Solved

Copy data from USB Token

Posted on 2013-05-10
9
2,740 Views
Last Modified: 2013-05-12
Hello,

I need to use a Token to access a website, from a gov website. I need to enter the eleven usb token to access the info and I´m affraid of loosing one of them, is there a possible solution to clone these tokens at the PC, so that´s not necessary to use the physical token?

They do not have password, only the usb token like a pen drive.

Thanks, sorry for my bad english.
0
Comment
Question by:Rodrigoferra
  • 4
  • 2
9 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155765
This sound like you are asking for a hack around security.  That would be a violation of the site terms of service, and an Expert who posted such a hack could be suspended.

If there is some legitimat reason for trying to bypass security, then you will need to give a lot mor detail about what you are doing and why you need this.

Cd&
0
 

Author Comment

by:Rodrigoferra
ID: 39155818
Yeah, it sounds like a hack, but it´s for a white solution! Wich detail can I pass to validate this question?

The certificates are mine, I just thought that virtualizing the tokens as drivers at my machine would do the job, but has no idea how to do it and if it´s possible.

The tokens have PIN, I think that this is the security....
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155848
I've posted a request to have a moderator look at the question, because I'm not sure it can be answered without posting a security bypass that would violate site rules, and I have no way to know if you are doing something to your own property, or if you are trying to hack something... no offense intended.

Cd&
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39155851
Usually, no.

Some open source tokens make it possible to extract the secret info, and others (such as RSA) allow you *if you have access to the server side data* to emulate a token in software. but most don't allow you to remove the secret data from the token, ever.

normally a token is what is called a "cryptographically secure pseudorandom number generator"- which means, there is a block of random(ish) data stored on the chip, and a real time clock, and the chip takes the clock data and the random data and hashes it a few dozen times, then takes the lowest 'n' digits of the result to display (or make available via usb)

tokens that have such numbers are of this type.

an alternative type is what is called a pkcs#15 secure pki token - this is the same as an x509 key and certificate (such as is used for https servers) but stored on a token which will allow you to download the certificate *and* upload a hash, to download a signature from that hash. Again, these will usually not allow you to access the actual key, just use it via the contact points (or usb, in those that have a direct usb port)

if you can identify the type of token, we might be able to help further, but I am not holding out much hope. These things are *designed* to not allow you access to the secret data, as doing so removes the purpose in having them.
0
 

Author Comment

by:Rodrigoferra
ID: 39156180
@DaveHowe I think you get the point, it´s a PKCS#15, they are token with digital signatures, but the system requires it to be accessed, so it´s possible to confirm username and digital certificate. These kind of token I´m using here.

If it´s not possible to extract it, I will need more USB ports in my machine to let it! I´m kind of trainee here, so I do the job that no one want to do...

@COBOLdinosaur no offense at all, I think if there is a possibility, it´s necessary to share then we can be able to avoid. The token has so many security, a USB/Card and the PIN, it´s like a credit card, you need, sometimes, the card and the password or the security code! Here in Brazil we usually need a sequence of chars to validate it.

THanks for the tips, any other information?
0
 

Author Closing Comment

by:Rodrigoferra
ID: 39156404
Defined the necessity and reply with tecnology information.
0
 

Author Comment

by:Rodrigoferra
ID: 39158847
Ok, I´m new to all this tecnology involving security, I´m working with PKCS#11 too... I don´t know where to ask for security question without being censured.

But ok, thanks! Best regard´s.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
As a business owner, there are many things that keep you up at night. Profit margins, employee retention, human resource protocols, whether your product or service will remain competitive. When you own or manage a technology company that operates la…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question