GB2584397A - Visual authentication input - Google Patents

Visual authentication input Download PDF

Info

Publication number
GB2584397A
GB2584397A GB1906287.6A GB201906287A GB2584397A GB 2584397 A GB2584397 A GB 2584397A GB 201906287 A GB201906287 A GB 201906287A GB 2584397 A GB2584397 A GB 2584397A
Authority
GB
United Kingdom
Prior art keywords
user
symbol
symbols
displayed
passcode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1906287.6A
Other versions
GB201906287D0 (en
Inventor
Watts Steve
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Securenvoy Ltd
Original Assignee
Securenvoy Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Securenvoy Ltd filed Critical Securenvoy Ltd
Priority to GB1906287.6A priority Critical patent/GB2584397A/en
Publication of GB201906287D0 publication Critical patent/GB201906287D0/en
Publication of GB2584397A publication Critical patent/GB2584397A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/011Arrangements for interaction with the human body, e.g. for user immersion in virtual reality
    • G06F3/013Eye tracking input arrangements

Abstract

The present disclosure relates to a method of authentication of a user by means of visual inputs. An authentication device to which the user wishes to authenticate themselves comprises a display and a camera. An array of symbols is presented at the display which comprises at least part of the user's authentication passcode. The device's camera uses eye tracking software to track movements of the user's eye(s) in order to determine which portion of the display the user is looking at. The user inputs the relevant symbol for their passcode by holding their gaze at a portion of the display which shows that symbol. A processor cross references the portion of the display against which the user's gaze is held with the symbol located in that part of the display. The processor then determines whether the symbol matches the user's stored passcode.  

