OnlyMe™ Logo For Palm OS Compatible Devices


Introduction
Installation
Removal
Help!
Entering Your Password
Recommended Password Strategy
Cracker Time Lock™
Forgotten Password

Main Features

Fast Start
Lock Delay
Instant Power Lock
Backdrop Picture Snapshot Capture
Advanced Features
Require Power Key
Mask/Hide Private Records
Event Log Display Features
Display All Log Entries
Display Wrong-Password-Input Log Entries
Clear Log Entries
Sort the Log Display
Menu Features
History
Password Entry Features
Password Entry Screen Information
Recalibrating the Touch Screen Digitizer
Program Registration Information

Send Feedback About OnlyMe to Tranzoa
Palm™ Security FAQ
Version History
Compatibility Requirements
Conflicts
Programming API
License

Order Your License to OnlyMe

Purchase OnlyMe

 

Site Licensing

 

Download trial version of OnlyMe

Password Entry Window

 

 

Also from Tranzoa:

ClockOn: The power-on clock.

ClockOn


Deutsch


Top

Introduction

OnlyMe™ automatically locks your Palm™ whenever the device is turned off.

OnlyMe is quick, easy, and secure.

If you misplace your device, OnlyMe will ensure that no one can read the information on the device.

No need to switch applications!

Since OnlyMe locks your device whenever the screen is turned off, you do nothing special to ensure the privacy of your information.

OnlyMe is easy to use. Entering your OnlyMe password can be as easy as making one quick gesture with your stylus or finger. And your device returns to the state you left it in.

OnlyMe is more secure than the device's built-in operating system security facility!

Top

Installation

Follow these numbered steps:

  1. Install OnlyMe.prc using the Palm Install Tool program. Then HotSync® your device.

    Note: If you already have a copy of OnlyMe™ on your device, you must un-check the "Enable OnlyMe" checkbox on OnlyMe's main screen before installing a new copy of OnlyMe on to your device.

    If OnlyMe is contained in a ZIP file, then, on a PC, using WinZip, you probably can simply open the OnlyMe ZIP file using WinZIP and double-click OnlyMe.prc to install OnlyMe on to your device.

    Alse note: Remember to fully delete any trial copy on OnlyMe from the device before installing a "branded," site license version of OnlyMe™.

    The registered version on OnlyMe tells the device to "reset" after the HotSync® is complete.

  2. On your device, access OnlyMe from Applications. OnlyMe's main screen looks like this:

    Main Screen

  3. Check the "Enable OnlyMe" checkbox.

    If this is your first installation of OnlyMe, you will be asked to enter a new password. OnlyMe asks you to enter the new password twice to confirm the password. See Entering Your Password below for details about entering passwords.

    When you re-enable OnlyMe after it has been disabled for more than 24 hours, you will be asked to enter a new password. OnlyMe does this as a safety check to help insure that you (or someone else) does not inadvertantly lock your device without remembering how to unlock it.

    Do not forget your OnlyMe™ password!

  4. OnlyMe will now lock your device whenever the screen is turned off.

    Note: After OnlyMe is enabled, you will need to enter your password to launch OnlyMe again!

    The registered version of OnlyMe displays .PRC files containing backdrop pictures such as "gillnet_boats.prc". You may install as many of these backdrop .PRC files as you like to your device. The registered version of OnlyMe displays one chosen at random each time it locks the device behind the password entry window. If no backdrop pictures are installed on your device, the registered version of OnlyMe displays your Preference's owner information behind the password input window.

    Various backdrop picture files are available on line for you to use with OnlyMe.


About ZIP Files

OnlyMe is normally packaged into a ZIP file. ZIP files are single files containing any number of files. Putting many files into a single ZIP file has these advantages:

  1. There is only 1 file to transfer.
  2. ZIP files contain checks to ensure that the data in the files is not accidentally corrupted.
  3. Many communications programs know about ZIP files and make sure to send and receive them without conversions that may corrupt the data.
  4. Data in a ZIP file is compressed so that it takes less room, and so that it can be sent between machines more quickly.
  5. ZIP file tools are available for almost all existing computers and operating systems.

On a PC, you may use WinZIP to manage ZIP files.

In particular, the OnlyMe program is a file named "OnlyMe.prc" that is contained in the OnlyMe ZIP file.

OnlyMe.prc is the file that you install on to your Palm compatible device.

This web page, onlyme.htm, and its associated graphics files are also contained in the OnlyMe ZIP file.

Top

Removing OnlyMe From Your Device

Before you remove (or re-install) OnlyMe™ from your device you must disable it by un-checking the "Enable OnlyMe" checkbox on OnlyMe's main screen.

What do I do if OnlyMe will not disable itself?

If OnlyMe does not allow you to un-check its "Enable OnlyMe" checkbox, there is a conflict between OnlyMe and another "system extension / hack" program. We suggest that you turn off all HackMaster "hacks" and alternate security programs and try again. OnlyMe may suggest a particular program that must be turned off.

Top

Entering Your Password

OnlyMe's password input screen looks like one of these:

Password Entry Window

Notice that, on the A1..F6 keyboard, the keys are labeled with letters and numbers. Notice, too, that the keys are positioned in a way that mirrors the positions of the round, plastic buttons on the bottom of the Palm™ device. As you may suspect, OnlyMe lets you enter your password using any combination of: For extra security you may set and enter a password containing letters or digits that do not correspond to the OnlyMe keys. However, you must use Graffiti, an alternate, Graffiti-area keyboard, or one of the alternate OnlyMe on-screen keyboards to enter such passwords.
Note: OnlyMe allows only the letters A through Z, SPACE, and the numeric digits as password characters.

For purposes of password comparison, the letters A through F are equivalent to the digits 1 through 6, respectively.

The letters A through F and digits 1 through 6 correspond to and are equivalent to the plastic buttons in their respective, physical positions as shown on the A1..F6 password input keyboard. That is, pressing:

  • "DateBook/Calender" inputs an A (or 1, which is the same thing).
  • "Address Book" enters a B or 2.
  • "To Do" enters a C or 3.
  • "Memo" enters a D or 4.
  • Up-key enters an E or 5.
  • Down-key enters an F or 6.

This is true no matter which keyboard is shown on the screen.

The digit, zero, and other alphabetic letters are each unique and may only be entered using Graffiti or some other input mechanism.

OnlyMe does not recognize "case" differences. Upper case is the same as lower.

The letter, X, must be input using a single Graffiti stroke. (The single stroke Graffiti version of X looks like a backward, Graffiti K character.)

As you enter each "key" of your password, OnlyMe displays little, square dots on the left, bottom of the on-screen keyboard.

For each failed password attempt, OnlyMe displays little (red on color devices) dots on the right side of the on-screen keyboard. These dots can tell you if anyone has tried to enter a password for your device.

Fast Password Input!

To allow extremely quick and easy password input, OnlyMe's keys allow you to "press" them without lifting your stylus from the surface of the device! You may choose a password composed of keys that allow you to enter the password as one, quick sweep of the stylus - a single gesture of your own design. This quick sweep of the stylus may start from or go outside the bounds of the OnlyMe "window."

For your convenience, OnlyMe resets your input-password when you tap and release on the "Retry" button in the password entry window. Remember, OnlyMe's Cracker Time Lock™ feature counts such input-password resets as if you power-cycled your device.

Top

Recommended Password Strategy

If ease of entry to your device is important to you, then choose a password that can be input quickly by sliding your stylus through 3, 4, or more OnlyMe™ keys in one, smooth motion. Examine the numbers in the table below. They tell you how many possible passwords exist for a given password length. An intruder would need to try the given number of passwords to be absolutely certain of accessing your device.

1 key: 6 possible passwords.
2 keys: 42 possible passwords.
3 keys: 258 possible passwords.
4 keys: 1,554 possible passwords.
5 keys: 9,330 possible passwords.
6 keys: 55,986 possible passwords.
7 keys: 335,922 possible passwords.

Since OnlyMe protects your device from repeated password "crack" attempts with its Cracker Time Lock feature, an intruder must be highly motivated and must have time on his hands to have better than a 1-in-15 chance of guessing even a 4 key password!

