Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:28 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Jan 26, 2010 8:15 pm 
Offline

Joined: Tue Jan 26, 2010 7:56 pm
Posts: 1
Hi,

I have a client who is interested in buying Yubikeys but he is already using a USB software lock on his software (they are software providers with 2000 customers) and wonders if it's possible to use yubikey as a software lock (dongle) as well. They fetch a security code from inside the usb lock, so down to my questions:

Is it possible to do the same with yubikey?
As I understand, OTPs are generated when you push the button, but can it be generated in other way, i.e by a software command? If not, can we fetch static password?

This would be a great solution to use yubikey both as it is (user authentication) and as software lock.

If this is not possible today, is it something Yubico can plan for?

I appreciate your answers.

Cheers.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Jan 27, 2010 12:11 am 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Assuming that I got you correctly, you're actually preempting some features that "are in the oven" at present. Among some other things :)

We will provide support for a static identity that can be read via the USB descriptors, where each Yubikey will be serialized with a unique number. This number will then reflect the serial number that is present on the sticker. For anyone who would prefer a more "anonymous" mode, this serial number can be hidden. We will however ensure that all devices are serialized at time of manufacturing.

Maybe this simple function would be sufficient for the application you're calling for ? By simply using standard OS API calls, the serial number can then be read and used as a very basic identification means for a particular user. It probably goes without saying that this number can be spoofed, someone can make a fake Yubikey with the same number, a hook in the driver chain could mimic a genuine Yubikey etc.

As an alternative, we'll provide support for challenge-response via API calls. This is a configurable option on a per configuration slot basis so anyone who don't want the feature can turn it off. This allows a client application to pro grammatically interact with the Yubikey, which is useful in certain configurations.

As the question has been brought up, we're planning to test out the functionality with some selected customers. Please let me know if you have a particular application in mind and would like to participate. Please send me an e-mail at jakob at yubico dot com and give a short description of the use case and we'll provide a sample key with sample code when we have it available for beta testing.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group