The aim of this thesis was to redesign the session establishment mechanism of a large command and control system. In this context session establishment refers to starting an instance of the command and control system’s client application while authenticating its user to the command and control system’s application server. User authentication is performed using a smart card containing the user’s certificate.
The session establishment solution to be replaced was based on Java Web Start technology and a browser. A redesign of this solution was undertaken because it suffered from problems such as poor user experience, poor maintainability and complexity. Additionally, it made testing of the started application difficult and introduced a problem in which the application failed to open secure network connections using certificates stored in smart cards.
The architecture of the command and control system was explored to understand how the previous session establishment solution worked. The roles of smart cards, certificates and SSL-connections in user authentication were also identified. After gathering requirements, a new session establishment solution consisting of an authentication service, authentication client and application launcher was designed and implemented. Compared to the previous solution, it was found to achieve its targets by providing better maintainability, user experience and reliability
