Help to stop password sharing !

Hello everybody,

I have developed a solution which could be of interest for many purposes,
mainly for secure logins at on-line paysites.

I would like to share with the community the results of my developing
efforts, here is the fact, I developed an interesting solution that I would
like you to try.


Take a little time to read the text below, and then go to the testing site I
published, It 'should' work well from any country, actually I tested it in
Ireland, Switzerland and Italy...

The test site is at this address

http://www.exosystem.it/eng/soluzioni/saint_test.php

(please note that JAVA vrtual machine is needed installed on your pc, either
the SUN jvm, or the latest MS jvm, which is not any more available form MS,
but I could send to you an address for downloading if you need...)

Thanks in advance for your collaboration, and I hope to find someone to
remain in touch with for the deployment....

if you wish to contact me just write at the address dropping nosp_ from the
beginning !



waiting for your comments,

Ciao

Marco

--------------

SAINTlogin, a brief introduction

Basically it's a simple idea, but I found that it's not so easy to explain
in words, so I put on the internet a real testing solution, I'll try to be
as clear as possible explaining it, so maybe you can test it and tell me
your impressions, since I'm looking for people abroad to support the idea
and the business behind it...

1) The problem

On-line services are often deployed using subscriptions, users receive a
userid/password to access the web site online.

This practice leads (obviously) to undesired access from unauthorized
people, it is the so called 'password-sharing', and it's something
webmasters and online publishers do not appreciate at all.

Let's say, for example, that I publish a service for on-line news, it
exposes a daily web-newspaper, if I sell yearly subscriptions for 100$, more
people could share the same subscription and I loose much money....

Handling rotating passwords could partly solve the problem, but it's not so
easy to manage and users won't appreciate much the fact of frequent password
change.

2) Solutions

-The problem could be afforded by using certifications, but certificates
are, basically, simple files that could also be shared, and the solution is
not easily portable, so what if I want to have access from other pcs than
the one on which I installed the certficate ?... And what if my PC looses
data on the hard disks ?

-One other solution could be selling subscriptions together with hardware
smart-cards or hardware tokens (i.e. usb), but that implies using hardware,
a solution that is not well accepted by users and it is expensive for the
publisher...

3) SAINTlogin !

The ultimate solution :

I developed a system (a web service) that implements user identification by
telephone, that is, the basic idea was :

If my telephone -does have- a smart card inside, and it is unique all over
the world, why not to use it as user identification system ?

What I mean is that caller-id on the GSM Phone card is unique and not
cloneable....

Note that a GSM SIM cards, are virtually uncloneable (and this is true,
because once cloned it wouldn't be useable, the telephone service provider
would not accept two identical gsm sim-card phones being in use at the same
time and would block the two immediately if found in simultaneous use... )

I called this system SAINTlogin, it stands for :

Secure Access with Identity Notification by Telephone...

4) How it works :

SAINTlogin is a software system connected to many GSM phones (the number of
phones is expandable, actually I have connected 12, more concurrent users,
the more phones can be added, but note that usage of each phone is limited,
just at the time of user login !)

SAINTlogin is written in pure JAVA and ASP (Vb,Javascript) and it's built on
a Windows NT Service written in C++ and C...

A) When a user goes to the service page, he is asked to simply press a
button, then SAINTlogin requires to dial a number.

B) Users dial the number and 'magically !' (if he/she is registered) access
is granted, otherwise not...

To register to an on-line service (actually a demo)

A) go to the registration page, select the desired service, type your name
and press the button

B) Send an SMS message to the number shown, including in it the personal
code that was displayed

When SAINTlogin receives the message, it checks for the received code on an
internal database, and if it exists the user is registered to the service,
basically user's telephone number that comes with the SMS message is stored
as

a unique user identifier that'll be used to recognize him when access is
requested...

Easier to test than to explain !!!

I don't know of any other developer around the world that made something
like this, so I want to share it to let it it know, if you want, please
forward this letter to other friends that could be interested in deploying
this idea too...

5) Advantages of SAINTlogin validation

-Mobile phone usage

Mobile phones are today widely used, there is at least one phone for every
person in the developed countries...

-It could work with fixed phones too !

SAINTlogin relies on caller-id, and there is no reason why it couldn't work
from fixed phones, and it does, offering the same level of security....

Apart from the demo, which relies on sending an SMS for registration, a
provider could manually register users' telephone numbers and manage them
for the duration of the subscription, as it would do with normal user id and
passwords.

-SAINTlogin is not privacy pervasive !

