MobileSitter
 
deutsch  englisch
 



Fraunhofer SIT

The Answers


With respect to the MobileSitter software

A.1) What is special about MobileSitter compared to other software for password management?
Even though other programs make use of strong cryptographic algorithms they are not resistant against dictionary attacks. In practice, hackers mainly apply the dictionary attack principle when attacking password managers. In contrast, the MobileSitter software allows users to manage their secrets resistantly against dictionary attacks.

A.2) How many secrets can be managed with MobileSitter?
The number of secrets is not limited.

A.3) Which type of information can be managed with MobileSitter?
MobileSitter allows managing secrets such as passwords, PINs, and TANs securely. It also supports i-TANs as special TAN variant. Additionally, one can store data such as logins and status information for TANs.

A.4) How many secrets have to be remembered when using MobileSitter?
One has to remember just one single secret – the master password.

A.5) What is necessary to use MobileSitter?
You need the MobileSitter software and a valid license key. Both have to be transferred to and installed on the corresponding device after acquisition.

A.6) MobileSitter software is developed for which type of computers?
The MobileSitter software has been developed for use on mobile devices such as mobile phones or PDAs. Today, these devices are permanent companions that users have their available anytime, anywhere, and in nearly any situation.

A.7) Can MobileSitter be attacked successfully with hacker tools?
MobileSitter offers such a protection that hackers cannot obtain the master password or stored secrets with todays known methods. The MobileSitter software offers protection from dictionary attacks. Today, most known attacks and hacker tools apply this class of attacks to obtain secrets that are stored with encrypting password managers. With MobileSitter, each tested master password seems to be correct for an attacking hacker or a hacker tool.

A.8) How to input data with MobileSitter?
User secrets and related data are entered via the keyboard of the mobile device, via virtual keyboard, or via touchscreen. If user data are already available in an appropriate electronic format they can be imported on the desired destination device.

A.9) Can hackers information about the correct master password when using input mode T9?
No! The MobileSitter software does not support T9.

A.10) Can unauthorized persons access stored secrets when forgetting to close MobileSitter?
No! After a short time of user inactivity, the MobileSitter software activates an auto-logout and deletes the master password from memory. Then, access to stored secrets is only possible after entering the master password again.

A.11) Is there some support when using MobileSitter on other devices?
The MobileSitter allows exporting stored secrets to be imported on another device, e.g., new device, additionally used device. Export and import are secured such that no data are exchanged in plaintext. These data that are exchanged via export and import mechanism can only be decrypted when using the correct master password.

A.12) Is authorized access still possible when device has been lost?
No problem! The software allows generation of backup copies. Of course, these backup copies are encrypted based on the MobileSitter mechanism.

A.13) Are MobileSitter licenses limited in time?
Yes! Each MobileSitter license is time-limited. If expiration date is reached, licenses can be time-extended. Limitation in time allows two main advantages for users. First, we can offer the software licences at lower prices. Users can test and evaluate the software at cheap costs. Second, as long as a user has a valid license he can obtain new versions or software variants for other platforms without additional payment. Typical users often change their mobile device which requires them using other software variants. In this case, re-acquisition is for free.

A.14) Is it possible to modify stored secrets when entering a wrong master password?
Yes, this is even necessary for security reasons even though this seems to be paradoxical! The most important protection goal of the MobileSitter software is keeping stored secrets really secret. If modification of stored data is only possible after entering a correct master password, then hackers could easily exploit this security mechanism as a feedback channel for dictionary attacks. If modifications are refused by the software, then a hacker or hacker tool knows immediately that the tested password was not correct.

A.15) How to prevent from consequences caused by data modification?
Even if MobileSitter cannot directly prevent undesired modification of stored data for security reasons, protection against consequences of modified data is possible. To do so, users should generate backup copies of the stored data by using the export and import function. In case of undesired data modification, users can work with backup copies that contain original data and restore them.

A.16) What to do if the export function cannot be carried out?
The export function writes data to a file that is stored on the device's file system. Successful generation of this file by a program requires that you have configured the permissions for your program on your device adequately. On some device (relatively frequently on devices by Nokia) the default configuration forbids writing files to programs. Forbidden file generation will lead to alerts such as "Access not allowed" or "Export was not successful". In order to allow writing files, you should set the corresponding permissions for the MobileSitter Midlet by using the configuration function of your operating system before starting the program.