For a high level of security, we recommend that you use two gestures of at least four keys each. With this level of security, an intruder's best bet for accessing your data is to contract with someone with specialized knowledge to access the device's memory. If your data is sensitive and valuable enough to warrant this level of protection and intrusion, see your security officer or department for recommendations.

For personal use, a single gesture of 4 or 5 keys should be sufficient.

Top

Cracker Time Lock™

OnlyMe makes life particularly hard for the intruder intent upon reading your device's information. "Cracker Time Lock"™ is a powerful OnlyMe feature. This feature is simple, but effective. If an intruder tries to unlock your device, OnlyMe locks your device for 7 minutes after 5 failed attempts! After 10 failed attempts OnlyMe locks your device for 14 minutes. This continues until OnlyMe locks your device for 28 minutes after each 5 failed attempts.

OnlyMe's "Cracker Time Lock" stops an intruder from quickly trying password after password in the hope of blindly guessing the correct password.

Top

Forgotten Password

Do not forget your OnlyMe™ password!

If you forget your OnlyMe password, you must "cold" reset your device and recover its information from the information backed up on your PC.

Fast instructions for power users:

Full instructions

If you forget your OnlyMe password:

To recover as much data as you can, do the following (Please read all of these instructions before doing them - including the note after the instructions.):

Note for OnlyMe versions before v2.20, May 2001

To avoid deleting your "Saved_Preferences.PRC" file (and thereby forcing you to re-enter various system and program preferences), you may, instead, use the Install Tool program to install a v2.20+ version of OnlyMe. Do this before the initial HotSync. The new version of OnlyMe will clean up the OnlyMe information in "Saved_Preferences.PRC".

Top

Main Features

Fast Start
Lock Delay
Instant Power Lock
Backdrop Picture Snapshot Capture

Main Screen



Fast Start

If you really want to unlock your device quickly, then you may consider using OnlyMe's Fast Start option. Before doing so, read this whole section, though. There are security implications to this option.

If you set OnlyMe to allow you to Fast Start your device, then each time OnlyMe locks your device, OnlyMe will allow you to unlock your device by entering the first character/key of your password within 2 seconds of when you turn on your device.

To Fast Start your device, you must enter the first character of your device within the 2 second timeout. If you miss that first opportunity, then OnlyMe will fully lock your device. Turning your device off and on again will not help. You have missed your chance at Fast Start. You will not get another chance until after you have entered your full password and relock your device.

OnlyMe's Fast Start option is a security risk!

For example, anyone who knows that you use this option will not have a difficult time observing your password entry.

Too, if someone knows that you use this option and if that someone commonly has access to your device, then, over time, they may easily unlock your device by trying the possible first characters of your password.

OnlyMe's Fast Start option may be appropriate if you mainly want to protect the contents of your device from someone who might find the device when it has been lost. The assumption is that it is unlikely that such a person will even touch a password key until after the 2 second timeout.

When you first enable the OnlyMe Fast Start option, OnlyMe may ask you to re-set your password. You may set your password to its current value. The reason OnlyMe asks you to set your password again is that OnlyMe does not know the first character/key of your password! Remember that OnlyMe does not, in fact, store your password in a form that allows it to "know" the password.



Lock Delay

OnlyMe allows you to set a "Lock Delay." If you set a "Lock Delay," OnlyMe will not actually lock your device until the power has been off for at least as long as the "Lock Delay" that you have set.



Instant Power Lock

If you set a "Lock Delay", you may tell OnlyMe to lock instantly (ignoring the "Lock Delay" time) if you turn off your device with the power switch. If you enable "Instant Lock", OnlyMe uses the "Lock Delay" time only when your device automatically turns off after the "Auto-off after" time you have set in Preferences | General.



Backdrop Picture Snapshot Capture

Normally, OnlyMe displays an available image behind the password entry "keyboard". If no image is available, OnlyMe displays owner information of some sort behind the keyboard.

For your use and enjoyment, you may tell (a non-branded/site-license version of) OnlyMe to capture a copy of whatever is on your device's screen. This captured picture is then used as the password entry "backdrop" image.

How to capture a backdrop picture:

How to delete a captured backdrop picture:

Important Notes:

Various backdrop picture files are available on line for you to use with OnlyMe.

Top

Advanced Features

Require Power Key
Mask/Hide Private Records

Advanced Screen



Require Power Key

Certain devices (notably the Palm V), may accidentally power up and 'type' bad passwords on their own. This happens because of an unfortunate combination of Operating System, hardware, case, and device position in a pocket or bag. When this happens, OnlyMe does not know that the 'person' typing the password is, in fact, a piece of the device's protective case. Therefore, to stop Cracker Time Lock from locking the owner out of such a device, OnlyMe does not let the device turn on from presses on the Up, Down, and Contrast buttons.

If your device's cover or case pushes one of the applications' buttons (e.g. The ToDo application button.), then you may select OnlyMe's "Require Power Key" to stop your device from turning on from pushes on the applications' buttons.



Mask/Hide Private Records

You may tell OnlyMe to mask or to hide your private records whenever OnlyMe locks your device. After these records are masked or hidden, use the built-in Security application to "Show" the records again. Too, on PalmOS version 3.5+ devices, certain programs contain menu and shortcut options to "Show" the records and to change mask/hide options.

"Masking" or "hiding" private records simply sets a mark that most programs on the device recognize. When masked or hidden, your private records are not encrypted or changed in any way in your device's memory. Remember, too, that private records are stored on your PC in an easily readable form.

Important! After OnlyMe locks your device, your records will not appear to be masked or hidden by the running application until you switch to another program on your device.

Note: Record masking is a PalmOS version 3.5+ feature. OnlyMe does not show record masking options on devices running earlier versions of the operating system.

Top

Event Log Display Features

Display All Log Entries
Display Wrong-Password-Input Log Entries
Clear Log Entries
Sort the Log Display
Display Total Powered-On Time

Log Display Screen



OnlyMe maintains a log of various events.

This log lets you see when you have used your device. In this log display, you may spot device activity that you did not partake in!

You may be fascinated by how often you actually do use your device and at what times of the day.

By default, OnlyMe records and displays the following events:



Display All Log Entries

Tap the All button to display the entire history log.



Display Wrong-Password-Input Log Entries

Tap the Bad button to display only the 'Goof' and 'Cracker' log entries.



Clear Log Entries

Tap the Clear button to erase the OnlyMe event log.

This Clear button also resets the powered-on time display to zero.



Sort the Log Display

Tap the right or left side of the log display to sort the log entry display. A second, consecutive tap on one side or the other reverses the sort order of that side's type. That is, tap the left side of the list at least twice to reverse the entries' time/date sort order. Tap the right side of the list at least twice to reverse the alphabetic event type sort order.



Display Total Powered-On Time

OnlyMe displays the total hours and minutes that your device has been turned on while OnlyMe has been enabled. The display is located next to the Clear button. The Clear button resets this powered-on time value to zero.

Top

Menu Features

History

Menu



History

For your sense of security, enjoyment, and information, through a menu option OnlyMe displays: A menu option resets the usage information.

OnlyMe site licensees may set OnlyMe to log many events. This accumulated OnlyMe log may be printed on a PC.

Top

Password Entry Features

Password Entry Screen Information
Recalibrating the Touch Screen Digitizer



Password Entry Screen Information

While waiting for you to enter your password, OnlyMe displays some combination of the following information:



Recalibrating the Touch Screen Digitizer

Rarely, but occasionally, your device may lose digitizer calibration and you cannot use the touch screen. If this is the case, OnlyMe allows you to recalibrate the digitizer before you enter your password.

To recalibrate the device's touch screen digitizer while OnlyMe expects you to enter your password:

Press and hold down both of the DateBook and MemoPad keys together twinkeys for more than 5 seconds. If one of these keys is your complete password, press the other key first.

After pressing and holding these keys for 5 seconds, you will see the digitizer calibration screen:

Recalibrate

Follow the instructions.

Top

Program Ordering and Registration

OnlyMe™ is cost effective.

