Smartcard reader access from a web browser?

jlnme picture jlnme · Jul 19, 2011 · Viewed 34.1k times · Source

Is it possible to access a smartcard reader connected to a computer from a web browser running on the same machine, i.e. from an ActionScript, JavaScript or whatsoever script running therein?

For example, I read something about the flash.external.ExternalInterface class in ActionScript. Can it be used for accessing a smartcard reader or is the Sandbox impenetrable?

Answer

Glenn S picture Glenn S · Jan 9, 2012

Q: is it possible to access smartcard reader connected to a computer from a web browser running on the same machine?

A: Yes, it is possible. I was able to do that by using a signed JAVA applet. The java applet needs to be signed since it will require user to grant permission to access system files/hardware(same as letting an applet write/edit/delete a text file for you).

Why java? the smart card reader I used already has a JAVA API, it also have examples on accessing it using java. But the examples are coded in swing. (like a standalone desktop application) What I did is simply porting the java swing code to applet on a browser. I successfully used this applet to make a login and log out on a website/webapp by requiring smart cards, username and password. Pretty secure I would say.

The source code? As much as I would like to share it, but I'm bound on a company contract to not share the code. Just find a sample smart card access using java and just port it to applet(for web)

I hope this helps