Use of dallas keys / ibuttons

[octopusgarden]

We have a bespoke epos system developed in house running on desktop pc's. At the moment users authenticate themselves by typing in a 4 digit pin number. We would like to use something like dallas keys (ibuttons) to do this instead. My question is what's to stop someone simply opening up notepad and pressing the dallas key to the reader to get the 16 digit sequence? Or into another text field of the epos system. My understanding is that it just provides a stream of characters just like a keyboard. Anyone had any experience with these?

 

[FreelanceSoftwareDeveloper]

I have some experience with these although in a very different environment.

You need to determine what your real requirement is, if it is security then you should retain some form of PIN, the ibutton just gives an identity therefore anyone could pick it up and use it.

Reading the ID isn't really a problem as the length of the ID is not feasible to memorise or manually enter on a regular basis (if you allow a manual override at all). The ID is not programmable so they can't be cloned without using your own electronics

 

[octopusgarden]

It is mainly for security. We had an instance recently where a junior member of staff found out the 4 digit pin of a supervisor (who has greater privileges when logged in) by looking over his shoulder when he typed it in once. He was then logging in as the supervisor and covering his tracks when stealing cash.

So I thought an ibutton attached to a bracelet around their wrist or on a retractable cord on their belt or something would be a better solution.

Thinking about it, it's probably not a problem if they can read the sequence of characters in notepad or something, as they should only be able to read their own.

 

[FreelanceSoftwareDeveloper]

In that scenario then you do get some security by the fact you need the actual device to log in but at the same time lose any security if the device is lost/taken.

You could use both but then you are also making it harder for the person to do their job.

 

[octopusgarden]

Thanks ChannelCommerce. Do you have any recommendations for buying ibutton readers - preferably with USB interface. It seems there are loads of places selling the ibuttons but the readers are harder to source.

 

[FreelanceSoftwareDeveloper]

I can't help with the readers. It isn't a specific product I have used but my experience is more with the contact button technology in a military environment so very different.

 

[andrew.sanders]

Have you considered using biometrics (i.e. fingerprint recognition) for user access.

 

[TotallySport]

not sure you if this is any good:

http://www.thebarcodewarehouse.co.u...der,-kbw,-cool-black-kitst-a10-btnk-qm-r.aspx

you'd need to ring them up to find out if they work, but they do all seem to be linked to the touchscreen monitors directly.

 

[Atilla]

Have you considered using biometrics (i.e. fingerprint recognition) for user access.

Waste of time and money.

 

[Claton]

The problem first raised here was that of security of the Dallas key system. One of the problems with PC based EPOS is that PC's are open systems and reading I/O devices and manipulating files which store sales data is not always too big a problem for someone who knows a bit about PC files (and there are more and more of them). If you were using a proprietory or EPROM based EPOS these are closed systems and you cannot manipulate files and the Dallas key is completly secure, therefore a secure alternative.

 

[einbachsystems]

The problem first raised here was that of security of the Dallas key system. One of the problems with PC based EPOS is that PC's are open systems and reading I/O devices and manipulating files which store sales data is not always too big a problem for someone who knows a bit about PC files (and there are more and more of them). If you were using a proprietory or EPROM based EPOS these are closed systems and you cannot manipulate files and the Dallas key is completly secure, therefore a secure alternative.

Claton is correct. PC based systems can have advantages but if you want that level of security then you really need a ROM based system. I work for an EPOS company and I can help you find a new system that will do everything you need it to and offer unrivalled security and reliability. ROM based systems also have no moving parts inside (eg. fans and hard drives). They really are the way forward. PM me if you are intrested. Our company has offices nationwide.