Through Tranzoa's web site you can license the registered copy of OnlyMe. The registered version of OnlyMe has the following enhancements:

Note for registered users:

You may beam your registered copy to another person's device! The beamed copy automatically becomes the trial version.

Top

Where to Purchase a License for OnlyMe

Purchase OnlyMe on line at http://www.tranzoa.com/html/purchase.htm#onlyme.



You may send a check, money order, or cash for OnlyMe's purchase price to the address below. Be sure to include your email address so that the latest version can be emailed to you. You should include your email address to get the registered version of OnlyMe more quickly and to receive upgrade notifications.

Tranzoa, Co.
P.O. Box 911
Maple Valley, WA 98038 U.S.A
Email: onlyme_info@tranzoa.com


A note about cash: several Europeans, an Australian, and a few Americans and Canadians have sent Tranzoa $10 bills for OnlyMe and other programs. To date (November 16, 2003), no one has contacted Tranzoa indicating that they have sent cash, but have not received their ordered product.

If you have not already done so, you may download the latest trial version of OnlyMe.

Top

Palm™ Security FAQ

What happens when the trial version of OnlyMe runs out of "uses".

My device beeps at me when I try to enter my password!

Nothing happens when I try to enter my password!

OnlyMe does not accept my password. Now I have triggered Cracker Time Lock™.

I have a new Palm device and OnlyMe is telling me that OnlyMe will expire after 'n' more uses.

Does OnlyMe make data kept in FLASH memory secure from intruders?

Does OnlyMe make data kept on SD, CF, or MMC cards secure from intruders?

Does OnlyMe change my personal data in any way?

Can OnlyMe be put into FLASH memory?

Can OnlyMe's backdrop pictures be put into FLASH memory?

I've lost my password. Can Tranzoa help me recover data that has not been backed up?

Should I keep my data secure by "hiding" private records?

Is OnlyMe more secure than the built-in security application and security applications using the built-in security feature?

How long is the program author's personal password?

Can a bad guy who has access to my HotSync PC defeat OnlyMe's security?

I manage PC's and laptops. Can you translate Palm security into terms that make sense in that world?

After my device turned on and I entered my password, I found the OnlyMe main screen, not what I had on my screen when the device turned off.

I have used an encryption program to encrypt some of the data on my Palm device. Really, how secure is it?

Why doesn't OnlyMe encrypt my data/memory when it locks the device?

I use a secure storage program with a long password. Should I use a lock program such as OnlyMe, too?

On other systems, after I enter a password, I must tap "OK", an "Enter" key, or something of the sort. Why does OnlyMe simply unlock the device once my password is entered?

How much added information does an "Enter" key add to a password?

Why does OnlyMe not require that I change my password every week/month?

Should I change my OnlyMe password every week/month?

Why doesn't OnlyMe have a scheduling option so that I can lock the device during certain hours of the day,

Why does the OnlyMe site license option to wipe memory cause OnlyMe to wipe all of memory instead of ...

I would like to disable the Fast Start / Lock Delay / etc. option in devices under my control.

I read a "Security Advisory".

Tell me some interesting URLs.




  • What happens when the trial version of OnlyMe runs out of "uses". OnlyMe no longer locks your device. The next time you enter the main, OnlyMe program, OnlyMe fully disables itself.



  • My device beeps at me when I try to enter my password! What do I do? Put the device on a table and wait 30 minutes. Because of their case design, PalmV devices are especially susceptible to false-positive Cracker Time Lock™ detection.



  • Nothing happens when I try to enter my password! None of the keys work, including the plastic buttons. What do I do? Warm (paper-clip) reset the device.



  • OnlyMe does not accept my password. Now I have triggered Cracker Time Lock™. What do I do? First, you must let Cracker Time Lock clear. Then if you are sure that you know your password, try entering it through a different method than usual. That is, if you normally use the pen to tap the on-screen keys, use the hard, plastic applications' buttons. Or use Graffiti to write letters or numbers. Sometimes using a different input method makes it easier to enter a difficult password.

    If you still cannot unlock your device then, unfortunately, you must follow the Forgotten Password procedure.



  • I have a new Palm device and OnlyMe is telling me that OnlyMe will expire after 'n' more uses. What do I do? Uncheck the "Enable OnlyMe" checkbox on the main screen of the program and use the Install Tool program to install your original copy of the registered version of the program.

    OnlyMe thinks that it has been "beamed" to another device and has reverted to being the trial version.



  • Does OnlyMe make data kept in FLASH memory secure from intruders? No. An intruder can 'cold-reset' your device. Unlike normal database memory, data in FLASH memory is not erased or obscured in any way by a 'cold-reset.'



  • Does OnlyMe make data kept on SD, CF, or MMC cards secure from intruders? No. These memory cards are readable on other devices. Data on them may only be secured with carefully written, "strong" encryption driven by a much, much longer password than is needed for device locking.



  • Does OnlyMe change my personal data in any way? No.



  • Can OnlyMe be put into FLASH memory? No.

    For security reasons, OnlyMe ensures that it may not be run from FLASH memory. OnlyMe modifies itself to disable certain methods of bypassing Palm™ security programs. Programs residing in FLASH memory do not modify themselves.



  • Can OnlyMe's backdrop pictures be put into FLASH memory? Yes.



  • I've lost my password. Can Tranzoa help me recover data that has not been backed up? No.

    A special, site licensed version of OnlyMe can be modified by the licensee to allow a "backdoor" password and/or an "administration" password on devices running Palm OS version 2 or later. Normal versions of OnlyMe do not accept any other password than the one you set. If you do not know your password, please follow these instructions.



  • Should I keep my data secure by "hiding" private records? No.

    "Private" records provide a handy way to keep seldom-used records off-screen. Private records are stored clearly in data files on any PC that is HotSynced from your device. Too, many programs are available for the device, itself, which allow anyone to view or beam private records. You may or may not have such programs loaded on to your own device.



  • Is OnlyMe more secure than the built-in security application and security applications using the built-in security feature? Yes.


    Care to be more specific?

    No.

    Ok. ... "Security by obscurity" is scorned, perhaps rightfully, by those who make their living on unobscured security, but Tranzoa is not in the business of helping intruders into anyones device - no matter what security tools the device uses.



  • How long is the program author's personal password? 5 keys.



  • Can a bad guy who has access to my HotSync PC defeat OnlyMe's security? Yes.

    There are certainly ways that such a person can get to your Palm device. For instance, he could very easily tell the Palm Install Tool program to install a "Trojan Horse" type program. After your next HotSync, such a program can do anything it wants to do on the device. For instance, it could simply remove OnlyMe.

    If this sounds harsh, remember what a person with bad intent can do to you if he has access to your PC. That he can access your Palm device may be the least of your troubles.



  • I manage PC's and laptops. Can you translate Palm security into terms that make sense in that world? There are parallels between the PC/laptop world and the Palm device world.

    The Palm device's memory corresponds to a laptop's disk drive. The Palm device's memory is, for practical purposes (at the time of this writing), as secure as a PC or laptop's disk drive.

    A multitude of PC programs exist for casual users to read raw data from disk drives. Technologies and services exist to recover data that has been overwritten on disk drives.

    Currently, depending upon the device and OS version, all Palm security programs can be bypassed using certain development tools in conjunction with rather specialized knowledge. Too, specialized hardware can probably be crafted to read the device's memory. But, it will probably be some time before anyone runs a viable business based on recovering data from Palm device memory.

    If you run an operating system on the PC/laptop that stops application programs from accessing some of the data on the drive (with a log-on password, for instance), then you are using the Palm equivalent of "hide records". Defeating "hide records" is usually and probably (at the time of this writing) quicker and easier than defeating the PC/laptop log-on mechanism.

    PC/laptop screens are easier to "shoulder surf" than the Palm screen. That is, other people can see a PC/laptop screen easier than a Palm screen.

    PC/laptop keyboards can probably be a little easier to "shoulder surf" while you enter a password. Graffiti passwords are probably a little easier to "shoulder surf" than a PC/laptop keyboard. This is, of course, very much a matter of opinion.

    Laptops go home with their users. Palm devices do, too. Users copy data from laptops on to their home PC's. Users HotSync their Palm devices with their home PC's.

