Web applications are becoming more and more prominent in our daily lives. A
challenge that follows is protecting these applications from unauthorised users. This paper
introduces a scheme for generating and verifying authentication codes, where these codes
can be implemented to restrict the access to only the intended users of the web application.
The scheme incorporates a changing key acquired from a secret key and a random number, a
symmetrical block cipher and the Message Authentication Code system to produce multiple
different authentication codes that are linked to each user’s personal identification. By
using cryptography, this design embeds mathematical structure within the codes, making it
superior to current database systems.