Although SAINTlogin stores telephone numbers in a user's database, there is
not any direct connection between phone numbers and real user names, the
stored identifier can be just a nicknmae, not the real name and it is user
provided....

-ZERO COSTS !

SAINTlogin is a zero-cost implementation : zero-cost for users (no charges
for un-answered calls to the system) zero-costs for on-line providers, they
just have to add a few lines of code to implement the SAINTlogin web service
!

6) Where are we going from now on

-SAINTlogin is going to be transformed in a real web service, it could be
used by webmasters or site developers to implement secure access for their
users, just adding some lines of code to their web pages that invokes the
service

running on our server (or on other clone SAINTlogin servers around the
world)...

- SAINTlogin is going to be a FREE service, or at least it will be just with
some limitations on the number of users (small organizations with, say, 50
to 100 users won't pay anything, but large organizations could pay a small
per/user price to validate their users and an annual fee...)

- I think that SAINTlogin can be as much secure as a credit card, if we link
it to a 4 pin code number, (using ssl protocol) after user dialled to
login....

-Lot's of supplemental services can be built around it, I have many in mind,
I'll tell you about them it if you're interested...

-I've heard of some companies around the world (someone told me there's a
new zealand bank) implementing something like SAINTlogin. they use GSM
phones for their users validation, but it has never been implemented as a
free web service designed to be incorporated in ANY website....

Some of them use just sending an SMS containing a new password at each
requested login, and that's expensive for providers (an SMS at every login)
and boring for users that have to wait for the sms containing a new password
each time they login !

_____________________________________

Libero

Some companies in the world are using similar systems already....
Example some GSM providers.... to authenticate user for online services....

One more thing, Some Gsm Providers allow to assign up to 5 SIM cards to One
number... If someone thinks it's worth the hassle, they can pay for service
like that..... but its rare... I wouldn't worry about that
Cheers





