Restrict access to audio device under Windows XP-8 to specific application/user
I have written an c# 4.0 application that analyses the microphone input and records DTMF tones that represent credit card numbers entered by our clients. This all works well, but since we are working under PCI Compliance (see www.pcisecuritystandards.org), we don't want to allow the logged in user (call centre staff) to listen or even record the microphone input so that they then can parse the credit card numbers on their own with a 3rd party app or their phones. So the question I have is:
- How can I restrict the microphone input to a specific application so that it can't be heard or recorded somewhere else?
If there is no solution to this, the 2nd question arises:
- How can I restrict the microphone input to a specific user so that it can't be heard or recorded somewhere else (I could run the software as a Windows service under specific user credentials)?
Kind regards, JB
The main way to restrict access to device is setting of Security Descriptor on the device. So granting of the permission for specific user group is the way in which you should go.
The exact implementation for Windows XP could be different from later versions of Windows. Windows 8 have new possibilities too. Audio Mixer APIs can be used in Windows XP. Starting with Vista Windows Multimedia Device (MMDevice) API can be used. MMDevice API's implementation of the property store. You can use IPropertyStore::SetValue and IPropertyStore::Commit to change properties. Unified Device Property Model are introduced starting with Windows Vista. There are different Windows API which uses internally SetupAPI to access to devices and to set it's properties (see here). I think that you should set PKEY_Device_SecuritySDS property to secure device. One can use old APIs like SetupDiSetDeviceRegistryProperty and SetupDiSetClassRegistryProperty to set the properties on Windows XP (see here).
If I start on my computer devmgmt.msc and examine default property of microphone device then I can see Security Descriptor
What you need is to change it so that only specific user groups (or users) access it.
There are PKEY_Device_SecuritySDS and PKEY_Device_Security properties which can be change by SetupDiSetDeviceProperty and SPDRP_SECURITY_SDS or SPDRP_SECURITY (see here). Usage of SDS parameters (PKEY_Device_SecuritySDS or SPDRP_SECURITY_SDS) could be easier because there use readable Security Descriptor Definition Language (SDDL).
After you change security descriptor on the device you need use SetupDiSetClassInstallParams and SetupDiCallClassInstaller with DIF_PROPERTYCHANGE and DICS_PROPCHANGE to reset the device. You can find the code example in the source code of devcon utility on WinDDK. Alternatively you can use CM_Disable_DevNode and CM_Enable_DevNode to restart it with new properties.
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Determine libraries to link against for a windows library function?
- Passing macro values to arm linker that places variable at a specific location
- running a program with wildcards as arguments
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
- Counting pulses using a swiss flow meter with an Arduino, how is it done?
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- How can I initialize all members of an array to the same value?
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Confused by difference between expression inside if and expression outside if
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?