TealLock User's Manual
Program
Version 5.20
Last
Updated:
Chapter
1 – Introduction
Contents
Chapter 2 - Installing
Chapter 3 - Overview
Background
TealLock
TealLock Corporate Edition
Chapter 4 - TealLock Main Screen
Activating TealLock
Setting Passwords
Locking the Handheld
Hiding Private Records
Changing Settings
Chapter 5 - Activation Settings
Shortcut Strokes
Automatic Hiding/Masking
Automatic Locking
Chapter 6 - Lock Screen Settings
Password Key Mapping
Owner Text
Background Image
Additional Display Options
Chapter 7 - Security Settings
Password Controls
Locking/Unlocking Options
Data Encryption
Card Encryption
Data Self-Destruct
Advanced Options
Chapter 8 - Other Settings
Settings file
Chapter 9 – Corporate Admin Settings
Admin Controls
Remote Unlock
Install File
Uninstall File
Appendix A - Usage Tips
Setting a Password
Emergency Password
Receiving calls with your Treo or Kyocera Smartphone
Lock-screen Images
Lock-screen Text
Shortcuts
Welcome Screen
System Lockout Screen
Appendix B – HIPAA Compliance with TealLock
Background
TealLock HIPAA compliance features
Appendix C – Security Whitepaper
Appendix D - Compatibility
Installation and launching
Password entry
PalmOS Phone Support
Compatibility
Alarms
Encryption
Flash Memory
Site Licenses
Appendix E - Products
Appendix F - Revision History
Appendix G - Credits
Appendix H - Contact Info
Appendix I - Registering Standard Edition
Appendix J - Registering Corporate Edition
Appendix K - Disclaimer
Thank you for trying TealLock. This program replaces the standard security application with a powerful and flexible system with many activation and customization options, insuring the security of your personal and company data.
This manual supports both the consumer version of TealLock and TealLock Corporate
Edition, which adds special administrator access features designed for
corporate use.
This
archive contains the following files:
Program files:
TEALLOCK.PRC The TealLock
program file
TPSETUP.EXE Easy-installer for Windows
Document files:
LOCKDOC.PDF Program manual in Adobe Acrobat (PDF)
format
LOCKDOC.HTM Program manual in HTML format (sans
images)
LOCKDOC.PRC Program manual in TealDoc
format
REGISTER.HTM TealPoint Registration form in HTML format
REGISTER.TXT TealPoint Registration form in text
format
LOCKIMGS.PDB Sample TealLock
Background images
Single copy/demo installation
Under
Windows, double-click on TPSETUP.EXE to install the necessary files. Note that you must first unzip all the source
files into a working folder. If you only
start TPSETUP from within WinZip, it may not find all necessary files to
install.
You may also use the Palm
Installer to install TealLock. After installing the program file, TEALLOCK.PRC, the program will appear
on your device after the next HotSync.
You may also want to install LOCKIMGS.PDB which includes sample TealLock background images and LOCKDOC.PRC which is the TealLock manual
as a Palm OS document. This file can be
read with our application TealDoc.
The PalmOS Installer appears as in icon in
the Palm Desktop program on your desktop computer. Instructions
on how to use the Palm installer are in the Palm Handbook that came with your
Pilot, PalmPilot, Palm, Visor, WorkPad, Handera, or
CLIE.
Upgrading from older versions
When
upgrading TealLock from older versions of the
program, you may safely HotSync the new version over the old, but you must first turn off the previous version
before HotSyncing the new one. If significant features have been added in
the new version, you may need to re-enter your password, settings and
registration information.
Site License
Installations
To install a site license version of TealLock
Corporate Edition, install the custom .prc file
delivered upon completion of the license agreement using the PalmOS
installer. To install along with
identical settings on multiple units, see the Installation File instructions
later in this document. As with single
installations, any prior versions of TealLock will
need to be turned off before installing a newer version. This can be done using an Uninstall File also detailed below.
Precautions
Due
to the nature of this program (a security app), you are strongly advised to
back up your organizer following the instructions in your PalmPilot handbook
before activating TealLock and setting a password. In
the event you should you forget your password or run a downloaded application
that interferes with TealLock, you may otherwise have
limited options in getting back to your data.
Every year, some 20,000 handheld
organizers are lost or stolen, many loaded with sensitive private or personal
information. Most of these units have no
protection against unauthorized use. TealLock fulfills this need by automatically locking a
PalmOS handheld, hiding private records according to customized settings,
encrypting sensitive data in memory or external storage cards, and requiring a
password for continued use.
The
Palm Operating System comes equipped with some basic security features such as
a system password, private record support, and a system locking screen. However, the default system is cumbersome, as
one has to manually start the system security application to change the state
of hidden records or to lock the device.
Furthermore, its interface is inflexible, relying on graffiti as the
only means to enter passwords, and features few activation or customization
options. Lastly, the system is largely
insecure, including no encryption features to prevent unauthorized access to
sensitive data. Consequently, the system
security features are often too clumsy to use and are often ignored, leaving
handhelds with no security whatsoever.
TealLock
replaces the standard security application.
It offers greater flexibility in order to meet individual security
needs. TealLock
supports 128-bit hashed passwords, encrypting of files in memory, encrypting of
files on external storage cards, optional password entry by hardware buttons or
online keypads, customized locking screens with text and images, graffiti
stroke activation, and automatic timed activation with numerous configuration
options.
TealLock
is so powerful that it has been adopted by Palm itself, appearing in ROM on
select Palm handhelds such as the Tungsten T2 and Tungsten C. TealLock
incorporates all the features present in this enhanced TealLock Security application, with additional customizations and
encryption options available nowhere else.
TealLock
Corporate Edition expands on TealLock, providing
features especially useful in a corporate environment, including a separate
administrator password. The
administrator password allows a company’s IS department to access a handheld or
issue a time-sensitive emergency password should an employee forget his or her
password. More importantly, when an
administrator password is active, the user is required to continue using the
program; a user password cannot be used to turn off or delete TealLock or change its configuration settings. The administrator can also:
·
unlock
employee devices, using a time-sensitive temporary password
·
set
a minimum length for user passwords
·
require
use of both numbers and letters in user passwords
·
lock
out the user password after too many failed attempts
·
install
identical settings on multiple devices using an install file
Once installed, to start TealLock, go to the Palm applications launcher and tap on the TealLock icon. The TealLock Main Screen will appear. Here you can set a password, show or hide private records, or turn on or off TealLock protection.
The TealLock Status indicator shows whether TealLock has been activated. Activation is necessary before TealLock can respond to shortcut macros or automatically lock or hide private records.
Click on the ON button to activate TealLock protection. On handhelds running PalmOS 3 or PalmOS 4, the devices will restart to enable protection.
Once activated, if a user password has been set, it will be requested before TealLock can be turned back off.
The user password indicator on the main screen shows whether the TealLock user password has been set. Tap on the indicator to set or change the user password.
TealLock maintains its own unlocking password, which can optionally be kept in sync with the system standard password. Similar to the standard security app, you set a password to lock the device or protect private records from unauthorized viewing. The quick password is explained later in this document.
Both
the standard Security application and TealLock can
hide and show private records, so you should make sure that a password is set
in the standard application even if one has already been set inside TealLock. It's
probably a good idea to make the two passwords the same so there will not be
any confusion between the two. This
option can be set automatically in TealLock using the
‘Keep System Password in Sync’ option, which changes the system password
whenever the password is set in TealLock.
NOTE: Under PalmOS 5.0+, do not use the automatic locking features in the Palm standard security program simultaneously with TealLock. When running TealLock, use TealLock’s automatic locking options instead. And turn off any standard Security automatic locking features before activating TealLock.
TealLock’s primary function is as a locking
program. It secures the handheld by
bringing up a locking screen which requests a password before granting access.
Manual
Locking
The Lock and Off
button on TealLock’s main screen lets you quickly
secure the handheld from within TealLock. The device will be turned off, and when
turned on again later, will appear on the TealLock Locking Screen, requesting a password
to continue.
