| 摘要 |
Implementations of the present disclosure are directed to web-based authentication. Implementations include receiving user credentials at a browser, transmitting a first request to an application, the first request including a first user credential, receiving a first response, the first response including an encrypted server public key (SPK) and a user-specific salt value, decrypting the encrypted SPK to provide a SPK, the encrypted SPK being decrypted based on the user-specific salt value and a second user credential, determining a browser public key (BPK) and a client-side session signing key (SSK), encrypting the BPK to provide an encrypted BPK, transmitting a second request to the application, the second request including the encrypted BPK and a request signature, the request signature having been provided based on the client-side SSK, and receiving a second response, the second response including a response signature and indicating that a user has been authenticated by the application. |
