BitMint: User-Centric Cryptography
A Company Built on an Idea:
Randomness is a trusted shield against smarter and better equipped adversaries
Silent Entrapment of Identity Thieves
The stolen password they use carries a hidden mark
The best way to fight identity thieves is to deter them with the fear of entrapment.
One attaches a marker to a password. The password looks the same on the screen, but its marker is silently being refreshed as often as you like. When a thief tries to use today the password he stole yesterday then he, unwittingly, announces himself as a thief to be caught, and alerts the system that a theft occurred.
This is a game changer. For a long time thieves faced no deterrence. Failed hackers simply tried again and again. But now, when they get in they must suspect: "Have I been made? Have I triggered a silent alarm, and am I being hunted down while I seemingly compromise my penetrated victim?"
BitMint*Entrapment is not sprung on wild guesswork. It discriminates and zeroes in on hackers who have stolen valid access credentials and use them on the attacked server. These effective thieves are the ones we seek to flush out!
You apply for a loan, the loan officer needs to check your credit, and so, reluctantly, you surrender your social security number. With this piece of information they, or anyone getting access to your SSN, can do you a lot of harm. But not so with BitMint*Entrapment. Private data like social security numbers, account numbers, passwords -- are all Nooanced (TM)- -- marked, and re-marked as often as desired. Now you don't need to change your password so often, because its marking changes -- automatically. How often? On schedule, per request, and even a new password marking every time you use it. You still have to enter your memorized or recorded clear password.
BitMint*Entrapment is effective because for the first time you make your attacker sweat, and worry. As long as there are good targets that don't deploy BitMint*Entrapment, why risk getting caught?
In order to access your account you must type in or paste in your credentials. Your computing device writes these credentials in the Nooance language, where those credentials are marked before they are communicated to the server.
The big catastrophic breaches happen when a remote user enjoying a lot of power over the system unwittingly falls for a phishing trick or otherwise surrenders his credentials to a wily hacker. These high-powered users are prime targets for hackers. But guess what -- they are also the ones most tightly protected with BitMint*Entrapment. Hackers know it, and wonder -- do I get myself into a trap? That is where we want them to be.
The BitMint*Entrapment protocol, the markings of nominal data, (Nooance), and some variety of applications are detailed in US Patents 10395053, 10733374.