As Oracle going to stop the Applet support from Java 1.9 , A 100% secure solution is needed to integrate a smart card reader into an enterprise application
- A https server is designed in a desktop application which handles the card reader communication
- The desktop application is signed with a proper private key
- If a user initiates a request from the browser to the webapp ,the webapp encrypts the request with the signed private key and a token as a response
- Then the browser pass it to the desktop app
- If desktop app able to decrypt then it will encrypt the card data with the token
- The browser will send then it to the server
- Based on the session and token id the server will respond positive or negative response
- Requirements to avoid fraud data and fraud desktop app