WO2012046099A1 - Method, apparatus, and computer program product for implementing sketch-based authentication - Google Patents

Method, apparatus, and computer program product for implementing sketch-based authentication Download PDF

Info

Publication number
WO2012046099A1
WO2012046099A1 PCT/IB2010/054479 IB2010054479W WO2012046099A1 WO 2012046099 A1 WO2012046099 A1 WO 2012046099A1 IB 2010054479 W IB2010054479 W IB 2010054479W WO 2012046099 A1 WO2012046099 A1 WO 2012046099A1
Authority
WO
WIPO (PCT)
Prior art keywords
fragment
authentication
time
respect
points
Prior art date
Application number
PCT/IB2010/054479
Other languages
French (fr)
Inventor
Andreas Petrus Heiner
Original Assignee
Nokia Corporation
Nokia, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation, Nokia, Inc. filed Critical Nokia Corporation
Priority to PCT/IB2010/054479 priority Critical patent/WO2012046099A1/en
Publication of WO2012046099A1 publication Critical patent/WO2012046099A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Embodiments of the present invention relate generally to implementing a user interface, and, more particularly, relate to a method, apparatus, and computer program product for implementing sketch-based authentication.
  • Example methods, example apparatuses, and example computer program products are described herein that provide for implementing sketch-based authentication.
  • One example method comprises obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment.
  • the first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • the example method may also include comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
  • An additional example embodiment is an apparatus configured to implement sketch-based authentication.
  • the example apparatus may comprise at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, direct the apparatus to perform various functionality.
  • the example apparatus may be directed to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment.
  • the first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • the example apparatus may also be directed to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
  • Another example embodiment is a computer program that, when executed causes an apparatus to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment.
  • the first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • the example computer program may also cause the apparatus to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
  • Another example embodiment is a computer program product comprising a non- transitory memory having computer program code stored thereon, wherein the computer program code is configured to direct an apparatus to perform various functionalities.
  • the program code may be configured to direct the apparatus to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment.
  • the first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • the example computer program code may also be configured to direct an apparatus to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
  • Another example apparatus comprises means for obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment.
  • the first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • the example apparatus may also include means for comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
  • FIG. 1 a illustrates an example mobile terminal with a touch screen display for receiving an authentication input sketch according to an example embodiment of the present invention
  • FIG. 1 b illustrates an example computer system for receiving an authentication input sketch according to an example embodiment of the present invention
  • FIG. 2a illustrates an authentication fragment according to an example embodiment of the present invention
  • FIG. 2b illustrates rotation and translation of an authentication fragment according to an example embodiment of the present invention
  • FIG. 3 illustrates an example authentication fragment in the form of a graph in an X-Y coordinate system according to an example embodiment of the present invention
  • FIG. 4a illustrates a graph of the authentication fragment with respect to the X position component and time according to some example embodiments of the present invention
  • FIG. 4b illustrates a graph of the authentication fragment with respect to the Y position component and time according to some example embodiments of the present invention
  • FIG. 5 illustrates a block diagram of an apparatus and associated system for implementing a sketch-based authentication according to some example embodiments of the present invention
  • FIG. 6 illustrates a block diagram of a mobile terminal configured for implementing sketch-based authentication according to some example embodiment of the present invention.
  • FIG. 7 is a flowchart of an example method for sketch-based authentication according to an example embodiment of the present invention.
  • circuitry refers to all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry); (b) to combinations of circuits and software (and/or firmware), such as (as applicable): (i) to a combination of processor(s) or (ii) to portions of processor(s)/software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions); and (c) to circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present.
  • circuitry would also cover an implementation of merely a processor (or multiple processors) or portion of a processor and its (or their) accompanying software and/or firmware.
  • circuitry would also cover, for example and if applicable to the particular claim element, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, or other network device.
  • Various example embodiments of the present invention relate to methods, apparatuses, and computer program products for implementing sketch-based
  • a sketch may be a design drawn by a user, for example, with a stylus, finger, or the like on a touch pad or touch screen display of an electronic device, or by using an electronic implement such as a mouse, trackball, automated drawing puck, joystick, gaming controller, or the like.
  • a sketch may be used to determine the authenticity of a user.
  • a reference sketch may be defined and stored.
  • a user may input an authentication sketch, in a similar manner to entering a password. If the authentication sketch sufficiently matches a reference sketch, the use may be authenticated, and, for example, gain access to data or functionalities.
  • sketches may be used in a manner similar to conventional passwords as mechanisms for authenticating a user. Due to their uniqueness, sketches may be convenient to a knowing user, while also providing a high degree of security and password strength.
  • sketches may be comprised of one or more fragments.
  • authentication sketches may be comprised of one or more authentication fragments
  • reference sketches may be comprised of one or more reference fragments.
  • a fragment may be a portion of a sketch that does not include a discontinuity or break.
  • a fragment may begin with an starting position as a result of a finger-down event or pen-down event (e.g., the initiation of a touch on a touch screen display), mouse click or a mouse click-and-hold event, possibly followed by movement from the starting position (e.g., in the form of a swiping motion), and ending at an end position where a finger-up event, pen-up event, or mouse click release occurs.
  • a finger-down event or pen-down event e.g., the initiation of a touch on a touch screen display
  • mouse click or a mouse click-and-hold event possibly followed by movement from the starting position (e.g., in the form of a swiping motion)
  • movement from the starting position e.g., in the form of a swiping motion
  • Fragments may be defined a functions of position (e.g., in two dimensions) and time. Since a fragment is defined with respect to time, the concept of the speed in the linear portions and acceleration in the curves at which a user draws the fragment becomes a component of the sketch or graphical password.
  • a fragment may be defined by fragment characteristics which may describe a collection of points that make up the fragment or a collection of generated parameters describing, for example, intervals or segments of the fragment.
  • the characteristics may define a smooth curve that is derived from a raw user input of the fragment as is a function of time.
  • a user may provide the raw input in the form of a continuous fragment, but the characteristics of the fragment may be obtain based on, for example, a sample rate that captures a position and a time for each sample to thereby define a point of the fragment, a normalized version of the raw input, an interpolated version of the raw input, and/or combinations thereof.
  • a characteristic of the fragment may be may be described by three components - two position components and a time component.
  • the two position components may be defined within an orthogonal or non-orthogonal coordinate system.
  • a Cartesian coordinate system where a first component is an X (horizontal) component and a second component is a Y (vertical) component.
  • four components may be included in the fragment characteristics, where the components include three dimensional position components and a time component.
  • a three-dimension position coordinate system may therefore be utilized.
  • a different coordinate system may be utilized, such as, for example, a polar coordinate system where the first component may be radial length and a second coordinate may be an angle.
  • a complex coordinate system may be utilized.
  • the time component may be defined in, for example, seconds, milliseconds, or the like.
  • a time component may be defined relative to the time of the fragment starting point, which may be set to be zero.
  • an authentication fragment may be compared to a reference fragment, not only with respect to position, but also but also with respect to time. As such, if an authentication fragment, as a function of position and time, sufficiently matches a reference fragment, which is also a function of position and time, a user may be authenticated or analysis of additional authentication fragments may be undertaken to determine whether the user is authentic.
  • the characteristics e.g., points or parameters
  • each point of the authentication fragment may be considered to a respective point on the reference fragment, and difference may be calculated for each set. If all, or a threshold percentage, of the differences are below a predefined difference threshold, then the user may be authenticated.
  • the differences of each set may be averaged and compared to a difference threshold. Further, a maximum deviation for any one set may also be considered, for example, when an average difference is used.
  • any of a number of mechanisms for determining differences or degrees of equivalence between points or parameters as described herein may be utilized and compared to a threshold to determine whether to authenticate the user.
  • a root-mean-square (RMS) difference scheme may be utilized.
  • mechanisms that may be used include, but are limited to RMS, mean square, normalized mean square
  • FIGs. 1 a and 1 b illustrate an example mobile terminal 100 and an example computer system 150 that may be configured to implement sketch-based authentication as described herein.
  • the mobile terminal 100 and/or the computer system 150 may be electronic devices that, for example, execute applications that require user authentication.
  • a sketch-based password may be requested as depicted in FIG. 1 a.
  • the user may utilize the touch screen display 101 , mouse 151 , or other drawing apparatus to enter the authentication sketch and/or enrollments sketches for developing the reference sketch.
  • example sketch input mechanisms include, but are not limited to, use of a camera and gaze tracking for sketch input, use of an accelerometer and motion tracking, possibly in three dimensions (thee independent curves with respect to time) for sketch input, or using any other input mechanism that may be used to generates a curve function with respect to time.
  • the computer system 105 may be installed in, for example, a banking machine and entry of an authentication sketch may be required to conduct banking from the machine.
  • the mobile terminal 100 and/or the computer system 151 may be connected to a network and the authentication sketch may be required to access data or functionality via another terminal or server on the network.
  • an authentication sketch may be required to access a webpage that is available via the network, such as, for example, a social networking site, an email service site, or any other site that would require authentication of the user prior to awarding access.
  • the authentication sketch comprises a single fragment 102, but, as mentioned above and otherwise herein, an authentication and reference sketch may be comprised of multiple fragments.
  • the analysis with respect to each fragment of a multi-fragment sketch may be repeated for each fragment to make an authentication determination.
  • FIG. 2a illustrates an example fragment 102.
  • Two-dimensional positions 103 indicate the positions where fragment characteristics have been captured or generated based on, for example, a sampling rate. Each of the two-dimensional position 103 may also be associated with a time component.
  • Two-dimensional position 103a indicates a starting position for the fragment 102 and two-dimensional position 103b indicates an ending position for the fragment 102.
  • the starting position e.g., position of the pen-down event for the fragment
  • the ending position e.g., the position of the pen-up event for the fragment
  • the time between drawing two fragments j and j+1 , or the inter-fragment duration, may be zJT(j ⁇ j+1 ).
  • the number of fragments may be F.
  • drawing a single fragment f(j) may take 7(j) seconds, which may be referred to as the fragment time duration.
  • the fragment is an authentication fragment
  • the time to draw the fragment may be referred to as the authentication fragment time duration
  • the fragment is a reference fragment
  • the time to draw the fragment may be referred to as the reference fragment time duration.
  • a fragment may be sampled at regular intervals At resulting in n(j) triplets (j; f, x, y), where x is a coordinate of the triple in a first positional dimension and y is a coordinate of the triple in a second positional dimension (e.g., the X and Y components in the Cartesian coordinate system).
  • n(j) 1 + round (— ⁇ )
  • a procedure may be implemented where enrollment sketches are repeated m times by the user.
  • the associated m enrollment fragments may then be translated and rotated with respect to each other to eliminate or reduce artificially high RMS values between the points of the enrollment fragments.
