TM  Secure your site.  Period. TM
 
 


BrowserKey Frequently Asked Questions (FAQ)

BrowserKey Client End-Users FAQ    Web Developers and BrowserKey Server Administrators FAQ

 

BrowserKey Client End-Users (if you are visiting a web page secured using BrowserKey technology, this portion of our FAQ applies to you)

Q:  What do I need to access a web page protected by BrowserKey?

A:  The free BrowserKey Client Application installed and running, a Java-enabled Web browser (such as Microsoft Internet Explorer or Netscape Navigator) and a valid BrowserKey password (provided by the owners of the web page(s) protected by BrowserKey) are the minimum items required to access any BrowserKey protected web page.

Q:  Why is BrowserKey good for me as a web surfer?

A:  Some web-sites that are intended to be highly secure, such as online banking interfaces, require only a username and password to gain access.  If your username and password are compromised (hacked, sniffed, stolen, guessed, etc.), your account can be compromised as well.  Sites protected by BrowserKey assure that only you can access your online resources, and only from the computers you specify.

Depending on how the developer of the BrowserKey protected web page(s) setup their BrowserKey protected web page(s), you may never need to enter a username and password again to access certain BrowserKey protected pages.  You save time and can say "goodbye" to remembering complicated username and passwords when connecting to web pages protected by BrowserKey and not username/password user authentication.* 

*Some pages protected by BrowserKey still require username/password log-in depending on the developer's implementation of BrowserKey.

Q:  Is the BrowserKey Client Application really free?

A:  Yes, the BrowserKey Client Application is absolutely free.

Q:  Is installation of the BrowserKey Client Application complicated?

A:  No, you are provided with a simple setup package that does all of the work for you in a manner you may be familiar with if you install other software packages on your computer.

Q:  Is connecting to a BrowserKey protected web page complicated?

A:  Far from it.  BrowserKey allows you to connect to web pages the same way you are used to, using your favorite Java-enabled web browser such as Microsoft Internet Explorer, or Netscape Navigator.  Depending on how the owner of the BrowserKey protected web page(s) setup their authentication, you may never need to enter a username and password again to access certain BrowserKey protected pages!

Q:  Will connecting to a BrowserKey protected web page take longer than connecting to a regular web page?

A:  Downloading a BrowserKey protected web page is no different than downloading a regular web page, the content is identical (the same download size).

Q:  Will the BrowserKey Client Application slow my computer down?

A:  The BrowserKey Client Application has a very small memory footprint.  You should not notice any difference in your computers operational speed after installation of the BrowserKey Client Application.

Q:  What are the minimum requirements to run the BrowserKey Client Application and to connect to a web site protected by BrowserKey?

A:  The BrowserKey Client Application is designed to operate in a 32-bit windows environment (such as Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, or the MAC OS running a product such as Virtual PC for Mac running Windows) on a computer with at least 5 MB of free disk space, at least 16 MB of memory, a monitor, and a keyboard (a mouse helps, but is not required).  If you are connecting to an Internet web site, an Internet connection is required.  If you are connecting to an Intranet web site, an Intranet connection is required.

To connect to a web site protected by BrowserKey you will need to use a Java-capable web browser such as Microsoft Internet Explorer, or Netscape Navigator.

Don't worry, most PCs already meet the above conditions.

Q:  Does the BrowserKey Client Application contain any third-party add-on applications (spy ware, etc.) to facilitate you giving it away for free?

A:  Absolutely not, the BrowserKey Client Application setup package includes only the files required to get the BrowserKey Client Application up and running on your computer quickly and easily.

Q:  Does the BrowserKey Client Application send any of my personal information or information about my computer over the network, Internet, Intranet, etc?

AThe BrowserKey Client Application does not send out any personal information, it does not even send your BrowserKey password(s).  An ID is calculated by the BrowserKey Client Application when you connect to a BrowserKey authentication web page.  If you successfully authenticate, this ID is transmitted to the web server along with a web server application session variable that is also transmitted by your web browser (this information is usually sent by the BrowserKey Client Application only once during a browsing session, depending on the web page developer's implementation of BrowserKey).  Said ID may be on record with the web site owner, allowing the web site owner/developer to determine who is connecting to a web page at any given time.

 

Web Developers and BrowserKey Server Administrators (if you are a web developer or web server administrator who is, or wants to start, using BrowserKey technology to put a halt to costly username and password sharing and password theft on your secure web site(s), this portion of the FAQ applies to you)

Q:  How does BrowserKey protect my site?

