Versatile Authentication Methods for Web Applications
Airasvirta, Eero Johannes (2016)
2016
Automaatiotekniikan koulutusohjelma
Teknisten tieteiden tiedekunta - Faculty of Engineering Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2016-12-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201611244780
https://urn.fi/URN:NBN:fi:tty-201611244780
Tiivistelmä
Today various modern software applications are implemented as web applications. The applications are running on a web server and only the user interfaces and interactions are transferred over the internet. It is also very common that the applications have limitations that who can use them and therefore an access control system is needed. A usual way to limit the access is to show user a login page and require a correct combination of the username and password. Though this may be the most ordinary way, it is definitely not the most secure way.
When the security requirements for the system are higher, a better solution is needed. Fortunately, there are more secure ways to authenticate users. They include, for example, fingerprint scanning, voice recognition and smart cards. In this thesis we are concentrating on the last one of those: smart cards.
The purpose of this thesis is to investigate possibility of using smart card authentication in web applications. This thesis was written as a part of a customer project that also included a proof of concept system implementation and documentation. The authentication system was implemented as a feature to an existing web application. Objective of the project was to develop an end-to-end demo and to find out what would it need to productize such a system.
In the developed proof of concept authentication system, users were able to log in to the application by using smart cards. In the demo system, not all the features that would be needed for a complete smart card authentication solution were implemented but they were identified and documented. Implementing a complete authentication system would require a full infrastructure for managing the smart cards. With enough time it would be possible to develop such a system.
When the security requirements for the system are higher, a better solution is needed. Fortunately, there are more secure ways to authenticate users. They include, for example, fingerprint scanning, voice recognition and smart cards. In this thesis we are concentrating on the last one of those: smart cards.
The purpose of this thesis is to investigate possibility of using smart card authentication in web applications. This thesis was written as a part of a customer project that also included a proof of concept system implementation and documentation. The authentication system was implemented as a feature to an existing web application. Objective of the project was to develop an end-to-end demo and to find out what would it need to productize such a system.
In the developed proof of concept authentication system, users were able to log in to the application by using smart cards. In the demo system, not all the features that would be needed for a complete smart card authentication solution were implemented but they were identified and documented. Implementing a complete authentication system would require a full infrastructure for managing the smart cards. With enough time it would be possible to develop such a system.