SCENARIO: ONLINE AUTHENTICATION AT MYBANK

In the following, the procedure of online authentication at MyBank is described.

The typical routine for logging into an Internet bank account starts once the credentials entered from the user have been retrieved. First, the username is validated. If the username is not valid, the routine is interrupted and the invalid username is logged. If the username is valid, the number of password trials is set to zero. Then the password is validated. If this is not valid, the counter for the number of trials is incremented and if lower than three, the user is asked to enter the password again, this time together with a CAPTCHA test to increase the security level. If the number of failed attempts reaches three times, the routine is interrupted and the account is frozen. Moreover, the username and password validation may be interrupted should the validation server not be available. Similarly, the server to test the CAPTCHA may not be available at the time of log in. In these cases, the procedure is interrupted after notifying the user to try again later. At any time during the log in routine, the customer may close the web-page, resulting in the interruption of the routine.

TASK 1

Develop a Petri net system that captures all the processes in the proposed scenario description. As this model will be used as a basis for implementing an information system to support MyBank's business, it must reflect the proposed scenario as close as possible. Ensure that your model is free of syntactic errors. The model must be semantically valid and complete as per the proposed scenario description, i.e., every execution sequence of your Petri net system must reflect a valid sequence of steps from the scenario description and every sequence of steps from the scenario description must be reflected in some execution sequence of your Petri net system.

TASK 2

Discuss limitations of Petri nets that you have experienced when capturing the proposed scenario description. Which aspects of the proposed scenario have found their representation in the Petri net system that you developed to accomplish Task 1 and which aspects were not captured? For every aspect of the scenario that was not (precisely) reflected in your Petri net system, explain why (in your opinion) Petri nets are not appropriate for modelling the respective aspect.

HAND-IN REQUIREMENT

Each submission must contain a declaration, signed by the student, stating that it is his/her original work (see Appendix A).

Sample structure for Assignment 2 report is provided below:
- Signed declaration form (see Appendix A).
- Cover page.
- Answer to Task 1, provided as a Petri net system.
- Answer to Task 2 (up to 500 words).
- Conclusion (summarize work done, you can also discuss the experience you have obtained and/or lessons you have learned while working on this assignment).

REVIEWS

We will not be remarking assessments. All assessments will have detailed feedback explaining the reasons for the marks allocated. If appropriate feedback is not given, the student should contact their tutor/relevant marker. However, if there is a unique situation where you feel that you have not been marked fairly, or that you require further explanation, then you must contact your tutor. You will have to provide a written application detailing the reasons for mark review.

MARKING CRITERIA

Task 1:

1) Proposed Petri net system has no syntactic errors, i.e., it follows the rules for constructing Petri nets.
2) Proposed Petri net system correctly captures the following process aspects:
a. Initial input of username and password
b. Handling of valid username and password entries
c. Handling of invalid username
d. Interruption upon unavailability of the validation server
e. Interruption upon unavailability of the CAPTCHA server
f. Handling of invalid password
g. Handling of three password entry attempts
h. Handling of account freezing upon three invalid password entries

Task 2:

Your answers to Tasks 1 and 2 must cover the proposed scenario, i.e., every aspect of the proposed scenario must be either modelled in your answer to Task 1 or discussed in your answer to Task 2. In addition, the ratio between the information from the proposed scenario reflected in your answers to Task 1 and Task 2 must be reasonable, i.e., all the information on process steps and their dependencies must be captured in the proposed Petri net system, while those aspects that were not captured in your model due to the limitations of Petri nets must be mentioned and discussed in Task 2. Your answer to Task 2 can be short (under 500 words), but must be precise.

APPENDIX A - DECLARATION TEMPLATE

By submitting this assignment, I am aware of the University rule that a student must not act in a manner which constitutes academic dishonesty as stated and explained in the QUT Manual of Policies and Procedures. I confirm that this work represents my individual effort. I declare that it does not contain plagiarized material.