OA19308A - Ultrasafe login. - Google Patents

Abstract

Our names in physical and real world have transformed into 'username's in virtual digital world. Anything that we need to access in digital world asks us for a 'username', which can be user selected (like an e-mail address) or provided to a user (like an employee ID / Number). This 'username' has indeed become a SuperName, giving access to restricted areas, based on privileges, links to other services as well. So, to a cybercriminal, if a 'username' is known, more than half the job is done. And once corresponding password is cracked, the whole digital identity lies threadbare. Damages done through transactions of such unauthorized access may get quantified, but dent to privacy is far more damaging. UltraSafe endeavors to highlight this glaring gap and has devised innovative functional and technical methods to plug this gap. Sole objective of UltraSafe is to begin security from the very first step, i.e. the login screen by modifying the 'username' in innovative ways that become impossible for a bystander to see and understand or to significantly increase the difficulty level for guessing it correct. UltraSafe stealth attribute is need based and can be accessed or removed depending on user preference, especially in public places. Let's view it as a large gathering of people for any purpose, may be working together a well, but not shouting or publicizing names (their names), but only when needed.

Description

FIELD OF INVENTION

[1] UltraSafe is an inventive step in field of Cyber Security wherein the 'username' is accorded stealth or similar protection while being entered in the 'username' field of a login screen.

[2] UltraSafe is an inventive step in field of Cyber Security wherein even the 'password' is accorded stealth or protection similar to the Username field as described in detail, without any compromise on functionality or détérioration of desired services or results.

[3] It is well known that basic and primary method of restricting access to a system is through a set of 'username' and password, wherein a password may be common for multiple users, but the 'username' is designed to be unique. Uniqueness of 'username' is diligently checked prior to even allocation, clearly highlighting importance of its purpose.

[4] UltraSafe transforms the entry of 'username' in 'username' field in innovative ways to make it impossible for any bystander to read or decipher. Drawing from the perfect analogy of 'Lock and Key', the inventive step in UltraSafe is to hide the lock itself in a way that an attacker sees place for a lock but never be able to identify any of its aspects.

[5] UltraSafe and ail its variants do not compromise on user convenience and user is able to switch off the stealth / scramble feature or see the real values being entered.

BACKGROUND OF INVENTION WITH REGARD TO DRAWBACKS ASSOCIATED WITH KNOWN ART

[6] A set of lock and key symbolizes basic, visible security. In digital world, a 'set' of 'username' ( u/n ) and password ( pwd ) deliver similar resuit. Akin to a key, passwords are designed to be kept secret and akin to a lock, 'username' continues to lie in the open - currently.

[7] In real and physical world, thieves and burglars target the lock first - not the Key. They will work to break the lock altogether or generate a key that opens the lock. Even in Virtual and digital world, a cyber thief would target a known 'username' and then work to generate its corresponding key to enter the username' - password' restricted area.

Page 1 of15

[8] On one hand, the lock or 'username' gives a feeling of secure access, on the other hand it raises curiosity, intrigue and fascination on what is being protected, prompting a possible attempt to break-in.

[9] This holds true even for those who, with no intention or purpose of a theft / intrusion, wish to déclaré an achievement, show an expertise or expose a vulnerability.

[10] Even with security paraphernalia like fencing or manually guarding a premise, thieves strike. Similarly, even with additional security paraphernalia like firewalls, SSL, encryption etc., cyberthieves strike and gain entry through compromised username's - password'.

[11] To further add to misery, a convenience feature - AutoFill, allows previously filled data to be not just retained, but is clearly visible at the click of mouse button or as and when you start entering anything in requisite place.

[12] Even by using the popular Virtual keyboard that shuffles alphabets randomly, there isn't an increase in security levels. One may be able to secure ( to some extent), keypresses from data intercepting spyware, but is of no use against prying eyes. Shoulder surfing / surveillance is often the first step of cybercriminals against a potential victim. Target is not the person per se, but the 'username'.

[13] Ironically, in digital world, even cutting - edge technologies for security measures like firewalls, SSLs, DSCs, Tokens etc. hâve a human being as a user / administrator. And, to configure any of these measures, it ail starts with a 'username'.

[14] So, the 'Lock' is out in the open and for anyone to pick on - physical lock or 'username'. Such digital footprints are fully ignored fearing user restrictions or inconvenience.