Description

VISUAL AUTHENTICATION INPUT
FIELD OF DISCLOSURE
Examples of the present disclosure relate to a method of inputting a secure passcode at a passcode entry device. Specifically, they relate to a means of inputting a secure passcode using visual inputs.
BACKGROUND OF THE DISCLOSURE
Authentication assumes that you know your username, a password and you have a second, out of band, method of receiving a passcode to prove your identity. However, in today's world of biometrics, we can now use a fingerprint or facial recognition as a more secure means of proving one's identity. Unfortunately, in some situations, a user may be forced to authenticate themselves at their device against their wishes. For example, a disingenuous person may hold the user's device toward the user's face in order to cause it to unlock. Alternatively, the disingenuous person may force the user to place their finger on a fingerprint reader in order to cause the user's device to unlock. In essence, the move toward using biometric authentication data, while improving security due to the requirement of the presence of a user to unlock a device, also simplifies the ability to unlock the device if the user is present and under duress.
Equally, data and messaging can be intercepted, therefore, sending a series of information in one direction and receiving a code in return, could be perceived insecure if, for example, a hacker compromised a session or initiated a 'man-inthe-middle' attack. In a 'man-in-the-middle' attack, a hacker may place themselves, along a communication channel, between a user and the entity to which the user wishes to authenticate themselves, for example, a website. In this manner, when a user sends information to the entity, it is intercepted by the hacker. The hacker then forwards the received information on to the website. The hacker is then able to gain access to the website as if they were the user. Therefore, in order to avoid these kinds of attacks, it remains important to authenticate a user locally, before establishing a secure connection which is not vulnerable to such 'man-in-the-middle' attacks.
SUMMARY OF THE DISCLOSURE
In a first example, the present disclosure provides a method of authenticating a user at a device, comprising: presenting, to the user at a display, a first plurality of displayed symbols, one or more of the first plurality of displayed symbols forming at least a first portion of a user passcode; tracking movement of at least one eye of the user, relative to the display; determining whether the at least one eye views a first displayed symbol of the first plurality of displayed symbols for a time exceeding a threshold time; comparing the first displayed symbol to a first stored symbol, the first stored symbol defining at least the first portion of the user passcode; and if the first displayed symbol matches the first stored symbol, authenticating the user.
As will be appreciated, the present disclosure provides several advantages over the prior art. For example, the method makes it more difficult for third parties to oversee a user's inputs and subsequently derive the user's passcode. The method also provides advantages over biometric authentication means, in that a user cannot unwittingly authenticate themselves.
The method may comprise presenting the first plurality of displayed symbols in a randomised arrangement at the display. This provides the advantage of decreasing the likelihood that a third party may derive a user's passcode by simple observation.
The method may comprise presenting the first plurality of displayed symbols in an array of moving symbols. The array of moving symbols may change in size, while moving, in order to depict three-dimensional movement of the symbols. This provides the advantage of increased accuracy of detected visual inputs, as the user's inputs become more varied between inputs.
The method may further comprise: storing an average input time for the user, the average input time defining an average time taken for the user to find and view a symbol for longer than the threshold time; comparing a current input time to the average input time; and if the current input time is substantially different to the average input time, requesting further authentication of the user. This provides the advantage of increasing the security of the device.
The method may further comprise: after determining that the user has viewed the first displayed symbol, determining whether the at least one eye views a second displayed symbol of the first plurality of displayed symbols; and comparing the second displayed symbol of the first plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode. This provides the advantage of increasing visual input speeds as the user become familiar with the arrangement of symbols.
The method may further comprise: after determining that the user has viewed the first displayed symbol, presenting, to the user at the display, a second plurality of displayed symbols, one or more of the second plurality of displayed symbols forming at least a second portion of the user passcode; determining whether the at least one eye views a second displayed symbol of the second plurality of displayed symbols; and comparing the second displayed symbol of the second plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode. This provides the advantage of increasing the security of the device, as an observer will be required to monitor the display constantly in order to determine which symbols are being displayed.
Comparing the first displayed symbol to the first stored symbol may occur after determining that the user has viewed the second symbol. This provides the advantage of increasing authentication time, as the method requires only one comparison step, wherein all the displayed symbols and compared to the stored symbols together.
The method may further comprise: capturing an image of the user; comparing the captured image to a stored image of the user; and if the stored image matches the captured image, presenting the first plurality of symbols to the user. This provides the advantage of increasing security of the device.