Automatic
Locking
There are other numerous and more convenient automatic
activation options as well, accessible from the TealLock Settings Screen, which is addressed later in this document.
TealLock’s secondary
function is to act as a mechanism for hiding and showing private records. Palm OS supports a global private record
setting which is individually supported by applications to hide or show
sensitive files, entries, or data records.
Manual Hide/Show Control
The Private Records indicator displays the current private records
state: globally shown, masked or
hidden. Tap on the hide, mask, or
show buttons to change the current setting. If a user password has been set, you will be
asked to enter it in order to show private records that have been hidden.
The Change Settings button lets you access
the TealLock Settings
Screen to set and adjust many more interesting activation and customization
options. Settings fall into four
categories: Activation, Security, Lock Screen, and Other. In TealLock Corporate Edition , the last category is called Admin and contains extended selections.
When a password has been set, it
will be required to access the settings screen.
In the Corporate Edition, the normal user password cannot gain entry.
Instead, the Administrator password must be entered.
Details for using individual
features and settings in each of these categories follow.
The
activation screens adjust when and how TealLock
engages to lock the device or handle private records. There are three activation screens: Shortcut
Strokes, Automatic Hiding/Masking,
and Automatic Locking.
This option specifies the graffiti shortcuts used to hide or show private records or to lock the handheld. To enter a shortcut stroke, write a cursive 'l' (lower case ‘L’) followed by the specified letter or number. Note that capitalization is ignored and these shortcuts override any standard graffiti shortcut macros, so you should set your TealLock shortcuts to letters that are not used as the first letter of any PalmOS macros specified in Preferences.
The Automatic Hiding/Masking screen adjusts when private records are automatically hidden or masked. The following options are available.
Minutes after power off
Activates when the handheld has been off longer than a specified time period. Set to 0 for automatic activation immediately after power off.
Minutes after password entry
Activates if the specified number of minutes has passed since your password was last entered. Use this setting to setup behavior where your password is “valid” for only the specified period of time before it needs to be re-entered. The unit must be powered down before actual record hiding/locking takes place to insure that user data is not inadvertently lost.
Minutes after last activity
Similar to the “mins after power off” option, this option also takes into account the last time the screen was tapped or a button was pressed if the unit powers down due to lack of activity. Note that this option still requires the unit to power down, as it will never forcibly take control of the unit while it is on and might be in use.
On system reset
Activates if the unit is reset either by a system crash, by software control, or by the pinhole reset button in the back of the device.
Daily, at time
Activates at a specified time of day. In other words, if a specified time passes, TealLock will activate the next time the handheld is powered on.
If powered up between specified hours
Activates if the handheld is powered up (switched on) during a specified time of day.
Enabled on specified days
Sets the days of the week when the above activation options (except shortcut) apply. On the days that are not highlighted, automatic activation will not occur. (Highlighted items appear blue or gray.)
Enabled between specified hours
This option allows one to specify a
time range in which automatic activation is active. Note that this option is not the same as the
“If on between” setting. That
option will trigger a TealLock activation request in
certain circumstances, while this option determines whether that
request (or any of the other automatic activation requests) are handled
at all. Basically, unless you wish
automated settings to be inactive during a certain time period, the specified
hours should be set to ‘betweeen the hours of
NOTE: Setting the
first time earlier than the second time (e.g.
The Automatic Locking screen is very similar to the Automatic Hiding/Masking screen, and supports all the same options described above.
TealLock’s locking screen is highly
configurable, offering numerous customization options for its appearance,
background, controls, and input methods.
Lock
Screen Settings let you adjust the appearance, contents, and
functionality of the TealLock lock screen.
TealLock supports
mapping of the four application buttons, the up/down scroll pad or Palm 5-way
controller, and the auxillary voice-record button on
the Tungsten T. When the locking
password is set to matching characters, pen-free password entry is enabled.
By
default, numbers are mapped to the application buttons, but you can reassign
the buttons in the Password Key Mapping
window.
When entering passkeys, the Page-Up scroll button functions
by default as a backspace key, while the Page-Down scroll button defaults to
being equivalent to writing an “enter” stroke or tapping on the “OK”
button. These buttons can be remapped as
well, and other buttons can be mapped to these functions instead.
Entering “en” will map a key to
the enter stroke, and “bk” will remap
it to the backspace stroke. Enter “no”
for a button to cause it to have no action whatsoever.
In the Owner Text window, you can select the content, font, and alignment of the text that appears on the Locking Screen. Typically, this consists of instructions, company, or owner information in case the device is lost.
The text specified here can also alternatively appear on a separate help screen instead of the main locking screen when using the “help screen option” under Additional Display Options.
The image
settings screen lets you select a custom image to be
used as a backdrop for the Locking screen. The image must already be loaded onto your
handheld, having been created in TealPaint or
imported using the TealPoint Image Manager which comes with TealPaint. On hires handhelds, images larger than
160x160 are displayed in high resolution.
The image must be in TealPaint image format.
If multiple images exist in the named database, one will be selected at
random each time the handheld is locked.
You can also choose to treat the image database as an animation by
selecting the “Animate” checkbox item, and selecting an animation
speed.
For best results, make sure the
source image used matches the default current display mode of the
handheld. Most monochrome devices run
applications in 1-bit mode, which color apps are typically run in 8-bit mode.
For better looking images, the “Grayscale”
option can be used on monochrome handhelds running PalmOS 3.3 or higher to show
background images in 16-shade grayscale instead of the default black and white
mode. Similarly, to better show 16-bit
images, “16-bit” mode will force the
system display mode to 16-bit mode while on the lock screen.
Lastly, choose the “Cache Image” option for faster screen
updates if available memory permits.
The Display Options screen lets you customize the
appearance and functionality of the locking screen, adding additional items
such as clocks and battery level indicators.
Options available on this screen include:
Adds a battery level indicator to the lock screen.
Window border frame
Adds a border around the locking window.
Private records picklist
Adds a control to the lock screen, which allows you to select the view state of private records before unlocking the device. The private record control can be preset to whatever setting was active prior to locking the device, or can be specifically set to hide, show, or mask (if supported by PalmOS version).
Number keypad
Adds
a number entry keypad to the lock screen to aid in entering numerical
passwords, or act as a Trojan Horse to mislead would-be miscreants. The numerical keypad can be large, allowing a
fingertip tap, or small and compact, and can be either standard computer keypad
layout or in an inverted “phone-style” layout.
The large “phone-style” keypad has alphabetic characters on it
corresponding to those found on phone pads in the
Date and Time
Adds an on-screen date and time indicator to the lock screen. Three different fonts are supported (standard, bold, and large) as well as a choice of left-aligned or center text. A seventh option also exists to place the date and time indicator in the title bar of the window.
Move owner text to help screen
This option moves the owner text off the locking screen and onto a separate “help screen”. A help button is added to the locking screen to access the moved text. Text on the help screen is shown without alignment or formatting, but can be scrolled to accommodate more than one page of text.
Sync owner text with system
When this option is set, TealLock uses and modifies the owner text set in PalmOS
Preferences instead of maintaining its own separate text.
The Security settings screens contain options for
adjusting password controls, encryption, and advanced security options.
Password
controls allow you to specify how passwords are entered, accepted, and
displayed. In TealLock
Corporate Edition, these controls are particularly useful in insuring that
employees choose secure passwords.
Minimum length
Useful mainly in conjunction with the administration password in TealLock Corporate Edition, the minimum password length feature allows an administrator to prevent a user from changing the password to anything shorter than a specified number of characters.
Mask passwords during entry
When set, this option requires displays an entered password using placeholder characters so that prying eyes cannot see the password as it is entered.
Require change every XX days
When set, this option requires that the user password be changed at regular intervals for added security, should one password become compromised. When a password is entered after sufficient passage of time, TealLock will bring up a reminder message requesting a new password to continue. When used with TealLock Corporate Edition, this feature can be used to ensure greater security. Other TealLock users may find this feature useful as a reminder to regularly change passwords.