"Libero" <> wrote in message
news:bi5li0$777$...
> Hello everybody,
>
> I have developed a solution which could be of interest for many purposes,
> mainly for secure logins at on-line paysites.
>
> I would like to share with the community the results of my developing
> efforts, here is the fact, I developed an interesting solution that I
would
> like you to try.
>
>
> Take a little time to read the text below, and then go to the testing site
I
> published, It 'should' work well from any country, actually I tested it in
> Ireland, Switzerland and Italy...
>
> The test site is at this address
>
> http://www.exosystem.it/eng/soluzioni/saint_test.php
>
> (please note that JAVA vrtual machine is needed installed on your pc,
either
> the SUN jvm, or the latest MS jvm, which is not any more available form
MS,
> but I could send to you an address for downloading if you need...)
>
> Thanks in advance for your collaboration, and I hope to find someone to
> remain in touch with for the deployment....
>
> if you wish to contact me just write at the address dropping nosp_ from
the
> beginning !
>
>
>
> waiting for your comments,
>
> Ciao
>
> Marco
>
> --------------
>
> SAINTlogin, a brief introduction
>
> Basically it's a simple idea, but I found that it's not so easy to explain
> in words, so I put on the internet a real testing solution, I'll try to be
> as clear as possible explaining it, so maybe you can test it and tell me
> your impressions, since I'm looking for people abroad to support the idea
> and the business behind it...
>
> 1) The problem
>
> On-line services are often deployed using subscriptions, users receive a
> userid/password to access the web site online.
>
> This practice leads (obviously) to undesired access from unauthorized
> people, it is the so called 'password-sharing', and it's something
> webmasters and online publishers do not appreciate at all.
>
> Let's say, for example, that I publish a service for on-line news, it
> exposes a daily web-newspaper, if I sell yearly subscriptions for 100$,
more
> people could share the same subscription and I loose much money....
>
> Handling rotating passwords could partly solve the problem, but it's not
so
> easy to manage and users won't appreciate much the fact of frequent
password
> change.
>
> 2) Solutions
>
> -The problem could be afforded by using certifications, but certificates
> are, basically, simple files that could also be shared, and the solution
is
> not easily portable, so what if I want to have access from other pcs than
> the one on which I installed the certficate ?... And what if my PC looses
> data on the hard disks ?
>
> -One other solution could be selling subscriptions together with hardware
> smart-cards or hardware tokens (i.e. usb), but that implies using
hardware,
> a solution that is not well accepted by users and it is expensive for the
> publisher...
>
> 3) SAINTlogin !
>
> The ultimate solution :
>
> I developed a system (a web service) that implements user identification
by
> telephone, that is, the basic idea was :
>
> If my telephone -does have- a smart card inside, and it is unique all over
> the world, why not to use it as user identification system ?
>
> What I mean is that caller-id on the GSM Phone card is unique and not
> cloneable....
>
> Note that a GSM SIM cards, are virtually uncloneable (and this is true,
> because once cloned it wouldn't be useable, the telephone service provider
> would not accept two identical gsm sim-card phones being in use at the
same
> time and would block the two immediately if found in simultaneous use... )
>
> I called this system SAINTlogin, it stands for :
>
> Secure Access with Identity Notification by Telephone...
>
> 4) How it works :
>
> SAINTlogin is a software system connected to many GSM phones (the number
of
> phones is expandable, actually I have connected 12, more concurrent users,
> the more phones can be added, but note that usage of each phone is
limited,
> just at the time of user login !)
>
> SAINTlogin is written in pure JAVA and ASP (Vb,Javascript) and it's built
on
> a Windows NT Service written in C++ and C...
>
> A) When a user goes to the service page, he is asked to simply press a
> button, then SAINTlogin requires to dial a number.
>
> B) Users dial the number and 'magically !' (if he/she is registered)
access
> is granted, otherwise not...
>
> To register to an on-line service (actually a demo)
>
> A) go to the registration page, select the desired service, type your name
> and press the button
>
> B) Send an SMS message to the number shown, including in it the personal
> code that was displayed
>
> When SAINTlogin receives the message, it checks for the received code on
an
> internal database, and if it exists the user is registered to the service,
> basically user's telephone number that comes with the SMS message is
stored
> as
>
> a unique user identifier that'll be used to recognize him when access is
> requested...
>
> Easier to test than to explain !!!
>
> I don't know of any other developer around the world that made something
> like this, so I want to share it to let it it know, if you want, please
> forward this letter to other friends that could be interested in deploying
> this idea too...
>
> 5) Advantages of SAINTlogin validation
>
> -Mobile phone usage
>
> Mobile phones are today widely used, there is at least one phone for every
> person in the developed countries...
>
> -It could work with fixed phones too !
>
> SAINTlogin relies on caller-id, and there is no reason why it couldn't
work
> from fixed phones, and it does, offering the same level of security....
>
> Apart from the demo, which relies on sending an SMS for registration, a
> provider could manually register users' telephone numbers and manage them
> for the duration of the subscription, as it would do with normal user id
and
> passwords.
>
> -SAINTlogin is not privacy pervasive !
>
> Although SAINTlogin stores telephone numbers in a user's database, there
is
> not any direct connection between phone numbers and real user names, the
> stored identifier can be just a nicknmae, not the real name and it is user
> provided....
>
> -ZERO COSTS !
>
> SAINTlogin is a zero-cost implementation : zero-cost for users (no charges
> for un-answered calls to the system) zero-costs for on-line providers,
they
> just have to add a few lines of code to implement the SAINTlogin web
service
> !
>
> 6) Where are we going from now on
>
> -SAINTlogin is going to be transformed in a real web service, it could be
> used by webmasters or site developers to implement secure access for their
> users, just adding some lines of code to their web pages that invokes the
> service
>
> running on our server (or on other clone SAINTlogin servers around the
> world)...
>
> - SAINTlogin is going to be a FREE service, or at least it will be just
with
> some limitations on the number of users (small organizations with, say, 50
> to 100 users won't pay anything, but large organizations could pay a small
> per/user price to validate their users and an annual fee...)
>
> - I think that SAINTlogin can be as much secure as a credit card, if we
link
> it to a 4 pin code number, (using ssl protocol) after user dialled to
> login....
>
> -Lot's of supplemental services can be built around it, I have many in
mind,
> I'll tell you about them it if you're interested...
>
> -I've heard of some companies around the world (someone told me there's a
> new zealand bank) implementing something like SAINTlogin. they use GSM
> phones for their users validation, but it has never been implemented as a
> free web service designed to be incorporated in ANY website....
>
> Some of them use just sending an SMS containing a new password at each
> requested login, and that's expensive for providers (an SMS at every
login)
> and boring for users that have to wait for the sms containing a new
password
> each time they login !
>
> _____________________________________
>
>
>
>

On Fri, 22 Aug 2003 19:55:39 +0200, "Libero"
<> wrote:

>Hello everybody,

<snip>

Here are some objections - for a start my mobile
like all my numbers does not give out caller ID that is not
negotiable.