[15] By ensuring that 'username' gets accorded seriousness and secretiveness of levels similar to passwords, a significant number of attacks or potential attacks can thus be reduced.

[16] Yet, no amount of security ( physical or digital ) is ever enough. It is a continuous marathon tussle between defenders and attackers. Prudence demands to continuously provide / upgrade cybersecurity measures and always be a leap ahead of attackers - before they catch up again. The loser obviously loses a lot more than just valuables.

OBJECT OF INVENTION

Page 2 of 15

[17] The object of UltraSafe Login invention is the humble 'username' which is always visible to anyone and everyone and becomes a starting point for hacking, but security around the same is completely ignored. A simple account when hacked, opens possibilities of serious damage at a later stage. Hence, to increase security, accounts being used need to be secured further and UltraSafe aims to exactly achieve it through innovative methods without compromising on user convenience.

[18] Forensics often point out that accounts get compromised due to password ( s ) becoming known ( by any means ), actually, it is a 'set' of 'username' and password and not just passwords. Security aspects are continuously focused on passwords, which are mere keys to the lock. Endeavor is thus to equally secure the 'username', rather than just password.

[19] UltraSafe Login is also particularly useful for Remote Administration Consoles, wherein a user logs in to the console of a remote machine, accesses a restricted area / application secured by a 'username' and password, but is completely oblivious of any watchful eyes.

[20] Object of UltraSafe Login invention is also to accord similar level of security ( as being discussed in detail for the username field ) for the 'password' field as well, bringing both at par and exponentially increasing the difficulty level for hackers / crackers / attackers.

STATEMENT OF INVENTION

[21] UltraSafe Login is transforming the onscreen 'username' in a way making it impossible for a bystander to read or understand, thereby significantly decreasing possibilities of account hacking, at the same time not compromising on user convenience.

[22] UltraSafe Login is also the transformation of the password field by bringing both username and password fields at par in terms of security defined for either.

SUMMARY OF INVENTION

[23] The inventive step allows users themselves, or service providers to choose one of the methods of letting their users, enter their 'username' in a manner that makes it meaningless to any bystander. At the same time, the said 'username' could be viewed in 'normal' mode as if the chosen security feature ( s ) weren't applied when the user hovers a mouse over the 'username' field or by clicking on the view button given alongside the UltraSafe 'username' field.

Page 3 of15

[24] The said 'username' transformation may be based on one or more attributes like language, stealth, obscure, garble, rearrangement etc. and is easily reconverted into the mode understood by the user as shown in the examples in detailed description.

DETAILED DESCRIPTION

[25] It is well known that numerous IT applications ( hereafter referred as 'Application' and referring to any technology-based interface, accessed on IT devices like computers, servers, mobile devices etc. or through a web browser for websites or as a local installation or a remote installation etc. ) deploy numerous security safeguards to ensure authorized access.

[26] The most common method is to allow access through a 'Login' Screen, wherein users enter a 'username' and a 'Password'. It is assumed that password would be kept secured / secret / safeguarded by the holder / provider / manager etc., of the said 'username'.

[27] Such 'username' and 'Password' are entered / typed / echoed on this 'Login' screen in text boxes or when prompted to enter a secured area / résumé a locked out session / ad-hoc user validation check etc.

[28] Both 'username' and Password are required to get matched against corresponding entries as stored in database. Incorrectness in any or mismatch between the 'username' & 'Password' as a singular set will resuit in a failed attempt to Login.

[29] UltraSafe Login is a simple method wherein the 'username' field in a login screen reflects a modified onscreen output, based on the method chosen by the user and / or system configuration, post which it does not remain the readily readable 'username' entered by user.

[30] UltraSafe Login also has an optional stealth mode, wherein the 'username' even if entered continues to be shown as blank / non-modifiable field / same color as the background to give an impression of no entries having been made

[31] In a few UltraSafe variants, the entries made by the user are displayed in a modified manner by using a cipher for each character entered by the user.

[32] User can, if this option is so configured, optionally click on 'view' button, available next to UltraSafe 'username' field and view the entry made.

Page 4 of15

[33] User can, if this option is so configured, optionally hover the mouse pointer over UltraSafe 'username' field and view the entry made.