Keep system password in sync
With this option set, whenever you set or change the user password in TealLock, the corresponding password in the system Security app is changed as well, keeping the two synchronized and minimizing the chance of confusion from having two active passwords at one time. Note that if you subsequently change the system password using the standard Security application, it will not by synchronized back to TealLock. Basically, you shouldn’t try to use both TealLock and the standard security application.
Guest Password
A guest password can be
specified and enabled with this option.
A guest password can be used to unlock TealLock,
but not to show private records or change settings in TealLock. In fact, unlocking a Palm with the guest
password will automatically hide private records if they are currently
shown. Guest passwords are useful if you
wish to loan your handheld to a friend, but do not want to grant him or her
access to all of your private data.
Emergency Password
When TealLock is registered, it is assigned an
emergency password based on its HotSync user name and registration information,
which accompanies a registration confirmation and key. This key can be kept in a safe place to
unlock the device in an emergency.
Turning off this option will disable the emergency key, giving stronger
security but removing the option to unlock the device if a password is
forgotten.
Note to Corporate Users:
TealLock
Corporate Edition automatically disables the emergency password once an
Administrator key is set, as the two serve a similar purpose.
Enable Quick Password
An optional quick password allows fast unlocking of a handheld with a short password without compromising long-term security against someone trying to unlock the device by guessing passwords. When enabled, the quick password can be set when you edit the user password.
Using this feature, a much longer more secure full password can be set
without making daily use of the device inconvenient.
Typically, the quick password is set to a combination of letters or
numbers mapped to the hardware buttons or on-screen keypad. When the lock screen first appears, a timer
begins counting down the remaining time.
If the correct password is entered (tapping OK is not required), the
unit is unlocked. If time elapses or an
incorrect character is entered, the full password is requested.
Note: Even if an incorrect key is entered, the full countdown always
continues, so someone repeatedly trying the bypass the quick password at
different times will get no feedback if any entered letters were correct. Once a mistake is made, the quick passkey
timer can be dismissed with a backspace stroke.
Quick password time limit
Specifies the number of seconds a user has to enter the quick password before the full password is required.
Start countdown after first
key
Sometimes, third party applications may wake up the handheld, causing
the quick password timer to expire before it can be used. This can also happen when a button is
accidentally pressed while the handheld is in a pocket or purse. When this option is set, the countdown waits
for the user to enter a key, and only begins after the first character is
received.
The following options affect how TealLock functions when locking or unlocking the handheld.
Power off after manual locking
When set, the handheld automatically turns off after being manually locked from the graffiti locking shortcut.
Call TealGlance on Unlock
Activates the program TealGlance to bring up its information screen after the unlock screen has been dismissed. TealGlance normally appears on power-on, but won’t do so if the device is locked in TealLock. This option provides for a delayed activation of that program.
Launch specified app on unlock
This option lets you specify a program to run after the handheld is unlocked. Any individual application can be specified here, including the system application launcher (OS 3.0+) or system application.
When you do NOT use this option, TealLock returns to the program that was running before locking, if it is present in RAM. If you were running a card-based application, the temporary copy loaded into memory by the system launcher has likely been deleted by PalmOS, so control will return to the TealLock main screen.
Allow app to run when locked
A specialized feature meant for specific applications, this option instructs the locking screen to release control to a specified application to run even when the handheld is locked. When that application exits, control is returned to TealLock. This option requires the device already be on the locking screen before it releases control. so it normally used in conjunction with the “wake up device to lock handheld” option.
Compatibility
This option works best with PalmOS 4 or earlier, and will *not* work with all devices, configurations, and third-party programs. As the device is temporarily unlocked to allow an app to run, the configuration must be tested to insure that the app does not do anything to jeopardize security when running.
PalmOS 5
On OS 5 handhelds, one must be particularly careful that undesirable application launching mechanisms are disabled, as PalmOS requires TealLock unlock the device before the identity of the new application is available. While TealLock will relock the device if it is not the specified app, a brief flash of an undesired app may appear if it is not blocked from starting. This usally means mapping application buttons to keystrokes to prevent them from launching their default apps.
Backup Programs
Some programs that feature a timed backup feature need to temporarily switch the current application to itself to perform the backup. This option can be used to allow the backup to occur in many instances. In order to do so, the backup app must support the backup process when the system lock flag is set.
PalmOS-powered phones
This option can be used to allow phone dialing and/or receiving on Treo phones and Kyocera Smartphones. Please test this feature to insure it is functional and secure with your handheld configuration.
To use this feature, first check the “run when locked” option and select the application you wish to allow to run. On the Kyocera 7135, the dialing application is simply called “dialer”. On the Treo 300, it is called “phone”. Note: on the Treo 600, you must select “Cancel” to exit the phone application if activated when locked.
Receiving calls
Next, insure that there is a
mechanism used to launch the program. For
incoming calls on some phones, the system may automatically attempt to launch
the phone applications.
On these
devices, no additional configuration is necessary to receive calls. For other phones, receiving calls, if
possible, may require similar configuration to outgoing calls, below.
If you are using an automatic locking feature, turn on the ‘Wake up to lock handheld’ option to keep locking activation from interfering with the receipt of a call.
Outgoing calls
For outgoing calls, or to launch a non-phone application, a button mapping is typically used. To enable the normal functionality of one of the four hardware application buttons, simply map the button in the standard PalmOS button Preferences panel, and turn off Password Entry Key Mapping in TealLock for that button. Note that you may wish to leave the TealLock key mapping in place if you want to lock out outgoing calls but still use the “run when locked” feature to allow incoming calls.
Do not require password
This unusual option is present when TealLock is not really being used as a locking program at all. Instead, the lock screen is used as a “Welcome” screen for commercial or promotional purposes, and automatic “locking” activation is used to bring up this welcome screen. Setting this option turns off the password requirement for the locking screen, while still leaving the password in place for security private records.
TealLock’s data encryption feature lets you add an additional layer of protection, encrypting selected databases when your device is locked. To turn on encryption, set the data encryption pick list to “on”.
Data Applications/Files
Files to encrypt can be selected by application or individual file. Up to six individual files can be selected and an unlimited number of applications. When an application is selected, all .PDB database files associated with that application are automatically encrypted.
Private / Public Records
Three encryption methods are available. A custom fast encryption method adds additional protection to TealLock’s locking and private record mechanism with minimum added encryption and decryption time. A more secure 128-bit MDC encryption based on an industry-standard MD5-Hash provides stronger encryption, while a 128-bit Blowfish algorithm provides the strongest protection with a reasonably fast encryption speed.
Both private and non-private records can be protected, and their encryption types can be individually set or turned off. By setting different encryption types for different records, maximum protection can be achieved with minimum encryption time.
TealLock’s card encryption feature lets you also encrypt data files stored externally on a removable VFS-compatible storage card such as compact flash, Memory Stick, SD, and MMC.
Set card encryption to “on”, select files to encrypt, and select an encryption type to enable card encryption. Note that access speed to external cards is much slower than internal memory, so be frugal when choosing files to encrypt.
To add files to the list to
encrypt, tap “add” to bring up a list of external files. Double-Tap on folder names to navigate into
those folders.
TealLock’s data self-destruct option provides a last line of defense against unauthorized access to sensitive data. This feature can be used to destroy data if it detects an attempt at unauthorized access. Once data is destroyed, the handheld will have all writable databases deleted and must be hard-reset before it can be used.
Booby Trap
A ‘booby trap’ password can be set
to destroy data if a particular password is entered. This can be used to keep someone from unlock
a handheld by guessing common passwords.
For instance, a handheld can be set to self-destruct if “password” ( a common insecure password) is entered as a guess. Being even more devious, a help screen can be
set to mislead someone. For instance,
one might set the locking screen help text to: “Enter my password. Hint: my favorite color”, and set a booby
trap to “blue”. Of course, any booby
trap set here should never be confusable with a genuine password.
