On Fri December 26 2008, Edward Diener wrote: > > By 'dongle' do you mean a hardware 'dongle'. If it is a software dongle > you need to spell out for me what you mean. >
There are a lot of devices being marketed for this purpose, but as an example that it needs to be neither complicated programming or an expensive solution: http://pdfserv.maxim-ic.com/en/an/app190.pdf The basics (no insult intended): Your client (or your application, on the client's behalf) generates a public/private key pair - The public part goes through the certification request process (with your server) that you are familiar with - The private part is never seen other than on the client machine during generation - The private part (or the key to its protective encryption) is stored in one (or more) of those shirt button devices. Once written and locked, short of peeling the silicon a few microns at a time under an electron microscope - it isn't ever going to be read. Some makes/models even have the stored data AES-256 encrypted, so even if peeled... The client can record _their_ private part in as many devices as they desire - and now they have a physical "thing" that any business knows how to protect from loss. Businesses well know how to protect something they can touch. I am not trying to push a specific product, only giving an example, even that one manufacturer makes a selection of products. Bottom line - you might be adding $20-$50 per "button" the client wants to have - you ship them blank - their software driver can write and lock them once the client has their private part ready. Note: There are laptops and desktops made that already read these 1-wire devices, or a USB based reader can be added to existing machines. Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
