WebApp Sec mailing list archives
Re: Smart card proposal
From: Rogan Dawes <discard () dawes za net>
Date: Tue, 25 Jan 2005 11:51:11 +0100
Richard M. Smith wrote:
Hi Mary Ann, What kind of Windows driver does a USB key token need? At least with USB flash disks, most Windows systems built in the last 5 years have a driver for USB flash disks. Also would a Web site talk to the device? Perhaps with an ActiveX control?
As mentioned previously, the USB crypto tokens are very different to a USB flash disk. At this point, I don't think that Windows comes with drivers for any crypto tokens.
The big problem with USB devices is the dang USB sockets on many computers is on their backsides and access is difficult. I just tested USB flash disk usability during a recent vacation in Argentina. I tried out about 20 different computers in Internet cafes, it was a pain to get to all the USB sockets. There is some hope. Newer systems are coming with front-side USB sockets which should become more common since USB flash disk are replacing floppy disks.
Yip, this is a problem.
USB devices are pretty easy to forget also. Can a USB key token only be left in a machine for only the 5 to 10 seconds that it takes to do an authorization and not for the entire banking session?
I guess it would depend on how the application (and the browser) has been written. Personally, I'd would associate someone withdrawing the USB token or smart card from the slot as an indicator that they have finished doing their banking.
If there are no driver issues with a USB key token, maybe it's the best way to go.
Sorry, no go here.
Richard
Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Re: Smart card proposal, (continued)
- Re: Smart card proposal Hugo Fortier (Jan 24)
- RE: Smart card proposal Michael Silk (Jan 24)
- Re: Smart card proposal Rogan Dawes (Jan 24)
- Re: Smart card proposal Rishi Pande (Jan 24)
- Re: Smart card proposal Rogan Dawes (Jan 24)
- Re: Smart card proposal Hugo Fortier (Jan 24)
- Re: Smart card proposal Rogan Dawes (Jan 27)
- Re: Smart card proposal Rogan Dawes (Jan 24)
- Re: Smart card proposal Hugo Fortier (Jan 24)
- RE: Smart card proposal Richard M. Smith (Jan 24)
- Re: Smart card proposal Rogan Dawes (Jan 27)
- RE: Smart card proposal Richard M. Smith (Jan 27)
- Re: Smart card proposal DE Gustafson (Jan 27)
- Re: Smart card proposal Koh Gim Leng (Jan 28)
- RE: Smart card proposal Lyal Collins (Jan 28)