Destroy data after too many tries
This “self-destruct” option can be used to prevent brute force attacks by erasing all databases on the handheld after too many incorrect passwords have been entered into a locked device. Use extreme caution activating this feature so that a forgotten password or other text entry problem does not inadvertently cause loss of data. Always fully back up all data and verify password functionality before setting this option.
Note to Corporate users: When used in conjunction with the user password lockout option in TealLock Corporate Edition, this self-destruct mechanism will activate based on the number of failed attempts to unlock the device *after* the user password has already been locked out.
The Advanced Settings screen allows one to set options designed to fine-tune TealLock’s behavior or compatibility with other programs.
Advanced options include:
Blank screen before switching current app to TealLock
When TealLock is set to hide private records or
lock the device on power-off, it can be set to blank the screen to prevent the
previous application from flashing up briefly on screen before the lock screen
appears. This may interfere with a few
drawing programs, (notably Bugme!),
which store their graphics directly in screen memory. For compatibility with such programs, you may
wish to turn this option off. On some
devices or with some programs, popup alarms may also appear blank if this
option is selected. If this occurs, make
sure this option is not selected.
Wake up handheld to lock/hide
Normally, when a time-determined option is selected, such as “lock after elapsed minutes” or “lock daily at time”, TealLock checks the elapsed time after the handheld is powered-up. If it detects the locking condition has been met, it brings up the locking screen. Even if the handheld is set to lock immediately on power-off, this cannot occur immediately because the processor is turned off before the lock screen can be enabled.
When this option is selected, however, TealLock uses a system timer to briefly wake the handheld and lock the unit roughly 30 seconds after the locking condition has been met. This insures that the handheld is already locked and records have been encrypted when the handheld is manually awoken later.
Lock out silkscreen buttons
This option blocks pen strokes in the silkscreen area below the screen when the unit is on the TealLock lock screen. This is useful in preventing some third party popup programs and launchers from recognizing taps in the graffiti area and popping up when the handheld is locked.
Lock out serial port
When activated, this option opens the serial port upon entry of the lock screen. This can prevent the unlikely scenario of someone using the Palm OS serial debugger or other program to access data on the unit. Using this option can consume power more quickly on some devices, however, and you should not use this option when connected to an external modem another device which might automatically turn on when the port is left open.
Toggle backlight on power up
When this option is set, a command
to toggle the handheld’s backlight (if supported) is
to the PalmOS display system. Use this
option to automatically turn on the backlight on devices (like the PalmV or m505) which do not store the previous state of the
backlight. On devices which already
restore the previous state, the backlight will toggle to the other state (on if
off; off if on) which is not usually a particularly useful feature.
Activation timing
Activation timing allows one to adjust how long TealLock waits before bringing up the TealLock lock screen after power-up for compatibility with third-party programs. Changing to either faster or shorter delay times may result in quicker overall switching times, as too fast a delay time may result in a failed switching attempts and a required retry.
Note: Recent code changes make this option largely unnecessary, but experimentation may still yield helpful results with some applications. This setting has no effect on handhelds running PalmOS 5 or higher.
Pre-encrypt files in RAM on every power off
Included for compatibility with earlier versions of TealLock, this option has largely been made obsolete by the “wake up to lock” option. We recommend using the latter option instead, as it tends to be more secure and more compatible with third party applications.
When selected, this option forces TealLock to always go through the encryption process when the unit is turned off. This was originally intended to prevent someone from bypassing the encryption process by performing a soft reset.
This process starts when the power button is pressed or the device times out. It does not put up a visual indicator. As the unit only turns off after selected databases have been encrypted, this will cause a delay from when the device is manually switched off and when the display actually shuts off. When the device is powered up, databases will be automatically decrypted if the lock condition has not been met. Because TealLock encrypts without exiting your open programs, care must be taken not to turn off the device while abusive applications are running. ( Abusive applications are those which abuse system resources, not leaving enough memory for a third party application to run.)
Note: This option is NOT compatible with card encryption. For this and other reasons mentioned above, we recommend using the “Wake to lock handheld” option if possible.
Allow Popups when Locked
Normally, when TealLock
is on its lock screen, it calls a PalmOS system function to lock out most
system popup windows such as those used to respond to network or wireless
events. Use this special-purpose
advanced option to allow system popups if required
for a particular need. The usefulness
and functionality of this option will vary from device to device depending on
third party and system software, and will likely require experimentation and
test to see if it meets a particular need.
TealLock allows you to save the current settings, including password, activation state, and customization options, into a file that can be manipulated in memory or backed up onto the desktop. When moved into flash memory along with TealLock (by using a third party utility like FlashPro), the file can be used to restore settings and lock the handheld even after a full power loss or hard reset. (When this occurs, the handheld’s memory and other data have already been erased, but this feature may encourage someone to return a lost handheld instead of keeping it.)
Warning: Be extremely careful when using a settings file for this purpose. Do not attempt this procedure using pre-release versions or test builds, or with passwords one might lose, as recovering the unit afterwards can be extremely difficult, or sometimes impossible.
To create and use a settings file:
1)
Turn off TealLock
2)
Move TealLock into flash using a third-party
flash utility like FlashPro by HandEra
(formerly Technology Research Group)
3)
Turn On TealLock (now in flash)
4)
Write a settings file
5) Move the settings file (“TealLock Settings”) into flash as well.
Before the file is written, you will be asked for a password to imbed into the file. The passkey will be restored in event of memory loss and will be set as the system password as well. Use this feature with extreme care, because if you forget your passkey, you may be permanently locked out of your device.
The settings file can also be used to install identical settings on multiple devices when used under a company Site License. To do so, write a settings file and backup as described above. The settings file will be copied back to the desktop computer in the user’s backup folder (typically c:\palm\username\backup). Make a copy of this file (“TealLock_Settings.pdb”) and install it along with TealLock onto a new handheld. When TealLock is first run on that device, it will adopt its settings from the settings file, which can then be optionally deleted using a file management utility, as it is no longer needed.
When using TealLock Corporate Edition, the Install File (see below), should be used for this purpose. Do not use both an install file and settings file simultaneously.
NOTE: Because of the
high potential risk and the difficulty of using a third party flash utility, we
do not generally recommend using this feature, and cannot give specific support
and instructions beyond what is presented here.
In TealLock Corporate Edition, the Other menu is replaced by an Admin which contains additional settings useful in a multi-unit corporate environment, where a company-designated administrator can globally control access to devices and TealLock settings.
The following choices are available exclusively in TealLock Corporate Edition.
From the Admin Controls screen you can set the administrator
password and set password and lockout options.
Administrator Password
The Administrator password field lets you set a separate password for deactivating TealLock or accessing the settings screens. When an administrator password is set, TealLock’s emergency password is disabled, and the User password will not be accepted for turning off TealLock or accessing the settings screen, only for unlocking the handheld or showing private records. Instead, only the Administrator password will grant full access to the device and TealLock’s settings.
Lockout after too many password attempts
When the lockout option is active, a user has only a specified number of attempts to unlock a locked handheld. After the attempts have expired, the user password is no longer accepted and the administrator password is needed to unlock the unit.
Require letters and numbers
When set, this option requires user passwords to
contain at least one number and one alphabetic character. Use this option in conjunction with the minimum password length control to
prevent an employee from setting an insecure or easy-to-guess password.
Double up system lock when reset
Normally, if the handheld is reset while on the TealLock locking screen, TealLock will fall back to the Palm OS system security lockout screen. When the double-up option is set, TealLock’s lock screen will also stay active, and will be shown after the system lockout screen is dispatched. This option is useful if for some reason the system’s security password is turned off outside TealLock, rendering the system lockout screen insecure.
One of TealLock Corporate Edition’s extremely useful and exclusive features is the ability for an Administrator to unlock an employee’s handheld remotely, generating a temporary password which can be read over the phone or transmitted over email and keyed to the individual user’s device.