In a second example, the present disclosure provides an authentication device comprising, a processor and a computer readable storage medium, the computer readable storage medium storing a computer program arranged such that, when it is executed, it causes the authentication device to operate in accordance with the method described above.
In a third example, the present disclosure provides an authentication device comprising: a processor; a display, communicatively coupled to the processor, the processor being arranged to cause the display to present a first plurality of displayed symbols to a user, one or more of the first plurality of displayed symbols forming at least a first portion of a user passcode; and a camera, communicatively coupled to the processor, the processor being arranged to receive, from the camera, images of at least one eye of the user, wherein the processor is further arranged to determine whether the at least one eye views a first displayed symbol of the plurality of displayed symbols for a time exceeding a threshold time, compare the first displayed symbol to a first stored symbol, the first stored symbol defining at least the first portion of the user passcode, and if the first displayed symbol matches the first stored symbol, authenticate the user.
Presenting the first plurality of displayed symbols may comprise presenting the first plurality of displayed symbols in a randomised arrangement at the display.
Presenting the first plurality of displayed symbols may comprise presenting the first plurality of displayed symbols in an array of moving symbols. The array of moving symbols may change in size, while moving, in order to depict three-dimensional movement of the symbols.
The authentication device may further comprise a memory, communicatively coupled to the processor, the memory being arranged to store an average input time for the user, the average input time defining an average time taken for the user to find and view a symbol for longer than the threshold time, wherein the processor is further arranged to compare a current input time to the average input time and, if the current input time is substantially different to the average input time, request further authentication of the user.
After determining that the user has viewed the first displayed symbol, the processor may be further arranged to determine whether the at least one eye views a second displayed symbol of the first plurality of displayed symbols, and compare the second displayed symbol of the first plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
After determining that the user has viewed the first displayed symbol, the processor may be further arranged to cause the display to present, to the user, a second plurality of displayed symbols, one or more of the second plurality of displayed symbols forming at least a second portion of the user passcode, determine whether the at least one eye views a second displayed symbol of the second plurality of displayed symbols, and compare the second displayed symbol of the second plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
The processor may be arranged to compare the first displayed symbol to the first stored symbol after determining that the user has viewed the second symbol.
The camera may be further arranged to capture an image of the user, and the processor may be arranged to compare the captured image to a stored image of the user and, if the stored image matches the captured image, cause the display to present the first plurality of symbols to the user.
In a fourth example, the present disclosure provides a method of authenticating a user, using a device capable of eye tracking, the method comprising: resenting a plurality of symbols on a display of the device, one or more of the plurality of symbols being characters of a user passcode, and one or more of the plurality of symbols not being characters of a user passcode; tracking the movement of at least one eye of the user, to determine where on the display the user is looking; determining whether the at least one eye views one of the characters of the passcode for a time exceeding a predetermined threshold time; if the user views one of the characters for a time exceeding the threshold time, repeating the steps of tracking and determining for each subsequent character of the passcode; if the user views each character of the passcode in sequence, authenticating the user.
In a fifth example, the present disclosure provides a method of authenticating a user, comprising: displaying on a device a plurality of randomly arranged symbols, at least some of which form part of a user passcode; tracking a user's eye movement to determine whether the user looks at the symbols from the user passcode, in the correct order; if the user does look at the passcode in the correct order, authenticating the user.
BRIEF DESCRIPTION OF THE DRAWINGS
The present disclosure will now be described, by way of example only, and with reference to the accompanying drawings, in which: FIGURE 1 shows a component diagram of a passcode entry device in accordance
with an example of the present disclosure;
FIGURE 2 shows a passcode entry system in accordance with an example of the present disclosure; FIGURE 3 shows a passcode entry system in accordance with a further example of the present disclosure; FIGURE 4 shows a passcode entry system in accordance with another example of the present disclosure; and FIGURE 5 shows a flow diagram of a method of secure passcode entry according to an example of the present disclosure.
DETAILED DESCRIPTION OF THE DISCLOSURE
The present disclosure relates to a method of authentication of a user by means of visual inputs. An authentication device to which the user wishes to authenticate themselves comprises a display and a camera. An array of symbols is presented at the display which comprises at least part of the user's authentication passcode.
The device's camera uses eye tracking software to track movements of the user's eye(s) in order to determine which portion of the display the user is looking at. The user inputs the relevant symbol for their passcode by holding their gaze at a portion of the display which shows that symbol. A processor cross references the portion of the display against which the user's gaze is held with the symbol located in that part of the display. The processor then determines whether the symbol matches the user's stored passcode.