ABrowserKey protects a website by enforcing that only specific client machines (a personal computer for instance) can connect to a BrowserKey Protected Resource. The website developer/owner controls which client machines are allowed to connect by issuing a BrowserKey Password for only those client machines that are licensed to connect to your BrowserKey Protected Resource(s). The BrowserKey Password is client machine and BrowserKey Lock specific. End-users attempting to use a BrowserKey Password on a client machine other than the client machine for which the BrowserKey Password was intended will find that the BrowserKey Password will not be accepted. The end-user will not be able to access the BrowserKey Protected Resource from the unauthorized client machine without first requesting a BrowserKey Password from the website developer/owner.  In theory, your end-users possessing only a single user license to your BrowserKey Protected Resource will only be issued one BrowserKey Password by you. Therefore, they will not have the ability to connect from more than one client machine unless they purchase another license to your BrowserKey Protected Resource from you. Our customers typically find that they begin selling more licenses to existing customers after they implement the BrowserKey system.

Q:  Does BrowserKey use cumbersome/expensive hardware dongles, real-time key generation hardware, or biometrics?

A:  No.  BrowserKey is completely software-based making it much easier to implement and maintain than other authentication systems.

Q:  Is BrowserKey just user authentication technology?

A:  No, BrowserKey is much more advanced and by itself does not make any attempt to recognize individual users.  BrowserKey authenticates based on the connecting client machine (such as a personal computer).  Because a user is usually initiating the authentication of a client machine, it is easy to think of this process as user authentication, but it is not.

Q:  What if want to use user authentication to protect my page(s) in addition to BrowserKey?

A:  User authentication technology (such as username/password authentication technology) can be used along with and in addition to BrowserKey, should the developer choose to do so.  Many developers choose to so this, but it is certainly not required.  BrowserKey provides strong authentication without the need to manage a database of usernames and passwords, one of the many advantages BrowserKey has over most user authentication systems.

Q:  What is a BrowserKey Client Key?

A:  A BrowserKey Client Key is a temporary unique identifying "key" that is automatically created and stored in the BrowserKey Client Key Storage Application after an end-user initiates a successful client machine log-in into a BrowserKey Protected Resource (simply via connecting to a BrowserKey Protected Resource via a Java-enabled PC-based web browser) .  If the same user successfully logs into the same BrowserKey Protected Resource from two discreet browser sessions* or two client machines (two personal computers for instance), two BrowserKey Client Keys are created, one for each session or client.  A BrowserKey Client Key expires sixty (60) minutes after it is created.

*different than two browser windows sharing the same web server environment session variables, where the second window is usually spawned via target="_top" or the JavaScript openWindow() function, which creates additional browser windows utilizing the same user session as the original browser window)

Q:  What is a BrowserKey Protected Resource?

A:  A BrowserKey Protected Resource is defined as any one of the following depending on your implementation of BrowserKey: 1) all website's hosted on a single web server commonly protected with the same BrowserKey Lock; 2) a web site protected with the same BrowserKey Lock; 3) a group of web pages protected with the same BrowserKey Lock; or, 4) a single web page protected with a BrowserKey Lock.

Q:  What is a BrowserKey Lock?

A:  One BrowserKey Lock (in the form of a dynamic link library (DLL) file) is provided at no additional charge to the BrowserKey Customer with each licensed copy of BrowserKey purchased.  This file is provided for ultimate automatic transfer to the BrowserKey end-user's client machine (a personal computer for instance).

Q:  What is the BrowserKey Client Key Storage Application?

A:  A program that when installed on the web server computer, stores temporary unique BrowserKey Client Keys, and responds to queries from the BrowserKey Active-X DLL.

Q:  What is the BrowserKey Active-X DLL?

A:  A file, in the form of an Active-X dynamic link library (Active-X DLL), that is leveraged to create an object within an authenticating web page (setup by the developer (free samples are available)) which serves as a communication conduit between the BrowserKey Client Key Storage Application and the developer's script / BrowserKey Protected Resource.

Q:  Is there a backup facility in the BrowserKey Client Key Storage Application to cover data loss?

A:  BrowserKey in itself does not rely on permanently storing any client machine data on the server-end, so there is no BrowserKey related data to backup.

Q:  If I choose to purchase a BrowserKey license for X maximum concurrent service users does it mean each user can log on X times or does it mean that only X people can log on at any one time?  In other words, what do you mean by "maximum number of concurrent service users?"

A:  The maximum number of concurrent service users is calculated as the maximum number of simultaneous BrowserKey Client Keys that are allowed to exist in the BrowserKey Client Key Storage Application at any given time. Only one BrowserKey Client Key is required per authenticated client per BrowserKey Protected Resource, provided one does not wish to authenticate a client more than once during a client session, which one normally would not have reason to do.  If X BrowserKey Client Keys exist in the BrowserKey Client Key Storage Application when client number X+1 attempts to authenticate, the BrowserKey system will not authenticate client number X+1, even if it is a valid client. A BrowserKey Client Key expires sixty (60) minutes after it is created, so client number X+1 must wait until the oldest Client Key expires before it can successfully authenticate.  Because client X+1 can authenticate after the oldest BrowserKey Client Key expires, it is possible to have more than X clients using a BrowserKey Protected Resource, however we recommend that you do not put your users in a position where they need to wait for other client's BrowserKey Client Keys to expire, otherwise they may become impatient.  We recommend giving yourself plenty of breathing room by purchasing a license that will cover the demands set by your users during the periods of your highest traffic.

Q:  Your licensing states that BrowserKey Client Keys expire after sixty (60) minutes, is this after sixty (60) minutes of inactivity, or is the client/user forced out after 60 minutes?

A:  Neither.  A BrowserKey Client Key expires sixty (60) minutes after it is created, regardless of the client/user's activities and are independent of session timeouts created in the web server environment.  Most developers choose to authenticate using BrowserKey only once per session -- at the beginning of the session.  If the client passes BrowserKey authentication, the developer can set a session variable within the web server environment to track the status of the client as authenticated.  Session timeout settings in the web server environment can then be adjusted to control the length of time the client's status is allowed to continue as authenticated during periods of inactivity.  If upon checking said session variable (usually the first step performed before rendering any secure page) it is found that the client does not have authenticated status (the default state), the developer will usually redirect the client browser to an access denied page or a (re-)authentication page.

Keep in mind that BrowserKey is as flexible as the developer's imagination, and that this example only represents one of the infinite number of BrowserKey configuration possibilities.

Q:  If I start by purchasing a license for X maximum concurrent service users can I increase the number of maximum concurrent service users later?

A:  Yes.  Upgrading is as simple as shutting down the BrowserKey Client Key Storage Application service on the web server, manually starting the BrowserKey Client Key Storage Application, selecting the "License Management" button, entering an updated password provided in response to an upgrade purchase, and restarting the BrowserKey Client Key Storage Application service.

Q:  What platform do the server-side components of BrowserKey run on?

A:  Currently the server-side BrowserKey components are designed to operate on 32-bit windows installations running web servers capable of tracking session variables and capable of interfacing with Active-X objects via server-side script (such as Microsoft Internet Information Server 4.0 and later).  We have future plans to develop server-side BrowserKey components supporting Linux as well.

Q:  Is setup of the end-user client machine(s) complicated?

A:  No.  Steps to setup the client machine are as simple as the following: 1) install the BrowserKey Client Application on the client machine; 2) visit the BrowserKey Protected Resource authentication page with a Java-capable web browser using the client machine (the BrowserKey Lock DLL for this BrowserKey Protected Resource is then automatically downloaded to the client machine); 3) opt to trust (or optionally permanently trust) the automatically downloaded digitally signed BrowserKey Java Applet; 4) request a BrowserKey Password (usually by clicking on the password request button on the BrowserKey Lock form that pops-up on the client machine); 5) generate/issue the BrowserKey Password for the client machine; 6) re-visit the BrowserKey authentication page with a Java-capable web browser on the client machine and enter the issued BrowserKey Password into the BrowserKey Lock form that again pops-up.

Client machine authentications subsequent to valid BrowserKey Password entry in step 6 do not require any user interaction whatsoever (provided the end-user opted to permanently trust the digitally signed BrowserKey Java Applet in step 3).

If the client machine already has the BrowserKey Client Application installed, only steps 2-6 are required to setup access to other BrowserKey Protected Resource(s).

Note that the only step that requires website owner/developer interaction is step 5, and even that can be automated by the website developer if so elected. In other words, administration/setup of client machine accounts takes very little time and effort by the website owner developer.

If the calculated client machine ID of a client machine changes for any reason (this usually only occurs when major hardware changes are made to the client machine) steps 4-6 must be re-completed.

