Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Privacy on Phones - Masking

IP.com Disclosure Number: IPCOM000033518D
Original Publication Date: 2004-Dec-13
Included in the Prior Art Database: 2004-Dec-13
Document File: 3 page(s) / 144K

Publishing Venue

IBM

Abstract

Phones, whether working on land lines or on the cellular network are used in automated answering services that are menu driven. Most of these services require a person to enter information and menu selection options. Often personal information (Social Security Number, Credit Card Number, Bank Routing and Account Number, etc.) is required to be entered for verification at the server end for particular transactions. This information can be very sensitive and susceptible to Identity Theft. Thus, to protect privacy through phone lines (land or cellular) a new technology is essential. The proposal is to devise a suitable mechanism for masking information on the display so that it cannot be accessed readily.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 3

Privacy on Phones - Masking

Scope:

The scope of this document is to illustrate the idea of masking sensitive information on the display of phones (both land line and cellular).

Problem Statement:

Phones (both land line and cellular) have no way of masking the data shown on the screen. Sometimes the data entered in the phone is not just mere phone numbers but very personal and sensitive information. This is particularly true in the case of automated answering systems used by most Banks, Credit Card Companies, etc. requiring entering password, SSN, etc. If the data is not masked it can easily be stolen by Social Engineers.

Unmasked information

As demonstrated in the diagram (Figure 1), when information is entered into the phone there is no way of masking the information in our current phones. Banks, Credit Card Companies, etc. often use automated menu driven system where personal information needs to be entered. In the example shown here, the menu option 1 is selected followed by option 2 where a Password is entered - 1234 - followed by the Enter Code - # - and the Social Security Number - 333224444 - and # and the menu option 9. Here the information that needs to be masked is the Password and the Social Security Number. Masking is essential to avoid social engineers from obtaining vital information. Most people have a pattern for setting their password so that they can remember them. Thus, if the social engineer obtains one password other passwords for the same person would be fairly simple to decipher.

1

[This page contains 1 picture or other non-text object]

Page 2 of 3

Solution:

Privacy on/off button

12********* *****9

Cell phone

31 32 F0 31 32 33 34 23 33 33 33 32 32 34 34 34 34 23 F1 39

The proposed solution is the introduction of a privacy or password toggle button on the phone (the red button as shown in the Figure 2). The idea of the button may be implemented in a different manner depending upon the mechanical characteristics and other function button on the phone but the functionality of the Privacy Button is what the paper proposes. When the Privacy Button is pressed, a code (Beginning of Masking Code or BoM ) is saved and the masking feature is turned on. On pressing the button a second...