In the manner described above, a user is able to input their passcode at a device without a third party being able to determine, just by watching, which symbols form the passcode. Further, in the unfortunate situation in which a user is under duress, the device remains secure so long as the user does not input their passcode.
With reference to Figure 1, there is shown an authentication device 100 which comprises a display 101 and a camera 102. The authentication device 100 may be a mobile device, a personal computer, a security panel (such as a pin entry panel for a secure door) or another type of device to which a user may wish to authenticate themselves. In this manner, the display 101 of the authentication device 100 is arranged to display a multitude of features which form part of the normal functions of the authentication device 100 (for example, applications, videos, system data etc.).
The camera 102 is arranged such that a user looking at the display 101 is within a viewing angle of the camera 102. Specifically, the camera 102 must be able to view a user's eye(s), in order that it can be determined in which direction the user is looking.
Both the display 101 and the camera 102 are connected to a processor 103. The processor 103 is arranged to receive inputs from the display 101 and the camera 102, as well as sending outputs to the display 101 and the camera 102. For example, the processor 103 sends outputs to the display 101 which determine what is shown to the user. In the context of the present disclosure, the processor 103 will cause the display 101 to output an array of symbols, with which the user is to interact. The processor 103 then receives inputs from the camera 102, in order that it is able to process captured images of the user to determine where the user is looking. In this manner, the processor 103 comprises eye tracking software which enables it to determine, from the captured images, in which direction the user is looking. Examples of such eye tracking software are known in the prior art (for example, in US5345281A1 and US739188782).
The processor 103 receives inputs from the display 101 if, for example, the display 101 comprises a touch screen panel with which the user is able to interact. However, in the context of the present disclosure, receiving inputs from the display 101 is not essential, as the processor 103 directly controls what is being displayed and inputs are received via the camera 102. The processor 103 sends outputs to the camera 102 if, for example, the camera settings need to be changed in order to view a user's eye(s) (by tilting the camera, changing the focus, zooming in/out etc.).
The processor 103, using the output data sent to the display 101 and the input data received form the camera 102, is able to determine which portions of the display 101 a user is looking and, therefore, derive an input at the device 100 based on where the user holds their gaze.
The processor 103 of the authentication device 100 is further connected to a memory 104. The memory 104 comprises the user's passcode and enables the processor 103 to compare received symbols (determined by tracking the user's eye(s)) against stored symbols (which state the user's predefined passcode). As is normal practice in secured devices, the stored symbols are maintained in a high security portion of the memory 104, such that access by external entities is restricted. The memory 104 may also store further information, such as user interaction data (or eye tracking data), which will be discussed in further detail below.
Referring now to Figure 2, there is shown an example in which a user 201 provides an input using visual interactions. In an attempt to authenticate themselves at the device 100, the user 201 (represented by an eye) is presented with a series of symbols 202a to 202j at the display 101. The camera 102 is arranged to view the user's eye(s) in order that the processor 103 is able to determine which symbol 202a-j the user 201 is looking at. Of course, the user 201 may look at each of the symbols 202a-j in turn in order to locate the symbol they wish to input. In the present example, the user 201 wishes to input the symbol '3'. In this manner, the camera 102 sends data to the processor 103 such that the processor 103 can determine that the user 201 maintained their gaze on the relevant symbol 202c for longer than a predetermined time. For example, the predetermined time may be 0.5 seconds, 1 second or any other time which enables the user 201 to locate the desired symbol 202c without accidentally inputting another symbol.
In the example shown in Figure 2, in order that the user 201 is familiar with the particular arrangement of the symbols 202a-j, the symbols are represented as the numbers '0' to '9' in a standard arrangement for pin entry. This enables the user 201 to find the desired symbols quickly. This, in turn, enables the predetermined threshold time for symbol input to be low, which enables a quick authentication time. For example, in this arrangement, the predetermined time may be 0.25 seconds, as it is expected that the user 201 will locate the desired symbols quickly, without the need to visually scan the entire display area.
Referring now to Figure 3, there is shown an alternative example of the present disclosure. In this example, instead of presenting the symbols 202a-202j in a standard arrangement, the symbols 202a-j are presented randomly across the display 101. Presenting the symbols 202a-j in a random arrangement introduces a further level of difficulty for a third party to oversee the user's inputs. For example, a third party wishing to derive the user's passcode may watch the user's eye(s) in order to determine which portions of the display 101 form parts of the passcode. However, if the symbols 202a-j are presented randomly across the display 101, with the arrangement changing each time the user 201 wishes to authenticate themselves, then a third party will be required to monitor the user's gaze at the same time as monitoring the display 101 in order to derive information regarding the user's passcode. The arrangement of the symbols may change every time the user 201 wishes to authenticate themselves, alternatively, the arrangement of symbols may change after a predetermined number of authentication instances (for example, every 5 authentication instances). The size, font, colour or other features of each symbol may differ between symbols 202a-j or may be the same for each symbol 202a-j but may differ between authentication instances.