  • each raw input authentication fragment may be translated and rotated onto an associated reference fragment to generate the authentication fragment f uth x,y ( ).
  • scaling of the raw input fragment may also be performed. Translating, rotating, and/or scaling may be optionally performed to improve performance.
  • a user may be able to start the drawing anywhere on the display with the display being positioned in any orientation.
  • FIG. 2b illustrates a translation and rotation process for the fragment 102, which may be used in both the enrollment or authentication process.
  • the fragment 102 may be translated to a modified position as represented by arrow 107 and rotated as indicated by arrow 106 to result in the translated and rotated fragment 105.
  • An example resultant authentication fragment is illustrated in an X-Y coordinate system graph 1 10 of FIG. 3.
  • Translation and rotation may be performed in any number of ways. For example, translation may be performed, for example, by determining a centroid of the
  • Rotation may be performed, for example, by rotating the translated authentication fragment about its centroid such that minimum cumulative distances exist between points on the authentication fragment and points on the reference fragment.
  • the three dimensional fragment characteristics may be decomposed into two, two-dimensional curves.
  • the curve f ut x (j;f) (e.g., depicted in FIG. 4a as graph 120) may be compared to f ef x ;t), and the curve f uth x (j;f) (e.g., depicted in FIG.
  • the comparisons may be made by determining RMS differences between the curves.
  • the n-th point of the authentication fragment may be compared to the n-th point on a reference fragment that is an average of the enrollment fragments or the n-th point of the authentication fragment may be compared to the n-th point on each of the enrollment fragments. Based on the result of the comparisons, an authentication determination may be made.
  • a single, three dimensional comparison between the authentication fragment and the reference fragment may be performed. Whether two, two dimensional comparisons or a single three-dimensional comparison is performed, the comparisons may be performed between points of the fragments, or in some embodiments, as further described below, between parameters derived from the fragments.
  • additional optimizations and/or pre- comparison fragment modifications may be performed to reduce the likelihood of artificially high differences (e.g., RMS differences) determined during the comparisons.
  • degraded results may occur due to minor deviations in the drawing time 7(j) because a different number of sampled points may be captured or generated.
  • reproduction of the fragment may not be accurate with respect to the granularity of the sampling rate At, such that, for example, an x-component of a 3 rd point of an authentication fragment is not the same for each authentication attempt.
  • the authentication fragment may be normalized with respect to the authentication fragment time duration reference T ef (j). Additionally, in some example embodiments, the reference fragment may be first described by using an interpolation operation to fit a smooth line through a number of points.
  • the interpolation operation may be one of number of operations including, but not limited to, a B-spline fitting procedure, natural spline fitting procedure, cubic spline fitting procedure, a Bezier curves procedure, or other fitting procedure.
  • the m enrollment fragments may be used, and for the authentication fragment, the raw authentication fragment input may be used for the interpolation operation.
  • the number of knots / (j) of the reference fragment can be less than the number of points n(j) on the authentication fragment.
  • knots or control points of the fragments may be identified.
  • the / (j)+1 knots of the reference fragment may be placed such that the RMS differences of the sampled points (t,x,y) with respect to reference points (t,x ref ,y r e f ) determined from the interpolated reference fragment are determined to be a minimum.
  • parameter sets may be generated. Each interval between two knots may be associated to a parameter set P(j) for that may be used to calculate the function value at every point on that interval.
  • a reference sketch may be therefore defined by F ref fragments with k r (j) matrices P r (j) for the x-component, and k r (j) matrices P y ref (j) for the y-component; F ref drawing times T ef (j); and F ef -1 inter-fragment time intervals AT ef ⁇ + ).
  • the entire sketch may be interpolated and considered.
  • events such as pen up and pen down events may be disregarded. Accordingly, the interpolation operation may result in the similar generation of parameters, but for the entire sketch.
  • comparisons may be made for user authentication purposes.
  • the user may then draw an authentication sketch comprising the F fragments.
  • the authentication fragments may then be decomposed into f uth x Q;t) and f uth y Q;t), and normalized with respect to T ef Q).
  • the authentication sketch may then be defined by F fragments with k x (j) matrices P x (j) for the x-component, and k y (j) matrices P y (j) for the y-component; F drawing times 7(j); and FA inter-fragment time intervals zJT(j ⁇ j+1 ).
  • the differences can be divided by the RMS of, for example, T ef ⁇ ). Additionally, the standard deviation in the coordinates may be determined by the variance of the parameter sets P x (j), P y (j) of the interpolated fragment.
  • the total duration of time used to draw the authentication fragment 7(j) (also referred to as the authentication fragment time duration value) may be compared to a reference duration for drawing the reference fragment T ef ⁇ ) (also referred to as the authentication fragment time duration reference value).
  • the authentication fragment time duration reference value may be determined by averaging the durations for drawing the m enrollment fragments.
  • the duration of time between fragments or the inter- fragment time duration may be considered when determining the authenticity of a user.
  • the inter-fragment time duration between two fragments zJT(j ⁇ j+1 ) may be compared with an inter-fragment time duration reference zlT ⁇ +l ) .
  • the inter- fragment time duration reference may also be determined by averaging the durations between drawing the fragment in the m enrollment sketches.
  • a variety of analysis methods may be utilized. For example, all or some defined subset, of the points of the authentication fragment may be compared to respective points on the reference fragment.
  • a point ⁇ t,x,y) may be a point on the authentication curve.
  • the value of f, combined with the parameters P re that describe the reference fragment, may be used to determine the reference point (x re ,/ e ) that corresponds to the authentication reference point ( y).
  • the RMS difference between the reference point (x re ,/ e ) and authentication point (x,y) may be calculated. Similar calculations may be completed for all or some defined subset of the points on the authentication fragment.
  • a resultant RMS value may be generated that is used to determine if the authentication fragment is sufficiently similar to the reference fragment to authenticate the user.
  • the parameters that describe the authentication fragment and the parameters that describe the reference fragment may be compared to facilitate determining the authenticity of a user.
  • the parameters P of the authentication curve are determined as described above, and compared to the reference parameters P re for the reference curve.
  • comparison of the parameters may include determining the RMS differences between the parameters P of the authentication curve and parameters P re of the reference curve, and comparing the differences to an authentication threshold to determine whether or not the user should be authenticated. As such, based on the results of the comparison of the parameters, the authenticity of the user may be verified.
  • authentication results can be determined independent of grid definition thereby avoiding the implications of cell boundary issues, with a high degree of detail to resulting in higher password strength, and with low mathematical complexity during authentication due to possible reduction to a two dimensional analysis using time as an axis.
  • Some example embodiments allow for the password strength to be easily be adapted by modifying the acceptance threshold for comparisons thereby requiring more or less detail or enrolling higher complexity sketches.
  • embodiments may also be leveraged for use in keypad lock mechanisms on touch screen devices.
  • FIGs. 5 and 6 depict example apparatuses that may be configured to perform various functionalities as described herein, including those described with respect to operations described with respect to the descriptions of FIGs. 1 a-4b provide above, and with respect to the flowchart of FIG. 7, and the operations otherwise described herein.
  • apparatus 500 an example embodiment of the present invention is depicted as apparatus 500.
  • the mobile terminal 100 or the computer system 150 may be example embodiments of apparatus 500.
  • the apparatus 500 need not include wireless communications functionality, but in other example embodiments, the apparatus 500 may, be embodied as, or included as a component of, a communications device with wired and/or wireless communications capabilities.
  • the apparatus 500 may be part of a communications device, such as a stationary or a mobile communications terminal.
  • the apparatus 500 may be a mobile and/or wireless communications node such as, for example, a mobile and/or wireless server, computer, access point, handheld wireless device (e.g., telephone, portable digital assistant (PDA), mobile television, gaming device, camera, video recorder, audio/video player, radio, digital book reader, and/or a global positioning system (GPS) device), any combination of the
  • GPS global positioning system
  • apparatus 500 may also include computing capabilities.
  • FIG. 5 illustrates a block diagram of example components of the apparatus 500.
  • the example apparatus 500 comprises or is otherwise in communication with a processor 505, a memory device 510, an Input/Output (I/O) interface 506, a user interface 525, and an authentication sketch analyzer 540.
  • the apparatus 500 may further include a communications interface 515.
  • the processor 505 may, according to some example embodiments, be embodied as various means for implementing the various functionalities of example embodiments of the present invention including, for example, a microprocessor, a coprocessor, a controller, a special-purpose integrated circuit such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), or a hardware accelerator, processing circuitry or the like.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • processor 505 may be representative of a plurality of processors, or one or more multiple core processors, operating in concert. Further, the processor 505 may be comprised of a plurality of transistors, logic gates, a clock (e.g., oscillator), other circuitry, and the like to facilitate performance of the functionality described herein. The processor 505 may, but need not, include one or more accompanying digital signal processors. In some example embodiments, the processor 505 is configured to execute instructions stored in the memory device 510 or instructions otherwise accessible to the processor 505. The processor 505 may be configured to operate such that the processor causes or directs the apparatus 500 to perform various functionalities described herein.
  • the processor 505 may be an entity and means capable of performing operations according to embodiments of the present invention while configured accordingly.
  • the processor 505 is specifically configured hardware for conducting the operations described herein.
  • the instructions specifically configure the processor 505 to perform the algorithms and operations described herein.
  • the processor 505 is a processor of a specific device (e.g., a communications server or mobile terminal) configured for employing example embodiments of the present invention by further configuration of the processor 505 via executed instructions for performing the algorithms, methods, and operations described herein.
  • a specific device e.g., a communications server or mobile terminal
  • the memory device 510 may be one or more tangible and/or non-transitory computer-readable storage media that may include volatile and/or non-volatile memory.
  • the memory device 510 comprises Random Access Memory (RAM) including dynamic and/or static RAM, on-chip or off-chip cache memory, and/or the like.
  • RAM Random Access Memory
  • memory device 510 may include non-volatile memory, which may be embedded and/or removable, and may include, for example, read-only memory, flash memory, magnetic storage devices (e.g., hard disks, floppy disk drives, magnetic tape, etc.), optical disc drives and/or media, non-volatile random access memory
  • Memory device 510 may include a cache area for temporary storage of data. In this regard, some or all of memory device 510 may be included within the processor 505. In some example embodiments, the memory device 510 may be in communication with the processor 505 and/or other components via a shared bus.
  • the memory device 510 may be configured to store information, data, applications, computer-readable program code instructions, and/or the like for enabling the processor 505 and the example apparatus 500 to carry out various functions in accordance with example embodiments of the present invention described herein.
  • the memory device 510 may be configured to buffer input data for processing by the processor 505.
  • the memory device 510 may be configured to store instructions for execution by the processor 505.
  • the I/O interface 506 may be any device, circuitry, or means embodied in hardware, software, or a combination of hardware and software that is configured to interface the processor 505 with other circuitry or devices, such as the communications interface 515.
  • the I/O interface may embody or be in communication with a bus that is shared by multiple components.
  • the processor 505 may interface with the memory 510 via the I/O interface 506.
  • the I/O interface 506 may be configured to convert signals and data into a form that may be interpreted by the processor 505.
  • the I/O interface 506 may also perform buffering of inputs and outputs to support the operation of the processor 505.
  • the processor 505 and the I/O interface 506 may be combined onto a single chip or integrated circuit configured to perform, or cause the apparatus 500 to perform, various functionalities of the present invention.
  • the apparatus 500 or some of the components of apparatus 500 may be embodied as a chip or chip set.
