Is it possible to access a smartcard reader connected to a computer from a web browser running on the same machine, i.e. from an ActionScript, JavaScript or whatsoever script running therein?
For example, I read something about the flash.external.ExternalInterface
class in ActionScript. Can it be used for accessing a smartcard reader or is the Sandbox impenetrable?
Q: is it possible to access smartcard reader connected to a computer from a web browser running on the same machine?
A: Yes, it is possible. I was able to do that by using a signed JAVA applet. The java applet needs to be signed since it will require user to grant permission to access system files/hardware(same as letting an applet write/edit/delete a text file for you).
Why java? the smart card reader I used already has a JAVA API, it also have examples on accessing it using java. But the examples are coded in swing. (like a standalone desktop application) What I did is simply porting the java swing code to applet on a browser. I successfully used this applet to make a login and log out on a website/webapp by requiring smart cards, username and password. Pretty secure I would say.
The source code? As much as I would like to share it, but I'm bound on a company contract to not share the code. Just find a sample smart card access using java and just port it to applet(for web)
I hope this helps