Manualshelf

User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB Webidentity
21222324252627282930
23
5.3 Operation
For operating properly it is necessary to structure a website in such a manner as to be able to manage the following.
When a user is connecting to a protected web area, the WebIdentity Server requires the insertion of the device in the
client machine in order to verify the information contained therein. The operation is carried out with a
Challenge/Response protocol which enables authenticating the client without the information contained in the token
being transferred through the network. All WebIdentity-related information exchanged between the server and the client
do not require any particular communication protocol and therefore it is possible to use the same protocol of the
application. For web-based applications all transactions carried out for authentication, cryptography and remote control
are managed with http protocol, which is therefore portable and transparent for the various transfer systems. For
client/server applications it is possible to use a DCOM or CORBA for message exchange.
The following paragraphs exemplify WebIdentity authentication, cryptography and remote control operations.
In the following paragraphs the authentication mechanism is illustrated; no clear distinction is made between the
functions operated by the WebIdentity software and those carried out by the client application (typically a web
application): here attention is drawn to the operating process. As from paragraph 3 an example is provided about how to
carry out authentication with a web application; at this point the operations of the WebIdentity software and those
relating to the infrastructure will be manifest.
5.4 Authentication
The WebIdentity remote identification mechanism requires a client/server architecture.
Client and server establish a challenge/response dialogue, thus enabling the user’s remote identification and
guaranteeing secure access to confidential areas/information within the WebServer.
The operations involved are implemented by a ActiveX or by a Java class on the server side component, whilst for the
client side component by an ActiveX or a Plug In which communicates with the hardware token.
The following lay-out sums up the authentication operations via WebIdentity in a web ambit: