The card reader should have some driver documentation on how to access the data... you'd most likely have to write this in C++. If you're lucky, the manufacturers may have a command-line interface program to get at the data, or some dlls... so you might be able to get away with VB or Java... but not PHP. Wrong tool for this job.
If you really want security, store a public-private key pair on the card. Write the client program to read and send the public key to the server. Dont worry, you can send it cleartext... Then on the server side, use this public key and a large random number to encrypt it. Send the cyphertext back to the client. If the client is who he says he is, he should be able to decrypt the text, and send back to you the original random number. If the number sent back aint the right one, he's a liar. Bingo! Pretty good authentication over clear text channels, and you never have to show anybody your private key. You can still use IPSec and SSH if you're really paranoid, tho... -- Brian 'Bex' Huff [EMAIL PROTECTED] Phone: 952-903-2023 Fax: 952-829-5424 -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
