Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Copy data from USB Token

Posted on 2013-05-10
9
Medium Priority
?
3,914 Views
Last Modified: 2013-05-12
Hello,

I need to use a Token to access a website, from a gov website. I need to enter the eleven usb token to access the info and I´m affraid of loosing one of them, is there a possible solution to clone these tokens at the PC, so that´s not necessary to use the physical token?

They do not have password, only the usb token like a pen drive.

Thanks, sorry for my bad english.
0
Comment
Question by:Rodrigoferra
  • 4
  • 2
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155765
This sound like you are asking for a hack around security.  That would be a violation of the site terms of service, and an Expert who posted such a hack could be suspended.

If there is some legitimat reason for trying to bypass security, then you will need to give a lot mor detail about what you are doing and why you need this.

Cd&
0
 

Author Comment

by:Rodrigoferra
ID: 39155818
Yeah, it sounds like a hack, but it´s for a white solution! Wich detail can I pass to validate this question?

The certificates are mine, I just thought that virtualizing the tokens as drivers at my machine would do the job, but has no idea how to do it and if it´s possible.

The tokens have PIN, I think that this is the security....
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39155848
I've posted a request to have a moderator look at the question, because I'm not sure it can be answered without posting a security bypass that would violate site rules, and I have no way to know if you are doing something to your own property, or if you are trying to hack something... no offense intended.

Cd&
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39155851
Usually, no.

Some open source tokens make it possible to extract the secret info, and others (such as RSA) allow you *if you have access to the server side data* to emulate a token in software. but most don't allow you to remove the secret data from the token, ever.

normally a token is what is called a "cryptographically secure pseudorandom number generator"- which means, there is a block of random(ish) data stored on the chip, and a real time clock, and the chip takes the clock data and the random data and hashes it a few dozen times, then takes the lowest 'n' digits of the result to display (or make available via usb)

tokens that have such numbers are of this type.

an alternative type is what is called a pkcs#15 secure pki token - this is the same as an x509 key and certificate (such as is used for https servers) but stored on a token which will allow you to download the certificate *and* upload a hash, to download a signature from that hash. Again, these will usually not allow you to access the actual key, just use it via the contact points (or usb, in those that have a direct usb port)

if you can identify the type of token, we might be able to help further, but I am not holding out much hope. These things are *designed* to not allow you access to the secret data, as doing so removes the purpose in having them.
0
 

Author Comment

by:Rodrigoferra
ID: 39156180
@DaveHowe I think you get the point, it´s a PKCS#15, they are token with digital signatures, but the system requires it to be accessed, so it´s possible to confirm username and digital certificate. These kind of token I´m using here.

If it´s not possible to extract it, I will need more USB ports in my machine to let it! I´m kind of trainee here, so I do the job that no one want to do...

@COBOLdinosaur no offense at all, I think if there is a possibility, it´s necessary to share then we can be able to avoid. The token has so many security, a USB/Card and the PIN, it´s like a credit card, you need, sometimes, the card and the password or the security code! Here in Brazil we usually need a sequence of chars to validate it.

THanks for the tips, any other information?
0
 

Author Closing Comment

by:Rodrigoferra
ID: 39156404
Defined the necessity and reply with tecnology information.
0
 

Author Comment

by:Rodrigoferra
ID: 39158847
Ok, I´m new to all this tecnology involving security, I´m working with PKCS#11 too... I don´t know where to ask for security question without being censured.

But ok, thanks! Best regard´s.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question