  • the apparatus 500 may comprise one or more physical packages (e.g., chips) including materials, components and/or wires on a structural assembly (e.g., a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the apparatus 500 may therefore, in some cases, be configured to implement embodiments of the present invention on a single chip or as a single "system on a chip.”
  • a chip or chipset may constitute means for performing the functionalities described herein and with respect to the processor 505.
  • the communication interface 515 may be any device or means embodied in hardware, a computer program product, or a combination of hardware and a computer program product that is configured to receive and/or transmit data from/to a network 520 and/or any other device or module in communication with the example apparatus 500.
  • the communications interface may be configured to communicate information via any type of wired or wireless connection, and via any type of communications protocol, such as a communications protocol that supports cellular communications.
  • the communication interface 515 may be configured to support the transmission and reception of communications in a variety of networks including, but not limited to Internet Protocol-based networks (e.g., the Internet), cellular networks, or the like. Further, the communications interface 515 may be configured to support device-to-device communications.
  • Processor 505 may also be configured to facilitate communications via the communications interface 515 by, for example, controlling hardware included within the communications interface 515.
  • the communication interface 515 may include, for example, communications driver circuitry (e.g., circuitry that supports wired communications via, for example, fiber optic connections), one or more antennas, a transmitter, a receiver, a transceiver and/or supporting hardware, including, for example, a processor for enabling communications.
  • the example apparatus 500 may communicate with various other network entities in a device-to-device fashion and/or via indirect
  • the user interface 525 may be in communication with the processor 505 to receive user input via the user interface 525 and/or to present output to a user as, for example, audible, visual, mechanical, or other output indications.
  • the user interface 525 may include, for example, a keyboard, a mouse, a joystick, a display (e.g., a touch screen display), a microphone, a speaker, camera, accelerometer, or other input/output mechanisms.
  • the processor 505 may comprise, or be in communication with, user interface circuitry configured to control at least some functions of one or more elements of the user interface.
  • the processor 505 and/or user interface circuitry may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (e.g., software and/or firmware) stored on a memory accessible to the processor 505 (e.g., volatile memory, non-volatile memory, and/or the like).
  • the user interface 525 may also be configured to support the implementation of haptic feedback.
  • the user interface 525, as controlled by processor 505, may include a vibra, a piezo, and/or an audio device configured for haptic feedback as described herein.
  • the user interface circuitry is configured to facilitate user control of at least some functions of the apparatus 500 through the use of a display and configured to respond to user inputs.
  • the processor 505 may also comprise, or be in communication with, display circuitry configured to display at least a portion of a user interface, the display and the display circuitry configured to facilitate user control of at least some functions of the apparatus 500.
  • the user interface 525 may include, as mentioned above, one or more touch screen displays.
  • a touch screen display may be configured to visually present graphical information to a user, as well as receive user input via a touch sensitive screen.
  • the touch screen display which may be embodied as any known touch screen display, may also include a touch detection surface configured to enable touch recognition by any suitable technique, such as resistive, capacitive, infrared, strain gauge, surface wave, optical imaging, dispersive signal technology, acoustic pulse recognition, or other like techniques.
  • the touch screen display may be configured to operate in a hovering mode, where movements of a finger, stylus, or other implement can be sensed when sufficiently near the touch screen surface, without physically touching the surface.
  • the touch screen displays may include all of the hardware necessary to detect a touch when contact is made with the touch detection surface and send an indication to, for example, processor 505 indicating characteristics of the touch such as location information.
  • a touch event may occur when an object, such as a stylus, finger, pen, pencil or any other pointing device, comes into contact with a portion of the touch detection surface of the touch screen display in a manner sufficient to register as a touch.
  • the touch screen display may therefore be configured to generate touch event location data indicating the location of the touch event on the screen.
  • the authentication sketch analyzer 540 of example apparatus 500 may be any means or device embodied, partially or wholly, in hardware, a computer program product, or a combination of hardware and a computer program product, such as processor 505 implementing stored instructions to configure the example apparatus 500, memory device 510 storing executable program code instructions configured to carry out the functions described herein, or a hardware configured processor 505 that is configured to carry out the functions of the authentication sketch analyzer 540 as described herein.
  • the processor 505 comprises, or controls, the authentication sketch analyzer 540.
  • the authentication sketch analyzer 540 may be, partially or wholly, embodied as processors similar to, but separate from processor 505. In this regard, the authentication sketch analyzer 540 may be in communication with the processor 505.
  • the authentication sketch analyzer 540 may, partially or wholly, reside on differing apparatuses such that some or all of the functionality of the authentication sketch analyzer 540 may be performed by a first apparatus, and the remainder of the functionality of the authentication sketch analyzer 540 may be performed by one or more other apparatuses.
  • the apparatus 500 and the processor 505 may be configured to perform the following functionality via authentication sketch analyzer 540.
  • the authentication sketch analyzer 540 may be configured to perform operations associated with enrolling a sketch-based password or authenticator as described herein, and/or perform
  • the authentication sketch analyzer 540 may be configured to cause or direct means such as the processor 505 and/or the apparatus 500 to perform various functionalities, such as those described with respect to FIGs. 1 a-4b, and 7, and as generally described herein.
  • the authentication sketch analyzer 540 may be configured to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment at 700.
  • the first authentication fragment being at least one part of an authentication sketch that may be comprised of one or more authentication fragments.
  • the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time.
  • obtaining the first authentication fragment characteristics comprises obtaining at least first authentication fragment starting position coordinates which define a point with respect to position and time at which the first authentication fragment originates or starts, and first authentication fragment ending position coordinates and an ending time value which define a point with respect to position and time at which the first authentication fragment ends.
  • a time value of the starting position coordinates may be implied (e.g., equal to zero) since time values for the other coordinates may be provided relative to the time of the starting position coordinates.
  • the first authentication fragment characteristics may describe points with respect to a first position dimension, a second position dimension, and a time dimension. Additionally, or alternatively, in some example embodiments, the authentication sketch analyzer 540 may be configured to translate, rotate, and or scale a raw user input fragment onto the first reference fragment.
  • obtaining the first authentication fragment parameters comprises normalizing a raw user input fragment that is based on the first authentication fragment parameters with respect to a first authentication fragment time duration reference value. In some example embodiments, obtaining the first authentication fragment characteristics may include performing an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters.
  • the authentication sketch analyzer 540 may also be configured to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user at 710.
  • the first reference fragment may be a function of position and time, and the first reference fragment may be at least one part of a reference sketch.
  • comparing the first authentication fragment parameters may include calculating root-mean-square differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, and determining whether the root-means-square differences are less than a predefined threshold.
  • calculating root-mean-square differences may include calculating root-mean-square differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, where the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment.
  • comparing the first authentication fragment characteristics to points on the first reference fragment comprises performing a two-dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension. Additionally, or alternatively, according to some example embodiments, comparing the first authentication fragment
  • comparing the first authentication fragment parameters may include comparing the first authentication fragment parameters to first reference fragment parameters, where the first reference fragment parameters are determined via an interpolation operation with respect to the first reference fragment. Further, comparing the first authentication fragment characteristics may include comparing the first authentication fragment characteristics to the first reference fragment characteristics, where the first reference fragment is generated based on a fitting or interpolation procedure and multiple enrollment fragments.
  • the authentication sketch analyzer 540 may be configured to obtain an inter-fragment time duration value at 720 which may be defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment.
  • the second authentication fragment may be a part of the authentication sketch.
  • the authentication sketch analyzer 540 may also be configured to, in some example embodiments, compare the inter- fragment time duration value to an inter-fragment time duration reference value at 730 to facilitate determining the authenticity of the user.
  • the authentication sketch analyzer 540 may be configured to obtain a first authentication fragment time duration value at 740, which may be defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment, and compare the first authentication fragment time duration value to a first authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
  • the example apparatus of FIG. 6 is a mobile terminal 10 configured to communicate within a wireless network, such as a cellular communications network.
  • the mobile terminal 10 may be configured to perform the functionality of the mobile terminal 100 or apparatus 500 as described herein. More specifically, the mobile terminal 10 may be caused to perform the functionality described with respect to FIGs. 1 a-4b and/or 7, via the processor 20.
  • the processor 20 may be configured to perform the functionality described with respect to the authentication sketch analyzer 540.
  • Processor 20 may be an integrated circuit or chip configured similar to the processor 505 together with, for example, the I/O interface 506. Further, volatile memory 40 and nonvolatile memory 42 may be configured to support the operation of the processor 20 as computer readable storage media.
  • the mobile terminal 10 may also include an antenna 12, a transmitter 14, and a receiver 16, which may be included as parts of a communications interface of the mobile terminal 10.
  • the speaker 24, the microphone 26, display 28 (which may be a touch screen display), and the keypad 30 may be included as parts of a user interface.
  • FIG. 7 illustrates flowcharts of example systems, methods, and/or computer program products according to example embodiments of the invention. It will be understood that each operation of the flowcharts, and/or combinations of operations in the flowcharts, can be implemented by various means. Means for implementing the operations of the flowcharts, combinations of the operations in the flowchart, or other functionality of example embodiments of the present invention described herein may include hardware, and/or a computer program product including a computer-readable storage medium (as opposed to a computer-readable transmission medium which describes a propagating signal) having one or more computer program code instructions, program instructions, or executable computer-readable program code instructions stored therein. In this regard, program code instructions for performing the operations and functions of FIG.
  • any such program code instructions may be loaded onto a computer or other programmable apparatus (e.g., processor 505, memory device 510, or the like) from a computer- readable storage medium to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified in the flowcharts' operations.
  • program code instructions may also be stored in a computer- readable storage medium that can direct a computer, a processor, or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture.
  • the instructions stored in the computer-readable storage medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing the functions specified in the flowcharts' operations.
  • the program code instructions may be retrieved from a computer-readable storage medium and loaded into a computer, processor, or other programmable apparatus to configure the computer, processor, or other programmable apparatus to execute operations to be performed on or by the computer, processor, or other programmable apparatus.
  • Retrieval, loading, and execution of the program code instructions may be performed sequentially such that one instruction is retrieved, loaded, and executed at a time. In some example embodiments, retrieval, loading and/or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and/or executed together. Execution of the program code instructions may produce a computer- implemented process such that the instructions executed by the computer, processor, or other programmable apparatus provide operations for implementing the functions specified in the flowcharts' operations.

