Most of the applications we use on a daily basis are distributed systems that are composed of at least one client and server and are exposed to the Internet. This communication is based on an HTTP protocol, which is a stateless protocol. Because of its communication characteristics, developers are forced to implement a series of mechanisms to pursue user privacy, security as well as business features.
Modern social media applications such as Facebook have been using secure tokens as an authentication mechanism. These applications are relying on only one part of the approach, such as token mechanism generation. If the third party system does not consider another aspect of security, the authentication mechanism will fail unless we consider all the aspects in the user authentication process, as shown when Facebook shared private user tokens with unauthorized users. More than 50 million accounts were affected, and another 40 million could be affected as well. This work introduces a secure mechanism to identify the user in an enterprise/web application across all user interactions once the user has logged in. The system to be proposed creates a relationship between the user and the session management for each system. This project aims to show a different perspective based on a user-centered approach, where the approach is based on the user and its user access and not only on an ID/Token mechanism. The research proposes that the session manager mechanism can be more secure as well as the token-based mechanism. The approach integrates Blockchain technology for representing the relationship between the user and a system.
Computer Science (MS)
Department, Program, or Center
Computer Science (GCCIS)
Rajendra K Raj
Rodriguez Sosa, Ana Valentina, "An Authentication mechanism for stateless communication" (2019). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus