Improved client authentication using session authentication in the internet

Abstract

It is general process of client authentication for a user to gain authority by the user's ID and password. But using client's password is not always secure because of various security attacks of many opponents. In this paper, we propose an improved client authentication adding session authentication process to current systems based on user's ID and password. Before a client requests information processing to web application servers, the user acquire session password from authentication server. The session authentication procedure makes our systems secure during transaction processing by using duplicated password system. And using our proposed session authentication, we can detect intrusion during unauthorized client's transaction because we can know immediately using a stored session authentication password when a hacker attacks our network or computer systems. © Springer-Verlag Berlin Heidelberg 2003.