dp"
android:layout_height="wrap_content" />
<EditText
android:id="@+id/editTextPhone"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:layout_weight="2"
android:digits="0123456789"
android:hint="Enter your number"
android:maxLength="10" />
</LinearLayout>
<Button
android:id="@+id/buttonContinue"
android:layout_width="150dp"
android:layout_height="50dp"
android:text="CONTINUE"
android:textAllCaps="false"
android:layout_below="@+id/linearLayout"
android:layout_centerHorizontal="true"
android:layout_marginTop="14dp" />
</RelativeLayout>
71
Otp.java
package com.fypotpqr.test;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.ArrayAdapter;
import android.widget.EditText;
import android.widget.Spinner;
import com.google.firebase.auth.FirebaseAuth;
public class Otp extends AppCompatActivity {
private Spinner spinner;
private EditText editText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_otp);
spinner = findViewById(R.id.spinnerCountries);
spinner.setAdapter(new ArrayAdapter<String>(this,
android.R.layout.simple_spinner_dropdown_item, CountryData.countryNames));
editText = findViewById(R.id.editTextPhone);
findViewById(R.id.buttonContinue).setOnClickListener(new
View.OnClickListener() {
@Override
public void onClick(View v) {
String code =
CountryData.countryAreaCodes[spinner.getSelectedItemPosition()];
String number = editText.getText().toString().trim();
if (number.isEmpty() || number.length() < 10) {
editText.setError("Valid number is required");
editText.requestFocus();
return;
}
String phoneNumber = "+" + code + number;
Intent intent = new Intent(Otp.this, VerifyPhoneActivity.class);
intent.putExtra("phonenumber", phoneNumber);
startActivity(intent);
}
72
});
}
@Override
protected void onStart() {
super.onStart();
if (FirebaseAuth.getInstance().getCurrentUser() != null) {
Intent intent = new Intent(this, UserView.class);
startActivity(intent);
}
}
}
activity_verify_phone.xml
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:background="@drawable/images1"
tools:context=".VerifyPhoneActivity">
<RelativeLayout
android:id="@+id/relativeLayout"
android:layout_width="match_parent"
android:layout_height="200dp"
>
<ImageView
android:layout_width="120dp"
android:layout_height="120dp"
android:layout_centerHorizontal="true"
android:layout_centerVertical="true"
android:background="@drawable/smartphone" />
</RelativeLayout>
<ImageView
android:id="@+id/imageView"
android:layout_width="match_parent"
android:layout_height="120dp"
android:layout_below="@id/relativeLayout"
android:layout_marginTop="-50dp"
73
/>
<TextView
android:id="@+id/textView"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Wait for the code I sent you..."
android:textAppearance="@style/Base.TextAppearance.AppCompat.Large"
android:textColor="@color/colorPrimaryDark"
android:layout_below="@+id/relativeLayout"
android:layout_centerHorizontal="true"
android:layout_marginTop="20dp" />
<TextView
android:id="@+id/textView1"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_below="@id/textView"
android:layout_marginLeft="20dp"
android:layout_marginRight="20dp"
android:layout_marginTop="5dp"
android:text="I sent you a code, it will be detected automatically but if it is
not detected you can put it below manually as well"
android:textAlignment="center"
android:textColor="@color/colorPrimary" />
<EditText
android:id="@+id/editTextCode"
android:layout_width="200dp"
android:layout_height="wrap_content"
android:digits="0123456789"
android:hint="enter code"
android:maxLength="6"
android:layout_marginTop="36dp"
android:layout_below="@+id/textView1"
android:layout_centerHorizontal="true" />
<Button
android:id="@+id/buttonSignIn"
android:layout_width="150dp"
android:layout_height="50dp"
android:layout_below="@id/editTextCode"
android:layout_centerHorizontal="true"
android:layout_marginTop="20dp"
android:text="SIGN IN"
android:textAllCaps="false"
/>
74
<ProgressBar
android:id="@+id/progressbar"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_below="@id/buttonSignIn"
android:layout_centerHorizontal="true"
android:visibility="gone" />
</RelativeLayout>
VerifyPhoneActivity.java
package com.fypotpqr.test;
import android.content.Intent;
