6

I'm planning to make a login system by USB, so if you put in a USB-drive and open a specific webpage, the website asks the USB-drive for the code (e.g. by a JavaScript file, a redirect or something like that).

The problem is, because of sandboxing, you can't load or redirect to local files. I don't know a solution for this problem. Can you guys help me? I don't need specific code, just an example or something in that way.

Amir
  • 1,328
  • 2
  • 13
  • 27
maxdaniel98
  • 6,623
  • 6
  • 19
  • 21
  • 4
    You're trying to re-invent client SSL certificates. Don't re-invent the wheel; use them. – SLaks Nov 04 '13 at 22:18
  • 4
    Make a browser plugin, that interact with your website? As of the previous comment, while it's true that you should use what already exists, I would consider sad to stop innovation because of a single sentence. – Alexandre TryHard Leblanc Nov 04 '13 at 22:21
  • Thats the problem, I don't want to put a SSL certificate on a shared computer, for example on my school. Also I rather don't want to create plugins, also because of the shared computer thing. – maxdaniel98 Nov 04 '13 at 22:35
  • Why do you think it is a good idea to let websites read data from your disks? There is a reason why this does not work. – stark Nov 04 '13 at 22:50
  • @stark, I know, but I'd like to use that USB-drive to authenticate on a website, the only way to login then, is to use that USB-drive, some thing only I have. – maxdaniel98 Nov 04 '13 at 22:53
  • @maxdaniel98: I am thinking of the same thing too... i thinks its better if we do it in a form of an API, an added security feature? –  Dec 09 '13 at 02:21

5 Answers5

3

Maybe you can read up on USB-HID. Wikipedia:

The USB human interface device class (USB HID class) is a part of the USB specification for computer peripherals: it specifies a device class (a type of computer hardware) for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.

Here are some references:

Community
  • 1
  • 1
sigma
  • 44
  • 1
1

One other possibility is to check out the Chrome HID (Human Interface Device) APIs:

Please note that for the time being, you cannot interact directly with the USB device (i.e. you cannot access any WebAPI offering that kind of fine-grained control).

Building a Chrome App (different from a Chrome Extension) may help; This article may point you in the right direction, since it also provides sample code.

Dr1Ku
  • 2,875
  • 3
  • 47
  • 56
0

The only way I can think of is putting a html file on the usb stick that essentially generates some sort of login token and gives you a link or a form to a login processor. You can then access the webpage by opening the local file first which will redirect you to the actual webpage.

This local script may include a javascript from the server to get some challenge-response-data which it hashes somehow (perhaps in combination with a password) and puts it into the form data.

urzeit
  • 2,863
  • 20
  • 36
0

Web PKI authentication from Modern Browsers may be achieved by using Browser Extension. One such extension is Signer.Digital browser extension. Use below Javascript promises from the APIs provided by Signer.Digital extension.

SignerDigital.getSelectedCertificate() to register user's certificate

SignerDigital.signHash(hash) to sign token at browser and verify at server

For all Javascript APIs refer to SO Answer https://stackoverflow.com/a/63173083/9659885

Bharat Vasant
  • 850
  • 3
  • 12
  • 46
0

Disclaimer : I work for a company supporting the application below

Hello, you may try to use Nexu open-source application for communication with smartcards or USB tokens. It also support PKCS 12 keystores. For example, the application is connected to the DSS webpage on the website of European Commission : see the link.

bsanchezb
  • 88
  • 8