This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The idea of this project is to enable photo applications to be connected to a Web-based map application (e.g. supported by Google Map) to show where the photo has been taken. However, the condition must be the viewer should satisfy the policy that is provided in the photo - A policy is an album that contains pictures and people that can access the album/policy. A user can have minimum of three (3) policies and a maximum of ten (10) policies. By default, there are three existing policies when a user registers on TourPicx and install the TourPicx mobile application
The scenario below describes the use of the application:
Alice is taking a photo with her family in Paris. She can take the picture using her Nokia N71 (or any other mobile phone that provides geolocation) and the photos can be uploaded (even automatically via 3G connection, for example) to TourPicx-Blog. These photos will be given a policy "for family only". Alice's family, Bob, can view these photos via his browser in Australia, since Bob owns the policy, which is "for family only". However, Charlie, who is not related to Alice, cannot view Alice's photo even though Charlie knows the location of Alice's blogs.
This project requires some knowledge on computer security. Therefore, it is recommended that all group members do CSCI361-Cryptography and later CSCI368-Network security. The group consists of 5 members.
The project scope requirements contain the functionalities of the new system. The project requirement or functionalities are described below:
The system will provide a registration form to store details for intending members of the TourPicx-Blog. All intending members have to register on the TourPicx-Blog first before they can use the TourPicx-Mobile software on their mobile phones.
Activation of Account
After registration, a message of confirmation will be sent to the user's provided email account with an activation code, the activation code must be entered in the space provided on the blog registration page to activate the account. A user who submits their details without activating their account will not be allowed to login to TourPicx-Blog, although the account can be activated within a period of six (6) months after which the account details will be deleted if it is not activated within that period.
Members will be able to access services by logging in. username or email and corresponding password must be correctly entered and authenticated to permit login.
A notification link will be provided. Users will be able to get relevant news on updates and other important information from this link.
A link will be provided for users where they can download TourPicx-Mobile and all relevant information necessary for the software to be properly installed on their mobile device.
On the home page of each member, a link to all their friends on the blog will be provided, and they can view each friend's blog by clicking on his/ her name or profile picture.
Add/ remove friends
Friends can be added or removed from the friend's list page/ column and the database will be updated immediately.
Policies can only be edited on the TourPicx-Blog i.e. members are allowed to add or remove people from their friends list under any policy and new policies can be created or removed from the TourPicx-Blog alone.
For ease of use, a page providing detailed answers and solutions to all frequently asked questions will be provided. Members and intending members can also post new questions here and we will reply the questions.
For users who have problem with the mobile application or the blog can contact any of the members via emails provided on the blog help page.
Each user has a wall where they can share activities, view recent friend activities or posts made by friends and make comments on friend's posts. Posts made by the user can be made public or private here.
Members will be allowed to post comments on pictures and wall post of their friends to provide a sense of interactivity among friends.
To access pictures, a user can go to their profile page and view pictures sent from their blog, the pictures sent from the blog are arranged in folders based on policies.
Members will be provided with a list of the locations where their pictures are in a drop down list to make it easy for them to locate their pictures on the map.
Detailed information about the developers will be provided on the TourPicx-Blog.
When users are through viewing, setting policies, adding/ deleting friends from their friend's list est. they can log out successfully.
Contains an overall summary of the blog functionalities and the security measures employed in securing pictures and location of users.
Mobile Phone functionalities
TourPicx-Mobile works with two modes; online mode and offline mode. In the online mode, users will be asked to login with their user name and password. If the login is successful, a page will appear where a user is asked to choose a policy with which they would like to take the pictures. If the login is not successful, the user will be notified with an error message and redirected to the login page. In the offline mode, pictures taken are saved in the user's mobile phone inside the TourPicx gallery directory; the user can send the pictures later from the gallery by sending captured images from the gallery but a login will be required.
Before any picture can be captured or uploaded using TourPicx-Mobile in the online mode, users have to be authenticated by entering a valid user name and password for security reasons.
Choose a Policy
After a successful login in the online mode, users will be directed to a page where they can choose a policy where pictures captured will be saved; they can also change a policy while capturing images by pressing the policy option while the camera is running.
