Looking for system/device authentication solution for web app

Hi,

I'm looking for viable solutions to authenticate the client in a web
application. Think something slightly stronger than required to
prevent the unwashed masses from tampering with a web poll.

Certificates have been ruled out, as have hardware tokens, primarily
for both implementation and deployment costs.

I have found a specific product that seems to fit the bill, but am
looking for similar alternatives:

http://www.sandfordtechnology.com/default.asp?page=PositiveI D

It appears to push an ActiveX control down to the client that
essentially 'fingerprints' aspects of the machine, computes a string
from that fingerprint and authenticates the system with a derivative
thereof (hashed/encrypted/etc). I like the fact that it is entirely
software based, the IE requirement isn't a problem in this circumstance
(well, it is, but you know what i mean). I'm actually just concerned
about vendor viability (never heard of these guys, web site is a little
broken, etc) and am looking for options.

Rolling our own is an option, any suggestsions there would be
appreciated as well.

Thanks for any help you can provide!!!

Bob

Re: Looking for system/device authentication solution for web app

bobrich@gmail.com wrote:
> I'm looking for viable solutions to authenticate the client in a web
> application. Think something slightly stronger than required to
> prevent the unwashed masses from tampering with a web poll.
> Certificates have been ruled out, as have hardware tokens, primarily
> for both implementation and deployment costs.

Then passwords are left.

> It appears to push an ActiveX control down to the client

Very bad idea for the owner of the client.

Yours,
VB.
--
> was ist wenn $BACKUPSERVER und $PRODUKTIVSERVER in einem Gebäude, Stockwerk
> oder Serverraum stehen und die Löschanlage (Fehlfunktion oder Brandfall)
> die komplette IT zerstört
Murphy meets Darwin. (Timm Thiemann zu Thomas Wildgruber in d.a.s.r)

Re: Looking for system/device authentication solution for web app

Rereading my post, i realized that what i'm attempting to do isn't very
clearly stated.

When i say client, i mean the actual machine. The goal is to implement
a solution that will identify which machine a user is coming from. The
user will be logging in with a userid and password, but we want to
detect if the user is coming from a known system (has specific software
packages installed, has been 'registered') or from home/unknown system.

It's not for security as much as it is for presenting options to a user
that wouldn't work/make sense outside the context of the 'known' system.

Re: Looking for system/device authentication solution for web app

wrote in message
news:1139491447.317185.233040@g44g2000cwa.googlegroups.com.. .
> Rereading my post, i realized that what i'm attempting to do isn't very
> clearly stated.
>
> When i say client, i mean the actual machine. The goal is to implement
> a solution that will identify which machine a user is coming from. The
> user will be logging in with a userid and password, but we want to
> detect if the user is coming from a known system (has specific software
> packages installed, has been 'registered') or from home/unknown system.
>
> It's not for security as much as it is for presenting options to a user
> that wouldn't work/make sense outside the context of the 'known' system.
>
You might look into Intel's TPM module. It will permit the development of
per=machine
authentication. If you are not worried about hackers, you could also use
IPSEC to establish
communications. That would do the trick as well.

Since the web is designed for "stateless" communication, you will have to do
something special to fish out the credentials for a machine, pass them to a
server, and then "verify them".
Ed