PalmSource 2000 Session 708 Talk

Hi,

I'm Alex Robinson, from Tranzoa. We're going to review access security for Palm OS devices in general, and OnlyMe, in particular.

First, let me preach to the choir. The information on these Palm devices must be kept from prying eyes. There are at least a couple of good ways to do this. Access control - putting a password of some sort on the device - is the first line of defense. Of course, there are pluses and minuses to having access control on a device.

I'll talk about how to minimize the minuses while keeping the pluses.

Now, when I designed OnlyMe there were four things uppermost in mind:

First - it must be reasonably secure. That's a given. The subject of device security gets kind of technical, but I'll remark on a couple of example details about this in a moment. Second - automatic operation. That means the user doesn't need to think about locking the device. It happens automatically when the device turns off. Third - and this is a major point - fast, easy password entry. The ideal would be for your device to recognize you like a friend might: by your face, the touch of your hand, or something similar. We don't have that technology yet, so we get along as best we can by entering passwords. But entering a password needs to be easy to do, or we'll find a way around the security. And fourth - seamless operation. That means that when you get back in to the device, it's right back where you left it, be it a in a "find" box or any other state.

Ok, some details:

Here are some technical things that were put into OnlyMe, for example:

It stops people from trying one password after another until they guess your daughter's name. Stopping such brute force "hacking" allows a person to use a shorter, simpler password than would be the case otherwise. It stops in-beaming and HotSync, of course. It doesn't show the password on the screen. Though these gizmos are pretty hard to shoulder-surf, what happens when you've entered most of your password and get distracted? If the device is in the cradle or out on a desk, your password is in full view. Finally, it locks the device inside programs or modes that don't allow exiting and running another program.

If you were required to lock your device, you'd probably forget to do so more often than not. So, your device must lock without needing your help. Your life doesn't revolve around locking your Palm device, after all. DEMO: Turn off the power. The device locks when you turn it off. The device locks when it turns itself off. You need do nothing special.

Fast, easy password entry was the key point of the original concept for OnlyMe. I envisioned a program that took a big, simple, quick, gesture as a password. I figured that there were enough such gestures that an arbitrary gesture would be reasonably secure. As it happened, there's a free way to get the ability to take a gesture - even when the program can accept a more complex password. Here's how: DEMO: Turn on power and slide stylus through some keys. Notice that these on-screen keys don't work quite like normal Palm OS buttons. A Palm OS button works only if you tap and release the same button. An OnlyMe password button, though, works differently. You can slide your stylus through the button to "tap" it. Notice how fast it is to enter even a long password. But, because these are buttons, you can still tap them just like any button. Or - you can push the equivalent hard key at the bottom of the device. Why? One handed operation, for instance. Very handy. If you're driving in your car and want to get information from your device, then you'll find one-handed password entry to be a God-send - not that anyone here would do such a dangerous thing. Of course, OnlyMe allows Graffiti input, too. In fact, you can Graffiti all of the numbers and letters. In sum, this is so important. If you can't get your password into the device quickly, then you'll naturally find a way around using access security. This is not good. Think of what's on your device: those emails and notes containing PIN numbers, passwords, social security numbers, financial and medical information - maybe not even your own information. In fact, if it is not your own information, you owe it the people the information is about to keep others out of it.

DEMO: Reset password entry and enter correct password. Finally, and this might seem like a small point, but think of those nice little details in Palm devices that make them pleasant to use... That's one reason why OnlyMe takes you right back where you were, in a pop-up box or not.

Fast, easy, secure. Zen of Palm.

Thank you.