Valid for only one hour, the remote passkey is no longer valid after expiration and is secured by 128-bit encryption. It cannot be used to calculate a passkey valid at a later date or derive the administrator passkey.
The Remote Unlock feature can only be used on handheld units
with identical installation settings to the Administrator’s handheld. Settings will be identical if
1)
the remote handheld was installed using an Install
File generated on the Administrator’s handheld, or
2)
if both
units were set up using the same Install File.
Remote Unlock will not
function on handhelds installed with a different administrator password or in
the standard (non-Corporate) version of TealLock.
Using remote unlock:
1) The administrator instructs the employee to enter the
text ‘REMOTECODE’ (no space, not case-sensitive, no quotes) as the unlocking
password on the locked-out device:
2) The employee’s handheld
will return a 15 digit numerical Remote ID Code which encodes the
date-stamp and identity hash of the device.
This code is reported back to the administrator:
3) Using a second device, the administrator enters the Remote ID Code on the ‘Remote Unlocking’ screen (with no spaces) to generate a temporary unlocking code keyed to the specific device and valid one hour from the ‘Valid at’ time. The validity of the code is verified by the time on the remote unit, so if the time on that device is set incorrectly or if the employee is in another time zone, the remote time should be used when making the code.
4) To verify the time on the remote handheld, the local time can be displayed in TealLock by entering an incorrect password.
Note: To prevent an employee from requesting a passkey which may be valid at a future date, TealLock will show a warning if the Remote ID reflects either 1) a future time relative to the time on the Administrator’s handheld, or 2) if the install time on the remote handheld precedes the last time the administrator key was set on the administrator’s handheld. If time differences are due to time zone discrepancies or if the administrator passkey has been adjusted (and restored) after initial installation, the warnings can be ignored.
5) The
administrator taps ‘Make Unlock Code’
to generate a 28-digit temporary unlocking key valid for the specified
time. Unlike the numerical Remote ID
code, the Unlocking Code will consist of both numbers and letters. Note that the letters i, z, and o are not used in the unlock code to avoid
confusion with the numbers 1, 2, and 0, respectively.
1)
The
administrator relays the unlock code to the employee, who enters it into the
locked device to gain access.
7) After unlocking, the employee will be asked to enter and verify a new user password to replace the lost one.
Once desired settings are configured on an administrator’s machine, the install file feature can be used to automatically copy these settings onto individual employee devices upon installation.
To use this feature, perform the following steps:
1)Configure an initial administrator handheld with the desired individual display, activation, and password settings. If the program is a customized program version received as part of a site license, enter the company registration key as well.
2) Tap on the “Install File” button to create the install file on the model handheld, and select “Install File’. You will be asked for a password to imbed into the file, which will be the initial password needed to unlock the device immediately after installation. After initially unlocking the handheld with this password, the employee will be asked to enter a new unique individual password to continue.
3) HotSync the administrator handheld. The install file will be copied to the handheld’s backup folder on the desktop computer. The exact location depends on where the Palm Desktop Software was installed, but a typical location is
C:\Program Files\Palm\UserName\Backup
Where “UserName” is an abbreviated form of your handheld’s HotSync name.
4) Locate
the backed-up file on the desktop and make a copy to a convenient location.
If you are encrypting named databases, you
should also find and save the file “TealLock AppListDB”, which contains the IDs of the files to be
encrypted.
5) Using the Palm Install Tool, install the install file and TealLock (and optionally the AppListDB) to individual handheld devices. If a previous version of TealLock is already running on any of the devices, it must be turned off first to continue.
For convenient installation, the program TealInstall can also be used to bind TealLock and the install file into a single self-installing Windows executable file which can be distributed via email, networks or other convenient means. With TealInstall, the employee only need double-click on the file to install TealLock at the next HotSync. Download TealInstall on our developer’s page (www.tealpoint.com/developr.htm) or contact us for a corporate site license.
Other third-party HotSync solutions, such as Extended Systems can be used here as well. To work, the solution need only be able to simultaneously install both files onto a target handheld.
7) Unlike a simple settings file, the install file forces a reset on the new Palm after HotSync. TealLock will automatically install, activate, and lock the Palm, and require the initial password to unlock. After unlocking, it will ask the user to specify a new password before continuing.
8) If a customized version of TealLock Corporate Edition is being used, it should already be registered from the install file. If instead the individual copies are being installed as part of a small-scale site license, individual registration passkeys will need to be entered on the individual devices to turn off registration reminders.
An uninstall file automates entry of an administrator password used to turn off devices deployed in the field. An older version of TealLock must be turned off before a newer version or updated settings are installed.
To use this feature, perform the following steps on a handheld running the SAME VERSION of TealLock as the units in the field:
1) Tap on “Uninstall File”. You will be asked for a password to imbed into the file, which should be the administrator password installed onto the field units.
2) HotSync the administrator handheld. The install file will be copied to the handheld’s backup folder on the desktop computer. The exact location depends on where the Palm Desktop Software was installed, but a typical location is
C:\Program Files\Palm\UserName\Backup
Where “UserName” is an abbreviated form of the handheld’s HotSync name.
3) Locate the backed-up file on the desktop and make a copy to a convenient location.
4) Using the Palm Install Tool, install the uninstall file to the field units. Other HotSync solutions (such as Extended System) can also be used to install files to the other handhelds. The TealMover file transfer program can even be used to directly beam the file onto a field unit.
5) After receiving the uninstall file, a dialog requesting a soft reset should appear on each handheld. When tapped, the units should reset and restart with TealLock turned off, ready for installation of a new program version and settings.
When changing
settings
When updating TealLock settings but not changing TealLock versions, an install file and uninstall file can be used simultaneously. The new settings file MUST contain a new administrator password.
When updating
versions
When upgrading TealLock to a new version, the uninstall of the old version and installation of the new version must be done in two steps unless using a site license version of TealLock and upgrading to TealLock 5 or higher. When this is the case, make sure the uninstall file is made with the older version and the install file made using the new program with new settings.
SECURITY NOTE: The uninstall file feature simply imbeds whatever password you enter into the created file. As such, the feature cannot be used beforehand to compromise an administrator password. Once an uninstall file has been created and deployed in the field, however, the old administrator password should be considered insecure, as the uninstall file contains a lightly encrypted copy of the password. Also, anyone with a copy of the file can turn off any units using the old administrator password, so all future installations must be configured with a new administrator password.
If you set a password, whenever you lock the device, you'll be required to enter the key again to regain access to your data. If you hide private records, you'll also be asked for the same key to show the records again. Obviously, you should keep your password in a safe place. Be sure to set a password for the standard security app as well, so private records cannot be shown from there without a password. We recommend you set both passwords to the same value or use the “Keep system password in sync” option to do this automatically.
When
you register, you'll be assigned an emergency password based on your
registration key and Hotsync User Name that can be
used to unlock your unit should you forget your normal password and have the
“Emergency Password” option set. This is not the same as your registration
key. If you need an emergency key, you
can request that it be sent to the registration email that we have on file.
Note
that the emergency password only works with TealLock,
not with the System Lockout screen, which comes up if someone
tries to bypass TealLock by resetting the handheld. Also, the emergency Password is disabled in TealLock Corporate Edition if an administrator password is
set. You can disable the emergency
password in the standard edition as well by unchecking
the corresponding option in the Advanced Security settings screen. Lastly, the emergency password can be used to
gain last-resort access to the device, but it WILL NOT DECRYPT DATABASES that
you have encrypted on the device, and any data encrypted when you use an
emergency password will likely be lost.
Tealock does not
automatically allow most applications to run while your handheld is
locked. Since PDA phones require a
Dialing application to run in order for you to receive a phone call, you need
to specifically set a TealLock option to allow the
Dialer to run. To do so, go to the TealLock settings screen and tap on ‘Locking/Unlocking
options’ in the ‘Security’ category.