Abstract

Various methods for implementing sketch-based authentication are provided. One example method comprises obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example method may also include comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch. Similar and related example methods, example apparatuses, and example computer program products are also provided.

Description

METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR IMPLEMENTING SKETCH-BASED AUTHENTICATION
TECHNICAL FIELD
Embodiments of the present invention relate generally to implementing a user interface, and, more particularly, relate to a method, apparatus, and computer program product for implementing sketch-based authentication.
BACKGROUND
The security of local and remote computing devices and services has become an important issue as an increasing amount of sensitive data and functionality is made accessible on local devices and via network connections. For example, mobile computing devices, such as smart phones and other wireless devices are being commonly being used for sensitive tasks such as banking, record keeping, and the like. Further, sensitive information may be accessible via remote network connections, such as via the Internet. As a result of the increased accessibility to sensitive information and functionality, a need arises for convenient but highly secure authentication procedures to provide access.
SUMMARY
Example methods, example apparatuses, and example computer program products are described herein that provide for implementing sketch-based authentication. One example method comprises obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example method may also include comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
An additional example embodiment is an apparatus configured to implement sketch-based authentication. The example apparatus may comprise at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, direct the apparatus to perform various functionality. In this regard, the example apparatus may be directed to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example apparatus may also be directed to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
Another example embodiment is a computer program that, when executed causes an apparatus to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example computer program may also cause the apparatus to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
Another example embodiment is a computer program product comprising a non- transitory memory having computer program code stored thereon, wherein the computer program code is configured to direct an apparatus to perform various functionalities. In this regard, the program code may be configured to direct the apparatus to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example computer program code may also be configured to direct an apparatus to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
Another example apparatus comprises means for obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment. The first authentication fragment may be at least one part of an authentication sketch, and the first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. The example apparatus may also include means for comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, where the first reference fragment is a function of position and time and the first reference fragment is at least one part of a reference sketch.
BRIEF DESCRIPTION OF THE DRAWING(S)
Having thus described example embodiments of the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
FIG. 1 a illustrates an example mobile terminal with a touch screen display for receiving an authentication input sketch according to an example embodiment of the present invention;
FIG. 1 b illustrates an example computer system for receiving an authentication input sketch according to an example embodiment of the present invention;
FIG. 2a illustrates an authentication fragment according to an example embodiment of the present invention;
FIG. 2b illustrates rotation and translation of an authentication fragment according to an example embodiment of the present invention;
FIG. 3 illustrates an example authentication fragment in the form of a graph in an X-Y coordinate system according to an example embodiment of the present invention;
FIG. 4a illustrates a graph of the authentication fragment with respect to the X position component and time according to some example embodiments of the present invention;
FIG. 4b illustrates a graph of the authentication fragment with respect to the Y position component and time according to some example embodiments of the present invention;
FIG. 5 illustrates a block diagram of an apparatus and associated system for implementing a sketch-based authentication according to some example embodiments of the present invention;
FIG. 6 illustrates a block diagram of a mobile terminal configured for implementing sketch-based authentication according to some example embodiment of the present invention; and
FIG. 7 is a flowchart of an example method for sketch-based authentication according to an example embodiment of the present invention. DETAILED DESCRIPTION
Example embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. Indeed, the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like reference numerals refer to like elements throughout. The terms "data," "content," "information," and similar terms may be used interchangeably, according to some example embodiments of the present invention, to refer to data capable of being transmitted, received, operated on, and/or stored.
As used herein, the term 'circuitry' refers to all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry); (b) to combinations of circuits and software (and/or firmware), such as (as applicable): (i) to a combination of processor(s) or (ii) to portions of processor(s)/software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions); and (c) to circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present.
This definition of 'circuitry' applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term "circuitry" would also cover an implementation of merely a processor (or multiple processors) or portion of a processor and its (or their) accompanying software and/or firmware. The term "circuitry" would also cover, for example and if applicable to the particular claim element, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, or other network device.
Various example embodiments of the present invention relate to methods, apparatuses, and computer program products for implementing sketch-based
authentication. A sketch (or graphical password, within this context) may be a design drawn by a user, for example, with a stylus, finger, or the like on a touch pad or touch screen display of an electronic device, or by using an electronic implement such as a mouse, trackball, automated drawing puck, joystick, gaming controller, or the like.
Because a sketch can be rather unique, sketches may be utilized as highly reliable and convenient passwords. In this regard, a sketch may be used to determine the authenticity of a user. For authentication purposes, a reference sketch may be defined and stored. When a user wishes, for example, to unlock a handheld device and gain access to the device's functionality, gain access to information on a secure website, or be otherwise authenticated, a user may input an authentication sketch, in a similar manner to entering a password. If the authentication sketch sufficiently matches a reference sketch, the use may be authenticated, and, for example, gain access to data or functionalities.
As such, sketches may be used in a manner similar to conventional passwords as mechanisms for authenticating a user. Due to their uniqueness, sketches may be convenient to a knowing user, while also providing a high degree of security and password strength. According to some example embodiments, sketches may be comprised of one or more fragments. Accordingly, authentication sketches may be comprised of one or more authentication fragments, and reference sketches may be comprised of one or more reference fragments. A fragment may be a portion of a sketch that does not include a discontinuity or break. In this regard, a fragment may begin with an starting position as a result of a finger-down event or pen-down event (e.g., the initiation of a touch on a touch screen display), mouse click or a mouse click-and-hold event, possibly followed by movement from the starting position (e.g., in the form of a swiping motion), and ending at an end position where a finger-up event, pen-up event, or mouse click release occurs.
Fragments may be defined a functions of position (e.g., in two dimensions) and time. Since a fragment is defined with respect to time, the concept of the speed in the linear portions and acceleration in the curves at which a user draws the fragment becomes a component of the sketch or graphical password. In this regard, a fragment may be defined by fragment characteristics which may describe a collection of points that make up the fragment or a collection of generated parameters describing, for example, intervals or segments of the fragment. In some example embodiments, such as those that involve the characteristics being parameters, the characteristics may define a smooth curve that is derived from a raw user input of the fragment as is a function of time.
According to various example embodiments, a user may provide the raw input in the form of a continuous fragment, but the characteristics of the fragment may be obtain based on, for example, a sample rate that captures a position and a time for each sample to thereby define a point of the fragment, a normalized version of the raw input, an interpolated version of the raw input, and/or combinations thereof.
In some example embodiments, a characteristic of the fragment may be may be described by three components - two position components and a time component. The two position components may be defined within an orthogonal or non-orthogonal coordinate system. For example, a Cartesian coordinate system where a first component is an X (horizontal) component and a second component is a Y (vertical) component. In some example embodiments, four components may be included in the fragment characteristics, where the components include three dimensional position components and a time component. A three-dimension position coordinate system may therefore be utilized. According to some example embodiments, a different coordinate system may be utilized, such as, for example, a polar coordinate system where the first component may be radial length and a second coordinate may be an angle. Further, in some example embodiments, a complex coordinate system may be utilized. The time component may be defined in, for example, seconds, milliseconds, or the like. In some example embodiments, a time component may be defined relative to the time of the fragment starting point, which may be set to be zero.
Accordingly, with respect to some example embodiments, an authentication fragment may be compared to a reference fragment, not only with respect to position, but also but also with respect to time. As such, if an authentication fragment, as a function of position and time, sufficiently matches a reference fragment, which is also a function of position and time, a user may be authenticated or analysis of additional authentication fragments may be undertaken to determine whether the user is authentic. In some example embodiments, the characteristics (e.g., points or parameters) of the
authentication fragment may be compared to the characteristics of the reference fragment (e.g., point or parameters) and differences between the various characteristics may be calculated. For example, in embodiments each point of the authentication fragment may be considered to a respective point on the reference fragment, and difference may be calculated for each set. If all, or a threshold percentage, of the differences are below a predefined difference threshold, then the user may be authenticated. In some example embodiments, the differences of each set may be averaged and compared to a difference threshold. Further, a maximum deviation for any one set may also be considered, for example, when an average difference is used.
According to various example embodiments, any of a number of mechanisms for determining differences or degrees of equivalence between points or parameters as described herein may be utilized and compared to a threshold to determine whether to authenticate the user. For example, a root-mean-square (RMS) difference scheme may be utilized. Further, according to some example embodiments, mechanisms that may be used include, but are limited to RMS, mean square, normalized mean square
(standard deviation), or the like. As such, while RMS may be used an example mechanism herein, other mechanisms may be alternatively used.
Given the context provided above, FIGs. 1 a and 1 b illustrate an example mobile terminal 100 and an example computer system 150 that may be configured to implement sketch-based authentication as described herein. In this regard, the mobile terminal 100 and/or the computer system 150 may be electronic devices that, for example, execute applications that require user authentication. In this regard, based on the context of the device, a sketch-based password may be requested as depicted in FIG. 1 a. The user may utilize the touch screen display 101 , mouse 151 , or other drawing apparatus to enter the authentication sketch and/or enrollments sketches for developing the reference sketch. Other example sketch input mechanisms include, but are not limited to, use of a camera and gaze tracking for sketch input, use of an accelerometer and motion tracking, possibly in three dimensions (thee independent curves with respect to time) for sketch input, or using any other input mechanism that may be used to generates a curve function with respect to time. In some example embodiments, the computer system 105 may be installed in, for example, a banking machine and entry of an authentication sketch may be required to conduct banking from the machine. Further, in some example embodiments, the mobile terminal 100 and/or the computer system 151 may be connected to a network and the authentication sketch may be required to access data or functionality via another terminal or server on the network. For example, an authentication sketch may be required to access a webpage that is available via the network, such as, for example, a social networking site, an email service site, or any other site that would require authentication of the user prior to awarding access.
In the example scenario of FIGs. 1 a-4b, the authentication sketch comprises a single fragment 102, but, as mentioned above and otherwise herein, an authentication and reference sketch may be comprised of multiple fragments. The analysis with respect to each fragment of a multi-fragment sketch may be repeated for each fragment to make an authentication determination.
FIG. 2a illustrates an example fragment 102. Two-dimensional positions 103 indicate the positions where fragment characteristics have been captured or generated based on, for example, a sampling rate. Each of the two-dimensional position 103 may also be associated with a time component. Two-dimensional position 103a indicates a starting position for the fragment 102 and two-dimensional position 103b indicates an ending position for the fragment 102. For each fragment f(j), the starting position (e.g., position of the pen-down event for the fragment) may be associated with a time component f = 0. The ending position (e.g., the position of the pen-up event for the fragment) may be associated with a time component f = 7(j). The time between drawing two fragments j and j+1 , or the inter-fragment duration, may be zJT(j→j+1 ). In an example scenario involving multiple fragments, the number of fragments may be F.
As such, drawing a single fragment f(j) may take 7(j) seconds, which may be referred to as the fragment time duration. If the fragment is an authentication fragment, the time to draw the fragment may be referred to as the authentication fragment time duration, and if the fragment is a reference fragment, the time to draw the fragment may be referred to as the reference fragment time duration. As described above, a fragment may be sampled at regular intervals At resulting in n(j) triplets (j; f, x, y), where x is a coordinate of the triple in a first positional dimension and y is a coordinate of the triple in a second positional dimension (e.g., the X and Y components in the Cartesian coordinate system). In embodiments where an irregular sampling rate is used, the relationships between the components may be considered accordingly. To determine the number of points n(j) for the authentication fragment using regular intervals At, with f = 0 and f = 7(j) included, the following relationship may be used: n(j) = 1 + round (— ^ )
At
To enroll or define the reference sketch and associated reference fragments, a procedure may be implemented where enrollment sketches are repeated m times by the user. The associated m enrollment fragments may then be translated and rotated with respect to each other to eliminate or reduce artificially high RMS values between the points of the enrollment fragments. The result may be a single, two-dimensional reference fragment defined by a collection of characteristics, such as, for example, triples (j; f, x, y). Since the x and y coordinates of the fragment fef x,y(j) may be independent, the fragment may be decomposed into two, two-dimensional curves fef x ,t) = x and fef y (j,f) = y that may also be mutually independent. Alternatively, in some example embodiments, a curve defined by fef{t) = (x, y) may be used.
Having developed a reference sketch with reference fragments, an authentication may now be performed. During authentication, each raw input authentication fragment may be translated and rotated onto an associated reference fragment to generate the authentication fragment f uth x,y( ). In some example embodiments, scaling of the raw input fragment may also be performed. Translating, rotating, and/or scaling may be optionally performed to improve performance. In this regard, a user may be able to start the drawing anywhere on the display with the display being positioned in any orientation.