    Laptops are harder to lose that Palm devices. Laptops usually need stickers to identify the owner. Palm devices can have stickers and/or they can be identified in the Owner Preferences.

    Users can copy personal data and programs from a laptop to their "work" PC's. Users will usually keep personal data on their Palm devices and will HotSync it to a "work" PC or server.

    Users can connect their laptops to their "work" LAN and run programs on the laptop that can access other PC's, etc. on the LAN. In the future, connectivity will probably be better between Palm devices and the outside world. For now, though, from a security point of view, it's better that Palm devices are not so "connected."

    Users can copy data and programs through floppy disks, serial and parallel ports to other PC/laptops. Users can "beam" programs from their Palm devices to other Palm devices.

    Encryption programs exist for both laptops' disks and Palm devices' memory.



  • After my device turned on and I entered my password, I found the OnlyMe main screen, not what I had on my screen when the device turned off. Why? OnlyMe detected a low "CPU stack" situation and switched to itself to avoid crashing your device.



  • I have used an encryption program to encrypt some of the data on my Palm device. Really, how secure is it? If you ask, probably not very secure.

    To be really secure, you will need a program that uses a "strong" encryption algorithm - and a password that is a phrase of several words, minimum. Naturally, your password cannot be saved as a Graffiti shortcut!

    Technically, the security of encrypted data usually depends upon two things:

    1. The amount of data-ambiguity in the password.
    2. The amount of data-ambiguity lost in the encryption method.

    "Data-ambiguity" means, for rough purposes, "how many possible passwords can there be." For instance, if you use a 1 letter, A through Z password - and the bad guy knows that you have a 1 letter, A through Z password - then the "data-ambiguity" of your password is 1 in 26. That is, the bad guy can try 26 possibilities and be assured of decrypting your data. As the length of your password goes up, the data ambiguity goes up.

    So called "strong" encryption methods, for reasonable passwords, don't lose any data-ambiguity from the password's inherent data-ambiguity. That is, they don't take a password with a data-ambiguity of, say, 1 in 1000, and trim it to 1 in 100. Unless you encrypt your data with such a "strong" encryption mechanism, your data is almost certainly not very secure.

    As of this writing, the U.S. government restricts exportation of "strong" encryption programs that allow data-ambiguity ("key" length) of more than 56 binary bits (56 bits is 1 in 72,057,594,037,927,936).

    "Bits?" A data-ambiguity of 1 in 4 is two "bits." 1 in 8 is three bits. 1 in 16 is four bits. ... And so on, doubling the X in "one in X" each time. Using the word, "bits" makes for smaller numbers. Would you rather say, "31 or 32 bits" or the equivalent, "1 in 2,147,483,648 or 1 in 4,294,967,296"?

    The cryptographic community regards 56-bit keys to be breakable if there is enough incentive to do so.

    Horrors, right? Should patriotic Americans wonder whether their government is, in fact, on their own side?

    Well, let's drop that sensitive topic and remember that in order to encrypt to 56 bits of data-ambiguity, you must use a password that actually has 56 bits of data-ambiguity. If you do, and you enter the password often, you spend a good deal of your life doing so! A half dozen or more random, six to ten character words in your favorite language and an odd symbol or two might get you 56 bits of data-ambiguity, for instance.

     

    But, there are advantages to using a secure data storage program:



  • Why doesn't OnlyMe encrypt my data/memory when it locks the device? Well, encryption can be illusory. See above.

    That said, here are the reasons:



  • I use a secure storage program with a long password. Should I use a lock program such as OnlyMe, too? Yes.

    Quick answer: trojans.

    In this context, a "trojan" is a program that someone can beam on to your device to pick up your password when you later enter it.

    Second quick answer: are you sure about that password?

    If you use a secure storage program, you are probably pretty sensitive about your data. It's generally a good idea to put another fence around such data. The "other fence" serves to make it difficult to copy your encrypted data from your device to a more powerful machine.

    If the bad guy copies the data to his own machine, then he can put a lot of computer power to work on decryption.

    A lock program makes this whole process more difficult for the bad guy.



  • On other systems, after I enter a password, I must tap "OK", an "Enter" key, or something of the sort. Why does OnlyMe simply unlock the device once my password is entered? Because it is simpler and can be more secure that way.

    The reason why, with many systems, you must "hit Enter" is that you are not telling your password directly to the system that validates it. Instead, you are telling your password to an intermediary: a computer program/system that, once it is told that you have completed your password entry, sends your password to another computer/system for validation.

    OnlyMe directly validates your password. Therefore OnlyMe does not need to be told when you have completed your password.

    Systems that separately enter and validate a password can be built as securely as OnlyMe with regard to keeping a password in memory. But often, in practice, one of two things may happen:

    1. The password entry system will store the password in clear-text, locally.
    2. The password will be transmitted to the validation system in clear-text.

    These are not good things.



  • How much added information does an "Enter" key add to a password? Well, if a password can be from, say 4 to 13 characters long, digits only, then the "Enter" key is the equivalent of one extra password key.

    More practically, an "Enter" key is about the equivalent of one extra, simple OnlyMe "keyboard" key (A..F).



  • Why does OnlyMe not require that I change my password every week/month? Because it would be a security risk.

    First, OnlyMe knows whether you have entered your password. It does not need to send the password to any external system for verification. In fact, OnlyMe does not actually store your password at any time - even during entry - but it does store a "hash" of your password.

    For OnlyMe to check a new password against many previous passwords, OnlyMe would need to store hashes for those many previous passwords. That means that if the "bad guy" gets his hands on this record, not only does he know your current password hash, but many previous password hashes. As a general rule, it is not wise to give the "bad guy" any extra information or help. The full record of your "hashes" may, for instance, help the "bad guy" know what new password pattern you use. And he may naturally expect that you would use a similar pattern for other systems that require password changes.

    It is for this reason that effective password-change systems rely on a separate, remote, secure validation system. PalmOS devices do not have access to such an external, secure system. Nor, as noted above, does OnlyMe need such a system.



  • Should I change my OnlyMe password every week/month? Probably not.

    There are some negative security implications to this common practice:



  • Why does OnlyMe allow "simple" passwords: Because to disallow such passwords would lower security for these reasons:

    1. To date, every person who has suggested that OnlyMe disallow "obvious" passwords (including the OnlyMe author), has suggested a different set of "obvious" passwords. What is "obvious" to one person seems to be completely out of the thoughts of another.

    2. To do so lessens the number of possible passwords. This has the effect of requiring a longer password to get the same level of security.



  • Why doesn't OnlyMe have a scheduling option so that I can lock the device during certain hours of the day, for instance. Actually, OnlyMe does contain this option. It's a special, "support" option meant to handle certain programs that require control of the device in the middle of the night. OnlyMe's implemetation is coded for that purpose and not for use as a personal security hole. That is, OnlyMe's schedule option has the wrong logic for human use!

    For human use, a security program should lock the device if it has been off at any time during the times scheduled for locking.

    For instance, consider the case of when you tell a security program to lock the device during the day from 9 AM through 5 PM. If you turn off your device in the morning at 7 AM, then the security program should require your password if you next turn on the device in the evening at 7 PM.

    Why? Well, consider what happens if you lose the device during the day (when you think you need security) - and someone first finds the device in the evening.

    Unless the security program contains such scheduling logic, then scheduled locking is not just a sophisticated security hole, but simply silly. Instead of resorting to using such scheduled-locking logic, be honest with yourself and turn off the security program altogether. You are not fooling the enemy.

    When will you lose your device? During certain hours only?

    And, what about weekends and holidays - should you want to be unlocked during the day?

    So, if you use scheduled locking, those with experience with Murphy's Law may have little sympathy with you when your device is gone - out of your control.



  • Why does the OnlyMe site license option to wipe memory cause OnlyMe to wipe all of memory instead of: Because OnlyMe's wipe-memory option is not a pretend option. It is meant to truly wipe sensitive data.

    Copies of any data on your device may be in memory at any location. Those copies may be stored in proper, OS-managed databases, or they may not. Data not contained in OS-managed databases would not be erased by clever or dainty methods.



