Entering Login details thru Keyboard has been found to pose security
risks. I just got an idea which i will explain with an example. This is
much safer as it uses mouse clicks and no ASCII characters encrypted or
otherwise move on the SSL Page in TCP/IP, No keystrokes are generated since only a Mouse is used.
When the Secure Login page is visited by the User, He will see an image (png) with randomly generated Numbers (or Alphabets).
This is done using a Captcha like process.
Now
the user in order to Login to his Account will click the Numbers (image
map - js onclick). The numbers can be scrolled, inc/dec (area on number
top/bot). He will set the User ID and Password with a series of clicks
(just like Combination lock.
When he is done he will
Press Login. The safest Login that can ever be achieved, no trace of
number anywhere. The only risk is posed by an Onlooker or a Webcamera,
Hence this can be used in closed Opaque kiosks only.
Alternative -
A
Random Captcha AlphaNumeric KeyBoard Layout Imagemap. The User and
Password field will be textboxes as usual. The User will click into
textbox, a key-layout appears on right (ajax). The user clicks the
alphabets and numbers on keyboard image and then he presses Login.
Here the password will appear as ****. And the keyboard imagemap layout is random size usable AlphaNumeric Single png Image.
When pages from the web are downloaded to your computer. A page means a html page, like "mypage.html", with a lot of bells, whistles and flashers. These are javascript, flash and images like png-jpg-gif and even mp3-mpeg.
This is an old post around 2005, in those days this post became
popular and created some ripples. I removed that blog due to Idea
Squirrels who steal other people ideas and do not give credit. Now i am
archiving it after curating. RFID like QR Code is a Data Input Element.
Higher value coins can be made this way. Notes get torn
and carry infection, cannot be washed. Difficult to count even with
machines.
ER Coins (Epoxy Coins with RFID) can be easily counted. From Piggy banks to conveyors. integrating counting is child's play.
Even
a HandHeld device app can count how much your pocket is worth right
now. Coins are at the reach of every one. Coins and Notes will remain a
valid method for all time as they are time tested, trusted and reliable.
These
Epoxy coins can be washed, verified, counted and epoxy can be very long
lasting. A unique ID or Series of every coin-bag is possible. This can
help tracking for high value coins.
Even gold linked coins are possible, these change value based on the worth of gold.
A Grade of Epoxy can be made so that it is least harmful for the Environment, yet retains its durability and Transparency.
Transparency
is required for a Tiny Color Coded Bar, which is Insert Moulded into
the coin. This enables quick visual identification of coin value.
First Posted around 2005 in Ideas of delabs blog
Big
Denomination Smart Currency can be made with Smart Chip. This will
ensure Large Amounts of money drawn by one person will not cause Notes
shortage.
Large Denomination Smart Notes can be made
with reducing Balance. This can have a chip and Near Field wireless
interface. An OTP is needed to validate transaction. Above two points 2018 Additions
Suppose you want to have a simple means of communication with a known
individual online without the need to a routine task to check or sort
mail, there is, we know a solution. which is instant text messaging.
Spam in this is very rare.
Secure Authenticated News is hard to find
Now
an alert comes by email, about some secure site, you have to first
find if it is real or it is a phishing-spoof. You first go in your
browser to your secure-site and verify. So communication of such kind
has to be a combination of Instant-messaging and email. If the secure
site sends a IM + eMail. Then you know it is real. As you have only
known contacts on your IM.
Now
one step further, if the secure site in which you have your account
has a secure encrypted rss-xml feed of your account which can only be
read with an user-id and password.
Now You have a
feedreader for secure sites with provision for authentication. You
place your accounts feed and setup the login. Now once a day or once a
week it reads the encrypted private feed and you are updated about the
status of your secure account. The Client feedreader also can be given
access by secure site, which will note the programs serial number and
vendor number and the NIC Number.
(Idea - Wednesday, December 27, 2006, Revised - 31 March 2007, Nature - Open Source)
Now many third part scripts like Stats, Ads, Videos, Gadgets and Ajax
elements are available for embedding in the template of a service or
community-network template page.
Average user cannot tackle code snippets and inadvertently introduce errors, while adding the code to his template html source.
More
important is that this snippets will change syntax as the webapps
evolve and the service api changes or even new web standards.
It
may be best to make this snippet invisible to users and available to
programmers if needed. Even the code coming on the browser client html
makes the page cluttered and there is a bandwidth element too.
A new HTML tag may help clean the clutter and leave the snippet at the server. It is similar to embedding images ..
The
xgz tag is for gz compressed xhtml code analogous to "img src" for
embedding images. The gz file has CSS-JS and XHTML code that is current
to that service and account.
The Browser decompresses
the gz and renders the page and effects as designed. The Browser View
source just shows the xgz tag for every code-embed. Expanding the
element gives more details. As this code is at host, it cannot be
modified or tampered by any user.
The best part of this
is, some code gz can be password protected so the code wont unzip or
render for user browsers that are not logged in. The password
protection of code gz can also protect the code to some extent. Which
may be the DHTML or AJAX IP of creative web designers.
