Browse Prior Art Database

A Fast, Simple Encoding Algorithm for Preventing Visual Theft of Private Information Such as Passwords

IP.com Disclosure Number: IPCOM000016139D
Original Publication Date: 2002-Jul-31
Included in the Prior Art Database: 2003-Jun-21
Document File: 2 page(s) / 44K

Publishing Venue

IBM

Abstract

Private information, such as passwords, often has to be stored in files on servers. For example, a database password may have to be stored in a file that is accessed by a Web application running in a Web Application Server such as WebSphere. The security of the file is maintained by assigning suitable operating system level access control. However, developers often have to edit these files, causing their contents to be visible in the editor. This exposes the private information to visual theft by nearby people. This invention prevents visual theft by using an encoding algorithm that makes the private information extremely difficult to memorize. The encoding algorithm is both fast and simple. The speed of the algorithm is linear with the size of the private information. The algorithm is simple in that it does not depend on complex cryptography libraries or key management schemes. The following example illustrates the use of the algorithm. Consider the following standard Java properties file which contains a password: initialContextFactory=

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

  A Fast, Simple Encoding Algorithm for Preventing Visual Theft of Private Information Such as Passwords

   Private information, such as passwords, often has to be stored in files on servers. For example, a database password may have to be stored in a file that is accessed by a Web application running in a Web Application Server such as WebSphere. The security of the file is maintained by assigning suitable operating system level access control. However, developers often have to edit these files, causing their contents to be visible in the editor. This exposes the private information to visual theft by nearby people.

This invention prevents visual theft by using an encoding algorithm that makes the private information extremely difficult to memorize. The encoding algorithm is both fast and simple. The speed of the algorithm is linear with the size of the private information. The algorithm is simple in that it does not depend on complex cryptography libraries or key management schemes. The following example illustrates the use of the algorithm.

Consider the following standard Java properties file which contains a password:

initialContextFactory=
datasourceJNDI=
dbDriver=COM.ibm.db2.jdbc.app.DB2Driver
dbURL=jdbc:db2:sales_db
userID=alibaba
password=sesame
namespaceTable=namespacetable.nst
autoReload=true
reloadIntervalSeconds=5

The password, "sesame" is clearly visible and easily stolen by any nearby observer. The encoding algorithm is applied to this file yielding:

#Thu Dec 06 14:28:00 EST 2001
namespaceTable=namespacetable.nst
reloadIntervalSeconds=5
dbDriver=COM.ibm.db2.jdbc.app.DB2Driver
dbURL=jdbc\:db2\:sales_db
password=encoded\:AQADAgUEBAcKCQoLDAkODxQVEhMUFR4XCBkKGxwdPj8AAQIDZGVmZ2hpKiss
LS4v
datasourceJNDI=
initialContextFactory=
userID=alibaba
autoReload=true

Now the password appears as a long, random-looking sequence of characters which is virtually impossible to memorize. The decoding algorithm can be applied to this, recovering the original password:

#Thu Dec 06 14:28:17 EST 2001
namespaceTable=namespacetable.nst
reloadIntervalSeconds=5
dbDriver=COM.ibm.db2.jdbc.app.DB2Driver
dbURL=jdbc\:db2\:sales_db
password=sesame
datasourceJNDI=
initialContextFactory=
userID=alibaba
autoReload=true

The e...