Integrating Smart Card Authentication to Web Applications

Using personal smart cards for authenticating with web services (like cloud storage) is not trivial due to the lack of open-source implementations, standardization, and documentation. In this paper, we explore the current possibilities of such operation and provide an example solution based on the Estonian Web-eID tool-set. Its primary purpose is to enable state-issued electronic ID cards. However, thanks to its extensibility and being an open-source solution, it is suitable even for custom-built web applications and smart cards. We present an extension of this repository in the form of a highly requested new authentication token validation library for PHP language, a Nextcloud application enabling Web-eID 2-factor authentication, and a new JavaCard applet fully compatible with the Web-eID solution. We use these results for a multi-academical project focused on the secure handling and storing of electronic evidence. We also present implementation results with the developed open-source JavaCard applet and evaluate the potential Czech electronic ID for the Web-eID system for easier and faster deployment in the future. Our contributions aim to help developers implement this strong-authentication method in their web application services using a high-level solution without relying on actual state-issued or proprietary solutions.