Privacy on Phones - Masking
Original Publication Date: 2004-Dec-13
Included in the Prior Art Database: 2004-Dec-13
Phones, whether working on land lines or on the cellular network are used in automated answering services that are menu driven. Most of these services require a person to enter information and menu selection options. Often personal information (Social Security Number, Credit Card Number, Bank Routing and Account Number, etc.) is required to be entered for verification at the server end for particular transactions. This information can be very sensitive and susceptible to Identity Theft. Thus, to protect privacy through phone lines (land or cellular) a new technology is essential. The proposal is to devise a suitable mechanism for masking information on the display so that it cannot be accessed readily.
Privacy on Phones - Masking
The scope of this document is to illustrate the idea of masking sensitive information on the display of phones (both land line and cellular).
Phones (both land line and cellular) have no way of masking the data shown on the screen. Sometimes the data entered in the phone is not just mere phone numbers but very personal and sensitive information. This is particularly true in the case of automated answering systems used by most Banks, Credit Card Companies, etc. requiring entering password, SSN, etc. If the data is not masked it can easily be stolen by Social Engineers.
As demonstrated in the diagram (Figure 1), when information is entered into the phone there is no way of masking the information in our current phones. Banks, Credit Card Companies, etc. often use automated menu driven system where personal information needs to be entered. In the example shown here, the menu option 1 is selected followed by option 2 where a Password is entered - 1234 - followed by the Enter Code - # - and the Social Security Number - 333224444 - and # and the menu option 9. Here the information that needs to be masked is the Password and the Social Security Number. Masking is essential to avoid social engineers from obtaining vital information. Most people have a pattern for setting their password so that they can remember them. Thus, if the social engineer obtains one password other passwords for the same person would be fairly simple to decipher.
Privacy on/off button
31 32 F0 31 32 33 34 23 33 33 33 32 32 34 34 34 34 23 F1 39
The proposed solution is the introduction of a privacy or password toggle button on the phone (the red button as shown in the Figure 2). The idea of the button may be implemented in a different manner depending upon the mechanical characteristics and other function button on the phone but the functionality of the Privacy Button is what the paper proposes. When the Privacy Button is pressed, a code (Beginning of Masking Code or BoM ) is saved and the masking feature is turned on. On pressing the button a second...