mobivault - the data vault in your pocket Page 4.

mobivault works with Android OS and most Java and Symbian phones Code Card Devices Ltd Company Number 05543625 Registered Office - 76 Worple Road, Epsom KT18 7AF mobiVault - Frequently Asked Questions Q. How secure is my data? A By choosing a master password with care your data is safe to an unimaginable degree. The mobile phone has a large selection of special characters and, choosing from these, the numbers and upper and lower-case letters, means that an 8-character password can be chosen from 10,000,000,000,000,000,000 possibilities. Longer passwords mean more possibilities. This is how it works. There is no copy of the password stored in the phone. When you enter it, it is converted via a special algorithm into a set of numbers: for every possible password there is a unique set. (Even for the same password, the numbers are different for every phone.) These numbers determine how our proprietary encryption algorithm encodes and decodes your data. All your data is stored in the phone protected in this way - uniquely scrambled for each possible password. A good password can never be guessed. If you lose you phone, another person could only try 5 guesses after which all the data is destroyed. (So don't forget your password, there is no back door!) When you take a piece of data and encrypt it with a good algorithm, each text character is chopped up into pieces and mixed with pieces of the other characters: the bigger each group of characters this process is applied to the more obscure the result. In the mobiVault system, it is a function of the master password to determine how the mixing is done. For example, using just four numeric characters, there are 10,000 ways of doing this. Using 4 letters instead of numbers the possible combinations rises to 450,000. If you use a combination of numbers, upper and lower case letters and, a selection from a choice of 30 symbols, the number is over 71,000,000. Use 16 characters for the password instead of 4 and you have more than 20 million trillion trillion ways of scrambling the data. Q. How do I get a copy of the program? A. Android phones download from the Android Marketplace, Java phones from Nokia OVI store Q. How do I know if the software will run in my phone? A. Mobivault runs on the Android OS so if you have an Android phone mobivault should run with no problem. For Java and Symbian phones check your phone's features. If the phone supports MIDP 1.0 or MIDP 2.0 the software should run on your phone. It is hard to find a phone that doesn't offer this support. Q. How do I know that downloading your application won’t damage my phone? A. mobiVault has been certified through the Java Verified program (www.javaverified.com). The Java Verified program was launched by Motorola, Nokia, Siemens, Sony Ericsson, Vodafone Group, LG Electronics and Sun Microsystems. In the words of the program “you can be sure that your application meets the industry recognised test criteria created by mobile Java technology experts, including leading device manufacturers and network operators.” Q. What happens if my phone runs out of power? A. In the same way that your phone book memory is retained when your battery is exhausted your database will also be retained. Q. What happens if I inadvertently leave my phone with the application open? A. If no key is pressed for 5 minutes the application will close automatically. In addition if your phone “timesout” the application will close. Q. I was entering some data and the application closed? A. As an additional security measure the application automatically times out after 15 minutes however only the record being entered at the time is affected. Q. Sometimes I have to OK an action I have already accepted? A. There is a version of the software for 'phones which support MIDP 1.0 and also a version for 'phones supporting MIDP 2.0. These are standards to which nearly every mobile 'phone manufacturer subscribes and we have adhered strictly to these. Q. What if someone gets my phone – can they take it apart or connect to a PC to get at my data? A. The software has been designed to withstand even this eventuality. Because the keys and permutation table are produced by a one-way function, the only attack is by trying every possible combination of master password until a match is found with guessed possible values of fragments of the confidential data. To begin with, the attacker would somehow have to extract from the phone a copy of the software and reverse-engineer it to discover the algorithm. Then for each phone the encrypted database would have to be extracted. It is accepted that the attacker's computing resources will be much superior to those of the device. However, the user is able to choose a master password in order to put the cost and timescale to discover the password, by several orders of magnitude, beyond the worth and lifetime respectively of the confidential data. Q. How many passwords can I store? A. You can store up to 100 “services” with associated passwords, numbers, Credit Card details or contacts as required. Q. What characters can I use to make up passwords? A. All passwords are case-sensitive. Use numbers, letters and symbols. It is best to use only the symbols you are familiar with but this will give you a choice of about 30. Q. How can I change my password or user name details? A. By selecting the service name required you then have the option to modify details as required. Q. I like the idea of the random password generator but the password is too long? A. Select random generated password and then modify to something shorter or more suitable. Q What happens if I forget my Master Password? A. Due to the security inherent in the application if you forget your Master Password you will have effectively lost access to your database of stored information. There is no back door and none was used for testing. You may consider keeping a note of your Master Password in a secure place separated from your mobile. e.g. in a safe at home or with a trusted friend or relative. Q. What happens if I enter the wrong Master Password? A. To ensure security if you enter an incorrect password 5 times in a row all your data will be destroyed. This will happen even if you switch off the phone in between attempts. When you enter the correct password, this count is reset. In this way occasional mistakes will not jeopardise your data. Q. Where can I go for more help? A. Email help@mobivault.net Some more details on mobiles, applications, android and java can be found at www.sun.com www.nokia.com www.samsung.com www.sonyericsson.com w ww.motorola.com www.lge.com E and OE "Java and the Java Powered logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries, and are used under license." HOME ABOUT GET FAQ USER TERMS CONTACT