Referring now to Figure 4, there is shown a further example of the present disclosure. In the example of Figure 4, each of the symbols 202a-j is arranged to move across the display 101 during the authentication process. The symbols 202a-j may be caused, by the processor 103, to move in any direction and/or change size. In this way, the symbols 202a-j may appear to be moving in three dimensions. By causing the symbols 202a-j to move across the display 101, it is simpler for the camera 102 and the processor 103 to determine which symbol 202a-j that the user 201 is looking at, as each symbol 202a-j may be arranged to move in manner different to each other symbol 202a-j.
Alternatively, or in combination with the above movements, the symbols 202a-j can also be arranged to change other features, such as font, colour or speed. Each of these variations may enable the user 201 to locate their desired symbol quicker than without those variations. As with the above, this enables a reduction in the predetermined time a user must maintain their gaze upon a symbol 202a-j in order for the processor 103 to accept it as an input.
For example, a first user may find it easier to locate a large blue symbol.
Therefore, the processor 103 can ensure that the symbol 202a-j which corresponds to the first symbol of the passcode is presented as blue and/or larger than other symbols 202a-j. A second user may find it easier to locate symbols that move in a wavy pattern, and the processor 103 can provide this movement.
In a further example, the memory 104 is used to store information relating to the user's interactions with displayed symbols, such as an input time (a time taken for the user 201 to find and view a symbol for longer than a threshold time). For example, the memory 104 may contain information that the user 201 takes, on average, 0.3 seconds longer to locate the correct symbol 202a-j if the symbol is red than if the symbol were blue. Alternatively, the memory 104 may store information that the user is able to locate the correct symbol 0.25 seconds quicker if it is increased in size by 25%.
During an authentication process, the processor 103 can be arranged to compare the stored data relating to user interaction with a presently ongoing authentication interaction. This information can then be used to further authenticate the user 201 if the present authentication instance comprises interaction times which substantially differ from the stored data. For example, the user interaction data stored in the memory 104 may record that the user 201 takes, on average, 0.7 seconds to locate the number '3' if it is blue and 10mm in height. If, during an ongoing authentication, the user 201 takes significantly longer than 0.7 seconds (such as 2.4 seconds) to locate a 10mm tall, blue number '3', the processor 103 may request further authentication of the user 201, such as biometric information or an alternative passcode.
Referring now to Figure 5, there is provided a flow diagram detailing the method steps for performing authentication of a user 201 by means of visual inputs. At step 501, the processor 103 is arranged to present a plurality of symbols 202a-j at the display 101. As described above, these symbols 202a-j may be consecutive Arabic numbers 0-9, however, the symbols 202a-j may be any symbol (e.g. Latin letters, Greek Letters, pictures, shapes etc.). The symbols 202a-j may be presented in a preset order or may be presented in a random arrangement. The symbols 202a-j may be static, or may move in some manner around the display 101. The symbols 202a-j may change font, colour or be altered in any other manner while being presented at the display 101.
At step 502, in combination with the processor 103, the camera 102 is used to track the eye movements of the user 201. In this manner, the processor 103 correlates the gaze of the user 201 with a particular portion of the display 101.
This enables the processor 103 to determine which of the symbols 202a-j that the user 201 is looking at. If the symbols 202a-j are moving, the camera 102 may track the movement of the user's eye(s) in order to better discern which symbol 202a-j is being viewed.
At step 503, the processor 103 determines which symbol 202a-j is being viewed by the user 201. In performing this step, the processor 103 needs to determine that the user 201 has maintained their gaze upon a particular symbol 202a-j for a time which exceeds a predetermined threshold. This will prevent the user 201 accidentally selecting a symbol 202a-j while they are searching for the correct symbol 202a-j on the display 101. In order to perform this step, and in order to perform the method in general, the processor 103 is required to know the relative distances between the camera 102 and the display 101. This information can be provided to the processor 103 upon initial setup of the device 100.
At step 504, the processor 103 compares the viewed symbol with a symbol stored in the memory 104. If the symbols match, the process proceeds to step 505. If the symbols do not match, the process returns to step 501 and the symbols continue to be displayed to the user 201.
At step 505, the user 201 is confirmed as having been authenticated and access is granted to the relevant resource (a mobile phone, a computer, an area of a building etc.).
Of course, the method described with respect to Figure 5 requires the input of only a single symbol in order for the user 201 to be authenticated. This is exemplary only. In a further example, upon a match of the first received symbol and the first stored symbol, the method returns to step 501, and presents a new set of symbols to the user, such that they can visually input a second symbol 202a-j of a passcode. Alternatively, the method may return to step 502, in that the processor 103 continues to display the same set of symbols 202a-j as for the first input but, instead, tracks eye movement with respect to determining a second visual input of the user 201. This sequence may continue for any number of symbols, depending on the length of the user's passcode.