  • I would like to disable the Fast Start / Lock Delay / etc. option in devices under my control. How? Get a site license for OnlyMe.

    Site licensees receive a WinDOS program, TZOnlyMe, that allows site IT people to set/disable certain internal OnlyMe options.



  • I read a "Security Advisory". It said ... Over the past year there have been "security advisories" concerning PalmOS security.

    You may safely assume a few things about the information in these advisories (to date, May 7, 2001):



  • Tell me some interesting URLs. Extensive listing of PalmOS security programs.

    http://www.tranzoa.com/html/compete.htm

    "We hope to show brief evaluations of these programs in the future."

    A study of particular password methods:

    http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf

    "Compliance is the most critical issue."

    Interesting editorial with things to say about passwords:

    http://www.tech-mavens.com/myths.htm

    "Designers of access control systems should take a lesson from the banking industry."

    Lots of security related books.

    http://www.securitybooks.org/

    "Educate Yourself & Be Protected."

    A method for picking long passwords, suitable for using to encrypt data (Diceware).

    http://world.std.com/~reinhold/diceware.html

    "Free - there is no computer software or hardware required."

    Un-uplifting reaon why passwords will be with us for some time to come.

    http://www.counterpane.com/crypto-gram-0205.html#5

    "Matsumoto ... showed that [biometric fingerprint devices] can be reliably fooled with ... $10 worth of household supplies."

    A web page the plays a guessing game with you. It can demonstrate why the human mind does not pick items (like password characters, for instance), at random.

    http://www.jtan.com/guess/

    "Since this page has been in operation, I have won 1026 matches. Visitors have only won 668 matches."

    Humor:

    http://downlode.org/etext/alicebob.html

    http://www.privacyinternational.org/activities/stupidsecurity/

    Top

    Deutsche Version

    Um die deutsche Version von OnlyMe zu benutzen, installieren Sie bitte die Datei "OnlyMe_German.prc" aus dem OnlyMe ZIP-Archiv.

    OnlyMe wurde von Jens Herrmann (www.jhc.de) ins deutsche übersetzt.
    Übersetzt wurden alle Menüs, Informationen und Anleitungen in OnlyMe.

    Für deutschsprachigen Support steht Ihnen die eMail-Adresse onlyme_de@tranzoa.com zur Verfügung.


    The OnlyMe_German.prc file contained in the OnlyMe ZIP file is a German version of OnlyMe. The German translation of OnlyMe has been done through the very kind efforts of Jens Herrmann - onlyme_de@tranzoa.com. Jens' web page is at http://www.jhc.de.

    Top

    Current Version


    Version 5.08 : November 23, 2003 Release

    Various changes to OSv5 power and Lock Delay control.
    More logging of special values and events (dev versions).
    Disable FastStart upon normal or ambiguous program entry.

    Version 5.07 : November 16, 2003 Private release

    Apply German changes to new Support tab option.

    Version 5.06 : November 5, 2003 Limited Beta

    Under OSv5, handle certain programs that do not allow device to lock (e.g. DateBk5 pending alarms).
    Allow certain Legend and other, now OEM key events to pass.
    Recognize particular T/W system extension.
    Tungsten 3 - Disallow Picture Capture (build setting option).
    T3 - do not hash screen at lock time.
    T3 - Slide Dynamic Input Area out and in/out (if device is up-to-date).
    T3 - Disallow most DIA operations while locked.
    Correct a bad special setting for Tungsten W, making it (finally!) able to answer calls and see incoming SMS's when locked. Note: Setting can be made to versions v5.03+.
    Don't let D-side-keys "try" a password while picture or owner-info or ClockOn is displayed.
    Under OSv5, don't lock when in cradle/charger and Pref's 'Stay On In Cradle/Charger' option is set.
    Recognize ClockOn v1.06 and run it directly as a plugin under OSv5.

    Version 5.05 : October 1, 2003 Private release

    Version 5.04 : August 18, 2003

    Better sensing of current app under OSv5.
    Fix the code that allows specific-case beam-stopping logic for certain phones.
    Fix a keyboard-rectangle-showing problem with certain OSv3.x devices when OnlyMe is set to show backdrop at power-on time.

    Version 5.03 : June 7, 2003 Release

    Turn off Graffiti 2 on-screen logic while inputting password.
    Make mods for Fossil watch.
    Configurable device logic for auto-power-off and in-beam control.
    API disable doesn't account for admin password logic.

    Version 5.02 : May 12, 2003

    Fixes to FAQ.
    Set force-pen-up logic to minimum of a minute.

    Version 5.01 : March 31, 2003 Beta

    Display total powered-on time HH:MM in the log tab.
    Use Find rather than Graffiti Ronamatic gesture to capture the screen (changed to make consistent for thumbboard devices).1
    Save certain device id and program info in power on/off log entries.
    Save screen images to pref database rather than program database.
    Allow OSv5 devices to stay on if "spuriously" turned on without Require Power Key option checked. Includes Tungsten T slider turn-on.
    Save/restore OSv5 and other standard PalmOS hi-res screens.
    Show more device information on Support tab.
    Add several more dev/debug log items, including spoof-pen events.
    Include app type in app log events.
    Pass through certain external app and lib key events under OSv4+.

    Version 5.00 : January 12, 2003 Beta

    Sub-call Prefs|Owner on a Tungsten/T, which has a 'Done' button.
    Site license option to clear out all free memory space when locking.
    Change the version in prep for non-confusing version numbering, matching OS major version.
    OSv5 database wipe logic. Not complete memory, as under OSv4-.
    Various clean-ups - draw-windowing, mostly.

    Version 2.39 : December 17, 2002

    Yet another Attention manager dialog box display fix - in-place lock over attn mgr over model dialog.
    Specialized fixes for i705 power control. May have been influenced/conflicts by/with AIM 2.0, though.
    FastStart log entry.
    OSv4+: allow Launcher to delete enabled OnlyMe - with (admin) password entry.
    Don't allow API to disable without admin password, if one exists.
    Allow thumb-board Treo to use ... key to capture screen image.
    Treo blue-app/up/down keys map to 'g'..'l' ('7'...'9'+).
    Pass through Treo blue power and cradle keys.
    Translate Palm D-key keys to password keys: up('e') right('l') down('f') left('k').
    Use Clie QWERTY board for alpha('a'..'z')/space(' ') password key entry.
    API disable accounts for admin password logic.

    Version 2.38 : September 2, 2002

    Fix the uncomfortable Lock Delay value editting logic (especially in pop-up-keyboard, debug-ROM situations).
    Keep ClockOn display showing for configured time when Lock Delay allows device to unlock without password.
    Allow ClockOn user to tap title bar to keep clock on-screen.
    Put sort direction/control buttons at the top of the log list display.
    Allow "invisible" keyboard.
    Put in Support tab a button to store all on-device database names, Creator IDs, and types to TZ_DB_List.pdb.
    Take password generation out of the program. Silly idea, but nicely done. Too bad really high quality, random passwords are so hard to remember.

    Version 2.37 : June 15, 2002

    Display dots for wrong passwords.
    Log display tab.
    Put password generation in a tab.
    Take the backlight control option out of the Support tab.
    Password generate logic.
    API function to mix data into the random data.
    API function to get random data quality.
    After switch-app, if the running app no longer exists (was run off a card), return to the Launcher.
    Add some magic numbers for OSv4.1 system extensions.
    Documentation changes.
    Change the name of the German version to OnlyMe_German.prc from OnlyMe_DE.prc.

    Version 2.36 : February 20, 2002 Release

    Stop from trying to run under PalmOS version 5.
    German language executable.
    Explanation popup for SwitchApp checkbox.
    Change set-password label to confirm when appropriate.
    Change "Operations" to "History" in the main menu.

    Version 2.35 : January 5, 2002 Release

    Don't auto-show clock plugin if HotSync button is pushed to turn on power.
    Show some device info in Support tab.
    Be robust in the face of a rogue clock plugin database.
    Change OMClock to ClockOn.
    Keep the modification date/time stable (for XTND Server use).
    Allow alarming programs to run themselves during DisableLock time.
    Keep spurious penUpEvent from current app.

