How to design a piece of middleware that simplifies the login process

0 投票
最新提问 用户: (120 分)

Currently I have devices (labeled CD in the graphic) where users login via a web interface to get some work assignment from a server (labeled S). It is a robust touch device where it is cumbersome to type in the credentials. Basically, the server creates some HTML and the user hits a big next button. The scenario is shown in 1.

As one potential solution I have in mind that the users login via a desktop PC (labeled K). Some kind of middleware (labeled M) creates the session against the server (labeled S) and returns a simple 4 digit code. The user walks over to the workplace and types in the 4 digits in a web interface provided by the middleware. The middleware forwards every request from the user and every response from the server. The scenario is shown in 2.

It would be easier to move the session from the middleware to the users device, but as all connections are HTTPS I would have to transfer the master secret etc. and I guess that's close to impossible and probably stupid. But I could establish a connection between server and middleware and middleware and user device (back to back). The middleware would be a simple Java application running on a tomcat.

The questions are: Is the approach suitable or are there better ways to achieve more comfort during the login process for the users?

Current and proposed setup.

发表于 用户: (5.6k 分)
I built a system like this 22 years ago. It took eight weeks to build, and the architect four or five weeks to specify before that. Too broad.
发表于 用户: (100 分)
Picture link is dead

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。