A.17) Is there a timely notification about license expiration?
You will be timely notified before your license will expire. In the last month of your license, at each program start the software will show you the number of days left until license expiration. Additionally, you will also be notified about license expiration via email.


up

With respect to installation, configuration and devices

B.1) Can MobileSitter be used on each mobile device?
Using MobileSitter requires mobile devices that support Java ME and the standards, MIDP 2.0 or higher, CDLC 1.1, and JSR 75. Furthermore, the display should have at least 160 picture elements in width. More information with respect to technical requirements can be found at http://www.mobilesitter.de/en/technic.htm. Please note that there are some devices that fulfil these technical requirements but cannot carry out the MobileSitter software, e.g., due to policy reasons of the hardware manufacturer. A list of these devices can be found at http://www.mobilesitter.de/en/devices.htm.

B.2) How to find out whether my device fulfils the technical requirements for MobileSitter?
At http://www.mobilesitter.de/en/devices.htm, we provide a list of devices on which we have tested the MobileSitter software and for which we provide installation guidelines. However, MobileSitter works on much more devices than included in this list. The number of devices fulfilling the technical requirements for MobileSitter increases month by month. In case you cannot find your device in the list, please check the requirements in the documents you have obtained with your device. Another possibility is to make use of the data device manufacturer provide over the Internet. There is also information offered by independent providers (e.g., www.areamobile.de), where you can obtain technical properties of mobile devices by many manufacturers. Please note that explainations on how to check mobile devices for MobileSitter requirements can be found at http://www.mobilesitter.de/en/checkmobile.htm.

B.3) How to install and configure the MobileSitter software on a mobile phone?
The MobileSitter software (Midlet) and the license key as license file (XML format) have to be downloaded and to be transfered to the mobile device. The Midlet consists of two files: a jar and a jad file. The installation depends on the mobile device where the software should be installed. We provide some installation guidelines for several mobile devices of different manufacturers. They can be found at http://www.mobilesitter.de/en/devices.htm. Unfortunately, we cannot provide installation guidelines for all mobile devices that are available at the market since the device market is too large and too dynamic. If your device is not contained in this list, it might he helpful to use an installation guideline for a similar device of the same manufacturer. Further hints for software configuration can be found in the MobileSitter manual (see http://www.mobilesitter.de/en/documents.htm).

B.4) What to do if MobileSitter does not work properly under Windows Mobile?
The MobileSitter software should always be executable under Windows Mobile 5 & 6, if the device fulfils the technical requirements as described at http://www.mobilesitter.de/en/technic.htm. In some rare cases there may arise problems due to defective Midlet managers (e.g. not correct support of the JSR75 standard). Unfortunately, some manufacturers or providers sell their products with defective Midlet managers. If you notice that your Midlet manager is defective please install a correctly working Midlet manager. Such Midlet managers can be downloaded from the Web for free. For more informationen we refer to http://www.mobilesitter.de/install/windowsmobile5_en.htm.

B.5) What to do if MobileSitter does not react correctly upon input via keyboard?
There can be several reasons for this problem. On mobile devices that are running Windows Mobile 5 or 6 it may be caused by a defective Midlet manager. For remediation we refer to question B.4. Another reason for such problems could result from faulty key configuration after software installation. In this case, a reconfiguration is necessary by using the key reconfiguration mechanism (Menu → Options → Configure Keys) of the MobileSitter software. If the keys are misconfigured in such a way that you cannot initiate the key reconfiguration mechanism then you should uninstall the software, re-install it again, and configure keys correctly (see also the MobileSitter manual).

B.6) What to do if the font on the display is too large or small?
On most hardware platforms MobileSitter allows configuring the font size. This depends on the number of font sizes that are supported by a device platform. The font size is configured via Menu → Options &rarr Select Font (see also the MobileSitter manual).

B.7) Where to copy the license key on your mobile device?
The place where to copy your license key depends on your device (manufacturer, product). In order to find out where to copy your license key, please have a look to the installation hints at http://www.mobilesitter.de/en/devices.htm. If your device is not contained in this list, it can be helpful to look at hints for a device that is similar to yours. If you have no idea which device is similar to yours, please start the software on your device and go on to the step where the license key is configured. Please observe the name of the folder the MobileSitter offers you by default. Then cancel the configuration, stop the MobileSitter, copy your license key into this folder, start the software again and go on to configuration.

B.8) Is there a possibility to start MobileSitter more comfortably under Windows-Mobile 5 & 6?
Yes! Actually, MobileSitter is started via the Midlet Manager. However, there are possibilities to define shortcuts that allow starting the MobileSitter much more comfortably, e.g., via software key or via entry in the application menu. A description on how to define such shortcuts can be found at http://www.mobilesitter.de/install/windows-mobile-link_en.htm.


up

With respect to the MobileSitter online shop

C.1) What to do when the license key has expired?
In case of license expiration it is necessary that the license key is time-extended, i.e., the new license key must have the same license ID as the old license key.

C.2) Where to time-extend the MobileSitter license?
The license should be time-extended at same place where you have acquired your initial license key, i.e., if you have acquired your initial license at the MobileSitter shop it must also be time-extended at the MobileSitter shop.

