Help with protecting sensitive extensions

Copper Contributor

Hello Microsoft community!


I've been trying to find a method to securely communicate to HID devices from the browser directly.


To give a bit of background, I work at a user authentication/anti software piracy company that uses HID based hardware tokens, and we use activeX to call a DLL that would handle the encrypted HID communication.


The issue with: which looks like it would work, is that it seems like the encryption keys and other sensitive details would be exposed or even worse, modified and distributed maliciously. Using a DLL before made reverse engineering and listening to HID communication near impossible.


Is there a way to secure extensions? From the guides I've seen, extensions are interpreted zip packages of webcode? If this is the case, I think the only option we have is to compile our own browser with our own functions added to it's javascript library.... Unless someone has an idea of getting around this?





0 Replies