[34] If, user chooses to not to click on the view button or do a mouse pointer hover over the UltraSafe 'username' field, but is confident that the 'username' entry made is correct, clicks on login or similar button to proceed, the UltraSafe based system so configured would treat the entry without préjudice and modification and return the resuit as 'invalid 'username if it was entered incorrectly or allow access if it was indeed entered correctly. This is based on assumption and premise that the corresponding password so entered was also correct and was not the cause of error / denied access.

[35] Though, enhancing security of the username is being professed in this invention, particularly comparing username field security to existing security available for the password field, UltraSafe Login's objective is to secure the overall login process and the same can be achieved best only if both username and password fields hâve optimal UltraSafe login security. However, this is not a limiting factor and parity in security level is optional.

[36] Giving below one of the forms ( obfuscation ) of the UltraSafe Login for clearer understanding ::

[37] A typical login screen is shown below ::

Username : ? Password

Forgot password?

Figure 1 :: A General Login Screen

[38] In a general login screen, password is usually obfuscated while 'username' is not.

[39] Numerous methods are known to 'crack' passwords. With advancements in technology and a desire to unhide the hidden, numerous software are available to 'crack' passwords. Such actions allow unauthorized access once the said password is 'cracked'. Underlying problem with this method is that a password is mapped to the said 'username' and once password is identified, 'cracker' or attacker enters the known se;t of 'username' and password in designated location and gains access.

Page 5 of 15

[40] Ail this happens since the ïisername' is known.

[41] By hiding / obfuscating the 'username' as well, UltraSafe makes the task of hackers / crackers almost impossible, since the hackers / crackers now do not even know what to lock to break !.

[42] To use an analogy of username' and Password' as 'Lock and Key', 'UltraSafe Login' ensures that even the 'Lock' is also not known to anyone even if its 'Key' becomes known.

[43] So, UltraSafe créâtes a conundrum for the hackers / crackers in terms of what to crack first and how... since the key cannot be created as the lock is not known and lock cannot be created even if key is known. So, effectively, the crackers do not know what to crack ?

[44] At the same time, 'UltraSafe Login' does not provide any inconvenience to the Users, since a bonafide or an authorized user would be aware of his / her 'username'. Thus, in a public place or place of work, Users can choose to hide their 'username' also from prying eyes.

[45] In case, the User does feel the need to see the entered 'username', existing technologies of showing / viewing the obfuscated data is applied to the 'username' field also, ensuring the User to view / correct the entered 'username'.

[46] Additionally, a convenient, simple to use 'UltraSafe Login' Toggle Switch is also provided that allows Users to switch off this voluntary feature. So, Users can switch off the 'UltraSafe Login' at home or in private areas where no one can see what is being entered.

[47] The following figures show the simple 'UltraSafe Login' ::

UltraSafe Login :: off CW OH

Username & .

Password g

Forgot password?

Figure 2 :: An UltraSafe Login Screen ( UltraSafe is switched Off )

Page 6 of 15 testuser

Sign la

UltraSafe Login :: OFF (^-¾ OM

Forgot password?

Figure 3 :: 'username' when entered, can be seen easily, password is obfuscated ( UltraSafe is switched Off )

Username

UltraSafe Login:: OPE gg J otl & ®>

Password

Forgot password?

Figure 4 :: View buttons appearfor both 'username' and Password ( UltraSafe is switched On )

UltraSafe Légion OFF j ON

Figure 5 :: 'username' appears obfuscated, when entered ( UltraSafe is switched On )

UltraSafe LogînnOFF Ô~] ON

testuser

Password

Stgp In

Forgot password?

Figure 6 :: Obfuscated 'username' can be seen only by clicking on the View Button ( UltraSafe is switched On )

UltraSafe Logîn :: off j ow & ·»

Forgot password?

Figure 7 :: Obfuscated Password can be seen only by clicking on the View Button ( UltraSafe is switched On )

Page 7 of15

UltraSafe Login :: 0?» Si i ON

A ®

SignM

Forgot password?

Figure 8 :: Obfuscated 'username' / Password cannot be seen if not dicked on the view button ( UltraSafe is switched On )

[48] As can be clearly seen, the UltraSafe Login, without compromising on user convenience or desired functionality, not only completely secures the username, but also completely defines the privacy aspects as desired by every user.

[49] An additional example of UltraSafe Login is using a smart cipher for Username and Password that could also be set by the users themselves.

