Safety | problems | Reading and writing of IC card under the security B/s You need to use ActiveX to assist with the completion, ActiveX is downloaded to each client execution, any user can get the ActiveX. If the security requirements of IC card is very high, in the process of encrypting data or password is difficult to perfect, because the client's ActiveX needs to cooperate with the script such as JS or VBS to complete, and client script is usually transparent, currently has not found a particularly secure based on B/s solution.
There are two ways, the first
The process is as follows: 1. The user's browser sends a request to browse the landing page.
2. The server generates a long random string A and records a, which is written in the ActiveX parameters of the Web page.
3. The browser received the page, display, and create an ActiveX instance, the Acrivex instance will be sent to the card machine, IC card with its internal algorithm (complex such as private key encryption) to a encryption, return string B to the ActiveX instance.
4. When the Web page is submitted, read the B in the ActiveX instance and post it to the server.
5. After the server received B, using the corresponding algorithm (complex such as public key decryption) to calculate xA, compared to A?=xa, you know that is not legal landing.
The second method utilizes the M$ user authentication method.
The client first uses the IC card to log in to the local system (m$ has this interface), after that, use the m$ authentication mechanism, let the server check, is not the designated user.
Personally, it's better for you to use the first one.