Traditional password entry schemes are susceptible to shoulder surfing in which an attacker watches an unsuspecting user enter their password or PIN number and uses it later to gain access to the account. One way to combat this problem is with a randomized challenge-response system. In these systems, the user enters different information every time based on a secret in response to a randomly generated challenge. Consider the following scheme in which the password consists of a five-digit PIN number (00000 to 99999). Each digit is assigned a random number that is 1, 2, or 3. The user enters the random numbers that correspond to their PIN instead of their actual PIN numbers. For example, consider an actual PIN number of 12345. To authenticate, the user would be presented with a screen such

as: PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 3 2 3 1 1 3 2 2 1 3

The user would enter 23113 instead of 12345. This does not divulge the password even, if an attacker intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439. The next time the user logs in, a different sequence of random numbers would be generated, such as: PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 1 1 2 3 1 2 2 3 3 3 The user would enter 12312, instead of 12345. Note: This is how the program suppose to work: When the user is prompted with, "Enter code:", the user must enter the five (5) digits in the NUM row that are in positions of "PIN" row of the digits of the of the actual password coded in the program. See the sample below, for the password 99508.

The correct entry digits for the password 99508 are:

position 9 (in PIN), which is 1 (in NUM),

position 9 (in PIN), which is 1 (in NUM),

position 5 (in PIN), which is 1 (in NUM),

position 0 (in PIN), which is 3 (in NUM),

position 8 (in PIN), which is 2 (in NUM)

The display screen will be: PIN : 0 1 2 3 4 5 6 7 8 9 NUM: 3 1 2 3 3 1 3 2 2 1 Enter code: 11132 Correct! You may now proceed. Write a class Authenticates, to implement the above description. Also, write a class AuthenticateDemo to use the Authenticate class, which contains only a main method, to simulate the authentication process.

Note: 1. The implementation of this application is for an assumed fixed five digit actual PIN/Password for the user. No need to prompt the user to enter his/her actual PIN/ Password.

2. Implementation Notes: A. Declare in Authenticate class, with

I. At least a default constructor

II. A private array to store an actual fixed five digit PIN/Password number, as an instant variable.

III. A private array to hold randomly generated digits, as an instant variable.

IV. A private array to hold the digits entered by the user to authenticate, as an instant variable.

V. The program should use an array to assign random numbers to the digits from 0 to 9.

VI. Flow of the program - calls from the main method of the AuthenticateDemo class:

A. Output the random digits to the screen,

B. Input the response from the user, and

C. Output whether or not the users response correctly matches the PIN number.

These steps/actions are interpreted as the following calls and/or actions:

A. Display "PIN : 0 1 2 3 4 5 6 7 8 9", to the screen

B. call a method, genRandomNum(random_nums), to generate random numbers, store, and return the array.

C. call a method, printRandomNum(random_nums), to display "NUM:" and the random digits, to the screen. Make sure these numbers are lined-up with numbers in PIN.

D. call a method, inputUserEntry(entered_digits), to prompt, " Enter code: " and get user's response, and then, display proper message, if or not the users entered response correctly matches the PIN number.

BY JAVA PLEASE DO NOT COPY AND PAST. IT IS DIFFERENT FROM THE HOMEWORK IN THE BOOK.