    Version 2.34 : December 14, 2001

    Fix the OSv1 and 2 version warning. (OnlyMe version 2.15 is required for these older versions of the OS.)
    Allow clock plugin.
    Put turn-backlight-on option into Support tab.
    Don't do disable locking logic if they have tried a password.
    Move "Allow Alarm Display" from Advanced tab to Support tab.
    Put in frightening, disable-lock logic (OSv3.1+) to Support tab (for middle-of-night programs that must switch to themselves).
    Site license option to leave initial background up when hard-buttons are pushed.
    Use large, bold font for most non-QWERTY keyboard keys.
    Number-pad password entry keyboard.
    Wider QWERTY L to take the extra key position.
    Telephone X rather than zero in star position.
    Change "Reset" button on password entry screen to read "Retry".
    Sense device specific things at enable/disable time - not just at prefs-create time.

    Version 2.33 : November 3, 2001

    Site license option to turn on backlight when power turns on.
    Alternate keyboards: QWERTY and Telephone.
    Fix Handera Menu/shortcut-up-in-OM problem.

    Version 2.32 : September 30, 2001

    Bump the unwarned OS version to 4.1.
    Do the untested-OS pop-up after lock/unlock in case of app-switch and/or reset (fixes switch-app, OSv4.1, double-pw entry).
    Allow run on Handera 330. (Unresolved issues remain. Reset display. OM menu/lock undefined window.)

    Version 2.31 : September 15, 2001 Release

    Do not do Switch App logic if records are to be masked or hidden. The option can be turned on by hand in the support "tab".
    Site license option to show Julian date instead of battery-charge indicator.
    Set up to better handle Handera 330 in debug build.

    Version 2.30 : August 27, 2001 Beta

    Fix trial version / unique-per-use-backdoor-password bug.
    Be less invasive with the bug-in-3rd-party-Launcher work-arounds.
    Allow two Cracker Time Lock messages so that it can say, "Please Wait!", too.
    Move all but a couple of images out of the distribution ZIP file.
    Put the rest of the images on line at http://www.tranzoa.com/cgi-local/pictures.pl.
    Handle attention/alarm list power-off logic under OSv4.0+.

    Version 2.29 : August 16, 2001 Special, limited release

    Put switch-app checkbox in a new, hidden support tab (Graffiti S inside the advanced tab to access the support tab.).

    Version 2.28 : August 15, 2001

    If default for instant power lock is ON, then allow only the admin user to turn it off - if there is an admin password set.
    Switch-App when DiddleBug or BugMe! is the current app (to avoid screen-save problems).
    Tabbed interface.
    Do Switch App logic if records are to be masked or hidden.
    Show HotSync name and one-time-use backdoor passwords when OnlyMe icon is tapped - not at other super-owner-show times.
    Ignore app-stop event at forced-enable, set-password time.
    Don't show the reset-time help info alert when forced-enable, pre-set password options etc. are set.
    Handle time/change in debug ROMs' Prefs app at reset time.
    Default to Allow Alarm Display on.
    Force Switch App on Sony hi-res devices.

    Version 2.27 : July 17, 2001

    PalmGear/Yahoo store URL change in docs.
    Ability to switch from and return to Prefs panels and built-in Security app.
    Support multiple, one-time-use backdoor passwords.
    Fix a goof in pre-OSv3.5-screen-restore introduced with 32-bit screen save size.
    Option to require power key turn-on.
    Color icons.
    Color backdrops included in distribution.
    Handle alarms in formless environments.
    Allow certain system files to be ignored by the install-over-hack detection logic.
    Reset wipe-memory/normal password-counter when valid password is entered.
    Do wipe-memory/normal-password logic count-down only at unique CTL times.

    Version 2.26 : June 19, 2001

    Add and improve certain logging items.
    32-bit screen save size.
    A certain Sony hard-key may power on the device.
    Allow prefs db to not exist at ROM/FLASH test time.
    Properly automatically switch-app if screen takes too much memory to save.
    Don't flash the OnlyMe main screen after switch-app unlock.

    Version 2.25 : June 11, 2001

    Re-calibrate digitizer if DateBook and MemoPad keys are pressed and held for 5 seconds.
    Be cleaner about showing no backdrop, captured image if the LCD pixel depth has changed since the image was captured.
    Avoid a loop by stopping backdoor password from disabling OnlyMe permanently if force-user-to-set-password is turned on.
    Handle GoBar leaving active/draw window set to invalid-window/un-allocated memory when running programs.
    Don't be confused (yet again) with silk screen presses while setting password.

    Version 2.24 : June 7, 2001

    Tell info in in-ROM/FLASH pop-up for diagnostic reasons.
    Fix an unknown-key event mistake.
    Raised RAM resident memory address cutoff back to v2.15's value.

    Version 2.23 : June 2, 2001 Release

    API's for monitoring whether password has been entered - which type and when.
    Better handle clock changes.
    Don't log certain events if non-debug version.

    Version 2.22 : May 17, 2001

    Clean up system Security "footprints" at main screen UI time.
    Do not allow running on Handera 330, yet.
    Yet another special case for "hack" warnings (M500).
    Lighten up the background color of this file.

    Version 2.21 : May 12, 2001

    Clear and set certain recursion flags.
    Print information about installing-over application and/or memory address of hook routine.
    Give option to reset in disable-hacks popup.
    Menu option to toggle on app-switch logic.
    Yet another HandSpring extensions recognition thing (to suppress "hack" warning) - more to come.

    Version 2.20 : May 7, 2001

    Be easier going on HandSpring extensions "hack" detection.
    PalmOSv4.0 Alarm GoTo keeps power on so user can enter password.
    Site license option to totally wipe memory at 'n' Cracker Time Lock time.
    Use OnlyMeData for data storage.
    After installation pop alert to tell user to run OnlyMe to enable it.
    Tell user what hacks are in the way of enable/disable.

    Version 2.19 : April 29, 2001

    Run only under PalmOSv3.0+ and above.
    Option to not use Saved_Preferences for storage.
    Improve in-ROM detection logic.
    Fast Start option.

    Version 2.18 : April 18, 2001

    Update the time/battery display more often (every 3 seconds instead of 30).
    Change the charging-battery picture to look more like the Palm "lightning bolt" picture.
    Do shut-down-and-lock logic inside us rather than letting it through to the Security app.
    Event logging.

    Version 2.17 : April 4, 2001

    Allow certain non-Palm events to pass through.

    Version 2.16 : March 24, 2001

    Require OSv2.0 or newer.
    Make all newly installed instances of OnlyMe reset the password and options.
    Create API to be source of random data.

    Version 2.16 : March 12, 2001

    Finally (!) fix that darned text field logic so the pop-up keyboard can be used.
    Implement _set_password API function.
    Better explain overclocking.
    Fix a missing bang in the API function onlyme_lc_enable so that it works. Ouch!

    Version 2.15 : January 21, 2001 Release

    Change this HTM file to reflect the new, PC backup directory name for OnlyMe.prc (was Only_Me.prc).
    Fix a glitch so that admin users can disable OnlyMe if OnlyMe has the force-user-to-set-pasword-and-enable option set.
    Site license No-show-owner-information and Disable-capture options.
    Added Register Now! URL.

    Version 2.14 : January 1, 2001

    Put a battery charge indicator on the password entry screen (PalmOS v3.00+).
    Warn users about possible security holes when both OnlyMe and the built-in Security app are used to lock the device.
    Fix a site license option so that devices won't need cold boots to remove certain, indiscreet options.

    Version 2.13 : Nowhen

    Non-US people may be interested to know that there are tall buildings in the US with no 13th floor! Let's not push anyones button.

    Version 2.12 : December 26, 2000

    Site license option to force user to set password and to enable OnlyMe.
    Site license option to set owner and super-owner fonts.
    Work around OSv3.5 Launcher category bug (Note: Bug is fixed in Handspring OSv3.5 and OSv4.x).
    Fix the HandSpring Prism charging cradle problem. Screen stays off.
    Use a more direct way of turning off the power on newer-OS devices.
    Site license option to force user to set password.

