Solved

Can you set a website to look for a USB security code before opening?

Posted on 2013-02-01
3
219 Views
Last Modified: 2013-02-16
Hi All,

Not 100% sure how to go about this one.

I am looking to secure a page on a web site, but what I am after is a way to make the web page look for a specific USB security key (like a hardlock of sorts) before the page will open.

Site is in PHP at the moment.

Is what I am after even possible? As i would prefer not to have the USB install anything onto their computer, I really just want it to look for the file that is hidden on the USB

Thanks

James
0
Comment
Question by:nullag
3 Comments
 
LVL 16

Accepted Solution

by:
choward16980 earned 250 total points
ID: 38845329
I recommend talking to the sales engineers here:

http://www.yubico.com/


I know the yubikey does what you want, just don't know how to explain it well..
http://www.yubico.com/products/yubikey-hardware/yubikey-nano/
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 38845607
You can't check a persons hardware directly using http.  So you are left with having part 2 of the security matrix of two factor identification (something you know and something you have).

This 2nd part could be an sms text message sent to their phone, the yubikey, RSASecurID or use a one-time pad

http://en.wikipedia.org/wiki/Two-factor_authentication#USB_tokens
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38846090
Whatever is in the file has to go over the network to the server which means I can capture it with a network scanner.  Is your method secure enough to not be broken by that?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now