Check ‘Allow app to run when
locked’ and select your phone’s dialer application. Also use the ‘Wake up to lock handheld’ feature to
keep locking activation from interfering with the receipt of a call. See the section of this manual on using this
option for more details on configuring the program for call compatibility.
You
can select an image database to be used as background imagery for your locking
screen. This database must be in TealPaint format and can be modified in TealPaint. Use the TealPaint
Image Manager which comes with TealPaint to import
your own image to TealPaint format. You can have
multiple images in this database. If you do, a random image will be chosen each
time you lock the handheld.
Thus,
you can create a number of images in TealPaint, and add text there if you wish for "quote of
the day" functionality, inspirational images, etc. In the image-select
screen, enter the name of the image database to use. The one provided with TealLock is
called "LockImgs". If you change it, be
sure to specify the name as it appears in TealPaint
with the exact same spelling and capitalization.
The
text that appears on the "Locked" screen can be modified. It can be
bold or not, but is always black on white and drawn from the left hand side of
the display or centered. If you are using an image, you should make space for
the text, or better yet, render the text into the images themselves.
Use
the shortcuts to hide private records, show private records, or lock the
handheld, at anytime. You do not need to be in a text-editing field for the
shortcuts to work. A shortcut is a graffiti stroke which resembles a cursive
lower-case 'L' followed by letter you select. A popup screen will tell you when
private records are shown or hidden. When showing private records, if you have
a password set, you'll be asked for the password to continue, and returned to
the previous application when done.
When
selecting shortcut strokes, make sure the letters do not match the first
letters of any standard PalmOS shortcut macros set in Preferences.
If
you want to use a password to protect your private records, but don't want to
lock your device, you can set the "Don’t require password" option,
which turns the "locked" screen into a "welcome" screen
that does not require a password, but shows your message and waits for an
"OK" before continuing.
If
your handheld is reset while locked, TealLock will
fallback to the system Lockout Screen in ROM for maximum security. This lockout
screen has the text "System Lockout Screen" at the top of the screen.
The password for this screen will only be the same as TealLock's
password if you set them to be the same, or use the advanced option “Keep
system password in sync” to do this automatically whenever you change the user
password. The TealLock emergency password and
administrator passwords will NOT work for the System Lockout Screen, and there
is no way past this lockout screen if you forget the password here.
NOTE: Under TealLock Corporate
Edition, TealLock’s password screen can be set to
double-up on the system password, so in case of an undiscovered flaw or
backdoor in the system security, TealLock locking
screen will still need to be passed.
The Health Insurance Portability and Accountability Act (HIPAA), establishes standards, requirements, and penalties designed to insure the privacy and security of patient records and data. Finalized in February 2003, the security provisions of HIPAA include physical, administrative, and technical safeguards to protect the integrity and access to information. Covered health care organizations are required to comply with HIPAA or face penalties of up to 10 years imprisonment and a $250,000 fine.
With more and more patient-related data finding its way onto
to physician-owned handhelds, TealLock can play a
vital role in insuring that any organization’s HIPAA compliance program. TealLock features
relating to HIPAA Security Technical Safeguards (164.312) include:
Access control TealLock password-protection insures that only persons with
access rights can view or modify protected health information (PHI) stored on
the device.
Automatic logoff TealLock can automatically lock the handheld a specified
number of minutes after a password is entered,
performing an automatic logoff.
Emergency access procedure TealLock administrator passwords can provide authorized
individuals full access rights to data stored on the handhelds in an
emergency.
.
Encryption and decryption TealLock supports encryption and decryption of data stored
both in memory and on external storage cards with industry-standard 128-bit
protection.
TealLock
site licenses are available for companies and organizations of 50 or more handhelds. Contact us at corporate@tealpoint.com or
visit www.tealpoint.com for more information.
Password Security and Data Encryption in TealLock
TealPoint Software
This document outlines the password and encryption
methods used in TealLock as they apply to TealLock Corporate Edition for PalmOS. TealLock is a
security application for PalmOS handhelds, supplementing the security of the
device with an automatic password-based locking mechanism and optional
encryption of selected databases while the device is locked.
Individual
Passwords
Both individual user and administrator passwords are
handled in TealLock in a similar manner. The passwords are not saved on the device,
but hashed using an industry standard 128-bit MD5 algorithm. When a password is requested, entered values
are hashed using the MD5 and compared to saved values
to gain access.
Remote
Passwords
Remote-unlocking passwords, unique to TealLock on the PalmOS platform, allow IT personnel to
issue time-sensitive passwords to individual users to unlock their devices
without compromising the global administrator password or future remote
passwords. While simple checksums and
embedded bits in unlocking keys are used to code a particular unlocking key to
a single device or hour of the day, an MD5-based OTP (one time password) system
prevents a code from being used after the day of issuance even if the program
code is reverse-engineered. When
generating codes on the administrator device, TealLock
issues a warning should an employee misadjust their system time in an attempt
to request a key for a future date. TealLock can generate 1000 unique remote passwords, one
valid for each day after initial selection of the administrator password. Thus, the administrator password used on
devices in the field should be changed at least once every 2 and ½ years to
avoid running out of valid remote passwords.
Encryption
Keys
Encryption keys in TealLock
are generated using an MD5 hash of the user password, utilizing a separate hashing
key from that used for password verification.
After encryption, the key is deleted from memory. When a user password is entered to unlock the
handheld, it is hashed using the encryption hashing key to regenerate the
encryption key used to decrypt the encrypted data.
In TealLock Corporate
Edition, when an administration key has also been set, a second encryption key
based on the administrator passkey is also generated. The user and admin keys are then each used to
create encrypted backups of the other using a 128-bit MDC/MD5 block cipher, and
the original keys are erased from the device.
This system allows recovering of the encryption key only if either the
administrator or user password is entered.
Encryption
Algorithms
TealLock supports three
standard encryption methods:
1)
Fast
The “fast” encryption
method utilizes the output of a 64-bit pseudo-random number generator as a bit
stream to XOR with the data to be masked.
Designed for speed, it is not designed to be robust from a “known-text” attack
by a crypto-analyst, but is suitable for routine use and protection from
ordinary individuals.
2)
128-bit MDC/MD5
This known algorithm,
added to TealLock in version 4.00, consists of a
message digest cipher (MDC) using an MD5 algorithm as the one-way hashing
function. Commonly in use, this is known
as an MDC/MD5 and is the slowest algorithm supported, but is useful for
encrypting small amounts of data.
3)
128-bit Blowfish
Added to TealLock in version 4.15, the blowfish algorithm was
created by Bruce Schneier as a drop-in replacement
for DES or IDEA, and is growing in popularity as a strong encryption
algorithm. Supporting variable key sizes
from 32 to 448 bits, it has been implemented in TealLock
using a 128-bit key.
Encryption
Strength
All encryption methods use keys based on user
passwords, salted with additional machine metrics specific to the device and
files being encrypted. The 128-bit keys
provide maximum protection for alphanumeric passwords up to 20 characters in
length. Real-world protection depends on
the actual length of user passwords.
It is interesting and somewhat amusing to note some
competing products claiming 512-bit or higher protection, which is, of course,
unachievable unless users are required to enter randomly-chosen, 80-character
long passkeys. A recommended minimum
password length of 8-characters represents at most 52 or so bits of entropy,
limiting any true achievable security to the same bit length regardless of
encryption bit depth. Using a 512-bit
encryption algorithm under such circumstances and filling in the missing bits
with bytes stored on the device may in fact compromise security and result in a
less secure encryption.
Additional
Password Features
The selection of insecure passwords by end users is
the largest security threat in any corporate environment. To enhance password security, TealLock supports features to enforce minimum lengths for
user passwords and require both letters and numbers to be present in passwords
to prevent “dictionary” cracking methods.
In addition, options are provided for both a
user password lockout and data self-destruct modes to deter brute force
attacks.
Device-specific
Implementations
TealLock 5.0 supports
additional encryption ciphers by way of the PalmOS Cryptomanager
library. Encryption ciphers installed
into ROM by the handheld manufacturer are automatically recognized by TealLock and make available for use.
