Dalam membangun aplikasi terutama untuk public consume, security memang mesti no 1 terutama security dalam serial number. Memang banyak cara dan metode dalam membangun security mulai dari software hingga hardware. Security hardware mungkin saat ini yang “lebih aman” karena memang metode ini dibuat seakan-akan aplikasi “tight couple” terhadap hardware tersebut. Sebagai wacana saja, mungkin bisa menggunakan iKey yang berbentuk USB. Didalam tersimpan token security dalam hardware. Algoritma sendiri menggunakan PKI dan MD5. Berikut ini bentuk dari iKey 1000
Deskripsi singkat tentang product ini adalah:
The iKey 1000 token consists of a Microprocessor with a USB controller and memory all within a device small enough to store on your key chain. The iKey 1000 series provides highly reliable storage capabilities as shown below.
The USB controller is USB 1.1/2.0 compliant device that acts similar to a smartcard reader and smartcard. The iKey 1000 also has support within the microprocessor firmware to perform on-board MD5 hashing.
The storage within the iKey 1000 token is organized into directories and files. Access to files can be controlled through the use of the PIN-based access control security functions. The iKey 1000 security system provides for two levels; the end-user and the Enterprise Security Officer. An end-user can be authorized to perform sensitive functions in the iKey 1000 via PIN or pass phrase authentication. A Security Officer may also be authenticated to the token with a separate PIN or pass phrase to perform sensitive operations, such as initializing an end-user’s PIN.
One other such sensitive operation is initialization of PKI functionality on the iKey 1000 token. In the Windows version, it is a function of the Security Officer to decide whether to dedicate some of the overall iKey 1000 memory for exclusive use by PKI functionality embodied in the iKey 1000 series software libraries.
When enabled, the PKI libraries divide the dedicated memory into two areas. One area is for public storage where digital certificates, public keys, cookies, and other unprotected data can be stored. The second storage area is for private storage of shared secrets and private keys. This private area has authenticated secure access and the data is held in encrypted form.
All PKI functions are performed within a Security Module embedded within the iKey 1000 series Windows Client software. When operations involving secure private objects are required, then the Security Module retrieves the necessary private keys from the iKey 1000 token after first meeting the authentication requirements with a user PIN.
The iKey 1000 series software and token can perform variety of other cryptographic algorithms in addition to RSA, including: DES in ECB and CBC modes, DES, 3DES, RC2, RC4, and RC5.
Well, product hardware ini juga sudah masuk ke indonesia. Anda bisa mencarinya di Mangga dua ataupun di Roxy Mas -jakarta. kalau mau lebih detailnya coba masuk ke sini http://www.safenet-inc.com
Berbicara tentang hardware, saya mendapat kesempatan untuk membangun aplikasi education dari company yang ada di Australia, I bring my DMC Server. Clientnya sendiri menginginkan security seperti diatas. Seperti dalam portal Safenet tersebut, token security memungkin kita menggunakan .NET or any programming language. Saya sendiri rencananya akan membangun aplikasi edukasi menggunakan VC++ 8.0. Dari segi cost project memang gak besar-besar amat...tapi challenge ini yang membuat saya untuk datang dan eksekusi bahkan langsung saya door dengan VC++