Security Solution for IC Smart Card Based on B/S

Recently, manyCommunitySome people ask about the IC card reading and writing in B/S. Of course, ActiveX is used. I don't know if there is any other good way.
But they all ignored a problem-security.
The IC card reading and writing in B/S must be completed using ActiveX. ActiveX is downloaded to each client and can be obtained by any user. If IC card security requirements are high, it is difficult to achieve perfection in the process of data encryption or password, because the Client ActiveX needs to be completed with scripts such as JS or vbs, client scripts are usually transparent, and a particularly secure B/S-based solution has not yet been found.

Two methods are used in actual application:

First: Use encryption and decryption technology
The process is as follows:
1. the user's browser sends a Webpage Browsing request.
2. The server generates a long random string a, records a, and writes the string in ActiveX parameters on the webpage.
3. the browser receives this page, displays it, and creates an ActiveX instance. The acrivex instance sends this string to the card reader, and the IC card uses its internalAlgorithm(Complex encryption such as private key encryption) to encrypt a, return string B to ActiveX instance.
4. When submitting a webpage, read B from the ActiveX instance and post it to the server.
5. After the server receives B, it uses the corresponding algorithm (such as Public Key decryption) to calculate Xa and compare? = Xa.

The second method is to use the M $ user authentication method.
The client first uses the IC card to log on to the local system (M $ has this interface), and then uses the M $ identity authentication mechanism to check whether the server is a specified user.

I personally think it would be better if you use the first one.