[50] To explain this simply, let's assume that a user has the following set of credentials for logging into a System ::

[51] Username :: Gaurav

[52] Password :: Sharma

[53] The configured cipher for this System converts this set as follows ::

[54] Username :: Ultra

[55] Password :: Safe

[56] So, now whenever the said user would enter the username as shown in [51], the smart cipher will convert it into [54] and similarly, when the password is entered as shown in [52], the smart cipher displays the text as [55]. It needs to be noted that simple English text has been used for explanation and UltraSafe Login is not limited to this alone and different ciphers could be deployed by users and System designers.

[57] This would happen every time and each time, assuring the user that if such strings ae displayed, the entries made are correct and the so configured System shall allow requested access.

Page 8 of15

[58]

[59]

[60]

[61]

However, to an attacker this would seem to be a walk in the park, but any such misdemeanor would never get executed.

In a further enhancement, the users should be allowed to chose their own ciphering mechanism once they hâve logged in to a system, with or without UltraSafe, in a way that they can easily memorize the ciphered details. In such a case, once the user enters the actual username and password and clicks out ofthe designated field area, if the username and passwords entered are correct, the ciphered string would be displayed. If the ciphered string is not displayed / is incorrect, the user can undertake required corrections. Thus, even before clicking on the login / proceed button, the users get to know if the details entered by them are correct or not.

The most interesting aspect for this example is that once an attacker attempts to log on to the restricted access area, the available security apparatus can easily track the same. Thus, not only undesired intrusion is prevented or trapped at that point of time, necessary flagging could be undertaken to mark such prospective threat for future.

UltraSafe Ciphered Output can also be applied to other critical details that a user sees or enters in an application or any such stored detail or to a mathematical output obtained by a formula ( e ). Such information could be profile details or financial details or any other detail ( but not restricted to the following examples alone ) ::

a. First Name

b. Last Name

c. Full Name

d. Address

e. E-Mail ID

f. Communication Numbers ( Landline / Mobile / Fax etc )

g. Date fields ( Of Birth / Issuance / Expiry / Term etc )

h. Maiden Names

i. Identity testing Questions or formula ( e )

j. PINs ( Personal Identification Numbers ) used for ATMs or similar

k. Account Numbers ( ID / Registration / Loyalty / Charge / Débit / Crédit Card ( including CW ) / Bank / Loan / Insurance etc )

I· OTPs ( One Time Password or Passphrase ) or PINs used for online or offline transactions >1 The ciphered / non-ciphered output of UltraSafe protected fields ( including login details and / or profile detail and / or mathematical output ( s ) and / or combination of one or

Page 9 of15 more such details, any or ail of which may be stored previously or are being entered in real time ) may further be stored electronically in a database in an encrypted manner through another algorithm and encryption. This ensures that such details are visible in a compréhensible manner, but still unusable, to even database or application administrators or such managers.

[63]UltraSafe Reverse allows the users, who are aware of their UltraSafe ciphered output for their defined fields, to share the said output to another person who is then able to choose the said reversing cipher to decipher the encrypted details and only then view the said protected fields.

a. For example, today a service provider, be it a bank or a cellular company or gas company or electricity company or fuel company or anyone in a transactional relationship with the said user through their organization is able to simply input a customer id or account number or a similar identifier and is able to see ail details, necessary or unnecessary, profile details or transactional history, etc, which is a clear breach of privacy and deemed necessary or unavoidable or consequential or.

b. Taking the same example of UltraSafe Ciphered Output shown earlier, UltraSafe Reverse allows user to share the ciphered output 'Ultra' ( [541 ) with the intended person, who then after choosing the available correct reversing cipher gets to see the output as 'Gaurav' ( [51] )

c. This can further be utilized in manual entry of a unique ciphered output of a unique card number and other associated required details in a POS / Swipe / similar card reading machine instead of using the said magnetic stripe, since these outputs are known only to the said user.

d. This may additionally be secured by use of standard multi-factor authentication processes

[641 UltraSafe Total is a combination cipher and / or ciphered output of individual un-ciphered or ciphered outputs of a particular data string that may correspond to defined structured fields to allow further simplified usage of UltraSafe, for a one time usage or repeat usage as defined by the user

a. For example, a card with ail relevant information may get condensed into a single cipher, that may be consolidation of Card Number, Card Hôlder, Issuer, Date Of Expiry, CW Number etc. Once this condensed cipher is entered, ail relevant details are sent to the Card issuer who could further secure the transaction with MultiFactor authentication processes such as OTPs

