stackoom
  简体   繁体   中英

Java Applet for mutual authentication with smart card

 原文  2012-07-28 17:27:20       applet/ certificate/ smartcard/ mutual-authentication

Question

I need to develop a java applet, for a mutual authentication between Tomcat 6 (server) and a SmartCard " IDGo 300 " (client).

In order to do this I thought the following scheme:

  1. Tomcat (server) send to SmartCard (client) the request of his digital certificate (signed by CA).
  2. client enters PIN and selects an available certificate on the smart card, then the Applet sends his certificate (signed by CA) to tomcat. tomcat verifies the digital certificate and if correct sends back his certificate.
  3. The applet verifies the certificate of the server, and if the certificate is correct sends a confirm to server.
  4. The server gives full access to the client to use the web application.

I have some questions:

  1. Is this scheme feasible?
  2. I would like to manage everything through my applet and when the client disconnects the smart card he loses access to the server.

1 answers

solution1
 0  2012-07-29 12:20:17

Is it feasible? Yes. Is it practical? No. I would argue for a thick Java application instead.

First of all, you cannot authenticate by simply sending a certificate. You need something like a challenge-response as well (a signature created by the private key on the smart card after the PIN was entered).

Second, you need special permissions to use any hardware from an Applet. This means you have to alter the permission on the client or you may have to sign the Applet, after which the user has to accept the Applet for that specific task.

Applets have pretty specific lifetimes. You may not want to sync the removal of the card with the life cycle of an Applet. A user may block the response that is send when you disconnect. You can test if the card has been removed using waitForCardAbsent() in a separate thread.

If you cannot trust the connection (HTTP without SSL) then you cannot trust the Applet code. Users may not want to enter their PIN into untrusted code.

You will run into countless issues if you want to support multiple browsers and Java runtimes.

As a minor issue, the javax.smartcardio package may not always be available; it's not in javax for nothing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to install applet on smart card using java Cross platform Java Applet for Signing with a Smart Card add an applet to a smart card which does not support Java Card technology how to delete card manager applet on the smart card? Java card applet size Upload an Applet to a real smart card using APDU Sturdiness of an applet in Java Card Info card prioritizing -java flash card applet Cannot delete Java Card applet Java Card - Applet selection failed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM