Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Copy data from USB Token

Posted on 2013-05-10
9
Medium Priority
?
3,693 Views
Last Modified: 2013-05-12
Hello,

I need to use a Token to access a website, from a gov website. I need to enter the eleven usb token to access the info and I´m affraid of loosing one of them, is there a possible solution to clone these tokens at the PC, so that´s not necessary to use the physical token?

They do not have password, only the usb token like a pen drive.

Thanks, sorry for my bad english.
0
Comment
Question by:Rodrigoferra
  • 4
  • 2
9 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155765
This sound like you are asking for a hack around security.  That would be a violation of the site terms of service, and an Expert who posted such a hack could be suspended.

If there is some legitimat reason for trying to bypass security, then you will need to give a lot mor detail about what you are doing and why you need this.

Cd&
0
 

Author Comment

by:Rodrigoferra
ID: 39155818
Yeah, it sounds like a hack, but it´s for a white solution! Wich detail can I pass to validate this question?

The certificates are mine, I just thought that virtualizing the tokens as drivers at my machine would do the job, but has no idea how to do it and if it´s possible.

The tokens have PIN, I think that this is the security....
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155848
I've posted a request to have a moderator look at the question, because I'm not sure it can be answered without posting a security bypass that would violate site rules, and I have no way to know if you are doing something to your own property, or if you are trying to hack something... no offense intended.

Cd&
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39155851
Usually, no.

Some open source tokens make it possible to extract the secret info, and others (such as RSA) allow you *if you have access to the server side data* to emulate a token in software. but most don't allow you to remove the secret data from the token, ever.

normally a token is what is called a "cryptographically secure pseudorandom number generator"- which means, there is a block of random(ish) data stored on the chip, and a real time clock, and the chip takes the clock data and the random data and hashes it a few dozen times, then takes the lowest 'n' digits of the result to display (or make available via usb)

tokens that have such numbers are of this type.

an alternative type is what is called a pkcs#15 secure pki token - this is the same as an x509 key and certificate (such as is used for https servers) but stored on a token which will allow you to download the certificate *and* upload a hash, to download a signature from that hash. Again, these will usually not allow you to access the actual key, just use it via the contact points (or usb, in those that have a direct usb port)

if you can identify the type of token, we might be able to help further, but I am not holding out much hope. These things are *designed* to not allow you access to the secret data, as doing so removes the purpose in having them.
0
 

Author Comment

by:Rodrigoferra
ID: 39156180
@DaveHowe I think you get the point, it´s a PKCS#15, they are token with digital signatures, but the system requires it to be accessed, so it´s possible to confirm username and digital certificate. These kind of token I´m using here.

If it´s not possible to extract it, I will need more USB ports in my machine to let it! I´m kind of trainee here, so I do the job that no one want to do...

@COBOLdinosaur no offense at all, I think if there is a possibility, it´s necessary to share then we can be able to avoid. The token has so many security, a USB/Card and the PIN, it´s like a credit card, you need, sometimes, the card and the password or the security code! Here in Brazil we usually need a sequence of chars to validate it.

THanks for the tips, any other information?
0
 

Author Closing Comment

by:Rodrigoferra
ID: 39156404
Defined the necessity and reply with tecnology information.
0
 

Author Comment

by:Rodrigoferra
ID: 39158847
Ok, I´m new to all this tecnology involving security, I´m working with PKCS#11 too... I don´t know where to ask for security question without being censured.

But ok, thanks! Best regard´s.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question