FIG. 2b illustrates a translation and rotation process for the fragment 102, which may be used in both the enrollment or authentication process. In this regard, the fragment 102 may be translated to a modified position as represented by arrow 107 and rotated as indicated by arrow 106 to result in the translated and rotated fragment 105. An example resultant authentication fragment is illustrated in an X-Y coordinate system graph 1 10 of FIG. 3. Translation and rotation may be performed in any number of ways. For example, translation may be performed, for example, by determining a centroid of the
authentication fragment and shifting the position of the authentication fragment's centroid to a position of the reference fragment's centroid. Rotation may be performed, for example, by rotating the translated authentication fragment about its centroid such that minimum cumulative distances exist between points on the authentication fragment and points on the reference fragment.
To prepare for comparisons between the authentication fragment and the reference fragment, according to some example embodiments, the three dimensional fragment characteristics may be decomposed into two, two-dimensional curves. The authentication fragment may then be decomposed into f uth x( ;f)= x and fut y{i;t)= y. The curve fut x (j;f) (e.g., depicted in FIG. 4a as graph 120) may be compared to fef x ;t), and the curve futh x (j;f) (e.g., depicted in FIG. 4b as graph 130) may be compared to 'χ (j;f)- According to some example embodiments, the comparisons may be made by determining RMS differences between the curves. In some example embodiments, the n-th point of the authentication fragment may be compared to the n-th point on a reference fragment that is an average of the enrollment fragments or the n-th point of the authentication fragment may be compared to the n-th point on each of the enrollment fragments. Based on the result of the comparisons, an authentication determination may be made. As an alternative to the two, two dimensional comparisons for authentication, a single, three dimensional comparison between the authentication fragment and the reference fragment may be performed. Whether two, two dimensional comparisons or a single three-dimensional comparison is performed, the comparisons may be performed between points of the fragments, or in some embodiments, as further described below, between parameters derived from the fragments.
According to some example embodiments, additional optimizations and/or pre- comparison fragment modifications may be performed to reduce the likelihood of artificially high differences (e.g., RMS differences) determined during the comparisons. In this regard, in some instances, degraded results may occur due to minor deviations in the drawing time 7(j) because a different number of sampled points may be captured or generated. Additionally, in some instances, reproduction of the fragment may not be accurate with respect to the granularity of the sampling rate At, such that, for example, an x-component of a 3rd point of an authentication fragment is not the same for each authentication attempt.
To avoid or minimize this issue, according to some example embodiments, the authentication fragment may be normalized with respect to the authentication fragment time duration reference Tef(j). Additionally, in some example embodiments, the reference fragment may be first described by using an interpolation operation to fit a smooth line through a number of points. The interpolation operation may be one of number of operations including, but not limited to, a B-spline fitting procedure, natural spline fitting procedure, cubic spline fitting procedure, a Bezier curves procedure, or other fitting procedure. For the reference fragment the the m enrollment fragments may be used, and for the authentication fragment, the raw authentication fragment input may be used for the interpolation operation. For improved performance, the number of knots / (j) of the reference fragment can be less than the number of points n(j) on the authentication fragment.
As a result of the interpolation operation, knots or control points of the fragments may be identified. For example, the / (j)+1 knots of the reference fragment may be placed such that the RMS differences of the sampled points (t,x,y) with respect to reference points (t,xref,yref) determined from the interpolated reference fragment are determined to be a minimum. From the interpolated fragments, parameter sets may be generated. Each interval between two knots may be associated to a parameter set P(j) for that may be used to calculate the function value at every point on that interval.
Accordingly, a reference sketch may be therefore defined by Fref fragments with kr (j) matrices Pr (j) for the x-component, and kr (j) matrices Py ref (j) for the y-component; Fref drawing times Tef(j); and Fef-1 inter-fragment time intervals ATef<→+ ).
According to some example embodiments, rather than performing the
interpolation operation with respect to each fragment of a sketch, the entire sketch may be interpolated and considered. In this regard, events such as pen up and pen down events may be disregarded. Accordingly, the interpolation operation may result in the similar generation of parameters, but for the entire sketch.
Based on the parameters (whether generated with respect to individual fragments or an entire sketch), and possibly the points on the curves that may be generated using these parameters (the points and the parameters both being considered characteristics of the fragments) comparisons may be made for user authentication purposes. In this regard, to authenticate the user, the user may then draw an authentication sketch comprising the F fragments. The authentication fragments may then be decomposed into futh xQ;t) and f uth yQ;t), and normalized with respect to TefQ). Similar to the handling of the reference sketch, the authentication sketch may then be defined by F fragments with kx (j) matrices Px (j) for the x-component, and ky (j) matrices Py (j) for the y-component; F drawing times 7(j); and FA inter-fragment time intervals zJT(j→j+1 ). The / x(j) parameter sets Px(j) and / y(j) parameter sets Py(j) of the authentication fragment may then be used to calculate the expected x-coordinate at time t' ίχ{Ι<χ(]),Ρχ(]);ϊ) = xexp, and the expected y- coordinate at time t' fef Yiky(i),Py(i);t') = yexp of all sampled points naut ) obtained during the authentication. These values may then be compared with the measured ones, and the RMS of all Fxn(j) points of the sketch, F drawing times 7(j), and FA inter-fragments times zJT(j→j+1 ) may be calculated as defined by
Figure imgf000013_0001
To compensate for uncertainty in determining the averages such as Tef{ ), the differences can be divided by the RMS of, for example, Tef{ ). Additionally, the standard deviation in the coordinates may be determined by the variance of the parameter sets Px(j), Py(j) of the interpolated fragment.
According to some example embodiments, factors other than the differences between the fragment curves may be considered, such as in the calculations above. For example, in some example embodiments, the total duration of time used to draw the authentication fragment 7(j) (also referred to as the authentication fragment time duration value) may be compared to a reference duration for drawing the reference fragment Tef{ ) (also referred to as the authentication fragment time duration reference value). In some example embodiments, the authentication fragment time duration reference value may be determined by averaging the durations for drawing the m enrollment fragments.
Additionally, or alternatively, the duration of time between fragments or the inter- fragment time duration may be considered when determining the authenticity of a user. In this regard, the inter-fragment time duration between two fragments zJT(j→j+1 ) may be compared with an inter-fragment time duration reference zlT^^+l ) . The inter- fragment time duration reference may also be determined by averaging the durations between drawing the fragment in the m enrollment sketches.
When ultimately performing the comparisons, as mentioned above, a variety of analysis methods may be utilized. For example, all or some defined subset, of the points of the authentication fragment may be compared to respective points on the reference fragment. To perform this analysis, a point {t,x,y) may be a point on the authentication curve. The value of f, combined with the parameters Pre that describe the reference fragment, may be used to determine the reference point (xre ,/e ) that corresponds to the authentication reference point ( y). After having determined and associated a corresponding pair of points, the RMS difference between the reference point (xre ,/e ) and authentication point (x,y) may be calculated. Similar calculations may be completed for all or some defined subset of the points on the authentication fragment. A resultant RMS value may be generated that is used to determine if the authentication fragment is sufficiently similar to the reference fragment to authenticate the user.
As an alternative comparison method, the parameters that describe the authentication fragment and the parameters that describe the reference fragment may be compared to facilitate determining the authenticity of a user. In this regard, the parameters P of the authentication curve are determined as described above, and compared to the reference parameters Pre for the reference curve. According to some example embodiments, comparison of the parameters may include determining the RMS differences between the parameters P of the authentication curve and parameters Pre of the reference curve, and comparing the differences to an authentication threshold to determine whether or not the user should be authenticated. As such, based on the results of the comparison of the parameters, the authenticity of the user may be verified.
In addition to the techniques described above, further information and
characteristics may be derived from the sketches and used for authentication purposes. For example, line segment orientations, inflection points, line intersections, and the like may be defined and compared with respect to both the authentication sketch and the reference sketch. These may be generated based on the derivative taken with respect to time. In this regard, the following relationships may be leveraged to produce additional characteristics: dx dt * dt/dy = dx/dy; dx dy = C line or segment orientation; dx2/dy2 = C: inflection point, etc. For line intersections, the relationship x(t1 ) == x(t2) AND y(t1 ) == y(t2) may be used. Additionally, comparisons of integrals may be also be utilized. In this regard, a comparison of the integrals over time with respect to a given function g(x,y).
Based on the foregoing, various example embodiments of the present invention provide for the implementation of user friendly and secure password and authentication functionality using sketches. By way of some example embodiments, small
displacements or orientation changes of the sketch do not change the password, which can be the case with some larger gauge grid-based solutions. According to some example embodiments, authentication results can be determined independent of grid definition thereby avoiding the implications of cell boundary issues, with a high degree of detail to resulting in higher password strength, and with low mathematical complexity during authentication due to possible reduction to a two dimensional analysis using time as an axis. Some example embodiments, allow for the password strength to be easily be adapted by modifying the acceptance threshold for comparisons thereby requiring more or less detail or enrolling higher complexity sketches. Various example
embodiments may also be leveraged for use in keypad lock mechanisms on touch screen devices.
The description provided above and generally herein illustrates example methods, example apparatuses, and example computer program products for implementing a sketch-based authentication. FIGs. 5 and 6 depict example apparatuses that may be configured to perform various functionalities as described herein, including those described with respect to operations described with respect to the descriptions of FIGs. 1 a-4b provide above, and with respect to the flowchart of FIG. 7, and the operations otherwise described herein.
Referring now to FIG. 5, an example embodiment of the present invention is depicted as apparatus 500. The mobile terminal 100 or the computer system 150 may be example embodiments of apparatus 500. In some example embodiments, the apparatus 500 need not include wireless communications functionality, but in other example embodiments, the apparatus 500 may, be embodied as, or included as a component of, a communications device with wired and/or wireless communications capabilities. In some example embodiments, the apparatus 500 may be part of a communications device, such as a stationary or a mobile communications terminal. As a mobile device, the apparatus 500 may be a mobile and/or wireless communications node such as, for example, a mobile and/or wireless server, computer, access point, handheld wireless device (e.g., telephone, portable digital assistant (PDA), mobile television, gaming device, camera, video recorder, audio/video player, radio, digital book reader, and/or a global positioning system (GPS) device), any combination of the
aforementioned, or the like. Regardless of the type of communications device, apparatus 500 may also include computing capabilities.
FIG. 5 illustrates a block diagram of example components of the apparatus 500. The example apparatus 500 comprises or is otherwise in communication with a processor 505, a memory device 510, an Input/Output (I/O) interface 506, a user interface 525, and an authentication sketch analyzer 540. In some example embodiments, the apparatus 500 may further include a communications interface 515. The processor 505 may, according to some example embodiments, be embodied as various means for implementing the various functionalities of example embodiments of the present invention including, for example, a microprocessor, a coprocessor, a controller, a special-purpose integrated circuit such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), or a hardware accelerator, processing circuitry or the like. According to one example embodiment, processor 505 may be representative of a plurality of processors, or one or more multiple core processors, operating in concert. Further, the processor 505 may be comprised of a plurality of transistors, logic gates, a clock (e.g., oscillator), other circuitry, and the like to facilitate performance of the functionality described herein. The processor 505 may, but need not, include one or more accompanying digital signal processors. In some example embodiments, the processor 505 is configured to execute instructions stored in the memory device 510 or instructions otherwise accessible to the processor 505. The processor 505 may be configured to operate such that the processor causes or directs the apparatus 500 to perform various functionalities described herein.
Whether configured as hardware or via instructions stored on a computer- readable storage medium, or by a combination thereof, the processor 505 may be an entity and means capable of performing operations according to embodiments of the present invention while configured accordingly. Thus, in example embodiments where the processor 505 is embodied as, or is part of, an ASIC, FPGA, or the like, the processor 505 is specifically configured hardware for conducting the operations described herein. Alternatively, in example embodiments where the processor 505 is embodied as an executor of instructions stored on a computer-readable storage medium, the instructions specifically configure the processor 505 to perform the algorithms and operations described herein. In some example embodiments, the processor 505 is a processor of a specific device (e.g., a communications server or mobile terminal) configured for employing example embodiments of the present invention by further configuration of the processor 505 via executed instructions for performing the algorithms, methods, and operations described herein.
The memory device 510 may be one or more tangible and/or non-transitory computer-readable storage media that may include volatile and/or non-volatile memory. In some example embodiments, the memory device 510 comprises Random Access Memory (RAM) including dynamic and/or static RAM, on-chip or off-chip cache memory, and/or the like. Further, memory device 510 may include non-volatile memory, which may be embedded and/or removable, and may include, for example, read-only memory, flash memory, magnetic storage devices (e.g., hard disks, floppy disk drives, magnetic tape, etc.), optical disc drives and/or media, non-volatile random access memory
(NVRAM), and/or the like. Memory device 510 may include a cache area for temporary storage of data. In this regard, some or all of memory device 510 may be included within the processor 505. In some example embodiments, the memory device 510 may be in communication with the processor 505 and/or other components via a shared bus.
Further, the memory device 510 may be configured to store information, data, applications, computer-readable program code instructions, and/or the like for enabling the processor 505 and the example apparatus 500 to carry out various functions in accordance with example embodiments of the present invention described herein. For example, the memory device 510 may be configured to buffer input data for processing by the processor 505. Additionally, or alternatively, the memory device 510 may be configured to store instructions for execution by the processor 505.
