>It seems that any physical storage of the key, be it registry, USB dongle, hard drive serial, etc., will always be susceptible to theft / intercept for use in decrypting the credit card numbers.

Yes, I can see that this is theoretically true.

So if I accept that 100% secure is unreachable, I'm still interested in making the system more secure. Many people can see the database files and the EXE file. I think we can make the key file much less visable. That way even if someone copies the data files and the EXE file, it would not occur to them to copy the key file because they wouldn't know it exists.

What I would like in this regard is to give the FoxPro program greater rights (once it was executing) than the user who started the program. Any suggestions here would be appreciated.

The dongle idea is interesting though. I should look into that. The dongle would go on the server which is in a secure room. That solves the problem of a failed disk drive.

Modern dongle technology usually makes use of a computer’s Universal Serial Bus (USB) port, plugging in just like a portable flash drive or other small USB device. Rather than simply checking for the presence of a piece of hardware, the software may send an encrypted request to the dongle for a validation key, which is also encrypted. This means that in order to crack the dongle, one must first crack the encryption. An even more secure form stores encrypted bits of the software on the dongle itself, which the program then calls for when it needs them. This means that even if one were to fool the software into thinking the dongle were present, the software would literally be unable to run, since it would be missing key parts of its code.
http://www.wisegeek.com/what-is-a-dongle.htm

>I would think the only way to accomplish this would be to prompt the user for the key on a per session basis... that way it never gets stored anywhere (except memory which has it's own risks).

Hmmm.... Actually I should consider this further. Only managers can decrypt credit cards so there is a liminted number of persons who would need to know that password. Even the password would still be only part of the key. The password plus the data without a decrypted EXE file would be useless. If I add the dongle, the thief then needs, the data files, the EXE, the password, and a read-out of the dongle. Beginning to sound quite secure. I imagine only the IT director could accomplish all of that.

Another idea: store the encrypted data in a separate directory that only managers have rights to.

I should go to SQL data storage also. That's on the list.


>http://www.bizzntech.com/2008/02/24/freeze-memory-chips-steal-encrypted-data

Inteeresting.


>How about a fingerprint reader?

I do like the idea of biometric security but I'm not particularly worried about in-house security. I think I have that covered. It's the possibility of someone copying the system and taking it to a remote computer where the data could be decrypted that I'm trying to guard against.

Peter