| 摘要 |
PURPOSE: A web module authentication system and method is provided to make a special server authenticate a web module, like an ActiveX control module, which is usually copied at a local PC and easily exchanged by a hacker in a conventional method. CONSTITUTION: The method comprises several steps. A client executes a web browser(101), accesses a web server and requests the web server to offer a web service(102). A symmetric authentication key generation module of the web server generates the first symmetric authentication key(103), interposes the first symmetric authentication key in a web page(104), and transmits the web page to the client(105). Then the client requests a web module to offer the second symmetric authentication key on the first one before passing user data to the web module(106). A symmetric authentication key generation module of the client generates the second symmetric authentication key(107), and the generated second symmetric authentication key is compared with the first one(108). In a case that the second symmetric authentication key is identical to the first one, the client passes the user data to the web module, and starts to receive a web service(109).
|