The I/O interface 506 may be any device, circuitry, or means embodied in hardware, software, or a combination of hardware and software that is configured to interface the processor 505 with other circuitry or devices, such as the communications interface 515. In some example embodiments, the I/O interface may embody or be in communication with a bus that is shared by multiple components. In some example embodiments, the processor 505 may interface with the memory 510 via the I/O interface 506. The I/O interface 506 may be configured to convert signals and data into a form that may be interpreted by the processor 505. The I/O interface 506 may also perform buffering of inputs and outputs to support the operation of the processor 505. According to some example embodiments, the processor 505 and the I/O interface 506 may be combined onto a single chip or integrated circuit configured to perform, or cause the apparatus 500 to perform, various functionalities of the present invention.
In some embodiments, the apparatus 500 or some of the components of apparatus 500 (e.g., the processor 505 and the memory device 510) may be embodied as a chip or chip set. In other words, the apparatus 500 may comprise one or more physical packages (e.g., chips) including materials, components and/or wires on a structural assembly (e.g., a baseboard). The structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon. The apparatus 500 may therefore, in some cases, be configured to implement embodiments of the present invention on a single chip or as a single "system on a chip." As such, in some cases, a chip or chipset may constitute means for performing the functionalities described herein and with respect to the processor 505.
The communication interface 515 may be any device or means embodied in hardware, a computer program product, or a combination of hardware and a computer program product that is configured to receive and/or transmit data from/to a network 520 and/or any other device or module in communication with the example apparatus 500. The communications interface may be configured to communicate information via any type of wired or wireless connection, and via any type of communications protocol, such as a communications protocol that supports cellular communications. According to various example embodiments, the communication interface 515 may be configured to support the transmission and reception of communications in a variety of networks including, but not limited to Internet Protocol-based networks (e.g., the Internet), cellular networks, or the like. Further, the communications interface 515 may be configured to support device-to-device communications. Processor 505 may also be configured to facilitate communications via the communications interface 515 by, for example, controlling hardware included within the communications interface 515. In this regard, the communication interface 515 may include, for example, communications driver circuitry (e.g., circuitry that supports wired communications via, for example, fiber optic connections), one or more antennas, a transmitter, a receiver, a transceiver and/or supporting hardware, including, for example, a processor for enabling communications. Via the communication interface 515, the example apparatus 500 may communicate with various other network entities in a device-to-device fashion and/or via indirect
communications via a base station, access point, server, gateway, router, or the like.
The user interface 525 may be in communication with the processor 505 to receive user input via the user interface 525 and/or to present output to a user as, for example, audible, visual, mechanical, or other output indications. The user interface 525 may include, for example, a keyboard, a mouse, a joystick, a display (e.g., a touch screen display), a microphone, a speaker, camera, accelerometer, or other input/output mechanisms. Further, the processor 505 may comprise, or be in communication with, user interface circuitry configured to control at least some functions of one or more elements of the user interface. The processor 505 and/or user interface circuitry may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (e.g., software and/or firmware) stored on a memory accessible to the processor 505 (e.g., volatile memory, non-volatile memory, and/or the like). The user interface 525 may also be configured to support the implementation of haptic feedback. In this regard, the user interface 525, as controlled by processor 505, may include a vibra, a piezo, and/or an audio device configured for haptic feedback as described herein. In some example embodiments, the user interface circuitry is configured to facilitate user control of at least some functions of the apparatus 500 through the use of a display and configured to respond to user inputs. The processor 505 may also comprise, or be in communication with, display circuitry configured to display at least a portion of a user interface, the display and the display circuitry configured to facilitate user control of at least some functions of the apparatus 500.
In addition to or in lieu of, some of the user input and out devices described above, the user interface 525 may include, as mentioned above, one or more touch screen displays. A touch screen display may be configured to visually present graphical information to a user, as well as receive user input via a touch sensitive screen. The touch screen display, which may be embodied as any known touch screen display, may also include a touch detection surface configured to enable touch recognition by any suitable technique, such as resistive, capacitive, infrared, strain gauge, surface wave, optical imaging, dispersive signal technology, acoustic pulse recognition, or other like techniques. In some example embodiments, the touch screen display may be configured to operate in a hovering mode, where movements of a finger, stylus, or other implement can be sensed when sufficiently near the touch screen surface, without physically touching the surface. The touch screen displays may include all of the hardware necessary to detect a touch when contact is made with the touch detection surface and send an indication to, for example, processor 505 indicating characteristics of the touch such as location information. A touch event may occur when an object, such as a stylus, finger, pen, pencil or any other pointing device, comes into contact with a portion of the touch detection surface of the touch screen display in a manner sufficient to register as a touch. The touch screen display may therefore be configured to generate touch event location data indicating the location of the touch event on the screen.
The authentication sketch analyzer 540 of example apparatus 500 may be any means or device embodied, partially or wholly, in hardware, a computer program product, or a combination of hardware and a computer program product, such as processor 505 implementing stored instructions to configure the example apparatus 500, memory device 510 storing executable program code instructions configured to carry out the functions described herein, or a hardware configured processor 505 that is configured to carry out the functions of the authentication sketch analyzer 540 as described herein. In an example embodiment, the processor 505 comprises, or controls, the authentication sketch analyzer 540. The authentication sketch analyzer 540 may be, partially or wholly, embodied as processors similar to, but separate from processor 505. In this regard, the authentication sketch analyzer 540 may be in communication with the processor 505. In various example embodiments, the authentication sketch analyzer 540 may, partially or wholly, reside on differing apparatuses such that some or all of the functionality of the authentication sketch analyzer 540 may be performed by a first apparatus, and the remainder of the functionality of the authentication sketch analyzer 540 may be performed by one or more other apparatuses.
Further, the apparatus 500 and the processor 505 may be configured to perform the following functionality via authentication sketch analyzer 540. The authentication sketch analyzer 540 may be configured to perform operations associated with enrolling a sketch-based password or authenticator as described herein, and/or perform
authentication of a user input sketch to determine the authenticity of a user and permit, for example, unlocking of a device, accessing a website, or the like. Further, performance of the functionality of the authentication sketch analyzer 540 also describes various example method embodiments. The authentication sketch analyzer 540 may be configured to cause or direct means such as the processor 505 and/or the apparatus 500 to perform various functionalities, such as those described with respect to FIGs. 1 a-4b, and 7, and as generally described herein.
For example, with reference to FIG. 7, the authentication sketch analyzer 540 may be configured to obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment at 700. In this regard, the first authentication fragment being at least one part of an authentication sketch that may be comprised of one or more authentication fragments. The first authentication fragment characteristics may describe the first authentication fragment as a function of position and time. In some example embodiments, obtaining the first authentication fragment characteristics comprises obtaining at least first authentication fragment starting position coordinates which define a point with respect to position and time at which the first authentication fragment originates or starts, and first authentication fragment ending position coordinates and an ending time value which define a point with respect to position and time at which the first authentication fragment ends. In some example embodiments, a time value of the starting position coordinates may be implied (e.g., equal to zero) since time values for the other coordinates may be provided relative to the time of the starting position coordinates. In some example embodiments, the first authentication fragment characteristics may describe points with respect to a first position dimension, a second position dimension, and a time dimension. Additionally, or alternatively, in some example embodiments, the authentication sketch analyzer 540 may be configured to translate, rotate, and or scale a raw user input fragment onto the first reference fragment. In some example embodiments, obtaining the first authentication fragment parameters comprises normalizing a raw user input fragment that is based on the first authentication fragment parameters with respect to a first authentication fragment time duration reference value. In some example embodiments, obtaining the first authentication fragment characteristics may include performing an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters.
The authentication sketch analyzer 540 may also be configured to compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user at 710. In this regard, the first reference fragment may be a function of position and time, and the first reference fragment may be at least one part of a reference sketch. In some example
embodiments, comparing the first authentication fragment parameters may include calculating root-mean-square differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, and determining whether the root-means-square differences are less than a predefined threshold. In some example embodiments, calculating root-mean-square differences may include calculating root-mean-square differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, where the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment. Further, according to some example embodiments, comparing the first authentication fragment characteristics to points on the first reference fragment comprises performing a two-dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension. Additionally, or alternatively, according to some example embodiments, comparing the first authentication fragment
characteristics may include comparing the first authentication fragment parameters to first reference fragment parameters, where the first reference fragment parameters are determined via an interpolation operation with respect to the first reference fragment. Further, comparing the first authentication fragment characteristics may include comparing the first authentication fragment characteristics to the first reference fragment characteristics, where the first reference fragment is generated based on a fitting or interpolation procedure and multiple enrollment fragments.
Additionally, or alternatively, in some example embodiments, the authentication sketch analyzer 540 may be configured to obtain an inter-fragment time duration value at 720 which may be defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment. In this regard, the second authentication fragment may be a part of the authentication sketch. The authentication sketch analyzer 540 may also be configured to, in some example embodiments, compare the inter- fragment time duration value to an inter-fragment time duration reference value at 730 to facilitate determining the authenticity of the user.
Additionally, or alternatively, the authentication sketch analyzer 540 may be configured to obtain a first authentication fragment time duration value at 740, which may be defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment, and compare the first authentication fragment time duration value to a first authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
Referring now to FIG. 6, a more specific example apparatus in accordance with various embodiments of the present invention is provided. The example apparatus of FIG. 6 is a mobile terminal 10 configured to communicate within a wireless network, such as a cellular communications network. The mobile terminal 10 may be configured to perform the functionality of the mobile terminal 100 or apparatus 500 as described herein. More specifically, the mobile terminal 10 may be caused to perform the functionality described with respect to FIGs. 1 a-4b and/or 7, via the processor 20. In this regard, according to some example embodiments, the processor 20 may be configured to perform the functionality described with respect to the authentication sketch analyzer 540. Processor 20 may be an integrated circuit or chip configured similar to the processor 505 together with, for example, the I/O interface 506. Further, volatile memory 40 and nonvolatile memory 42 may be configured to support the operation of the processor 20 as computer readable storage media.
The mobile terminal 10 may also include an antenna 12, a transmitter 14, and a receiver 16, which may be included as parts of a communications interface of the mobile terminal 10. The speaker 24, the microphone 26, display 28 (which may be a touch screen display), and the keypad 30 may be included as parts of a user interface.
FIG. 7 illustrates flowcharts of example systems, methods, and/or computer program products according to example embodiments of the invention. It will be understood that each operation of the flowcharts, and/or combinations of operations in the flowcharts, can be implemented by various means. Means for implementing the operations of the flowcharts, combinations of the operations in the flowchart, or other functionality of example embodiments of the present invention described herein may include hardware, and/or a computer program product including a computer-readable storage medium (as opposed to a computer-readable transmission medium which describes a propagating signal) having one or more computer program code instructions, program instructions, or executable computer-readable program code instructions stored therein. In this regard, program code instructions for performing the operations and functions of FIG. 7 and otherwise described herein may be stored on a memory device, such as memory device 510, volatile memory 40, or volatile memory 42, of an example apparatus, such as example apparatus 500 or mobile terminal 10, and executed by a processor, such as the processor 505 or processor 20. As will be appreciated, any such program code instructions may be loaded onto a computer or other programmable apparatus (e.g., processor 505, memory device 510, or the like) from a computer- readable storage medium to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified in the flowcharts' operations. These program code instructions may also be stored in a computer- readable storage medium that can direct a computer, a processor, or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture. The instructions stored in the computer-readable storage medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing the functions specified in the flowcharts' operations. The program code instructions may be retrieved from a computer-readable storage medium and loaded into a computer, processor, or other programmable apparatus to configure the computer, processor, or other programmable apparatus to execute operations to be performed on or by the computer, processor, or other programmable apparatus. Retrieval, loading, and execution of the program code instructions may be performed sequentially such that one instruction is retrieved, loaded, and executed at a time. In some example embodiments, retrieval, loading and/or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and/or executed together. Execution of the program code instructions may produce a computer- implemented process such that the instructions executed by the computer, processor, or other programmable apparatus provide operations for implementing the functions specified in the flowcharts' operations.
Accordingly, execution of instructions associated with the operations of the flowchart by a processor, or storage of instructions associated with the blocks or operations of the flowcharts in a computer-readable storage medium, support
combinations of operations for performing the specified functions. It will also be understood that one or more operations of the flowcharts, and combinations of blocks or operations in the flowcharts, may be implemented by special purpose hardware-based computer systems and/or processors which perform the specified functions, or combinations of special purpose hardware and program code instructions.
Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe example embodiments in the context of certain example combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative embodiments without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions other than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