Caller ID can be faked. ( I am not giving lessons on how)

sim cards and phones can be cloned. (this may be very
illegal in some countries which demonstrates its done)

After the wave of people distributing software that dials
premium numbers, persuading people to dial a number that
is not obviously local and free is going to be uphill.

Mobile telephones do not operate everywhere, indeed some
of the places I work they have to be switched off.

On the whole, the internet has got better since we no longer have
to dial telphone numbers to use it, so this is a retograde step.

Anything that imposes a difficulty will deter users, its an idea
but don't give up your day job.
--
Jim Watt http://www.gibnet.com

"Przemek Mik" <przemyslaw_mik@(no spam)yahoo.com> wrote
>Some companies in the world are using similar systems already....
>Example some GSM providers.... to authenticate user for online services....

thanks for your comment,

'similar' might not mean 'the same', do you know any of them using the same
system you can test at this address ?
http://www.exosystem.it/eng/soluzioni/saint_test.php

It would be nice if I could enumerate competitors in this field, since the
many I could find all requested a call to be completed and then follow
phone instructions. Some of them require a password sent via sms too, that's
not SAINTlogin case...

What I'm thinking is a central authentication system that coudl serve more
sites, for what I could test, on my small sample of people they find this
login system quite easy and no-hassling at hall, not more than having to
remember passwords...

Please I would appreciate if you can post the addresses of those web
companies that you found using a similar system.

Thank you
Cheers
Marco



>One more thing, Some Gsm Providers allow to assign up to 5 SIM cards to One
>number... If someone thinks it's worth the hassle, they can pay for service
>like that..... but its rare... I wouldn't worry about that
>Cheers