In further examples, compatible with any of the above-mentioned examples, the authentication device 100 may require biometric authentication of the user 201 before and/or after the above-described process, in order to provide increased security. For example, the authentication device 100 may request that a user undergoes a facial recognition procedure in advance of being presented with the symbols 202a-j for visual input. Alternatively, biometric authentication may only be required when the user's interactions differ from the average reactions stored in the memory 104, as discussed above. In a further example, facial recognition or other biometric information may need to be provided throughout the authentication procedure, in order to ensure that the correct user is inputting the passcode.
In examples described above, the processor 103 accesses the memory 104 after determining which symbol 202a-j the user 201 is looking at, in order to determine if the received symbol matches a stored symbol. However, in alternative examples, the processor 103 waits until a predetermined number of symbols have been indicated by the user 201 before checking the received symbols against those stored in the memory 104. In this manner, the processor 103 may show, on the display 101, how many symbols that it considers to have been received from the user 201, such that the user 201 is able to continue visually inputting further symbols which form their passcode. If the received symbols do not match the stored symbols, the user 201 may be asked to input all of the received symbols again. In this embodiment, the processor 103 may also reset the number of symbols which have been input by the user 201 after a predetermined amount of time has passed. For example, if the user 201 takes longer than 30 seconds to input all of the required symbols 202a-j, the processor can 'forget' all of the previously input symbols and start again, under the assumption that the next symbol to be input by the user 201 is the first symbol of the user's passcode.
In examples described above, once the processor 103 has determined which symbol the user 201 is viewing, the processor 103 may then cause the display 101 to present a new array of symbols, such that the user 201 can choose a second symbol 202a-j from the second array of symbols. Alternatively, the processor 103 may cause the display 101 to present only a single array of symbols, from which the user 201 selects all of the symbols 202a-j of their passcode.
Further interactions may also be provided by the user 201 via means of eye tracking. For example, the processor 103 may use the display 101 to indicate a back' button or a 'clear' button which, when used as an input, indicate that the most recent/all received symbols were erroneously entered. When one of these buttons is visually indicated, the processor 103 may remove one or more received symbols from its list of received symbols. Further, the authentication device 100 may be arranged such that, if a user inputs a particular series of symbols, the processor 103 is further arranged to enact a defence mechanism. For example, the processor 103 may be arranged to show the letters 1H', E', L' and 'P' in combination with other symbols 202a-j. If it is perceived that the user 201 has visually indicated each of these letters in order, the processor 103 may cause the device 100 to shut down or contact emergency services.
As mentioned above, it is important that the processor 103 contains information relating to the relative positioning of the display 101 and the camera 102, enabling a determination as to which portion of the display 101 a user 201 is looking at. As such, although the relative positioning of the display 101 and camera 102 is required, it should be clear that it is not essential that the display and/or the camera form part of the authentication device 100. The display 101 and the camera 102 may form parts of separate devices than the authentication device 100, as long as the processor 103 is provided with information regarding the relative positioning of the display 101 and the camera 102. For example, the camera 102 may be a webcam, which is electronically connectable to a personal computer. The processor 103 may still use the webcam to provide visual tracking, but the webcam may not form part of the authentication device 100 itself.
It is to be appreciated that the signals transmitted by the components of the device 100 may be electrical, or alternatively, there may be a transmitter and a receiver arrangement, such that the information may be sent via Bluetooth RF signal, WiFi ® or any other type of wireless transmission means.
The skilled person will also realise that steps of various above-described methods can be performed by programmed computers. Accordingly the above-mentioned examples should be understood to cover storage devices containing machine-executable or computer-executable instructions to perform some or all of the steps of the above-described methods. The examples are also intended to cover computers programmed to perform the steps of the above-described methods.
The functionality of the elements shown in the Figures can be provided using either dedicated hardware and/or software. The expressions "processing", "processing means" and "processing module" can include, but is not limited to, any of digital signal processor (DSPs) hardware, network processors, application specific integrated circuits (ASIC5), field programmable gate arrays (FPGA5), read only memories (ROMs) for storing software, random access memories (RAMs), and non-volatile storage.
The above examples describe one way of implementing the present invention. It will be appreciated that modifications of the features of the above examples are possible within the scope of the independent claims. For example, the methods described herein may be applied to any kind of authentication device. The features of the mobile phone and the computer described herein are for example only and should not be seen as limiting to the claimed invention.
Features of the present invention are defined in the appended claims. While particular combinations of features have been presented in the claims, it will be appreciated that other combinations, such as those provided above, may be used.

