WEB-BASED INFORMATION SYSTEM SECURITY

Abstract

Abstract: Security of web-based information systems is a particularly pressing problem. It is reduced to methods and algorithms for providing each of the three security levels which every information system should have -authentication, authorization and data security. This article proposes algorithms for user authentication, authorization and data access which are combined in one complete algorithm for providing information system security. For user authentication, data from his/her digital certificate are also used. All requests sent to the system undergo filtering. Data are protected by means of a digital signature. The authorized user private and public keys are stored in a database. The public key is stored unencrypted, while the private key within it is written in the database in an encrypted form. The symmetric key for encryption and decryption of the user private key is generated using a specific algorithm. The algorithm may be realized in each web-based application regardless its particular intended use