WHAT IS CLAIMED IS:
1. A method comprising:
obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment, the first authentication fragment being at least one part of an authentication sketch, the first authentication fragment characteristics describing the first authentication fragment as a function of position and time; and
comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, the first reference fragment being a function of position and time and the first reference fragment being at least one part of a reference sketch.
2. The method of claim 1 , wherein comparing the first authentication fragment characteristics comprises:
calculating differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics; and
determining whether the differences are less than a predefined threshold.
3. The method of claim 2, wherein calculating the differences comprises calculating the differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, wherein the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment.
4. The method of any one of claims 1 through 3, wherein obtaining the first authentication fragment characteristics comprises obtaining at least:
first authentication fragment starting position coordinates, the first authentication fragment starting position coordinates defining a point with respect to position and time at which the first authentication fragment originates; and
first authentication fragment ending position coordinates and an ending time value, the first authentication fragment ending position coordinates and the ending time value defining a point with respect to position and time at which the first authentication fragment ends.
5. The method of any one of claims 1 through 4, wherein obtaining the first authentication fragment characteristics comprises obtaining the first authentication fragment characteristics, the first authentication fragment characteristics describing points with respect to a first position dimension, a second position dimension, and a time dimension; and
wherein comparing the first authentication fragment characteristics to points on the first reference fragment comprises performing a two-dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension.
6. The method of claim 1 , wherein obtaining the first authentication fragment characteristics comprises performing an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters; and
wherein comparing the first authentication fragment characteristics comprises comparing the first authentication fragment parameters to first reference fragment parameters, the first reference fragment parameters being determined via an interpolation operation with respect to the first reference fragment.
7. The method of any one of claims 1 through 6, further comprising:
obtaining an inter-fragment time duration value which is defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment, the second authentication fragment being a part of the authentication sketch; and
comparing the inter-fragment time duration value to an inter-fragment time duration reference value to facilitate determining the authenticity of the user.
8. The method of any one of claims 1 through 7, further comprising:
obtaining a first authentication fragment time duration value which is defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment; and
comparing the first authentication fragment time duration value to a first authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
9. The method of any one of claims 1 through 8, wherein obtaining the first authentication fragment characteristics comprises translating and rotating a raw user input fragment onto the first reference fragment.
10. The method of any one of the claims 1 through 9, wherein obtaining the first authentication fragment characteristics comprises normalizing a raw user input fragment with respect to a first authentication fragment time duration reference value.
1 1 . The method of any one of claims 1 through 10, wherein comparing the first authentication fragment characteristics comprises comparing the first authentication fragment characteristics to the first reference fragment characteristics, the first reference fragment being generated based on an interpolation procedure and multiple enrollment fragments.
12. A computer program which, when executed, causes the method of any one of claims 1 through 1 1 to be performed.
13. An apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, direct the apparatus at least to:
obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment, the first authentication fragment being at least one part of an authentication sketch, the first authentication fragment characteristics describing the first authentication fragment as a function of position and time; and
compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, the first reference fragment being a function of position and time and the first reference fragment being at least one part of a reference sketch.
14. The apparatus of claim 13, wherein the apparatus directed to compare the first authentication fragment characteristics comprises being directed to:
calculate differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics; and
determine whether the differences are less than a predefined threshold.
15. The apparatus of claim 14, wherein the apparatus directed to calculate root-mean-square differences comprises being directed to calculate differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, wherein the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment.
16. The apparatus of claim 13 or claim 15, wherein the apparatus directed to obtain the first authentication fragment characteristics comprises being directed to obtain at least:
first authentication fragment starting position coordinates, the first authentication fragment starting position coordinates defining a point with respect to position and time at which the first authentication fragment originates; and
first authentication fragment ending position coordinates and an ending time value, the first authentication fragment ending position coordinates and the ending time value defining a point with respect to position and time at which the first authentication fragment ends.
17. The apparatus of any one of claims 13 through 16, wherein the apparatus directed to obtain the first authentication fragment characteristics comprises being directed to obtain the first authentication fragment characteristics, the first authentication fragment characteristics describing points with respect to a first position dimension, a second position dimension, and a time dimension; and
wherein the apparatus directed to compare the first authentication fragment characteristics to points on the first reference fragment comprises being directed to perform a two-dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension.
18. The apparatus of claim 13, wherein the apparatus directed to obtain the first authentication fragment characteristics comprises being directed to perform an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters; and
wherein the apparatus directed to compare the first authentication fragment characteristics comprises being directed to compare the first authentication fragment parameters to first reference fragment parameters, the first reference fragment parameters being determined via an interpolation operation with respect to the first reference fragment.
19. The apparatus of any one of claims 13 through 18, wherein the apparatus is further directed to:
obtain an inter-fragment time duration value which is defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment, the second authentication fragment being a part of the authentication sketch; and
compare the inter-fragment time duration value to an inter-fragment time duration reference value to facilitate determining the authenticity of the user.
20. The apparatus of any one of claims 13 through 19, wherein the apparatus is further directed to:
obtain a first authentication fragment time duration value which is defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment; and
compare the first authentication fragment time duration value to a first
authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
21 . The apparatus of any one of claims 13 through 19, wherein the apparatus directed to obtain the first authentication fragment characteristics comprises being directed to translate and rotate a raw user input fragment onto the first reference fragment.
22. The apparatus of any one of the claims 13 through 21 , wherein the apparatus directed to obtain the first authentication fragment characteristics comprises being directed to normalize a raw user input fragment with respect to a first authentication fragment time duration reference value.
23. The apparatus of any one of claims 13 through 22, wherein the apparatus directed to compare the first authentication fragment characteristics comprises being directed to compare the first authentication fragment characteristics to the first reference fragment characteristics, the first reference fragment being generated based on a interpolation procedure and multiple enrollment fragments.
24. The apparatus of any one of claims claim 13 through 23, wherein the apparatus comprises a mobile terminal.
25. The apparatus of claim 24, wherein the apparatus further comprises user interface circuitry and components including the touch screen display.
26. A computer program product comprising a non-transitory memory having program code stored thereon, the program code configured to direct an apparatus to: obtain, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment, the first authentication fragment being at least one part of an authentication sketch, the first authentication fragment characteristics describing the first authentication fragment as a function of position and time; and
compare the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, the first reference fragment being a function of position and time and the first reference fragment being at least one part of a reference sketch.
27. The computer program product of claim 26, wherein program code configured to direct the apparatus to compare the first authentication fragment characteristics comprises being configured to direct the apparatus to:
calculate differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics; and
determine whether the differences are less than a predefined threshold.
28. The computer program product of claim 27, wherein the program code configured to direct the apparatus to calculate the differences comprises being configured to direct the apparatus to calculate the differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, wherein the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment.
29. The computer program product of claim 26 or claim 28, wherein program code configured to direct the apparatus to obtain the first authentication fragment characteristics comprises being configured to direct the apparatus to obtain at least: first authentication fragment starting position coordinates, the first authentication fragment starting position coordinates defining a point with respect to position and time at which the first authentication fragment originates; and
first authentication fragment ending position coordinates and an ending time value, the first authentication fragment ending position coordinates and the ending time value defining a point with respect to position and time at which the first authentication fragment ends.
30. The computer program product of claim 26 through 29, wherein program code configured to direct the apparatus to obtain the first authentication fragment characteristics comprises being configured to direct the apparatus to obtain the first authentication fragment characteristics, the first authentication fragment characteristics describing points with respect to a first position dimension, a second position dimension, and a time dimension; and
wherein program code configured to direct the apparatus to compare the first authentication fragment characteristics to points on the first reference fragment comprises being configured to direct the apparatus to perform a two-dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension.
31 . The computer program product of claim 26, wherein the program code configured to direct the apparatus to obtain the first authentication fragment
characteristics comprises being configured to direct the apparatus to perform an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters; and
wherein the program code configured to direct the apparatus to compare the first authentication fragment characteristics comprises being configured to direct the apparatus to compare the first authentication fragment parameters to first reference fragment parameters, the first reference fragment parameters being determined via an interpolation operation with respect to the first reference fragment.
32. The computer program product of claim 26 through 31 , wherein the program code is further configured to direct the apparatus to: obtain an inter-fragment time duration value which is defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment, the second authentication fragment being a part of the authentication sketch; and
compare the inter-fragment time duration value to an inter-fragment time duration reference value to facilitate determining the authenticity of the user.
33. The computer program product of claim 26 through 32, wherein the program code is further configured to direct the apparatus to:
obtain a first authentication fragment time duration value which is defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment; and
compare the first authentication fragment time duration value to a first authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
34. The computer program product of claim 26 through 33, wherein the program code configured to direct the apparatus to obtain the first authentication fragment characteristics comprises being configured to direct the apparatus to translate and rotate a raw user input fragment onto the first reference fragment.
35. The computer program product of claim 26 through 34, wherein the program code configured to direct the apparatus to obtain the first authentication fragment characteristics comprises being configured to direct the apparatus to normalize a raw user input fragment with respect to a first authentication fragment time duration reference value.
36. The computer program product of claim 26 through 35, wherein the program code configured to direct the apparatus to compare the first authentication fragment characteristics comprises being configured to direct the apparatus to compare the first authentication fragment characteristics to the first reference fragment characteristics, the first reference fragment being generated based on a interpolation procedure and multiple enrollment fragments.
37. An apparatus comprising:
means for obtaining, as a representation of at least a portion of an input sketch provided by a user, characteristics of a first authentication fragment, the first
authentication fragment being at least one part of an authentication sketch, the first authentication fragment characteristics describing the first authentication fragment as a function of position and time; and
means for comparing the first authentication fragment characteristics to characteristics of a first reference fragment to facilitate determining an authenticity of the user, the first reference fragment being a function of position and time and the first reference fragment being at least one part of a reference sketch.
38. The apparatus of claim 37, wherein the means for comparing the first authentication fragment characteristics comprises:
means for calculating differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics; and
means for determining whether the differences are less than a predefined threshold.
39. The apparatus of claim 38, wherein the means for calculating the differences comprises means for calculating the differences between points with respect to position and time defined by the first authentication fragment characteristics and points with respect to position and time defined by the first reference fragment characteristics, wherein the first reference fragment characteristics are first reference fragment parameters determined via an interpolation operation and the first reference fragment parameters describe an interpolated first reference fragment.
40. The apparatus of any one of claims 37 through 39, wherein the means for obtaining the first authentication fragment characteristics comprises means for obtaining at least:
first authentication fragment starting position coordinates, the first authentication fragment starting position coordinates defining a point with respect to position and time at which the first authentication fragment originates; and
first authentication fragment ending position coordinates and an ending time value, the first authentication fragment ending position coordinates and the ending time value defining a point with respect to position and time at which the first authentication fragment ends.
41 . The apparatus of any one of claims 37 through 40, wherein the means for obtaining the first authentication fragment characteristics comprises means for obtaining the first authentication fragment characteristics, the first authentication fragment characteristics describing points with respect to a first position dimension, a second position dimension, and a time dimension; and
wherein the means for comparing the first authentication fragment characteristics to points on the first reference fragment comprises means for performing a two- dimensional comparison between points defined by the first authentication fragment characteristics with respect to the first position dimension and the time dimension and points defined by the reference fragment with respect to the first position dimension and the time dimension.
42. The apparatus of claim 37, wherein the means for obtaining the first authentication fragment characteristics comprises means for performing an interpolation operation with respect to the first authentication fragment to generate first authentication fragment parameters; and
wherein the means for comparing the first authentication fragment characteristics comprises means for comparing the first authentication fragment parameters to first reference fragment parameters, the first reference fragment parameters being determined via an interpolation operation with respect to the first reference fragment.
43. The apparatus of any one of claims 37 through 42, further comprising: means for obtaining an inter-fragment time duration value which is defined as a time from the end of the first authentication fragment to a beginning of a second authentication fragment, the second authentication fragment being a part of the authentication sketch; and
means for comparing the inter-fragment time duration value to an inter-fragment time duration reference value to facilitate determining the authenticity of the user.
44. The apparatus of any one of claims 37 through 43, further comprising: means for obtaining a first authentication fragment time duration value which is defined as a time from the beginning of the first authentication fragment to the end of the first authentication fragment; and
means for comparing the first authentication fragment time duration value to a first authentication fragment time duration value reference value to facilitate determining the authenticity of the user.
45. The apparatus of any one of claims 37 through 44, wherein the means for obtaining the first authentication fragment characteristics comprises means for translating and rotating a raw user input fragment onto the first reference fragment.
46. The apparatus of any one of the claims 37 through 45, wherein the means for obtaining the first authentication fragment characteristics comprises means for normalizing a raw user input fragment with respect to a first authentication fragment time duration reference value.
47. The apparatus of any one of claims 37 through 46, wherein the means for comparing the first authentication fragment characteristics comprises means for comparing the first authentication fragment characteristics to the first reference fragment characteristics, the first reference fragment being generated based on a interpolation procedure and multiple enrollment fragments.
PCT/IB2010/054479 2010-10-04 2010-10-04 Method, apparatus, and computer program product for implementing sketch-based authentication WO2012046099A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2010/054479 WO2012046099A1 (en) 2010-10-04 2010-10-04 Method, apparatus, and computer program product for implementing sketch-based authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2010/054479 WO2012046099A1 (en) 2010-10-04 2010-10-04 Method, apparatus, and computer program product for implementing sketch-based authentication

