D. LALITHA et al: A NOVEL AUTHENTICATION PROCEDURE FOR SECURED WEB LOGIN USING COLOURED . DOI 10.5013/IJSSST.a.19.06.33 33.1 ISSN: 1473-804x online, 1473-8031 print A Novel Authentication Procedure for Secured Web Login using Coloured Petri Net D. Lalitha 1* , S. Vaithyasubramanian 2* , K. Vengatakrishnan 3 , A. Christy 4 , M. I. Mary Metilda 5 1, 2, 3, 5 Department of Mathematics, 4 Department of CSE Sathyabama Institute of Science and Technology, Chennai, India. * Corresponding Authors: 1 lalkrish2007@gmail.com, 2 discretevs@gmail.com 3 vengat0809@gmail.com, 4 ac.christy@gmail.com, 5 metilda81@gmail.com Abstract - To secure the information in the World Wide Web, websites ask users to create their own login identification and password, where in general a password is a simple string of characters. To make the information more secure, an access code of an array of alphanumeric and special characters can be generated by using a Petri net model. A string language can be generated by labelling transitions of a Petri net. Similarly two dimensional array languages can also be generated by Petri nets. Coloured Petri net has also been defined to generate array language. This kind of access would be a three factor authentication. In this paper we propose and develop the application of array generating Petri net to enhance information security. Keywords - Access Code, Array Languages, Coloured Tokens, Inhibitor Arcs, Information Security, Petri net, Three Factor Authentication I. INTRODUCTION Petri net [3] is one of many Mathematical models available to model distributed systems. Some of the components of such systems may exhibit concurrency and parallelism. Tokens in Petri net generally represent the resources required for activities to take place. All the tokens in a basic Petri net are black dots. In a complex system the resources may have different attributes. It is not possible to represent the various attributes of the resources by just black tokens. Hence the basic Petri nets are not suitable to model such systems. Several extensions of the basic Petri net are available in literature. In (CPN) Coloured Petri Nets[1, 2,4] tokens carry different values. String languages and two dimensional array languages have been discussed in detail in Formal Languages. Array language can be generated by a Petri net [5-9]. Tokens are rectangular or hexagonal arrays over a given alphabet. Catenation rules are defined as label of the transitions. When transitions fire the array grows in size and will reach the output place. When enabled transitions are fired, arrays move around. The set of arrays that reach the final places is defined as the array language generated by the net. Coloured tokens have also been used to generate arrays [5]. CPN is used to facilitate more control over firing and also to have more variety on the data to be used. The Petri net model introduced in this paper has tokens with three attributes. The first attribute gives the identification of the token. It is used to differentiate the various tokens, which may reside in the same place. The second attribute will signify the position of the token or the place in which it resides. The third attribute gives the value it takes at a given point of time. The transition gets enabled or disabled, depending on the conditions placed. The attribute of the tokens released will also depend on the conditions attached with the transition and also on the attribute of the tokens consumed. Password is in general a string of characters used for authenticity to gain access to any resource. To gain access the password entered by the user has to match with the original password created. Otherwise the resource becomes inaccessible. Passwords are generally short so that it can be easily memorized. The easier the password is to remember, the easier it is for the hackers to crack. Several papers have been published for tackling this issue [10-12]. The user has to balance between the necessity of a highly secure password and a password which can be easily recalled. Creating a string password could be like handling a two edged sword. The number of combinations to create a string password consisting of three lower case letters and two digitsis36 5 . For a cracker using a standard personal computer, the maximum time required to guess the password of length 5 is 1 second. The length of the password is also a factor involved in authenticating a string password. If six characters are to be used in a string password the number of combinations is 36 6 . As an alternative to alphanumeric password, array passwords were defined [9, 10]. If six characters are to be used in an array password, it can be created in 4 different ways. The array size could be 2 3 3 2 1 6 6 1     or or or . Hence there are 6 36 4  number of different combinations with 6 characters. Hence obviously it would take a longer time to guess an array password which is made up of the same number of characters as the string password. This paper is organized as follows. The second section defines the basic Petri net model which generates rectangular arrays over an alphabet. Examples are given to