Hello Microsoft community!

I've been trying to find a method to securely communicate to HID devices from the browser directly.

To give a bit of background, I work at a user authentication/anti software piracy company that uses HID based hardware tokens, and we use activeX to call a DLL that would handle the encrypted HID communication.

The issue with: https://developer.mozilla.org/en-US/docs/Web/API/WebHID_API which looks like it would work, is that it seems like the encryption keys and other sensitive details would be exposed or even worse, modified and distributed maliciously. Using a DLL before made reverse engineering and listening to HID communication near impossible.

Is there a way to secure extensions? From the guides I've seen, extensions are interpreted zip packages of webcode? If this is the case, I think the only option we have is to compile our own browser with our own functions added to it's javascript library.... Unless someone has an idea of getting around this?

Regards!

Fujimi