C.3) How to react to the security alert concerning the server certificate when entering the shop?
If the issuer certificate of our shop server certificate is not contained in your list of trusted issuers, your browser will show you a security alert message. In order to get more information on how to react to this message, please look at http://www.mobilesitter.de/en/securitynoteIE7.htm.

C.4) How to log-in to the online shop?
It was our intention not to deploy a further login / password mechanism in our online shop since we did not want to make the ubiquitous password dilemma even worse even if offering a password manager. In order to log-in to the online shop after successful registration you should really enter (1) your email address which you have already used while registering and (2) your customer ID or one of license IDs. As far as these data are correct, the online shop will immediately send an email with an access code as one-time password to the address given in the previous step. Please note that each access code is only accepted once, i.e. you must request a new access code each time you want to log-in.

C.5) What is your advantage of the MobileSitter license model?
We are convinced that our license model is much fairer than license models of other software providers with no license expiration and with one single payment. However, when comparing the license models one should consider the dynamics and the technical heterogeneity of the mobile device market. Many software products that are acquired for a specific platform cannot be used anymore when they should be deployed on a different platform, e.g., your future mobile phone. Thus, customers that have acquired a new mobile device are often forced to buy the software again in a variant that is specific for their new platform. So it is possible that even in license models with only one payment customers pay more in the long term. Unfortunately, many users do not think about the compatibility of their software when selecting a new mobile device. There are examples of people that have obtained a new PDA 3 months after they had acquired a platform-specific software. These users had to buy the software again for a price considerably higher than a one-year license. With our license model, this is completely different. Every customer owning a valid license can download other software variants for its new mobile device from our shop server without additional costs. The same customer can also download new versions (e.g., Version 1.1, 1.2,...) of our software without any supplementary payment and use it with its valid license key. The following reasons summarize the advantages of our model:

C.6) How to pay in the online shop?
If you like acquiring a rather small number of software licenses (less than 100) you should order the licenses via the MobileSitter online shop and use the online payment system PayPal. For acquisition of such small numbers of software licenses no other payment method can be accepted. PayPal has the additional advantage that payment-relevant data, such as credit card numbers, are not revealed to the seller. If you like acquiring a rather large number of software licenses (more than 100) you should contact directly employees at the Fraunhofer Institute SIT and order the licenses without using the MobileSitter shop. Then, there are also other possibilities for payment.

C.7) What to do when the handing-over from the online shop to PayPal does not work well?
After you have finished your order in the MobileSitter shop, the shop platform passes you on to the PayPal payment service. There, after logging-in PayPal should show you some data which are relevant for your payment, e.g., the amount to be paid. In some cases, it occurs that PayPal does not show you these data. This happens if your Internet browser does not hand-over these data to PayPal when you are contacting PayPal. There could be several reasons for this kind of browser behaviour. The problems of improper redirection to PayPal can result from browser configuration or from certain browser extensions you have installed. In such a case, it might be helpful to modify your browser configuration or to use another browser temporarily.


up

With respect to license extensions

D.1) How to notice that a license should be extended?
The MobileSitter-Shop will keep you informed via email about the license expiration lying ahead already many weeks before expiration. Furthermore, the MobileSitter software will present you with the remaining number of days until expiration within the last month of the license period each time the software is started. When the license has expired the software informs users about the expiration. Then, for further use the license should be extended.

D.2) Are there any disadvantages if licenses are extended early?
An early license extension has no disadvantage for users, since early extension does imply neither loss of effective license time nor double payment for a license period. If a new license key is generated the remaining time of the old license is added to the licence duration of the new license.

D.3) Is there something special to be considered when acquiring a license extension?
If a license expires and if one decides to extend the license then it is important to choose license extension in the MobileSitter-Shop and not to request a new license. If a license is extended, the extended license contains the same license ID as the expiring license. Otherwise, if requesting a new license this license will obtain a new license ID which implies that you cannot decrypt anymore entered under the old license ID.

D.4) What to do after having acquired a license extension?
First off all, we recommend to backup the data managed with MobileSitter by using the export function of the software and by transfering the export file in another storage. (for more information we refer to the manual).

Download the zipped license key to your computer and unpack the zip file. Then, transfer the unpacked file containing the license key to your mobile device and replace the old file with the new file. Now you can start the software. After having started it the software will read the extended license key automatically. More information on license extension are provided in the manual that can be found here http://www.mobilesitter.de/downloads/mobilesitter-manual-eng-quer.pdf (Section 28, pp. 95).

New installation of the software is not required in case of a licence extension. Please pay attention that the new installation of the software may lead to data loss if you have not generated a backup before by using the export function.


up
 
Contact | Imprint, Disclaimer & Linking Policy