Client Authentication Model Using Duplicated Authentication Server Systems

摘要

In the Internet and distributed systems, we can always access many application servers for gaining many information or electronic business processing, etc. Despite of those advantages of information technology, there have been also many security problems that many unauthorized users attack our network and computer systems for acquiring many information or destroying our resources. In this paper, we propose a client authentication model that uses two authentication server systems, duplicated authentication. Before a client requests information processing to application web servers, the user acquire session password from two authentication servers. The proposed client authentication model can be used making high quality of computer security using the two authentication procedures, user's password and authentication password. The second password by two authentication servers is used in every request transaction without user's input because of storing to client's disc cache when a session is opened first. For more secure authentication we can close session between client and server if a request transaction is not created during a time interval. And then user will acquire authentication password again using logon to the authentication servers for requesting information processing. The client authentication procedure is needed to protect systems during user's transaction by using duplicated password system. And we can detect intrusion during authorized client's transaction using our two client authentication passwords because we can know immediately through stored client authentication password when a hackers attack our network or computer systems.