"Libero" <> wrote in message
news:bi5li0$777$...
> Hello everybody,
>
> I have developed a solution which could be of interest for many purposes,
> mainly for secure logins at on-line paysites.
>
> I would like to share with the community the results of my developing
> efforts, here is the fact, I developed an interesting solution that I
would
> like you to try.
>
>
> Take a little time to read the text below, and then go to the testing site
I
> published, It 'should' work well from any country, actually I tested it in
> Ireland, Switzerland and Italy...
>
> The test site is at this address
>
> http://www.exosystem.it/eng/soluzioni/saint_test.php
>
> (please note that JAVA vrtual machine is needed installed on your pc,
either
> the SUN jvm, or the latest MS jvm, which is not any more available form
MS,
> but I could send to you an address for downloading if you need...)
>
> Thanks in advance for your collaboration, and I hope to find someone to
> remain in touch with for the deployment....
>
> if you wish to contact me just write at the address dropping nosp_ from
the
> beginning !
>
>
>
> waiting for your comments,
>
> Ciao
>
> Marco
>
> --------------
>
> SAINTlogin, a brief introduction
>
> Basically it's a simple idea, but I found that it's not so easy to explain
> in words, so I put on the internet a real testing solution, I'll try to be
> as clear as possible explaining it, so maybe you can test it and tell me
> your impressions, since I'm looking for people abroad to support the idea
> and the business behind it...
>
> 1) The problem
>
> On-line services are often deployed using subscriptions, users receive a
> userid/password to access the web site online.
>
> This practice leads (obviously) to undesired access from unauthorized
> people, it is the so called 'password-sharing', and it's something
> webmasters and online publishers do not appreciate at all.
>
> Let's say, for example, that I publish a service for on-line news, it
> exposes a daily web-newspaper, if I sell yearly subscriptions for 100$,
more
> people could share the same subscription and I loose much money....
>
> Handling rotating passwords could partly solve the problem, but it's not
so
> easy to manage and users won't appreciate much the fact of frequent
password
> change.
>
> 2) Solutions
>
> -The problem could be afforded by using certifications, but certificates
> are, basically, simple files that could also be shared, and the solution
is
> not easily portable, so what if I want to have access from other pcs than
> the one on which I installed the certficate ?... And what if my PC looses
> data on the hard disks ?
>
> -One other solution could be selling subscriptions together with hardware
> smart-cards or hardware tokens (i.e. usb), but that implies using
hardware,
> a solution that is not well accepted by users and it is expensive for the
> publisher...
>
> 3) SAINTlogin !
>
> The ultimate solution :
>
> I developed a system (a web service) that implements user identification
by
> telephone, that is, the basic idea was :
>
> If my telephone -does have- a smart card inside, and it is unique all over
> the world, why not to use it as user identification system ?
>
> What I mean is that caller-id on the GSM Phone card is unique and not
> cloneable....
>
> Note that a GSM SIM cards, are virtually uncloneable (and this is true,
> because once cloned it wouldn't be useable, the telephone service provider
> would not accept two identical gsm sim-card phones being in use at the
same
> time and would block the two immediately if found in simultaneous use... )
>
> I called this system SAINTlogin, it stands for :
>
> Secure Access with Identity Notification by Telephone...
>
> 4) How it works :
>
> SAINTlogin is a software system connected to many GSM phones (the number
of
> phones is expandable, actually I have connected 12, more concurrent users,
> the more phones can be added, but note that usage of each phone is
limited,
> just at the time of user login !)
>
> SAINTlogin is written in pure JAVA and ASP (Vb,Javascript) and it's built
on
> a Windows NT Service written in C++ and C...
>
> A) When a user goes to the service page, he is asked to simply press a
> button, then SAINTlogin requires to dial a number.
>
> B) Users dial the number and 'magically !' (if he/she is registered)
access
> is granted, otherwise not...
>
> To register to an on-line service (actually a demo)
>
> A) go to the registration page, select the desired service, type your name
> and press the button
>
> B) Send an SMS message to the number shown, including in it the personal
> code that was displayed
>
> When SAINTlogin receives the message, it checks for the received code on
an
> internal database, and if it exists the user is registered to the service,
> basically user's telephone number that comes with the SMS message is
stored
> as
>
> a unique user identifier that'll be used to recognize him when access is
> requested...
>
> Easier to test than to explain !!!
>
> I don't know of any other developer around the world that made something
> like this, so I want to share it to let it it know, if you want, please
> forward this letter to other friends that could be interested in deploying
> this idea too...
>
> 5) Advantages of SAINTlogin validation
>
> -Mobile phone usage
>
> Mobile phones are today widely used, there is at least one phone for every
> person in the developed countries...
>
> -It could work with fixed phones too !
>
> SAINTlogin relies on caller-id, and there is no reason why it couldn't
work
> from fixed phones, and it does, offering the same level of security....
>
> Apart from the demo, which relies on sending an SMS for registration, a
> provider could manually register users' telephone numbers and manage them
> for the duration of the subscription, as it would do with normal user id
and
> passwords.
>
> -SAINTlogin is not privacy pervasive !
>
> Although SAINTlogin stores telephone numbers in a user's database, there
is
> not any direct connection between phone numbers and real user names, the
> stored identifier can be just a nicknmae, not the real name and it is user
> provided....
>
> -ZERO COSTS !
>
> SAINTlogin is a zero-cost implementation : zero-cost for users (no charges
> for un-answered calls to the system) zero-costs for on-line providers,
they
> just have to add a few lines of code to implement the SAINTlogin web
service
> !
>
> 6) Where are we going from now on
>
> -SAINTlogin is going to be transformed in a real web service, it could be
> used by webmasters or site developers to implement secure access for their
> users, just adding some lines of code to their web pages that invokes the
> service
>
> running on our server (or on other clone SAINTlogin servers around the
> world)...
>
> - SAINTlogin is going to be a FREE service, or at least it will be just
with
> some limitations on the number of users (small organizations with, say, 50
> to 100 users won't pay anything, but large organizations could pay a small
> per/user price to validate their users and an annual fee...)
>
> - I think that SAINTlogin can be as much secure as a credit card, if we
link
> it to a 4 pin code number, (using ssl protocol) after user dialled to
> login....
>
> -Lot's of supplemental services can be built around it, I have many in
mind,
> I'll tell you about them it if you're interested...
>
> -I've heard of some companies around the world (someone told me there's a
> new zealand bank) implementing something like SAINTlogin. they use GSM
> phones for their users validation, but it has never been implemented as a
> free web service designed to be incorporated in ANY website....
>
> Some of them use just sending an SMS containing a new password at each
> requested login, and that's expensive for providers (an SMS at every
login)
> and boring for users that have to wait for the sms containing a new
password
> each time they login !
>
> _____________________________________
>
>
>
>

>Here are some objections - for a start my mobile
>like all my numbers does not give out caller ID that is not
>negotiable.

Thanks for the interesting hints,

>Caller ID can be faked. ( I am not giving lessons on how)

Caller ID is sent by central GSM provider, and cannot be faked on GSM
networks, probably it could altering packets at central provider, certainly
not from a network connected phone.

>sim cards and phones can be cloned. (this may be very
>illegal in some countries which demonstrates its done)

This is true, but those sim cards couldn't be used at once, providers would
block via automatic detection....

>After the wave of people distributing software that dials
>premium numbers, persuading people to dial a number that
>is not obviously local and free is going to be uphill.

