MobileSitter
 
deutsch  englisch
 



Fraunhofer SIT

The Product

The Dilemma

The large and constantly increasing number of secret codes people have to remember these days causes big problems in practice. Many of them have arrived at a place where they cannot remember all their secret codes like their passwords and PINs without additional tools. Many individuals, who for various reasons would like to get by without special technological tools and write down their secret codes on a piece of paper or select, for reasons such as ease of use, the same password for different applications, often do not realize the problems their actions pose for the security issue.


Safe Keeping with One Secret Only

The MobileSitter enables users to administrate their secret codes like passwords, PINs and TANs safely on mobile end devices (e.g. mobile phones). A user can thus access this information at any time and anywhere, at the computer in the office, at home or at the ec-card terminal. With the MobileSitter the user only has to remember one single password – the master password. All other secret codes are stored safely.


nach oben

The Ingenuity of the MobileSitter

When a mobile phone ends up in the wrong hands and the unauthorized user tries to access the securely stored secret codes by repeatedly testing different master passwords – manually or by using high-capacity computers and hacker tools – the MobileSitter behaves differently than other password management products. Other products check the master password that was entered for its correctness and return the result of this check to the user (e.g. “entered master password incorrect”). The MobileSitter on the other hand will accept any master password and calculate from this entry the respective secret code. An unauthorized user, however, cannot determine immediately if the secret code returned by the MobileSitter is the correct one or not. On principle the MobileSitter will only return those decryption results that meet the rules for generating the secret codes, e.g. using exclusively digits for PINs or following specific password rules.

This means that whenever a hacker enters a password, the MobileSitter will always return decryption results that look to the hacker as if they were the actual secret codes. If the hacker wants to see whether the decrypted result really is the secret code he has no other choice than to enter the decrypted result into the respective application (e. g. money machine, ec-card terminal, logins, e-mail), which will reject the entry when it is incorrect.


nach oben

Benefits for the User

Because there is practically no limit to the number of possible master passwords, the hacker has not really gained anything, even though he may have illegally gotten access to a mobile phone with the MobileSitter on it. Even if the master password chosen by the user is listed in the hacker tools, a hacker will not be able to recognize that the user is using a weak master password. Using the MobileSitter to manage the secret codes does not reduce the overall security level for the user, which is not the case with many other tools.

The MobileSitter allows the rightful user to realize immediately when the master password entry is correct. The MobileSitter will display a master password dependent feedback on the user interface which the user will recognize immediately when he has entered the password correctly. This information, however, is not of any help to a hacker.


nach oben

Other Features

The following gives a short overview of the other MobileSitter features:


nach oben
 
Contact | Imprint, Disclaimer & Linking Policy