Monday, February 27, 2017

Update for Nico 02/27/17-- Putting it all together

This week Hugo and I have made a lot of significant updates to our group's software. These updates were made to prepare to demo the application for our advisors, and to get the application ready to record a use video which we will present at SITE 2017 on March 09.

Between my last post and meeting with our advisors last Thursday, I rewrote our authentication generators to generate random output, made a webapp to generate attendance sessions with associated random authentication key, made verifying the authentication more generic by making it a simple string-comparison between the sent authorization and the session's auth key, and sent some simple JSON to the application. We presented this to our advisors, who asked that we prepare for a demo this Thursday.

Hugo and I spent several days outlining the JSON-based protocol by which the client and app communicate. Hugo also set up a SQLite database to test with before we move on to a MySQL database in the near future. We worked on the client and server over the weekend, and the server now verifies all four types of attendance methods, checks time stamps, logs in, modifies passwords, generates attendance sessions, displays dynamic course data, has test users for our advisors, uses a database table for all relevant data, no longer uses HTML Basic Authentication, and communicates all of this with the client fully using JSON. The server will also display authentication keys for each attendance session, and possibly also attendance logs for each student, before the end of today.

This means that we should be ready for a full demonstration-- the only issue is that some unknown configuration issue with the Tomcat server results in a crash each time a new .WAR file is uploaded, meaning we will simply demo the app on a local server. Less critically, the non-local server is unable to display generated pictures, meaning QR and Pattern authentication are temporarily unusable.

Besides fixing these two issues, I believe that the only tasks that must be completed between now and the user study are now:
  • Fix Pattern auth in the client
  • Changes necessary after moving to MySQL
  • Modifying our SQL create script to auto-generate student accounts
  • Writing a script to correlate research IDs with student IDs, for anonymity
  • Discovering whether any students are in multiple course
  • Generating a course/user junction table using these data and serving user-specific data to the client
  • Sending previous attendance data to the client and displaying these data
  • Checking Device IDs
Getting close! See you next week.
--Nico Ponder


Posted by at No comments:

Update 2/26/17

Work accomplished:
I have completed the NIH course, and tested the mobile application on iOS.

Goal:
This next week will be an important week since we are preparing to share the details of our work at the SITE conference. In addition to preparing for the conference, I will also begin working on material for the 2017 NMT student research symposium.

Outcome:
From the NIH course I have learned how to conduct human research in an ethical manner, and I understand my obligations to protect the rights and welfare of the subjects involved in human research.

-- Eugene
Posted by at No comments:

Monday, February 20, 2017

Update: Surveys and NIH course completion

As Hugo has already mentioned, last Thursday he and I decided on new URLs and their associated GET and POST methods and refined our object model to communicate course and attendance information between the client and server. This is to allow us to conduct a demonstration of an attendance session this Thurday, 2/23, to prepare us for our demonstration at the SITE conference and our user study. I have also completed the NIH Protecting Human Research Participants web course to make our IRB approval process more straightforward and to learn how to ethically conduct our research. I have also revised the entry and exit surveys we will be administering during our research to examine specific vectors more closely.

--Nico
Posted by at No comments:

Update: Network Interactions

Last Thursday, Nico and I refined the attendance tracking network protocol. We have taken the object model into account to create the set of resources that the server and client expect to send and receive.
  1. GET /login: when the client first connects, the server will send a course list or an HTTP status code indicating some sort of error.
  2. POST /create: the client will request a new account by sending an anonymous research ID (which every student in the study will receive) and a password. The server will respond with an HTTP status code to indicate success or failure.
  3. GET /attendance_log: the client will send a course ID when the user selects a course. The server will send list of attendance logs or an HTTP status code indicating failure.
  4. GET /take_attendance when attendance verification begins, the client will request a list of valid attendance methods. The server will send list of valid attendance methods or an HTTP status code indicating failure.
  5. POST /take_attendance: when the user fills out attendance verification, the client will send a JSON object containing verification information. The server will respond using an HTTP status code.
The connection will be performed over HTTPS using HTTP BA for authentication and TSL for confidentiality. Data will be transmitted in the JSON format. I have created prototypes for all the types of networking and data serialization/deserialization that the client and server must perform.  I'll implement our protocol on the client side and I'll help implement part of the networking code on the server.

-- Hugo
Posted by at No comments:

Sunday, February 19, 2017

Update: SRS

We will present our research at our university's Student Research Symposium (SRS). I have signed us up for a 1 hour long poster presentation. We must prepare a concise description of our attendance tracking system, its design, and our research results by April 20th.

http://infohost.nmt.edu/~srs/

-- Hugo
Posted by at No comments:

Update: Approving Our Research

I am submitting an IRB application as the principal investigator of our research project. The IRB is in charge of monitoring behavioral research involving humans; this includes software evaluation. We are avoiding collection of personal information by assigning students anonymous research IDs and we will not restrict our research to adult NMT students. Only the instructors will know the true identities of our participants. We have filled out the IRB Application and Form A and await approval before our tentative start date of March 20th

-- Hugo
Posted by at No comments:

Update: Using the System


This blog post summarizes the usage of our attendance tracking system. We have been testing it in order to make it usable for the study, and to keep information safe from leaks.

- it must be usable
- it must keep information safe from any unintended accesses (accidental or penetration, some subversions)

This should make students more willing to participate. The basic procedure for students is:

- download from Play Store (we'll support both x86 and ARM devices)
- or download to their laptop (which can run Linux, Windows, or OSX)
- on initial startup, students associate a password with their anonymous research ID
- students will use this password-ID pair to login on every startup
- students may click the bottom-most button until they reach the attendance verification screen
- students may review their list of classes and corresponding attendance records
- they finish by gathering and sending attendance evidence

The procedure for instructors is:

- download QR or Pattern image
- or copy pin or password
- display this code in a prominent location
- wait for students to register their attendance
- download attendance records as a CSV file from the server

We'll refine this process before we begin our experiment.

-- Hugo
Posted by at No comments:
Subscribe to: Posts (Atom)