Page 10 of 15

[65]Standalone usage of UltraSafe or in combination with other UltraSafe variants, ail critical information could actually be stored in an encrypted form. UltraSafe Match is another variant of UltraSafe wherein the ciphered output of transactional details gets matched between entries done by the user with that of similar ciphered output stored during issuance or first storage or génération of such details, which may also be in real-time.

a. For example, online payment processes require the users to enter their Crédit Card Number along with Name of the Card Hôlder, Date of Expiration and CW Number ( Not restricted alone to these information areas )

b. UltraSafe would provide a ciphered output ( based on the applicable selected cipher ) that is seen by the User, while the details are actually obfuscated. Once the user is satisfied that the entered details are indeed correct, s/he similarly provides other details.

c. These details too are obfuscated and UltraSafe protected, transmitted to the card issuer in an encrypted form, where it is further matched with the stored output ( same as that of the actual pre-ciphered details and as seen on Card by the User ). The transaction is allowed to pass through or blocked depending on the successful match of the said two entries,

d. Ail this while, the actual details never form part of any transport and are available securely with the User and Card Issuer

e. This also allows manual entry of a card number and other required details in a POS / Swipe / similar card reading machine instead of using the said magnetic stripe which can be easily cloned in today's world,

f. This methodology is different from the standard practice of storing and matching passwords as at both ends ciphered output is being used rather than encryption of details being entered and matching with the encryption of stored values, Further, simply changing the UltraSafe cipher would resuit in different outputs at both ends.

[66]UltraSafe is not just standard encryption-decryption, but a true end-to-end identity or details' security mechanism which involves users first, lets users remain the owners, lets users initiate and secures Receivers as well in case of UltraSafe Reverse, UltraSafe Match, UltraSafe Total ( individually or a combination of one or more variants )

a. For example a Frequent Flyer seeking help from a helpdesk need not disclose / let the helpdesk know his / her details, rather focus on the help being sought as defined per process

b. For example, a bank may simply send an OTP to its customer as and when any employée tries to access customer details, whether through the UltraSafe output ( any variant ) or otherwise, to stop any unauthorized access of Customer details by users who may be ex/internal to the bank

Page 11 of 15

c. For example, a mobile phone company helpdesk need not see customer details once the same are UltraSafe protected and provide required services as requested. Currently, the mobile phone company itself has no due if they are indeed talking to the real user or someone masquerading as one by using a cloned SIM card

Claims (10)

1. UltraSafe Login method comprising the 'username' field in a login screen reflects a modified onscreen output, based on the method chosen by the user and / or system configuration, post which it does not remain the readily readable 'username' entered by user.

2. UltraSafe Login method as claimed in claim 1, wherein has an optional stealth mode, wherein the 'username' even if entered continues to be shown as blank / nonmodifiable field / same color as the background to give an impression of no entries having been made

3. UltraSafe Login method as claimed in claim 1, wherein the entries made by the user are displayed in a modified manner by using a cipher for each character entered by the user.

4. UltraSafe Login method as claimed in claim 1, wherein User can, optionally click on 'view' button, available next to UltraSafe 'username' field and view the entry made.

5. UltraSafe Login method as claimed in claim 1, wherein User can, optionally hover the mouse pointer over UltraSafe 'username' field and view the entry made.

6. UltraSafe Login method comprising the 'password' field in a login screen reflects a modified onscreen output, based on the method chosen by the user and / or system configuration, post which it does not remain the readily readable 'username' entered by user, omitting the dots and asterisks presently used for such purpose.

7. UltraSafe Login method as claimed in claim 6, wherein has an optional stealth mode, wherein the 'password' even if entered continues to be shown as blank / non-modifiable field / same color as the background to give an impression of no entries having been made

8. UltraSafe Login method as claimed in claim 6, wherein the entries made by the user are displayed in a modified manner by using a cipher for each character entered by the user.

9. UltraSafe Login method as claimed in claim 6, wherein User can, optionally hover the mouse pointer over UltraSafe 'username' field and view the entry made

Page 13 of 15

10. UltraSafe Login as an innovative and inventive method to let security administrators prevent intrusion or trap or flag potential threats as and when an attempt is made to login to the System by using smart ciphers