Users can either continue capturing images or go to their gallery to view previously captured images in both online and offline mode. View Gallery option in online mode allows users to view previously captured images, send image with location and policy to the blog or go back to camera view and capture more images. View Gallery option in offline mode allows users to send picture to the blog which will require authentication or go back to camera view and capture more images.
Picture captured in offline mode can either saved to the users mobile phone alone (save location, image and policy to gallery) or discarded, while Picture captured in online mode can either saved to the users mobile phone alone (save location, image and policy to gallery), send (send to the blog without saving on mobile phone), save and send (saved to the users mobile phone and sent to the blog) or discard captured image.
When users are done capturing images and uploading them, they can logout successfully.
Photos captured will be named using date and time so every picture's name is unique.
Below are some security measures implemented during the development of this project;
The user password known by the user is not stored directly in our database, it is concatenated with a nine digit salt value which is automatically generated by a function, the concatenated value is then passed to a hash function and the result of the hash is then concatenated with the same salt value to make verification of the password easy.
Search for Friends
For search query on our blog to return a result, the user must enter a valid email address, this si to avoid giving out email of users to spammers or unauthorised parties; else the user can search by first name, last name or username
The database name and attributes are not given common names such as first name, last name, email to make it difficult to mimic the database attributes in case of attack. Authentication is also required to access the database so only authorized people can access the database.
SSL certificate signed by a valid certificate authority (Godaddy) was obtained by the group members to provide protection for confidential data, such as personal details or location, entered into our website. When users connect to our website (https://www.tourpicx.com ), the website encrypts the session with our digital certificate this means that the encryption using a private key/public key pair ensures that the data can be encrypted by our public key (shown in the certificate) but can only be decrypted by the private key.
We used various encryption methods to secure communication between the mobile phone application, blog and the database. A brief description of the application of the encryption methods are described below;
Key Generation and Exchange
System Architectural Design
Use case diagram
It is a behavioural diagram that describes the use-case view of the system. It is created and defined by analysis of the use-cases present the system architecture. This diagram depicts the graphical overview of the functionalities provided by the system in terms of actors, their function(s) and dependencies between identified use cases. It describes a set of scenarios that correspond to some important functionality.
Blog use case
Mobile Application Use case
It shows the major classes, attributes in each class and interaction between classes in the system. Some of the classes are grouped together in the class diagram in order to show the interactions between the major classes and some other classes. The classes represent main objects and main relationships in the system together with objects to be programmed.
Architecturally-Significant class diagrams description
Brief Description: User_Profile, this class contains nine attributes, all public attributes and it has direct interaction with four other classes; Category, Discussion_Comments, Policy, Connections
Brief Description: This class contains two attributes, all public attributes; email and username, and has only one interaction with the User_Profile class. There can be only two types of these class (child classes) User or Admin (Administrator).
Brief Description: This class contains three attributes; DF#, commented_by, DF_date, all attributes are public attributes. This class has direct interaction with User_Profile and Discussion_Forum class.
Brief Description: This class contains four attributes; DF#, Topic, Comments#, DF_date. It has direct relationship with Discussion_comments class.
Brief Description: This class contains five attributes; comment_id, photo_id commented_by, commented_date, Comments, allattributes are public. This class has direct interaction with Connections and Notifications class.
Brief Description: This class contains four attributes; Me_id, Connected_id, Status, Connection_date, all public attributes. It has direct interaction with Notification class.
Brief Description: This class contains four attributes; Notification, Notification_date, Comment_id, Connected_id, all public attributes. It has direct interactions with Photo_Comments and Connections class.
Brief Description: This class contains three attributes; Policy_code, Policy_name, Policy_owner, all public attributes. It is a Base class, and have four child classes, which Include; Family, Friends, Private and Public. It has direct interactions with User_Profile, Policy_Members and Policy class.
Brief Description: This class contains two attributes;Policy_code, Member, all public attributes. It has direct interaction with Policy class.
Brief Description: This class contains seven attributes, all public attributes. It has direct interaction with Policy class.
It depicts the graphical representation of activities in the system as they occur. It can be used to describe the operational stepwise flow of the system components and overall flow of control with support for iteration, concurrency and choice.