How can I access to USB stick from website?

Question

I'm planning to make a login system by USB, so if you put in a USB-drive and open a specific webpage, the website asks the USB-drive for the code (e.g. by a JavaScript file, a redirect or something like that).

The problem is, because of sandboxing, you can't load or redirect to local files. I don't know a solution for this problem. Can you guys help me? I don't need specific code, just an example or something in that way.

You're trying to re-invent client SSL certificates. Don't re-invent the wheel; use them. — SLaks, Nov 04 '13 at 22:18
Make a browser plugin, that interact with your website? As of the previous comment, while it's true that you should use what already exists, I would consider sad to stop innovation because of a single sentence. — Alexandre TryHard Leblanc, Nov 04 '13 at 22:21
Thats the problem, I don't want to put a SSL certificate on a shared computer, for example on my school. Also I rather don't want to create plugins, also because of the shared computer thing. — maxdaniel98, Nov 04 '13 at 22:35
Why do you think it is a good idea to let websites read data from your disks? There is a reason why this does not work. — stark, Nov 04 '13 at 22:50
@stark, I know, but I'd like to use that USB-drive to authenticate on a website, the only way to login then, is to use that USB-drive, some thing only I have. — maxdaniel98, Nov 04 '13 at 22:53
@maxdaniel98: I am thinking of the same thing too... i thinks its better if we do it in a form of an API, an added security feature? — , Dec 09 '13 at 02:21

score 3 · Accepted Answer · edited May 23 '17 at 11:47

Maybe you can read up on USB-HID. Wikipedia:

The USB human interface device class (USB HID class) is a part of the USB specification for computer peripherals: it specifies a device class (a type of computer hardware) for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.

Here are some references:

USB HID (Human Interface Device)
node-hid - Access USB HID devices from node.js
DepthJS: 'Allows any web page to interact with the Microsoft Kinect using Javascript'.
A related Stackoverflow question: Write data to USB HID using Javascript, HTML5, or any cross platform language (supports Android)

score 1 · Answer 2 · answered Aug 07 '15 at 13:49

One other possibility is to check out the Chrome HID (Human Interface Device) APIs:

Interacting with USB HID devices from web apps – via Chrome Apps, see below
Relevant Chrome API docs

Please note that for the time being, you cannot interact directly with the USB device (i.e. you cannot access any WebAPI offering that kind of fine-grained control).

Building a Chrome App (different from a Chrome Extension) may help; This article may point you in the right direction, since it also provides sample code.

score 0 · Answer 3 · answered Nov 13 '13 at 09:09

0

The only way I can think of is putting a html file on the usb stick that essentially generates some sort of login token and gives you a link or a form to a login processor. You can then access the webpage by opening the local file first which will redirect you to the actual webpage.

This local script may include a javascript from the server to get some challenge-response-data which it hashes somehow (perhaps in combination with a password) and puts it into the form data.

answered Nov 13 '13 at 09:09

urzeit

2,755
16
35

I tried to redirect to a USB device from a webpage, it was all blocked , because the browser is sandboxed – maxdaniel98 Nov 13 '13 at 10:38
Yes. This is why I suggested to open the local file and then redirect to the website. – urzeit Nov 13 '13 at 10:54

How can I access to USB stick from website?

3 Answers3