1. Field of the Invention
The present invention relates generally to data processing systems. More specifically the present invention provides a method, computer program product and data processing system for concealing user identities through the use of aliases.
2. Description of the Related Art
Computers are now prevalent in almost every aspect of daily life, from sending e-mails to making on-line purchases. As the use of computers and data processing systems has grown, so has the need to provide security for these data processing systems.
Looking back on the early days of Unix system security, the “encrypted” password used to ensure secure sign-ons was viewable to anyone because the password appeared on the screen in a field called password. Eventually this mistake was corrected and the “encrypted” password was moved to a file that was only accessible to the super-user called root in Unix or administrator in Windows. This change made the system more secure and less vulnerable to attacks.
Another security technique that has been employed is the lack of information or misinformation that is given to a denied user. It quickly became apparent that telling a user attempting to sign-on that he/she had provided an invalid user identification or that he/she had failed to provide a correct password gave potential attackers clues in cracking the security system. Therefore, currently, most security systems go through the motions of verifying sign-on information by accepting incorrect passwords and non-existent users and provide a message only to the extent that the attempted sign-on has failed, rather then denying the existence of the user immediately. Thus, the attacker is not provided any additional information as to the identity of users on the system.
However, this method still has flaws. When a user attempts to sign-on, the user types his/her user identification in the clear, on the screen, in full view of potential hackers or thieves. This defeats the very purpose of going through the motions of the security measure, as the hacker or thief can readily obtain a valid user name and simply concentrate on cracking the password.