File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Client-cert authentication: how to prevent the client copy the cert to other pc Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Client-cert authentication: how to prevent the client copy the cert to other pc" Watch "Client-cert authentication: how to prevent the client copy the cert to other pc" New topic
Author

Client-cert authentication: how to prevent the client copy the cert to other pc

Yi Meng
Ranch Hand

Joined: May 07, 2003
Posts: 270
Hi,

I intend to distribute my rich client application with a client cert so that they can subsequently connect to the server using client-cert authentication and then authorization...

The app is supposed/licensed to run from only one computer, but i also don't want to have an installation key kinda stuff. So I would like to ensure this by only allowing connection from one computer per cert.

Naturally, or ideally, the best would be that i store the client's MAC address when it makes first connection to the server and subsequently deny access from any other MAC addresses for this cert. But i suppose i have no way to get the client's MAC.

So, anyone got a suggestion? thanks


Meng Yi
Yi Meng
Ranch Hand

Joined: May 07, 2003
Posts: 270
ok, let me phrase it in another way, my questions are:

1. how to store the client cert securely on client's pc?

2. how to detect if the client cert has been copied to another pc?
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
> ... But i suppose i have no way to get the client's MAC.

http://java.sun.com/javase/6/docs/api/java/net/NetworkInterface.html#getHardwareAddress()


Nice to meet you.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Client-cert authentication: how to prevent the client copy the cert to other pc