On the Palm Tungsten C handheld, TealLock
supports optional 128-bit RC4 encryption via the Cryptomanager
library. In fact, the standard Security
application present in ROM on both the Tungsten C and Tungsten T2 are special
streamlined versions of TealLock standard edition,
licensed by Palm from TealPoint Software specifically to enhance the security
of those devices for the enterprise market.
###
As
we cannot control the style and robustness of other products, we cannot
guarantee compatibility with Palm OS applications beyond those included from
Palm Computing. However, we try to resolve compatibility issues as best we can.
I can't HotSync the new version or move it to
Flash memory
The built-in delete-protection will
prevent you from overriding the program while it is currently running. You must
first turn it off first before upgrading to a newer version or deleting the
program.
TealLock crashes
as soon as I try to run it;
I've restored from backup
There is a known problem with Backupbuddy correctly backing-up and/or restoring TealLock, possibly because it cannot handle files which are
currently locked and hooked up into PalmOS. When run, Backupbuddy
"restores" a corrupt 1k file which cannot be run or deleted by the
standard system launcher. To fix it, use TealMover or a similar file-management
program to delete the 1k TealLock file after turning
off its protect and readonly bits and reinstall TealLock from the original download, and check with Blue
Nomad for more assistance.
Help! I can't enter my
password
Make
sure that the Text entry line is active, which is indicated by a flashing
cursor. If it is not, click on the text entry line first.
The Quick Password doesn't work sometimes...
By default, the four hardware
buttons are mapped to '1','2','3', and '4', respectively. This allows you to
unlock your device 'pen free' using the quick password if your quick password
uses these numbers or whatever characters you choose to map. When you turn on
the device using a hardware application button (or accidentally do so while
it's in your pocket), that first press counts as entering a key, which will
invalidate your quick password entry. To keep this from happening, you can map
all four buttons (and optionally the Palm V contrast button) to nothing by
setting them all to "no".
In TealLock
5.0, you can set the quick password countdown to start only after the initial
key presss.
Help! My Treo keeps
asking me for a 4-digit numerical password, but I haven't set one.
This is the phone-locking screen
that is part of the Treo's "Phone"
application. It is not a request coming
from TealLock.
The Treo will automatically activate its own
locking in certain circumstances, but uses a different password that is not
related to the one set in TealLock. By default, this
password is set to the last 4 digits of your phone number.
Help! I reset the Palm and
my password doesn't work.
After
a reset, TealLock falls back to the system lockout
screen, which is part of the Palm OS, not the TealLock
locking screen. If you set the standard Palm security app to a different
passkey, and have not set the "Keep system password in sync" option
or have changed the system password after the one in TealLock,
enter the system key instead of your TealLock key.
The system security screen says "System Lockout" in the title bar.
How can I receive calls when locked?
Try using TealLock’s
“Allow app to run when locked” feature to permit your phone’s dialing
application to run. See Locking/Unlocking Options above for
more information.
Is TealLock
compatible with PalmOS 5?
Yes. TealLock
is fully compatible with PalmOS 5 and handhelds running ARM processors like the
Tungsten T. Make sure you are running version 5.0 or
higher.
Sometimes, I turn on my device and only a
blank screen is showing...
An alarm going off or a conflict
with the running program may have prevented TealLock
from switching to the lock screen. The active screen or alarm dialog is
probably active and waiting for a button tap, but its buttons have just been
erased in preparation for the locking process. Try turning off the "blank
screen" option in TealLock if this occurs. In TealLock 5, it is off by default.
Help. I seem to be noticing decreased battery
life when running TealLock.
If you are trying a demo version of
the program, be sure not to leave the TealLock
waiting on the popup registration reminder screen for an extended period of
time after activation, as the program sits in a loop here waiting for a pen
tap, which can use battery life more quickly than when sitting idle in the main
body of an application.
My alarms or snooze messages do not show when
the handheld is locked.
Are you encrypting the Datebook or ToDo databases? When
a database is encrypted, it is protected from access to safeguard the data, so the
Datebook application cannot access it. When TealLock detects a Datebook alarm
with an encrypted database, it will sound and show a substitute alarm screen.
Datebk5, however, may also expect the ToDo database
to be unencrypted as well, and may not display snooze messages if the ToDo database is encrypted.
Under TealLock
5 and PalmOS5, the datebook will show alarms as
“Private Appointment” when the handheld is locked. This is standard functionality also found in
the standard security app and part of designed PalmOS locking behavior.
What kind of encryption does TealLock support?
TealLock
supports a number of different encryption types, from a simple fast encryption
method to industry-standard 128-bit Blowfish encryption. On a Tungsten C, RC4 is also available.
How
to I Restore Encrypted Records after I reset?
If the Palm is reset while on the Palm locking screen, TealLock will fall back to the system security screen. When this is unlocked, TealLock will automatically launch and decrypt the encrypted records. If for some reason, a conflict with installed “hack” extensions, for instance, TealLock is not able to decrypt the records, simply relock and unlock under TealLock to restore your records. Do not change your password before doing so and do not run other programs that may try to access the encrypted records, as they may either crash or modify the encrypted data, preventing it from being decrypted properly.
Can I put TealLock
in flash memory or extra protection?
Yes. We do not recommend using this
feature for most people, but it has been included for customers with specific
needs in this area.
See the manual on how to create a
"settings file" to snapshot your current
settings. To put both into non-removeable flash
memory (if present on your device), use a utility like
FlashPro from TRG. Note that you cannot put TealLock into a *removable* flash card because it must stay
connected to the system to remain functioning.
I can exit the locking screen on a Visor by inserting
a flash memory card
If you are running Launcher III,
this is a bug in that program, which hijacks the system when a card is removed.
We've found that it even bypasses the standard Palm Security's lock screen, and
does so if Launcher III is installed, regardless of whether it is activated as
the default launcher. Programs which inadvertantly
leave files open on the expansion card can cause this behaviour.
How can I obtain a licensing information for TealLock
Corporate Edition?
Please email our Corporate Services
Department at corporate@tealpoint.com. Site licenses are available for 50 or
more customers. Download the latest version from our Corporate Edition
information page at http://www.tealpoint.com/corplock.htm.
Visit us online for our complete product line, including:
TEALAGENT
( http://www.tealpoint.com/softagnt.htm )
A PC-based Palm data converter, installer, and web clipper
which formats local, network, and web-resident data into standard Palm formats.
TEALALIAS
( http://www.tealpoint.com/softalia.htm )
Making the most of expansion memory, TealAlias creates
placeholder alias files that automatically find, load, and launch apps and data
from external SD cards, freeing precious main memory.
TEALAUTO
( http://www.tealpoint.com/softauto.htm )
The complete automobile mileage, service, and expense
tracking program, TealAuto supports unmatched
features and customization options.
TEALDOC
( http://www.tealpoint.com/softdoc.htm )
Powerful reader for Palm documents, e-books, and
newspapers, supporting advanced features such as pictures, links, and flash
cards.
TEALECHO
( http://www.tealpoint.com/softecho.htm )
Digital "ink" lets you see what you write, vastly
increasing graffiti writing speed and accuracy.
No more writing blind!
TEALGLANCE
( http://www.tealpoint.com/softglnc.htm )
Pop-up utility shows time, date, appointments and to-dos,
and other useful information at power-up.
See your day at a glance.
TEALINFO
( http://www.tealpoint.com/softinfo.htm )
A system for creating and displaying
interactive databases, reference works, and mini-application folios; a handheld
reference library.
TEALLAUNCH
( http://www.tealpoint.com/softlnch.htm )
A pop-up application launcher and
mapping utility for launching apps and special functions from pen taps,
graffiti strokes, or button presses.
TEALLOCK
( http://www.tealpoint.com/softlock.htm )
Secure automatic locking program with optional data
encryption and numerous activation and customization options.
