A Web Client Authentication System Using Smart Card for e-Systems: Initial Testing and Evaluation

摘要

Although a number of techniques exist for authentication, web sites and web applications continue to use weak authentication schemes that are vulnerable for attack, particularly in e-commerce environments. These challenges are often occurred because of careless use of authenticators stored on the client-side. In this paper, we have developed a web client authentication system using smart card, called Dynamic HMAC Validation System (DHVS) to make sure that the requested confidential digital object is authenticated and hence no tampering can be performed upon it particularly at the client-side. The DHVS is based on HMAC technology where the key that is to be used for ciphering is dynamically generated every time the client sends a request. Our initial testing shows the DHVS could be able to authenticate multimedia content transactions and payment.