Secure local auth

From NuclearCat's homepage

Jump to: navigation, search

(c) me

I had headache with secure authorization if networking on device is dead. Here is prototype:

  • Step 1. Insert USB storage to target device that require authorization. It will mount it and search for empty file "auth.req".
  • Step 2. Generate random seed and save to auth.req. Save this seed also in RAM (option: make expiration time for it).
  • Step 3. Unplug device, plug to authorization unit (also this USB storage can be disk of cellular, in this case run J2ME/etc program that will modify this auth.req)
  • Step 4. Auth device or program will sign auth.req by personnel private key, and save signature to auth.sign
  • Step 5. Plug storage to device, device will mount and if "auth.req" is non-null, search for auth.sign. In case it is found, it will compare his own copy of auth.req, if it is same, verify auth.sign signature. If it is ok accept authorization request on console.
Retrieved from "http://www.globax.info/mediawiki/index.php/Secure_local_auth"
Personal tools