TEALMAGNIFY
( http://www.tealpoint.com/softlens.htm )
An ever-ready magnifying glass that works with most any
program, TealMagnify saves your eyes when looking at
tiny text.
TEALMASTER
( http://www.tealpoint.com/softmstr.htm )
A supercharged Hackmaster replacement with
100%-compatibility and enhanced stability, configuration, diagnostic and
activation features, and PalmOS 5.0 support.
TEALMEAL
( http://www.tealpoint.com/softmeal.htm )
A personal restaurant database and
selection wizard.
Keep a database of your favorites and easily find them by type or
category.
TEALMEMBRAIN
( http://www.tealpoint.com/softmemb.htm )
Memory monitor
and stack manager which helps identify conflicts and greatly improves stability
running multiple hacks and drivers.
TEALMOVER
( http://www.tealpoint.com/softmovr.htm )
File management utility for beaming, deleting, renaming,
and copying files both in memory and on VFS-compatible storage cards.
TEALMOVIE
( http://www.tealpoint.com/softmovi.htm )
High-quality multimedia system with
video and synchronized sound. Includes audio/video player
and Windows AVI/Quicktime converter program.
TEALNOTES
( http://www.tealpoint.com/softnote.htm )
Insert freehand graphic "Sticky Notes" into
memos, to-do lists, address book entries--almost
anywhere you currently have editable text.
TEALPAINT
( http://www.tealpoint.com/softpnt.htm )
The most powerful paint and sketch app on Palm OS
handhelds, featuring 16 tools, 16 patterns, 12 brushes, color, and desktop
image conversion.
TEALPHONE
( http://www.tealpoint.com/softphon.htm )
A powerful Address Book replacement
with superior interface, display, search, and indexing options.
TEALPRINT
( http://www.tealpoint.com/softprnt.htm )
The all-in-one text and graphic
printing solution for Palm OS, supporting infrared, serial, and HotSync
printing to any Windows printer.
TEALSAFE
( http://www.tealpoint.com/softsafe.htm )
A personal encrypted data vault and wallet for computer
passwords, credit card numbers, calling cards, software registration codes, PIN
numbers, bank accounts, business contacts, journal entries, or any other
sensitive information. A must for features and security.
TEALSCRIPT
( http://www.tealpoint.com/softscrp.htm )
An improved, tunable, Graffiti replacement that supports
custom strokes, macros, better accuracy, and full screen writing under OS5
TEALTOOLS
( http://www.tealpoint.com/softtool.htm )
Six pop-up desk accessories,
including a calculator, clock/stopwatch, preferences panel, editing panel, memopad, and a file/backup manager.
Version 5.20 –
Version 5.10 –
Version 5.02 –
Version 5.00 –
Encryption
Security
Passkey entry
Appearance
Compatibility
Version
4.70 -
Version
4.65 R2 -
Version
4.62 -
Version
4.60 -
Version
4.10 -
·
Fixed
returning to last app when using guest password
·
Fixed app
switch lockout after alarm until power off
·
Fixed screen
blanking on alarms over locking screen
·
Fixed
automatic masking of private records
·
Fixed password
expiration dialogs disappearing off screen too quickly
·
Fixed password
expiration countdown when powering off
·
Fixed install
file conflict with some third-party apps (Corp Ed)
Version
4.05 –
·
Added
compatibility with hacks patching system launch command
·
Fixed
returning to previous app when using quick password
·
Fixed conflict
preventing installation in flash memory
·
Fixed turning
off of unit when using PalmOS ‘lock and off’ pen stroke
Manual
by Vince Lee, Sara Houseman, Heather Stark, and Diane Dybalski
TealLock by TealPoint Software
©1999-2003
All Rights Reserved.
TealPoint
Software
TealLock
for PalmOS
Please
visit us at www.tealpoint.com, or email us at support@tealpoint.com.
We look
forward to hearing from you.
Registering
allows you to use the program past the 30 day expiration period and turns off
registration reminders.
Currently,
you may register by snail mail or online with a credit card and a secured
server from the store where you downloaded the software. For the first option, send the following
information on a sheet of paper separate from your payment.
·
Product
Name
·
E-Mail
Address
·
HotSync
User ID (Pilot Name Required for Passkey generation. It can be found on the
main screen of the HotSync application on the Pilot as "Welcome
________" or in the corner on a PalmIII or
higher)
·
Check
(drawn off a US Bank) or Money Order for ($19.95 US standard edition, $24.95
corporate edition). No international
checks or money orders please.
TealLock
Corporate Edition features special administrator access functionality, and is
available for site license customers.
For 50 or more users, a customized version of the program is available
with a single registration key for ease of installation. For more information about obtaining a site
license for your business or institution, email corporate@tealpoint.com.
For
trial or for offices with fewer than 50 users, individual copies of TealLock Corporate Edition are available for $24.95 per
copy. Individually keyed for each
handheld, they may be purchased online at http://www.tealpoint.com/corplock.htm.
We at
TealPoint Software are committed to providing quality, easy-to-use software.
However, this product is provided without warranty and the user accepts full
responsibility for any damages, consequential or otherwise, resulting from its
use.
This
archive is freely redistributable, provided it is
made available only in its complete, unmodified form with no additional files
and for noncommercial purposes only. Any other use must have prior written
authorization from TealPoint Software.
Unauthorized
commercial use includes, but is not limited to:
·
A
product for sale.
·
Accompanying
a product for sale.
·
Accompanying
a magazine, book or other publication for sale.
·
Distribution
with "Media", "Copying" or other incidental costs.
·
Available
for download with access or download fees.
This
program may be used on a trial basis for 30 days. The program will continue to
function afterwards. However, if after this time you wish to continue using it,
please register with us for the nominal fee listed in the program.
Thank
you.
LICENSE
CUSTOMER
LICENSE AGREEMENT
YOU ARE
ABOUT TO DOWNLOAD, INSTALL, OPEN OR USE PROPRIETARY SOFTWARE OWNED BY TEALPOINT
SOFTWARE, INC. CAREFULLY READ THE TERMS AND CONDITIONS OF THIS END USER LICENSE
BEFORE DOING SO, AND CLICK BELOW THAT YOU ACCEPT THESE TERMS.
1.
License. You are authorized to use the Software Product owned and developed by
TealPoint Software, Inc. on a single hand-held computing device on a trial
basis for thirty (30) days. If after 30 days you wish to continue using it, you
are required to register with TealPoint and pay the specified fee. This license
is not exclusive and may not be transferred. You may make one copy of the
Software for back-up and archival purposes only.
2.
Ownership. You acknowledge that the Software Product is the exclusive property
of TealPoint Software, Inc, which owns all copyright, trade secret, patent and
other proprietary rights in the Software Product.
3.
Restrictions. You may NOT: (a) decompile or reverse
engineer the Software Product; (b) copy (except as provided in 1 above) sell,
distribute or commercially exploit the Software product; or (c) transfer,
assign or sublicense this license.
4.
Disclaimer of Warranty and Liability. TEALPOINT MAKES NO WARRANTY, EXPRESS OR
IMPLIED, AS TO THE ACCURACY, COMPLETENESS OR FUNCTIONING OF THE LICENSED
SOFTWARE, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY OR OF
FITNESS FOR A PARTICULAR PURPOSE, ALL OF WHICH TEALPOINT DISCLAIMS. ALL
LIABILITY IS DISCLAIMED AND TEALPOINT ASSUMES NO RESPONSIBILITY OR LIABILITY
FOR LOSS OR DAMAGES OF ANY KIND, DIRECT OR INDIRECT, INCIDENTIAL, CONSEQUENTIAL
OR SPECIAL, ARISING OUT OF YOUR USE OF THE LICENSED SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY THEREOF.
5.
Termination. You may terminate this Agreement at any time by destroying your copy(ies) of the Software Product.
The Agreement will also terminate if you do not comply with any of its terms
and conditions, at which time you are required to destroy your copy(ies) of the Software Product
and cease all use.
6.
Applicable Law. This Agreement is governed by the laws of the State of