Publications (1)

Publication Number Publication Date
WO2012046099A1 true WO2012046099A1 (en) 2012-04-12

Family

ID=45927265

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/054479 WO2012046099A1 (en) 2010-10-04 2010-10-04 Method, apparatus, and computer program product for implementing sketch-based authentication

Country Status (1)

Country Link
WO (1) WO2012046099A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014059042A1 (en) * 2012-10-10 2014-04-17 Alibaba Group Holding Limited Method, client and server of password verification, and password terminal system
US20150281209A1 (en) * 2012-10-09 2015-10-01 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US9671953B2 (en) 2013-03-04 2017-06-06 The United States Of America As Represented By The Secretary Of The Army Systems and methods using drawings which incorporate biometric data as security information
CN107679391A (en) * 2017-10-11 2018-02-09 世纪龙信息网络有限责任公司 Data processing method and system for identifying code

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1443382A2 (en) * 2003-01-21 2004-08-04 Samsung Electronics Co., Ltd. User authentication method and apparatus
US20080235788A1 (en) * 2007-03-23 2008-09-25 University Of Ottawa Haptic-based graphical password
US20090160800A1 (en) * 2007-12-19 2009-06-25 Lenovo (Beijing) Limited Touch pad, method of operating the same, and notebook computer with the same
US20090210939A1 (en) * 2008-02-20 2009-08-20 Microsoft Corporation Sketch-based password authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1443382A2 (en) * 2003-01-21 2004-08-04 Samsung Electronics Co., Ltd. User authentication method and apparatus
US20080235788A1 (en) * 2007-03-23 2008-09-25 University Of Ottawa Haptic-based graphical password
US20090160800A1 (en) * 2007-12-19 2009-06-25 Lenovo (Beijing) Limited Touch pad, method of operating the same, and notebook computer with the same
US20090210939A1 (en) * 2008-02-20 2009-08-20 Microsoft Corporation Sketch-based password authentication

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281209A1 (en) * 2012-10-09 2015-10-01 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US9584500B2 (en) * 2012-10-09 2017-02-28 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US9881149B2 (en) 2012-10-09 2018-01-30 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US10810299B2 (en) 2012-10-09 2020-10-20 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US11449595B2 (en) 2012-10-09 2022-09-20 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
WO2014059042A1 (en) * 2012-10-10 2014-04-17 Alibaba Group Holding Limited Method, client and server of password verification, and password terminal system
US9323910B2 (en) 2012-10-10 2016-04-26 Alibaba Group Holding Limited Method, client and server of password verification, and password terminal system
US9671953B2 (en) 2013-03-04 2017-06-06 The United States Of America As Represented By The Secretary Of The Army Systems and methods using drawings which incorporate biometric data as security information
CN107679391A (en) * 2017-10-11 2018-02-09 世纪龙信息网络有限责任公司 Data processing method and system for identifying code

Similar Documents

Publication Publication Date Title
US10681042B2 (en) Gesture-based signature authentication
US20220239644A1 (en) Systems and methods for authenticating a user based on a biometric model associated with the user
US9734379B2 (en) Guided fingerprint enrollment
US9767338B2 (en) Method for identifying fingerprint and electronic device thereof
US10111093B2 (en) Mobile device to provide continuous and discrete user authentication
US10200360B2 (en) Authentication using physical interaction characteristics
US20150349957A1 (en) Antialiasing for picture passwords and other touch displays
US20160246472A1 (en) Authentication based on a tap sequence performed on a touch screen
US9576123B2 (en) Pattern-based password with dynamic shape overlay
US9531709B2 (en) Securely unlocking a device using a combination of hold placement and gesture
WO2012046099A1 (en) Method, apparatus, and computer program product for implementing sketch-based authentication
US11847815B2 (en) Electronic device, server, and signature authentication method using the same
US20230325488A1 (en) Multi-factor authentication via mixed reality
US9607139B1 (en) Map-based authentication
US11317293B2 (en) Methods for authenticating a user of an electronic device
WO2012076939A1 (en) Method, apparatus, and computer program product for implementing graphical authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10858061

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10858061

Country of ref document: EP

Kind code of ref document: A1