Claims (21)

  1. Claims 1. A method of authenticating a user at a device, comprising: presenting, to the user at a display, a first plurality of displayed symbols, one or more of the first plurality of displayed symbols forming at least a first portion of a user passcode; tracking movement of at least one eye of the user, relative to the display; determining whether the at least one eye views a first displayed symbol of the first plurality of displayed symbols for a time exceeding a threshold time; comparing the first displayed symbol to a first stored symbol, the first stored symbol defining at least the first portion of the user passcode; and if the first displayed symbol matches the first stored symbol, authenticating the user.
  2. 2. A method according to claim 1, wherein presenting the first plurality of displayed symbols comprises presenting the first plurality of displayed symbols in a randomised arrangement at the display.
  3. 3. A method according to claim 1 or 2, wherein presenting the first plurality of displayed symbols comprises presenting the first plurality of displayed symbols in an array of moving symbols.
  4. 4. A method according to claim 3, wherein the array of moving symbols change in size, while moving, in order to depict three-dimensional movement of the symbols.
  5. 5. A method according to any of the preceding claims, wherein the method further comprises: storing an average input time for the user, the average input time defining an average time taken for the user to find and view a symbol for longer than the threshold time; comparing a current input time to the average input time; and if the current input time is substantially different to the average input time, requesting further authentication of the user.
  6. 6. A method according to any of the preceding claims, further comprising: after determining that the user has viewed the first displayed symbol, determining whether the at least one eye views a second displayed symbol of the first plurality of displayed symbols; and comparing the second displayed symbol of the first plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
  7. 7. A method according to any of claims 1 to 5, further comprising: after determining that the user has viewed the first displayed symbol, presenting, to the user at the display, a second plurality of displayed symbols, one or more of the second plurality of displayed symbols forming at least a second portion of the user passcode; determining whether the at least one eye views a second displayed symbol of the second plurality of displayed symbols; and comparing the second displayed symbol of the second plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
  8. 8. A method according to either of claims 6 or 7, wherein comparing the first displayed symbol to the first stored symbol occurs after determining that the user has viewed the second symbol.
  9. 9. A method according to any of the preceding claims, further comprising: capturing an image of the user; comparing the captured image to a stored image of the user; and if the stored image matches the captured image, presenting the first plurality of symbols to the user.
  10. 10. An authentication device comprising a processor and a computer readable storage medium, the computer readable storage medium storing a computer program arranged such that when it is executed it causes the authentication device to operate in accordance with the method of any of the preceding claims.
  11. 11. An authentication device comprising: a processor; a display, communicatively coupled to the processor, the processor being arranged to cause the display to present a first plurality of displayed symbols to a user, one or more of the first plurality of displayed symbols forming at least a first portion of a user passcode; and a camera, communicatively coupled to the processor, the processor being arranged to receive, from the camera, images of at least one eye of the user, wherein the processor is further arranged to determine whether the at least one eye views a first displayed symbol of the plurality of displayed symbols for a time exceeding a threshold time, compare the first displayed symbol to a first stored symbol, the first stored symbol defining at least the first portion of the user passcode, and if the first displayed symbol matches the first stored symbol, authenticate the user.
  12. 12. An authentication device according to claim 11, wherein presenting the first plurality of displayed symbols comprises presenting the first plurality of displayed symbols in a randomised arrangement at the display.
  13. 13. An authentication device according to claim 11 or 12, wherein presenting the first plurality of displayed symbols comprises presenting the first plurality of displayed symbols in an array of moving symbols.
  14. 14. An authentication method according to claim 13, wherein the array of moving symbols change in size, while moving, in order to depict three-dimensional movement of the symbols.
  15. 15. An authentication device according to any of claims 11 to 14, wherein the authentication device further comprises a memory, communicatively coupled to the processor, the memory being arranged to store an average input time for the user, the average input time defining an average time taken for the user to find and view a symbol for longer than the threshold time, wherein the processor is further arranged to compare a current input time to the average input time and, if the current input time is substantially different to the average input time, request further authentication of the user.
  16. 16. An authentication device according to any of claims 11 to 15, wherein, after determining that the user has viewed the first displayed symbol, the processor is further arranged to determine whether the at least one eye views a second displayed symbol of the first plurality of displayed symbols, and compare the second displayed symbol of the first plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
  17. 17. An authentication device according to any of claims 11 to 15, wherein, after determining that the user has viewed the first displayed symbol, the processor is further arranged to cause the display to present, to the user, a second plurality of displayed symbols, one or more of the second plurality of displayed symbols forming at least a second portion of the user passcode, determine whether the at least one eye views a second displayed symbol of the second plurality of displayed symbols; and compare the second displayed symbol of the second plurality of displayed symbols to a second stored symbol, the second stored symbol defining at least a second portion of the user passcode.
  18. 18. An authentication device according to either of claims 16 or 17, wherein the processor is arranged to compare the first displayed symbol to the first stored symbol after determining that the user has viewed the second symbol.
  19. 19. An authentication device according to any of claims 11 to 18, wherein the camera is further arranged to capture an image of the user, and wherein the processor is arranged to compare the captured image to a stored image of the user and, if the stored image matches the captured image, cause the display to present the first plurality of symbols to the user.
  20. 20. A method of authenticating a user, using a device capable of eye tracking, 30 the method comprising: presenting a plurality of symbols on a display of the device, one or more of the plurality of symbols being characters of a user passcode, and one or more of the plurality of symbols not being characters of a user passcode; tracking the movement of at least one eye of the user, to determine where on the display the user is looking; determining whether the at least one eye views one of the characters of the passcode for a time exceeding a predetermined threshold time; if the user views one of the characters for a time exceeding the threshold time, repeating the steps of tracking and determining for each subsequent character of the passcode; if the user views each character of the passcode in sequence, authenticating the user.
  21. 21. A method of authenticating a user, comprising: displaying on a device a plurality of randomly arranged symbols, at least some of which form part of a user passcode; tracking a user's eye movement to determine whether the user looks at the symbols from the user passcode, in the correct order; if the user does look at the passcode in the correct order, authenticating the user.
GB1906287.6A 2019-05-03 2019-05-03 Visual authentication input Withdrawn GB2584397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1906287.6A GB2584397A (en) 2019-05-03 2019-05-03 Visual authentication input