Q:  What does an end-user requesting a BrowserKey Password involve?

A:  BrowserKey Password issuance begins with the end-user of a client machine requesting a password via a button on the client-side BrowserKey Lock registration form, or via facsimile (fax), phone, etc. To simplify and automate the fulfillment of BrowserKey Password requests, we recommend end-users utilize the button on the client-side BrowserKey Lock registration form.

If the end-user requests a password via the button on the client-side BrowserKey Lock registration form, the client machine's web browser is redirected to a URL pre-specified and created/maintained by the website owner/developer. Three parameters are appended to this URL by the BrowserKey system on the client-side: the calculated client machine ID (which generally does not change over time unless major hardware changes are made to the client machine), name (entered by end-user), and email address (entered by end-user).

The web page can then do whatever the developer sets it up to do, using the parameter value data passed in the URL. For example, one or more of the following can be done automatically via server-side web scripting: 1) email the BrowserKey Password request to the website owner/developer for manual BrowserKey Password generation; and/or, 2) add the BrowserKey Password request information to a database table (created and maintained by the website owner/developer); and/or, 3) automatically generate/email a BrowserKey Password to the website owner/developer and/or end-user.

In the case where the information (client machine ID, name, email address) is written to a database table, it is easy to track any additional information such as the date/time the BrowserKey Password was requested, web server environment session variables (such as username if you are also using username/password authentication and are tracking the username as a session variable), end-user BrowserKey Protected Resource license expiration dates (some web site owners/developers use this database table to further control access by referring to this table after BrowserKey authenticates), BrowserKey Passwords, etc. If applicable, backup of this type of data is of course encouraged, but this optionally tracked data is completely independent and nonessential to BrowserKey's core functionality (client machine authentication).

Q:  What does generating/issuing a BrowserKey Password involve?

Generation/emailing of the BrowserKey Password to the owner/developer and/or end-user is conducted either manually by the web site owner or automatically (via server-side URL redirection web scripting setup by the website developer) through a secure online interface at the BrowserKey website.

NOTE: We do not recommend the automatic generation/emailing of BrowserKey Passwords unless you have sufficient systems in place to determine that BrowserKey Password requests are coming from valid licensed end-users of your BrowserKey Protected Resource(s). This can be achieved by automatically issuing BrowserKey Passwords only to authorized end-users who have been pre-entered into a server-side database table and not allowing more than one request by this end-user by toggling a boolean field in said table after the initial request is made (using the name and email address passed in the URL (during the end-user's BrowserKey Password request step) as key fields in a SQL WHERE clause (remember that the client machine ID is in theory un known prior to the end-user requesting a BrowserKey Password, so this can't be used as a key field at this time)). Many BrowserKey administrators/customers choose to manually generate/issue BrowserKey Passwords for a more "hands-on feel" of things.

Q:  End-users are forever changing machines or using Internet cafes, libraries, etc to connect to the Internet.  How does BrowserKey handle this?

A:  Because BrowserKey is based on client machine authentication, it is intended for use on client machines owned/administered by the end-user on which they can install software. We recommend creating an intentional "backdoor" to your site that only relies on traditional web-based username and password "user authentication" (bypassing the BrowserKey system), and that you supply information relative to this "backdoor" only to end-users who require the ability to connect from random client machines that they do not own/administer.  You may wish to require that your customers/end-users purchase a special (probably more expensive) license for the right to access this "backdoor."

Q:  Do firewalls present a problem for BrowserKey?

A:  No.  BrowserKey requires that inbound TCP traffic be allowed on port 11,000 on the server running the BrowserKey Client Key Storage Application. Usually client-end firewall adjustments are not required, however if the client is behind a firewall that blocks outbound TCP traffic on port 11,000 this will need to be changed by the client-end firewall administrator.  Future free upgrades to the BrowserKey system may include the ability to run the BrowserKey Client Key Storage Application on a port number selected by the website developer/owner (in theory future versions may be run on port 80 if so elected, eliminating client-end outbound firewall issues as port 80 is typically open for outbound TCP traffic (HTTP protocol traffic)).

 

Feel free to email us with any other questions you might have.

 

 

Home | Overview | Purchase | Demo | FAQ

For more information on this revolutionary security/authentication technology please contact us.

Copyright 2000-2017 BrowserKey, Inc.  All rights reserved.  Patent Pending.  The BrowserKey name and logo are registered trademarks of BrowserKey, Inc.