Check out the new USENIX Web site. next up previous
Next: The document transmission phase Up: The dynamic model Previous: The dynamic model

The authentication phase

The authentication phase commences by the client establishing a secured connection with the server within Plasma; to achieve this the application on client side calls the Plasma C-API function openSession(). For this the DName of the server is required which is inquired in the first request. The server's response contains the DName as well as a PIN form into which the user at the client side will enter his PIN.

Once the Session has been opened successfully, the client calls the authentication function for the sender side for the first time (PlasmaConnect()). The result is a Plasma token of the type X509 which is then sent to the server.

Upon receiving this Plasma token (X509) at the server side, a session is created within Plasma and the authentication towards the client is continued (first call of the authentication for the receiver side (PlasmaAccept()).

The exact flow of the protocol for authentication may be gleaned from Figure [*]. In this phase first the PIN form including the server DName will be transmitted to the client. Next the CGI programs X509_1.cgi and X509_3.cgi are called on the server side, which are sending different HTML pages to the client side; the first HTML page is only used for sending the hyperlink to the next CGI program (X509_3.cgi), the next page already present the offers of the server.

In this state only Plasma token of type X509 are transmitted - both applications have appropriate knowledge as to which API calls need to be performed when receiving Plasma tokens of this type.


next up previous
Next: The document transmission phase Up: The dynamic model Previous: The dynamic model
Annette Krannig
11/20/1997