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1906287.6A GB2584397A (en) 2019-05-03 2019-05-03 Visual authentication input

Publications (2)

Publication Number Publication Date
GB201906287D0 GB201906287D0 (en) 2019-06-19
GB2584397A true GB2584397A (en) 2020-12-09

Family

ID=67384888

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1906287.6A Withdrawn GB2584397A (en) 2019-05-03 2019-05-03 Visual authentication input

Country Status (1)

Country Link
GB (1) GB2584397A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5345281A (en) 1992-12-17 1994-09-06 John Taboada Eye tracking system and method
US7391887B2 (en) 2001-08-15 2008-06-24 Qinetiq Limited Eye tracking systems
US20130044055A1 (en) * 2011-08-20 2013-02-21 Amit Vishram Karmarkar Method and system of user authentication with bioresponse data
WO2016133540A1 (en) * 2015-02-20 2016-08-25 Hewlett-Packard Development Company, L.P. Eye gaze authentication
US20170154177A1 (en) * 2015-12-01 2017-06-01 Utechzone Co., Ltd. Dynamic graphic eye-movement authentication system and method using face authentication or hand authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5345281A (en) 1992-12-17 1994-09-06 John Taboada Eye tracking system and method
US7391887B2 (en) 2001-08-15 2008-06-24 Qinetiq Limited Eye tracking systems
US20130044055A1 (en) * 2011-08-20 2013-02-21 Amit Vishram Karmarkar Method and system of user authentication with bioresponse data
WO2016133540A1 (en) * 2015-02-20 2016-08-25 Hewlett-Packard Development Company, L.P. Eye gaze authentication
US20170154177A1 (en) * 2015-12-01 2017-06-01 Utechzone Co., Ltd. Dynamic graphic eye-movement authentication system and method using face authentication or hand authentication

Also Published As

Publication number Publication date
GB201906287D0 (en) 2019-06-19

Similar Documents

Publication Publication Date Title
US9081947B2 (en) Turing test based user authentication and user presence verification system, device, and method
US9679123B2 (en) Password authentication system and password authentication method using consecutive password authentication
US7986816B1 (en) Methods and systems for multiple factor authentication using gaze tracking and iris scanning
EP3163926B1 (en) User authentication method and system using variable keypad and biometric identification
US20130223696A1 (en) System and method for providing secure access to an electronic device using facial biometric identification and screen gesture
US20140196143A1 (en) Method and apparatus for real-time verification of live person presence on a network
WO2015042456A1 (en) System for correlation of independent authentication mechanisms
US10192060B2 (en) Display control method and apparatus and display device comprising same
Guerar et al. Using screen brightness to improve security in mobile social network access
US11665157B2 (en) Systems and methods for authenticating users within a computing or access control environment
Vapen et al. 2-clickauth optical challenge-response authentication
CN105281907B (en) Encrypted data processing method and device
US10735398B1 (en) Rolling code authentication techniques
AU2020220152A1 (en) Interception-proof authentication and encryption system and method
KR101654797B1 (en) Interactive CAPTCHA System Resilient to Phishing Attacks
GB2584397A (en) Visual authentication input
Leitner et al. Authentication in the context of E-participation: current practice, challenges and recommendations
Barkadehi et al. A Novel Two-Factor Authentication System Robust Against Shoulder Surfing.
EP3038298A1 (en) A computer-implemented method for protecting classified content on a computing device and computer programs thereof
Sun et al. Let Your Camera See for You: A Novel Two-Factor Authentication Method against Real-Time Phishing Attacks
CN115766077A (en) Off-line authentication method, device, system and storage medium
Sherly et al. Improving security in mobile network access using screen brightness and symbols
Nandalwar et al. A Survey and Comparison on User Authentication Methods
Gadekar et al. Implicit Password Authentication System
MeriemGuerar et al. Using Screen Brightness to Improve Security in Mobile Social Network Access

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)