import android.os.Bundle;
import android.support.annotation.NonNull;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.EditText;
import android.widget.ProgressBar;
import android.widget.Toast;
import com.google.android.gms.tasks.OnCompleteListener;
import com.google.android.gms.tasks.Task;
import com.google.android.gms.tasks.TaskExecutors;
import com.google.firebase.FirebaseException;
import com.google.firebase.auth.AuthResult;
import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.auth.PhoneAuthCredential;
import com.google.firebase.auth.PhoneAuthProvider;
import java.util.concurrent.TimeUnit;
public class VerifyPhoneActivity extends AppCompatActivity {
private String verificationId;
private FirebaseAuth mAuth;
private ProgressBar progressBar;
private EditText editText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_verify_phone);
75
mAuth = FirebaseAuth.getInstance();
progressBar = findViewById(R.id.progressbar);
editText = findViewById(R.id.editTextCode);
String phonenumber = getIntent().getStringExtra("phonenumber");
sendVerificationCode(phonenumber);
findViewById(R.id.buttonSignIn).setOnClickListener(new
View.OnClickListener() {
@Override
public void onClick(View v) {
String code = editText.getText().toString().trim();
if (code.isEmpty() || code.length() < 6) {
editText.setError("Enter code...");
editText.requestFocus();
return;
}
verifyCode(code);
}
});
}
private void verifyCode(String code) {
PhoneAuthCredential credential =
PhoneAuthProvider.getCredential(verificationId, code);
signInWithCredential(credential);
}
private void signInWithCredential(PhoneAuthCredential credential) {
mAuth.signInWithCredential(credential)
.addOnCompleteListener(new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
Intent intent = new Intent(VerifyPhoneActivity.this,
UserView.class);
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK |
Intent.FLAG_ACTIVITY_CLEAR_TASK);
startActivity(intent);
} else {
Toast.makeText(VerifyPhoneActivity.this,
task.getException().getMessage(), Toast.LENGTH_LONG).show();
76
}
}
});
}
private void sendVerificationCode(String number) {
progressBar.setVisibility(View.VISIBLE);
PhoneAuthProvider.getInstance().verifyPhoneNumber(
number,
60,
TimeUnit.SECONDS,
TaskExecutors.MAIN_THREAD,
mCallBack
);
}
private PhoneAuthProvider.OnVerificationStateChangedCallbacks
mCallBack = new
PhoneAuthProvider.OnVerificationStateChangedCallbacks() {
@Override
public void onCodeSent(String s, PhoneAuthProvider.ForceResendingToken
forceResendingToken) {
super.onCodeSent(s, forceResendingToken);
verificationId = s;
}
public void onVerificationCompleted(PhoneAuthCredential
phoneAuthCredential) {
String code = phoneAuthCredential.getSmsCode();
if (code != null) {
editText.setText(code);
verifyCode(code);
}
}
@Override
public void onVerificationFailed(FirebaseException e) {
Toast.makeText(VerifyPhoneActivity.this, e.getMessage(),
Toast.LENGTH_LONG).show();
}
};
}
77
QR Code Generator Code
QRCodeGenerator.xml
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:id="@+id/activity_artist"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:paddingBottom="@dimen/activity_vertical_margin"
android:paddingLeft="@dimen/activity_horizontal_margin"
android:paddingRight="@dimen/activity_horizontal_margin"
android:paddingTop="@dimen/activity_vertical_margin"
android:background="@drawable/images1"
tools:context="com.fypotpqr.test.QRCodeGenerator">
<TextView
android:id="@+id/textViewEvent"
android:padding="@dimen/activity_horizontal_margin"
android:textAlignment="center"
android:textAppearance="@style/Base.TextAppearance.AppCompat.Large"
android:textStyle="bold"
android:layout_width="match_parent"
android:layout_height="wrap_content" />
<EditText
android:layout_below="@id/textViewEvent"
android:id="@+id/editTextName"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter Text To Generate" />
<LinearLayout
android:orientation="horizontal"
android:id="@+id/linearLayout"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:layout_below="@id/editTextName">
</LinearLayout>
<Button
android:id="@+id/buttonAddTrack"
78
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="GENERATE"