    Version 2.11 : December 8, 2000

    Comment PayPal logo out until an automated scheme can be built.
    Work with and replace existing OnlyMe (2.11+, and in most cases, earlier versions) at install time.
    Snapshot/capture screen feature.
    Move password entry history display/reset into the menus.
    Allow maximum lock delay value setting.
    Allow non-admins to set lock delay value up to maximum.
    Tighten up the lock delay field entry code.

    Version 2.10 : October 27, 2000

    Fixed tiny text field memory leak.
    Put PayPal logo in.
    Do the mask/hide record logic at main screen exit time.
    Mask private records options for PalmOS v3.5+.
    Allow TZOnlyMe to set any of power-on keyboard/backdrop/owner/super-owner display.
    Show day-of-week in time display.
    Use new Handango logo in onlyme.htm.
    Auto-set Allow Alarm Display on PalmVII's and when certain applications are in memory.
    Allow up-key to pop m100 clock program if Lock Delay has not timed out.
    Tighten up Lock Delay in cases of repetitive alarms.
    Power down device quickly after device turns on from non-user-hit-key reason (i.e. an alarm).
    Handle some undocumented, m100 "keys".
    Get rid of the "Set Owner Information" button.
    At enable time, warn the user if it looks like he does not have his owner information set. Give him a zap-to option.
    Move a hard-coded string into a resource.
    Allow negative Lock Delay values. Convert them to positive.

    Version 2.09 : September 14, 2000

    Speed up the duplicate Graffiti shortcut elimination routine.
    Work-around for BigClock 2.7, pre-PalmOS v3.5, and v3.5+ excepting non-Allow Alarm Display mode.
    Include local links in onlyme.htm so that support email can reference them.
    Fix typo in "Set Owner Information" button logic.

    Version 2.08 : August 28, 2000 Release

    Change reset id.
    In program build: put default password entry keyboard position in the middle of the screen.
    Allow program to run under newer, untested-with OS's. But warn 'em.
    Include order information in the uses-remaining alert.
    Use only the HotSync name for registration info. Don't use the device serial number.
    Remember and reset key rates.
    Allow onlyme_lc_run_without_password function to force the issue over the user's input.
    Most implemented API's tested for positive functionality (error conditions not thoroughly tested) in APITST01.C.

    Version 2.07 : July 9, 2000

    Allow Graffiti strokes that begin and end at the "same" place.

    Version 2.06 : June 18, 2000

    Be even more strict about stopping stroke/tap hacks from working during password entry.
    Automatically remove duplicated Graffiti Shortcuts (fixes pre-3.5 OS bug).
    Automatically add reverse-Indiglo Graffiti Shortbut (ribbon.dot.dot.8) if it should be defined.
    Try to save the user from crashes by warning of installed hacks on same hooks as OnlyMe will use.
    Keep trying to de-install on program entry if user said to, but we could not because of an over-riding hack.
    Add another untested API call - for password entry satisfaction, application-run.

    Version 2.05 : June 14, 2000

    Put HotSync name in super owner display (so it's easier to find registered owners whose device is 'sent' to Tranzoa).
    Include 'Trial', 'Registered', or 'Branded' on the version label.
    Paint a "Cracker Time Lock" notice when it's triggered.

    Version 2.04 : June 4, 2000

    Allow Graffiti strokes to switch from backrop/owner display to keyboard display mode.
    Fix emulatable non-reset condition if normal password is set by site licensee.
    Update the doc file.

    Version 2.03 : May 21, 2000

    Add Instant Power Lock option.
    Put password entry keyboard at fixed location at bottom of screen.
    Add site-licensee-only options:
    • Run/force-run application after password entry.
    • Run AvantGo URL after password entry.
    • Administration password required to run OnlyMe.
    • Password entry keyboard vertical location.
    • Option for no initial display of password entry keyboard.
    • Allow site licensee to set initial state for all program options.

    Change PalmGear's phone number.
    Add Handango to doc file.

    Version 2.02 : March 19, 2000 Release

    Allow screen color depth to change while OnlyMe is enabled - and still save the screen.
    Be as gentle as is possible in case there is not enough memory to save the screen.
    Note: 2.01 was accidently uploaded before its time. (Backdrops contain wrong internal names.)

    Version 2.00 : March 11, 2000

    Save color screen and other OSv3.5 changes.
    Hash the screen at power-down time like the original program did, sort of.
    Certain alarm and power-on key changes to work around device and OS weirdnesses as best we can.
    Discourage pop-up-stroke "hacks" from bypassing security.
    Don't show blank owner name in certain cases and add more owner name boiler plate filtering strings.
    Branded version: entry of backdoor password permanently disables program security. Note: As a side effect of this, you must delete an trial copy of OnlyMe from a device before loading a branded version.
    No filtering that is made redundant by certain ROM discoveries.
    Jump the version number to V2.00 because of version number ambiguity with the old, sub-version 1.21 and others.

    Version 1.10 : October 18, 1999

    Option to Allow Alarm Display.
    Fix for conflict with IRLink.

    Version 1.9 : September 14, 1999 Release

    Require new password to be set if the date/time is more than 24 hours away from when the password was last entered correctly.
    Documentation changes.

    Version 1.8 : September 6, 1999

    Don't power up from Up/Down/Contrast buttons. Try to eliminate Up/Down during alarm turn-ons.
    Be aware of whether StayOffHack is installed and superset its logic if so.
    Use key modifier mask for sensing power-on key - not timeout.
    Reset and restore the key mask in case games have changed it.
    Noted that \Pilot and \Palm are used, depending upon Desktop version.
    Sense Graffiti fast time-out of uses for testing trial version.

    Version 1.7 : July 23, 1999

    Option (for the cased V) to stop power-on from spurious app-button hits.
    Fix menu-button bug in Set Password.
    Pass contrast button for the V.
    Pass 0x11e (OS V3.2+ SysSleep) character.
    Pass lowBatteryChr.
    Interim "solution" to the VII radio battery autoOffChr/SysSleep problem.

    Version 1.6 : June 6, 1999

    BackupBuddy certification image and link.
    HTM: note about reset at install time.

    Version 1.5 : May 31, 1999 Release

    TZONLYME changes super-owner text.

    Version 1.4 : May 29, 1999

    Finally (we hope) fixed the re-HotSync thing.

    Version 1.3(1) : May 21, 1999

    Update the HTML to reflect that a whacked password may not have been Hotsync'd.
    Avoid low-level, OSV3.1 arithmetic bug accessed by DeLorme Solus program.

    Version 1.3 : May 2, 1999

    Stack-available sensing and self-launch if low-stack.
    Usage recording and display.
    Lock Delay.
    Document the lost password procedure.
    Play two different tunes at cracker time lock alarm time.
    Paint backdrop picture, if present.
    Allow site licenses to configure a minimum password length.
    Allow site licenses to configure an extra, long password.
    Allow site licenses to use branded, non-registration-check version.
    Move the Information "I" button up to the menu line.
    Disallow putting program into FLASH memory (security risk).
    Implement, without testing, some API functions.
    Allow power-off timeout even when the pen is down. (OS, itself, will not do so.)
    Require password to launch OnlyMe when it is enabled.
    Move the password input window around vertically to smooth out screen wear.
    Show-Tranzoa-information icon-button.
    Show-owner-information button.
    Show-backdrop-picture button.
    Reset-password-input button.
    Set-owner-information button (except OS Version 1).
    Crank up the maximum Cracker Time Lock lock-out to 28 minutes.
    Turn Graffiti back off if it was off before password entry logic.
    Changes to take less dynamic memory.
    Changes for less troublesome interaction with certain programs.

    Version 1.21 : January 29, 1999 Release

    Allow only alpha, numeric, and SPACE in passwords.
    Reset Graffiti aggressively to fix the N, O, and shortcut problem.
    Ensure that Graffiti is turned on at password input time.
    Refresh the Graffiti shift-state indicator after password input.
    Continue to lower run-time memory requirements.
    HTML changes.

    Version 1.20 : January 23, 1999

    Works on all Palm™ devices.
    HTML changes.

