Solved

Copy data from USB Token

Posted on 2013-05-10
9
2,626 Views
Last Modified: 2013-05-12
Hello,

I need to use a Token to access a website, from a gov website. I need to enter the eleven usb token to access the info and I´m affraid of loosing one of them, is there a possible solution to clone these tokens at the PC, so that´s not necessary to use the physical token?

They do not have password, only the usb token like a pen drive.

Thanks, sorry for my bad english.
0
Comment
Question by:Rodrigoferra
  • 4
  • 2
9 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155765
This sound like you are asking for a hack around security.  That would be a violation of the site terms of service, and an Expert who posted such a hack could be suspended.

If there is some legitimat reason for trying to bypass security, then you will need to give a lot mor detail about what you are doing and why you need this.

Cd&
0
 

Author Comment

by:Rodrigoferra
ID: 39155818
Yeah, it sounds like a hack, but it´s for a white solution! Wich detail can I pass to validate this question?

The certificates are mine, I just thought that virtualizing the tokens as drivers at my machine would do the job, but has no idea how to do it and if it´s possible.

The tokens have PIN, I think that this is the security....
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155848
I've posted a request to have a moderator look at the question, because I'm not sure it can be answered without posting a security bypass that would violate site rules, and I have no way to know if you are doing something to your own property, or if you are trying to hack something... no offense intended.

Cd&
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39155851
Usually, no.

Some open source tokens make it possible to extract the secret info, and others (such as RSA) allow you *if you have access to the server side data* to emulate a token in software. but most don't allow you to remove the secret data from the token, ever.

normally a token is what is called a "cryptographically secure pseudorandom number generator"- which means, there is a block of random(ish) data stored on the chip, and a real time clock, and the chip takes the clock data and the random data and hashes it a few dozen times, then takes the lowest 'n' digits of the result to display (or make available via usb)

tokens that have such numbers are of this type.

an alternative type is what is called a pkcs#15 secure pki token - this is the same as an x509 key and certificate (such as is used for https servers) but stored on a token which will allow you to download the certificate *and* upload a hash, to download a signature from that hash. Again, these will usually not allow you to access the actual key, just use it via the contact points (or usb, in those that have a direct usb port)

if you can identify the type of token, we might be able to help further, but I am not holding out much hope. These things are *designed* to not allow you access to the secret data, as doing so removes the purpose in having them.
0
 

Author Comment

by:Rodrigoferra
ID: 39156180
@DaveHowe I think you get the point, it´s a PKCS#15, they are token with digital signatures, but the system requires it to be accessed, so it´s possible to confirm username and digital certificate. These kind of token I´m using here.

If it´s not possible to extract it, I will need more USB ports in my machine to let it! I´m kind of trainee here, so I do the job that no one want to do...

@COBOLdinosaur no offense at all, I think if there is a possibility, it´s necessary to share then we can be able to avoid. The token has so many security, a USB/Card and the PIN, it´s like a credit card, you need, sometimes, the card and the password or the security code! Here in Brazil we usually need a sequence of chars to validate it.

THanks for the tips, any other information?
0
 

Author Closing Comment

by:Rodrigoferra
ID: 39156404
Defined the necessity and reply with tecnology information.
0
 

Author Comment

by:Rodrigoferra
ID: 39158847
Ok, I´m new to all this tecnology involving security, I´m working with PKCS#11 too... I don´t know where to ask for security question without being censured.

But ok, thanks! Best regard´s.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mac Os Sierra Safari Tabs 12 57
ipsec tunnel comme not up 10 73
GPG4Win and loosing file metadata on encruption. How to preserve? 4 46
Video won't play 5 48
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now