android:layout_below="@+id/editTextName"
android:layout_alignParentEnd="true" />
<View
android:layout_width="match_parent"
android:layout_height="1dp"
android:layout_marginTop="155dp"
android:background="@android:color/black"
android:id="@+id/view" />
<LinearLayout
android:layout_width="match_parent"
android:layout_height="500dp"
android:layout_below="@+id/view"
android:id="@+id/linearLayout2">
<ImageView
android:layout_width="match_parent"
android:layout_height="match_parent"
android:id="@+id/image"/>
</LinearLayout>
</RelativeLayout>
QRCodeGenerator.java
package com.fypotpqr.test;
import android.content.Intent;
import android.graphics.Bitmap;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.text.TextUtils;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.ImageView;
import android.widget.ListView;
import android.widget.SeekBar;
79
import android.widget.TextView;
import android.widget.Toast;
import com.google.firebase.database.DataSnapshot;
import com.google.firebase.database.DatabaseError;
import com.google.firebase.database.DatabaseReference;
import com.google.firebase.database.FirebaseDatabase;
import com.google.firebase.database.ValueEventListener;
import com.google.zxing.BarcodeFormat;
import com.google.zxing.MultiFormatWriter;
import com.google.zxing.WriterException;
import com.google.zxing.common.BitMatrix;
import com.journeyapps.barcodescanner.BarcodeEncoder;
import java.util.ArrayList;
import java.util.List;
import static com.fypotpqr.test.R.id.editTextName;
import static com.fypotpqr.test.R.id.text;
public class QRCodeGenerator extends AppCompatActivity {
Button buttonAddTrack;
EditText editTextName;
TextView textViewEvent;
Button gen_btn;
ImageView image;
String text2Qr;
DatabaseReference databaseTracks;
List<Track> tracks;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_event);
Intent intent = getIntent();
/*
* this line is important
* this time we are not getting the reference of a direct node
* but inside the node track we are creating a new child with the artist id
* and inside that node we will store all the tracks with unique ids
* */
databaseTracks =
FirebaseDatabase.getInstance().getReference("tracks").child(intent.getStringExtra(M
80
ainActivity.EVENT_ID));
buttonAddTrack = (Button) findViewById(R.id.buttonAddTrack);
editTextName = (EditText) findViewById(R.id.editTextName);
image = (ImageView) findViewById(R.id.image);
textViewEvent = (TextView) findViewById(R.id.textViewEvent);
tracks = new ArrayList<>();
textViewEvent.setText(intent.getStringExtra(MainActivity.EVENT_NAME));
buttonAddTrack.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
text2Qr =textViewEvent.getText().toString().trim();
MultiFormatWriter multiFormatWriter = new MultiFormatWriter();
try {
BitMatrix bitMatrix = multiFormatWriter.encode(text2Qr,
BarcodeFormat.QR_CODE, 200, 200);
BarcodeEncoder barcodeEncoder = new BarcodeEncoder();
Bitmap bitmap = barcodeEncoder.createBitmap(bitMatrix);
image.setImageBitmap(bitmap);
} catch (WriterException e) {
e.printStackTrace();
}
saveTrack();
}
});
}
@Override
protected void onStart() {
super.onStart();
databaseTracks.addValueEventListener(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
tracks.clear();
for (DataSnapshot postSnapshot : dataSnapshot.getChildren()) {
Track track = postSnapshot.getValue(Track.class);
tracks.add(track);
}
}
81
@Override
public void onCancelled(DatabaseError databaseError) {
}
});
}
private void saveTrack() {
String trackName = editTextName.getText().toString().trim();
if (!TextUtils.isEmpty(trackName)) {
String id = databaseTracks.push().getKey();
Track track = new Track(id, trackName);
databaseTracks.child(id).setValue(track);
Toast.makeText(this, "QR Code Generator is saved",
Toast.LENGTH_LONG).show();
editTextName.setText("");
} else {
Toast.makeText(this, "Please enter name", Toast.LENGTH_LONG).show();
}
}
}
82
QR Code Scanner code
activity_scan_qr.xml
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:id="@+id/activity_main"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:paddingBottom="16dp"
android:paddingLeft="16dp"
android:paddingRight="16dp"
android:paddingTop="16dp"
android:background="@drawable/images1"
