开发者

How can I use a USB key to secure my application?

开发者 https://www.devze.com 2023-01-13 15:57 出处:网络
Is using a USB key to secure an application the best option? If it isn\'t, what is the best way to secure an application in the form of requiring a valid user before the application can be us开发者_运

Is using a USB key to secure an application the best option? If it isn't, what is the best way to secure an application in the form of requiring a valid user before the application can be us开发者_运维知识库ed?

The reason I ask this question is that a client recently asked me to make an application require a specific USB device be inserted into the system before the app can be used or run. Basically, the application is a medical software and the client sees this method of security more trusted, as the app contains sensitive data of his paients. In that case of loss, I can tell the user how to generate another security key using the app in command line mode.


Not necessarily an answer to the question, but a point to be considered in response to the question and comments so far...

A USB key by itself is not going to be more secure than password-based authentication. It's still one-factor, it can be lost/stolen/etc. What the client probably actually wants, and either doesn't know it or hasn't properly articulated it, is multi-factor authentication. Consider these:

  1. Something you know (a password, answer to a question, etc.)
  2. Something you have (a USB key, time-limited key generating fob, etc.)
  3. Something you are (finger print, retina scan, etc.)

Most systems use only the first one. For added security, you add the second one. For Mission: Impossible style high-clearance security, throw in the third one. The idea is that any one factor can be forged, but adding new factors adds new dimensions of security which exponentially make it more difficult (rather than linearly more difficult when just replacing one factor with a "better" factor).


Your application could require a certificate, signed by you, to be present on a regular USB memory stick. The certificate could be locked with a password, that the user would have to enter. Certificates on stolen or lost thumbdrives could be revoked.

For a less homebrew solution, I'm sure there are commercial smart card based services you could use.

0

精彩评论

暂无评论...
验证码 换一张
取 消