    Version 1.10 : January 22, 1999

    Disallow warm-reset, brute force trick.
    Disallow password characters over 127 (warm-reset artifact and "Command" character).
    Pass through alarms and power-on/hotsync application-start keys.
    Fix double-warm-reset problem.
    Link to feedback.htm from this file.
    HTML changes.

    Version 1.00 : January 10, 1999 Release

    Release, with access notes, etc.
    HTML changes.

    Version 0.06 : January 1, 1999

    Require OS Version 3 or greater at run time.
    Include feedback.htm in ZIP file and at web site.
    HTML changes.

    Version 0.05 : December 19, 1998

    Allow very fast gesture input.
    "Breakout" to stop malicious, trained-user, OS, side door.
    No copy of the clear-text password is kept anywhere.
    Get time/date format preferences each lock time.
    HTML changes.

    Version 0.04 : December 15, 1998

    Stop Graffiti special functions/states (OnlyMe is now more secure than OS Security application).
    System Preferences control time/date display.
    Step over owner boiler plate.
    Be quieter and faster.
    Smaller screen hash memory.
    Be nicer after Cracker Time Lock timeout.
    HTML changes.

    Version 0.03 : December 6, 1998

    Tips/html changes.
    Faster password stroke input.
    Removed spurious power-on/warm-reset keys.
    De-bullet tips (for OS V3.1).
    Registered/trial logic.

    Top

    Compatibility

    OnlyMe runs under PalmOS® version 3.0 and newer.


        BackupBuddy Image     OnlyMe is BackupBuddy certified.

    Top

    Conflicts and Side Effects

    Tungsten 3 Dynamic Input Area suffers from display glitches, depending upon whether device updates have been applied.

    Tungsten W may come on after a few seconds when it first auto-offs and OnlyMe is not set to "switch app" to itself.

    If a Sony NR70(C) device is turned on with an applications' button and the last "key" of a password is entered with Graffiti, the device may have a Fatal Error.

    VisorPhone does not ring if there are unacknowledged alarms.

    Samsung I300 is reported to not allow incoming calls - or to disallow them without unlocking first.

    Hi-resolution Sony Clies (that is, most Clies) do not repaint the Prefs|General screen properly after a reset and OnlyMe lock.


    If you use AfterBurner, CruiseControl, ClockupDA or a similar program to "overclock" your device's CPU, please do not contact Tranzoa about any troubles with OnlyMe or with your device. OnlyMe runs on Palm compatible devices. Unfortunately, you may no longer have such a device. Please explain this!

    When the device is locked, BigClock v2.7 alarms will cause an PalmOSv3.5+ device to never power off if OnlyMe's Allow Alarm Display option is not set.

    If the Allow Alarm Display checkbox on OnlyMe's Support screen is not checked (it is checked, by default), you will probably not be notified of multiple alarms.

    If the Allow Alarm Display checkbox on OnlyMe's Support screen is not checked (it is checked, by default), programs that do "midnight" processing may not work correctly - that is, post events, update data records, and such. (E.g. DateBk4)

    For security reasons, OnlyMe will not run from FLASH memory. Therefore, do not use TRG's FlashPro or FlashBuilder to put OnlyMe into FLASH memory.

    You may be able to use only the plastic buttons below the screen to input your password if your device is powered off while you are setting the Preference's "Digitizer" settings.

    OnlyMe may conflict in subtle ways with other security applications, including the built-in Security application. Do not assume that using two access control applications such as OnlyMe will double your security. It may lessen your device's security, instead.

    On the Symbol SPT1500, if:

    1. You are running the barcode or laser pointer application.
    2. You push the green laser buttons while the device is off or during OnlyMe password entry.
    The laser will not turn on until you re-launch the application.

    Certain programs take too much of a type of memory called the "CPU stack." The Palm™ has very little of this type of memory. Most applications, like OnlyMe, are written to take very, very little of this type of memory. If, when your device powers down, OnlyMe senses that there is not enough "CPU stack" memory for OnlyMe to operate with, OnlyMe will attempt to launch itself before turning the device off. Unfortunately, especially on older devices, simply switching applications at the wrong moment can crash the device. At those moments, you could crash your device yourself, for instance, by pressing one of the plastic applications buttons. When "hack" programs are installed, these "stack overflow" crashes are more likely to happen.

    Versions of OnlyMe before 1.10 (1.9 and older) conflict with IRLink 1.4.

    FastApp can crash if it is used to "Turn Off Palm" or "Turn Off & Lock" the device.

    There has been a report of problems disabling OnlyMe when EVPlugBase is installed.

    There has been a report of problems disabling OnlyMe when BatteryHack is installed.

    There has been a report of a conflict with Trek Sounds.

    There has been a report of conflicts between at least one battery monitor "hack" program and OnlyMe.

    There has been a report of alarms problems with LauncherIII when a user upgraded his device's operating system. He found that his problems were solved by turning off and on LauncherIII (as the default launcher). There have been other reports of imcompatibilities between OnlyMe and versions of LauncherIII. Such reports usually mention device crashes.

    On devices running OS versions earlier than version 3, the Fitaly keyboard stand-alone, non-hackmaster program cannot be enabled after OnlyMe is enabled.

    If the Fitaly keyboard is on-screen, on older devices (pre-PalmOS version 3) the whole screen shows for a brief moment when the device is powered on.

    Top

    Programming API

    When OnlyMe is enabled, calling SysSleep() will cause the device to power-off, automatically triggering OnlyMe's logic.

    A superior way to put the device to sleep, though, is to make this call:

            EvtEnqueueKey(autoOffChr, 0, commandKeyMask);
            

    OnlyMe's API includes calls to:

    Top

    License

    OnlyMe comes in two forms:

    1. Trial.
    2. Registered.

    Note: OnlyMe does not use "reg codes". There are two, separate .PRC files: one the trial version, the other the registered version of the program.

    Your Trial Version of OnlyMe

    Without paying Tranzoa, Co. or any agent of Tranzoa, Co., you may use the trial version OnlyMe for 120 password-input, lock cycles. You may freely copy or transfer the trial version of OnlyMe to anyone.

    Your Registered Version of OnlyMe

    You may use your registered version of OnlyMe on 1 and only 1 Palm™ compatible device at any 1 time. The registered version of OnlyMe may be "beamed" to other Palm™ devices. Such a "beamed" version will automatically become an trial version of OnlyMe.

    You may transfer your registration license to another party on a permanent basis provided you retain no copies and the recipient agrees to the terms of this OnlyMe license agreement.

    You may not rent or lease the registered version of OnlyMe.

    Both Versions of OnlyMe

    Tranzoa, Co. warrants that it is sole owner of the software and has full power and authority to grant this license without consent of any other party.

    Tranzoa, Co. hereby disclaims all warranties relating to this software, whether expressed or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Tranzoa, Co. will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if Tranzoa, Co. or an agent of Tranzoa, Co. has been advised of the possibility of such damages. In no event shall Tranzoa, Co.'s liability for any damages ever exceed the price paid for the license to use the software, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software.

    This agreement shall be construed and enforced in accordance with the laws of the State of Washington. Any action or proceeding brought by either party against the other arising out of or related to this agreement shall be brought only in a state or federal court of competent jurisdiction located in King County, Washington. The parties hereby consent to in personam jurisdiction of said courts.

    You may not decompile, disassemble, or create derivative works based on OnlyMe for any purpose other than creating an adaptation of OnlyMe for your own, personal use. You acknowledge Tranzoa's claim that OnlyMe embodies valuable trade secrets proprietary to Tranzoa. You may not disclose any information regarding the internal operations of OnlyMe to others.

    Top

    Site Licensing

    OnlyMe is available for site licensing. A site licensed version of OnlyMe is suited for easy, large scale deployment. Features of the site licensed version of OnlyMe include:

    For detailed information and for ordering OnlyMe a site license, please contact: Tranzoa directly.


    Tranzoa, Co.
    P.O. Box 911
    Maple Valley, WA 98038 U.S.A
    +1 (425) 432-3532
    Email: onlyme_info@tranzoa.com

    onlyme.htm :
    Last modified November 23, 2003