I'm trying to determine this, actually my small sample demonstrates the
contrary, but you might be right on a complete sample testing...

>Mobile telephones do not operate everywhere, indeed some
>of the places I work they have to be switched off.

This is the most influencing objection, you're right

>On the whole, the internet has got better since we no longer have
>to dial telphone numbers to use it, so this is a retograde step.

I think that dialing a phone number is not worst than dialing your pin code
to access credit on ATMs

>Anything that imposes a difficulty will deter users, its an idea
>but don't give up your day job.

Not much difficult, try the test page and let me know if it's been so
difficult to be granted

http://www.exosystem.it/eng/soluzioni/saint_test.php

Cheers
Marco

Colonel,

>You can emulate any phone number and any name you want, within minutes.
>You should research this a bit further.

I've already done such a research, you could probably fake CLID on local
phones this way :

1) Withhold your CLID disabling it on phone settings or diverting your call
through an operator.
2) when the other party picks up the phone startup a modem to send to the
CLID, (sending modem info directly to the CLID unit to the other end of the
line would probably show up your number)

So this is what happens at the ther side of the line :
1) Fone rings and CLID unit says "Operator call" or "Number withheld".
2) after user picks up the Phone the unit then says the fake number on its
screen.

Probably there's a way to write some lines of code so that a modem could
talk to a CLID reader unit.

-BUT-
A) this works only with CLID units not with GSM phones (those attached to
the SAINTlogin sw/hw system)
B) SAINTlogin never picks up the phone call, so there's no way of sending
modem data after connection.

Basically in all cases CLID is sent as a modem info from central provider
before phone rings (old phone systems were using ANI, but it differs because
it's analogic not digital).

Anyway, did you go to the test page and had a look and test how SAINTlogin
works ? Other Objections would be appreciated.

Thanks for continuing thread discussion

Marco


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

On Sun, 24 Aug 2003 20:42:06 +0200, "Freetone" <xx@no_spam.com> wrote:

>Basically in all cases CLID is sent as a modem info from central provider
>before phone rings

I think we know this, but your system does not have any information
about where the call is coming from apart from the caller ID data and
that can be faked to read whatever. From some switches it can also
be unreliable and or missing. Nor is it available from all
international destinations.

There is also the issue of data protection and security as you are
presumably keeping records of names and telephone numbers.

As previously mentioned, my mobile is ex-directory and the only
way one can ensure numbers are kept that way is not to give them
out, so the system would be un-usable for me.

--
Jim Watt http://www.gibnet.com

>I think we know this, but your system does not have any information
>about where the call is coming from apart from the caller ID data and
>that can be faked to read whatever. From some switches it can also
>be unreliable and or missing. Nor is it available from all
>international destinations.

using passwords doesn't give also any info on where and from who the
connection is made.
Regarding the int'l problem SAINTlogin is planned to have one central
authentication server in each country....
Data security is provided using certificates between the SAINTlogin server
and hos serevr requesting user validation....

>There is also the issue of data protection and security as you are
>presumably keeping records of names and telephone numbers.

Regarding privacy, no personal user info is stored together with CLID and
numbers alone... are just numbers... !
Just look at it as if it's a user-id !

>As previously mentioned, my mobile is ex-directory and the only
>way one can ensure numbers are kept that way is not to give them
>out, so the system would be un-usable for me.

Subscribing to a service does require to you a little effort, remembering
all those passwords is also boring....
Anyway in my country more than 90% of phone users don't hide call id,
they're all potential SAINTlogin users....

SAINTlogin will be a FREE service based on a webservice, as such a
webmaster/solution developer can choose to use it or not, just select your
level of protection (password sharing on or off) once said that.....

Just think that it could be used by information providers such as newspapers
or other on-line information services , not just for e-commerce... Not to
mention the many marketing fields it could be applied to (clients filtering,
surveys, etc)

I think that not only users must be protected on security issues, but
content providers too ! (i.e. from passwords stealing/sharing)

Cheers
Marco

On Mon, 25 Aug 2003 12:22:10 +0200, "Libero"
<> wrote:

>Subscribing to a service does require to you a little effort, remembering
>all those passwords is also boring....
>Anyway in my country more than 90% of phone users don't hide call id,
>they're all potential SAINTlogin users....

it may be that I am more paranoid than others about disclosing
telephone numbers.

As a final thought you may get some discontent from the network
service providers as you are giving them traffic and no income.
--
Jim Watt http://www.gibnet.com