tools:context="com.fypotpqr.test.ScanQR">">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="QR Code Scanner"
android:textSize="25dp"
android:id="@+id/textView5"
android:layout_alignParentTop="true"
android:layout_centerHorizontal="true"
android:layout_marginTop="35dp" />
<Button
android:layout_width="150dp"
android:layout_height="70dp"
android:text="SCAN"
android:id="@+id/scan_btn"
android:layout_centerVertical="true"
android:layout_alignParentStart="true" />
<Button
android:id="@+id/buttonLogout"
android:layout_width="150dp"
android:layout_height="70dp"
android:text="LOGOUT"
android:textAllCaps="false"
android:layout_alignTop="@+id/scan_btn"
android:layout_alignParentEnd="true" />
</RelativeLayout>
83
ScanQR.java
package com.fypotpqr.test;
import android.app.Activity;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import android.text.TextUtils;
import android.view.View;
import android.widget.Button;
import android.widget.Toast;
import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.database.DataSnapshot;
import com.google.firebase.database.DatabaseError;
import com.google.firebase.database.DatabaseReference;
import com.google.firebase.database.FirebaseDatabase;
import com.google.firebase.database.ValueEventListener;
import com.google.zxing.integration.android.IntentIntegrator;
import com.google.zxing.integration.android.IntentResult;
public class ScanQR extends AppCompatActivity {
//we will use these constants later to pass the artist name and id to another activity
public static final String EVENT_NAME = "com.fypotpqr.test.eventName";
public static final String EVENT_ID = "com.fypotpqr.test.eventId";
public static final String USER_NAME = "com.fypotpqr.test.UserName";
public static final String USER_ID = "com.fypotpqr.test.UserId";
private Button scan_btn;
DatabaseReference databaseAttendance;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_scan_qr);
scan_btn = (Button) findViewById(R.id.scan_btn);
final Activity activity = this;
scan_btn.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
IntentIntegrator integrator = new IntentIntegrator(activity);
84
integrator.setDesiredBarcodeFormats(IntentIntegrator.QR_CODE_TYPES);
integrator.setPrompt("Scan");
integrator.setCameraId(0);
integrator.setBeepEnabled(false);
integrator.setBarcodeImageEnabled(false);
integrator.initiateScan();
}
});
findViewById(R.id.buttonLogout).setOnClickListener(new
View.OnClickListener() {
@Override
public void onClick(View v) {
FirebaseAuth.getInstance().signOut();
Intent intent = new Intent(ScanQR.this, home2.class);
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK |
Intent.FLAG_ACTIVITY_CLEAR_TASK);
startActivity(intent);
}
});
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
IntentResult result = IntentIntegrator.parseActivityResult(requestCode,
resultCode, data);
if (result != null) {
if (result.getContents() == null) {
Toast.makeText(this, "You cancelled the Scanning",
Toast.LENGTH_LONG).show();
} else {
Toast.makeText(this, result.getContents(), Toast.LENGTH_LONG).show();
DatabaseReference rootRef =
FirebaseDatabase.getInstance().getReference();
DatabaseReference userNameRef = rootRef.child("users").child("Nurul
Farhana");
ValueEventListener eventListener = new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
if(dataSnapshot.exists()) {
//create new user
new
AlertDialog.Builder(ScanQR.this).setTitle("Attendance").setMessage("User is not
85
registered to this event").setNeutralButton("Close", null).show();;
}
else{
new
AlertDialog.Builder(ScanQR.this).setTitle("Attendance").setMessage("Attendance
Confirmed").setNeutralButton("Close", null).show();;
}
}
@Override
public void onCancelled(DatabaseError databaseError) {}
};
userNameRef.addListenerForSingleValueEvent(eventListener);
}
} else {
super.onActivityResult(requestCode, resultCode, data);
}
}
}
![[Sales & Services]castle.com.my/download/CD/Brochure/Time Attendance/Time Attend… · Attendance Managemnt System (TAMS), Real-Time Acquisition and Access Control System. Attendance](https://static.fdocuments.in/doc/165x107/5f3b8b79471e674e3831c85a/sales-services-attendancetime-attend-attendance-managemnt-system-tams.jpg)
